Secret scanning detects secrets in GitHub discussions and pull request content

[github-product-roadmap]

Summary

Secret scanning is expanding detection coverage beyond commit content. GitHub now detects secrets found in pull request and GitHub discussions (e.g. bodies, comments, edits).

As GitHub expands support, GitHub will be performing backfills to detect historically existing secrets across pull requests and discussions.

This release follows support of scanning for GitHub issues, and will be similarly followed by support for secret scanning across GitHub wiki content.

Intended Outcome

Secrets can be exposed anywhere -- not just across code content. GitHub helps keep you safe by automatically scanning additional surfaces across GitHub, without the need for any additional setup.

How will it work?

For repositories where secret scanning is enabled, you'll automatically begin to receive secret scanning alerts for any exposed secrets in pull requests or discussions. GitHub will also continue to scan public repositories for publicly leaked secrets, and will now notify partners in secret scanning's partnership program if secrets are detected in public pull requests or discussions.

[ankneis]

🚢 This has shipped: https://github.blog/changelog/2024-08-16-secret-scanning-for-non-code-github-surfaces-is-now-generally-available/

Leaving open to track for GHES release.

[ankneis]

This shipped with GHES 3.15: https://docs.github.com/en/enterprise-server@3.15/admin/release-notes

[ankneis]

Edit to clarify: This feature will be available with the GHES 3.15 general availability release on December 3