1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • GitHub is making your code safer for everyone

    From TechnologyDaily@1337:1/100 to All on Wed May 10 11:30:03 2023
    GitHub is making your code safer for everyone

    Date:
    Wed, 10 May 2023 10:26:15 +0000

    Description:
    After a year in beta, this important GitHub security feature looks to keep code safer for users everywhere.

    FULL STORY ======================================================================

    GitHubs push protection feature , introduced as a beta in April 2022, is now generally available, the company has announced.

    The feature makes all code repositories safer by preventing them from leaking sensitive information such as API keys.

    Push protection works by scanning for secrets before git push operations are accepted, the company explained, adding that 69 token types are supported, including API keys, private keys, secret keys, authentication tokens, access tokens, management certificates, and similar. GitHub security boost

    While some false positives might happen, they should be few and far between.

    "If you are pushing a commit containing a secret, a push protection prompt will appear with information on the secret type, location, and how to remediate the exposure," GitHub said. "Push protection only blocks secrets with low false positive rates, so when a commit is blocked, you know it's worth investigating."

    Push protection has been in beta for more than a year now, and during that time, developers that used it managed to avoided 17,000 sensitive data leaks, and saved more than 95,000 hours theyd otherwise have to spend on addressing the issue of compromised data, GitHub claims. Read more

    GitHub takes down repository with Twitter source code


    GitHub unveils its huge code search makeover


    Check out the best firewalls

    "Today, push protection is generally available for private repositories with
    a GitHub Advanced Security (GHAS) license," GitHub added. "In addition, to help developers and maintainers across open source proactively secure their code, GitHub is making push protection free for all public repositories."

    If youre interested in giving push protection a spin, you can do so via the API, or by clicking on the corresponding menu in the user interface: head
    over to GitHub.com > navigate to the main page > click Settings > look for Security and click Code security and analysis > find Configure code security and analysis and look for GitHub Advanced Security > Go to Secret scanning > find Push protection and enable it.

    Devs can also enable it for single repositories by going Settings > Security
    & analysis > GitHub Advanced Security dialog. These are the best laptops for programming



    ======================================================================
    Link to news story: https://www.techradar.com/news/github-is-making-your-code-safer-for-everyone


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)