启用机密扫描功能
了解如何启用 secret scanning 来检测存储库中已显示的机密,以及如何通过阻止包含机密的推送来主动防止泄露其他机密的推送保护。
谁可以使用此功能?
Secret scanning alerts for partners runs automatically on public repositories and public npm packages to notify service providers about leaked secrets on GitHub.
Secret scanning alerts for users are available for user-owned public repositories for free. Organizations using GitHub Enterprise Cloud with a license for GitHub Advanced Security can also enable secret scanning alerts for users on their private and internal repositories. Additionally, secret scanning alerts for users are available and in beta on user-owned repositories for GitHub Enterprise Cloud with Enterprise Managed Users. For more information, see "About secret scanning alerts" and "About GitHub Advanced Security."
For information about how you can try GitHub Advanced Security for free, see "Setting up a trial of GitHub Advanced Security."
为存储库启用机密扫描
可以配置 GitHub 如何扫描存储库中遭到泄露的机密并生成警报。
为存储库启用推送保护
通过推送保护,secret scanning 会阻止参与者将机密推送到存储库,并在参与者绕过该阻止时生成警报。
为存储库启用有效性检查
对存储库启用有效性检查有助于确定警报修正的优先级,因为该检查会告知机密是处于活动状态还是非活动状态。