How-tos for detecting secret leaks

Learn how to use GitHub's tools to detect secret leaks.

Enabling secret scanning for your repository

You can configure how GitHub scans your repositories for leaked secrets and generates alerts.

Enabling secret scanning for non-provider patterns

You can enable secret scanning to detect additional potential secrets at the repository and organization levels.

Enabling Copilot secret scanning's generic secret detection

You can enable generic secret detection for your repository or organization. Alerts for generic secrets, such as passwords, are displayed in a separate list on the secret scanning alerts page.