Skip to main content
We publish frequent updates to our documentation, and translation of this page may still be in progress. For the most current information, please visit the English documentation.

Troubleshooting secret scanning

If you have problems with secret scanning, you can use these tips to help resolve issues.

Alertas de examen de secretos para asociados se ejecuta de forma automática en repositorios públicos para notificar a los proveedores de servicio sobre secretos filtrados en GitHub.com.

Alertas de examen de secretos para usuarios están disponibles de forma gratuita en todos los repositorios públicos. Las organizaciones que usan GitHub Enterprise Cloud con una licencia de GitHub Advanced Security también pueden habilitar alertas de examen de secretos para usuarios en sus repositorios privados e internos. Para obtener más información, consulta "Acerca de las alertas de examen de secretos para usuarios" y "Acerca de GitHub Advanced Security".

Detection of pattern pairs

Secret scanning will only detect pattern pairs, such as AWS Access Keys and Secrets, if the ID and the secret are found in the same file, and both are pushed to the repository. Pair matching helps reduce false positives since both elements of a pair (the ID and the secret) must be used together to access the provider's resource.

Pairs pushed to different files, or not pushed to the same repository, will not result in alerts. For more information about the supported pattern pairs, see the table in "."

About legacy GitHub tokens

For GitHub tokens, we check the validity of the secret to determine whether the secret is active or inactive. This means that for legacy tokens, secret scanning won't detect a GitHub Enterprise Server personal access token on GitHub Enterprise Cloud. Similarly, a GitHub Enterprise Cloud personal access token won't be found on GitHub Enterprise Server.