Viewing and filtering alerts from secret scanning

Learn how to find and filter secret scanning alerts for users for your repository.

Who can use this feature?

People with admin access to a public repository can view secret scanning alerts for users for the repository.

Secret scanning alerts for partners runs automatically on public repositories and public npm packages to notify service providers about leaked secrets on GitHub.

Secret scanning alerts for users are available for public repositories for free. Organizations using GitHub Enterprise Cloud with a license for GitHub Advanced Security can also enable secret scanning alerts for users on their private and internal repositories. For more information, see "About secret scanning alerts" and "About GitHub Advanced Security."

For information about how you can try GitHub Enterprise with GitHub Advanced Security for free, see "Setting up a trial of GitHub Enterprise Cloud" and "Setting up a trial of GitHub Advanced Security" in the GitHub Enterprise Cloud documentation.

About the secret scanning alerts page

When you enable secret scanning for a repository or push commits to a repository with secret scanning enabled, GitHub scans the contents for secrets that match patterns defined by service providers.

When secret scanning detects a secret, GitHub generates an alert. GitHub displays an alert in the Security tab of the repository.

Viewing alerts

Alerts for secret scanning are displayed under the Security tab of the repository.

On GitHub, navigate to the main page of the repository.
Under the repository name, click Security. If you cannot see the "Security" tab, select the dropdown menu, and then click Security.
In the left sidebar, under "Vulnerability alerts", click Secret scanning.
Under "Secret scanning", click the alert you want to view.

Filtering alerts

You can apply various filters to the alerts list to help you find the alerts you're interested in. You can use the dropdown menus above the alerts list, or input the qualifiers listed in the table into the search bar.

Qualifier	Description
`is:open`	Displays open alerts.
`is:closed`	Displays closed alerts.
`bypassed: true`	Displays alerts for secrets where push protection has been bypassed. For more information, see "About push protection."
`validity:active`	Displays alerts for secrets that are known to be active. Applies to GitHub tokens only. For more information about validity statuses, see "Evaluating alerts from secret scanning."
`validity:inactive`	Displays alerts for secrets that are no longer active.
`validity:unknown`	Displays alerts for secrets where the validity status of the secret is unknown.
`secret-type:SECRET-NAME`	Displays alerts for a specific secret type, for example, `secret-type:github_personal_access_token`. For a list of supported secret types, see "Supported secret scanning patterns."
`provider:PROVIDER-NAME`	Displays alerts for a specific provider, for example, `provider:github`. For a list of supported partners, see "Supported secret scanning patterns."

Next steps

"Evaluating alerts from secret scanning"