Skip to main content
L’API REST est maintenant versionnée. Pour plus d’informations, consultez « À propos des versions de l’API ».

REST API endpoints for secret scanning custom patterns

Use the REST API to manage custom patterns for secret scanning.

List enterprise custom patterns

Lists secret scanning custom patterns for an enterprise.

Personal access tokens (classic) need the admin:enterprise scope to use this endpoint.

Jetons d'accès granulaires pour «List enterprise custom patterns»

Ce point de terminaison ne fonctionne pas avec des jetons d’accès utilisateur de l'application GitHub, les jetons d’accès d’installation de l'application GitHub, ou des jetons d’accès personnels affinés.

Paramètres pour «List enterprise custom patterns »

En-têtes
Nom, Type, Description
accept string

Setting to application/vnd.github+json is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
enterprise string Requis

The slug version of the enterprise name.

Paramètres de requête
Nom, Type, Description
state string

Filter custom patterns by state. When absent, returns patterns in all states.

Peut être l'un des: published, unpublished

push_protection string

Filter custom patterns by whether push protection is enabled. When absent, returns patterns regardless of push protection status.

Peut être l'un des: enabled, disabled

sort string

The property to sort the results by.

Par défaut: created

Peut être l'un des: created, updated, name

direction string

The direction to sort the results by.

Par défaut: desc

Peut être l'un des: asc, desc

page integer

The page number of the results to fetch. For more information, see "Using pagination in the REST API."

Par défaut: 1

per_page integer

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

Par défaut: 30

Codes d’état de réponse HTTP pour «List enterprise custom patterns »

Code de statutDescription
200

OK

403

Forbidden

404

Resource not found

Exemples de code pour «List enterprise custom patterns »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

get/enterprises/{enterprise}/secret-scanning/custom-patterns
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/enterprises/ENTERPRISE/secret-scanning/custom-patterns

Response

Status: 200
[ { "id": 1, "name": "Example Custom Pattern", "pattern": "[a-z]+_token_[0-9]+", "slug": "example-custom-pattern", "state": "published", "push_protection_enabled": true, "start_delimiter": null, "end_delimiter": null, "must_match": null, "must_not_match": null, "created_at": "2024-01-15T10:30:00Z", "updated_at": "2024-01-15T10:30:00Z" }, { "id": 2, "name": "Another Custom Pattern", "pattern": "prefix_[a-zA-Z0-9]{32}", "slug": "another-custom-pattern", "state": "published", "push_protection_enabled": false, "start_delimiter": "\\b", "end_delimiter": "\\b", "must_match": [ "^prefix_prod" ], "must_not_match": [ "test" ], "created_at": "2024-01-16T14:20:00Z", "updated_at": "2024-01-17T09:15:00Z" } ]

Bulk create enterprise custom patterns

Bulk creates secret scanning custom patterns for an enterprise.

Personal access tokens (classic) need the admin:enterprise scope to use this endpoint.

Jetons d'accès granulaires pour «Bulk create enterprise custom patterns»

Ce point de terminaison ne fonctionne pas avec des jetons d’accès utilisateur de l'application GitHub, les jetons d’accès d’installation de l'application GitHub, ou des jetons d’accès personnels affinés.

Paramètres pour «Bulk create enterprise custom patterns »

En-têtes
Nom, Type, Description
accept string

Setting to application/vnd.github+json is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
enterprise string Requis

The slug version of the enterprise name.

Paramètres du corps
Nom, Type, Description
patterns array of objects Requis

The list of custom patterns to create.

Nom, Type, Description
name string Requis

The name of the custom pattern.

pattern string Requis

The regular expression of the custom pattern.

start_delimiter string

The start delimiter regex for the custom pattern. Defaults to \A|[^0-9A-Za-z] when not specified.

Par défaut: \A|[^0-9A-Za-z]

end_delimiter string

The end delimiter regex for the custom pattern. Defaults to \z|[^0-9A-Za-z] when not specified.

Par défaut: \z|[^0-9A-Za-z]

must_match array of strings

List of regexes that the secret must match.

must_not_match array of strings

List of regexes that the secret must not match.

Codes d’état de réponse HTTP pour «Bulk create enterprise custom patterns »

Code de statutDescription
201

All patterns created successfully.

400

Bad Request

403

Forbidden

404

Resource not found

422

Validation failed for one or more patterns.

