You can enable validity checks for individual repositories through repository settings. Validity checks verify whether detected secrets are still active, helping you prioritize remediation efforts. For information about what validity checks are and how they work, see About validity checks.
Enabling validity checks
-
On GitHub, navigate to the main page of the repository.
-
Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.
-
In the "Security" section of the sidebar, click Advanced Security.
-
Under "Secret Protection", to the right of "Validity checks", click Enable.
-
Scroll to the bottom of the page and click Save changes.
Nota:
You can also use the REST API to enable validity checks for partner patterns for your repository. For more information, see REST API endpoints for repositories.
Alternatively, organization owners and enterprise administrators can enable the feature for all repositories in the organization or enterprise. For more information on enabling at the organization-level, see Creating a custom security configuration. For more information on enabling at the enterprise-level, see Creating a custom security configuration for your enterprise.