🔍 Secret Scanning REST API: New Response Fields Now Generally Available

[ghostinhershell]

GitHub has announced the general availability of two new features in the secret scanning REST API: first_location_detected and has_more_locations.

What’s New?

• The REST API now includes the first_location_detected field, which allows you to see the first detected location of a secret within a file, along with its commit SHA.
• The API also adds the has_more_locations field, making it clear if a secret appears in multiple locations.

Who is Impacted?

• GitHub Advanced Security customers who use the secret scanning REST API to monitor and manage secret exposures in their repositories.

How Does This Help?

• These improvements make it easier to quickly find where a secret was first detected and to know if there are other locations to review.
• They streamline the process of identifying, investigating, and remediating secret leaks, helping you keep your code and credentials secure.

Learn More

For more details, check out the GitHub Blog Changelog post.

---

Questions or Feedback?

Are you using these new REST API features, or do you have questions about secret scanning in your repositories? Share your feedback and experiences below! If you found this post from the Blog article, you’re in the right place to connect with the GitHub Community team and product experts.

Let’s work together to keep your secrets secure!