Exemples de code pour «Bulk create enterprise custom patterns »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

post/enterprises/{enterprise}/secret-scanning/custom-patterns
curl -L \ -X POST \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/enterprises/ENTERPRISE/secret-scanning/custom-patterns \ -d '{"patterns":[{"name":"Example Custom Pattern","pattern":"[a-z]+_token_[0-9]+"},{"name":"Another Custom Pattern","pattern":"prefix_[a-zA-Z0-9]{32}","start_delimiter":"\\b","end_delimiter":"\\b","must_match":["^prefix_prod"],"must_not_match":["test"]}]}'

All patterns created successfully.

Status: 201
{ "created_patterns": [ { "id": 1, "name": "Example Custom Pattern", "pattern": "[a-z]+_token_[0-9]+", "slug": "example-custom-pattern", "state": "unpublished", "push_protection_enabled": false, "start_delimiter": null, "end_delimiter": null, "must_match": null, "must_not_match": null, "created_at": "2024-01-15T10:30:00Z", "updated_at": "2024-01-15T10:30:00Z" }, { "id": 2, "name": "Another Custom Pattern", "pattern": "prefix_[a-zA-Z0-9]{32}", "slug": "another-custom-pattern", "state": "unpublished", "push_protection_enabled": false, "start_delimiter": "\\b", "end_delimiter": "\\b", "must_match": [ "^prefix_prod" ], "must_not_match": [ "test" ], "created_at": "2024-01-15T10:30:00Z", "updated_at": "2024-01-15T10:30:00Z" } ] }

Bulk delete enterprise custom patterns

Bulk deletes secret scanning custom patterns for an enterprise.

Personal access tokens (classic) need the admin:enterprise scope to use this endpoint.

Jetons d'accès granulaires pour «Bulk delete enterprise custom patterns»

Ce point de terminaison ne fonctionne pas avec des jetons d’accès utilisateur de l'application GitHub, les jetons d’accès d’installation de l'application GitHub, ou des jetons d’accès personnels affinés.

Paramètres pour «Bulk delete enterprise custom patterns »

En-têtes
Nom, Type, Description
accept string

Setting to application/vnd.github+json is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
enterprise string Requis

The slug version of the enterprise name.

Paramètres du corps
Nom, Type, Description
patterns array of objects Requis

The list of custom patterns to delete.

Nom, Type, Description
pattern_id integer Requis

The ID of the custom pattern to delete.

custom_pattern_version string or null

The version of the entity. This is used to confirm you're updating the current version of the entity and mitigate unintentionally overriding someone else's update.

post_delete_action string

What to do with alerts associated with the deleted patterns. delete_alerts permanently removes the alerts. resolve_alerts resolves the alerts as "pattern deleted". Defaults to delete_alerts when not specified.

Par défaut: delete_alerts

Peut être l'un des: delete_alerts, resolve_alerts

Codes d’état de réponse HTTP pour «Bulk delete enterprise custom patterns »

Code de statutDescription
204

All patterns deleted successfully.

400

Bad Request

403

Forbidden

404

Resource not found

412

Precondition Failed

Exemples de code pour «Bulk delete enterprise custom patterns »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

delete/enterprises/{enterprise}/secret-scanning/custom-patterns
curl -L \ -X DELETE \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/enterprises/ENTERPRISE/secret-scanning/custom-patterns \ -d '{"patterns":[{"pattern_id":2,"custom_pattern_version":"0ujsswThIGTUYm2K8FjOOfXtY1K"}]}'

All patterns deleted successfully.

Status: 204

Update an enterprise custom pattern

Updates a secret scanning custom pattern for an enterprise.

Personal access tokens (classic) need the admin:enterprise scope to use this endpoint.

Jetons d'accès granulaires pour «Update an enterprise custom pattern»

Ce point de terminaison ne fonctionne pas avec des jetons d’accès utilisateur de l'application GitHub, les jetons d’accès d’installation de l'application GitHub, ou des jetons d’accès personnels affinés.

Paramètres pour «Update an enterprise custom pattern »

En-têtes
Nom, Type, Description
accept string

Setting to application/vnd.github+json is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
enterprise string Requis

The slug version of the enterprise name.

pattern_id integer Requis

The ID of the custom pattern.

