Exercise - Introduction to secret scanning

In this lab, you will learn how to use GitHub's secret scanning feature to detect and prevent the exposure of sensitive credentials in your repositories. Secret scanning automatically detects tokens, passwords, and other credentials that may have been accidentally committed to your repository.

You will learn how to:

• Understand what secret scanning is
• Enable secret scanning in repositories
• Review and resolve secret alerts
• Prevent secrets from being committed
• Use secret scanning patterns
• Implement security best practices

This lab takes approximately 30 minutes to complete.

Before you start

To complete the lab, you need:

• A GitHub user account. If you don't have one, you can create a new account. If you need instructions on how to create a GitHub account, refer to the article Creating an account on GitHub.
• A web browser with access to the internet.

Complete the exercise on GitHub

In this exercise, you'll learn about secret scanning through a hands-on GitHub Skills exercise.

Note: This exercise is hosted on GitHub Skills and provides an interactive learning experience. You'll learn how to detect, review, and resolve exposed secrets.

The exercise consists of the following activities:

1. Start a web browser and navigate to the exercise repository: https://github.com/skills-dev/introduction-to-secret-scanning

2. On the exercise page, select the Use this template button to copy the exercise to your GitHub account.

   Note: Simply copy the exercise to your account, then give GitHub about 20 seconds to prepare the first lesson, then refresh the page.

3. Follow the instructions on the repository's README to complete all the challenges.

4. Work through each step in the exercise, following the prompts and instructions provided.

   Note: Secret scanning helps prevent credential leaks by detecting known secret patterns in your code.

5. When you finish all the challenges, you'll understand how to use secret scanning to protect your repositories.

What you've learned

After completing this exercise, you should be able to:

• Understand secret scanning functionality
• Enable secret scanning features
• Review and resolve secret alerts
• Prevent credential exposure
• Use secret scanning patterns
• Apply security best practices

Congratulations! You've completed the secret scanning exercise!