GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.

We have partnered with ReadMe to scan for their API keys and help secure our mutual users on public and private repositories. ReadMe’s API keys allow users to sync OpenAPI and Markdown files to their developer hubs using the rdme GitHub Action, as well as perform other programmatic updates using the ReadMe API. We’ll forward exposed API keys found in public repositories to ReadMe, who will immediately revoke the token and notify the project administrators via email. More information about ReadMe’s API keys can be found here.

GitHub Advanced Security customers can also scan for ReadMe tokens and block them from entering their private and public repositories with push protection.