Skip to main content

此版本的 GitHub Enterprise Server 已于以下日期停止服务 2024-09-24. 即使针对重大安全问题,也不会发布补丁。 为了获得更好的性能、更高的安全性和新功能,请升级到最新版本的 GitHub Enterprise。 如需升级帮助,请联系 GitHub Enterprise 支持

为存储库启用推送保护

通过推送保护,secret scanning 会阻止参与者将机密推送到存储库,并在参与者绕过该阻止时生成警报。

谁可以使用此功能?

Secret scanning is available for organization-owned repositories in GitHub Enterprise Server if your enterprise has a license for GitHub Advanced Security. For more information, see "About secret scanning alerts" and "About GitHub Advanced Security."

About enabling push protection

To enable push protection for a repository, you must first enable secret scanning. You can then enable push protection in the repository's "Code security and analysis" settings page following the steps outlined in this article.

If you're an organization owner, you can enable push protection for multiple repositories at a time. For more information, see "Quickstart for securing your organization."

Organization owners, security managers, and repository administrators can also enable push protection for secret scanning via the API. For more information, see "REST API endpoints for repositories" and expand the "Properties of the security_and_analysis object" section.

If your organization is owned by an enterprise account, an enterprise owner can also enable push protection at the enterprise level. For more information, see "Managing GitHub Advanced Security features for your enterprise."

Enabling push protection for a repository

  1. On GitHub, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the "Security" section of the sidebar, click Code security and analysis.

  4. Under "Code security and analysis", find "GitHub Advanced Security."

  5. Under "Secret scanning", under "Push protection", click Enable.

Further reading