Secret scanning is adding validity check support for eight additional token types across five providers. In addition to previously announced token types, you will now see validity checks for the following token types:

Provider Pattern Validity
Doppler doppler_service_account_token
Midtrans midtrans_production_server_key
Midtrans midtrans_sandbox_server_key
Onfido onfido_live_api_token
Onfido onfido_sandbox_api_token
Postman postman_api_key
Postman postman_collection_key
Segment segment_public_api_token

What are validity checks?

Validity checks indicate if the leaked credentials are active and could still be exploited. If you’ve previously enabled validation checks for a given repository, GitHub will now automatically verify validity for alerts on supported token types. View the full list of supported secret types in our product documentation.