Skip to main content

About secret scanning

GitHub scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally.

Escaneo de secretos is enabled on public repositories in all products. Escaneo de secretos is also available in private repositories owned by organizations that use Nube de GitHub Enterprise and have a license for GitHub Advanced Security. For more information, see "GitHub's products."

About escaneo de secretos

If your project communicates with an external service, you might use a token or private key for authentication. Tokens and private keys are examples of secrets that a service provider can issue. If you check a secret into a repository, anyone who has read access to the repository can use the secret to access the external service with your privileges. We recommend that you store secrets in a dedicated, secure location outside of the repository for your project.

Escaneo de secretos will scan your entire Git history on all branches present in your GitHub repository for any secrets. Service providers can partner with GitHub to provide their secret formats for scanning. For details of the supported secrets and service providers, see "Escaneo de secretos partners."

To find out about our partner program, see "Escaneo de secretos partner program."

About escaneo de secretos for public repositories

Escaneo de secretos is automatically enabled on public repositories. When you push to a public repository, GitHub scans the content of the commits for secrets.

When escaneo de secretos detects a potential secret, we notify the service provider who issued the secret. The service provider validates the string and then decides whether they should revoke the secret, issue a new secret, or contact you directly. Their action will depend on the associated risks to you or them.

You cannot change the configuration of escaneo de secretos on public repositories.

Organizations using Nube de GitHub Enterprise with GitHub Advanced Security can configure escaneo de secretos to run on private repositories. For more information, see the Nube de GitHub Enterprise documentation.

Further reading