リポジトリのシークレット スキャンの有効化

GitHub がリポジトリで漏洩したシークレットをスキャンし、アラートを生成する方法を構成できます。

この機能を使用できるユーザーについて

Secret scanning は、次のリポジトリの種類で使用できます。

  • GitHub.com 上のパブリックリポジトリ
  • GitHub Secret Protection が有効になっている GitHub Team 上の organization 所有リポジトリ

この記事の内容

About enabling secret scanning alerts for users

Secret scanning alerts for users can be enabled on any free public repository that you own.

Secret scanning alerts for users can be enabled for any repository that is owned by an organization.

If you're an organization owner, you can enable secret scanning for multiple repositories at a time using security configurations. For more information, see About enabling security features at scale.

Enabling secret scanning alerts for users

Secret scanning alerts for users are enabled when you enable Secret Protection for your repository.

  1. On GitHub, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the "Security" section of the sidebar, click Advanced Security.

  4. To the right of "Secret Protection", click Enable.

  5. Review the impact of enabling Secret Protection, then click Enable Secret Protection.

A repository administrator can choose to disable secret scanning for a repository at any time. For more information, see Managing security and analysis settings for your repository.

Next steps