diff --git a/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md b/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md index 7422499daacb..6542edd249d0 100644 --- a/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md +++ b/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md @@ -51,19 +51,25 @@ This table lists the secrets supported by {% data variables.product.prodname_sec {% data reusables.secret-scanning.non-provider-patterns-beta %} -| Provider | Token | -|----------|:--------------------| -| Generic | ec_private_key | -| Generic | http_basic_authentication_header | -| Generic | http_bearer_authentication_header | -| Generic | mongodb_connection_string | -| Generic | mysql_connection_string | -| Generic | openssh_private_key | -| Generic | pgp_private_key | -| Generic | postgres_connection_string | -| Generic | rsa_private_key | - ->[!NOTE] Validity checks are not supported for non-provider patterns. +Precision levels are estimated based on the pattern type's typical false positive rates. + +| Provider | Token | Description | Precision | +|:---------|:--------------------------------------|:------------|:----------| +| Generic | ec_private_key | Elliptic Curve (EC) private keys used for cryptographic operations | High | +| Generic | generic_private_key | Cryptographic private keys with `-----BEGIN PRIVATE KEY-----` header | High | +| Generic | http_basic_authentication_header | HTTP Basic Authentication credentials in request headers | Medium | +| Generic | http_bearer_authentication_header | HTTP Bearer tokens used for API authentication | Medium | +| Generic | mongodb_connection_string | Connection strings for MongoDB databases containing credentials | High | +| Generic | mysql_connection_string | Connection strings for MySQL databases containing credentials | High | +| Generic | openssh_private_key | OpenSSH format private keys used for SSH authentication | High | +| Generic | pgp_private_key | PGP (Pretty Good Privacy) private keys used for encryption and signing | High | +| Generic | postgres_connection_string | Connection strings for PostgreSQL databases containing credentials | High | +| Generic | rsa_private_key | RSA private keys used for cryptographic operations | High | + +`generic_private_key` support is only available on {% data variables.product.prodname_ghe_server %} from version 3.20. + +>[!NOTE] +> Validity checks are **not supported** for non-provider patterns. {% ifversion secret-scanning-ai-generic-secret-detection %} diff --git a/data/features/secret-scanning-enhancements-wikis.yml b/data/features/secret-scanning-enhancements-wikis.yml index 0db0b9176964..786bb58d157a 100644 --- a/data/features/secret-scanning-enhancements-wikis.yml +++ b/data/features/secret-scanning-enhancements-wikis.yml @@ -1,5 +1,6 @@ -# Reference: #13325 -# Secret Scanning Detection for GitHub Wikis [Public Beta] +# Reference: #13325 and #19222 +# Secret Scanning Detection for GitHub Wikis versions: fpt: '*' ghec: '*' + ghes: '>3.18' diff --git a/data/reusables/security-configurations/secret-scanning-security-configs-summary.md b/data/reusables/security-configurations/secret-scanning-security-configs-summary.md index 8f472e52c24f..c3e41fa5ff8e 100644 --- a/data/reusables/security-configurations/secret-scanning-security-configs-summary.md +++ b/data/reusables/security-configurations/secret-scanning-security-configs-summary.md @@ -1 +1 @@ -{% data variables.product.prodname_secret_scanning_caps %} is a security tool that scans the entire Git history of repositories, as well as issues{% ifversion secret-scanning-enhancements-wikis %}, pull requests, discussions, and wikis{% elsif ghes > 3.13 %}, pull requests, and discussions{% endif %} in those repositories, for leaked secrets that have been accidentally committed, such as tokens or private keys. +{% data variables.product.prodname_secret_scanning_caps %} is a security tool that scans the entire Git history of repositories, as well as issues{% ifversion secret-scanning-enhancements-wikis %}, pull requests, discussions, and wikis{% elsif ghes < 3.19 %}, pull requests, and discussions{% endif %} in those repositories, for leaked secrets that have been accidentally committed, such as tokens or private keys.