支持的机密扫描模式

关于 secret scanning 模式

有两种类型的 机密扫描警报：

• 机密扫描警报：在存储库中检测到支持的机密时，在存储库的安全选项卡中向用户报告。
• 推送保护警报：当参与者绕过推送保护时，在存储库的安全选项卡中向用户报告。

有关每种警报类型的深入信息，请参阅 关于机密扫描警报。

有关所有受支持的模式的详细信息，请参阅下面的支持的机密部分。

如果使用 REST API 进行 secret scanning，可以使用 Secret type 报告来自特定颁发者的机密。 有关详细信息，请参阅“适用于机密扫描的 REST API 终结点”。

如果你认为 secret scanning 应检测到提交到存储库的机密，但却尚未检测到，则首先需要检查 GitHub 是否支持你的机密。 有关详细信息，请参阅以下部分。 有关高级故障排除的详细信息，请参阅 排查机密扫描问题。

支持的机密

下表列出了 secret scanning 支持的机密。 可以查看为每个令牌生成的警报类型，以及是否对令牌执行验证检查。

• 提供商****：令牌提供商的名称。

• Secret scanning 警报****：向 GitHub 上的用户报告泄漏的令牌。

  • 适用于启用了 GitHub Advanced Security 和 secret scanning 的专用存储库。
  • 包括 高置信度 令牌，这些令牌与支持的模式和指定的自定义模式，以及通常会导致误报的非提供商令牌（如私钥）相关。

• 推送保护****：向 GitHub 上的用户报告泄漏的令牌。 适用于启用了 secret scanning 和推送保护的存储库。

• 验证检查****：实现其验证检查的令牌。 当前仅适用于 GitHub 令牌。

非提供商模式

提供程序	令牌
常规	http_basic_authentication_header
常规	http_bearer_authentication_header
常规	mongodb_connection_string
常规	mysql_connection_string
常规	openssh_private_key
常规	pgp_private_key
常规	postgres_connection_string
常规	rsa_private_key

