GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.
We have partnered with UNIwise to scan for their access tokens and help secure our mutual users on public and private repositories. The WISEflow API Key allows for institutions to manage key aspects of their license, such as exams and their life cycle. GitHub forwards access tokens found in public repositories to UNIwise, who will immediately disable the API Key and contact the customer. More information about WISEflow API Keys can be found here
GitHub Advanced Security customers can also scan for UNIwise tokens and block them from entering their private and public repositories with push protection.
GitHub Enterprise Cloud customers can elect to participate in a public beta to configure audit log streaming to AWS S3 with OpenID Connect (OIDC). Audit log streaming configured with OIDC eliminates storage of long-lived cloud secrets on GitHub by using short-lived tokens exchanged via REST/JSON message flows for authentication.
For additional information, please follow the instructions for setting up audit log streaming to AWS S3 with OpenID Connect.
Dependabot alerts listed at the organization level are now easier to prioritize with the new "Most Important" sort, which released recently for the repository list view of Dependabot alerts.
Learn more about Dependabot alerts and the Security overview.