Public repositories: Secret scanning runs automatically for free. Organization-owned private and internal repositories: Available with GitHub Secret Protection enabled on GitHub Team or GitHub Enterprise Cloud.

Public repositories: Secret scanning runs automatically for free. Organization-owned private and internal repositories: Available with GitHub Secret Protection enabled on GitHub Team or GitHub Enterprise Cloud.

Regardless of the enablement status of Advanced Security features, organizations on GitHub Team and GitHub Enterprise can run a free report to scan the code in the organization for leaked secrets.

Learn how to enable secret scanning to detect secrets that are already visible in a repository, as well as push protection to proactively secure you against leaking additional secrets by blocking pushes containing secrets.

You can enable generic secret detection for your repository or organization. Alerts for generic secrets, such as passwords, are displayed in a separate list on the secret scanning alerts page.

For more information, see "Defining custom patterns for secret scanning." GitHub stores detected secrets using symmetric encryption, both in transit and at rest. To rotate the encryption keys used for storing the detected secrets, you can contact us by visiting GitHub Enterprise Support. When you enable secret scanning for a repository or push commits to a repository with secret scanning enabled, GitHub scans the contents for secrets that match patterns defined by service providers and any custom patterns defined in your enterprise, organization, or repository.

You can enable, configure, and disable secret scanning for GitHub Enterprise Server. Secret scanning allows users to scan code for accidentally committed secrets.

When you enable Advanced Security, secret scanning may automatically be enabled for the repository due to the organization's settings. If "Secret scanning" is shown with an Enable button, you still need to enable secret scanning by clicking Enable.

Learn how to enable secret scanning to detect secrets that are already visible in a repository, as well as push protection to proactively secure you against leaking additional secrets by blocking pushes containing secrets. Secret scanning is available for the following repository types: ... Organization-owned repositories on GitHub Team or GitHub Enterprise Cloud with GitHub Secret Protection enabled

If you cannot see the "Settings" tab, select the dropdown menu, then click Settings. In the "Security" section of the sidebar, click Advanced Security. Under "Secret Protection", to the right of "Non-provider patterns", click Enable.

If you have an older repository, you can turn on secret scanning by clicking on the "Enable" button in the secret scanning section of the page. When it comes to enterprise and organization permissions there are settings to automatically turn ...

Learn how to enable secret scanning to detect secrets that are already visible in a repository, as well as push protection to proactively secure you against leaking additional secrets by blocking pushes containing secrets.

For more information, see "Enforcing policies for code security and analysis for your enterprise." You can enable secret scanning for any repository that is owned by an organization. Once enabled, secret scanning scans for any secrets in your entire Git history on all branches present in your GitHub repository.

Learn how to enable secret scanning to detect secrets that are already visible in a repository, as well as push protection to proactively secure you against leaking additional secrets by blocking pushes containing secrets.

When creating the custom security configuration, ensure that "Secret Protection" is set to Enabled, and that the dropdown menu for "Scan for generic secrets" is also set to Enabled.

Learn how to enable secret scanning to detect secrets that are already visible in a repository, as well as push protection to proactively secure you against leaking additional secrets by blocking pushes containing secrets.

To run the feature on your private or internal repositories, you must purchase the relevant GitHub Advanced Security product. You must be on a GitHub Team or GitHub Enterprise plan ...

February 25, 2026 - To defend against this threat, GitHub Advanced Security for Azure DevOps scans for credentials and other sensitive content in your source code. Push protection also prevents any credentials from being leaked in the first place. You need either GitHub Advanced Security for Azure DevOps or, if you're using the standalone experience, GitHub Secret Protection for Azure DevOps enabled.

Secret scanning is available for ... more information, see "GitHub's products." Note: Your site administrator must enable secret scanning for your GitHub Enterprise Server ......

You can define your own custom patterns to extend the capabilities of secret scanning by generating one or more regular expressions. Repository owners, organization owners, security managers, enterprise administrators, and users with the admin role