GitHub, the world’s largest software development collaboration platform, announced that its new code view and code search are generally available to all users on GitHub.com. Reading and understanding code is a fundamental task for developers, which is why GitHub has been laying the foundation to improve code search over the past two years. Additionally, secret scanning’s push protection is now generally available for all private repositories with a GitHub Advanced Security (GHAS) licence as well as free for all public repositories.
GitHub’s goal with the new code search and code view is to enable developers to quickly search, navigate and understand their code, put critical information into context and, ultimately, make them more productive. To achieve that, GitHub has brought three powerful new capabilities to GitHub.com:
- An entirely redesigned search interface, with suggestions, completions and the ability to slice and dice the results.
- GitHub has built a new code search engine, completely from scratch. It is incredibly fast (about twice as fast as the old code search), far more capable (supporting substring queries, regular expressions, and symbol search) and understands code, putting the most relevant results first.
- GitHub’s code view, tightly integrating search, browsing and code navigation have also been totally redesigned.
Expect More in the Future
This launch is just the beginning — GitHub is infusing intelligence into every aspect of software development. Learn more about code view and code search in this blog.
Additionally, push protection is now generally available for private repositories with a GitHub Advanced Security (GHAS) licence. To help developers and maintainers across open source proactively secure their code, GitHub is also making push protection free for all public repositories.
Push protection prevents secret leaks without compromising the developer experience by scanning for highly identifiable secrets before they are committed. GitHub partners closely with service providers to ensure tokens have a low false positive rate, ensuring developer trust in its alerts. When a secret is detected in code, developers are prompted directly in their IDE or command line interface with remediation guidance to ensure that the secret is never exposed.
Ger McMahon, Product Area Leader ALM Tools and Platforms at Fidelity Investments, explains: “Incorporating secret scanning with push protection directly into the development workflow reduces friction which enables developers to create secure and high-quality code.”
Developers need tools they can trust—GitHub designed push protection with this in mind. If developers are pushing a commit containing a secret, a push protection prompt will appear with information on the secret type, location and how to remediate the exposure. Once the developer has removed the secret from their commit history, they can repush their commit. Push protection only blocks secrets with low false positive rates, so when a commit is blocked, you know it is worth investigating.
Pushing Secret Codes
In certain instances, developers have an urgent circumstance to push code that has a secret in it—for example, fixing an outage with speed and addressing the secrets after. Users can bypass push protection by providing a reason, for example, it is used for testing, is a false positive or is an acceptable risk that will be fixed later. Repository and organisation administrators and security managers will receive an email alert on all bypasses and can audit any bypasses via their enterprise and organisation audit logs, alert view UI, REST API, or webhook events.
According to Leo Stolyarov, Director and Cloud Practice Lead at KPMG, this approach ensures an improved security posture without compromising on velocity. “Secret scanning push protection is a frictionless feature that has brought better security awareness and protection from leaked secrets without compromising developer experience.”
Learn more about the GA of secret scanning’s push protection in this blog.
(0)
(0)Archive
- October 2024(19)
- September 2024(94)
- August 2024(100)
- July 2024(99)
- June 2024(126)
- May 2024(155)
- April 2024(123)
- March 2024(112)
- February 2024(109)
- January 2024(95)
- December 2023(56)
- November 2023(86)
- October 2023(97)
- September 2023(89)
- August 2023(101)
- July 2023(104)
- June 2023(113)
- May 2023(103)
- April 2023(93)
- March 2023(129)
- February 2023(77)
- January 2023(91)
- December 2022(90)
- November 2022(125)
- October 2022(117)
- September 2022(137)
- August 2022(119)
- July 2022(99)
- June 2022(128)
- May 2022(112)
- April 2022(108)
- March 2022(121)
- February 2022(93)
- January 2022(110)
- December 2021(92)
- November 2021(107)
- October 2021(101)
- September 2021(81)
- August 2021(74)
- July 2021(78)
- June 2021(92)
- May 2021(67)
- April 2021(79)
- March 2021(79)
- February 2021(58)
- January 2021(55)
- December 2020(56)
- November 2020(59)
- October 2020(78)
- September 2020(72)
- August 2020(64)
- July 2020(71)
- June 2020(74)
- May 2020(50)
- April 2020(71)
- March 2020(71)
- February 2020(58)
- January 2020(62)
- December 2019(57)
- November 2019(64)
- October 2019(25)
- September 2019(24)
- August 2019(14)
- July 2019(23)
- June 2019(54)
- May 2019(82)
- April 2019(76)
- March 2019(71)
- February 2019(67)
- January 2019(75)
- December 2018(44)
- November 2018(47)
- October 2018(74)
- September 2018(54)
- August 2018(61)
- July 2018(72)
- June 2018(62)
- May 2018(62)
- April 2018(73)
- March 2018(76)
- February 2018(8)
- January 2018(7)
- December 2017(6)
- November 2017(8)
- October 2017(3)
- September 2017(4)
- August 2017(4)
- July 2017(2)
- June 2017(5)
- May 2017(6)
- April 2017(11)
- March 2017(8)
- February 2017(16)
- January 2017(10)
- December 2016(12)
- November 2016(20)
- October 2016(7)
- September 2016(102)
- August 2016(168)
- July 2016(141)
- June 2016(149)
- May 2016(117)
- April 2016(59)
- March 2016(85)
- February 2016(153)
- December 2015(150)
