GitHub Secret Scanning Public Monitoring for Enterprises Now in Preview
GitHub Secret Scanning now offers public monitoring in public preview for enterprises, at no additional cost, to detect secret leaks across the entire public surface of GitHub.com. This feature attributes leaks back to your enterprise based on committer identity and verified domains, helping organizations respond to vulnerabilities exposed beyond their own repositories. Public monitoring is enabled by default for enterprise owners and security managers, providing real-time insights without requiring setup.
- →Public monitoring for secret leaks across GitHub.com
- →Real-time attribution of leaked secrets to enterprises
- →Public monitoring available in public preview at no additional cost
- →Enabling and accessing public monitoring insights
Features (2) ›
- Public monitoring for secret leaks across GitHub.com
GitHub Secret Scanning's new public monitoring feature detects leaked secrets in real-time across all public content on GitHub.com, including git content, issues, and pull requests. This aims to help enterprises identify and respond to secret exposures that occur outside their directly managed repositories.
- Real-time attribution of leaked secrets to enterprises
The feature attributes leaked secrets found in public content back to the relevant enterprise using GitHub's identity layer and verified domain matching. This native attribution provides definitive insights, unlike less precise methods, enabling faster response to security risks.
Notes (2) ›
- Public monitoring available in public preview at no additional cost
Public monitoring for GitHub Secret Scanning is now available in public preview for enterprises utilizing GitHub Secret Protection. The feature is provided at no additional cost and requires no setup or configuration to start identifying leaked secrets.
- Enabling and accessing public monitoring insights
Enterprise owners and security managers can enable public monitoring via the Security tab within their enterprise settings. Once enabled, users can view recently leaked secrets and will begin receiving scans for future matches.
https://github.blog/changelog/2026-07-01-secret-scanning-public-monitoring-for-enterprises