Diese Version von GitHub Enterprise Server wird eingestellt am 2024-09-24. Es wird keine Patch-Freigabe vorgenommen, auch nicht für kritische Sicherheitsprobleme. Für bessere Leistung, verbesserte Sicherheit und neue Features aktualisiere auf die neueste Version von GitHub Enterprise Server. Wende dich an den GitHub Enterprise-Support, um Hilfe zum Upgrade zu erhalten.

Informationen zu Warnungen zur Geheimnisüberprüfung

Erfahren Sie mehr über die verschiedenen Typen von Warnungen zur Geheimnisüberprüfung.

Wer kann dieses Feature verwenden?

People with admin access to a repository can manage Warnungen zur Geheimnisüberprüfung for the repository.

Secret scanning ist für unternehmenseigene Repositories in GitHub Enterprise Server verfügbar, wenn Ihr Unternehmen eine Lizenz für GitHub Advanced Security besitzt. Weitere Informationen findest du unter Informationen zu Warnungen zur Geheimnisüberprüfung und Informationen zu GitHub Advanced Security.

In diesem Artikel

About types of alerts

There are two types of secret scanning alerts:

  • Secret scanning alerts: Reported to users in the Security tab of the repository, when a supported secret is detected in the repository.
  • Push protection alerts: Reported to users in the Security tab of the repository, when a contributor bypasses push protection.

About secret scanning alerts

When GitHub detects a supported secret in a repository that has secret scanning enabled, a secret scanning alert is generated and displayed in the Security tab of the repository.

If access to a resource requires paired credentials, then secret scanning will create an alert only when both parts of the pair are detected in the same file. This ensures that the most critical leaks are not hidden behind information about partial leaks. Pair matching also helps reduce false positives since both elements of a pair must be used together to access the provider's resource.

About push protection alerts

Push protection scans pushes for supported secrets. If push protection detects a supported secret, it will block the push. When a contributor bypasses push protection to push a secret to the repository, a push protection alert is generated and displayed in the Security tab of the repository. To see all push protection alerts for a repository, you must filter by bypassed: true on the alerts page. For more information, see "Viewing and filtering alerts from secret scanning."

If access to a resource requires paired credentials, then secret scanning will create an alert only when both parts of the pair are detected in the same file. This ensures that the most critical leaks are not hidden behind information about partial leaks. Pair matching also helps reduce false positives since both elements of a pair must be used together to access the provider's resource.

Note

Older versions of certain tokens may not be supported by push protection as these tokens may generate a higher number of false positives than their most recent version. Push protection may also not apply to legacy tokens. For tokens such as Azure Storage Keys, GitHub only supports recently created tokens, not tokens that match the legacy patterns. For more information about push protection limitations, see "Troubleshooting secret scanning."

Next steps

Further reading