Work with Github to add token scanning

Comments

2 comments

  • Kelwing

    IP whitelisting on bot accounts would be a better solution to this issue, imo.

  • Frikandel

    More documentation from Github: https://developer.github.com/partnerships/token-scanning/

    Seems fairly straight forward.

    @Kelwing that would be a good extra measure. I still don't think you want tokens to be public. You also can't force everyone to have IP restrictions, that would introduce a whole new set of issues. 

Please sign in to leave a comment.