Friday, May 2, 2025
HomeCyber Security NewsGithub Announced Push Protection Feature Free for all Public Repositories

Github Announced Push Protection Feature Free for all Public Repositories

Published on

SIEM as a Service

Follow Us on Google News

GitHub is one of the largest code repository platforms developers use worldwide.

Developers belonging to an organization, individual developers, and enterprise developers use this platform to commit and push the codes inside their repository.

Microsoft took over the code repository platform in 2016, and there were several additional features after that.

- Advertisement - Google News

In April 2022, GitHub introduced the beta version of the push protection feature for GitHub Advanced Security users.

This feature scans for potential secrets on the code being pushed to GitHub and alerts the developers on how to fix them.

Ever since the release of this feature, it has prevented 17,000 potential secrets from leaking, amounting to 95,000 hours of revoking, rotating, and remediating the exposed secrets.

The push protection feature was limited to users with GitHub Advanced Security License.

However, GitHub has announced that they will release the push protection feature free for all public repositories, which can proactively help open source developers maintain security on their code.

GitHub has partnered and worked closely with service providers (API) to enhance the push protection feature. Hence, the rate of false positives on this feature will be negligible.

GitHub also stated that if the developers are prompted with alerts on the push protection feature, it is worth investigating it.

Ger McMahon, Product Leader of ALM Tools and Platforms at Fidelity Investments, stated, “Incorporating secret scanning with push protection directly into the development workflow reduces friction, enabling developers to create secure and high-quality code.”

Push protection can detect the type of secret exposed and provide remediation steps through a prompt on their IDE or guidance on the command line interface.

Developers also have the option to ignore these push protection prompts by mentioning them as false positive, testing, acceptable risk, or can be fixed later.

However, these responses are recorded through organization or enterprise audit logs which can be investigated by security managers or administrators later.

To enable push protection in the repository, users must go to “Code Security and analysis” on their repository and enable the “Push Protection” option in the secret scanning section.

Push Protection feature. Source: GitHub

This push protection feature can also be customized based on a custom secret pattern for additional protections based on the organization’s requirements.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Managing Shadow IT Risks – CISO’s Practical Toolkit

Managing Shadow IT risks has become a critical challenge for Chief Information Security Officers...

Application Security in 2025 – CISO’s Priority Guide

Application security in 2025 has become a defining concern for every Chief Information Security...

Preparing for Quantum Cybersecurity Risks – CISO Insights

Quantum cybersecurity risks represent a paradigm shift in cybersecurity, demanding immediate attention from Chief...

Securing Digital Transformation – CISO’s Resource Hub

In today’s hyper-connected world, securing digital transformation is a technological upgrade and a fundamental...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Netgear EX6200 Flaw Enables Remote Access and Data Theft

Security researchers have disclosed three critical vulnerabilities in the Netgear EX6200 Wi-Fi range extender...

Tesla Model 3 VCSEC Vulnerability Lets Hackers Run Arbitrary Code

A high security flaw in Tesla’s Model 3 vehicles, disclosed at the 2025 Pwn2Own...

Apache ActiveMQ Vulnerability Lets Remote Hackers Execute Arbitrary Code

A high vulnerability in Apache ActiveMQ’s .NET Message Service (NMS) library has been uncovered,...