Monday, October 7, 2024
HomeCyber Security NewsGithub Announced Push Protection Feature Free for all Public Repositories

Github Announced Push Protection Feature Free for all Public Repositories

Published on

GitHub is one of the largest code repository platforms developers use worldwide.

Developers belonging to an organization, individual developers, and enterprise developers use this platform to commit and push the codes inside their repository.

Microsoft took over the code repository platform in 2016, and there were several additional features after that.

- Advertisement - EHA

In April 2022, GitHub introduced the beta version of the push protection feature for GitHub Advanced Security users.

This feature scans for potential secrets on the code being pushed to GitHub and alerts the developers on how to fix them.

Ever since the release of this feature, it has prevented 17,000 potential secrets from leaking, amounting to 95,000 hours of revoking, rotating, and remediating the exposed secrets.

The push protection feature was limited to users with GitHub Advanced Security License.

However, GitHub has announced that they will release the push protection feature free for all public repositories, which can proactively help open source developers maintain security on their code.

GitHub has partnered and worked closely with service providers (API) to enhance the push protection feature. Hence, the rate of false positives on this feature will be negligible.

GitHub also stated that if the developers are prompted with alerts on the push protection feature, it is worth investigating it.

Ger McMahon, Product Leader of ALM Tools and Platforms at Fidelity Investments, stated, “Incorporating secret scanning with push protection directly into the development workflow reduces friction, enabling developers to create secure and high-quality code.”

Push protection can detect the type of secret exposed and provide remediation steps through a prompt on their IDE or guidance on the command line interface.

Developers also have the option to ignore these push protection prompts by mentioning them as false positive, testing, acceptable risk, or can be fixed later.

However, these responses are recorded through organization or enterprise audit logs which can be investigated by security managers or administrators later.

To enable push protection in the repository, users must go to “Code Security and analysis” on their repository and enable the “Push Protection” option in the secret scanning section.

Push Protection feature. Source: GitHub

This push protection feature can also be customized based on a custom secret pattern for additional protections based on the organization’s requirements.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection

Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA,...

RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files

The researcher investigated the potential security risks associated with debugging dump files in Visual...

Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been identified in the Cacti network monitoring tool that...

Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers

Microsoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection

Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA,...

RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files

The researcher investigated the potential security risks associated with debugging dump files in Visual...

Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been identified in the Cacti network monitoring tool that...