GitHub Enhances Secret Protection and Code Security for Enterprises
GitHub has introduced new capabilities to make protecting sensitive information on its platform easier, aiming to help organizations and developers prevent accidental secret exposure in code.
With approximately 39 million leaked secrets detected in 2024, the Microsoft-owned platform highlights how frequently developers inadvertently expose credentials, tokens, and other sensitive data—often exploited by threat actors within minutes.
To address this, GitHub is now offering Secret Protection and Code Security as standalone products for enterprise customers. Previously bundled within a broader suite, these tools are now more affordable and accessible, especially for smaller development teams. Secret Protection remains free for public repositories.
Additionally, GitHub Team organizations can now access these security features as add-ons, eliminating the need to upgrade to GitHub Enterprise.
To further help organizations detect and mitigate secret exposure, GitHub now provides a secret risk assessment across all repositories—public, private, and internal.
“The point-in-time scan provides clear insights into the exposure of your secrets across your organization, along with actionable steps to strengthen your security and protect your code,” GitHub stated, emphasizing that no specific secrets are stored or shared during the process.
Currently in public preview, GitHub is seeking feedback from users to refine and enhance this feature.
Found this article interesting? Follow us on X(Twitter) and FaceBook to read more exclusive content we post.
