GitHub secret scanning helps protect users by searching repositories for known types of secrets. By flagging leaked secrets, our scans can prevent data leaks and prevent the fraudulent use of accidentally committed secrets.

We have partnered with Meta to scan for their access tokens and help keep our mutual users secure. Our scan currently covers Facebook user access tokens and page access tokens. These tokens provide permissions to APIs that read, write, or modify the data belonging to a Facebook user or page.

We'll forward access tokens found in public repositories to Meta. Meta will then automatically invalidate tokens that have a valid session and notify app developers.

We continue to welcome new partners for public repo secret scanning. GitHub Advanced Security customers can also scan their private repositories for leaked secrets.