Secret Scanning

Security
Making secret scanning more trustworthy: Reducing false positives at scale
Alerts are more trustworthy and actionable when noise is reduced. See how we improved the verification step with context-aware LLM reasoning.Mariko WakabayashiJune 11, 2026
Learn more
Application security
GitHub found 39M secret leaks in 2024. Here’s what we’re doing to help
Every minute, GitHub blocks several secrets with push protection—but secret leaks still remain one of the most common causes of security incidents. Learn how GitHub is making it easier to protect yourself from exposed secrets, including today’s launches of standalone Secret Protection, org-wide scanning, and better access for teams of all sizes.Erin HavensApril 1, 2025
Learn more
Platform security
Finding leaked passwords with AI: How we built Copilot secret scanning
Passwords are notoriously difficult to detect with conventional programming approaches. AI can help us find passwords better because it understands context. This blog post will explore the technical challenges we faced with building the feature and the novel and creative ways we solved them.Ashwin Mohan, Courtney ClaessensMarch 4, 2025
Learn more
Product
Keeping secrets out of public repositories
With push protection now enabled by default, GitHub helps open source developers safeguard their secrets, and their reputations.Eric Tooley, Courtney ClaessensFebruary 29, 2024
Learn more
Product
Introducing secret scanning validity checks for major cloud services
Secret scanning now performs validity checks for select AWS, Microsoft, Google, and Slack tokens.Zain Malik, Courtney ClaessensOctober 4, 2023
Learn more
Product
Announcing general availability of GitHub Advanced Security for Azure DevOps
GitHub Advanced Security for Azure DevOps is now generally available. Enable secret scanning, dependency scanning, and code scanning on your organization directly in Azure DevOps configuration settings.Walker ChabbottSeptember 20, 2023
Learn more
Product
Enhanced push protection features for developers and organizations
Introducing two new secret scanning push protection features that will enable individual developers to protect all their pushes and organizations to gain insights and trends across their repositories.Zain Malik, Courtney ClaessensAugust 9, 2023
Learn more
Product
Announcing the public preview of GitHub Advanced Security for Azure DevOps
GitHub Advanced Security for Azure DevOps is now available for public preview, making GitHub’s same application security testing tools natively available on Azure Repos.Walker ChabbottMay 23, 2023
Learn more
Product
Push protection is generally available, and free for all public repositories
Announcing the general availability of push protection–a feature that proactively prevents secret leaks in your public and private repositories.Zain Malik, Mariam SulakianMay 9, 2023
Learn more
Product
Secret scanning alerts are now available (and free) for all public repositories
Secret scanning alerts are now generally available for all public repositories. Admins can now turn on the alert experience with one click.Zain Malik, Mariam SulakianFebruary 28, 2023
Learn more
Application security
Remediation made simple: Introducing new validity checks for GitHub tokens
GitHub now tells you whether GitHub tokens found by secret scanning are active so you can prioritize and escalate remediation efforts.Mariam SulakianJanuary 19, 2023
Learn more
Application security
Leaked a secret? Check your GitHub alerts…for free
GitHub now allows you to track any leaked secrets in your public repository, for free. With secret scanning alerts, you can track and action on leaked secrets directly within GitHub.Mariam Sulakian, Zain MalikDecember 15, 2022
Learn more
Product
GitHub Advanced Security customers can now push protect their custom patterns
With just one click, admins in GitHub Advanced Security organizations can protect their custom patterns on push.Mariam Sulakian, Zain MalikDecember 15, 2022
Learn more
Product
Detect secrets in your code more accurately with dry runs for custom patterns now available in GitHub Advanced Security
Learn how you can seamlessly define trusted custom secret patterns to detect secrets unique to your organization with GitHub Advanced Security.Brittany O'Shea, Mariam SulakianOctober 5, 2022
Learn more
Secure software development
All GitHub Enterprise users now have access to the security overview
Today, we’re expanding access to the GitHub security overview! All GitHub Enterprise customers now have access to the security overview, not just those with GitHub Advanced Security. Additionally, all users within an enterprise can now access the security overview, not just admins and security managers.Brittany O'Shea, Kelly ArwineAugust 8, 2022
Learn more