GitHub MCP Server Adds Secret Scanning to Catch Credentials Before Commits

Mar 20, 2026 · Updated Apr 25, 2026

GitHub MCP Server added secret scanning to its toolset, letting coding agents check current changes for exposed credentials before any commit or pull request. When triggered, the agent sends the code to GitHub's secret scanning engine and receives structured results — the exact files and line numbers where secrets appear.

This brings credential detection into the MCP layer, so the check runs inline with the coding session rather than as a post-commit afterthought. Repos need GitHub Secret Protection enabled, and the feature works across MCP-compatible IDEs including GitHub Copilot CLI and VS Code with the optional Advanced Security plugin.

Ask your coding agent to scan current changes before committing — any flagged secrets show up with enough detail to fix them in place.

View the full update on github.blog

GitHub Changelog

@GHchangelogMar 19

The GitHub MCP Server now scans code changes for exposed secrets before commits or PRs. • This feature is in public preview for repos with GitHub Secret Protection enabled. https://t.co/lv3RJWNrU0

View on X

Keep reading

Keep reading

GitHub enables custom agents and reusable skills in Visual Studio

Chrome DevTools Launches MCP Server for AI Agent Browser Debugging

GitHub Copilot Now Connects to Figma via Bidirectional MCP Server

CopilotKit Launches MCP Server to Equip Coding Agents With Framework Expertise

Keep reading

GitHub enables custom agents and reusable skills in Visual Studio

Chrome DevTools Launches MCP Server for AI Agent Browser Debugging

GitHub Copilot Now Connects to Figma via Bidirectional MCP Server

CopilotKit Launches MCP Server to Equip Coding Agents With Framework Expertise