Secret scanning sends detections in secret gists to partners (#56885)

2025-12-19 09:57:42 -05:00 · 2025-12-01 14:43:49 +00:00
parent 735394822a
commit 9708c4c1b1
4 changed files with 13 additions and 5 deletions
--- a/content/code-security/secret-scanning/introduction/about-secret-scanning-for-partners.md
+++ b/content/code-security/secret-scanning/introduction/about-secret-scanning-for-partners.md
@@ -18,6 +18,10 @@ shortTitle: Secret scanning for partners

 > [!NOTE]You cannot change the configuration of {% data variables.product.prodname_secret_scanning %} for partner patterns on public repositories.

+{% data variables.secret-scanning.partner_alerts_caps %} scans:
+
+{% data reusables.secret-scanning.what-is-scanned %}
+
 The reason partner alerts are directly sent to the secret providers whenever a leak is detected for one of their secrets is that this enables the provider to take immediate action to protect you and protect their resources. The notification process for regular alerts is different. Regular alerts are displayed on the repository's **Security** tab on {% data variables.product.prodname_dotcom %} for you to resolve.

 {% data reusables.secret-scanning.secret-scanning-pattern-pair-matches %}
--- a/content/code-security/secret-scanning/introduction/about-secret-scanning.md
+++ b/content/code-security/secret-scanning/introduction/about-secret-scanning.md
@@ -29,8 +29,14 @@ shortTitle: Secret scanning

 {% data variables.product.prodname_secret_scanning_caps %} scans your entire Git history on all branches present in your {% data variables.product.prodname_dotcom %} repository for secrets, even if the repository is archived. {% data variables.product.prodname_dotcom %} will also periodically run a full Git history scan for new secret types in existing content in {% ifversion fpt or ghec %}public repositories{% else %}repositories with {% data variables.product.prodname_GH_secret_protection %} enabled{% endif %} where {% data variables.product.prodname_secret_scanning %} is enabled when new supported secret types are added.

+Additionally, {% data variables.product.prodname_secret_scanning %} scans:
+
 {% data reusables.secret-scanning.what-is-scanned %}

+{% ifversion fpt or ghec %}
+This additional scanning is free for public repositories.
+{% endif %}
+
 {% ifversion ghas-products %}{% ifversion secret-risk-assessment %}
 > [!TIP]
 > Regardless of the enablement status of {% data variables.product.prodname_AS %} features, organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %} can run a free report to scan the code in the organization for leaked secrets.
--- a/content/get-started/writing-on-github/editing-and-sharing-content-with-gists/creating-gists.md
+++ b/content/get-started/writing-on-github/editing-and-sharing-content-with-gists/creating-gists.md
@@ -22,6 +22,8 @@ Gists can be public or secret. Public gists show up in {% data variables.gists.d

 Secret gists don't show up in {% data variables.gists.discover_url %} and are not searchable unless you are logged in and are the author of the secret gist. Secret gists aren't private. If you send the URL of a secret gist to a friend, they'll be able to see it. However, if someone you don't know discovers the URL, they'll also be able to see your gist. If you need to keep your code away from prying eyes, you may want to [create a private repository](/repositories/creating-and-managing-repositories/creating-a-new-repository) instead.

+For {% data variables.product.prodname_dotcom_the_website %} and {% data variables.product.prodname_ghe_cloud %}, {% data variables.product.github %} automatically scans _secret gists_ for partner secrets and informs the relevant partner whenever one of their secrets is leaked.{% ifversion fpt or ghec %} See [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning-for-partners).{% endif %}
+
 {% data reusables.gist.cannot-convert-public-gists-to-secret %} However, a secret gist can be made public by editing the gist and updating the visibility to public.

 {% ifversion ghes %}
--- a/data/reusables/secret-scanning/what-is-scanned.md
+++ b/data/reusables/secret-scanning/what-is-scanned.md
@@ -1,12 +1,8 @@
-Additionally, {% data variables.product.prodname_secret_scanning %} scans:
 * Descriptions and comments in issues
 * Titles, descriptions, and comments, in open and closed _historical_ issues{% ifversion fpt or ghec %}. A notification is sent to the relevant partner when a historical partner pattern is detected.{% endif %}
 * Titles, descriptions, and comments in pull requests
 * Titles, descriptions, and comments in {% data variables.product.prodname_discussions %}{% ifversion secret-scanning-enhancements-wikis %}
 * Wikis{% endif %}
-
-{% ifversion fpt or ghec %}
-This additional scanning is free for public repositories.
-{% endif %}
+* Secret gists. A notification is sent to the relevant partner when a partner pattern is detected in a secret gist.

 {% data reusables.secret-scanning.beta-prs-discussions-wikis-scanned %}