Introduction to secret scanning

Learn how secret scanning detects secrets in existing content and new commits, helping you to avoid exposing sensitive data that could be exploited.

Who can use this feature?

Secret scanning alerts for partners runs automatically on public repositories and public npm packages to notify service providers about leaked secrets on GitHub.

Secret scanning alerts for users are available for public repositories for free. Organizations using GitHub Enterprise Cloud with a license for GitHub Advanced Security can also enable secret scanning alerts for users on their private and internal repositories. For more information, see "About secret scanning alerts" and "About GitHub Advanced Security."

For information about how you can try GitHub Enterprise with GitHub Advanced Security for free, see "Setting up a trial of GitHub Enterprise Cloud" and "Setting up a trial of GitHub Advanced Security" in the GitHub Enterprise Cloud documentation.

About secret scanning

GitHub scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally.

About push protection

Push protection blocks contributors from pushing secrets to a repository and generates an alert whenever a contributor bypasses the block. Push protection can be applied at the repository, organization, and user account level.

About secret scanning for partners

When secret scanning detects authentication details for a service provider in a public repository on GitHub, an alert is sent directly to the provider. This allows service providers who are GitHub partners to promptly take action to secure their systems.

Supported secret scanning patterns

Lists of supported secrets and the partners that GitHub works with to prevent fraudulent use of secrets that were committed accidentally.