GitHub's "Secret Scanning Partner Program" seems dope, is there some catch? Why don't more companies use this?

Auto-invalidating committed secrets sounds awesome and we're probably adding this to UploadThing

Source: x.com/t3dotgg/status/1820633453718851928