GitHub scans public repositories for known token formats, to prevent fraudulent use of credentials that were committed accidentally.
Note: Token Scanning is currently in beta and subject to change.
Token Scanning for public repositories
When you push commits to a public repository, or switch a private repository to public, GitHub scans the contents of the commits or repository for tokens issued by the following service providers:
- Amazon Web Services (AWS)
- Google Cloud
When GitHub detects a set of credentials, we notify the service provider who issued the token. The service provider may revoke the token, issue a new token, or reach out to you directly.