Prerequisites
Before you configure GitHub Secret Protection:
- Run the free secret risk assessment to inform your enablement strategy. See Running the secret risk assessment for your organization.
- Review best practices for choosing pilot repositories. See Best practices for selecting pilot repositories.
Configuring GitHub Secret Protection
- On GitHub, navigate to the main page of the organization.
- Under your organization name, click the Security and quality tab.
- In the sidebar, under "Security", click Assessments.
- In the banner display, select the Get started dropdown menu, then click one of following enablement options:
- For public repositories for free: Click to enable for only public repositories in your organization.
- For all repositories: Click to see an estimated cost for GitHub Secret Protection for all repositories in your organization.
- If you are satisfied with the pricing estimate, to enable secret scanning alerts and push protection across your organization, click Enable Secret Protection.
- Alternatively, click Configure in settings to customize which repositories you want to enable Secret Protection for. See Creating a custom security configuration.