Note: Your site administrator must enable secret scanning for your GitHub Enterprise Server instance before you can use this feature. For more information, see "Configuring secret scanning for your appliance."
Enabling secret scanning for repositories
You can enable secret scanning for any repository that is owned by an organization. Once enabled, secret scanningはGitHubリポジトリ中に存在するすべてのブランチのGit履歴全体に対して、あらゆるシークレットをスキャンします。
-
your GitHub Enterprise Server instanceで、リポジトリのメインページにアクセスしてく� さい。
-
リポジトリ名の下で Settings(設定)をクリックしてく� さい。
-
左のサイドバーで、Security & analysis(セキュリティと分析)をクリックしてく� さい。
-
To the right of "Secret scanning", click Enable.
Excluding alerts from secret scanning in repositories
You can use a secret_scanning.yml file to exclude directories from secret scanning. For example, you can exclude directories that contain tests or randomly generated content.
-
your GitHub Enterprise Server instanceで、リポジトリのメインページにアクセスしてく� さい。
-
ファイルのリストの上で、Add file(ファイルの追� )ドロップダウンを使い、Create new file(新規ファイルの作成をクリックしてく� さい。
-
In the file name field, type .github/secret_scanning.yml.
-
Under Edit new file, type
paths-ignore:
followed by the paths you want to exclude from secret scanning.paths-ignore: - "foo/bar/*.js"
You can use special characters, such as
*
to filter paths. For more information about filter patterns, see "Workflow syntax for GitHub Actions."Notes:
- If there are more than 1,000 entries in
paths-ignore
, secret scanning will only exclude the first 1,000 directories from scans. - If secret_scanning.yml is larger than 1 MB, secret scanning will ignore the entire file.
- If there are more than 1,000 entries in
You can also ignore individual alerts from secret scanning. For more information, see "Managing alerts from secret scanning."