Using advanced secret scanning and push protection features

Learn how you can customize secret scanning to meet the needs of your company.

Who can use this feature?

Secret scanning alerts for partners runs automatically on public repositories and public npm packages to notify service providers about leaked secrets on GitHub.

Secret scanning alerts for users are available for user-owned public repositories for free. Organizations using GitHub Enterprise Cloud with a license for GitHub Advanced Security can also enable secret scanning alerts for users on their private and internal repositories. Additionally, secret scanning alerts for users are available and in beta on user-owned repositories for GitHub Enterprise Cloud with Enterprise Managed Users. For more information, see "About secret scanning alerts" and "About GitHub Advanced Security."

For information about how you can try GitHub Advanced Security for free, see "Setting up a trial of GitHub Advanced Security."

Excluding folders and files from secret scanning

You can customize secret scanning to exclude directories or files from analysis, by configuring a secret_scanning.yml file in your repository.

Non-provider patterns

Secret scanning can also alert you to the potential use of other types of secret in code, for example: HTTP authentication headers, connection strings, and private keys. These non-provider patterns are more difficult to detect reliably so this feature is not enabled by default.

Using advanced secret scanning and push protection features

Who can use this feature?

Excluding folders and files from secret scanning

Non-provider patterns

Generic secret detection

Custom patterns

Delegated bypass for push protection