NEW! Enterprise Buyer's Guide for Secrets Detection Platform


Good Samaritan Program

If you are on this page, then you most likely came here from a link in an email we sent you

It happens to almost every developer sooner or later.

It is all too easy to accidentally commit a hardcoded credential and accidentally push it to a public GitHub repo.

secrets secret

for public good

Potential issue

false positives

This is a free service provided for the public good.

Part of what we do for clients is monitor GitHub public repositories looking for times when their code and secrets have leaked.

If we find any other secrets along the way, we feel it is in the best interest of the security of the internet overall to make the committer aware this has happened. 

We at GitGuardian wanted to give every developer a heads up about potential issue.

As you likely already know, once any hardcoded credentials are exposed in a public repository, it can take only a few minutes for bots to find and start trying to exploit them.

Like all tech, we occasionally miss the mark and might have detected something that is not a sensitive secret.

We strive to do better and would love your feedback if this was a false positive. Thanks for your help in improving our efforts to protect public GitHub users.

Arrow left
Arrow right

Every git commit contains a full compressed version of each file that was modified.

This means just removing a secret from the next commit does not remove the credential from the repo.  

We recommend treating every credential committed in public as a compromised credential and rotating it as soon as possible.

Read more about removing a commit from your git history.

Here is what other developers have had to say about our outreach✨✨️