Push protection is enabled for free users on GitHub

[courtneycl]

👋 Hello from the secret scanning team!

We have some news: we've started the rollout for enabling push protection on all free user accounts on GitHub. This automatically protects you from accidentally committing secrets to public repositories, regardless of whether the repository itself has secret scanning enabled.

If a secret is detected in any push to a public repository, your push will be blocked. You will have the option to remove the secret from your commits or, if you deem the secret safe, bypass the block.

It might take a week or two for this change to apply to your account; you can verify status and opt-in early in your code security and analysis settings. Once enabled, you also have the option to opt-out. Disabling push protection may cause secrets to be accidentally leaked.

Any feedback? Let us know 👇 ❤️

[JanoutV]

This is great news.

and I believe it's a big leap to have push protection enabled by default.

My question is: what about private repositories which will change to public, will those get scanned before going public by default as well?

[courtneycl]

Hi @JanoutV! Thanks for your support of the feature.

We don't currently scan contents of a private repo before it goes public. If you flip a repo from private to public, we encourage you to enable secret scanning and then we'll notify you of any secrets we detect.

Running the scan before the flip and letting you know of any secrets we find would definitely help prevent accidental leaks. It's a good suggestion. We'd probably run into licensing issues, since we don't do any scanning on free private repos today. However, it's worth it for us to consider automatically enabling secret scanning on repos that go from private to public so you'd be alerted right away.

[JanoutV]

That'd be awesome. You see, enabling the secret scanning is not an issue for one account - but enforcing this across thousands of accounts is much more challenging - which is exactly where these default settings help a great deal. I'll keep a look if this is something you could push through. Thank you for the response!