github GitHub Changelog ·

GitHub Secret Scanning and Public Monitoring Updates

security
feature

GitHub has enhanced its secret scanning capabilities with new partner integrations and expanded detection for APIclub and Resend secrets, along with default push protection for VolcEngine secrets. These updates aim to improve security by preventing data leaks for all users, including those in public repositories. The secret scanning alert webhook now includes a `secret_category` field for better alert differentiation, and the public monitoring alert list features new insight cards providing enterprise-level context.

  • Resend partnership enhances secret scanning
  • Expanded secret detection includes APIclub and VolcEngine
  • Secret category field added to webhook payload
  • Public monitoring alert list gains insight cards
Features (2)
  • Resend partnership enhances secret scanning

    GitHub has partnered with Resend, enabling secret scanning to detect Resend API keys and forward any exposed secrets found in public repositories to Resend for appropriate action. This partnership expands the protection offered by GitHub's secret scanning program.

  • Expanded secret detection includes APIclub and VolcEngine

    Secret scanning now automatically detects new secret types from APIclub (apiclub_api_key) and now blocks VolcEngine secrets (volcengine_ark_api_key) with push protection by default. This broadens the scope of secrets that GitHub can identify and protect.

Enhancements (2)
  • Secret category field added to webhook payload

    The `secret_scanning_alert` webhook payload now includes a `secret_category` field, allowing users to distinguish between 'default' (provider and custom patterns) and 'generic' (general and AI-detected secrets) detections. This simplifies integration with user-defined automation and reporting.

  • Public monitoring alert list gains insight cards

    The public monitoring alert list now displays new insight cards at the top, offering context on associated leaks by attribution, enterprise member count, and verified domains. These insights help security teams gauge exposure scope and understand how leaks reach their enterprise directly from the alert list.

Read the original announcement →

https://github.blog/changelog/2026-07-15-improvements-to-secret-scanning-and-public-monitoring

Related releases