GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, we help protect users from data leaks and fraud associated with exposed data.
We have partnered with redirect.pizza, a domain redirection service, to scan for their API tokens and help secure our mutual users. Their API keys allow users to create, update, and delete redirects. We'll forward API tokens found in public repositories to redirect.pizza, who will notify the user by email and automatically revoke the token. More information about redirect.pizza’s API tokens can be found here.
GitHub Advanced Security customers can also scan for redirect.pizza API keys and block them from entering their private and public repositories via secret scanning’s push protection feature.