GitHub already has a program to scan for keys, since publishing Discord tokens by mistake used to get the token immediately revoked and a DM from the system account saying why
I thought there were many first and third party services looking for this kind of thing (AWS, Github, GWS, crypto, etc tokens). Seems weird that a F500 company repo was not receiving the regular, let alone extra deep scanning which could have trivially found these.
There was a recent post from someone who made the realization that most of these scanning services only investigate the main branch. Extra gold in them hills if you also consider development branches.
3eb7988a1663|2 months ago
There was a recent post from someone who made the realization that most of these scanning services only investigate the main branch. Extra gold in them hills if you also consider development branches.
rao-v|2 months ago
Thought the mechanism was a little unclear in your specific example - did Github revoke Discord tokens?