Enabling secret scanning features
Learn how to enable secret scanning to detect secrets that are already visible in a repository, as well as push protection to proactively secure you against leaking additional secrets by blocking pushes containing secrets.
Who can use this feature?
Secret scanning alerts for partners runs automatically on public repositories and public npm packages to notify service providers about leaked secrets on GitHub.
Secret scanning alerts for users are available for user-owned public repositories for free. Organizations using GitHub Enterprise Cloud with a license for GitHub Advanced Security can also enable secret scanning alerts for users on their private and internal repositories. Additionally, secret scanning alerts for users are available and in beta on user-owned repositories for GitHub Enterprise Cloud with Enterprise Managed Users. For more information, see "About secret scanning alerts" and "About GitHub Advanced Security."
For information about how you can try GitHub Advanced Security for free, see "Setting up a trial of GitHub Advanced Security."
Enabling secret scanning for your repository
You can configure how GitHub scans your repositories for leaked secrets and generates alerts.
Enabling push protection for your repository
With push protection, secret scanning blocks contributors from pushing secrets to a repository and generates an alert whenever a contributor bypasses the block.
Enabling validity checks for your repository
Enabling validity checks on your repository helps you prioritize the remediation of alerts as it tells you if a secret is active or inactive.