Skip to content

Tencent Weixin now partners with GitHub to notify users if their credentials are exposed in a public repository

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.

We have partnered with Tencent Weixin to scan for their tokens and help secure our mutual users on all public repositories and private repositories with GitHub Advanced Security. Tencent Weixin tokens allow users to verify the Weixin Official Accounts and Mini Programs developers, obtain sensitive information on business applications and can be used to verify merchant identities.

GitHub will forward access tokens found in public repositories to Tencent Weixin, who will notify affected users. Tencent Weixin encourages users to delete leaked API tokens on GitHub and to create a new token. More information about Tencent Weixin tokens can be found here.

Learn more about secret scanning
Partner with GitHub on secret scanning

Secret scanning alerts for third party API key detections now include a link to relevant documentation provided by the service provider, where available. These links are intended to help users better understand detections and take appropriate action.

The links will appear in the alert view for all repositories with secret scanning enabled. You can enable secret scanning on your public repositories and any private repository with GitHub Advanced Security. If you have feedback on any provided links, please write us a note in our code security discussion.

example alert with provider docs

For more information:

See more

GitHub Actions hosted runner images are now more secure than ever, with the ability to see exactly what software is pre-installed on the image that was used by the runner during your build. GitHub now attaches a software bill of materials (SBOM) as an asset to each image release for Ubuntu and Windows. Support for Mac runners is targeted for Q1 2023.

In the context of GitHub Actions hosted runners, an SBOM details the software pre-installed on the virtual machine that is running your Actions workflows. This is useful in the situation where there is a vulnerability detected, you will be able to quickly tell if you are affected or not. If you are building artifacts, you can include this SBOM in your bill of materials for a comprehensive list of everything that went into creating your software.

To check out the new files, head over to the runner-images repository release page now or check out our docs for more information.

See more