Prerequisites
Before you configure GitHub Secret Protection, you should run the free secret risk assessment to inform your enablement strategy. See Running the secret risk assessment for your organization.
Configuring GitHub Secret Protection
-
On GitHub, navigate to the main page of the organization.
-
Under your organization name, click Security.
-
In the sidebar, under "Security", click Assessments.
-
In the banner display, select the Get started dropdown menu, then click one of following enablement options:
- For public repositories for free: Click to enable for only public repositories in your organization.
- For all repositories: Click to see an estimated cost for GitHub Secret Protection for all repositories in your organization.
- If you are satisfied with the pricing estimate, to enable secret scanning alerts and push protection across your organization, click Enable Secret Protection.
- Alternatively, click Configure in settings to customize which repositories you want to enable Secret Protection for. See Applying the GitHub-recommended security configuration in your organization and Creating a custom security configuration.
