리포지토리에 대한 유효성 검사 사용

리포지토리에서 유효성 검사를 사용하도록 설정하면 비밀이 활성 상태인지 비활성 상태인지를 알려주는 경고 수정의 우선 순위를 지정할 수 있습니다.

누가 이 기능을 사용할 수 있나요?

파트너 패턴의 유효성 검사는 다음 리포지토리 유형에서 사용할 수 있습니다.

이 문서의 내용

About validity checks

You can enable validity checks for secrets identified as service provider tokens for your repository. Once enabled, GitHub will periodically check the validity of a detected credential by sending the secret directly to the provider, as part of GitHub's secret scanning partnership program. To find out about our partner program, see Secret scanning partner program.

GitHub displays the validation status of the secret in the alert view, so you can see if the secret is active, inactive, or if the validation status is unknown. You can optionally perform an "on-demand" validity check for the secret in the alert view.

You can additionally choose to enable validity checks for partner patterns. Once enabled, GitHub will periodically check the validity of a detected credential by sending the secret directly to the provider, as part of GitHub's formal secret scanning partnership program. GitHub typically makes GET requests to check the validity of the credential, picks the least intrusive endpoints, and selects endpoints that don't return any personal information.

GitHub displays the validation status of the secret in the alert view.

You can filter by validation status on the alerts page, to help you prioritize which alerts you need to take action on.

참고 항목

GitHub typically makes GET requests to check the validity of the credential, picks the least intrusive endpoints, and selects endpoints that don't return any personal information.

For more information on using validity checks, see Evaluating alerts from secret scanning.

Enabling validity checks

참고 항목

You can also use the REST API to enable validity checks for partner patterns for your repository. For more information, see REST API endpoints for repositories.

  1. On GitHub, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the "Security" section of the sidebar, click Advanced Security.

  4. Under "Secret Protection", to the right of "Validity checks", click Enable.

  5. Scroll to the bottom of the page and click Save changes.

Alternatively, organization owners and enterprise administrators can enable the feature for all repositories in the organization or enterprise. For more information on enabling at the organization-level, see Creating a custom security configuration. For more information on enabling at the enterprise-level, see Creating a custom security configuration for your enterprise.

Further reading