파트너를 위한 비밀 검사 정보

secret scanning에서 GitHub의 퍼블릭 리포지토리 서비스 공급자에 대한 인증 세부 정보를 검색하면 경고가 공급자에게 직접 전송됩니다. 이렇게 하면 GitHub 파트너인 서비스 공급자가 즉시 조치를 취하여 시스템을 보호할 수 있습니다.

누가 이 기능을 사용할 수 있나요?

파트너에 대한 비밀 검사 경고은(는) 다음 리포지토리에서 기본적으로 실행됩니다.

  • GitHub의 퍼블릭 리포지토리 및 공용 npm 패키지

이 문서의 내용

About secret scanning alerts for partners

GitHub scans public repositories and public npm packages for secrets issued by specific service providers who joined our partnership program, and alerts the relevant service provider whenever a secret is detected in a commit. The service provider validates the string and then decides whether they should revoke the secret, issue a new secret, or contact you directly. Their action will depend on the associated risks to you or them. To find out about our partner program, see Secret scanning partner program.

참고 항목

You cannot change the configuration of secret scanning for partner patterns on public repositories.

Secret scanning alerts for partners scans:

  • Descriptions and comments in issues
  • Titles, descriptions, and comments, in open and closed historical issues. A notification is sent to the relevant partner when a historical partner pattern is detected.
  • Titles, descriptions, and comments in pull requests
  • Titles, descriptions, and comments in GitHub Discussions
  • Wikis
  • Secret gists. A notification is sent to the relevant partner when a partner pattern is detected in a secret gist.

The reason partner alerts are directly sent to the secret providers whenever a leak is detected for one of their secrets is that this enables the provider to take immediate action to protect you and protect their resources. The notification process for regular alerts is different. Regular alerts are displayed on the repository's Security tab on GitHub for you to resolve.

If access to a resource requires paired credentials, then secret scanning will create an alert only when both parts of the pair are detected in the same file. This ensures that the most critical leaks are not hidden behind information about partial leaks. Pair matching also helps reduce false positives since both elements of a pair must be used together to access the provider's resource.

What are the supported secrets

For information about the secrets and service providers supported by push protection, see Supported secret scanning patterns.

Further reading