Create a conceptual article broadly covering GitHub's secret security tooling (#58600)
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
This commit is contained in:
mc
@@ -6,7 +6,7 @@ redirect_from:
|
||||
- /code-security/guides
|
||||
introLinks:
|
||||
overview: '{% ifversion ghes %}/code-security/getting-started/github-security-features{% endif %}'
|
||||
generate_secret_risk_assessment_report_for_free: '{% ifversion secret-risk-assessment %}/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization#generating-an-initial-secret-risk-assessment{% endif %}'
|
||||
generate_secret_risk_assessment_report_for_free: '{% ifversion secret-risk-assessment %}/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/assess-your-secret-risk{% endif %}'
|
||||
featuredLinks:
|
||||
startHere: # Links aimed at the builder audience
|
||||
- '{% ifversion fpt or ghec %}/code-security/getting-started/github-security-features{% endif %}'
|
||||
|
||||
@@ -1,59 +0,0 @@
|
||||
---
|
||||
title: 'About the secret risk assessment'
|
||||
shortTitle: 'Secret risk assessment'
|
||||
intro: 'Learn why it''s so important to understand your organization''s exposure to data leaks and how the {% data variables.product.prodname_secret_risk_assessment %} report gives an overview of your organization’s secret leak footprint.'
|
||||
product: '{% data reusables.gated-features.secret-risk-assessment-report %}<br>{% data variables.secret-scanning.secret-risk-assessment-cta-product %}'
|
||||
allowTitleToDifferFromFilename: true
|
||||
type: overview
|
||||
versions:
|
||||
feature: secret-risk-assessment
|
||||
topics:
|
||||
- Secret scanning
|
||||
- Secret Protection
|
||||
- Code Security
|
||||
- Organizations
|
||||
- Security
|
||||
---
|
||||
|
||||
## About exposure to leaked secrets
|
||||
|
||||
Assessing your exposure to leaked secrets is crucial if you want to prevent:
|
||||
|
||||
* **Exploitation by bad actors**. Malicious actors can use leaked secrets such as API keys, passwords, and tokens to gain unauthorized access to systems, databases, and sensitive information. Leaked secrets can lead to data breaches, compromising user data and potentially causing significant financial and reputational damage.
|
||||
|
||||
* **Regulatory problems**. Many industries have strict regulatory requirements for data protection, and leaked secrets can result in non-compliance with regulations, leading to legal penalties and fines.
|
||||
|
||||
* **Service disruptions**. Unauthorized access to systems can lead to service disruptions, impacting the availability and reliability of services provided to users.
|
||||
|
||||
* **Loss of trust**. Customers expect robust security measures to protect their data, and exposure to leaked secrets can erode trust and confidence in your organization's ability to safeguard information.
|
||||
|
||||
* **Costly fallout**. Addressing the fallout from leaked secrets can be costly, involving incident response efforts, security audits, and potential compensation for affected parties.
|
||||
|
||||
Regularly assessing your exposure to leaked secrets is good practice to help identify vulnerabilities, implement necessary security measures, and ensure that any compromised secrets are promptly rotated and invalidated. See industry examples and in-depth discussion in [Understanding your organization's exposure to secret leaks](https://resources.github.com/enterprise/understanding-secret-leak-exposure) in {% data variables.product.github %} Executive Insights.
|
||||
|
||||
## About {% data variables.product.prodname_secret_risk_assessment %}
|
||||
|
||||
{% ifversion fpt %}
|
||||
|
||||
>[!TIP] This report is only available if you are on the {% data variables.product.prodname_team %} plan. For information about the plan and how to upgrade, see [{% data variables.product.prodname_team %}](/get-started/learning-about-github/githubs-plans#github-team) and [Upgrading your organization's plan](/billing/managing-the-plan-for-your-github-account/upgrading-your-accounts-plan#upgrading-your-organizations-plan).
