GitHub secret scanning helps protect users by searching repositories for known types of secrets. By flagging leaked secrets, our scans can prevent data leaks and prevent the fraudulent use of accidentally committed secrets.
When enabled on private repositories, GitHub secret scanning raises alerts directly to users. The quality of this experience depends on the quality of the patterns we scan for, which we are constantly refining. In line with that, we are removing our pattern for Azure SQL connection strings from our default pattern set on private repositories.
Advanced Security customers can replicate our previous pattern for Azure SQL connection strings using custom patterns with the following regex:
(?i)[a-z][a-z0-9-]+\.database(?:\.secure)?\.(?:(?:windows|usgovcloudapi)\.net|chinacloudapi\.cn|cloudapi\.de)
We intend to introduce a more general pattern for database connection strings, with a lower false positive rate, in the near future.
Check out our docs for more information on the 100+ patterns that we scan for.