GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, we help protect users from data leaks and fraud associated with exposed data.
We have partnered with Supabase to scan for their API keys, which allow users to update and access database changes. We'll forward the API keys that we find in public repositories to Supabase, who will automatically revoke the detected secrets and notify the affected users.
We continue to welcome new partners for public repository secret scanning. GitHub Advanced Security customers can also scan their private repositories for leaked secrets.