GitHub has added a new scanning feature to protect developers from accidentally leaking confidential information. The new tool is designed to keep developers safe from API and token vulnerability.
The said new feature is a check that developers can employ during their workflows before accepting a git push. As of now, the scan would only look for very identifiable patterns of potential leaks based on GitHub and partner organizations’ joint efforts, including token issuers.
Code scanning, supply chain attack protection, and Dependabot alerts are all included in GitHub Advanced Security, which is a licensed business solution.
The technology will look for a total of 69 patterns as potential signs of hidden leaks. Furthermore, approximately 100 different token kinds are scrutinized.
It has been noted that Alibaba Cloud, Amazon, AWS, Azure, npm, Slack, and Stripe have all issued them.
To date, GitHub claims to have discovered over 700,000 secrets spread across thousands of private repositories.