GitHub · Cloudflare · Stripe · GitHub Blog
Secret scanning pattern updates and product improvements - GitHub Changelog
Compiled by KHAO Editorial — aggregated from 1 source. See llms.txt for citation guidance.
★ Tier-1 Source
This week, they're rolling out several improvements to their detection coverage, APIs, and workflows.
Key facts
- Patterns that are not yet enabled by default remain configurable in your push protection settings for GitHub Secret Protection and GitHub Advanced Security customers
- Providers and exclude_providers are mutually exclusive—using both returns a 422
- GitHub’s AI-powered generic secret detection runs backfill scans across your repositories, but until now those scans didn’t show up in the scan history API
- In EMU enterprises, developers often fork organization repositories into their personal namespaces
Summary
Forks for enterprise-managed users: User-owned forks in EMU enterprises now inherit push protection from their nearest licensed ancestor repository. Push protection defaults expanded: Figma, GCP, Langchain, OpenVSX, and PostHog patterns now block commits containing matching secrets by default. Set validity on custom pattern alerts via API: You can now mark custom pattern alerts as active or inactive directly through the PATCH endpoint. Team and Topic filters for secret scanning campaigns: Campaigns now support the same team and topic filter options as code scanning campaigns.