Paramètres du corps
Nom, Type, Description
pattern string

The updated regular expression of the custom pattern.

start_delimiter string

The updated start delimiter regex for the custom pattern.

end_delimiter string

The updated end delimiter regex for the custom pattern.

must_match array of strings

Updated list of regexes that the secret must match.

must_not_match array of strings

Updated list of regexes that the secret must not match.

custom_pattern_version string or null Requis

The version of the entity. This is used to confirm you're updating the current version of the entity and mitigate unintentionally overriding someone else's update.

Codes d’état de réponse HTTP pour «Update an enterprise custom pattern »

Code de statutDescription
200

Pattern updated successfully.

400

Bad Request

403

Forbidden

404

Resource not found

412

Precondition Failed

422

Validation failed, or the endpoint has been spammed.

Exemples de code pour «Update an enterprise custom pattern »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

patch/enterprises/{enterprise}/secret-scanning/custom-patterns/{pattern_id}
curl -L \ -X PATCH \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/enterprises/ENTERPRISE/secret-scanning/custom-patterns/PATTERN_ID \ -d '{"pattern":"updated_secret_[0-9A-Z]{16}","start_delimiter":"[^0-9A-Za-z]","end_delimiter":"[^0-9A-Za-z]","must_match":["updated_secret_[0-9]{2}*"],"must_not_match":["updated_secret_1234567890ABCDEF"],"custom_pattern_version":"0ujsswThIGTUYm2K8FjOOfXtY1K"}'

Pattern updated successfully.

Status: 200
{ "id": 1, "name": "Example Custom Pattern", "pattern": "updated_secret_[0-9A-Z]{16}", "slug": "example_custom_pattern", "state": "published", "push_protection_enabled": true, "start_delimiter": "[^0-9A-Za-z]", "end_delimiter": "[^0-9A-Za-z]", "must_match": [ "updated_secret_[0-9]{2}*" ], "must_not_match": [ "updated_secret_1234567890ABCDEF" ], "custom_pattern_version": "0ujsswThIGTUYm2K8FjOOfXtY1K", "created_at": "2024-01-15T10:30:00Z", "updated_at": "2024-06-01T12:00:00Z" }

List organization custom patterns

Lists secret scanning custom patterns for an organization.

Personal access tokens (classic) need the read:org scope to use this endpoint.

Jetons d'accès granulaires pour «List organization custom patterns»

Ce point de terminaison fonctionne avec les types de tokens à granularité fine suivants:

Le token à granularité fine doit disposer de l’ensemble d’autorisations suivant:

  • "Administration" organization permissions (read)

Paramètres pour «List organization custom patterns »

En-têtes
Nom, Type, Description
accept string

Setting to application/vnd.github+json is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
org string Requis

The organization name. The name is not case sensitive.

Paramètres de requête
Nom, Type, Description
state string

Filter custom patterns by state. When absent, returns patterns in all states.

Peut être l'un des: published, unpublished

push_protection string

Filter custom patterns by whether push protection is enabled. When absent, returns patterns regardless of push protection status.

Peut être l'un des: enabled, disabled

sort string

The property to sort the results by.

Par défaut: created

Peut être l'un des: created, updated, name

direction string

The direction to sort the results by.

Par défaut: desc

Peut être l'un des: asc, desc

page integer

The page number of the results to fetch. For more information, see "Using pagination in the REST API."

Par défaut: 1

per_page integer

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

Par défaut: 30

Codes d’état de réponse HTTP pour «List organization custom patterns »

Code de statutDescription
200

OK

403

Forbidden

404

Resource not found

Exemples de code pour «List organization custom patterns »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

get/orgs/{org}/secret-scanning/custom-patterns
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/orgs/ORG/secret-scanning/custom-patterns

Response

Status: 200
[ { "id": 1, "name": "Example Custom Pattern", "pattern": "[a-z]+_token_[0-9]+", "slug": "example-custom-pattern", "state": "published", "push_protection_enabled": true, "start_delimiter": null, "end_delimiter": null, "must_match": null, "must_not_match": null, "created_at": "2024-01-15T10:30:00Z", "updated_at": "2024-01-15T10:30:00Z" }, { "id": 2, "name": "Another Custom Pattern", "pattern": "prefix_[a-zA-Z0-9]{32}", "slug": "another-custom-pattern", "state": "published", "push_protection_enabled": false, "start_delimiter": "\\b", "end_delimiter": "\\b", "must_match": [ "^prefix_prod" ], "must_not_match": [ "test" ], "created_at": "2024-01-16T14:20:00Z", "updated_at": "2024-01-17T09:15:00Z" } ]

Bulk create organization custom patterns

Bulk creates secret scanning custom patterns for an organization.

