Skip to main content

Public monitoring for secret scanning

Public monitoring detects credentials leaked by your enterprise members in public repositories across GitHub, giving you visibility into secret exposure beyond your enterprise's boundaries.

谁可以使用此功能?

Public monitoring is available for enterprises on GitHub Enterprise Cloud with GitHub Advanced Security or GitHub Secret Protection enabled. Public monitoring is not available for 带有数据驻留权的 GitHub Enterprise Cloud.

注意

Public monitoring for secret scanning is currently in 公开预览 and subject to change. If you have feedback, please join the discussion.

About public monitoring

GitHub monitors for secrets leaked across GitHub in real time. Public monitoring attributes publicly exposed secrets back to your enterprise, based on where your people commit.

Secret scanning detects secrets in repositories that your enterprise owns. Public monitoring extends this detection to secrets found in arbitrary public repos across GitHub.com, regardless of whether or not your enterprise owns the repository where it was leaked.

This gives enterprise security administrators visibility into credential exposure they wouldn't otherwise be aware of, helping identify potential risks and leaked secrets which could be exploited by bad actors.

How public monitoring works

Public monitoring scans public repositories, including non-code content like issue and pull request comments across GitHub for secrets associated with your enterprise. When a secret is detected, an alert is surfaced in the enterprise-level security overview.

Attribution methods

Public monitoring uses two methods to associate detected secrets with your enterprise:

  • Enterprise membership: Secrets leaked by users who are members of your enterprise
  • Verified domain matching: Secrets leaked by users whose email address matches a verified domain of your enterprise, even if they are not direct enterprise members

Both attribution methods are active when public monitoring is enabled.

Requirements

To use public monitoring, your enterprise must:

  • Have GitHub Advanced Security or GitHub Secret Protection enabled