diff --git a/main.go b/main.go
index f6d21dc..2f30d22 100644
--- a/main.go
+++ b/main.go
@@ -96,6 +96,11 @@ func Scrub(argument string) string {
 	u, err := url.ParseRequestURI(argument)
 	if err == nil && u.Host != "" && contains(allowedSchemes, u.Scheme) {
 		u.Scheme = "https"
+		// Clear the user if there is no password, since the URL is usually ssh://git@github.com.
+		// The username is required to tell the server you're doing Git operations, but not needed for HTTPS.
+		if _, isSet := u.User.Password(); !isSet {
+			u.User = nil
+		}
 		return u.String()
 	}
 	if scpUrl.MatchString(argument) {
@@ -109,7 +114,12 @@ func Scrub(argument string) string {
 			// host changed, possible attack
 			return argument
 		}
-		return newUrl
+		// Clear the user if there is no password, since the URL is usually git@github.com.
+		// The username is required to tell the server you're doing Git operations, but not needed for HTTPS.
+		if _, isSet := u.User.Password(); !isSet {
+			u.User = nil
+		}
+		return u.String()
 	}
 	return argument
 }
diff --git a/main_test.go b/main_test.go
index f7ea2fd..51cb0a0 100644
--- a/main_test.go
+++ b/main_test.go
@@ -49,11 +49,15 @@ func TestScrub(t *testing.T) {
 		},
 		{
 			input:    "git@github.com:dependabot/git-https-shim",
-			expected: "https://git@github.com/dependabot/git-https-shim",
+			expected: "https://github.com/dependabot/git-https-shim",
+		},
+		{
+			input:    "ssh://user:pass@github.com/dependabot/git-https-shim",
+			expected: "https://user:pass@github.com/dependabot/git-https-shim",
 		},
 		{
 			input:    "ssh://git@github.com/dependabot/git-https-shim",
-			expected: "https://git@github.com/dependabot/git-https-shim",
+			expected: "https://github.com/dependabot/git-https-shim",
 		},
 		{
 			input:    "ssh://github.com/dependabot/git-https-shim",