Note
Extended metadata checks for tokens is in public preview and subject to change.
About extended metadata checks
Extended metadata checks, often referred to as analyzers in other tools, are a secret scanning feature that you can enable for supported tokens.
When you enable extended metadata checks for tokens, secret scanning provides you with additional information about detected secrets, such as ownership and contact details. This information helps you:
- Gain deeper insight into detected secrets: Know who owns a secret.
- Improve incident response: Quickly identify responsible teams or individuals when a secret is leaked.
- Enhance compliance: Ensure secrets align with your organization’s governance and security policies.
This information appears on GitHub, in the page for the related secret scanning alert, helping you prioritize and remediate exposures more efficiently.
Metadata availability varies depending on the secret type. For more information, see Evaluating alerts from secret scanning.
Enabling extended metadata checks
Before enabling metadata checks, you need to ensure that validity checks are enabled for the repository. See Enabling validity checks for your repository.
-
On GitHub, navigate to the main page of the repository.
-
Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.
-
In the "Security" section of the sidebar, click Advanced Security.
-
Under "Secret Protection", to the right of "Validity checks", click Enable.
-
Under "Secret Protection", to the right of "Extended metadata", click Enable.
