Secret scanning is adding validity check support for MongoDB, Meta, and Microsoft Azure. In addition to previously announced validators, GitHub now validates the following secret types:

Provider Pattern Validity
Azure microsoft_ado_personal_access_token
Azure microsoft_azure_apim_repository_key_identifiable
Azure microsoft_azure_maps_key
Azure microsoft_azure_entra_id_token
Meta facebook_very_tiny_encrypted_session
MongoDB mongodb_atlas_db_uri_with_credentials

What are validity checks?

Validity checks indicate if the leaked credentials are active and could still be exploited. If you’ve previously enabled validity checks for a given repository, GitHub will now automatically verify validity for alerts on supported token types. View the full list of supported secret types in our product documentation.