GitHub has expanded its token scanning capabilities from initially focusing on GitHub OAuth tokens to now include various credentials from cloud service providers, such as unencrypted SSH private keys. This initiative addresses the security complexities inherent in modern software development, where developers use numerous cloud services, each requiring credentials that, if exposed, can lead to significant risks like unauthorized access to sensitive data or misuse of computing resources. Initially relying on hand-tuned assembly to identify GitHub OAuth tokens, GitHub has transitioned to using the Hyperscan library by Intel, which allows for a more scalable and efficient scanning process across different credential formats. The implementation involved collaboration with cloud service providers through a private beta, where credentials found in public repositories are validated and addressed by the providers. Feedback from this beta has been positive, leading to the public beta announcement of Token Scanning, which now supports a growing list of cloud providers. The goal is to reduce the security risks associated with credential exposure in software development while continuing to enhance the tool's effectiveness.