GitHub Secret Scanning - Deep Dive

🚀 It is time to dive deep into GitHub Secret Scanning and look at all the different features available. GitHub Secret Scanning is available bundled into GitHub Advanced Security (GHAS) or as a standalone product. In this video, we break down GitHub Secret Scanning in detail covering: ✅ What is GitHub Secret Scanning and how does it work ✅ How to enable GitHub Secret Scanning ✅ What are the individual features available with GitHub Secret Scanning In this video we show how to implement secret scanning at the repository level. We do this to make it easier for you to understand the different available features. In future videos we will show you how to enable it at scale across multiple repositories and organizations. Perfect for developers, DevOps engineers, and security professionals who want to understand how GitHub Secret Scanning can help find and stop secrets earlier in the development process and keep your code safe. --- ## Timestamps 0:00 Introduction 0:33 What is GitHub Secret Scanning? 1:21 How GitHub Secret Scanning Works 2:00 Time to start the demo 2:57 GHAS Bootcamp repository template 4:50 Enable Secret Scanning and view results 12:00 Verify if the secret is active 16:00 Enable non-provider patterns 16:30 Enable scan for generic passwords with AI 19:32 Enable push protection 30:39 Enable push protection approval 38.23 Enable alert dismissal approval 43.06 Enable custom secret scanning patterns 45.39 Use secret_scanning.yml to ignore files/folders for secrets 47:29 Thanks for watching / Subscribe to the channel! --- GHAS VIDEO SERIES - Perfect for preparing for the GHAS certification 📽️01 - Introduction to GitHub Advanced Security - https://www.youtube.com/watch?v=mtxlvWYjIxc 📽️02 - GitHub Secret Scanning - Deep Dive - https://youtu.be/8n5Kikl14fE 📽️03 - GitHub Code Scanning - Deep Dive 📽️04 - Copilot Autofix 📽️05 - Security Dashboards 📽️06 - Enabling GHAS using security configurations 📽️07 - Dependency Review --- 👍 Found this helpful? Like and subscribe for more GitHub security content! 💬 Questions about GHAS? Drop them in the comments below! 🔔 Hit the bell icon to stay updated on the latest security tutorials! Related Videos: - Free Secret Risk Assessment - https://www.youtube.com/watch?v=LS6JlJOD--w - Fix Security Alerts Fast with Copilot Autofix - https://www.youtube.com/watch?v=jNLASUQIJAs Resources: - GitHub Advanced Security Documentation: https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security - GitHub Security Features Overview: https://github.com/features/security --- 🌐 FIND ME 👉 Blog: https://mickeygousset.com 👉 GitHub: https://github.com/mickeygousset 👉 Twitter/X: https://x.com/mickey_gousset