Secret scanning alerts are now available (and free) for all public repositories

GitHub's secret scanning alerts, now generally available and free for all public repositories, help users manage the risk of leaked secrets by notifying them of exposed credentials across their repositories, including code, issues, descriptions, and comments. This feature, which works with over 100 service providers, offers a full audit log of actions taken on alerts and provides visibility into potential security risks. For example, DevOps Consultant @rajbos discovered over a thousand leaked secrets across 14,000 public repositories, highlighting the ease with which sensitive information can unintentionally be exposed. GitHub encourages repository owners and enterprise administrators to enable these alerts, which can be done through the 'Settings' tab under 'Code security and analysis', to enhance security and allow automatic revocation of compromised secrets in collaboration with GitHub's partner program.