GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.
We have partnered with DevCycle to scan for their SDK tokens and help secure our mutual users on public repositories. DevCycle tokens allow users to target and toggle feature flags by environment and platform. GitHub will forward access tokens found in public repositories to DevCycle, who will immediately mark the token as compromised. More information about DevCycle Tokens can be found here.
GitHub Advanced Security customers can also scan for DevCycle tokens and block them from entering their private and public repositories with push protection.