Secrets in unlisted GitHub gists are now reported to secret scanning partners
14 days ago
- #Secret Scanning
- #GitHub
- #Security
- GitHub now reports leaked secrets in unlisted gists to secret scanning partners.
- Unlisted gists (secret label) are not private and can be accessed via URL.
- GitHub partners with companies like AWS, OpenAI, and Stripe to detect and notify about leaked secrets.
- Secret scanning alerts notify both the issuer and the developer if scanning is enabled.
- GitHub gists are code snippets that can be public or secret, but secret gists are not private.
- Public gists are searchable and appear in Discover, while secret gists are only accessible via URL.
- For truly private code, a private repository is recommended over a secret gist.