GitHub secret scanning, a service operational since 2015, is crucial for securing code by detecting and revoking leaked credentials, especially those related to package registries, to prevent widespread software compromise. This initiative has recently expanded to include collaboration with PyPI and RubyGems, alongside existing support for npm, NuGet, and Clojars, to protect the vast open-source ecosystem from vulnerabilities that could affect millions of dependent applications. By automatically scanning public repositories for exposed secrets and working with over 40 cloud providers, GitHub notifies relevant registries to revoke compromised credentials, thereby safeguarding the open-source supply chain. This proactive approach not only secures individual accounts but also prevents potential catastrophic impacts on downstream applications. GitHub continues to enhance this service by incorporating more secret types and collaborating with additional package registries and cloud providers to bolster security measures.