From today, GitHub will scan every commit to a public repository for exposed crates.io keys. We will forward any tokens we find to crates.io, who will automatically disable the tokens and notify their owners. The end-to-end process takes only a few seconds.
Crates.io is the latest GitHub secret scanning integrator; since 2018, GitHub has partnered with over 100 token issuers to help keep our mutual customers safe. We continue to welcome new partners for public repository secret scanning. In addition, GitHub Advanced Security customers can scan their private repositories for leaked secrets.