GitHub has updated its Advanced Security service with a “push protection” capability. The new feature scans code for secrets such as access tokens, API keys, and other credentials as developers push the code to a repository, and blocks the push if a secret is identified.
With push protection, announced April 4, GitHub Advanced Security customers can guard against leaks by scanning for secrets before a git push
is accepted. Available for enterprise accounts, GitHub Advanced Security provides services such as code scanning, dependency review, and secret scanning, which helps to ensure that secrets are not exposed in a repository. By scanning code for secrets, developers can proactively prevent leaks of credentials and safeguard against breaches attributed to credential misuse.