Secret scanning

Enterprise Cloud

Enterprise Server

Enterprise Server 3.5

Enterprise Server 3.6

Enterprise Server 3.7

Enterprise Server 3.8

Enterprise Server 3.9

Free, Pro, & Team

GitHub AE

REST API

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Help us make these docs great!

Help for wherever you are on your GitHub journey.

Can be one of

Name

All {{ name }} guides

{{ name }} learning paths

Actions

GitHub began rolling these changes out to enterprises on

Enter a search term to find it in the GitHub Docs.

Secret scanning - GitHub Enterprise Server 3.5 Docs

Use the REST API to retrieve and update secret alerts from a repository.

English

Simplified Chinese

Spanish

Portuguese

Russian

Japanese

French

German

Korean

Quickstart

About GitHub's APIs

Resources in the REST API

Media types

Authenticating

Keeping API credentials secure

Troubleshooting

Libraries

OpenAPI description

Endpoints for GitHub App installation tokens

Endpoints for GitHub App user tokens

Permissions for GitHub Apps

Overview

Using the API

Script with JavaScript

Discover resources for a user

Delivering deployments

Rendering data as graphs

Working with comments

Pagination

Building a CI server

Integrator best practices

Get started - Git database

Get started - Checks

Guides

Artifacts

Cache

Permissions

Secrets

Self-hosted runner groups

Self-hosted runners

Workflow jobs

Workflow runs

Workflows

Events

Feeds

Notifications

Starring

Watching

Activity

GitHub Apps

Installations

OAuth Authorizations

Webhooks

Apps

Billing

Branches

Protected branches

Check Runs

Check Suites

Checks

Codes of conduct

Code Scanning

Collaborators

Invitations

Commits

Commit comments

Commit statuses

Dependabot

Deploy keys

Deployment branch policies

Deployments

Environments

Deployment statuses

Emojis

Admin stats

Announcement

Audit log

Global Webhooks

LDAP

License

Management Console

Organization Pre-receive Hooks

Organizations

Pre-receive Environments

Pre-receive Hooks

Repository Pre-receive Hooks

Users

Enterprise administration

Gists

Comments

Blobs

References

Trees

Git database

Gitignore

Issues

Assignees

Labels

Milestones

Timeline

Licenses

Markdown

Statistics

Metrics

Migrations

OAuth authorizations

Custom Repository Roles

Members

Outside Collaborators

Pages

Boards

Cards

Columns

Project boards

Pulls

Review comments

Review requests

Reviews

Rate limit

Reactions

Releases

Release Assets

Autolinks

Forks

Git LFS

Repositories

Search

Teams

Discussion comments

Discussions

Emails

Followers

GPG Keys

Git SSH Keys

Repository Webhook Configuration

Repository Webhook Deliveries

Repository Webhooks

Repository webhooks

https://api.github.com/repos/octocat/Hello-World/contents/{+path}

Hello-World

Lists secret scanning alerts for eligible repositories in an enterprise, from newest to oldest.
To use this endpoint, you must be a member of the enterprise, and you must use an access token with the <code>repo</code> scope or <code>security_events</code> scope. Alerts are only returned for organizations in the enterprise for which you are an organization owner or a <a href="https://docs.github.com/enterprise-server@3.5/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization">security manager</a>.

The slug version of the enterprise name. You can also substitute this value with the enterprise id.

enterprise

Set to <code>open</code> or <code>resolved</code> to only list secret scanning alerts in a specific state.

state

A comma-separated list of secret types to return. By default all secret types are returned.
See "<a href="https://docs.github.com/enterprise-server@3.5/code-security/secret-scanning/secret-scanning-patterns#supported-secrets-for-advanced-security">Secret scanning patterns</a>"
for a complete list of secret types.

secret_type

A comma-separated list of resolutions. Only secret scanning alerts with one of these resolutions are listed. Valid resolutions are <code>false_positive</code>, <code>wont_fix</code>, <code>revoked</code>, <code>pattern_edited</code>, <code>pattern_deleted</code> or <code>used_in_tests</code>.

resolution

The number of results per page (max 100).

per_page

A cursor, as given in the <a href="https://docs.github.com/enterprise-server@3.5/rest/guides/using-pagination-in-the-rest-api#using-link-headers">Link header</a>. If specified, the query only searches for results before this cursor.

before

A cursor, as given in the <a href="https://docs.github.com/enterprise-server@3.5/rest/guides/using-pagination-in-the-rest-api#using-link-headers">Link header</a>. If specified, the query only searches for results after this cursor.

after

List secret scanning alerts for an enterprise

Lists secret scanning alerts for eligible repositories in an organization, from newest to oldest.
To use this endpoint, you must be an administrator or security manager for the organization, and you must use an access token with the <code>repo</code> scope or <code>security_events</code> scope.
GitHub Apps must have the <code>secret_scanning_alerts</code> read permission to use this endpoint.

The organization name. The name is not case sensitive.

Page number of the results to fetch.

page

List secret scanning alerts for an organization

Lists secret scanning alerts for an eligible repository, from newest to oldest.
To use this endpoint, you must be an administrator for the repository or for the organization that owns the repository, and you must use a personal access token with the <code>repo</code> scope or <code>security_events</code> scope.
For public repositories, you may instead use the <code>public_repo</code> scope.
GitHub Apps must have the <code>secret_scanning_alerts</code> read permission to use this endpoint.

The account owner of the repository. The name is not case sensitive.

owner

The name of the repository without the <code>.git</code> extension. The name is not case sensitive.

repo

Repository is public or secret scanning is disabled for the repository

List secret scanning alerts for a repository

The time that the alert was created in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.

The REST API URL of the code locations for this alert.

**Required when the `state` is `resolved`.** The reason for resolving the alert.

The time that the alert was resolved in ISO 8601 format: `YYYY-MM-DDTHH:MM:SSZ`.

The type of secret that secret scanning detected.

User-friendly name for the detected secret, matching the `secret_type`.
For a list of built-in patterns, see "[Secret scanning patterns](https://docs.github.com/enterprise-server@3.5/code-security/secret-scanning/secret-scanning-patterns#supported-secrets-for-advanced-security)."

Sets the state of the secret scanning alert. You must provide `resolution` when you set the state to `resolved`.

Gets a single secret scanning alert detected in an eligible repository.
To use this endpoint, you must be an administrator for the repository or for the organization that owns the repository, and you must use a personal access token with the <code>repo</code> scope or <code>security_events</code> scope.
For public repositories, you may instead use the <code>public_repo</code> scope.
GitHub Apps must have the <code>secret_scanning_alerts</code> read permission to use this endpoint.

Get a secret scanning alert