Push protection in GitHub before publishing passwords or secrets

As a popular code management platform, GitHub is constantly introducing new features to provide a safe environment for repositories in your organization and private projects. One of the improvements is the “Push protection for repositories and organizations” function, which brings many benefits for Developers and Cloud Engineers and DevOps. In this article, we’ll discuss how this new feature affects your GitHub repository and how you can take advantage of its benefits.

What is “Push protection for repositories and organizations”?

“Push protection for repositories and organizations” is a feature that provides protection against unauthorized changes to your GitHub repository. It works at the organization level, protecting all repositories within it, and can also be configured at the individual repository level. This feature recognizes potentially sensitive data such as API keys, passwords and access tokens that are unintentionally transferred to repositories.

What does this feature change in your repository?

1. GitHub has a feature that can find and stop the transfer of private information. It can identify sensitive data like passwords, API keys, and access tokens in uploaded files. Uploading such data to a repository is a common mistake and can lead to a security breach. Using "Push protection for repositories and organizations" will successfully thwart any attempts to upload harmful content, thus ensuring the prevention of potential threats.
2. GitHub will notify the repository owner or security team if they detect an attempt to transfer sensitive data. This helps in early detection and response to potential threats.
3. "Push protection for repositories and organizations" allows customization of protection for individual repositories and organizations. You can decide whether you want to enable custom rules for your repositories and what types of sensitive data you want to block. This gives you full control over ensuring the security of your projects.

How to use “Push protection for repositories and organizations“?

To use the “Push protection for repositories and organizations” feature for your GitHub profile, just follow a few steps:

1. Go to Settings of your GitHub profile.
2. Select the “Code security and analysis” tab.
3. In the “Push protection for yourself” section, select “Enable”

💡 Additionally, it can be configured similarly for the entire organization.

However, if you want to configure it at the repository level, follow these steps:

Go to your GitHub repository settings. Select the “Security” tab. In the “Push protection” section, configure your preferred protection settings. You can choose which sensitive data to block and whether to send breach notifications to the repository owner or the security team. Save Changes.

Link to full documentation:

• https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/push-protection-for-repositories-and-organizations

If you have any questions, feel free to comment 🙂

Article available on my Blog:

• Polish version (pl): https://blog.justcloud.pl/github%20push%20protection%20leak%20credentials