GitHub secret scanning protects users by searching repositories for known types of secrets such as tokens and private keys. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.
We have partnered with Canva to scan for their tokens to help secure our mutual users in public repositories. Canva tokens enable users to perform authentication for their Canva Connect API integrations. GitHub will forward any exposed tokens found in public repositories to Canva, who will then rotate the token and notify the user about the leaked token. Read more information about Canva tokens.
GitHub Advanced Security customers can also scan for and block Canva tokens in their private repositories.