Enabling generic secret detection
To use generic secret detection, an enterprise owner must first set a policy at the enterprise level that controls whether the feature can be enabled and disabled for repositories in an organization. This policy is set to "allowed" by default.
You can enable generic secret detection in the security settings page of your repository or organization.
Remarque
You do not need a subscription to GitHub Copilot to use Copilot secret scanning's generic secret detection. Copilot secret scanning features are available to repositories owned by organizations and enterprises with GitHub Secret Protection enabled.
Enabling generic secret detection for your repository
-
On GitHub, navigate to the main page of the repository.
-
Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.
-
In the "Security" section of the sidebar, click Advanced Security.
-
Under "Secret Protection", to the right of "Scan for generic passwords", click Enable.
Enabling generic secret detection for your organization
You must configure generic secret detection for your organization using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your organization.
- Create a new custom security configuration, or edit an existing one. See Creating a custom security configuration.
- When creating the custom security configuration, ensure that "Secret Protection" is set to Enabled, and that the dropdown menu for "Scan for generic secrets" is also set to Enabled.
- Apply the custom security configuration to one or more repositories. For more information, see Applying a custom security configuration.
For information on how to view alerts for generic secrets that have been detected using AI, see Viewing and filtering alerts from secret scanning.