Skip to main content

Working with secret scanning and push protection

Secret scanning scans for and detects secrets that have been checked into a repository. Push protection proactively secures you against leaking secrets by blocking pushes containing secrets.

Who can use this feature?

Secret scanning is available for the following repositories:

  • Public repositories (for free)
  • Private and internal repositories in organizations using GitHub Enterprise Cloud with GitHub Advanced Security enabled
  • User-owned repositories for GitHub Enterprise Cloud with Enterprise Managed Users

Push protection for users

With push protection for users, you are automatically protected on all pushes to public repositories across GitHub Enterprise Cloud.

Working with push protection from the command line

Learn your options for unblocking your push from the command line to GitHub if secret scanning detects a secret in your changes.

Working with push protection from the REST API

Learn your options for unblocking your push to GitHub using the REST API if secret scanning detects a secret in the content of your API request.

Working with push protection in the GitHub UI

Learn your options for unblocking your commit when secret scanning detects a secret in your changes.