Skip to content

Secret scanning now shows metadata for active GitHub tokens

Users with access to secret scanning alerts can now view metadata for any active GitHub token leaked in their repositories. Metadata includes details like the token's owner, expiration date, and access permissions. With this information, security teams can assess a leak's potential impact and prioritize remedial action accordingly.

This feature builds on our previous release in January, which introduced validity checks for leaked GitHub tokens.


Commenting on files (including deleted, binary, and renamed files) in a pull request is now generally available on the web and GitHub Mobile! A special thank you to everyone that provided feedback during the public beta.

API support is also now available. See create a review comment (REST API) or addPullRequestReviewThread (GraphQL mutation) for more details on commenting on files. A new "subject type" field is also now returned by other APIs indicating whether a comment is on a line or file.

Learn more

Learn more about commenting on a pull request.

See more