Using advanced secret scanning and push protection features
Learn how you can customize secret scanning to meet the needs of your company.
Who can use this feature?
Secret scanning alerts for partners runs automatically on public repositories and public npm packages to notify service providers about leaked secrets on GitHub.
Secret scanning alerts for users are available for public repositories for free. Organizations using GitHub Enterprise Cloud with a license for GitHub Advanced Security can also enable secret scanning alerts for users on their private and internal repositories. For more information, see "About secret scanning alerts" and "About GitHub Advanced Security."
For information about how you can try GitHub Enterprise with GitHub Advanced Security for free, see "Setting up a trial of GitHub Enterprise Cloud" and "Setting up a trial of GitHub Advanced Security" in the GitHub Enterprise Cloud documentation.
Excluding folders and files from secret scanning
You can customize secret scanning to exclude directories or files from analysis, by configuring a secret_scanning.yml file in your repository.
Generic secret detection
You can use AI in combination with secret scanning to detect unstructured passwords in git content.
Custom patterns
You can extend the capabilities of secret scanning to search for your own patterns. These custom patterns can range from your service API keys to connection strings into cloud resources.