Note: Your site administrator must enable secret scanning for your GitHub Enterprise Server instance before you can use this feature. For more information, see "Configuring secret scanning for your appliance."
Enabling secret scanning
You can enable secret scanning for any repository that is owned by an organization. Once enabled, secret scanning 将在 GitHub 仓库中存在的所有分支上扫描整个 Git 历史记录的任何密钥。
-
On your GitHub Enterprise Server instance, navigate to the main page of the repository.
-
在存储库名称下,单击 “设置”。
-
In the left sidebar, click Security & analysis.
-
If Advanced Security is not already enabled for the repository, to the right of "GitHub Advanced Security", click Enable.
-
Review the impact of enabling Advanced Security, then click Enable GitHub Advanced Security for this repository.
-
When you enable Advanced Security, secret scanning may automatically be enabled for the repository due to the organization's settings. If "Secret scanning" is shown with an Enable button, you still need to enable secret scanning by clicking Enable. If you see a Disable button, secret scanning is already enabled.
Excluding directories from secret scanning
You can use a secret_scanning.yml file to exclude directories from secret scanning. For example, you can exclude directories that contain tests or randomly generated content.
-
On your GitHub Enterprise Server instance, navigate to the main page of the repository.
-
在文件列表上方,使用“添� 文件”下拉列表,在其中单击“创建新文件” 。 “
-
In the file name field, type .github/secret_scanning.yml.
-
Under Edit new file, type
paths-ignore:
followed by the paths you want to exclude from secret scanning.paths-ignore: - "foo/bar/*.js"
You can use special characters, such as
*
to filter paths. For more information about filter patterns, see "Workflow syntax for GitHub Actions."Notes:
- If there are more than 1,000 entries in
paths-ignore
, secret scanning will only exclude the first 1,000 directories from scans. - If secret_scanning.yml is larger than 1 MB, secret scanning will ignore the entire file.
- If there are more than 1,000 entries in
You can also ignore individual alerts from secret scanning. For more information, see "Managing alerts from secret scanning."