GitHub Secret Scanning and Public Monitoring Updates
GitHub has enhanced its secret scanning capabilities with new partner integrations and expanded detection for APIclub and Resend secrets, along with default push protection for VolcEngine secrets. These updates aim to improve security by preventing data leaks for all users, including those in public repositories. The secret scanning alert webhook now includes a `secret_category` field for better alert differentiation, and the public monitoring alert list features new insight cards providing enterprise-level context.
- →Resend partnership enhances secret scanning
- →Expanded secret detection includes APIclub and VolcEngine
- →Secret category field added to webhook payload
- →Public monitoring alert list gains insight cards
Features (2) ›
- Resend partnership enhances secret scanning
GitHub has partnered with Resend, enabling secret scanning to detect Resend API keys and forward any exposed secrets found in public repositories to Resend for appropriate action. This partnership expands the protection offered by GitHub's secret scanning program.
- Expanded secret detection includes APIclub and VolcEngine
Secret scanning now automatically detects new secret types from APIclub (apiclub_api_key) and now blocks VolcEngine secrets (volcengine_ark_api_key) with push protection by default. This broadens the scope of secrets that GitHub can identify and protect.
Enhancements (2) ›
- Secret category field added to webhook payload
The `secret_scanning_alert` webhook payload now includes a `secret_category` field, allowing users to distinguish between 'default' (provider and custom patterns) and 'generic' (general and AI-detected secrets) detections. This simplifies integration with user-defined automation and reporting.
- Public monitoring alert list gains insight cards
The public monitoring alert list now displays new insight cards at the top, offering context on associated leaks by attribution, enterprise member count, and verified domains. These insights help security teams gauge exposure scope and understand how leaks reach their enterprise directly from the alert list.
https://github.blog/changelog/2026-07-15-improvements-to-secret-scanning-and-public-monitoring
Related releases
- GitHub Projects Advanced Search Generally Available GitHub Changelog ·
- GitHub admins can archive pull requests GitHub Changelog ·
- Xcode 27 runner image now in public preview on GitHub GitHub Changelog ·
- GitHub Enterprise Cloud adds REST API for Visual Studio Subscriptions GitHub Changelog ·
- GitHub Copilot for JetBrains Adds BYOK Custom Endpoints and Plugin Management GitHub Changelog ·
- GitHub Copilot for Visual Studio: June Update Includes Usage Tracking and C++ Modernization GitHub Changelog ·