Serg Nvns - Fotolia
Microsoft recently announced that GitHub will now offer unlimited private code repositories for free. Will more private repositories help improve security for enterprises and limit things like accidental credential exposures on GitHub?
Nothing on the internet, or really anywhere in life, is free. There's always a cost somewhere or some sort of limitation.
Some supposedly free services are actually paid for via advertising or by selling user data, which can have a significant impact on privacy. Some software may be open source and free, but there could be an implementation cost. Other companies offer software and services free of charge to prospective customers, but, in many cases, these versions are limited in functionality.
After acquiring GitHub in 2018, Microsoft recently launched a new GitHub Free service that includes unlimited private code repositories and other features, as well as free public usage of the site. But it includes some restrictions, too.
Although these new capabilities are offered free of charge, Github Free repositories are limited to three developers. Despite this constraint, the new offering might be attractive enough to induce a small team or an individual to consider using GitHub Free.
For some companies, the private repositories service represents a significant improvement, enabling them to test out the functionality without having to use public repositories. For others, however, this restriction might be significant enough to keep them from using the service.
Private repositories are intriguing because they offer security protections that public repositories don't, such as ensuring that sensitive data like passwords, SSH keys, API keys and other information isn't accidently exposed. This sensitive information is best stored in a private repository with a publishing process in place to make the appropriate data public as needed.
Given the limitations of GitHub Free, it's unlikely most enterprises will be able to take advantage of the private repositories service. While it may be possible to share GitHub accounts to overcome the three-developer restriction, this tactic could lead to many different problems and, more importantly, it could violate good security practices.
Dig Deeper on Open source security tools and software
Related Q&A from Nick Lewis
Enterprises have many options for email security best practices, ranging from deploying email security protocols to educating end users on the ... Continue Reading
Cyberattacks often begin with a port scan attack, which attackers use to find exploitable vulnerabilities on targeted systems. Learn how they work ... Continue Reading
Monitoring process memory is one way to combat fileless malware attacks. Here's what you can do to protect your network against these campaigns. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.