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% data reusables.secret-risk-assessment.report-intro %}
|
||||
|
||||
The {% data variables.product.prodname_secret_risk_assessment %} report provides the following insights:
|
||||
|
||||
* **Total secrets**—Aggregate count of exposed secrets detected within the organization.
|
||||
* **Public leaks**—Distinct secrets found in your organization's public repositories.
|
||||
* **Preventable leaks**—Secrets that could have been protected, using {% data variables.product.prodname_GH_secret_protection %} features such as {% data variables.product.prodname_secret_scanning %} and push protection.
|
||||
* **Secret locations**—Locations that are scanned for the report. {% data reusables.secret-risk-assessment.what-is-scanned %}
|
||||
* **Secret categories**—Distribution of the types of secrets that are leaked. Secrets can be partner secrets, which are strings that match secrets issued by service providers in our partner program, or generic secrets, which are non-provider patterns such as SSH keys, database connection strings, and JSON web tokens.
|
||||
* **Repositories with leaks**—Repositories where leaked secrets were detected, out of all the repositories scanned.
|
||||
|
||||
{% data reusables.security-overview.secret-risk-assessment-report-generation-cadence %}
|
||||
|
||||
Because the {% data variables.product.prodname_secret_risk_assessment %} report is based on **your repositories**, regardless of the enablement status of {% data variables.product.prodname_GH_secret_protection %} features, you can see your current exposure to leaked secrets, and understand better how {% data variables.product.github %} can help you prevent future secret leaks.
|
||||
|
||||
## Next steps
|
||||
|
||||
To start analyzing your organization's secret risk, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/assess-your-secret-risk).
|
||||
@@ -0,0 +1,68 @@
|
||||
---
|
||||
title: 'About secret security with GitHub'
|
||||
shortTitle: 'Secret protection tools'
|
||||
intro: 'Learn how {% data variables.product.github %}''s security tools can help you identify, remediate, and prevent secret leaks.'
|
||||
product: '{% data reusables.gated-features.secret-protection %}'
|
||||
permissions: 'Organizations on {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %}'
|
||||
contentType: concepts
|
||||
versions:
|
||||
feature: secret-risk-assessment
|
||||
topics:
|
||||
- Code Security
|
||||
- Secret scanning
|
||||
- Secret Protection
|
||||
- Organizations
|
||||
- Security
|
||||
redirect_from:
|
||||
- /code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment
|
||||
---
|
||||
|
||||
{% data variables.product.github %} provides tools to help you understand and address your organization's exposure to leaked secrets:
|
||||
|
||||
- **Secret risk assessment**: A free, on-demand scan that reveals your organization's current exposure to leaked secrets.
|
||||
- **{% data variables.product.prodname_GH_secret_protection %}**: A comprehensive suite of features that detects existing secrets and prevents new leaks across your repositories.
|
||||
|
||||
## Secret risk assessment
|
||||
|
||||
The secret risk assessment provides organization owners and security managers with a free point-in-time scan of their organization's repositories to identify leaked secrets like API keys, tokens, and passwords.
|
||||
|
||||
{% data variables.secret-scanning.secret-risk-assessment-cta-product %}
|
||||
|
||||
### What the assessment shows
|
||||
|
||||
The assessment report includes:
|
||||
|
||||
- **Total secrets detected**: The aggregate count of exposed secrets in your organization.
|
||||
- **Public leaks**: Secrets found in public repositories that are accessible to anyone.
|
||||
- **Preventable leaks**: Secrets that could have been blocked with push protection enabled.
|
||||
- **Secret categories**: The distribution of secret types (such as AWS keys, {% data variables.product.github %} tokens, or generic passwords).
|
||||
|
||||
### Why assess your risk
|
||||
|
||||
Regular assessment helps prevent:
|
||||
* Unauthorized access to your systems and data
|
||||
* Service disruptions from compromised credentials
|
||||
* Regulatory compliance issues
|
||||
* Financial loss from resource misuse
|
||||
* Reputational damage from security incidents
|
||||
|
||||
## {% data variables.product.prodname_GH_secret_protection %}
|
||||
|
||||
{% data variables.product.prodname_GH_secret_protection %} is a {% data variables.product.prodname_GH_advanced_security %} product containing a suite of features designed to prevent, detect, and assist in remediating secret leaks in your organization.
|
||||
|
||||
While the {% data variables.product.prodname_secret_risk_assessment %} provides a point-in-time view of your organization's current secret exposure, {% data variables.product.prodname_GH_secret_protection %}:
|
||||
|
||||
* **Implements continuous monitoring** and expands scanned surfaces beyond code to include pull requests, issues, wikis, and discussions
|
||||
* **Prevents secret leaks** by blocking commits containing secrets before they are saved to {% data variables.product.github %}
|
||||
* **Creates actionable alerts** that can be grouped into campaigns and assigned to team members for remediation
|
||||
* **Meets your specific needs** by scanning for patterns unique to your organization and unstructured secrets like passwords
|
||||
* **Supports governance at scale** with settings dictating who can bypass protections and dismiss alerts
|
||||
* **Surfaces key analytics** through a view dedicated to your organization's secret security
|
||||
|
||||
Through these features, {% data variables.product.prodname_GH_secret_protection %} provides complete coverage for your organization, reducing the risk of costly secret leaks and high-effort remediation processes.
|
||||
|
||||
For more information about the specific features of {% data variables.product.prodname_GH_secret_protection %}, see [AUTOTITLE](/code-security/getting-started/github-security-features#available-with-github-secret-protection).
|
||||
|
||||
## Next steps
|
||||
|
||||
Now that you know how {% data variables.product.github %} can help keep your secrets safe, you should assess your organization's current exposure to leaked secrets. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/assess-your-secret-risk).
|
||||
@@ -28,7 +28,6 @@ topics:
|
||||
|
||||
> [!NOTE]
|
||||
> You can only generate a secret risk assessment report once every 90 days.
|
||||
|
||||
{% data reusables.organizations.navigate-to-org %}
|
||||
{% data reusables.organizations.security-overview %}
|
||||
{% data reusables.security-overview.open-assessments-view %}
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
---
|
||||
title: 'Understanding your organization''s exposure to leaked secrets'
|
||||
title: Understanding your organization's exposure to leaked secrets
|
||||
shortTitle: Exposure to leaked secrets
|
||||
intro: 'You can generate a secret risk assessment report to evaluate the extent of your organization''s vulnerability to leaked secrets. Decide whether to enable {% data variables.product.prodname_secret_protection %} to protect your organization from further leaks.<br>{% data variables.secret-scanning.secret-risk-assessment-cta-product %}'
|
||||
intro: You can generate a secret risk assessment report to evaluate the extent of your organization's vulnerability to leaked secrets. Decide whether to enable {% data variables.product.prodname_secret_protection %} to protect your organization from further leaks.<br>{% data variables.secret-scanning.secret-risk-assessment-cta-product %}
|
||||
versions:
|
||||
feature: secret-risk-assessment
|
||||
topics:
|
||||
@@ -11,7 +11,7 @@ topics:
|
||||
- Code Security
|
||||
- Security
|
||||
children:
|
||||
- /about-secret-risk-assessment
|
||||
- /about-secret-security-with-github
|
||||
- /assess-your-secret-risk
|
||||
- /viewing-the-secret-risk-assessment-report-for-your-organization
|
||||
- /export-risk-report-csv
|
||||
|
||||
@@ -17,7 +17,7 @@ roi-calculator: 'ROI calculator'
|
||||
pricing-calculator: 'pricing calculator'
|
||||
|
||||
# Secret risk assessment call to action links. If changing the links below, also update the hard-coded link in /code-security/index.md
|
||||
secret-risk-assessment-cta-link: '/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization#generating-an-initial-secret-risk-assessment'
|
||||
secret-risk-assessment-cta-link: '/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/assess-your-secret-risk'
|
||||
secret-risk-assessment-cta-text: 'Find out how to run a free secret risk assessment'
|
||||
secret-risk-assessment-cta-product: '[<span class="btn btn-primary mt-3 mr-3 no-underline">{% data variables.secret-scanning.secret-risk-assessment-cta-text %}</span>](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization#generating-an-initial-secret-risk-assessment)'
|
||||
|
||||
|
||||
Reference in New Issue
Block a user