Configuring secret scanning for your appliance

You can enable, configure, and disable secret scanning for your GitHub Enterprise Server instance. Secret scanning allows users to scan code for accidentally committed secrets.

Secret scanning is available if you have a license for GitHub Advanced Security. Weitere Informationen findest Du unter „Informationen zu GitHub Advanced Security“.

Note: Secret scanning for organization-owned repositories is currently in beta and subject to change.

Informationen zu secret scanning

If someone checks a secret with a known pattern into a repository on GitHub Enterprise Server, secret scanning catches the secret as it's checked in, and helps you mitigate the impact of the leak. Repository administrators are notified about any commit that contains a secret, and they can quickly view all detected secrets in the Security tab for the repository. For more information, see "About secret scanning."

Prerequisites for secret scanning

  • The SSSE3 (Supplemental Streaming SIMD Extensions 3) CPU flag needs to be enabled on the VM/KVM that runs your GitHub Enterprise Server instance.

  • A license for GitHub Advanced Security

  • Secret scanning enabled in the management console (see "Enabling GitHub Advanced Security for your enterprise")

Checking support for the SSSE3 flag on your vCPUs

The SSSE3 set of instructions is required because secret scanning leverages hardware accelerated pattern matching to find potential credentials committed to your GitHub repositories. SSSE3 is enabled for most modern CPUs. You can check whether SSSE3 is enabled for the vCPUs available to your GitHub Enterprise Server instance.

  1. Connect to the administrative shell for your GitHub Enterprise Server instance. Weitere Informationen findest Du unter "Auf die administrative Shell (SSH) zugreifen."
  2. Enter the following command:
grep -iE '^flags.*ssse3' /proc/cpuinfo >/dev/null | echo $?

If this returns the value 0, it means that the SSSE3 flag is available and enabled. You can now enable secret scanning for your GitHub Enterprise Server instance. For more information, see "Enabling secret scanning" below.

If this doesn't return 0, SSSE3 is not enabled on your VM/KVM. You need to refer to the documentation of the hardware/hypervisor on how to enable the flag, or make it available to guest VMs.

Checking whether you have an Advanced Security license

  1. From an administrative account on GitHub Enterprise Server, click in the upper-right corner of any page. Raumschiffsymbol für den Zugriff auf die Einstellungen des Websiteadministrators
  2. Klicke auf der linken Seitenleiste auf Managementkonsole. Registerkarte „Managementkonsole" in der linken Seitenleiste
  3. Check if there is an Advanced Security entry in the left sidebar. Advanced Security sidebar

If you can't see Advanced Security in the sidebar, it means that your license doesn't include support for Advanced Security features, including code scanning and secret scanning. The Advanced Security license gives you and your users access to features that help you make your repositories and code more secure. For more information, see "About GitHub Advanced Security" or contact GitHub's Vertriebsteam.

secret scanning aktivieren

Warning: Changing this setting will cause user-facing services on GitHub Enterprise Server to restart. You should time this change carefully, to minimize downtime for users.

  1. From an administrative account on GitHub Enterprise Server, click in the upper-right corner of any page. Raumschiffsymbol für den Zugriff auf die Einstellungen des Websiteadministrators
  2. Klicke auf der linken Seitenleiste auf Managementkonsole. Registerkarte „Managementkonsole" in der linken Seitenleiste
  3. Klicken Sie auf der linken Seitenleiste auf Advanced Security. Advanced Security sidebar
  4. Under "Advanced Security," click Secret scanning. Checkbox to enable or disable secret scanning
  5. Klicke auf der linken Seitenleiste auf Save settings (Einstellungen speichern). Die Schaltfläche „Save settings“ (Einstellungen speichern) in der Managementkonsole
  6. Warten Sie auf den Abschluss der Konfigurationsausführung.

Disabling secret scanning

Warning: Changing this setting will cause user-facing services on GitHub Enterprise Server to restart. You should time this change carefully, to minimize downtime for users.

  1. From an administrative account on GitHub Enterprise Server, click in the upper-right corner of any page. Raumschiffsymbol für den Zugriff auf die Einstellungen des Websiteadministrators
  2. Klicke auf der linken Seitenleiste auf Managementkonsole. Registerkarte „Managementkonsole" in der linken Seitenleiste
  3. Klicken Sie auf der linken Seitenleiste auf Advanced Security. Advanced Security sidebar
  4. Under "Advanced Security", unselect Secret scanning. Checkbox to enable or disable secret scanning
  5. Klicke auf der linken Seitenleiste auf Save settings (Einstellungen speichern). Die Schaltfläche „Save settings“ (Einstellungen speichern) in der Managementkonsole
  6. Warten Sie auf den Abschluss der Konfigurationsausführung.

Did this doc help you?Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Oder, learn how to contribute.