GitHub Advanced Security customers can now push protect their custom patterns
With just one click, admins in GitHub Advanced Security organizations can protect their custom patterns on push.
The most successful application security initiatives help developers work more efficiently. You need to know when vulnerabilities exist in code so that you can fix them. But what if you could prevent those vulnerabilities in the first place?
With GitHub Advanced Security, organizations use push protection to prevent secret leaks and save hundreds of hours in downstream remediation time. Push protection has already prevented more than 8,000 secret leaks across 100 secret types since its initial release in April.
Now, organizations that have defined custom patterns can enable push protection for those patterns. Push protection for custom patterns can be configured on a pattern-by-pattern basis. So, just like how you can already choose which patterns to publish (and which to first refine in draft mode), you can decide which patterns to push protect based on false positives.
Enabling push protection
You can define custom patterns at the repository, organization, and enterprise levels. And now, you can also enable push protection for custom patterns at the organization or repository level. With push protection enabled, GitHub will enforce blocks when contributors try to push code that contains matches to the defined pattern.
To define a custom pattern, navigate to your organization’s code security settings page. Once you have GitHub Advanced Security and secret scanning enabled, you can create a new custom pattern through the UI. We allow you to dry run any custom pattern—before you publish.
Once you publish your pattern, and feel confident that the pattern creates alerts with low false positives, you can click “Enable” besides “Push protection” in your custom pattern’s page. GitHub recommends regularly checking your custom pattern’s alerts to make sure that you’re keeping false positive noise as low as possible for your developers. This strategic use of push protection can help you build trust between your contributors and their security alerts, so that alerts are properly actioned when needed.
Learn more about secret scanning
Secret scanning alerts are available for free for all public repositories. We provide push protection as well as coverage for private repositories as part of GitHub Advanced Security, which also includes code scanning and supply chain security insights. To try GitHub Advanced Security in your organization or see a demo, please reach out to your GitHub sales partner.
Become a GitHub secret scanning partner
If you’re a service provider and interested in protecting our shared users from leaking secrets, we encourage you to join the secret scanning partner program. We currently support 200+ patterns and 100+ partners. To get started, please email secret-scanning@github.com.
Tags:
Written by
Related posts
Celebrating the GitHub Awards 2024 recipients 🎉
The GitHub Awards celebrates the outstanding contributions and achievements in the developer community by honoring individuals, projects, and organizations for creating an outsized positive impact on the community.
New from Universe 2024: Get the latest previews and releases
Find out how we’re evolving GitHub and GitHub Copilot—and get access to the latest previews and GA releases.
Bringing developer choice to Copilot with Anthropic’s Claude 3.5 Sonnet, Google’s Gemini 1.5 Pro, and OpenAI’s o1-preview
At GitHub Universe, we announced Anthropic’s Claude 3.5 Sonnet, Google’s Gemini 1.5 Pro, and OpenAI’s o1-preview and o1-mini are coming to GitHub Copilot—bringing a new level of choice to every developer.