Observação: O administrador do site deve habilitar varredura secreta para your GitHub Enterprise Server instance antes de usar este recurso. Para obter mais informações, consulte "Configurar o varredura secreta para seu aplicativo ".
Segredos compatíveis
Quando >- secret scanning está habilitado, GitHub digitalia os segredos emitidos pelos seguintes prestadores de serviços.
If access to a resource requires paired credentials, then secret scanning will create an alert only when both parts of the pair are detected in the same file. This ensures that the most critical leaks are not hidden behind information about partial leaks.
Se você usar a API REST para a digitalização de segredo, você pode usar o tipo tipo de segredo
para relatar segredos de emissores específicos. Para obter mais informações, consulte "Verificação de segredo".
Obersvação: Você também pode definir padrões personalizados de varredura secreta para seu repositório, organização ou empresa. Para obter mais informações, consulte "Definir padrões personalizados para varredura secreta".
Provider | Segredo compatível | Secret type |
---|---|---|
Adafruit IO | Chave de IO de Adafruit | adafruit_io_key |
Adobe | Adobe Device Token | adobe_device_token |
Adobe | Adobe Service Token | adobe_service_token |
Adobe | Adobe Short-Lived Access Token | adobe_short_lived_access_token |
Adobe | Adobe JSON Web Token | adobe_jwt |
Alibaba Cloud | Alibaba Cloud Access Key ID with Alibaba Cloud Access Key Secret | alibaba_cloud_access_key_id alibaba_cloud_access_key_secret |
Amazon | Amazon OAuth Client ID with Amazon OAuth Client Secret | amazon_oauth_client_id amazon_oauth_client_secret Amazon Web Services (AWS) |
Amazon Web Services (AWS) | Amazon AWS Session Token with Amazon AWS Temporary Access Key ID and Amazon AWS Secret Access Key | aws_session_token aws_temporary_access_key_id aws_secret_access_key Asana |
Azure | Azure Active Directory Application Secret | azure_active_directory_application_secret |
Azure | Azure Cache for Redis Access Key | azure_cache_for_redis_access_key Azure |
Beamer | Beamer API Key | beamer_api_key Checkout.com |
Contentful | Contentful Personal Access Token | contentful_personal_access_token Databricks |
FullStory | FullStory API Key | fullstory_api_key GitHub |
GitLab | GitLab Access Token | gitlab_access_token GoCardless |
Firebase Cloud Messaging Server Key | firebase_cloud_messaging_server_key Google | |
Google Cloud Storage Service Account Access Key ID with Google Cloud Storage Access Key Secret | google_cloud_storage_service_account_access_key_id google_cloud_storage_access_key_secret | |
Google Cloud Storage User Access Key ID with Google Cloud Storage Access Key Secret | google_cloud_storage_user_access_key_id google_cloud_storage_access_key_secret | |
Google OAuth Access Token | google_oauth_access_token | |
Google OAuth Client ID with Google OAuth Client Secret | google_oauth_client_id google_oauth_client_secret | |
Google OAuth Refresh Token | google_oauth_refresh_token Grafana | |
JFrog | JFrog Platform Access Token | jfrog_platform_access_token |
JFrog | JFrog Platform API Key | jfrog_platform_api_key Linear |
Mapbox | Mapbox Secret Access Token | mapbox_secret_access_token MessageBird |
Midtrans | Midtrans Production Server Key | midtrans_production_server_key |
Midtrans | Midtrans Sandbox Server Key | midtrans_sandbox_server_key |
New Relic | New Relic Personal API Key | new_relic_personal_api_key |
New Relic | New Relic REST API Key | new_relic_rest_api_key |
New Relic | New Relic Insights Query Key | new_relic_insights_query_key |
New Relic | New Relic License Key | new_relic_license_key |
Notion | Notion Integration Token | notion_integration_token |
Notion | Notion OAuth Client Secret | notion_oauth_client_secret npm |
Octopus Deploy | Octopus Deploy API Key | octopus_deploy_api_key Onfido |
PlanetScale | PlanetScale Database Password | planetscale_database_password |
PlanetScale | PlanetScale OAuth Token | planetscale_oauth_token |
PlanetScale | PlanetScale Service Token | planetscale_service_token |
Plivo | Plivo Auth ID with Plivo Auth Token | plivo_auth_id plivo_auth_token Postman |
Sendinblue | Sendinblue API Key | sendinblue_api_key |
Sendinblue | Sendinblue SMTP Key | sendinblue_smtp_key Shippo |
Square | Square Access Token | square_access_token |
Square | Square Production Application Secret | square_production_application_secret |
Square | Square Sandbox Application Secret | square_sandbox_application_secret SSLMate |
Supabase | Supabase Service Key | supabase_service_key Tableau |
Twilio | Twilio Access Token | twilio_access_token Twilio |
Typeform | Typeform Personal Access Token | typeform_personal_access_token |
Yandex | Yandex.Cloud API Key | yandex_cloud_api_key |
Yandex | Yandex.Cloud IAM Cookie | yandex_cloud_iam_cookie |
Yandex | Yandex.Cloud IAM Token | yandex_cloud_iam_token |
Yandex | Yandex.Dictionary API Key | yandex_dictionary_api_key |
Yandex | Yandex.Predictor API Key | yandex_predictor_api_key |
Yandex | Yandex.Translate API Key | yandex_translate_api_key |
Leia mais
- "Protegendo o seu repositório"
- "Manter a conta e os dados seguros"
- "Programa de parceiros de Varredura secreta" na documentação de GitHub Enterprise Cloud