TheMachine Press

A daily newspaper for the age of artificial intelligence.

Morning editionPermanent story

safety

Secret Scanning Adds Context Before the Alert Queue

GitHub added new token detectors, a webhook category field, expanded push protection, and enterprise-level public-leak summaries.

Published Updated Story ID: mp-2026-07-16-027
Read the complete editionStory JSON

Summary

GitHub added new token detectors, a webhook category field, expanded push protection, and enterprise-level public-leak summaries.

GitHub's July 15 secret-scanning update added detectors for APIclub and Resend tokens and made VolcEngine keys blocked by push protection by default where secret scanning is enabled. A new secret_category field distinguishes provider and custom patterns from generic and AI-detected secrets in webhook payloads. Public-monitoring alert lists now summarize leak attribution, enterprise member counts, and verified domains before teams open individual alerts. The changes improve routing and situational context; they do not remove the need to revoke exposed credentials or investigate the underlying repository history.

Why it matters

GitHub added new token detectors, a webhook category field, expanded push protection, and enterprise-level public-leak summaries.

Limits and context

  • The changes improve routing and situational context; they do not remove the need to revoke exposed credentials or investigate the underlying repository history.

Key claims

  1. GitHub added new token detectors, a webhook category field, expanded push protection, and enterprise-level public-leak summaries.

    Qualification: The changes improve routing and situational context; they do not remove the need to revoke exposed credentials or investigate the underlying repository history.

    Evidence: source-2026-07-16-016

Sources

  1. GitHub Changelog: Improvements to secret scanning and public monitoringGitHub · secondary reporting

Corrections

No corrections have been recorded for this story.