Public GitHub Repository Scan (Beta)

Overview

WhiteIntel’s Public GitHub Repository Scan feature helps detect exposed secrets, credentials, and sensitive information in public GitHub repositories. This extends your visibility beyond the dark web by monitoring open-source code bases for potential leaks that could compromise your organization or clients.

The scanner analyzes all branches and complete commit history of each repository to identify exposures early and reduce the risk of source code–based breaches.

⚠️ Currently available in Beta for Enterprise and Threat Intelligence license holders.

Availability by License

How It Works

Once enabled, WhiteIntel connects to our GitHub scanning engine and performs a full inspection of the selected repositories:

1. Crawls all branches and commit history for the specified public repository

2. Applies secret-detection rules (API keys, tokens, credentials, configuration leaks, etc.)

3. Correlates findings with WhiteIntel’s threat intelligence pipeline

4. Displays the results in your dashboard and provides CSV export for further analysis

Each finding includes:

• Repository name and branch

• File path and affected lines

• Commit hash, author, and timestamp

• Detected rule ID and matched pattern

• Secrets

How to Use

Access

1. Log in to your WhiteIntel dashboard.

2. Go to Watchlists → GitHub Repository type.

3. Click Add Identifier.

4. Enter the public repository URL (e.g., https://github.com/organization/repo-name.git).

5. Confirm to start scanning.

Viewing Results

• Scan results appear under the Watchlist Events section with file paths, commit metadata, and matched secret patterns.

• You can export the results as a CSV file by clicking Download CSV in the sidebar.

• Results are updated periodically as new commits are detected.