About token scanning
GitHub scans public repositories for known token formats, to prevent fraudulent use of credentials that were committed accidentally.
Note: token scanning is currently in beta and subject to change.
token scanning for public repositories
When you push commits to a public repository, or switch a private repository to public, GitHub scans the contents of the commits or repository for tokens issued by the following service providers:
- Amazon Web Services (AWS)
- Azure
- GitHub
- Google Cloud
- Slack
- Stripe
When GitHub detects a set of credentials, we notify the service provider who issued the token. The service provider may revoke the token, issue a new token, or reach out to you directly.