Skip to main content

Non-provider patterns

Secret scanning can also alert you to the potential use of other types of secret in code, for example: HTTP authentication headers, connection strings, and private keys. These non-provider patterns are more difficult to detect reliably so this feature is not enabled by default.

Who can use this feature?

Secret scanning is available for the following repositories:

  • Organization-owned repositories with GitHub Advanced Security enabled
  • User-owned repositories for an enterprise with GitHub Advanced Security enabled

Enabling secret scanning for non-provider patterns

You can enable secret scanning to detect additional potential secrets at the repository level.