About 秘密扫描 patterns
GitHub maintains two different sets of 秘密扫描 patterns:
- Partner patterns. Used to detect potential secrets in all public repositories. For details, see "Supported secrets for partner patterns."
- Advanced security patterns. Used to detect potential secrets in repositories with 秘密扫描 enabled.
Organizations using GitHub Enterprise Cloud with GitHub Advanced Security can enable > - 秘密扫描,用于高级安全 on their repositories. For details of these patterns, see the GitHub Enterprise Cloud documentation.
Supported secrets for partner patterns
GitHub currently scans public repositories for secrets issued by the following service providers. For more information about 秘密扫描合作伙伴模式, see "About 秘密扫描合作伙伴模式."
合作伙伴 | 支持的密钥 |
---|---|
Adafruit IO | Adafruit IO 密钥 |
Adobe | Adobe 设备令牌 |
Adobe | Adobe 服务令牌 |
Adobe | Adobe 短暂访问令牌 |
Adobe | Adobe JSON Web 令牌 |
Alibaba Cloud | Alibaba 云端访问密钥 ID 和访问密钥对 |
Amazon Web Services (AWS) | Amazon AWS 访问密钥 ID 和秘密访问密钥对 |
Atlassian | Atlassian API 令牌 |
Atlassian | Atlassian JSON Web 令牌 |
Azure | Azure Active Directory 应用程序密钥 |
Azure | Azure DevOps 个人访问令牌 |
Azure | Azure SAS 令牌 |
Azure | Azure 服务管理证书 |
Azure | Azure SQL 连接字符串 |
Azure | Azure 存储账户密钥 |
Checkout.com | Checkout.com 生产密钥 |
Checkout.com | Checkout.com 测试密钥 |
Clojars | Clojars 部署令牌 |
CloudBees CodeShip | CloudBees CodeShip 凭据 |
Contributed Systems | Contributed Systems 凭据 |
Databricks | Databricks 访问令牌 |
Datadog | Datadog API 密钥 |
DigitalOcean | DigitalOcean 个人访问令牌 |
DigitalOcean | DigitalOcean OAuth 令牌 |
DigitalOcean | DigitalOcean 刷新令牌 |
DigitalOcean | DigitalOcean 系统令牌 |
Discord | Discord 自动程序令牌 |
Doppler | Doppler 个人令牌 |
Doppler | Doppler 服务令牌 |
Doppler | Doppler CLI 令牌 |
Doppler | Doppler SCIM 令牌 |
Doppler | Doppler Audit 令牌 |
Dropbox | Dropbox 访问令牌 |
Dropbox | Dropbox 短暂访问令牌 |
Dynatrace | Dynatrace 访问令牌 |
Dynatrace | Dynatrace 内部令牌 |
Finicity | Finicity App 密钥 |
Frame.io | Frame.io JSON Web 令牌 |
Frame.io | Frame.io Developer 令牌 |
FullStory | FullStory API 密钥 |
GitHub | GitHub 个人访问令牌 |
GitHub | GitHub OAuth 访问令牌 |
GitHub | GitHub 刷新令牌 |
GitHub | GitHub App 安装访问令牌 |
GitHub | GitHub SSH 私钥 |
GoCardless | GoCardless 实时访问令牌 |
GoCardless | GoCardless Sandbox 访问令牌 |
Google Cloud | Google API 密钥 |
Google Cloud | Google Cloud 私钥 ID |
Hashicorp Terraform | Terraform Cloud / Enterprise API 令牌 |
Hubspot | Hubspot API 密钥 |
Ionic | Ionic 个人访问令牌 |
Ionic | Ionic 刷新令牌 |
JD Cloud | JD Cloud 访问密钥 |
线性 | 线性 API 密钥 |
线性 | 线性 OAuth 访问令牌 |
Mailchimp | Mailchimp API 密钥 |
Mailchimp | Mandril API 密钥 |
Mailgun | Mailgun API 密钥 |
MessageBird | MessageBird API 密钥 |
元数据 | Facebook Access Token |
npm | npm 访问令牌 |
NuGet | NuGet API 密钥 |
Octopus Deploy | Octopus Deploy API 密钥 |
OpenAI | OpenAI API 密钥 |
Palantir | Palantir JSON Web 令牌 |
PlanetScale | Planetscale 数据库密码 |
PlanetScale | Planetscale OAuth 令牌 |
PlanetScale | PlanetScale 服务令牌 |
Plivo | Plivo 验证 ID 和令牌 |
Postman | Postman API 密钥 |
Proctorio | Proctorio 消费者密钥 |
Proctorio | Proctorio 链接密钥 |
Proctorio | Proctorio 注册密钥 |
Proctorio | Proctorio 密钥 |
Pulumi | Pulumi 访问令牌 |
PyPI | PyPI API 令牌 |
redirect.pizza | redirect.pizza API 令牌 |
RubyGems | RubyGems API 密钥 |
Samsara | Samsara API 令牌 |
Samsara | Samsara OAuth 访问令牌 |
SendGrid | SendGrid API Key |
Sendinblue | SendinBlue API 密钥 |
Sendinblue | SendinBlue SMTP 密钥 |
Shopify | Shopify App 共享密钥 |
Shopify | Shopify 访问令牌 |
Shopify | Shopify 自定义应用访问令牌 |
Shopify | Shopify 私人应用密码 |
Slack | Slack API 令牌 |
Slack | Slack 传入 web 挂钩 URL |
Slack | Slack 工作流程 web 挂钩 URL |
SSLMate | SSLMate API 密钥 |
SSLMate | SSLMate 集群密钥 |
Stripe | Stripe Live API 密钥 |
Stripe | Stripe 测试 API 密钥 |
Stripe | Stripe Live API 限制密钥 |
Stripe | Stripe 测试 API 限制密钥 |
Supabase | Supabase 服务密钥 |
Tencent Cloud | 腾讯云密钥 ID |
Twilio | Twilio 帐户字符串标识符 |
Twilio | Twilio API 密钥 |
Typeform | Typeform 个人访问令牌 |
Valour | Valour 访问令牌 |