GitHub Adds PyPI As Its Latest Secret Scanning Integrator

Now GitHub will scan every commit to a public repository for exposed PyPI API tokens.

Recently, GitHub announced that it is collaborating with the Python Package Index (PyPI) to help protect users from leaked PyPI API tokens.

According to the announcement, from now, GitHub will scan every commit to a public repository for exposed PyPI API tokens. It will forward any tokens it finds to PyPI, which will automatically disable them and notify their owners. This end-to-end process takes just a few seconds.

Source: GitHub

GitHub said that PyPI is the latest GitHub secret scanning integrator. GitHub has already collaborated with 35 token issuers, since 2018, to help keep their customers safe. The company continues to welcome new integrators for public repo secret scanning.

Not only this, but GitHub Advanced Security customers can now also scan their private repositories for leaked secrets.

GitHub's Secret scanning is automatically enabled on public repositories. If you push to a public repository, it scans the content of the commits for secrets. Also, if you switch a private repository to public, the service scans the entire repository for secrets.