{"id":842561,"date":"2025-04-21T16:12:07","date_gmt":"2025-04-21T21:12:07","guid":{"rendered":"https:\/\/newsycanuse.com\/index.php\/2025\/04\/21\/github-expands-security-tools-after-39-million-secrets-leaked-in-2024\/"},"modified":"2025-04-21T16:12:07","modified_gmt":"2025-04-21T21:12:07","slug":"github-expands-security-tools-after-39-million-secrets-leaked-in-2024","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2025\/04\/21\/github-expands-security-tools-after-39-million-secrets-leaked-in-2024\/","title":{"rendered":"GitHub expands security tools after 39 million secrets leaked in 2024"},"content":{"rendered":"<div>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"GitHub\" height=\"900\" src=\"https:\/\/www.bleepstatic.com\/content\/hl-images\/2025\/02\/25\/GitHub.jpg\" width=\"1600\"><\/p>\n<p>GitHub announced updates to its Advanced Security platform after it detected over 39 million leaked secrets in repositories during 2024, including API keys and credentials, exposing users and organizations to serious security risks.<\/p>\n<p>In a new report by GitHub, the development company says the 39 million secrets were found through its <a href=\"https:\/\/docs.github.com\/en\/code-security\/secret-scanning\/introduction\/about-secret-scanning\" target=\"_blank\" rel=\"nofollow noopener\">secret scanning service<\/a>, a security feature that detects API keys, passwords, tokens, and other secrets in repositories.\u00a0<\/p>\n<p>&#8220;Secret leaks remain one of the most common\u2014and preventable\u2014causes of security incidents,&#8221; <a href=\"https:\/\/github.blog\/security\/application-security\/next-evolution-github-advanced-security\/\" target=\"_blank\" rel=\"nofollow noopener\">reads GitHub&#8217;s announcement<\/a>.<\/p>\n<p>&#8220;As we develop code faster than ever previously imaginable, we&#8217;re leaking secrets faster than ever, too.&#8221;<\/p>\n<p>This is happening despite GitHub&#8217;s targeted protection measures like &#8220;Push Protection,&#8221; which was introduced in April 2022 and was <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/github-enables-push-protection-by-default-to-stop-secrets-leak\/\" target=\"_blank\" rel=\"nofollow noopener\">activated by default<\/a> on all public repositories in February 2024.<\/p>\n<p>According to GitHub, the main reasons why secrets continue to leak are the prioritization of convenience by developers who handle secrets during commits and accidental repository exposure through git history.<\/p>\n<p><iframe allowfullscreen=\"allowfullscreen\" frameborder=\"0\" mozallowfullscreen=\"mozallowfullscreen\" msallowfullscreen=\"msallowfullscreen\" oallowfullscreen=\"oallowfullscreen\" scrolling=\"no\" src=\"\/\/www.youtube.com\/embed\/vMhDkt5JNN0\" webkitallowfullscreen=\"webkitallowfullscreen\"><\/iframe><\/p>\n<h2>GitHub revamps Advanced Security<\/h2>\n<p>GitHub announced several new measures and enhancements to existing systems to mitigate secret leaks on the platform.<\/p>\n<p>&#8220;As of today, our security products are available to purchase as standalone products for enterprises, enabling development teams to scale security quickly,&#8221; explained GitHub.<\/p>\n<p>&#8220;Previously, investing in secret scanning and push protection required purchasing a larger suite of security tools, which made it too expensive for many organizations.<\/p>\n<p>&#8220;This change ensures scalable security with Secret Protection and Code Security is no longer out of reach for many organizations.&#8221;<\/p>\n<p>The GitHub Advanced Security changes are summarized as follows:<\/p>\n<ol>\n<li><strong>Standalone Secret Protection and Code Security<\/strong> \u2013 Now available as separate products, these tools no longer require a full GitHub Advanced Security license, making them more affordable for smaller teams.<\/li>\n<li><strong>Free organization-wide secret risk assessment <\/strong>\u2013 A point-in-time scan that checks all repositories (public, private, internal, and archived) for exposed secrets, free for all GitHub organizations.<\/li>\n<li><strong>Push protection with delegated bypass controls<\/strong> \u2013 Enhanced push protection scans for secrets before code is pushed and allows organizations to define who can bypass the protection, adding policy-level control.<\/li>\n<li><strong>Copilot-powered secret detection <\/strong>\u2013 GitHub now uses AI via Copilot to detect unstructured secrets like passwords, improving accuracy and lowering false positives.<\/li>\n<li><strong>Improved detection via cloud provider partnerships<\/strong> \u2013 GitHub works with providers like AWS, Google Cloud, and OpenAI to build more accurate secret detectors and respond faster to leaks.<\/li>\n<\/ol>\n<p>Apart from GitHub&#8217;s initiatives and improvements, users are also given a list of recommended actions to protect themselves from secret leaks.<\/p>\n<p>First, it is suggested that Push Protection be enabled at the repository, organization, or enterprise level to block secrets before they&#8217;re pushed to a repository.<\/p>\n<p>GitHub also highlights the importance of reducing the risk by eliminating hardcoded secrets from source code altogether, instead using environment variables, secret managers, or vaults to store them.<\/p>\n<p>The platform suggests using tools that integrate with CI\/CD pipelines and cloud platforms to handle secrets programmatically, reducing human interaction that can introduce errors and exposure.<\/p>\n<p>Finally, GitHub users are recommended to review the &#8216;<a href=\"https:\/\/cheatsheetseries.owasp.org\/cheatsheets\/Secrets_Management_Cheat_Sheet.html#1-introduction\" target=\"_blank\" rel=\"nofollow noopener\">Best Practices<\/a>&#8216; guide and ensure they appropriately manage secrets end-to-end.<\/p>\n<\/p><\/div>\n<p> Bill Toulas<br \/><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/github-expands-security-tools-after-39-million-secrets-leaked-in-2024\/\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>GitHub announced updates to its Advanced Security platform after it detected over 39 million leaked secrets in repositories during 2024, including API keys and credentials, exposing users and organizations to serious security risks. In a new report by GitHub, the development company says the 39 million secrets were found through its secret scanning service, a<\/p>\n","protected":false},"author":1,"featured_media":842562,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4352,23298],"tags":[6672,14841],"class_list":{"0":"post-842561","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-expands","8":"category-github","9":"tag-expands","10":"tag-github"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/842561","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=842561"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/842561\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/842562"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=842561"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=842561"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=842561"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}