GitHub enables MCP secret scanning

GitHub just pushed one of its security tools directly into the AI coding loop. The change is simple to describe but pretty important in practice — if you use an MCP-compatible coding agent or IDE, you can now ask GitHub to scan in-progress code for exposed secrets before that code gets committed. That means keys, tokens, and credentials can get flagged while the agent is still helping you write or edit. The gap here was obvious: AI sped up code generation, but it also sped up accidental leaks. On May 5, GitHub moved this MCP-based secret scanning feature from preview to general availability. ### What is GitHub actually shipping? This is secret scanning through GitHub’s MCP server — MCP being the Model Context Protocol that lets AI tools call outside services in a structured way. Instead of waiting for a push, a pull request, or a later security scan, the agent can invoke GitHub’s scanner while code is still being worked on. GitHub says this is now generally available through the remote GitHub MCP server, after a public preview that started on March 17, 2026. ### Why does MCP matter here? Because MCP is becoming the plumbing for AI coding tools. If an IDE or agent speaks MCP, it can ask GitHub for specific actions without every vendor building a one-off integration. GitHub’s docs say the feature works with MCP-compatible clients including Visual Studio Code, JetBrains IDEs, Claude Code, Cursor, Windsurf, and GitHub Copilot CLI. So this is not just a GitHub UI feature — it is GitHub security logic exposed as a protocol tool. ### What does the scan actually check? It looks for exposed secrets in code changes — things like API keys, tokens, and credentials that should never land in a repository. The point is prevention earlier in the workflow. GitHub frames it as scanning “before you commit or open a pull request,” which is a different moment from classic repo security. Basically, the scanner is moving upstream, closer to the moment an AI agent generates or edits the risky text. ### Who can use it? There is a catch. This is available for repositories with GitHub Secret Protection enabled, and the secret-scanning tools are only available through GitHub’s remote MCP server. Local MCP server setups are not supported for this feature. So GitHub is opening the workflow, but not handing the scanning engine over to arbitrary local MCP deployments. ### Does this create normal GitHub alerts? No — and that matters more than it sounds. GitHub says findings from MCP-invoked scans are ephemeral. They show up in the agent chat for the current session, but they are not persisted as secret scanning alerts in the Security tab and do not appear through the alerts APIs. In other words, this is a just-in-time guardrail, not a new system of record. ### How does this connect to earlier GitHub MCP security work? It fits a broader pattern. Back in August 2025, GitHub added secret scanning and push-protection behavior to remote MCP tool calls for public repositories, blocking detected secrets in some agent-driven actions by default. This new release goes further by letting agents proactively scan at the edge. ### Why does this matter now? Because AI coding tools changed the failure mode. A human can still leak a token, but an agent can generate, copy, transform, and spread sensitive strings much faster. GitHub is basically betting that if AI becomes part of software creation, security has to show up in the same protocol layer and at the same moment of work. Dependency scanning also hit public preview in the GitHub MCP server on May 5, which makes the direction even clearer. ### Bottom line? This is GitHub turning secret scanning into an agent tool, not just a repository feature. That sounds incremental, but it is a real workflow change — the security check now sits beside the AI assistant while code is being written, which is exactly where more of the risk moved.