[AlbertVAustin]

Any string that matches access token regexp provided by Tencent (see https://docs.github.com/en/developers/overview/secret-scanni...).

[Pathogen-David]

For public repositories only though. For private repos it's optional, and when enabled the repo admins get an alert to handle it themselves without it going to the vendor.

[plugin-baby]

    .*

;-)

[ilyt]

So it is just one bad regexp away from sending them other companies secrets

[mukesh610]

I don't see what your comment is trying to point out.

The same could be said for all the other Secret Scanning partners GitHub has, like AWS and so on.

That being said, it's impossible that a "bad regexp" is gonna make its way to the GitHub codebase.