Skip to content

Enable secret scanning to identify plain-text credentials and prevent them from being written to your repository

License

Notifications You must be signed in to change notification settings

skills/introduction-to-secret-scanning

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

54 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Introduction to secret scanning

GitHub scans repositories for known types of secrets, such as API keys and authentication tokens, to prevent fraudulent use of secrets that were committed accidentally. In this GitHub Skills course you will learn how to enable secret scanning to identify secrets and prevent them from being committed to your repository.

Welcome

Plain-text credentials accidentally stored in repositories on GitHub are a common target for attackers. In fact, we find well over a million tokens stored on the GitHub platform each year. Secret scanning is a powerful tool which allows teams to identify these plain-text credentials, remove them, and create rules to prevent them from being written to GitHub in the first place.

Secret scanning is available for free for public repositories on all plans. Enterprises that need secret scanning capabilities for private repositories should review GitHub Advanced Security. GitHub Advanced Security allows you to use secret scanning and other security features on private and internal repositories.

  • Who is this for: Developers, DevOps Engineers, security teams.
  • What you'll learn: How to identify plain-text credentials in your repository and how to prevent them from being exposed on GitHub in future pushes.
  • Prerequisites: Basics of git and GitHub functionality. We recommend you complete Introduction to GitHub.
  • How long: This course takes less than 15 minutes to complete.

In this course, you will:

  1. Enable secret scanning
  2. Identify secrets stored in your repository
  3. Enable push protection
  4. Stop secrets from being written to your repository

How to start this course

start-course

  1. Right-click Start course and open the link in a new tab.
  2. In the new tab, most of the prompts will automatically fill in for you.
    • For owner, choose your personal account or an organization to host the repository.
    • You will need to make the repository public, as private repositories do not have access to secret scanning without a GitHub Advanced Security license.
    • Scroll down and click the Create repository button at the bottom of the form.
  3. After your new repository is created, wait about 20 seconds, then refresh the page. Follow the step-by-step instructions in the new repository's README.

Get help: Post in our discussion boardReview the GitHub status page

© 2023 GitHub • Code of ConductMIT License

About

Enable secret scanning to identify plain-text credentials and prevent them from being written to your repository

Topics

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks