GitHub has announced that it's making GitHub Advanced Security (GHAS, used by customers including KPMG, Carlsberg Group, EY, and Otto Group) more accessible for developers and teams of all sizes. Starting April 1st, GHAS will be unbundled into two standalone security products, Secret Protection and Code Security, and available for purchase by Teams customers without an enterprise license.
These new products offer more organizations access to enterprise-grade security to protect against leaked secrets and vulnerable code through -
· GitHub Secret Protection – Leaked secrets are a challenge of massive scale; in 2024 alone, over 39 million secrets were detected on GitHub repositories. Secret Protection detects and prevents secret leaks before they happen using push protection, secret scanning, AI-powered detection with low false positive rate, security insights, and more.
· GitHub Code Security – Helps identify and remediate vulnerabilities faster with code scanning, Copilot Autofix, security campaigns, Dependency Review Action, and more.
This update also includes the launch of a free secret risk assessment tool. Many organizations underestimate the scope of their secret exposure; the tool gives security and developer teams a clear view into the risk of their potential secret exposure, helping them take proactive steps to secure their environments.
Alongside, the company also shared insights into the technical challenges of building GitHub’s Copilot Secret Scanning feature, which was GAed in October 2022 and is part of the new Secret Protection product. The feature leverages the power of GitHub Copilot to detect generic passwords in users’ codebases, and in a sample of organizations helped to achieve a 94% reduction in false positives.
To help organizations understand their secret leak exposure across GitHub, the company is launching a free secret risk assessment. Available on April 1 in the Security tab, this tool gives admins and developers a clear view of where secrets are exposed across their organization, helping them take proactive steps to secure their environments.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
