GitHub has expanded the secret scanning capabilities of its code hosting platform for GitHub Advanced Security customers.

The new feature, known as push protection, enables Advanced Security customers to automatically block secret leaks and is designed to prevent accidental disclosure of credentials before code is transferred to remote repositories.

“With push protection, GitHub will check for high-confidence secrets as developers push code and block the push if a secret is identified. To make this possible without disrupting development productivity, push protection only supports token types that can be detected accurately,” GitHub said.

Once GitHub Enterprise Cloud identifies a secret before pushing the code, the git is blocked. This allows developers to review and remove the secrets from the code they tried to push to remote repos.

GitHub Advanced Security customers can enable the feature at both the repository and organizational levels. They can do this through the API or with just one click from the user interface.