Grafana Labs has partnered with GitHub to enhance security by implementing GitHub's secret-scanning feature for public repositories, focusing on protecting various Grafana-related secrets such as service account tokens and API keys. GitHub monitors public repositories for leaked secrets and notifies Grafana Labs when any of these secret types are exposed. Grafana Labs uses the Secret Scanning API to verify if their secrets have been made public by comparing hash values. Currently, GitHub can prevent most Grafana secrets from being pushed to public repositories if push protection is enabled, and Grafana Labs supports automatic revocation of Grafana Service account tokens, with plans to expand this support. To enable secret scanning for self-hosted and Grafana Cloud instances, users must follow specific setup instructions, and Grafana Labs is working on improving the remediation process for leaked secrets. Additionally, Grafana Labs has introduced a bug bounty program and encourages users to stay updated with their security releases and blog posts.