Enabling validity checks for your repository

Enabling validity checks on your repository helps you prioritize the remediation of alerts as it tells you if a secret is active or inactive.

Who can use this feature?

Validity checks for partner patterns are available for the following repository types:

Validity checks for partner patterns are not available for GitHub Enterprise Cloud with data residency on GHE.com.

In this article

You can enable validity checks for individual repositories through repository settings. Validity checks verify whether detected secrets are still active, helping you prioritize remediation efforts. For information about what validity checks are and how they work, see About validity checks.

Enabling validity checks

  1. On GitHub, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the "Security" section of the sidebar, click Advanced Security.

  4. Under "Secret Protection", to the right of "Validity checks", click Enable.

  5. Scroll to the bottom of the page and click Save changes.

Note

You can also use the REST API to enable validity checks for partner patterns for your repository. For more information, see REST API endpoints for repositories.

Alternatively, organization owners and enterprise administrators can enable the feature for all repositories in the organization or enterprise. For more information on enabling at the organization-level, see Creating a custom security configuration. For more information on enabling at the enterprise-level, see Creating a custom security configuration for your enterprise.

Further reading