What is the purpose of Secret Scanning in GAS?

Secret Scanning in GAS is about detecting leaked credentials in code, commits, and history to prevent credential exposure. It continuously scans repository content for patterns that resemble API keys, tokens, or other sensitive secrets. When a secret is detected, it raises alerts to the repository maintainers or security team, enabling rapid actions like rotating or revoking the credential and removing the secret from history. This helps reduce the risk of credential compromise, especially in public repositories or large teams with many contributors. It’s not about licensing issues, outdated dependencies, or performance analysis—those are handled by separate features focused on licenses, dependencies, and performance, respectively. The emphasis here is catching secrets early to prevent them from being misused.