About token scanning

GitHub scans public repositories for known token formats, to prevent fraudulent use of credentials that were committed accidentally.

Note: token scanning is currently in beta and subject to change.

token scanning for public repositories

When you push commits to a public repository, or switch a private repository to public, GitHub scans the contents of the commits or repository for tokens issued by the following service providers:

When GitHub detects a set of credentials, we notify the service provider who issued the token. The service provider may revoke the token, issue a new token, or reach out to you directly.

Ask a human

Can't find what you're looking for?

Contact us