REST API endpoints for secret scanning push protection
Use the REST API to manage secret scanning push protection.
List enterprise pattern configurations
Lists the secret scanning pattern configurations for an enterprise.
Personal access tokens (classic) need the admin:enterprise scope to use this endpoint.
Fine-grained access tokens for "List enterprise pattern configurations"
This endpoint does not work with GitHub App user access tokens, GitHub App installation access tokens, or fine-grained personal access tokens.
Parameters for "List enterprise pattern configurations"
| Name, Type, Description |
|---|
accept string Setting to |
| Name, Type, Description |
|---|
enterprise string RequiredThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
HTTP response status codes for "List enterprise pattern configurations"
| Status code | Description |
|---|---|
200 | OK |
403 | Forbidden |
404 | Resource not found |
Code samples for "List enterprise pattern configurations"
If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.
Request example
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/secret-scanning/pattern-configurationsResponse
Status: 200{
"pattern_config_version": "0ujsswThIGTUYm2K8FjOOfXtY1K",
"provider_pattern_overrides": [
{
"token_type": "GITHUB_PERSONAL_ACCESS_TOKEN",
"slug": "github_personal_access_token_legacy_v2",
"display_name": "GitHub Personal Access Token (Legacy v2)",
"alert_total": 15,
"alert_total_percentage": 36,
"false_positives": 2,
"false_positive_rate": 13,
"bypass_rate": 13,
"default_setting": "enabled",
"setting": "enabled",
"enterprise_setting": "enabled"
}
],
"custom_pattern_overrides": [
{
"token_type": "cp_2",
"custom_pattern_version": "0ujsswThIGTUYm2K8FjOOfXtY1K",
"slug": "custom-api-key",
"display_name": "Custom API Key",
"alert_total": 15,
"alert_total_percentage": 36,
"false_positives": 3,
"false_positive_rate": 20,
"bypass_rate": 20,
"default_setting": "disabled",
"setting": "enabled"
}
]
}Update enterprise pattern configurations
Updates the secret scanning pattern configurations for an enterprise.
Personal access tokens (classic) need the admin:enterprise scope to use this endpoint.
Fine-grained access tokens for "Update enterprise pattern configurations"
This endpoint does not work with GitHub App user access tokens, GitHub App installation access tokens, or fine-grained personal access tokens.
Parameters for "Update enterprise pattern configurations"
| Name, Type, Description |
|---|
accept string Setting to |
| Name, Type, Description |
|---|
enterprise string RequiredThe slug version of the enterprise name. You can also substitute this value with the enterprise id. |
| Name, Type, Description | ||||
|---|---|---|---|---|
pattern_config_version string or null The version of the entity. This is used to confirm you're updating the current version of the entity and mitigate unintentionally overriding someone else's update. | ||||
provider_pattern_settings array of objects Pattern settings for provider patterns. | ||||
Properties of |
| Name, Type, Description |
|---|
token_type string The ID of the pattern to configure. |
push_protection_setting string Push protection setting to set for the pattern. Can be one of: |
custom_pattern_settings array of objects Pattern settings for custom patterns.
Properties of custom_pattern_settings
| Name, Type, Description |
|---|
token_type string The ID of the pattern to configure. |
custom_pattern_version string or null The version of the entity. This is used to confirm you're updating the current version of the entity and mitigate unintentionally overriding someone else's update. |
push_protection_setting string Push protection setting to set for the pattern. Can be one of: |
HTTP response status codes for "Update enterprise pattern configurations"
| Status code | Description |
|---|---|
200 | OK |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
409 | Conflict |
422 | Validation failed, or the endpoint has been spammed. |
Code samples for "Update enterprise pattern configurations"
If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.
Request example
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/enterprises/ENTERPRISE/secret-scanning/pattern-configurations \
-d '{"pattern_config_version":"0ujsswThIGTUYm2K8FjOOfXtY1K","provider_pattern_settings":[{"token_type":"GITHUB_PERSONAL_ACCESS_TOKEN","push_protection_setting":"enabled"}],"custom_pattern_settings":[{"token_type":"cp_2","custom_pattern_version":"0ujsswThIGTUYm2K8FjOOfXtY1K","push_protection_setting":"enabled"}]}'Response
Status: 200{
"pattern_config_version": "0ujsswThIGTUYm2K8FjOOfXtY1K"
}List organization pattern configurations
Lists the secret scanning pattern configurations for an organization.
