GitHub scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally. In this GitHub Skills course you will learn how to enable secret scanning to identify serets and prevent them from being committed to your repository.
Plain-text credentials accidentally stored in repositories on GitHub are a common target for attackers. In fact, we find well over a million tokens stored on the GitHub platform each year. Secret scanning is a powerful tool which allows teams to identify these plain-text credentials, remove them, and create rules to prevent them from being written to GitHub in the first place.
Secret scanning is available for free for all public repositories. Organizations that need secret scanning capabilities for private repositories should review GitHub Advanced Security. GitHub Advanced Security allows you to take advantage of additional security features such as code scanning, dependency review, and security overview.
- Who is this for: Developers, DevOps Engineers, security teams.
- What you'll learn: How to identify plain-text credentials in your repository and how to prevent them from being written in the first place.
- Prerequisites: Basics of git and GitHub functionality. We recommend you complete Introduction to GitHub
- How long: This course takes less than 15 minutes to complete.
In this course, you will:
- Enable secret scanning
- Identify secrets stored in your repository
- Enable push protection
- Stop secrets from being written to your repository
- Right-click Start course and open the link in a new tab.
- In the new tab, most of the prompts will automatically fill in for you.
- For owner, choose your personal account or an organization to host the repository.
- You will need to make the repository public, as private repositories do not have access to secret scanning without a GitHub Advanced Security license.
- Scroll down and click the Create repository button at the bottom of the form.
- After your new repository is created, wait about 20 seconds, then refresh the page. Follow the step-by-step instructions in the new repository's README.
Get help: Post in our discussion board • Review the GitHub status page
© 2023 GitHub • Code of Conduct • MIT License