Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upGitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
Secret scanning (Server Beta) #57
Open
Projects
Comments
github-product-roadmap
changed the title
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Summary
This feature extends support for secret scanning to private and public repositories on server. For server, GitHub does not automatically send a request to the issuer to revoke the checked-in token. Instead, results are displayed to repo/org admins in the GitHub UI for them to triage.
Intended Outcome
Token leaks are one of the most common security mistakes, and they can have severe consequences. GitHub secret scanning already looks for leaked tokens in public repositories and works with the token-issuer to notify the developer and in some cases automatically revoke the token.
How will it work?
Secret scanning for Server will provide more configuration, including the ability to exclude paths and files using config-as-code. In future it will also provide reporting at the organization level.