GitHub scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally. In this GitHub Skills course you will learn how to enable secret scanning to identify serets and prevent them from being committed to your repository.
Congratulations friend, you've completed this course!
Here's a recap of all the tasks you've accomplished in your repository:
- Enabled secret scanning on your repository
- Committed a secret to the repository
- Reviewed secrets that have been identified by secret scanning
- Closed a secret scanning alert
- Enabled secret scanning push protection to prevent secrets from being written to the repository
- Attempted to commit a secret, but had that commit stopped by push protection
- Bypassed the push protection
It's important to note that secret scanning capabilities are available for free for all public repositories. Customers needing secret scanning for private repos should investigate GitHub Advanced Security. In addition to the features you worked with here, Advanced Security also provides the following features:
- Custom secret scanning patterns
- Non-partner and generic patterns including passwords, RSA and SSH keys, and database connection strings
- Code scanning with CodeQL
- Security Overview
- Supply chain security capabilities
- We'd love to hear what you thought of this course.
- Take another Skills Course.
- Read the GitHub Getting Started docs.
- To find projects to contribute to, check out GitHub Explore.
Get help: Post in our discussion board ā¢ Review the GitHub status page
Ā© 2023 GitHub ā¢ Code of Conduct ā¢ MIT License