Secret Scanning

This skill provides procedural guidance for configuring GitHub secret scanning — detecting leaked credentials, preventing secret pushes, defining custom patterns, and managing alerts.

When to Use This Skill

Use this skill when the request involves:

• Enabling or configuring secret scanning for a repository or organization
• Setting up push protection to block secrets before they reach the repository
• Defining custom secret patterns with regular expressions
• Resolving a blocked push from the command line
• Triaging, dismissing, or remediating secret scanning alerts
• Configuring delegated bypass for push protection
• Excluding directories from secret scanning via secret_scanning.yml
• Understanding alert types (user, partner, push protection)
• Enabling validity checks or extended metadata checks
• Scanning local code changes for secrets before committing (via MCP / AI coding agent) — see the Pre-Commit Scanning via AI Coding Agents section below for the recommended plugin