REST API endpoints for secret scanning custom patterns
Use the REST API to manage custom patterns for secret scanning.
List organization custom patterns
Lists secret scanning custom patterns for an organization.
Personal access tokens (classic) need the read:org scope to use this endpoint.
Feinkörnige Zugriffstoken für "List organization custom patterns"
Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:
- GitHub App-Benutzerzugriffstoken
- GitHub-App-Installations-Zugriffstoken
- Feingranulare persönliche Zugriffstoken
Das differenzierte Token muss über den folgenden Berechtigungssatz verfügen.:
- "Administration" organization permissions (read)
Parameter für "List organization custom patterns"
| Name, Typ, BESCHREIBUNG |
|---|
accept string Setting to |
| Name, Typ, BESCHREIBUNG |
|---|
org string ErforderlichThe organization name. The name is not case sensitive. |
| Name, Typ, BESCHREIBUNG |
|---|
state string Filter custom patterns by state. When absent, returns patterns in all states. Kann eine der folgenden sein: |
push_protection string Filter custom patterns by whether push protection is enabled. When absent, returns patterns regardless of push protection status. Kann eine der folgenden sein: |
sort string The property to sort the results by. Standard: Kann eine der folgenden sein: |
direction string The direction to sort the results by. Standard: Kann eine der folgenden sein: |
page integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Standard: |
per_page integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Standard: |
HTTP-Antwortstatuscodes für "List organization custom patterns"
| Statuscode | BESCHREIBUNG |
|---|---|
200 | OK |
403 | Forbidden |
404 | Resource not found |
Codebeispiele für "List organization custom patterns"
Anforderungsbeispiel
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/orgs/ORG/secret-scanning/custom-patternsResponse
Status: 200[
{
"id": 1,
"name": "Example Custom Pattern",
"pattern": "[a-z]+_token_[0-9]+",
"slug": "example-custom-pattern",
"state": "published",
"push_protection_enabled": true,
"start_delimiter": null,
"end_delimiter": null,
"must_match": null,
"must_not_match": null,
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
},
{
"id": 2,
"name": "Another Custom Pattern",
"pattern": "prefix_[a-zA-Z0-9]{32}",
"slug": "another-custom-pattern",
"state": "published",
"push_protection_enabled": false,
"start_delimiter": "\\b",
"end_delimiter": "\\b",
"must_match": [
"^prefix_prod"
],
"must_not_match": [
"test"
],
"created_at": "2024-01-16T14:20:00Z",
"updated_at": "2024-01-17T09:15:00Z"
}
]Bulk create organization custom patterns
Bulk creates secret scanning custom patterns for an organization.
Personal access tokens (classic) need the write:org scope to use this endpoint.
Feinkörnige Zugriffstoken für "Bulk create organization custom patterns"
Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:
- GitHub App-Benutzerzugriffstoken
- GitHub-App-Installations-Zugriffstoken
- Feingranulare persönliche Zugriffstoken
Das differenzierte Token muss über den folgenden Berechtigungssatz verfügen.:
- "Administration" organization permissions (write)
Parameter für "Bulk create organization custom patterns"
| Name, Typ, BESCHREIBUNG |
|---|
accept string Setting to |
| Name, Typ, BESCHREIBUNG |
|---|
org string ErforderlichThe organization name. The name is not case sensitive. |
| Name, Typ, BESCHREIBUNG | |||||||
|---|---|---|---|---|---|---|---|
patterns array of objects ErforderlichThe list of custom patterns to create. | |||||||
Properties of |
| Name, Typ, BESCHREIBUNG |
|---|
name string ErforderlichThe name of the custom pattern. |
pattern string ErforderlichThe regular expression of the custom pattern. |
start_delimiter string The start delimiter regex for the custom pattern.
Defaults to Standard: |
end_delimiter string The end delimiter regex for the custom pattern.
