GitHub token scanning
Bitrise is a partner of GitHub's secret scanning program: GitHub scans repositories for known secret formats to prevent fraudulent use of credentials that were committed accidentally.
Bitrise is a partner of GitHub's secret scanning program: GitHub scans repositories for known secret formats to prevent fraudulent use of credentials that were committed accidentally.
Bitrise uses this scanning to look for your personal access tokens and Workspace API tokens in your repositories. If a scan finds either type of token committed to your repository, Bitrise sends you both an email and an in-app notification to remove it for security reasons.
Scanning is automatically turned on if your tokens are in the correct format. No configuration is required.
Regenerating tokens
If you generated your tokens before November 2024, regenerate them to make sure they are in the correct format.
We recommend regenerating your tokens if you encounter any other issues, too.