Find secrets exposed in your organization with the secret risk assessment

Secret risk assessment

GitHub is committed to empowering the developer community by helping organizations recognize and address the risks of secret leaks. That’s why we’re launching a new free tool which will help provide clear insights into your organization’s exposure, along with actionable steps to strengthen your security and protect your code.

Starting today, you can scan your organization for aggregate insights on public leaks, private exposures, and token types.

Find secrets in your organization

What will this dashboard include?

Available in the Security tab, organization and security admins will be able to run a scan to understand how their organization is affected by secret leaks and exposures. Once a scan is initiated, GitHub will look for secret leaks and exposures across your organization, returning a collection of insights including:

  • The number of secrets leaked per type.
  • The number of publicly visible secrets in your public repositories.
  • The number of repositories affected for each secret type.

No specific secrets will be stored or shared.

Once enabled, GitHub will run a point-in-time scan across all public, private, internal, and archived repositories in your organization. Results are static and will not be automatically updated. You’ll also be able to download results as a CSV file.

For organizations ready to adopt a continuous monitoring tool, we recommend enabling secret scanning for detection and incident management of specific secrets. Learn more about GitHub Secret Protection.

Why are we doing this?

GitHub is committed to making a meaningful impact on the developer community by helping organizations recognize their secret leak footprint across their GitHub perimeter. Our goal is to provide clear insights into organizations’ potential secret exposure and a clear path to stronger security.

Who can use this feature?

This feature will be available for free to organizations with a GitHub Team or Enterprise plan. Organization admins and security managers will be able to run the report and review any results. This feature will be available for Enterprise Server starting with GHES 3.18.

Share feedback while the feature is in public preview

This feature is available in public preview and is subject to improvement. Have feedback? Let us know what you think by joining our discussion in GitHub Community — we’re listening.

GitHub Advanced Security is here for GitHub Team organizations

Here for GitHub Team plans

At GitHub, we believe that investing in the security of your codebase should be accessible for organizations of all sizes.

Starting today, GitHub Team plan customers can purchase GitHub Secret Protection and GitHub Code Security without upgrading your organization to GitHub Enterprise. This makes it easier to secure your codebase with GitHub Advanced Security products.

GitHub Secret Protection

GitHub Team organizations can purchase GitHub Secret Protection, which detects and prevents secret leaks (e.g. secret scanning, AI-detected passwords, and push protection for secrets).

Secret Protection will be available for $19 per month per active committer, with features including:

  • Push protection, to prevent secret leaks before they happen.
  • AI detection with a low rate of false positives, so you can focus on what matters.
  • Secret scanning alerts with notifications, to help you catch exposures before they become a problem.
  • Custom patterns for secrets, so you can search for sensitive, organization-specific information.
  • Security overview, which provides insight into distribution of risk across your organization.
  • Push protection and alert dismissal enforcement for secrets, which supports governance at enterprise scale.

In addition, we’re launching a new scanning feature to help organizations understand their secret leak footprint across their GitHub perimeter. This feature is free for GitHub Team organizations.

GitHub Code Security

GitHub Team organizations will also be able to purchase Code Security, which detects and fixes vulnerabilities in your code before it reaches production.

Code Security will be available for $30 per month per active committer, with features including:

  • Copilot Autofix for vulnerabilities in existing code and pull requests to provide developer-first security management.
  • Security campaigns to address security debt at scale.
  • Dependabot features for protection against dependency-based vulnerabilities.
  • Security overview, which provides insight into the distribution of risk across your organization.
  • Security findings for third-party tools.

Get Started

To get started, admins can navigate to Advanced Security under their organization or repository settings. From this page, you can choose to enable and purchase Secret Protection or Code Security features.

For example, from your organization settings, you can navigate to Security / Advanced Security / Configurations in order to create a new configuration with Secret Protection features enabled. Learn more about enabling GitHub Advanced Security.

In addition, admins can enable Secret Protection features in one click from their organization’s Security tab. Once the secret risk assessment has been run for your organization, you’ll be able to enable Secret Protection in one click from the system banner.

Purchase Secret Protection from your organization's risk assessment

Learn more about Secret Protection and Code Security, or share feedback by joining the discussion in GitHub Community.

See more

Multi-domain support and filterable changes are now in public preview on GitHub Desktop

We’re rolling out two exciting new features in the latest GitHub Desktop Beta to make your workflow even smoother:

  • Multi-domain support: Do you work across multiple GitHub instances? You can now sign into more than one domain so you can focus more on your code and less on sign-in flows.

  • Filterable changes: Do you find yourself endlessly scrolling through a long list of changed files? Now, you can filter by filename to review your changes faster. This makes it easier to locate and select exactly what you need for your next commit!

Download GitHub Desktop v3.4.19-beta1 today to try out the new features.

See more
View all changes