Defaults to Standard: |
must_match array of strings List of regexes that the secret must match. |
must_not_match array of strings List of regexes that the secret must not match. |
HTTP-Antwortstatuscodes für "Bulk create organization custom patterns"
| Statuscode | BESCHREIBUNG |
|---|---|
201 | All patterns created successfully. |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
422 | Validation failed for one or more patterns. |
Codebeispiele für "Bulk create organization custom patterns"
Anforderungsbeispiel
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/orgs/ORG/secret-scanning/custom-patterns \
-d '{"patterns":[{"name":"Example Custom Pattern","pattern":"[a-z]+_token_[0-9]+"},{"name":"Another Custom Pattern","pattern":"prefix_[a-zA-Z0-9]{32}","start_delimiter":"\\b","end_delimiter":"\\b","must_match":["^prefix_prod"],"must_not_match":["test"]}]}'All patterns created successfully.
Status: 201{
"created_patterns": [
{
"id": 1,
"name": "Example Custom Pattern",
"pattern": "[a-z]+_token_[0-9]+",
"slug": "example-custom-pattern",
"state": "unpublished",
"push_protection_enabled": false,
"start_delimiter": null,
"end_delimiter": null,
"must_match": null,
"must_not_match": null,
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
},
{
"id": 2,
"name": "Another Custom Pattern",
"pattern": "prefix_[a-zA-Z0-9]{32}",
"slug": "another-custom-pattern",
"state": "unpublished",
"push_protection_enabled": false,
"start_delimiter": "\\b",
"end_delimiter": "\\b",
"must_match": [
"^prefix_prod"
],
"must_not_match": [
"test"
],
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
}
]
}Bulk delete organization custom patterns
Bulk deletes secret scanning custom patterns for an organization.
Personal access tokens (classic) need the write:org scope to use this endpoint.
Feinkörnige Zugriffstoken für "Bulk delete organization custom patterns"
Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:
- GitHub App-Benutzerzugriffstoken
- GitHub-App-Installations-Zugriffstoken
- Feingranulare persönliche Zugriffstoken
Das differenzierte Token muss über den folgenden Berechtigungssatz verfügen.:
- "Administration" organization permissions (write)
Parameter für "Bulk delete organization custom patterns"
| Name, Typ, BESCHREIBUNG |
|---|
accept string Setting to |
| Name, Typ, BESCHREIBUNG |
|---|
org string ErforderlichThe organization name. The name is not case sensitive. |
| Name, Typ, BESCHREIBUNG | |||
|---|---|---|---|
patterns array of objects ErforderlichThe list of custom patterns to delete. | |||
Properties of |
| Name, Typ, BESCHREIBUNG |
|---|
pattern_id integer ErforderlichThe ID of the custom pattern to delete. |
custom_pattern_version string or null The version of the entity. This is used to confirm you're updating the current version of the entity and mitigate unintentionally overriding someone else's update. |
post_delete_action string What to do with alerts associated with the deleted patterns.
delete_alerts permanently removes the alerts.
resolve_alerts resolves the alerts as "pattern deleted".
Defaults to delete_alerts when not specified.
Standard: delete_alerts
Kann eine der folgenden sein: delete_alerts, resolve_alerts
HTTP-Antwortstatuscodes für "Bulk delete organization custom patterns"
| Statuscode | BESCHREIBUNG |
|---|---|
204 | All patterns deleted successfully. |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
412 | Precondition Failed |
Codebeispiele für "Bulk delete organization custom patterns"
Anforderungsbeispiel
curl -L \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/orgs/ORG/secret-scanning/custom-patterns \
-d '{"patterns":[{"pattern_id":2,"custom_pattern_version":"0ujsswThIGTUYm2K8FjOOfXtY1K"}]}'All patterns deleted successfully.
Status: 204Update an organization custom pattern
Updates a secret scanning custom pattern for an organization.
Personal access tokens (classic) need the write:org scope to use this endpoint.
