You can enable validity checks for individual repositories through repository settings. Validity checks verify whether detected secrets are still active, helping you prioritize remediation efforts. For information about what validity checks are and how they work, see About validity checks.
For a list of which secret patterns support validity checks, see Supported secret scanning patterns.
Before you can enable validity checks for your repository, your site administrator must enable the feature for the whole instance. See Configuring secret scanning for your appliance.
Enabling validity checks
To enable validity checks from the UI:
-
On GitHub, navigate to the main page of the repository.
-
Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.
-
In the "Security" section of the sidebar, click Advanced Security.
-
Under "Secret Protection", to the right of "Validity checks", click Enable.
-
Scroll to the bottom of the page and click Save changes.
Nota:
You can also use the REST API to enable validity checks for partner patterns for your repository. For more information, see REST API endpoints for repositories.
Alternatively, organization owners and enterprise administrators can enable the feature for all repositories in the organization or enterprise. For more information, see Creating a custom security configuration and Creating a custom security configuration for your enterprise.