Skip to content

about-secret-scanning-for-partners.md

Latest commit

 

History

History
39 lines (28 loc) · 2.58 KB

about-secret-scanning-for-partners.md

File metadata and controls

39 lines (28 loc) · 2.58 KB
title About secret scanning for partners
intro When {% data variables.product.prodname_secret_scanning %} detects authentication details for a service provider in a public repository on {% data variables.product.prodname_dotcom %}, an alert is sent directly to the provider. This allows service providers who are {% data variables.product.prodname_dotcom %} partners to promptly take action to secure their systems.
product {% data reusables.gated-features.secret-scanning-partner-alerts %}
versions
fpt ghec
*
*
topics
Secret scanning
Secret Protection
shortTitle Secret scanning for partners
redirect_from
/code-security/secret-scanning/introduction/about-secret-scanning-for-partners
contentType concepts

About {% data variables.secret-scanning.partner_alerts %}

{% data variables.product.github %} scans public repositories and public npm packages for secrets issued by specific service providers who joined our partnership program, and alerts the relevant service provider whenever a secret is detected in a commit. The service provider validates the string and then decides whether they should revoke the secret, issue a new secret, or contact you directly. Their action will depend on the associated risks to you or them. {% data reusables.secret-scanning.partner-program-link %}

[!NOTE]You cannot change the configuration of {% data variables.product.prodname_secret_scanning %} for partner patterns on public repositories.

{% data variables.secret-scanning.partner_alerts_caps %} scans:

{% data reusables.secret-scanning.what-is-scanned %}

The reason partner alerts are directly sent to the secret providers whenever a leak is detected for one of their secrets is that this enables the provider to take immediate action to protect you and protect their resources. The notification process for regular alerts is different. Regular alerts are displayed on the repository's Security tab on {% data variables.product.prodname_dotcom %} for you to resolve.

{% data reusables.secret-scanning.secret-scanning-pattern-pair-matches %}

What are the supported secrets

For information about the secrets and service providers supported by push protection, see AUTOTITLE.

Further reading