Secret scanning will now detect the following non-provider patterns:
- HTTP basic authentication header
- HTTP bearer authentication header
- MongoDB connection string
- MySQL connection string
- Postgres connection string
- OpenSSH private key
- PGP private key
- RSA private key
Detection of these patterns must be enabled within a repository or organization’s security settings by checking the box next to “Scan for non-provider patterns.” Resulting secrets will appear in a new, separate tab on the secret scanning alert list called “Other.”
Detection of non-provider patterns is currently in beta and is available for enterprises with a GitHub Advanced Security license only. Additional patterns will be added throughout the beta.