Secret scanning validity checks are now generally available.
Starting today, validity checks will be included in the ‘GitHub recommended’ setup through code security configurations and will be enabled for any newly attached repositories.
Please note that on July 24, validity checks will also be enabled retroactively for any repositories that had attached the GitHub recommended configuration before July 2, 2024. If you wish to directly manage feature enablement moving forward, we recommend unattaching the recommended configuration and attaching your own custom configuration to those repositories.
Learn more about secret scanning and validity checks
GitHub secret scanning lets you know if your secret is active
or inactive
with partner validity checks. These checks are run on an ongoing basis for supported providers for any repositories that have enabled the validity check feature; you can also perform on demand validity checks from the alert details page.
Learn how to secure your repositories with secret scanning, participate in the community discussion with feedback, or sign up for a 60 minute feedback session on secret scanning and be compensated for your time.