高置信度 模式

提供程序	标记	Secret scanning 警报	推送保护	验证检查
Adafruit	adafruit_io_key
Adobe	adobe_client_secret
Adobe	adobe_device_token
Adobe	adobe_pac_token
Adobe	adobe_refresh_token
Adobe	adobe_service_token
Adobe	adobe_short_lived_access_token
Aiven	aiven_auth_token
Aiven	aiven_service_password
Alibaba	alibaba_cloud_access_key_id alibaba_cloud_access_key_secret
Amazon AWS	aws_access_key_id aws_secret_access_key
Amazon AWS	aws_secret_access_key aws_session_token aws_temporary_access_key_id
Anthropic	anthropic_api_key
Anthropic	anthropic_session_id
Asana	asana_legacy_format_personal_access_token
Asana	asana_personal_access_token
Atlassian	atlassian_api_token Token versions
Atlassian	atlassian_jwt
Authress	authress_service_client_access_key
Azure	azure_active_directory_application_secret Token versions
Azure	azure_active_directory_user_credential
Azure	azure_apim_direct_management_key
Azure	azure_apim_gateway_key
Azure	azure_apim_repository_key
Azure	azure_apim_subscription_key
Azure	azure_app_configuration_connection_string
Azure	azure_batch_key_identifiable
Azure	azure_cache_for_redis_access_key
Azure	azure_communication_services_connection_string
Azure	azure_container_registry_key_identifiable
Azure	azure_cosmosdb_key_identifiable
Azure	azure_devops_personal_access_token
Azure	azure_event_hub_key_identifiable
Azure	azure_function_key
Azure	azure_iot_device_connection_string
Azure	azure_iot_device_key
Azure	azure_iot_device_provisioning_key
Azure	azure_iot_hub_connection_string
Azure	azure_iot_hub_key
Azure	azure_iot_provisioning_connection_string
Azure	azure_management_certificate
Azure	azure_ml_web_service_classic_identifiable_key
Azure	azure_relay_key_identifiable
Azure	azure_sas_token
Azure	azure_search_admin_key
Azure	azure_search_query_key
Azure	azure_service_bus_identifiable
Azure	azure_signalr_connection_string
Azure	azure_sql_connection_string
Azure	azure_sql_password
Azure	azure_storage_account_key Token versions
Azure	azure_web_pub_sub_connection_string
Azure	microsoft_corporate_network_user_credential
Baidu	baiducloud_api_accesskey
Beamer	beamer_api_key
Bitbucket	bitbucket_server_personal_access_token
Canadian Digital Service	cds_canada_notify_api_key
Canva	canva_app_secret
Canva	canva_connect_api_secret
Canva	canva_secret
Cashfree	cashfree_api_key
Checkout.com	checkout_production_secret_key Token versions
Checkout.com	checkout_test_secret_key Token versions
Chief Tools	chief_tools_token
CircleCI	circleci_bot_access_token
CircleCI	circleci_personal_access_token
CircleCI	circleci_project_access_token
CircleCI	circleci_release_integration_token
Clojars	clojars_deploy_token
CloudBees	codeship_credential
Contentful	contentful_personal_access_token
crates.io	cratesio_api_token
Databricks	databricks_access_token
Defined Networking	defined_networking_nebula_api_key
DevCycle	devcycle_client_api_key
DevCycle	devcycle_mobile_api_key
DevCycle	devcycle_server_api_key
DigitalOcean	digitalocean_oauth_token
DigitalOcean	digitalocean_personal_access_token
DigitalOcean	digitalocean_refresh_token
DigitalOcean	digitalocean_system_token
Discord	discord_bot_token Token versions
Docker	docker_personal_access_token
Doppler	doppler_audit_token
Doppler	doppler_cli_token
Doppler	doppler_personal_token
Doppler	doppler_scim_token
Doppler	doppler_service_account_token
Doppler	doppler_service_token
Dropbox	dropbox_access_token
Dropbox	dropbox_short_lived_access_token
Duffel	duffel_live_access_token
Duffel	duffel_test_access_token
Dynatrace	dynatrace_api_token
Dynatrace	dynatrace_internal_token
EasyPost	easypost_production_api_key
EasyPost	easypost_test_api_key
eBay	ebay_production_client_id ebay_production_client_secret
eBay	ebay_sandbox_client_id ebay_sandbox_client_secret
Facebook	facebook_access_token
Fastly	fastly_api_token Token versions
Figma	figma_pat
Finicity	finicity_app_key
Firebase	firebase_cloud_messaging_server_key
Flutterwave	flutterwave_live_api_secret_key
Flutterwave	flutterwave_test_api_secret_key
Frame.io	frameio_developer_token
Frame.io	frameio_jwt
FullStory	fullstory_api_key Token versions
GitHub	github_app_installation_access_token Token versions
GitHub	github_oauth_access_token Token versions
GitHub	github_personal_access_token Token versions
GitHub	github_refresh_token
GitHub	github_ssh_private_key
GitHub	github_test_token
GitHub Secret Scanning	secret_scanning_sample_token
GitLab	gitlab_access_token
GoCardless	gocardless_live_access_token
GoCardless	gocardless_sandbox_access_token
Google	google_api_key
Google	google_cloud_service_account_credentials
Google	google_cloud_storage_access_key_secret google_cloud_storage_service_account_access_key_id
Google	google_cloud_storage_access_key_secret google_cloud_storage_user_access_key_id
Google	google_oauth_access_token
Google	google_oauth_client_id google_oauth_client_secret
Google	google_oauth_refresh_token
Grafana	grafana_cloud_api_key
Grafana	grafana_cloud_api_token
Grafana	grafana_project_api_key
Grafana	grafana_project_service_account_token
