Non-provider patterns
Secret scanning can also alert you to the potential use of other types of secret in code, for example: HTTP authentication headers, connection strings, and private keys. These non-provider patterns are more difficult to detect reliably so this feature is not enabled by default.
Who can use this feature?
Secret scanning is available for organization-owned repositories, and in beta for user-owned repositories in GitHub Enterprise Server if your enterprise has a license for GitHub Advanced Security. For more information, see "About secret scanning alerts" and "About GitHub Advanced Security."
Enabling secret scanning for non-provider patterns
You can enable secret scanning to detect additional potential secrets at the repository and organization levels.