Skip to content

Github Secrets Agent

Overview

The GitHub Secret Scanning Agent is an official Faraday agent that automatically imports exposed secrets detected by GitHub into your Faraday workspace. This allows security teams to centralize and track leaked credentials alongside the rest of their vulnerabilities, without requiring manual checks inside GitHub.

This agent does not perform the secret scan itself. Instead, it retrieves results from GitHub’s built-in Secret Scanning feature and converts them into Faraday-compatible vulnerabilities.

Parameters

When setting up the agent, you must provide the following parameters:

  • GITHUB_TOKEN: The authentication token
  • GITHUB_OWNER: Organization or user that owns the repository

When running the Agent, you must provide the following parameters:

  • GITHUB_REPOSITORY: Repository name to retrieve data from

Notes

The agent only imports open GitHub Secret Scanning alerts, since resolved or revoked findings no longer represent an active exposure.
Because GitHub does not provide severity values, all imported secrets are assigned High severity.
Each vulnerability is tagged with secret_detection, along with any additional tags defined by the user.