Friday, June 21, 2024

Github Announced Push Protection Feature Free for all Public Repositories

GitHub is one of the largest code repository platforms developers use worldwide.

Developers belonging to an organization, individual developers, and enterprise developers use this platform to commit and push the codes inside their repository.

Microsoft took over the code repository platform in 2016, and there were several additional features after that.

In April 2022, GitHub introduced the beta version of the push protection feature for GitHub Advanced Security users.

This feature scans for potential secrets on the code being pushed to GitHub and alerts the developers on how to fix them.

Ever since the release of this feature, it has prevented 17,000 potential secrets from leaking, amounting to 95,000 hours of revoking, rotating, and remediating the exposed secrets.

The push protection feature was limited to users with GitHub Advanced Security License.

However, GitHub has announced that they will release the push protection feature free for all public repositories, which can proactively help open source developers maintain security on their code.

GitHub has partnered and worked closely with service providers (API) to enhance the push protection feature. Hence, the rate of false positives on this feature will be negligible.

GitHub also stated that if the developers are prompted with alerts on the push protection feature, it is worth investigating it.

Ger McMahon, Product Leader of ALM Tools and Platforms at Fidelity Investments, stated, “Incorporating secret scanning with push protection directly into the development workflow reduces friction, enabling developers to create secure and high-quality code.”

Push protection can detect the type of secret exposed and provide remediation steps through a prompt on their IDE or guidance on the command line interface.

Developers also have the option to ignore these push protection prompts by mentioning them as false positive, testing, acceptable risk, or can be fixed later.

However, these responses are recorded through organization or enterprise audit logs which can be investigated by security managers or administrators later.

To enable push protection in the repository, users must go to “Code Security and analysis” on their repository and enable the “Push Protection” option in the secret scanning section.

Push Protection feature. Source: GitHub

This push protection feature can also be customized based on a custom secret pattern for additional protections based on the organization’s requirements.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

Website

Latest articles

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from Promokit.eu for...

Beware Of Illegal OTT Platforms That Exposes Sensitive Personal Information

A recent rise in data breaches from illegal Chinese OTT platforms exposes that user...

Beware Of Zergeca Botnet with Advanced Scanning & Persistence Features

A new botnet named Zergeca has emerged, showcasing advanced capabilities that set it apart...

Mailcow Mail Server Vulnerability Let Attackers Execute Remote Code

Two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to...

Hackers Attacking Vaults, Buckets, And Secrets To Steal Data

Hackers target vaults, buckets, and secrets to access some of the most classified and...

Hackers Weaponizing Windows Shortcut Files for Phishing

LNK files, a shortcut file type in Windows OS, provide easy access to programs,...

New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document

Researchers discovered a new malware loader named SquidLoader targeting Chinese organizations, which arrives as...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles