GitHub scans repositories for known types of secrets, such as API keys and authentication tokens, to prevent fraudulent use of secrets that were committed accidentally. In this GitHub Skills course you will learn how to enable secret scanning to identify secrets and prevent them from being committed to your repository.
Congratulations friend, you've completed this course!
Here's a recap of all the tasks you've accomplished in your repository:
- Enabled secret scanning if your repository has private or internal visibility
- Committed a secret to the repository
- Reviewed secrets that have been identified by secret scanning
- Closed a secret scanning alert
- Enabled secret scanning push protection to prevent secrets from being written to the repository (required only for private or internal repositories)
- Attempted to commit a secret, but had that commit stopped by push protection
- Bypassed push protection
It's important to note that secret scanning capabilities are available for free for all public repositories. Customers who want to enable secret scanning on private repos should find out more about GitHub Advanced Security or Set up a trial of GitHub Advanced Security.
In addition to the features you worked with here, GitHub Advanced Security also provides the following features:
- Custom secret scanning patterns
- Non-partner and generic patterns including passwords, RSA and SSH keys, and database connection strings
- Code scanning with CodeQL
- Security Overview
- Supply chain security capabilities
- We'd love to hear what you thought of this course.
- Take another Skills Course.
- Read the GitHub Getting Started docs.
- To find projects to contribute to, check out GitHub Explore.
Get help: Post in our discussion board • Review the GitHub status page
© 2023 GitHub • Code of Conduct • MIT License