jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-23 21:07:12 -05:00
Code Issues Projects Releases Wiki Activity
Files
014c39f461eb9471bb3613ea219f633acce24f7c
docs/content/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories.md
Jenni Christensen 014c39f461 Updated reusable icon, filename, and links
2022-04-01 10:01:04 -07:00

5.8 KiB
Raw Blame History

title, intro, product, permissions, redirect_from, versions, type, topics, shortTitle
title intro product permissions redirect_from versions type topics shortTitle
Configuring secret scanning for your repositories You can configure how {% data variables.product.prodname_dotcom %} scans your repositories for secrets that match advanced security patterns. {% data reusables.gated-features.secret-scanning %} People with admin permissions to a repository can enable {% data variables.product.prodname_secret_scanning_GHAS %} for the repository.
/github/administering-a-repository/configuring-secret-scanning-for-private-repositories
/github/administering-a-repository/configuring-secret-scanning-for-your-repositories
/code-security/secret-security/configuring-secret-scanning-for-your-repositories
ghes ghae ghec
* * *
how_to
Secret scanning
Advanced Security
Repositories
Configure secret scans

{% data reusables.secret-scanning.beta %} {% data reusables.secret-scanning.enterprise-enable-secret-scanning %}

Enabling {% data variables.product.prodname_secret_scanning_GHAS %}

You can enable {% data variables.product.prodname_secret_scanning_GHAS %} for any repository that is owned by an organization. Once enabled, {% data reusables.secret-scanning.secret-scanning-process %}

{% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %} 4. If {% data variables.product.prodname_advanced_security %} is not already enabled for the repository, to the right of "{% data variables.product.prodname_GH_advanced_security %}", click Enable. {% ifversion fpt or ghec %}Enable {% data variables.product.prodname_GH_advanced_security %} for your repository {% elsif ghes or ghae %}Enable {% data variables.product.prodname_GH_advanced_security %} for your repository{% endif %} 5. Review the impact of enabling {% data variables.product.prodname_advanced_security %}, then click Enable {% data variables.product.prodname_GH_advanced_security %} for this repository. 6. When you enable {% data variables.product.prodname_advanced_security %}, {% data variables.product.prodname_secret_scanning %} may automatically be enabled for the repository due to the organization's settings. If "{% data variables.product.prodname_secret_scanning_caps %}" is shown with an Enable button, you still need to enable {% data variables.product.prodname_secret_scanning %} by clicking Enable. If you see a Disable button, {% data variables.product.prodname_secret_scanning %} is already enabled. Enable {% data variables.product.prodname_secret_scanning %} for your repository

{% ifversion ghae %}

  1. Before you can enable {% data variables.product.prodname_secret_scanning %}, you need to enable {% data variables.product.prodname_GH_advanced_security %} first. To the right of "{% data variables.product.prodname_GH_advanced_security %}", click Enable. Enable {% data variables.product.prodname_GH_advanced_security %} for your repository
  2. Click Enable {% data variables.product.prodname_GH_advanced_security %} for this repository to confirm the action. Confirm enabling {% data variables.product.prodname_GH_advanced_security %} for your repository
  3. To the right of "{% data variables.product.prodname_secret_scanning_caps %}", click Enable. Enable {% data variables.product.prodname_secret_scanning %} for your repository {% endif %}

Excluding directories from {% data variables.product.prodname_secret_scanning_GHAS %}

You can use a secret_scanning.yml file to exclude directories from {% data variables.product.prodname_secret_scanning %}. For example, you can exclude directories that contain tests or randomly generated content.

{% data reusables.repositories.navigate-to-repo %} {% data reusables.files.add-file %} 3. In the file name field, type .github/secret_scanning.yml. 4. Under Edit new file, type paths-ignore: followed by the paths you want to exclude from {% data variables.product.prodname_secret_scanning %}. yaml paths-ignore: - "foo/bar/*.js"

You can use special characters, such as `*` to filter paths. For more information about filter patterns, see "[Workflow syntax for GitHub Actions](/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet)."

{% note %}

**Notes:**
- If there are more than 1,000 entries in `paths-ignore`, {% data variables.product.prodname_secret_scanning %} will only exclude the first 1,000 directories from scans.
- If *secret_scanning.yml* is larger than 1 MB, {% data variables.product.prodname_secret_scanning %} will ignore the entire file.

{% endnote %}

You can also ignore individual alerts from {% data variables.product.prodname_secret_scanning %}. For more information, see "Managing alerts from {% data variables.product.prodname_secret_scanning %}."

Further reading

Reference in New Issue View Git Blame Copy Permalink