Feinkörnige Zugriffstoken für "Update an organization custom pattern"
Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:
- GitHub App-Benutzerzugriffstoken
- GitHub-App-Installations-Zugriffstoken
- Feingranulare persönliche Zugriffstoken
Das differenzierte Token muss über den folgenden Berechtigungssatz verfügen.:
- "Administration" organization permissions (write)
Parameter für "Update an organization custom pattern"
| Name, Typ, BESCHREIBUNG |
|---|
accept string Setting to |
| Name, Typ, BESCHREIBUNG |
|---|
org string ErforderlichThe organization name. The name is not case sensitive. |
pattern_id integer ErforderlichThe ID of the custom pattern. |
| Name, Typ, BESCHREIBUNG |
|---|
pattern string The updated regular expression of the custom pattern. |
start_delimiter string The updated start delimiter regex for the custom pattern. |
end_delimiter string The updated end delimiter regex for the custom pattern. |
must_match array of strings Updated list of regexes that the secret must match. |
must_not_match array of strings Updated list of regexes that the secret must not match. |
custom_pattern_version string or null ErforderlichThe version of the entity. This is used to confirm you're updating the current version of the entity and mitigate unintentionally overriding someone else's update. |
HTTP-Antwortstatuscodes für "Update an organization custom pattern"
| Statuscode | BESCHREIBUNG |
|---|---|
200 | Pattern updated successfully. |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
412 | Precondition Failed |
422 | Validation failed, or the endpoint has been spammed. |
Codebeispiele für "Update an organization custom pattern"
Anforderungsbeispiel
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/orgs/ORG/secret-scanning/custom-patterns/PATTERN_ID \
-d '{"pattern":"updated_secret_[0-9A-Z]{16}","start_delimiter":"[^0-9A-Za-z]","end_delimiter":"[^0-9A-Za-z]","must_match":["updated_secret_[0-9]{2}*"],"must_not_match":["updated_secret_1234567890ABCDEF"],"custom_pattern_version":"0ujsswThIGTUYm2K8FjOOfXtY1K"}'Pattern updated successfully.
Status: 200{
"id": 1,
"name": "Example Custom Pattern",
"pattern": "updated_secret_[0-9A-Z]{16}",
"slug": "example_custom_pattern",
"state": "published",
"push_protection_enabled": true,
"start_delimiter": "[^0-9A-Za-z]",
"end_delimiter": "[^0-9A-Za-z]",
"must_match": [
"updated_secret_[0-9]{2}*"
],
"must_not_match": [
"updated_secret_1234567890ABCDEF"
],
"custom_pattern_version": "0ujsswThIGTUYm2K8FjOOfXtY1K",
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-06-01T12:00:00Z"
}List repository custom patterns
Lists secret scanning custom patterns for a repository.
OAuth app tokens and personal access tokens (classic) need the repo or security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.
Feinkörnige Zugriffstoken für "List repository custom patterns"
Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:
- GitHub App-Benutzerzugriffstoken
- GitHub-App-Installations-Zugriffstoken
- Feingranulare persönliche Zugriffstoken
Das differenzierte Token muss über den folgenden Berechtigungssatz verfügen.:
- "Secret scanning alerts" repository permissions (read)
Parameter für "List repository custom patterns"
| Name, Typ, BESCHREIBUNG |
|---|
accept string Setting to |
| Name, Typ, BESCHREIBUNG |
|---|
owner string ErforderlichThe account owner of the repository. The name is not case sensitive. |
repo string ErforderlichThe name of the repository without the |
| Name, Typ, BESCHREIBUNG |
|---|
state string Filter custom patterns by state. When absent, returns patterns in all states. Kann eine der folgenden sein: |
push_protection string Filter custom patterns by whether push protection is enabled. When absent, returns patterns regardless of push protection status. Kann eine der folgenden sein: |
sort string The property to sort the results by. Standard: Kann eine der folgenden sein: |
direction string The direction to sort the results by. Standard: Kann eine der folgenden sein: |
page integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Standard: |
per_page integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Standard: |
HTTP-Antwortstatuscodes für "List repository custom patterns"
| Statuscode | BESCHREIBUNG |
|---|---|
200 | OK |
403 | Forbidden |
404 | Resource not found |
Codebeispiele für "List repository custom patterns"
Anforderungsbeispiel
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/repos/OWNER/REPO/secret-scanning/custom-patternsResponse
Status: 200[
{
"id": 1,
"name": "Example Custom Pattern",
"pattern": "[a-z]+_token_[0-9]+",
"slug": "example-custom-pattern",
"state": "published",
"push_protection_enabled": true,
"start_delimiter": null,
"end_delimiter": null,
"must_match": null,
"must_not_match": null,
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
},
{
"id": 2,
"name": "Another Custom Pattern",
"pattern": "prefix_[a-zA-Z0-9]{32}",
"slug": "another-custom-pattern",
"state": "published",
"push_protection_enabled": false,
"start_delimiter": "\\b",
"end_delimiter": "\\b",
"must_match": [
"^prefix_prod"
],
"must_not_match": [
"test"
],
"created_at": "2024-01-16T14:20:00Z",
"updated_at": "2024-01-17T09:15:00Z"
}
]Bulk create repository custom patterns
Bulk creates secret scanning custom patterns for a repository.
