Now generally available, GitHub Secret Protection users have the ability to configure which secret scanning patterns are included in push protection. This customization helps you to better meet your organization’s security policies and prevent a wider range of secrets from being committed to your repositories.

You can configure push protected patterns at the Enterprise (Settings -> Advanced Security -> Additional Settings) or Organization level (Settings -> Advanced Security -> Global settings). The Organization level automatically inherits any settings from the Enterprise level; however, any changes made at the Organization level will take precedence. Pattern configurations are applied globally and cannot be applied to individual repositories or sets of repositories at this time. Push protection configuration for custom patterns has moved to a secondary tab within the Pattern configuration pages.

screenshot of org-level push protection config settings

The configuration table shows data derived from your Enterprise or Organization on alert volume, false positive resolution rates, and bypass rates. You can use this information to determine whether you should include a pattern in push protection. By default, all patterns are set to their GitHub recommended setting.

You can also make configuration updates via the REST API.

Learn more about securing your repositories with secret scanning and push protection.