Personal access tokens (classic) need the write:org scope to use this endpoint.

Jetons d'accès granulaires pour «Bulk create organization custom patterns»

Ce point de terminaison fonctionne avec les types de tokens à granularité fine suivants:

Le token à granularité fine doit disposer de l’ensemble d’autorisations suivant:

  • "Administration" organization permissions (write)

Paramètres pour «Bulk create organization custom patterns »

En-têtes
Nom, Type, Description
accept string

Setting to application/vnd.github+json is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
org string Requis

The organization name. The name is not case sensitive.

Paramètres du corps
Nom, Type, Description
patterns array of objects Requis

The list of custom patterns to create.

Nom, Type, Description
name string Requis

The name of the custom pattern.

pattern string Requis

The regular expression of the custom pattern.

start_delimiter string

The start delimiter regex for the custom pattern. Defaults to \A|[^0-9A-Za-z] when not specified.

Par défaut: \A|[^0-9A-Za-z]

end_delimiter string

The end delimiter regex for the custom pattern. Defaults to \z|[^0-9A-Za-z] when not specified.

Par défaut: \z|[^0-9A-Za-z]

must_match array of strings

List of regexes that the secret must match.

must_not_match array of strings

List of regexes that the secret must not match.

Codes d’état de réponse HTTP pour «Bulk create organization custom patterns »

Code de statutDescription
201

All patterns created successfully.

400

Bad Request

403

Forbidden

404

Resource not found

422

Validation failed for one or more patterns.

Exemples de code pour «Bulk create organization custom patterns »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

post/orgs/{org}/secret-scanning/custom-patterns
curl -L \ -X POST \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/orgs/ORG/secret-scanning/custom-patterns \ -d '{"patterns":[{"name":"Example Custom Pattern","pattern":"[a-z]+_token_[0-9]+"},{"name":"Another Custom Pattern","pattern":"prefix_[a-zA-Z0-9]{32}","start_delimiter":"\\b","end_delimiter":"\\b","must_match":["^prefix_prod"],"must_not_match":["test"]}]}'

All patterns created successfully.

Status: 201
{ "created_patterns": [ { "id": 1, "name": "Example Custom Pattern", "pattern": "[a-z]+_token_[0-9]+", "slug": "example-custom-pattern", "state": "unpublished", "push_protection_enabled": false, "start_delimiter": null, "end_delimiter": null, "must_match": null, "must_not_match": null, "created_at": "2024-01-15T10:30:00Z", "updated_at": "2024-01-15T10:30:00Z" }, { "id": 2, "name": "Another Custom Pattern", "pattern": "prefix_[a-zA-Z0-9]{32}", "slug": "another-custom-pattern", "state": "unpublished", "push_protection_enabled": false, "start_delimiter": "\\b", "end_delimiter": "\\b", "must_match": [ "^prefix_prod" ], "must_not_match": [ "test" ], "created_at": "2024-01-15T10:30:00Z", "updated_at": "2024-01-15T10:30:00Z" } ] }

Bulk delete organization custom patterns

Bulk deletes secret scanning custom patterns for an organization.

Personal access tokens (classic) need the write:org scope to use this endpoint.

Jetons d'accès granulaires pour «Bulk delete organization custom patterns»

Ce point de terminaison fonctionne avec les types de tokens à granularité fine suivants:

Le token à granularité fine doit disposer de l’ensemble d’autorisations suivant:

  • "Administration" organization permissions (write)

Paramètres pour «Bulk delete organization custom patterns »

En-têtes
Nom, Type, Description
accept string

Setting to application/vnd.github+json is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
org string Requis

The organization name. The name is not case sensitive.

Paramètres du corps
Nom, Type, Description
patterns array of objects Requis

The list of custom patterns to delete.

Nom, Type, Description
pattern_id integer Requis

The ID of the custom pattern to delete.

custom_pattern_version string or null

The version of the entity. This is used to confirm you're updating the current version of the entity and mitigate unintentionally overriding someone else's update.

post_delete_action string

What to do with alerts associated with the deleted patterns. delete_alerts permanently removes the alerts. resolve_alerts resolves the alerts as "pattern deleted". Defaults to delete_alerts when not specified.

