GitHub found 39M secret leaks in 2024. Here's what we're doing to help

GitHub is intensifying its efforts to combat the prevalent issue of secret leaks, which pose a substantial security risk when sensitive information like API keys and credentials is unintentionally exposed. In 2024, over 39 million secrets were leaked on GitHub, prompting the platform to enhance its Advanced Security features, including Secret Protection and Code Security, now available as standalone products for GitHub Team organizations. GitHub's approach involves partnerships with token issuers such as AWS and Google Cloud to develop detectors that identify secrets quickly and accurately. The company has introduced push protection, which scans for potential leaks before code is pushed, and a new point-in-time scan feature, both free for organizations, to help prevent and manage secret exposures. GitHub's Secret Protection boasts a high true positive rate compared to other tools, minimizing false positives and improving security management. These measures aim to make security tools more accessible and affordable for organizations of all sizes, ensuring developers can protect their code without compromising efficiency.