Personal access tokens (classic) need the write:org scope to use this endpoint.
Fine-grained access tokens for "List organization pattern configurations"
This endpoint works with the following fine-grained token types:
- GitHub App user access tokens
- GitHub App installation access tokens
- Fine-grained personal access tokens
The fine-grained token must have the following permission set:
- "Administration" organization permissions (write)
Parameters for "List organization pattern configurations"
| Name, Type, Description |
|---|
accept string Setting to |
| Name, Type, Description |
|---|
org string RequiredThe organization name. The name is not case sensitive. |
HTTP response status codes for "List organization pattern configurations"
| Status code | Description |
|---|---|
200 | OK |
403 | Forbidden |
404 | Resource not found |
Code samples for "List organization pattern configurations"
If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.
Request example
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/secret-scanning/pattern-configurationsResponse
Status: 200{
"pattern_config_version": "0ujsswThIGTUYm2K8FjOOfXtY1K",
"provider_pattern_overrides": [
{
"token_type": "GITHUB_PERSONAL_ACCESS_TOKEN",
"slug": "github_personal_access_token_legacy_v2",
"display_name": "GitHub Personal Access Token (Legacy v2)",
"alert_total": 15,
"alert_total_percentage": 36,
"false_positives": 2,
"false_positive_rate": 13,
"bypass_rate": 13,
"default_setting": "enabled",
"setting": "enabled",
"enterprise_setting": "enabled"
}
],
"custom_pattern_overrides": [
{
"token_type": "cp_2",
"custom_pattern_version": "0ujsswThIGTUYm2K8FjOOfXtY1K",
"slug": "custom-api-key",
"display_name": "Custom API Key",
"alert_total": 15,
"alert_total_percentage": 36,
"false_positives": 3,
"false_positive_rate": 20,
"bypass_rate": 20,
"default_setting": "disabled",
"setting": "enabled"
}
]
}Update organization pattern configurations
Updates the secret scanning pattern configurations for an organization.
Personal access tokens (classic) need the write:org scope to use this endpoint.
Fine-grained access tokens for "Update organization pattern configurations"
This endpoint works with the following fine-grained token types:
- GitHub App user access tokens
- GitHub App installation access tokens
- Fine-grained personal access tokens
The fine-grained token must have the following permission set:
- "Administration" organization permissions (write)
Parameters for "Update organization pattern configurations"
| Name, Type, Description |
|---|
accept string Setting to |
| Name, Type, Description |
|---|
org string RequiredThe organization name. The name is not case sensitive. |
| Name, Type, Description | ||||
|---|---|---|---|---|
pattern_config_version string or null The version of the entity. This is used to confirm you're updating the current version of the entity and mitigate unintentionally overriding someone else's update. | ||||
provider_pattern_settings array of objects Pattern settings for provider patterns. | ||||
Properties of |
| Name, Type, Description |
|---|
token_type string The ID of the pattern to configure. |
push_protection_setting string Push protection setting to set for the pattern. Can be one of: |
custom_pattern_settings array of objects Pattern settings for custom patterns.
Properties of custom_pattern_settings
| Name, Type, Description |
|---|
token_type string The ID of the pattern to configure. |
custom_pattern_version string or null The version of the entity. This is used to confirm you're updating the current version of the entity and mitigate unintentionally overriding someone else's update. |
push_protection_setting string Push protection setting to set for the pattern. Can be one of: |
HTTP response status codes for "Update organization pattern configurations"
| Status code | Description |
|---|---|
200 | OK |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
409 | Conflict |
422 | Validation failed, or the endpoint has been spammed. |
Code samples for "Update organization pattern configurations"
If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.
Request example
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/ORG/secret-scanning/pattern-configurations \
-d '{"pattern_config_version":"0ujsswThIGTUYm2K8FjOOfXtY1K","provider_pattern_settings":[{"token_type":"GITHUB_PERSONAL_ACCESS_TOKEN","push_protection_setting":"enabled"}],"custom_pattern_settings":[{"token_type":"cp_2","custom_pattern_version":"0ujsswThIGTUYm2K8FjOOfXtY1K","push_protection_setting":"enabled"}]}'Response
Status: 200{
"pattern_config_version": "0ujsswThIGTUYm2K8FjOOfXtY1K"
}