Secret scanning is adding validity check support for additional token types.

Validity checks indicate if the leaked credentials are active and could still be exploited. If you’ve previously enabled validation checks for a given repository, GitHub will now automatically verify validity for alerts on supported token types. In addition to token types announced in our previous changelogs, you will now see validity checks for the following token types:

  • Doppler personal token (DOPPLER_PERSONAL_TOKEN)
  • Defined Networking Nebula API key (DEFINED_NETWORKING_NEBULA_API_KEY)

Call for feedback

Help shape the future of GitHub by responding to this 10 minute survey. If you’re eligible to complete it, you’ll receive $15 compensation for your time.