OAuth app tokens and personal access tokens (classic) need the repo or security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.
Feinkörnige Zugriffstoken für "Bulk create repository custom patterns"
Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:
- GitHub App-Benutzerzugriffstoken
- GitHub-App-Installations-Zugriffstoken
- Feingranulare persönliche Zugriffstoken
Das differenzierte Token muss über den folgenden Berechtigungssatz verfügen.:
- "Secret scanning alerts" repository permissions (write)
Parameter für "Bulk create repository custom patterns"
| Name, Typ, BESCHREIBUNG |
|---|
accept string Setting to |
| Name, Typ, BESCHREIBUNG |
|---|
owner string ErforderlichThe account owner of the repository. The name is not case sensitive. |
repo string ErforderlichThe name of the repository without the |
| Name, Typ, BESCHREIBUNG | |||||||
|---|---|---|---|---|---|---|---|
patterns array of objects ErforderlichThe list of custom patterns to create. | |||||||
Properties of |
| Name, Typ, BESCHREIBUNG |
|---|
name string ErforderlichThe name of the custom pattern. |
pattern string ErforderlichThe regular expression of the custom pattern. |
start_delimiter string The start delimiter regex for the custom pattern.
Defaults to Standard: |
end_delimiter string The end delimiter regex for the custom pattern.
Defaults to Standard: |
must_match array of strings List of regexes that the secret must match. |
must_not_match array of strings List of regexes that the secret must not match. |
HTTP-Antwortstatuscodes für "Bulk create repository custom patterns"
| Statuscode | BESCHREIBUNG |
|---|---|
201 | All patterns created successfully. |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
422 | Validation failed for one or more patterns. |
Codebeispiele für "Bulk create repository custom patterns"
Anforderungsbeispiel
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/repos/OWNER/REPO/secret-scanning/custom-patterns \
-d '{"patterns":[{"name":"Example Custom Pattern","pattern":"[a-z]+_token_[0-9]+"},{"name":"Another Custom Pattern","pattern":"prefix_[a-zA-Z0-9]{32}","start_delimiter":"\\b","end_delimiter":"\\b","must_match":["^prefix_prod"],"must_not_match":["test"]}]}'All patterns created successfully.
Status: 201{
"created_patterns": [
{
"id": 1,
"name": "Example Custom Pattern",
"pattern": "[a-z]+_token_[0-9]+",
"slug": "example-custom-pattern",
"state": "unpublished",
"push_protection_enabled": false,
"start_delimiter": null,
"end_delimiter": null,
"must_match": null,
"must_not_match": null,
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
},
{
"id": 2,
"name": "Another Custom Pattern",
"pattern": "prefix_[a-zA-Z0-9]{32}",
"slug": "another-custom-pattern",
"state": "unpublished",
"push_protection_enabled": false,
"start_delimiter": "\\b",
"end_delimiter": "\\b",
"must_match": [
"^prefix_prod"
],
"must_not_match": [
"test"
],
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
}
]
}Bulk delete repository custom patterns
Bulk deletes secret scanning custom patterns for a repository.
OAuth app tokens and personal access tokens (classic) need the repo or security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.
Feinkörnige Zugriffstoken für "Bulk delete repository custom patterns"
Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:
- GitHub App-Benutzerzugriffstoken
- GitHub-App-Installations-Zugriffstoken
- Feingranulare persönliche Zugriffstoken
Das differenzierte Token muss über den folgenden Berechtigungssatz verfügen.:
- "Secret scanning alerts" repository permissions (write)
Parameter für "Bulk delete repository custom patterns"
| Name, Typ, BESCHREIBUNG |
|---|
accept string Setting to |
| Name, Typ, BESCHREIBUNG |
|---|
owner string ErforderlichThe account owner of the repository. The name is not case sensitive. |
repo string ErforderlichThe name of the repository without the |
| Name, Typ, BESCHREIBUNG | |||
|---|---|---|---|
patterns array of objects ErforderlichThe list of custom patterns to delete. | |||
Properties of |
| Name, Typ, BESCHREIBUNG |
|---|
pattern_id integer ErforderlichThe ID of the custom pattern to delete. |
custom_pattern_version string or null The version of the entity. This is used to confirm you're updating the current version of the entity and mitigate unintentionally overriding someone else's update. |
post_delete_action string What to do with alerts associated with the deleted patterns.
delete_alerts permanently removes the alerts.
resolve_alerts resolves the alerts as "pattern deleted".
