The GitHub MCP Server now scans code changes for exposed secrets before commits or PRs. • This feature is in public preview for repos with GitHub Secret Protection enabled. https://t.co/lv3RJWNrU0
GitHub MCP Server Adds Secret Scanning to Catch Credentials Before Commits
· Updated
The GitHub MCP Server now detects exposed secrets in code changes before commits or PRs. Coding agents invoke the scanning directly, returning exact file locations of any credentials found. In public preview for repos with GitHub Secret Protection enabled.
This brings credential detection into the MCP layer, so the check runs inline with the coding session rather than as a post-commit afterthought. Repos need GitHub Secret Protection enabled, and the feature works across MCP-compatible IDEs including GitHub Copilot CLI and VS Code with the optional Advanced Security plugin.
Ask your coding agent to scan current changes before committing — any flagged secrets show up with enough detail to fix them in place.
Every HeadsUpAI update is written based on its original source and reviewed before it's published. Read our editorial standards →

