GitHub has introduced major updates to its Advanced Security platform after discovering over 39 million leaked secrets—such as API keys and passwords—across repositories in 2024.

These leaks pose serious security risks to both individuals and organizations.

In its latest report, GitHub revealed that its secret scanning service found these vulnerabilities despite existing protection measures like “Push Protection,” which was made the default for all public repositories in early 2024. According to GitHub, many leaks happen because developers prioritize convenience when handling sensitive data or accidentally expose credentials through commit history.


New Security Updates

To better prevent secret leaks, GitHub has introduced several improvements:

  • Standalone Secret Protection & Code Security – These tools are now available separately, making security more affordable for smaller teams.
  • Free Organization-Wide Secret Scan – A one-time scan of all repositories (public, private, internal, and archived) to detect exposed secrets, available for free to all GitHub organizations.
  • Enhanced Push Protection – Scans for secrets before code is pushed and allows organizations to control who can bypass the protection.
  • AI-Powered Secret Detection – GitHub’s Copilot now helps detect unstructured secrets like passwords, improving accuracy and reducing false positives.
  • Better Detection Through Cloud Partnerships – Collaborations with AWS, Google Cloud, and OpenAI enhance secret detection and response times.

How Users Can Protect Themselves

GitHub also recommends best practices to prevent leaks:

  1. Enable Push Protection at the repository, organization, or enterprise level.
  2. Avoid storing sensitive data in source code—use environment variables or secret managers instead.
  3. Integrate CI/CD security tools to manage secrets programmatically.
  4. Follow GitHub’s Best Practices guide for end-to-end secret management.
READ
Microsoft Workers Say Emails About Palestine and Gaza Are Being Blocked

By making security tools more accessible and improving secret detection, GitHub aims to reduce leaks and strengthen code security across its platform.