Improvement
Secret scanning adds 12 validators including Cockroach Labs, Polar, and Yandex
Secret scanning is adding validity check support for 12 additional token types across 11 providers. In addition to previously announced token types, you will now see validity checks for the following token types:
| Provider | Pattern | Validity |
|---|---|---|
| Apify | apify_api_token | ✓ |
| Asaas | asaas_api_token | ✓ |
| Cockroach Labs | ccdb_api_key | ✓ |
| Fullstory | fullstory_api_key* | ✓ |
| Grafana | grafana_cloud_api_token | ✓ |
| Polar | polar_access_token** | ✓ |
| RunPod | runpod_api_key | ✓ |
| Sourcegraph | sourcegraph_instance_identifier_access_token | ✓ |
| Sourcegraph | sourcegraph_access_token | ✓ |
| Telnyx | telnyx_api_v2_key | ✓ |
| Val Town | val_town_api_token | ✓ |
| Yandex | yandex_cloud_api_key | ✓ |
* Includes support for the Fullstory API Key Legacy and Fullstory API Key versions.
** Includes support for the Polar Access Token and Polar Legacy API Token versions.
What are validity checks?
Validity checks indicate if the leaked credentials are active and could still be exploited. If you’ve previously enabled validation checks for a given repository, GitHub will now automatically verify validity for alerts on supported token types. View the full list of supported secret types in our product documentation.