Par défaut: delete_alerts

Peut être l'un des: delete_alerts, resolve_alerts

Codes d’état de réponse HTTP pour «Bulk delete organization custom patterns »

Code de statutDescription
204

All patterns deleted successfully.

400

Bad Request

403

Forbidden

404

Resource not found

412

Precondition Failed

Exemples de code pour «Bulk delete organization custom patterns »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

delete/orgs/{org}/secret-scanning/custom-patterns
curl -L \ -X DELETE \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/orgs/ORG/secret-scanning/custom-patterns \ -d '{"patterns":[{"pattern_id":2,"custom_pattern_version":"0ujsswThIGTUYm2K8FjOOfXtY1K"}]}'

All patterns deleted successfully.

Status: 204

Update an organization custom pattern

Updates a secret scanning custom pattern for an organization.

Personal access tokens (classic) need the write:org scope to use this endpoint.

Jetons d'accès granulaires pour «Update an organization custom pattern»

Ce point de terminaison fonctionne avec les types de tokens à granularité fine suivants:

Le token à granularité fine doit disposer de l’ensemble d’autorisations suivant:

  • "Administration" organization permissions (write)

Paramètres pour «Update an organization custom pattern »

En-têtes
Nom, Type, Description
accept string

Setting to application/vnd.github+json is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
org string Requis

The organization name. The name is not case sensitive.

pattern_id integer Requis

The ID of the custom pattern.

Paramètres du corps
Nom, Type, Description
pattern string

The updated regular expression of the custom pattern.

start_delimiter string

The updated start delimiter regex for the custom pattern.

end_delimiter string

The updated end delimiter regex for the custom pattern.

must_match array of strings

Updated list of regexes that the secret must match.

must_not_match array of strings

Updated list of regexes that the secret must not match.

custom_pattern_version string or null Requis

The version of the entity. This is used to confirm you're updating the current version of the entity and mitigate unintentionally overriding someone else's update.

Codes d’état de réponse HTTP pour «Update an organization custom pattern »

Code de statutDescription
200

Pattern updated successfully.

400

Bad Request

403

Forbidden

404

Resource not found

412

Precondition Failed

422

Validation failed, or the endpoint has been spammed.

Exemples de code pour «Update an organization custom pattern »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

patch/orgs/{org}/secret-scanning/custom-patterns/{pattern_id}
curl -L \ -X PATCH \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/orgs/ORG/secret-scanning/custom-patterns/PATTERN_ID \ -d '{"pattern":"updated_secret_[0-9A-Z]{16}","start_delimiter":"[^0-9A-Za-z]","end_delimiter":"[^0-9A-Za-z]","must_match":["updated_secret_[0-9]{2}*"],"must_not_match":["updated_secret_1234567890ABCDEF"],"custom_pattern_version":"0ujsswThIGTUYm2K8FjOOfXtY1K"}'

Pattern updated successfully.

Status: 200
{ "id": 1, "name": "Example Custom Pattern", "pattern": "updated_secret_[0-9A-Z]{16}", "slug": "example_custom_pattern", "state": "published", "push_protection_enabled": true, "start_delimiter": "[^0-9A-Za-z]", "end_delimiter": "[^0-9A-Za-z]", "must_match": [ "updated_secret_[0-9]{2}*" ], "must_not_match": [ "updated_secret_1234567890ABCDEF" ], "custom_pattern_version": "0ujsswThIGTUYm2K8FjOOfXtY1K", "created_at": "2024-01-15T10:30:00Z", "updated_at": "2024-06-01T12:00:00Z" }

List repository custom patterns

Lists secret scanning custom patterns for a repository.

OAuth app tokens and personal access tokens (classic) need the repo or security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.

Jetons d'accès granulaires pour «List repository custom patterns»

Ce point de terminaison fonctionne avec les types de tokens à granularité fine suivants:

Le token à granularité fine doit disposer de l’ensemble d’autorisations suivant:

  • "Secret scanning alerts" repository permissions (read)

Paramètres pour «List repository custom patterns »

En-têtes
Nom, Type, Description
accept string

Setting to application/vnd.github+json is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
owner string Requis

The account owner of the repository. The name is not case sensitive.

repo string Requis

The name of the repository without the .git extension. The name is not case sensitive.

