About secret security with GitHub

Learn how GitHub's security tools can help you identify, remediate, and prevent secret leaks.

谁可以使用此功能?

Organizations on GitHub Team or GitHub Enterprise

GitHub Secret Protection 是 GitHub Advanced Security 中的一组功能,可供以下用户使用:

  • GitHub Team 计划用户
  • GitHub Enterprise Cloud 和 GitHub Enterprise Server 上的企业组织

本文内容

GitHub provides tools to help you understand and address your organization's exposure to leaked secrets:

  • Secret risk assessment: A free, on-demand scan that reveals your organization's current exposure to leaked secrets.
  • GitHub Secret Protection: A comprehensive suite of features that detects existing secrets and prevents new leaks across your repositories.

Secret risk assessment

The secret risk assessment provides organization owners and security managers with a free point-in-time scan of their organization's repositories to identify leaked secrets like API keys, tokens, and passwords.

了解如何运行免费的机密风险评估

What the assessment shows

The assessment report includes:

  • Total secrets detected: The aggregate count of exposed secrets in your organization.
  • Public leaks: Secrets found in public repositories that are accessible to anyone.
  • Preventable leaks: Secrets that could have been blocked with push protection enabled.
  • Secret categories: The distribution of secret types (such as AWS keys, GitHub tokens, or generic passwords).

Why assess your risk

Regular assessment helps prevent:

  • Unauthorized access to your systems and data
  • Service disruptions from compromised credentials
  • Regulatory compliance issues
  • Financial loss from resource misuse
  • Reputational damage from security incidents

GitHub Secret Protection

GitHub Secret Protection is a GitHub Advanced Security product containing a suite of features designed to prevent, detect, and assist in remediating secret leaks in your organization.

While the secret risk assessment provides a point-in-time view of your organization's current secret exposure, GitHub Secret Protection:

  • Implements continuous monitoring and expands scanned surfaces beyond code to include pull requests, issues, wikis, and discussions
  • Prevents secret leaks by blocking commits containing secrets before they are saved to GitHub
  • Creates actionable alerts that can be grouped into campaigns and assigned to team members for remediation
  • Meets your specific needs by scanning for patterns unique to your organization and unstructured secrets like passwords
  • Supports governance at scale with settings dictating who can bypass protections and dismiss alerts
  • Surfaces key analytics through a view dedicated to your organization's secret security

Through these features, GitHub Secret Protection provides complete coverage for your organization, reducing the risk of costly secret leaks and high-effort remediation processes.

For more information about the specific features of GitHub Secret Protection, see GitHub 安全功能.

Next steps

Now that you know how GitHub can help keep your secrets safe, you should assess your organization's current exposure to leaked secrets. See 为您的组织运行保密风险评估.