You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At GitHub, we've been thinking deeply about how we can make secret leaks easier to triage and remediate. Validity checks help you identify active and inactive secrets, so you can better manage risk and prioritize alerts effectively.
Following over a year of iterative improvements based on your feedback, we're thrilled to announce that validity checks are now generally available!
Please note that on July 24, validity checks will also be retroactively enabled for any repositories which had attached the GitHub recommended configuration before July 2, 2024. Validity checks are included in the recommended configs today and will apply as normal to any newly attached repositories. If you wish to directly manage feature enablement moving forward, we recommend unattaching the recommended configuration and attaching your own custom configuration to those repositories.
What are validity checks?
Supported for over 85% of provider-based secret alerts, partner validity checks indicate if a secret is active or inactive. Active secrets are still exploitable and should be addressed immediately.
These checks are run on an ongoing basis for supported providers for any repositories that have enabled the validity check feature; you can also perform on demand validity checks from the alert details page.
Validity checks must be enabled (e.g. the feature is opt-in). Enterprise cloud customers with GitHub Advanced Security can enable validity checks through security configurations at the organization level and the 'Code security and analysis' settings page at the repository and enterprise levels. Validity checks are also included as part of the 'GitHub recommended' configuration.
馃憘 Feedback WantedGitHub is asking for your feedback馃摚 ANNOUNCEMENTAnnouncements from the GitHub Community teamSecret ScanningCode SecurityBuild security into your GitHub workflow with features to keep your codebase secureGHASDiscussions related to GitHub Advanced Security
1 participant
Heading
Bold
Italic
Quote
Code
Link
Numbered list
Unordered list
Task list
Attach files
Mention
Reference
Menu
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
At GitHub, we've been thinking deeply about how we can make secret leaks easier to triage and remediate. Validity checks help you identify active and inactive secrets, so you can better manage risk and prioritize alerts effectively.
Following over a year of iterative improvements based on your feedback, we're thrilled to announce that validity checks are now generally available!
Please note that on July 24, validity checks will also be retroactively enabled for any repositories which had attached the GitHub recommended configuration before July 2, 2024. Validity checks are included in the recommended configs today and will apply as normal to any newly attached repositories. If you wish to directly manage feature enablement moving forward, we recommend unattaching the recommended configuration and attaching your own custom configuration to those repositories.
What are validity checks?
Supported for over 85% of provider-based secret alerts, partner validity checks indicate if a secret is active or inactive. Active secrets are still exploitable and should be addressed immediately.
These checks are run on an ongoing basis for supported providers for any repositories that have enabled the validity check feature; you can also perform on demand validity checks from the alert details page.
Validity checks must be enabled (e.g. the feature is opt-in). Enterprise cloud customers with GitHub Advanced Security can enable validity checks through security configurations at the organization level and the 'Code security and analysis' settings page at the repository and enterprise levels. Validity checks are also included as part of the 'GitHub recommended' configuration.
馃摉 Helpful information:
Beta Was this translation helpful? Give feedback.
All reactions