Secret scanning alerts for non-provider patterns and generic passwords can now be retrieved using the REST API.
With the “List secret scanning alerts” endpoint for an enterprise, organization, or repository, you can use the query parameter secret_type
to request alerts for non-provider patterns or passwords. To retrieve alerts for non-provider patterns, use the “Token” value in this table. To retrieve alerts for passwords, use the value password
.
The secret_type
parameter can be used to return several secret types, separated by commas: e.g. api.github.com/orgs/ORG/secret-scanning/alerts?secret_type=rsa_private_key,password
.
Alerts for non-provider patterns and passwords are not returned by default with the “List secret scanning alerts” endpoint; they must be specifically requested.
- Learn more about secret scanning or join the discussion in our dedicated Github community post.