HashiCorp	hashicorp_vault_batch_token Token versions
HashiCorp	hashicorp_vault_root_service_token
HashiCorp	hashicorp_vault_service_token Token versions
HashiCorp	terraform_api_token
Highnote	highnote_rk_live_key
Highnote	highnote_rk_test_key
Highnote	highnote_sk_live_key
Highnote	highnote_sk_test_key
HOP	hop_bearer
HOP	hop_pat
HOP	hop_ptk
Hubspot	hubspot_api_key Token versions
Hubspot	hubspot_personal_access_key
IBM	ibm_cloud_iam_key
IBM	ibm_softlayer_api_key
Intercom	intercom_access_token
Ionic	ionic_personal_access_token Token versions
Ionic	ionic_refresh_token Token versions
JFrog	jfrog_platform_access_token
JFrog	jfrog_platform_api_key
JFrog	jfrog_platform_reference_token
Lightspeed	lightspeed_xs_pat
Linear	linear_api_key
Linear	linear_oauth_access_token
Lob	lob_live_api_key
Lob	lob_test_api_key
Localstack	localstack_api_key
LogicMonitor	logicmonitor_bearer_token
LogicMonitor	logicmonitor_lmv1_access_key
Login with Amazon	amazon_oauth_client_id amazon_oauth_client_secret amazon_oauth_client_secret
Mailchimp	mailchimp_api_key
Mailgun	mailgun_api_key Token versions
Mapbox	mapbox_secret_access_token
MaxMind	maxmind_license_key
Mercury	mercury_non_production_api_token
Mercury	mercury_production_api_token
Mergify	mergify_application_key
MessageBird	messagebird_api_key
Midtrans	midtrans_production_server_key
Midtrans	midtrans_sandbox_server_key
New Relic	new_relic_insights_query_key
New Relic	new_relic_license_key
New Relic	new_relic_personal_api_key
New Relic	new_relic_rest_api_key
Notion	notion_integration_token
Notion	notion_oauth_client_secret
npm	npm_access_token Token versions
NuGet	nuget_api_key
Octopus Deploy	octopus_deploy_api_key
Oculus	oculus_access_token
OneChronos	onechronos_api_key
OneChronos	onechronos_eb_api_key
OneChronos	onechronos_eb_encryption_key
OneChronos	onechronos_oauth_token
OneChronos	onechronos_refresh_token
Onfido	onfido_live_api_token
Onfido	onfido_sandbox_api_token
OpenAI	openai_api_key Token versions
Orbit	orbit_api_token
PagerDuty	pagerduty_oauth_secret
PagerDuty	pagerduty_oauth_token
Palantir	palantir_jwt
Persona Identities	persona_production_api_key
Persona Identities	persona_sandbox_api_key
Pinterest	pinterest_access_token
Pinterest	pinterest_refresh_token
PlanetScale	planetscale_database_password
PlanetScale	planetscale_oauth_token
PlanetScale	planetscale_service_token
Plivo	plivo_auth_id plivo_auth_token
Postman	postman_api_key
Postman	postman_collection_key
Prefect	prefect_server_api_key
Prefect	prefect_user_api_key
Proctorio	proctorio_consumer_key
Proctorio	proctorio_linkage_key
Proctorio	proctorio_registration_key
Proctorio	proctorio_secret_key Token versions
Pulumi	pulumi_access_token
PyPI	pypi_api_token
ReadMe	readmeio_api_access_token
redirect.pizza	redirect_pizza_api_token
Rootly	rootly_api_key
RubyGems	rubygems_api_key
Samsara	samsara_api_token
Samsara	samsara_oauth_access_token
Segment	segment_public_api_token
SendGrid	sendgrid_api_key
Sendinblue	sendinblue_api_key
Sendinblue	sendinblue_smtp_key
Shippo	shippo_live_api_token
Shippo	shippo_test_api_token
Shopify	shopify_access_token
Shopify	shopify_app_client_credentials
Shopify	shopify_app_client_secret
Shopify	shopify_app_shared_secret
Shopify	shopify_custom_app_access_token
Shopify	shopify_marketplace_token
Shopify	shopify_merchant_token
Shopify	shopify_partner_api_token
Shopify	shopify_private_app_password
Slack	slack_api_token Token versions
Slack	slack_incoming_webhook_url
Slack	slack_workflow_webhook_url
Square	square_access_token Token versions
Square	square_production_application_secret
Square	square_sandbox_application_secret
SSLMate	sslmate_api_key Token versions
SSLMate	sslmate_cluster_secret
Stripe	stripe_api_key
Stripe	stripe_legacy_api_key
Stripe	stripe_live_restricted_key
Stripe	stripe_test_restricted_key
Stripe	stripe_test_secret_key
Stripe	stripe_webhook_signing_secret
Supabase	supabase_service_key Token versions
Tableau	tableau_personal_access_token
Telegram	telegram_bot_token
Telnyx	telnyx_api_v2_key
Tencent	tencent_cloud_secret_id
Tencent	tencent_wechat_api_app_id
Twilio	twilio_access_token
Twilio	twilio_account_sid
Twilio	twilio_api_key
Typeform	typeform_personal_access_token
Uniwise	wiseflow_api_key
Unkey	unkey_root_key
VolcEngine	volcengine_access_key_id
Wakatime	wakatime_api_key
Wakatime	wakatime_app_secret
Wakatime	wakatime_oauth_access_token
Wakatime	wakatime_oauth_refresh_token
Workato	workato_developer_api_token Token versions
WorkOS	workos_production_api_key Token versions
WorkOS	workos_staging_api_key Token versions
Yandex	yandex_cloud_api_key
Yandex	yandex_cloud_iam_access_secret
Yandex	yandex_cloud_iam_cookie
Yandex	yandex_cloud_iam_token
Yandex	yandex_cloud_smartcaptcha_server_key
Yandex	yandex_dictionary_api_key
Yandex	yandex_predictor_api_key
Yandex	yandex_translate_api_key
Zuplo	zuplo_consumer_api_key

令牌版本

服务提供方会更新用于定期生成令牌的模式，并且可能支持多个版本的令牌。 推送保护仅支持 secret scanning 可放心识别的最新令牌版本。 这样可以避免在结果可能是误报时，不必要地阻止提交推送保护，这种情况在使用旧令牌时更有可能发生。

其他阅读材料

• 关于机密扫描警报
• 保护存储库快速入门
• 保护帐户和数据安全