Using advanced secret scanning and push protection features
Learn how you can customize secret scanning to meet the needs of your company.
Who can use this feature?
Secret scanning is available for the following repositories:
- Public repositories (for free)
- Private and internal repositories in organizations using GitHub Enterprise Cloud with GitHub Advanced Security enabled
- User-owned repositories for GitHub Enterprise Cloud with Enterprise Managed Users
Excluding folders and files from secret scanning
You can customize secret scanning to exclude directories or files from analysis, by configuring a secret_scanning.yml file in your repository.
Non-provider patterns
Secret scanning can also alert you to the potential use of other types of secret in code, for example: HTTP authentication headers, connection strings, and private keys. These non-provider patterns are more difficult to detect reliably so this feature is not enabled by default.
Custom patterns
You can extend the capabilities of secret scanning to search for your own patterns. These custom patterns can range from your service API keys to connection strings into cloud resources.
Delegated bypass for push protection
You can control the ability to bypass push protection by setting up a reviewers group to assess requests. When a contributor proposes bypassing protections, any member of the bypass list can approve or block the request.