Users with access to secret scanning alerts can now view metadata for any active GitHub token leaked in their repositories. Metadata includes details like the token's owner, expiration date, and access permissions. With this information, security teams can assess a leak's potential impact and prioritize remedial action accordingly.
This feature builds on our previous release in January, which introduced validity checks for leaked GitHub tokens.
- Learn how to review GitHub token metadata
- Learn more about secret scanning
- Got feedback? Open a discussion in our code security discussion.