GitHub Advisory Database now contains the full corpus of security advisories from the npm security database. More complete npm security data enables us to provide better Dependabot alerts and security updates. The npm security database will continue to publish advisories, but GitHub Advisory Database is now the source of truth for this data.
Secret leaks are one of the most common security mistakes, and they can have disastrous consequences. GitHub Secret Scanning looks for leaked secrets in all public repositories, and enrolled private repositories, and works with the issuer to notify the developer and/or revoke the token as appropriate. This protects users from fraud and data leaks.
In addition to our 29 existing partners, GitHub has partnered with Clojars, Mailchimp, Finicity, and Plivo to scan for their developer tokens! This brings our total number of token scanning partners to 33.