Skip to main content

Using advanced secret scanning and push protection features

Learn how you can customize secret scanning to meet the needs of your company.

Who can use this feature?

Secret scanning is available for the following repositories:

  • Public repositories (for free)
  • Private and internal repositories in organizations using GitHub Enterprise Cloud with GitHub Advanced Security enabled
  • User-owned repositories for GitHub Enterprise Cloud with Enterprise Managed Users

Excluding folders and files from secret scanning

You can customize secret scanning to exclude directories or files from analysis, by configuring a secret_scanning.yml file in your repository.

Non-provider patterns

Secret scanning can also alert you to the potential use of other types of secret in code, for example: HTTP authentication headers, connection strings, and private keys. These non-provider patterns are more difficult to detect reliably so this feature is not enabled by default.

Custom patterns

You can extend the capabilities of secret scanning to search for your own patterns. These custom patterns can range from your service API keys to connection strings into cloud resources.

Delegated bypass for push protection

You can control the ability to bypass push protection by setting up a reviewers group to assess requests. When a contributor proposes bypassing protections, any member of the bypass list can approve or block the request.