此版本的 GitHub Enterprise Server 已于以下日期停止服务 2026-03-17. 即使针对重大安全问题,也不会发布补丁。 为了获得更好的性能、更高的安全性和新功能,请升级到最新版本的 GitHub Enterprise。 如需升级帮助,请联系 GitHub Enterprise 支持

为设备配置密码扫描

可为 GitHub Enterprise Server 启用、配置和禁用 secret scanning。 Secret scanning 允许用户扫描代码以寻找意外泄露的密码。

在本文中

About secret scanning

If someone checks a secret with a known pattern into a repository, secret scanning catches the secret as it's checked in, and helps you mitigate the impact of the leak. Repository administrators are notified about any commit that contains a secret, and they can quickly view all detected secrets in the Security tab for the repository. See About secret scanning.

Availability

When the enterprise has GitHub Advanced Security enabled, Secret scanning is available for organization-owned and user-owned repositories.

Checking whether your license includes Advanced Security

You can identify if your enterprise has a license for Advanced Security by reviewing your enterprise settings. For more information, see Enabling GitHub Advanced Security for your enterprise.

Prerequisites for secret scanning

Checking support for the SSSE3 flag on your vCPUs

The SSSE3 set of instructions is required because secret scanning leverages hardware accelerated pattern matching to find potential credentials committed to your GitHub repositories. SSSE3 is enabled for most modern CPUs. You can check whether SSSE3 is enabled for the vCPUs available to your GitHub Enterprise Server instance.

  1. Connect to the administrative shell for your GitHub Enterprise Server instance. See Accessing the administrative shell (SSH).

  2. Enter the following command:

    grep -iE '^flags.*ssse3' /proc/cpuinfo >/dev/null; echo $?

    If this returns the value 0, it means that the SSSE3 flag is available and enabled. You can now enable secret scanning. See Enabling secret scanning below.

    If this doesn't return 0, SSSE3 is not enabled on your VM/KVM. You need to refer to the documentation of the hardware/hypervisor on how to enable the flag, or make it available to guest VMs.

Enabling secret scanning

警告

  • Changing this setting will cause user-facing services on GitHub Enterprise Server to restart. You should time this change carefully, to minimize downtime for users.

  1. From an administrative account on GitHub Enterprise Server, in the upper-right corner of any page, click .

  2. If you're not already on the "Site admin" page, in the upper-left corner, click Site admin.

  3. In the " Site admin" sidebar, click Management Console.

  4. In the "Settings" sidebar, click Security.

  5. Under "Security," select Secret scanning.

  6. Under the "Settings" sidebar, click Save settings.

    注意

    Saving settings in the Management Console restarts system services, which could result in user-visible downtime.

  7. Wait for the configuration run to complete.

Disabling secret scanning

警告

  • Changing this setting will cause user-facing services on GitHub Enterprise Server to restart. You should time this change carefully, to minimize downtime for users.

  1. From an administrative account on GitHub Enterprise Server, in the upper-right corner of any page, click .

  2. If you're not already on the "Site admin" page, in the upper-left corner, click Site admin.

  3. In the " Site admin" sidebar, click Management Console.

  4. In the "Settings" sidebar, click Security.

  5. Under "Security," deselect Secret scanning.

  6. Under the "Settings" sidebar, click Save settings.

    注意

    Saving settings in the Management Console restarts system services, which could result in user-visible downtime.

  7. Wait for the configuration run to complete.