[eax-eip]

Most of these (even sometimes expensive) tools only look at repos and users who are associated with the company’s GitHub org, which barely solves the problem. The much harder problem is the number of corporate secrets that are on random repositories (personal dotfiles, automations, data science scripts, etc.) across GitHub with no strong relationship to the organization. Try using GitHub Code Search to find all the Fastly API tokens that have been leaked, for example, and I bet you’d find some wild stuff.

[lumberjack24]

GitGuardian actually does this, it monitors an extended perimeter of devs and their personal/open-source repos for corporate secrets or keywords – https://www.gitguardian.com/monitor-public-github-for-secret...

[sidewndr46]

Yeah, because as an employee what I totally want is my employer to monitor my every digital move outside of work!

[elguyosupremo]

Make a private repo. I wouldn't blame a corp if they tried to scan every public github repo for their API keys, let alone an employee's public account.