API tokens, passswords, private keys, environment variables - anything that should be treated as a "secret" sometimes find their way committed into source code. This can be big security problem that's difficult to unwind. Once a secret makes it into a codebase, it's visible to anyone with access to that project. Even for internal projects, this can represent a significant risk for credentials that should only be used by an individual or particular team.
These tools, in conjunction with MergeStat, allow users to report on and aggregate leaked secrets across many repos in an organization.