Introduction to secret scanning
Learn how secret scanning detects secrets in existing content and new commits, helping you to avoid exposing sensitive data that could be exploited.
Who can use this feature?
Secret scanning is available for the following repositories:
- Public repositories (for free)
- Private and internal repositories in organizations using GitHub Enterprise Cloud with GitHub Advanced Security enabled
- User-owned repositories for GitHub Enterprise Cloud with Enterprise Managed Users
About secret scanning
GitHub Enterprise Cloud scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally.
About push protection
Push protection blocks contributors from pushing secrets to a repository and generates an alert whenever a contributor bypasses the block. Push protection can be applied at the repository, organization, and user account level.
About secret scanning for partners
When secret scanning detects authentication details for a service provider in a public repository on GitHub, an alert is sent directly to the provider. This allows service providers who are GitHub partners to promptly take action to secure their systems.
Supported secret scanning patterns
Lists of supported secrets and the partners that GitHub works with to prevent fraudulent use of secrets that were committed accidentally.