Secret scanning is adding validity check support for 12 additional token types across 11 providers. In addition to previously announced token types, you will now see validity checks for the following token types:

Provider Pattern Validity
Apify apify_api_token
Asaas asaas_api_token
Cockroach Labs ccdb_api_key
Fullstory fullstory_api_key*
Grafana grafana_cloud_api_token
Polar polar_access_token**
RunPod runpod_api_key
Sourcegraph sourcegraph_instance_identifier_access_token
Sourcegraph sourcegraph_access_token
Telnyx telnyx_api_v2_key
Val Town val_town_api_token
Yandex yandex_cloud_api_key

* Includes support for the Fullstory API Key Legacy and Fullstory API Key versions.
** Includes support for the Polar Access Token and Polar Legacy API Token versions.

What are validity checks?

Validity checks indicate if the leaked credentials are active and could still be exploited. If you’ve previously enabled validation checks for a given repository, GitHub will now automatically verify validity for alerts on supported token types. View the full list of supported secret types in our product documentation.