About additional settings for secret scanning
There are some additional secret scanning settings that cannot be applied to repositories using security configurations, so you must configure these settings separately:
- Configuring a resource link for push protection
- Controlling features for new repositories created in a user namespace
- Specifying patterns to include in push protection for your enterprise
These additional settings apply only to repositories with secret scanning and GitHub Advanced Security both enabled, or with GitHub Secret Protection enabled.
Accessing the additional settings for secret scanning
- In the top-right corner of GitHub, click your profile picture.
- Depending on your environment, click Your enterprise, or click Your enterprises then click the enterprise you want to view.
- At the top of the page, click Settings.
- In the left sidebar, click Advanced Security.
- Scroll down the page to the "Additional settings" section.
Configuring a resource link for push protection
To provide context for developers when secret scanning blocks a commit, you can display a link with more information on why the commit was blocked.
- Under "Additional settings", in the "Secret Protection" section and to the right of "Resource link for push protection", click .
- In the text box, type the link to the desired resource, then click .
Controlling features for new repositories created in a user namespace
To ensure that any repositories created by users outside of an organization are protected by the same security features as repositories created within an organization, you can enable or disable secret scanning features for new repositories created in a user namespace.
Under "Additional settings", use the options in the "User namespace repositories" section to enable or disable features for new repositories.
Specifying patterns to include in push protection for your enterprise
注意
The configuration of patterns for push protection at enterprise and organization level is currently in public preview and subject to change.
You can customize which secret patterns are included in push protection, giving security teams greater control over what types of secrets are blocked in the repositories in your enterprise.
-
Under "Additional settings", in the "Secret Protection" section, click anywhere inside the "Pattern configurations for push protection" row.
-
In the page that gets displayed, make the desired changes in the "Enterprise setting" column. You can enable or disable push protection for individual patterns by using the toggle in the relevant column: "Enterprise setting" at the enterprise level, and "Organization setting" at the organization level.
The data is limited to the scope, therefore the alert volume, false positives, bypass rate, or availability of custom patterns is reflective of user / alert activity within the enterprise or organization.
The GitHub default may change over time as we increase precision and promote patterns.
注意
Organization administrators and security teams can override settings configured at the enterprise level.
Column Description Name Name of the pattern or secret Alert total Total number of alerts for the pattern (percentage and absolute numbers) False positives Percentage of false positives for the pattern Bypass rate Percentage of bypasses for the pattern GitHub default Default behavior for push protection, as recommended by GitHub Enterprise setting Uneditable at organization level
Current enablement status for push protection
Can beEnabled
,Disabled
, andDefault
.
At enterprise level,Default
is the default value.Organization setting Only valid at organization level
Current enablement status for push protection
Can beEnabled
,Disabled
, andEnterprise
(inherited from the enterprise).Enterprise
is the default value.