Defaults to delete_alerts when not specified.
Standard: delete_alerts
Kann eine der folgenden sein: delete_alerts, resolve_alerts
HTTP-Antwortstatuscodes für "Bulk delete repository custom patterns"
| Statuscode | BESCHREIBUNG |
|---|---|
204 | All patterns deleted successfully. |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
412 | Precondition Failed |
Codebeispiele für "Bulk delete repository custom patterns"
Anforderungsbeispiel
curl -L \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/repos/OWNER/REPO/secret-scanning/custom-patterns \
-d '{"patterns":[{"pattern_id":2,"custom_pattern_version":"0ujsswThIGTUYm2K8FjOOfXtY1K"}]}'All patterns deleted successfully.
Status: 204Update a repository custom pattern
Updates a secret scanning custom pattern for a repository.
OAuth app tokens and personal access tokens (classic) need the repo or security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.
Feinkörnige Zugriffstoken für "Update a repository custom pattern"
Dieser Endpunkt funktioniert mit den folgenden differenzierten Tokentypen.:
- GitHub App-Benutzerzugriffstoken
- GitHub-App-Installations-Zugriffstoken
- Feingranulare persönliche Zugriffstoken
Das differenzierte Token muss über den folgenden Berechtigungssatz verfügen.:
- "Secret scanning alerts" repository permissions (write)
Parameter für "Update a repository custom pattern"
| Name, Typ, BESCHREIBUNG |
|---|
accept string Setting to |
| Name, Typ, BESCHREIBUNG |
|---|
owner string ErforderlichThe account owner of the repository. The name is not case sensitive. |
repo string ErforderlichThe name of the repository without the |
pattern_id integer ErforderlichThe ID of the custom pattern. |
| Name, Typ, BESCHREIBUNG |
|---|
pattern string The updated regular expression of the custom pattern. |
start_delimiter string The updated start delimiter regex for the custom pattern. |
end_delimiter string The updated end delimiter regex for the custom pattern. |
must_match array of strings Updated list of regexes that the secret must match. |
must_not_match array of strings Updated list of regexes that the secret must not match. |
custom_pattern_version string or null ErforderlichThe version of the entity. This is used to confirm you're updating the current version of the entity and mitigate unintentionally overriding someone else's update. |
HTTP-Antwortstatuscodes für "Update a repository custom pattern"
| Statuscode | BESCHREIBUNG |
|---|---|
200 | Pattern updated successfully. |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
412 | Precondition Failed |
422 | Validation failed, or the endpoint has been spammed. |
Codebeispiele für "Update a repository custom pattern"
Anforderungsbeispiel
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/repos/OWNER/REPO/secret-scanning/custom-patterns/PATTERN_ID \
-d '{"pattern":"updated_secret_[0-9A-Z]{16}","start_delimiter":"[^0-9A-Za-z]","end_delimiter":"[^0-9A-Za-z]","must_match":["updated_secret_[0-9]{2}*"],"must_not_match":["updated_secret_1234567890ABCDEF"],"custom_pattern_version":"0ujsswThIGTUYm2K8FjOOfXtY1K"}'Pattern updated successfully.
Status: 200{
"id": 1,
"name": "Example Custom Pattern",
"pattern": "updated_secret_[0-9A-Z]{16}",
"slug": "example_custom_pattern",
"state": "published",
"push_protection_enabled": true,
"start_delimiter": "[^0-9A-Za-z]",
"end_delimiter": "[^0-9A-Za-z]",
"must_match": [
"updated_secret_[0-9]{2}*"
],
"must_not_match": [
"updated_secret_1234567890ABCDEF"
],
"custom_pattern_version": "0ujsswThIGTUYm2K8FjOOfXtY1K",
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-06-01T12:00:00Z"
}