GitHub MCP Server Enhances Secret Scanning and Push Protection for Public Repositories

Allison introduces major enhancements in secret scanning and push protection for the GitHub MCP server, explaining how these features help secure public repository workflows against credential leaks and prompt injection risks.

GitHub MCP Server: Secret Scanning, Push Protection, and More

Author: Allison

Overview

The GitHub MCP (Machine-Centric Platform) server now provides real-time secret scanning and push protection for all tool call inputs and outputs in public repositories. If an exposed secret is detected during a tool call, the server blocks the operation by default, providing clear details to the user and explicit bypass links for intentional overrides (except for users who have opted out of push protection, for whom bypass is unavailable).

Included Features

• Blocking and Bypass: Users can block or bypass secret-related tool call blocks in MCP, with clear responses and actionable options. Accounts opted out of push protection cannot bypass the block.
• Agent-Friendly Feedback: The server returns clear, machine-usable responses for integrating with agent workflows.

Security Impact: Defending Against Prompt Injection

Prompt injection attacks have exploited public content (e.g., READMEs, issues, PR comments) to trick agents into revealing credentials via tool calls. The new secret scanning mechanism inspects data flowing to and from public repositories, helping to cut off a frequent credential exfiltration path before secrets escape your control.

Benefits

• Addresses Major Secret-Leak Vector: Prevents tool-call payloads with exposed secrets from being processed in public workflows (both reading and writing).
• Reduces Prompt Injection Exposure: Prevents prompt-injected attempts to exfiltrate tokens via tool arguments or responses.

Availability & Licensing

• Scope: Only for public repository tool calls.
• Free: No Copilot or GitHub Secret Protection license required.
• Private Repo Support: Upcoming for users with GitHub Secret Protection licenses.

Limitations

• The system cannot prevent all types of data leaks (e.g., non-secret information, model-only behaviors, or unscanned channels).
• Users should maintain strong security hygiene: use least-privilege tokens and rotate credentials regularly.

Official documentation provides further details.

Community

• Join community discussion and feedback in Copilot Conversations.

---

Additional MCP Server Improvements (Remote & Local)

• GitHub Actions Toolset: Agents can discover, dispatch, monitor, and debug GitHub Actions workflows more effectively.
• Gist Toolset: Create and share snippets and artifacts without modifying repositories.
• Sub-issues Tools: Commands such as add_sub_issue, list_sub_issues, remove_sub_issue, and reprioritize_sub_issue streamline issue management.
• Pull Request Workflow Upgrades: Features like update_pull_request to toggle drafts and manage reviewers.
• Org-wide Discussions: Enhanced discussion management with richer data fields and sorting.
• GraphQL & Pagination: Issue listing upgraded from REST to GraphQL; robust pagination across tools.
• Improved File Retrieval: Better path matching, default directory handling, and SHA support in content retrieval.
• Search Enhancements: Separate search tools for issues, pull requests, organizations, and users; improved search parameter clarity.

Find more on all changes and improvements in the GitHub MCP Server releases page.

This post appeared first on “The GitHub Blog”. Read the entire article here