Improvement
Secret scanning adds 10+ new validators, including Square, Wakatime, and Yandex
Secret scanning is adding validity check support for several additional secret types across multiple providers. In addition to previously announced validators, GitHub is adding validity check support for the following token types:
| Provider | Pattern | Validity |
|---|---|---|
| Bitrise | bitrise_workspace_api_token |
✓ |
| Groq | groq_api_key |
✓ |
| Siemens | siemens_api_token |
✓ |
| Square | square_access_token* |
✓ |
| Uniwise | wiseflow_api_key |
✓ |
| Wakatime | wakatime_api_key |
✓ |
| Wakatime | wakatime_oauth_access_token |
✓ |
| WorkOS | workos_staging_api_key |
✓ |
| WorkOS | workos_production_api_key |
✓ |
| Yandex | yandex_cloud_iam_token |
✓ |
* Validation is available for the following token versions: Square Access Token, Legacy Production Access Token, and Legacy Sandbox Access Token.
What are validity checks?
Validity checks indicate if the leaked credentials are active and could still be exploited. If you’ve previously enabled validity checks for a given repository, GitHub will now automatically verify validity for alerts on supported token types. View the full list of supported secret types in our product documentation.