Skip to main content

Enabling secret scanning features

Learn how to enable secret scanning to detect secrets that are already visible in a repository, as well as push protection to proactively secure you against leaking additional secrets by blocking pushes containing secrets.

Who can use this feature?

Secret scanning is available for the following repositories:

  • Public repositories (for free)
  • Private and internal repositories in organizations using GitHub Enterprise Cloud with GitHub Advanced Security enabled
  • User-owned repositories for GitHub Enterprise Cloud with Enterprise Managed Users

Enabling secret scanning for your repository

You can configure how GitHub scans your repositories for leaked secrets and generates alerts.

Enabling push protection for your repository

With push protection, secret scanning blocks contributors from pushing secrets to a repository and generates an alert whenever a contributor bypasses the block.

Enabling validity checks for your repository

Enabling validity checks on your repository helps you prioritize the remediation of alerts as it tells you if a secret is active or inactive.