Palantir Joins GitHub’s Token Scanning Program

We are excited to announce we’ve partnered with GitHub as part of their token scanning program. This program will help us better protect our customers by discovering and revoking Palantir product tokens accidentally committed to GitHub.com.

Accidental leakage of authentication and security tokens into source code repositories are an unfortunate reality and, if undetected, can result in substantial security incidents and breaches. In fact, attackers have a variety of tools to discover these accidental leaks — and can find and abuse unrevoked tokens within a handful of minutes! To help protect our customers from these types of attacks, we have joined forces with GitHub to proactively search for and revoke keys and tokens associated with Palantir software products within minutes of being published to GitHub.com.

While this project has been in the works for some time, we have accelerated implementation and deployment as part of our commitment to safeguarding our customers and their data, especially during this time of unprecedented urgency.

We want to thank GitHub for building this program and working with us through this process. We highly encourage broader participation from other organizations and hope this becomes a standard security feature for all SaaS providers.

This is just one of the many ways Palantir’s InfoSec team is continually raising the bar of security for our organization and our customers. To learn about Palantir’s InfoSec team, visit our website.