8c62486a96
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com> Co-authored-by: mchammer01 <42146119+mchammer01@users.noreply.github.com> Co-authored-by: Anne-Marie <102995847+am-stead@users.noreply.github.com> Co-authored-by: Hector Alfaro <hectorsector@github.com> Co-authored-by: Vanessa <vgrl@github.com> Co-authored-by: Erin Havens <erinhav@github.com> Co-authored-by: Aaron Waggener <73763104+aaronwaggener@users.noreply.github.com> Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com> Co-authored-by: Sarah Schneider <sarahs@users.noreply.github.com> Co-authored-by: Sarita Iyer <66540150+saritai@users.noreply.github.com> Co-authored-by: Sarah Schneider <sarahs@github.com>
100 lines
7.1 KiB
Markdown
100 lines
7.1 KiB
Markdown
---
|
|
title: Managing custom patterns
|
|
shortTitle: Manage custom patterns
|
|
intro: 'You can view, edit, and remove custom patterns, as well as enable push protection for custom patterns.'
|
|
permissions: '{% data reusables.permissions.security-enterprise-enable %}'
|
|
versions:
|
|
fpt: '*'
|
|
ghes: '*'
|
|
ghec: '*'
|
|
type: how_to
|
|
topics:
|
|
- Secret Protection
|
|
- Secret scanning
|
|
---
|
|
|
|
Custom patterns are user-defined patterns that you can use to identify secrets that are not detected by the default patterns supported by {% data variables.product.prodname_secret_scanning %}. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning).
|
|
|
|
At the enterprise level, only the creator of a custom pattern can edit the pattern, and use it in a dry run. There are no similar restrictions for editing custom patterns at repository and organization level.
|
|
|
|
## Editing a custom pattern
|
|
|
|
When you save a change to a custom pattern, this closes all the {% data variables.secret-scanning.alerts %} that were created using the previous version of the pattern.
|
|
|
|
{% data reusables.secret-scanning.view-custom-pattern %}
|
|
1. Under {% ifversion ghas-products %}"Custom patterns"{% else %}"{% data variables.product.prodname_secret_scanning_caps %}"{% endif %}, to the right of the custom pattern you want to edit, click {% octicon "pencil" aria-label="Edit pattern" %}.
|
|
1. When you're ready to test your edited custom pattern, to identify matches without creating alerts, click **Save and dry run**.
|
|
1. When you have reviewed and tested your changes, click **Publish changes**.
|
|
{% data reusables.advanced-security.secret-scanning-enable-push-protection-custom-pattern %}
|
|
1. Optionally, to disable push protection for your custom pattern, click **Disable**.
|
|
|
|
|
|
|
|
## Removing a custom pattern
|
|
|
|
When you remove a custom pattern, {% data variables.product.github %} gives you the option to close the {% data variables.secret-scanning.alerts %} relating to the pattern, or keep these alerts.
|
|
|
|
{% data reusables.secret-scanning.view-custom-pattern %}
|
|
1. To the right of the custom pattern you want to remove, click {% octicon "trash" aria-label="Remove pattern" %}.
|
|
1. Review the confirmation, and select a method for dealing with any open alerts relating to the custom pattern.
|
|
1. Click **Yes, delete this pattern**.
|
|
|
|
## Enabling push protection for a custom pattern
|
|
|
|
You can enable {% data variables.product.prodname_secret_scanning %} as a push protection for custom patterns stored at the enterprise, organization, or repository level.
|
|
|
|
### Enabling push protection for a custom pattern stored in an enterprise
|
|
|
|
{% data reusables.secret-scanning.push-protection-enterprise-note %}
|
|
|
|
Before enabling push protection for a custom pattern at enterprise level, you must also test your custom patterns using dry runs. {% data reusables.secret-scanning.dry-runs-enterprise-permissions %}
|
|
|
|
{% data reusables.enterprise-accounts.access-enterprise %}
|
|
{% data reusables.enterprise-accounts.policies-tab %}
|
|
{% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
|
|
1. Under "{% data variables.product.UI_advanced_security_ent %}", click **Security features**.
|
|
{% data reusables.advanced-security.secret-scanning-edit-custom-pattern %}
|
|
|
|
>[!NOTE] At the enterprise level, you can only edit and enable push protection for custom patterns that you created.
|
|
|
|
1. To enable push protection for your custom pattern, scroll down to "Push Protection", and click **Enable**.
|
|
|
|
{% data reusables.secret-scanning.custom-pattern-push-protection-enable-button %}
|
|
|
|
|
|
|
|
### Enabling {% data variables.product.prodname_secret_scanning %} as a push protection in an organization for a custom pattern
|
|
|
|
Before enabling push protection for a custom pattern at organization level, you must ensure that you enable {% data variables.product.prodname_secret_scanning %} for the repositories that you want to scan in your organization. To enable {% data variables.product.prodname_secret_scanning %} on all repositories in your organization, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization).
|
|
|
|
{% data reusables.profile.access_org %}
|
|
{% data reusables.profile.org_settings %}
|
|
{% ifversion security-configurations %}
|
|
1. In the "Security" section of the sidebar, select the **{% data variables.product.UI_advanced_security %}** dropdown menu, then click **{% data variables.product.prodname_global_settings_caps %}**.
|
|
1. Under "Custom patterns", click {% octicon "pencil" aria-label="Edit custom pattern" %} for the pattern of interest.
|
|
{% else %}
|
|
{% data reusables.organizations.security-and-analysis %}
|
|
{% data reusables.repositories.navigate-to-ghas-settings %}
|
|
{% data reusables.advanced-security.secret-scanning-edit-custom-pattern %}
|
|
{% endif %}
|
|
1. To enable push protection for your custom pattern, scroll down to "Push Protection", and click **Enable**.
|
|
{% indented_data_reference reusables.secret-scanning.push-protection-org-notes spaces=3 %}
|
|
|
|
|
|
|
|
### Enabling {% data variables.product.prodname_secret_scanning %} as a push protection in a repository for a custom pattern
|
|
|
|
Before enabling push protection for a custom pattern at repository level, you must define the custom pattern for the repository, and test it in the repository. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository).
|
|
|
|
{% data reusables.repositories.navigate-to-repo %}
|
|
{% data reusables.repositories.sidebar-settings %}
|
|
{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghas-products %}
|
|
1. Under "{% data variables.product.prodname_secret_protection %}", under "Custom patterns", click {% octicon "pencil" aria-label="Edit custom pattern" %} for the pattern of interest.{% else %}
|
|
{% data reusables.repositories.navigate-to-ghas-settings %}
|
|
{% data reusables.advanced-security.secret-scanning-edit-custom-pattern %}{% endif %}
|
|
1. To enable push protection for your custom pattern, scroll down to "Push Protection", and click **Enable**.
|
|
|
|
{% data reusables.secret-scanning.custom-pattern-push-protection-enable-button %}
|
|
|
|
|