If you commit a secret to a public repository, the whole world can see it. GitHub secret scanning helps protect you from fraud and data breaches by scanning for leaked API tokens and, via our partners, automatically notifying you and/or revoking them.
In addition to our 33 existing partners, GitHub has now partnered with Doppler to scan for their API tokens. When we find a Doppler API token committed to a public repository we notify Doppler so they can automatically revoke it and notify the token owner. When we find a Doppler API token committed to a private repository with secret scanning enabled we notify the repository owner so they can take action.
GitHub Apps and OAuth Apps now feature GA support for the OAuth 2.0 Device Authorization Grant, in addition to the existing Web Application Flow. This allows any CLI client or developer tool to authenticate using a secondary system with a browser. GitHub CLI uses this authentication method on the login command.
Read the full documentation on Authorizing OAuth Apps and Authorizing Users for GitHub Apps for more information.
GitHub Advanced Security customers can now view and resolve private repository secret scanning results via the GitHub REST API. In addition, a webhook is available whenever a new committed secret is detected. The new API endpoints and webhooks will be in beta until early next year.
For more information: