jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-23 03:44:00 -05:00
Code Issues Projects Releases Wiki Activity
Files
f439fcb901b87cfb714d71279e5387f1e142cd7d
docs/content/code-security/secret-security/configuring-secret-scanning-for-your-repositories.md
Rachael Sewell 46fda7b959 [DO NOT MERGE] GitHub Enterprise Server 3.1 release candidate megabranch (#18399) 
* 3.1 megabranch

* these should be in a topic branch to avoid unnecessary ci failures

* add copies of 3.0 schema files

* update link veresion from 3.0 -> 3.1

* update correct version 🤦‍♀️

* update with 3.1 version links

* first stab of this work

* fix product variable and links to section that has been moved

* simplify Liquid conditions

* elsif

* Update content/github/managing-subscriptions-and-notifications-on-github/viewing-your-subscriptions.md

Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>

* [GHES 3.1] Code scanning: SARIF limit increased to 5000 (#18539)

* revert api previews

* delete 3.1 preview

* Revert "delete 3.1 preview"

This reverts commit 0a7df3e17a1e182e5b01b0fdafacb6bb19100f70.

* regenerate decorated file

* make security policy docs available in GHES 3.1 and GHAE docs

* adapt for GHES/GHAE and remove the word

* revert a whole bunch of stuff

* more reverting and further updating

* update links to Adding a security policy to your repo article

* fix broken links and remove responsibly

* simplify Liquid versioning

* Update content/code-security/getting-started/adding-a-security-policy-to-your-repository.md

Co-authored-by: Felicity Chapman <felicitymay@github.com>

* address comment

* Remove overcomplicated versioning (#18934)

* Update information on licensing and billing for GHES 3.1 (#18835)

* regenerate graphql files with new prerendered input object

* add release notes placeholder file

* add scaffolding

* use real date

* ✂️  3.1 schema added accidentally

* update enterprise release dates

* add base files

* Correct versioning for branch renaming and master to main transition in GHES docs (#19050)

* update versioning

* apply Alistair's suggestion

* add new cached index names

* Update docs for code scanning in external CI to cover CodeQL CLI usage (#19030)

* 3893 add missing flag for GHES and GHAE (next) users (#19129)

* [GHES 3.1] Release candidate 1 release notes  (#18419)

* fleshing out the 33.1 RC1 release notes

* update with moreee

* really flesh it all out

* format a bit

* fix linter errors

* fix errors again

* add quotes around heading with Liquid

* placeholder to get error fixed

* add quotes

* just remove thoose things

* typo

* Update 0-rc1.yml

* update with feedback

* add workflow beta

* upload increase

* some last changes

* change the date

* fix links

Co-authored-by: Sarah Schneider <sarahs@github.com>
Co-authored-by: Rachael Sewell <rachmari@github.com>

* Conflict resolution between 19082 and 3.1 Megabranch (#19158)

* Fix typo in new reusable

* delete 3.1 rest schema files

* Update OpenAPI Descriptions (#19166)

* last minute additions yikes

* redeploy staging

Co-authored-by: Melanie Yarbrough <11952755+myarb@users.noreply.github.com>
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
Co-authored-by: mchammer01 <42146119+mchammer01@users.noreply.github.com>
Co-authored-by: skedwards88 <skedwards88@github.com>
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
Co-authored-by: Felicity Chapman <felicitymay@github.com>
Co-authored-by: Meg Bird <megbird@github.com>
Co-authored-by: Sarah Schneider <sarahs@github.com>
Co-authored-by: github-openapi-bot <69533958+github-openapi-bot@users.noreply.github.com>
2021-05-06 09:41:42 -07:00

