이 버전의 GitHub Enterprise Server는 다음 날짜에 중단됩니다. 2026-04-09. 중요한 보안 문제에 대해서도 패치 릴리스가 이루어지지 않습니다. 더 뛰어난 성능, 향상된 보안, 새로운 기능을 위해 최신 버전의 GitHub Enterprise Server로 업그레이드합니다. 업그레이드에 대한 도움말은 GitHub Enterprise 지원에 문의하세요.

비밀 검사 정보

노출된 자격 증명을 악용하기 전에 자동으로 검색하여 비밀의 사기성 사용을 방지합니다.

이 기사에서

When credentials like API keys and passwords are committed to repositories, they become targets for unauthorized access. Secret scanning automatically detects these exposed secrets so you can secure them before they're exploited.

How secret scanning protects your code

Secret scanning scans your entire Git history on all branches of your repository for API keys, passwords, tokens, and other known secret types. GitHub also periodically rescans repositories when new secret types are added.

GitHub also automatically scans:

  • Descriptions and comments in issues
  • Titles, descriptions, and comments, in open and closed historical issues
  • Titles, descriptions, and comments in pull requests
  • Titles, descriptions, and comments in GitHub Discussions
  • Secret gists

Secret scanning alerts and remediation

When secret scanning finds a potential secret, GitHub generates an alert on your repository's Security tab with details about the exposed credential.

When you receive an alert, rotate the affected credential immediately to prevent unauthorized access. While you can also remove secrets from your Git history, this is time-intensive and often unnecessary if you've already revoked the credential.

Customizability

Beyond the default detection of partner and provider secrets, you can expand and customize secret scanning to fit your needs.

  • Non-provider patterns. Expand detection to secrets that aren't tied to a specific service provider, such as private keys, connection strings, and generic API keys.
  • Custom patterns. Define your own regular expressions to detect organization-specific secrets that aren't covered by default patterns.
  • Validity checks. Prioritize remediation by checking whether detected secrets are still active.

How can I access this feature?

Secret scanning is available for the following repository types:

  • Public repositories: Secret scanning runs automatically for free.
  • Organization-owned private and internal repositories: Available with GitHub Advanced Security enabled on GitHub Team or GitHub Enterprise Cloud.
  • User-owned repositories: Available on GitHub Enterprise Cloud with Enterprise Managed Users. Available on GitHub Enterprise Server when the enterprise has GitHub Advanced Security enabled.

Next steps

Further reading