GitHub has announced that its secret scanning alerts service is now generally available to all public repositories and can be enabled to detect leaked secrets across an entire publishing history.
In December 2022, GitHub began rolling out a beta of a free secret scanning feature to all public repositories that scan for 200+ token formats to help developers find accidental public exposure of sensitive data.
Today, GitHub announced that the service is now generally available, and all public repository owners/admins can enable secret scanning alerts to secure their data.
“As of today, GitHub secret scanning’s alert experience is generally available and free for all public repositories,” reads GitHub’s announcement.
In addition to notifying the repository owners of leaked secret incidents, GitHub will continue to notify its over 100 secret scanning partners of exposed secrets so that they can revoke the authentication token and notify their customers.
Any GitHub user administrating a public repository can easily enable secret scanning alerts by opening the “Settings” tab, clicking on the “Code security and analysis” option under the Security section, and then clicking “Enable” on “Secret Scanning” at the bottom of the page.