Skip to main content

为企业配置额外的机密扫描设置

了解如何为企业配置额外的secret scanning设置。

谁可以使用此功能?

具有管理员角色的企业所有者和成员

About additional settings for secret scanning

There are some additional secret scanning settings that cannot be applied to repositories using security configurations, so you must configure these settings separately:

These additional settings apply only to repositories with secret scanning and GitHub Advanced Security both enabled, or with GitHub Secret Protection enabled.

Accessing the additional settings for secret scanning

  1. In the top-right corner of GitHub, click your profile picture.
  2. Depending on your environment, click Your enterprise, or click Your enterprises then click the enterprise you want to view.
  3. At the top of the page, click Settings.
  4. In the left sidebar, click Advanced Security.
  5. Scroll down the page to the "Additional settings" section.

To provide context for developers when secret scanning blocks a commit, you can display a link with more information on why the commit was blocked.

  1. Under "Additional settings", in the "Secret Protection" section and to the right of "Resource link for push protection", click .
  2. In the text box, type the link to the desired resource, then click .

Controlling features for new repositories created in a user namespace

To ensure that any repositories created by users outside of an organization are protected by the same security features as repositories created within an organization, you can enable or disable secret scanning features for new repositories created in a user namespace.

Under "Additional settings", use the options in the "User namespace repositories" section to enable or disable features for new repositories.

Specifying patterns to include in push protection for your enterprise

注意

The configuration of patterns for push protection at enterprise and organization level is currently in public preview and subject to change.

You can customize which secret patterns are included in push protection, giving security teams greater control over what types of secrets are blocked in the repositories in your enterprise.

  1. Under "Additional settings", in the "Secret Protection" section, click anywhere inside the "Pattern configurations for push protection" row.

  2. In the page that gets displayed, make the desired changes in the "Enterprise setting" column. You can enable or disable push protection for individual patterns by using the toggle in the relevant column: "Enterprise setting" at the enterprise level, and "Organization setting" at the organization level.

    The data is limited to the scope, therefore the alert volume, false positives, bypass rate, or availability of custom patterns is reflective of user / alert activity within the enterprise or organization.

    The GitHub default may change over time as we increase precision and promote patterns.

    注意

    Organization administrators and security teams can override settings configured at the enterprise level.

    ColumnDescription
    NameName of the pattern or secret
    Alert totalTotal number of alerts for the pattern (percentage and absolute numbers)
    False positivesPercentage of false positives for the pattern
    Bypass ratePercentage of bypasses for the pattern
    GitHub defaultDefault behavior for push protection, as recommended by GitHub
    Enterprise settingUneditable at organization level
    Current enablement status for push protection
    Can be Enabled, Disabled, and Default.
    At enterprise level, Default is the default value.
    Organization settingOnly valid at organization level
    Current enablement status for push protection
    Can be Enabled, Disabled, and Enterprise (inherited from the enterprise).
    Enterprise is the default value.