Starting today, when linking to a Dependabot alert in an issue and or pull requests, anyone with permissions to view the alert will see a rich Dependabot alert mention, with detailed hovercard and a prettified link with the title of the alert.

Card details include:

  • Alert title, repository, and description
  • Date that the alert was opened
  • Alert severity and status (fixed, dismissed, or open).

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.

We have partnered with Twilio Segment to scan for their tokens and help secure our mutual users on all public repositories, and private repositories with GitHub Advanced Security. Twilio Segment tokens allow users to programmatically manage their workspaces. GitHub will forward access tokens found in public repositories to Twilio Segment, who will immediately revoke the token and notify workspace owners. You can learn more about Twilio Segment tokens here.

GitHub Advanced Security customers can also block Twilio Segment tokens from entering their private and public repositories with push protection.

