Note: Secret scanning for organization-owned repositories is currently in beta and subject to change.
Enabling secret scanning for repositories
-
On GitHub AE, navigate to the main page of the repository.
-
Under your repository name, click Settings.

-
In the left sidebar, click Security & analysis.

-
Before you can enable secret scanning, you need to enable GitHub Advanced Security first. To the right of "GitHub Advanced Security", click Enable.

-
Click Enable GitHub Advanced Security for this repository to confirm the action.

-
To the right of "Secret scanning", click Enable.

Excluding alerts from secret scanning in repositories
You can use a secret_scanning.yml file to exclude directories from secret scanning. For example, you can exclude directories that contain tests or randomly generated content.
-
On GitHub AE, navigate to the main page of the repository.
-
Above the list of files, using the Add file drop-down, click Create new file.

-
In the file name field, type .github/secret_scanning.yml.
-
Under Edit new file, type
paths-ignore:followed by the paths you want to exclude from secret scanning.paths-ignore: - "foo/bar/*.js"You can use special characters, such as
*to filter paths. For more information about filter patterns, see "Workflow syntax for GitHub Actions."Notes:
- If there are more than 1,000 entries in
paths-ignore, secret scanning will only exclude the first 1,000 directories from scans. - If secret_scanning.yml is larger than 1 MB, secret scanning will ignore the entire file.
- If there are more than 1,000 entries in
You can also ignore individual alerts from secret scanning. For more information, see "Managing alerts from secret scanning."

