HomeWinBuzzer NewsGitHub Ups Its Security Game with Default Push Protection Feature

GitHub Ups Its Security Game with Default Push Protection Feature

GitHub automatically blocks accidental leaks of sensitive info like passwords in public code submissions.


has introduced push protection as a default feature across all public repositories, a significant move aimed at preventing the unintended exposure of sensitive information like API keys and access tokens. First introduced in a beta version in 2022 and made widely available in 2023, this security measure is designed to proactively detect and block the inclusion of more than 200 types of secrets from over 180 service providers during code submission processes.

The Mechanics of Push Protection

This security feature operates by scanning for secrets prior to accepting ‘git push' operations, effectively blocking the commits if a secret is identified. GitHub officials, Eric Tooley and Courtney Claessens, explain that the rollout is underway, assuring users that they can either eliminate the detected secrets from their commits or decide to bypass the block if they consider the secret secure. Despite the feature being active by default, GitHub provides the option for users to turn off push protection within their security settings, although this is generally not recommended.

The Impact and Scope of Push Protection

With the introduction of push protection, GitHub aims to significantly lessen the risk of security breaches, reputational damage, and potential legal issues associated with the accidental leaks of sensitive data. In an alarming statistic shared by the platform, over one million secrets have been detected on public repositories just in the initial weeks of 2024, highlighting the critical importance of this feature. For organizations needing higher levels of security, GitHub's Enterprise plan includes GitHub Advanced Security, offering protection for private repositories and adding various secret scanning features, code scanning, AI-driven code suggestions, and static application security testing capabilities.

By enacting this measure, GitHub addresses a persistent risk in and maintenance, underscoring the company's commitment to enhancing the security and integrity of the coding environment. Further information on the utilization of push protection and the allowance of specific secrets can be found on GitHub's documentation page. This development marks a significant step forward in the ongoing effort to secure sensitive information within the tech industry.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News