Login credentials for other services, such as Amazon Web Services, are occasionally mistakenly included in code and supporting files uploaded to GitHub. Hackers that acquire access to the code can gain access to linked services, allowing them to steal more information and disrupt operations.
Data can be exposed to unintentional deletion, malware, corruption, and other security issues, whether on-premise or in the cloud. GitHub is not immune to these risks because it is a cloud-based service.
Code scanning - Examine your code for potential security flaws and coding faults. See "About code scanning" for further details. Scanning for secrets - Look for secrets, such as keys and tokens, that have been checked into the repository.
These capabilities are accessible for free on GitHub.com for public repositories. Enterprise accounts on GitHub Enterprise Cloud and GitHub Enterprise Server 3.0 or higher can use GitHub Advanced Security. All public repositories on GitHub.com contain GitHub Advanced Security.
While GitHub is secure in and of itself, if you don't protect your account, it can be hacked - owing to flaws that you developed, not GitHub. The importance of a strong password should be self-evident. To protect your repository, don't use any passwords you've used elsewhere, and change your password frequently.