Newsletter Alerts
github GitHub Changelog ·

GitHub Secret Scanning Enhancements in June 2026

securityinfraengineer
feature patch

GitHub has updated its secret scanning capabilities with expanded detection coverage, including new partners like Cloudsmith and Meraki, and enhanced GitLab token support. Push protection now defaults to blocking more secret types, improving security for all repositories. Additionally, validity checks and richer metadata have been added for certain leaked credentials, aiding faster remediation for affected users.

  • Expanded secret detection with new partners and providers
  • Push protection now defaults to blocking more secret types
  • Added validity checks for increased credential remediation efficiency
  • Richer metadata provided for detected leaked secrets
Features (2)
  • Expanded secret detection with new partners and providers

    Secret scanning now automatically detects new secret types from partners including Cloudsmith, Meraki, Elastic, Slack, Supabase, DataDog, and VolcEngine. This release significantly expands GitLab token coverage. Partner secrets found in public repositories are automatically reported to the issuer.

  • Push protection now defaults to blocking more secret types

    Commits containing several new secret types, including Cloudflare, Cockroach Labs, Flutterwave, Hack Club, OpenRouter, PostHog, and Supabase secrets, are now automatically blocked by push protection by default. This applies to repositories with secret scanning enabled, including free public repositories.

Enhancements (2)
  • Added validity checks for increased credential remediation efficiency

    Secret scanning now supports validity checks for credentials from providers such as Alibaba, Azure, Coveo, Databricks, Salesforce, and Shopify. This feature helps users determine if a leaked credential is still active, allowing for prioritized remediation efforts.

  • Richer metadata provided for detected leaked secrets

    Extended metadata support has been implemented for secrets from providers including Airtable, Grafana, npm, and xAI. This provides more context about leaked secrets, assisting users in understanding and managing the implications of exposed credentials.

Read the original announcement →

https://github.blog/changelog/2026-06-17-secret-scanning-updates-june-2026