Exercise
This hands-on exercise guides you on using GitHub to scan for secrets and prevent secret leaks.
Intro to secret scanning exercise
GitHub scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally. In this GitHub Skills course you will learn how to enable secret scanning to identify secrets and prevent them from being committed to your repository.
- Who this is for: Developers, DevOps Engineers, Security practitioners
- What you'll learn: How to identify plain-text credentials in your repository and how to prevent them from being written in the first place
- Prerequisites: Basics of git and GitHub functionality
- Timing: This course takes less than 15 minutes to complete
Here are some helpful tips before you begin the exercise:
- After opening the exercise repository, right-click Start course, and open the link in a new tab.
- In the new tab, most of the prompts will automatically fill in for you.
- For owner, choose your personal account or an organization to host the repository.
- We recommend creating a public repository, as private repositories will use Actions minutes.
- Scroll down and click the Create repository button at the bottom of the form.
- After your new repository is created, wait about 20 seconds, then refresh the page. Follow the step-by-step instructions in the new repository's README.
This exercise is a walkthrough based on content covered in this module. It may take several attempts to complete the activities, you can revisit previous content in this module, or go to some of the additional resources provided as many times as you want to find the solution.
When you've finished the exercise in GitHub, return here for:
- A quick knowledge check
- A summary of what you've learned
- A badge for completing this module