GitHub Token Scanning—one billion tokens identified and five new partners

GitHub has implemented a token scanning feature to enhance the security of its users by detecting and preventing the misuse of accidentally shared credentials in repositories. This initiative, introduced about a year ago, has resulted in collaboration with multiple service providers, including Atlassian, Dropbox, Discord, Proctorio, and Pulumi, to scan for their specific token formats, joining other major partners like AWS, Google Cloud, and Slack. The system operates by scanning nearly nine million daily commits for known token formats and notifying the relevant service provider within seconds if a match is found, allowing the provider to revoke the token and notify users before potential misuse. GitHub encourages more service providers to join this effort, which involves setting up an API endpoint and defining regular expressions to match their token formats, to proactively mitigate security breaches.