85 lines
6.4 KiB
Markdown
Raw Blame History

---
title: Configuring secret scanning for your repositories
intro: 'You can configure how {% data variables.product.prodname_dotcom %} scans your repositories for secrets.'
permissions: 'People with admin permissions to a repository can enable {% data variables.product.prodname_secret_scanning %} for the repository.'
redirect_from:
- /github/administering-a-repository/configuring-secret-scanning-for-private-repositories
- /github/administering-a-repository/configuring-secret-scanning-for-your-repositories
product: '{% data reusables.gated-features.secret-scanning %}'
versions:
free-pro-team: '*'
enterprise-server: '>=3.0'
github-ae: '*'
topics:
- Repositories
---
{% data reusables.secret-scanning.beta %}
{% data reusables.secret-scanning.enterprise-enable-secret-scanning %}
{% if currentVersion == "free-pro-team@latest" %}
{% note %}
**Note:** {% data variables.product.prodname_secret_scanning_caps %} is enabled by default on public repositories and cannot be turned off. You can configure {% data variables.product.prodname_secret_scanning %} for your private repositories only.
{% endnote %}
{% endif %}
### Enabling {% data variables.product.prodname_secret_scanning %} for {% if currentVersion == "free-pro-team@latest" %}private {% endif %}repositories
{% if currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@next" %}
You can enable {% data variables.product.prodname_secret_scanning %} for any repository that is owned by an organization.
{% endif %}
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.repositories.navigate-to-security-and-analysis %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" or currentVersion == "github-ae@next"%}
4. If {% data variables.product.prodname_advanced_security %} is not already enabled for the repository, to the right of "{% data variables.product.prodname_GH_advanced_security %}", click **Enable**.
{% if currentVersion == "free-pro-team@latest" %}![Enable {% data variables.product.prodname_GH_advanced_security %} for your repository](/assets/images/help/repository/enable-ghas-dotcom.png)
{% elsif currentVersion ver_gt "enterprise-server@3.0" or currentVersion == "github-ae@next" %}![Enable {% data variables.product.prodname_GH_advanced_security %} for your repository](/assets/images/enterprise/3.1/help/repository/enable-ghas.png){% endif %}
5. Review the impact of enabling {% data variables.product.prodname_advanced_security %}, then click **Enable {% data variables.product.prodname_GH_advanced_security %} for this repository**.
6. When you enable {% data variables.product.prodname_advanced_security %}, {% data variables.product.prodname_secret_scanning %} may automatically be enabled for the repository due to the organization's settings. If "{% data variables.product.prodname_secret_scanning_caps %}" is shown with an **Enable** button, you still need to enable {% data variables.product.prodname_secret_scanning %} by clicking **Enable**. If you see a **Disable** button, {% data variables.product.prodname_secret_scanning %} is already enabled.
![Enable {% data variables.product.prodname_secret_scanning %} for your repository](/assets/images/help/repository/enable-secret-scanning-dotcom.png)
{% elsif currentVersion == "enterprise-server@3.0" %}
7. To the right of "{% data variables.product.prodname_secret_scanning_caps %}", click **Enable**.
![Enable {% data variables.product.prodname_secret_scanning %} for your repository](/assets/images/help/repository/enable-secret-scanning-ghe.png)
{% endif %}
{% if currentVersion == "github-ae@latest" %}
1. Before you can enable {% data variables.product.prodname_secret_scanning %}, you need to enable {% data variables.product.prodname_GH_advanced_security %} first. To the right of "{% data variables.product.prodname_GH_advanced_security %}", click **Enable**.
![Enable {% data variables.product.prodname_GH_advanced_security %} for your repository](/assets/images/enterprise/github-ae/repository/enable-ghas-ghae.png)
2. Click **Enable {% data variables.product.prodname_GH_advanced_security %} for this repository** to confirm the action.
![Confirm enabling {% data variables.product.prodname_GH_advanced_security %} for your repository](/assets/images/enterprise/github-ae/repository/enable-ghas-confirmation-ghae.png)
3. To the right of "{% data variables.product.prodname_secret_scanning_caps %}", click **Enable**.
![Enable {% data variables.product.prodname_secret_scanning %} for your repository](/assets/images/enterprise/github-ae/repository/enable-secret-scanning-ghae.png)
{% endif %}
### Excluding alerts from {% data variables.product.prodname_secret_scanning %} in {% if currentVersion == "free-pro-team@latest" %}private {% endif %}repositories
You can use a *secret_scanning.yml* file to exclude directories from {% data variables.product.prodname_secret_scanning %}. For example, you can exclude directories that contain tests or randomly generated content.
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.files.add-file %}
3. In the file name field, type *.github/secret_scanning.yml*.
4. Under **Edit new file**, type `paths-ignore:` followed by the paths you want to exclude from {% data variables.product.prodname_secret_scanning %}.
``` yaml
paths-ignore:
- "foo/bar/*.js"
```
You can use special characters, such as `*` to filter paths. For more information about filter patterns, see "[Workflow syntax for GitHub Actions](/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet)."
{% note %}
**Notes:**
- If there are more than 1,000 entries in `paths-ignore`, {% data variables.product.prodname_secret_scanning %} will only exclude the first 1,000 directories from scans.
- If *secret_scanning.yml* is larger than 1 MB, {% data variables.product.prodname_secret_scanning %} will ignore the entire file.
{% endnote %}
You can also ignore individual alerts from {% data variables.product.prodname_secret_scanning %}. For more information, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/github/administering-a-repository/managing-alerts-from-secret-scanning#managing-secret-scanning-alerts)."
### Further reading
- "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)"
Reference in New Issue View Git Blame Copy Permalink