Paramètres de requête
Nom, Type, Description
state string

Filter custom patterns by state. When absent, returns patterns in all states.

Peut être l'un des: published, unpublished

push_protection string

Filter custom patterns by whether push protection is enabled. When absent, returns patterns regardless of push protection status.

Peut être l'un des: enabled, disabled

sort string

The property to sort the results by.

Par défaut: created

Peut être l'un des: created, updated, name

direction string

The direction to sort the results by.

Par défaut: desc

Peut être l'un des: asc, desc

page integer

The page number of the results to fetch. For more information, see "Using pagination in the REST API."

Par défaut: 1

per_page integer

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

Par défaut: 30

Codes d’état de réponse HTTP pour «List repository custom patterns »

Code de statutDescription
200

OK

403

Forbidden

404

Resource not found

Exemples de code pour «List repository custom patterns »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

get/repos/{owner}/{repo}/secret-scanning/custom-patterns
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/repos/OWNER/REPO/secret-scanning/custom-patterns

Response

Status: 200
[ { "id": 1, "name": "Example Custom Pattern", "pattern": "[a-z]+_token_[0-9]+", "slug": "example-custom-pattern", "state": "published", "push_protection_enabled": true, "start_delimiter": null, "end_delimiter": null, "must_match": null, "must_not_match": null, "created_at": "2024-01-15T10:30:00Z", "updated_at": "2024-01-15T10:30:00Z" }, { "id": 2, "name": "Another Custom Pattern", "pattern": "prefix_[a-zA-Z0-9]{32}", "slug": "another-custom-pattern", "state": "published", "push_protection_enabled": false, "start_delimiter": "\\b", "end_delimiter": "\\b", "must_match": [ "^prefix_prod" ], "must_not_match": [ "test" ], "created_at": "2024-01-16T14:20:00Z", "updated_at": "2024-01-17T09:15:00Z" } ]

Bulk create repository custom patterns

Bulk creates secret scanning custom patterns for a repository.

OAuth app tokens and personal access tokens (classic) need the repo or security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.

Jetons d'accès granulaires pour «Bulk create repository custom patterns»

Ce point de terminaison fonctionne avec les types de tokens à granularité fine suivants:

Le token à granularité fine doit disposer de l’ensemble d’autorisations suivant:

  • "Secret scanning alerts" repository permissions (write)

Paramètres pour «Bulk create repository custom patterns »

En-têtes
Nom, Type, Description
accept string

Setting to application/vnd.github+json is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
owner string Requis

The account owner of the repository. The name is not case sensitive.

repo string Requis

The name of the repository without the .git extension. The name is not case sensitive.

Paramètres du corps
Nom, Type, Description
patterns array of objects Requis

The list of custom patterns to create.

Nom, Type, Description
name string Requis

The name of the custom pattern.

pattern string Requis

The regular expression of the custom pattern.

start_delimiter string

The start delimiter regex for the custom pattern. Defaults to \A|[^0-9A-Za-z] when not specified.

Par défaut: \A|[^0-9A-Za-z]

end_delimiter string

The end delimiter regex for the custom pattern. Defaults to \z|[^0-9A-Za-z] when not specified.

Par défaut: \z|[^0-9A-Za-z]

must_match array of strings

List of regexes that the secret must match.

must_not_match array of strings

List of regexes that the secret must not match.

Codes d’état de réponse HTTP pour «Bulk create repository custom patterns »

Code de statutDescription
201

All patterns created successfully.

400

Bad Request

403

Forbidden

404

Resource not found

422

Validation failed for one or more patterns.

Exemples de code pour «Bulk create repository custom patterns »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

post/repos/{owner}/{repo}/secret-scanning/custom-patterns
curl -L \ -X POST \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/repos/OWNER/REPO/secret-scanning/custom-patterns \ -d '{"patterns":[{"name":"Example Custom Pattern","pattern":"[a-z]+_token_[0-9]+"},{"name":"Another Custom Pattern","pattern":"prefix_[a-zA-Z0-9]{32}","start_delimiter":"\\b","end_delimiter":"\\b","must_match":["^prefix_prod"],"must_not_match":["test"]}]}'

All patterns created successfully.

