Skip to main content
Frecuentemente publicamos actualizaciones de nuestra documentación. Es posible que la traducción de esta página esté en curso. Para conocer la información más actual, visita la documentación en inglés. Si existe un problema con las traducciones en esta página, por favor infórmanos.

About secret scanning

GitHub scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally.

Escaneo de secretos para patrones asociados is automatically run on public repositories in all products on GitHub.com. Escaneo de secretos para la seguridad avanzada is available for repositories owned by organizations that use Nube de GitHub Enterprise and have a license for GitHub Advanced Security. Para obtener más información, consulta la sección "Productos de GitHub".

About escaneo de secretos

If your project communicates with an external service, you might use a token or private key for authentication. Tokens and private keys are examples of secrets that a service provider can issue. If you check a secret into a repository, anyone who has read access to the repository can use the secret to access the external service with your privileges. We recommend that you store secrets in a dedicated, secure location outside of the repository for your project.

Escaneo de secretos will scan your entire Git history on all branches present in your GitHub repository for secrets.

Escaneo de secretos is available on GitHub.com in two forms:

  1. Escaneo de secretos para patrones asociados. Runs automatically on all public repositories. Any strings that match patterns that were provided by secret scanning partners are reported directly to the relevant partner.

  2. Escaneo de secretos para la seguridad avanzada. Organizations using Nube de GitHub Enterprise with a license for GitHub Advanced Security can enable and configure additional scanning for repositories owned by the organization. Any strings that match patterns provided by secret scanning partners, by other service providers, or defined by your organization, are reported as alerts in the "Security" tab of repositories. If a string in a public repository matches a partner pattern, it is also reported to the partner. For more information, see the Nube de GitHub Enterprise documentation.

Service providers can partner with GitHub to provide their secret formats for scanning. Para saber más sobre nuestro programa asociado, consulta "el programa asociado de Escaneo de secretos".

About escaneo de secretos para patrones asociados

When you make a repository public, or push changes to a public repository, GitHub always scans the code for secrets that match partner patterns. If escaneo de secretos detects a potential secret, we notify the service provider who issued the secret. The service provider validates the string and then decides whether they should revoke the secret, issue a new secret, or contact you directly. Their action will depend on the associated risks to you or them. For more information, see "Supported secrets for partner patterns."

You cannot change the configuration of escaneo de secretos on public repositories.

Note: Organizations using Nube de GitHub Enterprise with GitHub Advanced Security can also enable >- escaneo de secretos para la seguridad avanzada on any repository they own, including private repositories. Para obtener más información, consulta la documentación de Nube de GitHub Enterprise.

Further reading