Skip to main content

Generación de expresiones regulares para patrones personalizados con IA

Puede usar el generador de expresiones regulares para generar expresiones regulares para patrones personalizados. El generador usa un modelo de IA para generar expresiones que coincidan con la entrada y, opcionalmente, cadenas de ejemplo.

¿Quién puede utilizar esta característica?

Secret scanning alerts for partners runs automatically on public repositories and public npm packages to notify service providers about leaked secrets on GitHub.

Secret scanning alerts for users are available for user-owned public repositories for free. Organizations using GitHub Enterprise Cloud with a license for GitHub Advanced Security can also enable secret scanning alerts for users on their private and internal repositories. Additionally, secret scanning alerts for users are available and in beta on user-owned repositories for GitHub Enterprise Cloud with Enterprise Managed Users. For more information, see "About secret scanning" and "About GitHub Advanced Security."

For information about how you can try GitHub Advanced Security for free, see "Setting up a trial of GitHub Advanced Security."

Note: The regular expression generator is in beta. Functionality and documentation are subject to change.

Generating a regular expression for a repository using the generator

  1. On GitHub.com, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the "Security" section of the sidebar, click Code security and analysis.

  4. Under "Code security and analysis", find "GitHub Advanced Security."

  5. Under "Secret scanning", under "Custom patterns", click New pattern.

  6. In the "Pattern name" field, type a name for your pattern.

  7. On the top right, click Generate with AI.

    Note: You can enter a regular expression manually instead of using the generator, by typing a regular expression for the format of your secret pattern in the "Secret format" field. For more information, see "Defining a custom pattern for a repository" or "Defining a custom pattern for an organization."

  8. In the sliding panel that is displayed:

    • Complete the "I want a regular expression that" field, describing, ideally in plain English, what patterns you want your regular expression to capture. You can use other natural languages, but the performance may not be as good as with English.

    • Complete the "Examples of what I'm looking for" field, giving an example of a pattern you want to scan for.

    • Click Generate suggestions.

    • Optionally, click on a suggestion to view a description of the regular expression.

    • Click Use results in the Results section that appears, for the result you want to use.

      Screenshot of a filled custom secret scanning pattern form for the generator to use.

  9. You can click More options to provide other surrounding content or additional match requirements for the secret format. GitHub will add the examples you typed in the sliding panel to the Test string field.

  10. When you're ready to test your new custom pattern, to identify matches in the repository without creating alerts, click Save and dry run.

  11. When the dry run finishes, you'll see a sample of results (up to 1000). Review the results and identify any false positive results.

    Screenshot showing results from dry run.

  12. Edit the new custom pattern to fix any problems with the results, then, to test your changes, click Save and dry run.

  13. When you're satisfied with your new custom pattern, click Publish pattern.

You can configure secret scanning to check pushes for custom patterns before commits are merged into the default branch. For more information, see "Enabling push protection for a custom pattern."

Generating a regular expression for an organization using the generator

  1. In the upper-right corner of GitHub, select your profile photo, then click Your organizations.

  2. Next to the organization, click Settings.

  3. In the "Security" section of the sidebar, click Code security and analysis.

    Note

    If your organization is enrolled in the security configurations and global settings public beta, instead of "Code security and analysis", you will see a "Code security" dropdown menu. Select Code security, then click Global settings. For detail on using the regular expression generator, reference the following steps in this procedure. For more information on configuring global settings for your organization, see "Configuring global security settings for your organization."

  4. Under "Code security and analysis", find "GitHub Advanced Security."

  5. Under "Secret scanning", under "Custom patterns", click New pattern.

  6. In the "Pattern name" field, type a name for your pattern.

  7. On the top right, click Generate with AI.

    Note: You can enter a regular expression manually instead of using the generator, by typing a regular expression for the format of your secret pattern in the "Secret format" field. For more information, see "Defining a custom pattern for a repository" or "Defining a custom pattern for an organization."

  8. In the sliding panel that is displayed:

    • Complete the "I want a regular expression that" field, describing, ideally in plain English, what patterns you want your regular expression to capture. You can use other natural languages, but the performance may not be as good as with English.

    • Complete the "Examples of what I'm looking for" field, giving an example of a pattern you want to scan for.

    • Click Generate suggestions.

    • Optionally, click on a suggestion to view a description of the regular expression.

    • Click Use results in the Results section that appears, for the result you want to use.

      Screenshot of a filled custom secret scanning pattern form for the generator to use.

  9. You can click More options to provide other surrounding content or additional match requirements for the secret format. GitHub will add the examples you typed in the sliding panel to the Test string field.

  10. When you're ready to test your new custom pattern, to identify matches in selected repositories without creating alerts, click Save and dry run.

  11. Select the repositories where you want to perform the dry run.

    • To perform the dry run across the entire organization, select All repositories in the organization.
    • To specify the repositories where you want to perform the dry run, select Selected repositories, then search for and select up to 10 repositories.
  12. When you're ready to test your new custom pattern, click Run.

  13. When the dry run finishes, you'll see a sample of results (up to 1000). Review the results and identify any false positive results.

    Screenshot showing results from dry run.

  14. Edit the new custom pattern to fix any problems with the results, then, to test your changes, click Save and dry run.

  15. When you're satisfied with your new custom pattern, click Publish pattern.

You can configure secret scanning to check pushes for custom patterns before commits are merged into the default branch. For more information, see "Enabling push protection for a custom pattern."

Further reading