GitHub Community
📣 Exciting news for GitHub Advanced Security! #153016
Replies: 3 comments 10 replies
-
|
It's not clear if "secret risk assessment" (announced here) is free or part of Secret Protection, which from I understand is a paid add-on to Github Enterprise Security. |
Beta Was this translation helpful? Give feedback.
-
|
Ah gotcha, thanks so much for clarifying. If I were in your shoes, I would ask myself what damage an attacker could do with those secrets and how difficult it would be to get to those values. I would prioritize which secrets to move based on the answer to that question. Hope that helps! |
Beta Was this translation helpful? Give feedback.
-
@kangangga please don't hijack this thread with a completely different issue |
Beta Was this translation helpful? Give feedback.
-
|
@dserodio Okay sir, even though this is still within the scope of security, but oh well |
Beta Was this translation helpful? Give feedback.
-
@kangangga you can create a new discussion in Code Security forum, but this discussion is about GitHub Secret Protection and GitHub Code Security |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
This comment was marked as off-topic.
This comment was marked as off-topic.
-
|
Where can I enable the Secret Protection for my organization with Team licence ? |
Beta Was this translation helpful? Give feedback.
-
|
👋 we're rolling out in batches over the next 24 hours. You'll be able to enable Secret Protection and Code Security features from both organization and repository settings. If you only want Secret Protection, you'll also be able to enable and/or purchase after running a secret risk assessment (point-in-time scan) for your organization, which can be accessed from a new "Security" tab for your organization once available |
Beta Was this translation helpful? Give feedback.
-
Three exciting new ships! Starting today:
Read more below 🚀
GitHub is committed to empowering the developer community by helping organizations recognize and address the risks of secret leaks. That's why we're launching a new free tool which will help provide clear insights into your organization's exposure, along with actionable steps to strengthen your security and protect your code.
Starting today, you can scan your organization for aggregate insights on public leaks, private exposures, and token types.
What will this dashboard include?
Available in the Security tab, organization and security admins will be able to run a scan to understand how their organization is affected by secret leaks and exposures. Once a scan is initiated, GitHub will look for secret leaks and exposures across your organization, returning a collection of insights including:
Once enabled, GitHub will run a point-in-time scan across all public, private, internal, and archived repositories in your organization. Results are static and will not be automatically updated. You'll also be able to download results as a CSV file.
For organizations ready to adopt a continuous monitoring tool, we recommend enabling secret scanning for detection and incident management of specific secrets. Learn more about GitHub Secret Protection. Learn more about it in the changelog.
Also starting today, GitHub Team plan customers can purchase GitHub Secret Protection and GitHub Code Security without upgrading your organization to GitHub Enterprise. This makes it easier to secure your codebase with GitHub Advanced Security products.
GitHub Secret Protection
GitHub Team organizations can purchase GitHub Secret Protection, which detects and prevents secret leaks (e.g. secret scanning, AI-detected passwords, and push protection for secrets).
Read more about it in the changelog.
And finally, we're rolling out standalone GitHub Advanced Security products for GitHub Enterprise customers. This aligns with our ongoing mission to help organizations of all sizes secure their code with the flexibility they seek.
Getting started as an existing GitHub Advanced Security customer
Existing GitHub Advanced Security customers with plans subscription-based plans can choose to transition at renewal. Customers with pay-as-you-go, metered-based plans can transition at any time. Please reach out to your GitHub or Microsoft sales account team for details.
Learn more about enabling GitHub Advanced Security for your enterprise. In addition, Enterprise customers are welcome to reach out to their existing account team or request a demo from someone at GitHub.
Beta Was this translation helpful? Give feedback.
All reactions