Mantener los secretos seguros con el escaneo de secretos
Permite que GitHub haga el trabajo duro de asegurarse que los tokens, llaves privadas y otros secretos de código no estén expuestos en tu repositorio.
¿Quién puede utilizar esta característica?
Secret scanning alerts for partners runs automatically on public repositories and public npm packages to notify service providers about leaked secrets on GitHub.
Secret scanning alerts for users are available for public repositories for free. Organizations using GitHub Enterprise Cloud with a license for GitHub Advanced Security can also enable secret scanning alerts for users on their private and internal repositories. For more information, see "About secret scanning alerts" and "About GitHub Advanced Security."
For information about how you can try GitHub Enterprise with GitHub Advanced Security for free, see "Setting up a trial of GitHub Enterprise Cloud" and "Setting up a trial of GitHub Advanced Security" in the GitHub Enterprise Cloud documentation.
Introduction to secret scanning
Learn how secret scanning detects secrets in existing content and new commits, helping you to avoid exposing sensitive data that could be exploited.
Enabling secret scanning features
Learn how to enable secret scanning to detect secrets that are already visible in a repository, as well as push protection to proactively secure you against leaking additional secrets by blocking pushes containing secrets.
Managing alerts from secret scanning
Learn how to find, evaluate, and resolve alerts for secrets stored in your repository.
Working with secret scanning and push protection
Secret scanning scans for and detects secrets that have been checked into a repository. Push protection proactively secures you against leaking secrets by blocking pushes containing secrets.
Using advanced secret scanning and push protection features
Learn how you can customize secret scanning to meet the needs of your company.
Troubleshooting secret scanning and push protection
If you have problems with secret scanning or push protection, you can use these tips to help resolve issues.
Secret scanning partnership program
As a service provider, you can partner with GitHub to have your secret token formats secured through secret scanning, which searches for accidental commits of your secret format and can be sent to a service provider's verify endpoint.