tlder@devGitHub Secret Scanning Now Monitors Public github.com Surface for Enterprise Secrets
tlder@dev:~$
Security/Platform Security

GitHub Secret Scanning Now Monitors Public github.com Surface for Enterprise Secrets

  • Shipped

Until now, enterprise secret scanning focused on private repositories. This flips the lens: it continuously scans the entire public surface of github.com and flags any secrets that trace back to your organization — catching the leaked-in-a-public-fork or pasted-into-a-public-issue scenarios that internal scanning misses entirely. No additional cost for GitHub Enterprise Cloud customers who already have Secret Protection or Advanced Security licenses. A few boundaries worth noting: it never scans private repos (that's existing secret scanning's job), and data-residency Enterprise Cloud support is listed as coming soon. Still, this closes a real gap — the blast radius from a secret accidentally made public is usually realized well before an internal scanner would see it.