GitHub Push Protection Now Generally Available
GitHub’s push protection feature is now available to all private repositories with GitHub Advanced Security and to all public repositories at no cost. Push protection provides an added layer of security by scanning commits for secrets before accepting git push operations. GitHub introduced push protection in beta 13 months ago.
Very nice and useful feature. Once a secret makes it into a git repository, removing it can be difficult. Even better to offer this as a free feature to all (paid users get some customization).
This is free for public repositories, requires the use of GitHub Advanced Security licenses at a list price of $21 per user per month for private repositories. That $300 per GitHub user per year should be considered a mandatory cost for to claim you are doing the Sec part of DevSecOps.
This is a free service to help detect any secrets you’ve inadvertently put in your repositories. Regardless of other mitigations you’ve implemented, adding one more, particularly one without a cost which is already integrated in the platform, is a no-brainer.
Feedback on the GitHub’s beta protection feature for paying customers was very positive. GitHub is now extending that protection feature to its public repositories. This benefits the greater software development and delivery ecosystem. Kudos to GitHub for placing security over profits with this decision.
Read more in
Bleeping Computer: GitHub now auto-blocks token and API key leaks for all repos