GitHub announced that by default, all public repositories have a mechanism to protect against getting into the repositories of confidential data that developers inadvertently left in the code. For example, it happens that configuration files with DBMS passwords, tokens, or API access keys end up in the repository. Previously, scanning was carried out in passive mode and allowed you to detect leaks that have already occurred in the repository. Now verification is performed automatically at the publishing stage (git push) and results in a warning message when trying to add commits that reveal the presence of confidential data.
More than 250 templates have been implemented to identify various types of keys, tokens, certificates, and credentials. To avoid false positives, only guaranteed defined token types are checked, covering more than 180 different services, including Amazon Web Services, Azure, Crates.io, DigitalOcean, Google Cloud, NPM, PyPI, RubyGems, and Yandex. Cloud. After identifying a potential leak, the developer is asked to review the problem code, fix the leak, and repeat the commit or mark the lock as false.
More than 250 templates have been implemented to identify various types of keys, tokens, certificates, and credentials. To avoid false positives, only guaranteed defined token types are checked, covering more than 180 different services, including Amazon Web Services, Azure, Crates.io, DigitalOcean, Google Cloud, NPM, PyPI, RubyGems, and Yandex. Cloud. After identifying a potential leak, the developer is asked to review the problem code, fix the leak, and repeat the commit or mark the lock as false.
