Serg Nvns - Fotolia
Microsoft recently announced that GitHub will now offer unlimited private code repositories for free. Will more private repositories help improve security for enterprises and limit things like accidental credential exposures on GitHub?
Nothing on the internet, or really anywhere in life, is free. There's always a cost somewhere or some sort of limitation.
Some supposedly free services are actually paid for via advertising or by selling user data, which can have a significant impact on privacy. Some software may be open source and free, but there could be an implementation cost. Other companies offer software and services free of charge to prospective customers, but, in many cases, these versions are limited in functionality.
After acquiring GitHub in 2018, Microsoft recently launched a new GitHub Free service that includes unlimited private code repositories and other features, as well as free public usage of the site. But it includes some restrictions, too.
Although these new capabilities are offered free of charge, Github Free repositories are limited to three developers. Despite this constraint, the new offering might be attractive enough to induce a small team or an individual to consider using GitHub Free.
For some companies, the private repositories service represents a significant improvement, enabling them to test out the functionality without having to use public repositories. For others, however, this restriction might be significant enough to keep them from using the service.
Private repositories are intriguing because they offer security protections that public repositories don't, such as ensuring that sensitive data like passwords, SSH keys, API keys and other information isn't accidently exposed. This sensitive information is best stored in a private repository with a publishing process in place to make the appropriate data public as needed.
Given the limitations of GitHub Free, it's unlikely most enterprises will be able to take advantage of the private repositories service. While it may be possible to share GitHub accounts to overcome the three-developer restriction, this tactic could lead to many different problems and, more importantly, it could violate good security practices.
Dig Deeper on Open source security tools and software
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading