New eScan DLP Feature Blocks Unauthorized GitHub Access, Strengthening Enterprise Security

New Tenant Control feature prevents unauthorized access, helping organizations protect source code without costly upgrades.

eScan has introduced a major security upgrade for organizations using GitHub, addressing a long-standing access control gap that has put thousands of code repositories at risk. The company announced the deployment of GitHub Tenant Control within its Enterprise Data Loss Prevention (DLP) solution, allowing organizations to enforce strict authentication rules even if they are not using expensive GitHub Enterprise accounts.

Many organizations rely on GitHub Team or Organization accounts to save costs, but these accounts lack enterprise-grade access controls. This leaves sensitive repositories vulnerable when employees use personal credentials or third-party logins, such as Google, Apple, or Microsoft accounts. Past incidents, including a Mercedes-Benz GitHub token leak in 2024 and the tj-actions compromise in 2025, exposed thousands of repositories and critical credentials, highlighting the dangers of uncontrolled access.

Govind Rammurthy, CEO and Managing Director of eScan, described the challenge: “Organizations face an impossible choice. Either spend five times more for GitHub Enterprise just to get access controls, or accept the risk that employees might access your source code through personal accounts you can’t monitor or audit. eScan's GitHub Tenant Control eliminates that dilemma.”

The new feature works across all GitHub account types, Team, Organization, or Enterprise, ensuring employees can access repositories only with corporate credentials, while blocking unauthorized attempts. It integrates with eScan’s broader Workspace Tenant Control, offering consistent authentication policies across platforms like Google Workspace, Microsoft 365, Dropbox, Slack, and more.

As data compliance and security concerns grow worldwide, eScan’s solution provides organizations with a practical, cost-effective way to protect their intellectual property and maintain control over sensitive code.