Skip to content

Enable secret scanning to identify plain-text credentials and prevent them from being written to your repository

License

Notifications You must be signed in to change notification settings

Iamgoingtotakethisalltheway/skills-secret-scanning

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

70 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Introduction to secret scanning

GitHub scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally. In this GitHub Skills course you will learn how to enable secret scanning to identify serets and prevent them from being committed to your repository.

Welcome

Plain-text credentials accidentally stored in repositories on GitHub are a common target for attackers. In fact, we find well over a million tokens stored on the GitHub platform each year. Secret scanning is a powerful tool which allows teams to identify these plain-text credentials, remove them, and create rules to prevent them from being written to GitHub in the first place.

Secret scanning is available for free for all public repositories. Organizations that need secret scanning capabilities for private repositories should review GitHub Advanced Security. GitHub Advanced Security allows you to take advantage of additional security features such as code scanning, dependency review, and security overview.

  • Who is this for: Developers, DevOps Engineers, security teams.
  • What you'll learn: How to identify plain-text credentials in your repository and how to prevent them from being written in the first place.
  • Prerequisites: Basics of git and GitHub functionality. We recommend you complete Introduction to GitHub
  • How long: This course takes less than 15 minutes to complete.

In this course, you will:

  1. Enable secret scanning
  2. Identify secrets stored in your repository
  3. Enable push protection
  4. Stop secrets from being written to your repository

How to start this course

[TODO - Change source of skill]

start-course

  1. Right-click Start course and open the link in a new tab.
  2. In the new tab, most of the prompts will automatically fill in for you.
    • For owner, choose your personal account or an organization to host the repository.
    • You will need to make the repository public, as private repositories do not have access to secret scanning without a GitHub Advanced Security license.
    • Scroll down and click the Create repository button at the bottom of the form.
  3. After your new repository is created, wait about 20 seconds, then refresh the page. Follow the step-by-step instructions in the new repository's README.

Get help: TBD-supportReview the GitHub status page

© 2023 TBD-copyright-holder • Code of ConductMIT License

About

Enable secret scanning to identify plain-text credentials and prevent them from being written to your repository

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published