Skip to main content

리포지토리에 대한 비밀 검색 사용

GitHub이(가) 리포지토리에서 유출된 비밀을 검색하고 경고를 생성하는 방법을 구성할 수 있습니다.

누가 이 기능을 사용할 수 있나요?

Secret scanning은(는) 다음 리포지토리에 사용할 수 있습니다.

  • 퍼블릭 리포지토리(무료)
  • GitHub Advanced Security 지원 GitHub Enterprise Cloud을(를) 사용하는 조직의 개인 및 내부 리포지토리
  • Enterprise Managed Users가 있는 GitHub Enterprise Cloud에 대한 사용자 소유 리포지토리

About enabling secret scanning alerts for users

Secret scanning alerts for users can be enabled for any repository that is owned by an organization, and for repositories owned by user accounts when using GitHub Enterprise Cloud with Enterprise Managed Users.

If you're an organization owner, you can enable secret scanning for multiple repositories at a time using security configurations. For more information, see "About enabling security features at scale."

If your organization is owned by an enterprise account, an enterprise owner can also enable secret scanning at the enterprise level. For more information, see "Managing GitHub Advanced Security features for your enterprise."

Enabling secret scanning alerts for users

  1. On GitHub, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the "Security" section of the sidebar, click Code security and analysis.

  4. If Advanced Security is not already enabled for the repository, to the right of "GitHub Advanced Security", click Enable.

  5. Review the impact of enabling Advanced Security, then click Enable GitHub Advanced Security for this repository.

  6. When you enable Advanced Security, secret scanning may automatically be enabled for the repository due to the organization's settings. If "Secret scanning" is shown with an Enable button, you still need to enable secret scanning by clicking Enable. If you see a Disable button, secret scanning is already enabled.

    Screenshot of the "Secret scanning" section of the "Code security and analysis" page, with the "Enable" button highlighted in a dark orange outline.

A repository administrator can choose to disable secret scanning for a repository at any time. For more information, see "Managing security and analysis settings for your repository."

Next steps