eScan has announced the deployment of GitHub Tenant Control within its Enterprise DLP platform, addressing a long-standing access control gap for organisations using GitHub Team or Organisation plans that lack enterprise-grade authentication controls.
The move targets a common enterprise pain point: controlling how employees access source code repositories on GitHub without forcing a costly upgrade to GitHub Enterprise. While GitHub Enterprise includes native SAML single sign-on and centralised tenant controls, many organisations opt for lower-cost Team plans, leaving gaps in visibility and enforcement.
Why the gap matters
Recent incidents underline the risk. In mid-2024, a leaked GitHub token reportedly exposed large volumes of proprietary source code at Mercedes-Benz. Earlier, credentials linked to The New York Times were inadvertently exposed, with code later appearing on public forums. In March 2025, the widely used tj-actions/changed-files compromise exposed CI/CD secrets across more than 23,000 repositories.
At the root is GitHub’s pricing structure. Team plans, widely used for cost reasons, do not include native tenant enforcement, allowing access via personal credentials or third-party identity providers such as Google, Microsoft or Apple—outside corporate oversight.
“Organisations face an impossible choice,” said Govind Rammurthy, chief executive officer and managing director at eScan. “Either pay significantly more for GitHub Enterprise just to enforce access controls, or accept the risk of unmonitored personal access. GitHub Tenant Control removes that trade-off.”
How the solution works
The new capability in eScan Enterprise DLP enforces tenant-level authentication regardless of the GitHub plan in use. When a user attempts to sign in with personal credentials or third-party SSO, eScan intercepts and blocks the attempt. Access is permitted only through corporate domain credentials, preserving developer workflows while restoring visibility, auditability and control.
“It’s not about replacing GitHub’s Enterprise security features,” said Shweta Thakare, vice president of global sales at eScan. “It’s about extending enterprise-grade enforcement to Team and Organisation users—and adding defence-in-depth for Enterprise customers who want stricter controls.”
Compliance and cloud-wide enforcement
The timing is significant. GitHub disclosed that 39 million secrets were leaked across the platform in 2024, and regulatory pressure—particularly under India’s Digital Personal Data Protection (DPDP) Act—has elevated source code repositories to a frontline compliance concern.
GitHub Tenant Control integrates with eScan’s broader Workspace Tenant Control framework, which already governs authentication across platforms including Google Workspace, Microsoft 365, Dropbox, Atlassian, Slack, Webex and ChatGPT. This unified approach allows organisations to apply consistent authentication policies across their cloud application estate from a single DLP console.
By closing a critical control gap without forcing an Enterprise upgrade, eScan is positioning its DLP platform as a pragmatic layer of governance for organisations balancing cost, security and compliance in modern developer environments.