How-tos for customizing secret leak detection

Protect your unique secret types by defining custom patterns with regular expressions.

You can use Copilot secret scanning's regular expression generator to write regular expressions for custom patterns. The generator uses an AI model to generate expressions that match your input, and optionally example strings.

You can view, edit, and remove custom patterns, as well as enable push protection for custom patterns.

You can customize secret scanning to automatically close alerts for secrets found in specific directories or files by configuring a secret_scanning.yml file in your repository.

Enabling validity checks on your repository helps you prioritize the remediation of alerts as it tells you if a secret is active or inactive.

Learn how to enable extended metadata checks for detected secrets so alerts detected by secret scanning include additional information that help you assess and remediate leaks faster.