safety
Secret Scanning Adds Context Before the Alert Queue
GitHub added new token detectors, a webhook category field, expanded push protection, and enterprise-level public-leak summaries.
Summary
GitHub added new token detectors, a webhook category field, expanded push protection, and enterprise-level public-leak summaries.
GitHub's July 15 secret-scanning update added detectors for APIclub and Resend tokens and made VolcEngine keys blocked by push protection by default where secret scanning is enabled. A new secret_category field distinguishes provider and custom patterns from generic and AI-detected secrets in webhook payloads. Public-monitoring alert lists now summarize leak attribution, enterprise member counts, and verified domains before teams open individual alerts. The changes improve routing and situational context; they do not remove the need to revoke exposed credentials or investigate the underlying repository history.
Why it matters
GitHub added new token detectors, a webhook category field, expanded push protection, and enterprise-level public-leak summaries.
Limits and context
- The changes improve routing and situational context; they do not remove the need to revoke exposed credentials or investigate the underlying repository history.
Key claims
GitHub added new token detectors, a webhook category field, expanded push protection, and enterprise-level public-leak summaries.
Qualification: The changes improve routing and situational context; they do not remove the need to revoke exposed credentials or investigate the underlying repository history.
Evidence: source-2026-07-16-016
Sources
- GitHub Changelog: Improvements to secret scanning and public monitoringGitHub · secondary reporting
Corrections
No corrections have been recorded for this story.