Status: 201
{ "created_patterns": [ { "id": 1, "name": "Example Custom Pattern", "pattern": "[a-z]+_token_[0-9]+", "slug": "example-custom-pattern", "state": "unpublished", "push_protection_enabled": false, "start_delimiter": null, "end_delimiter": null, "must_match": null, "must_not_match": null, "created_at": "2024-01-15T10:30:00Z", "updated_at": "2024-01-15T10:30:00Z" }, { "id": 2, "name": "Another Custom Pattern", "pattern": "prefix_[a-zA-Z0-9]{32}", "slug": "another-custom-pattern", "state": "unpublished", "push_protection_enabled": false, "start_delimiter": "\\b", "end_delimiter": "\\b", "must_match": [ "^prefix_prod" ], "must_not_match": [ "test" ], "created_at": "2024-01-15T10:30:00Z", "updated_at": "2024-01-15T10:30:00Z" } ] }

Bulk delete repository custom patterns

Bulk deletes secret scanning custom patterns for a repository.

OAuth app tokens and personal access tokens (classic) need the repo or security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.

Jetons d'accès granulaires pour «Bulk delete repository custom patterns»

Ce point de terminaison fonctionne avec les types de tokens à granularité fine suivants:

Le token à granularité fine doit disposer de l’ensemble d’autorisations suivant:

  • "Secret scanning alerts" repository permissions (write)

Paramètres pour «Bulk delete repository custom patterns »

En-têtes
Nom, Type, Description
accept string

Setting to application/vnd.github+json is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
owner string Requis

The account owner of the repository. The name is not case sensitive.

repo string Requis

The name of the repository without the .git extension. The name is not case sensitive.

Paramètres du corps
Nom, Type, Description
patterns array of objects Requis

The list of custom patterns to delete.

Nom, Type, Description
pattern_id integer Requis

The ID of the custom pattern to delete.

custom_pattern_version string or null

The version of the entity. This is used to confirm you're updating the current version of the entity and mitigate unintentionally overriding someone else's update.

post_delete_action string

What to do with alerts associated with the deleted patterns. delete_alerts permanently removes the alerts. resolve_alerts resolves the alerts as "pattern deleted". Defaults to delete_alerts when not specified.

Par défaut: delete_alerts

Peut être l'un des: delete_alerts, resolve_alerts

Codes d’état de réponse HTTP pour «Bulk delete repository custom patterns »

Code de statutDescription
204

All patterns deleted successfully.

400

Bad Request

403

Forbidden

404

Resource not found

412

Precondition Failed

Exemples de code pour «Bulk delete repository custom patterns »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

delete/repos/{owner}/{repo}/secret-scanning/custom-patterns
curl -L \ -X DELETE \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/repos/OWNER/REPO/secret-scanning/custom-patterns \ -d '{"patterns":[{"pattern_id":2,"custom_pattern_version":"0ujsswThIGTUYm2K8FjOOfXtY1K"}]}'

All patterns deleted successfully.

Status: 204

Update a repository custom pattern

Updates a secret scanning custom pattern for a repository.

OAuth app tokens and personal access tokens (classic) need the repo or security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.

Jetons d'accès granulaires pour «Update a repository custom pattern»

Ce point de terminaison fonctionne avec les types de tokens à granularité fine suivants:

Le token à granularité fine doit disposer de l’ensemble d’autorisations suivant:

  • "Secret scanning alerts" repository permissions (write)

Paramètres pour «Update a repository custom pattern »

En-têtes
Nom, Type, Description
accept string

Setting to application/vnd.github+json is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
owner string Requis

The account owner of the repository. The name is not case sensitive.

repo string Requis

The name of the repository without the .git extension. The name is not case sensitive.

pattern_id integer Requis

The ID of the custom pattern.

Paramètres du corps
Nom, Type, Description
pattern string

The updated regular expression of the custom pattern.

start_delimiter string

The updated start delimiter regex for the custom pattern.

end_delimiter string

The updated end delimiter regex for the custom pattern.

must_match array of strings

Updated list of regexes that the secret must match.

must_not_match array of strings

Updated list of regexes that the secret must not match.

custom_pattern_version string or null Requis

The version of the entity. This is used to confirm you're updating the current version of the entity and mitigate unintentionally overriding someone else's update.

Codes d’état de réponse HTTP pour «Update a repository custom pattern »

Code de statutDescription
200

Pattern updated successfully.

400

Bad Request

403

Forbidden

404

Resource not found

412

Precondition Failed

422

Validation failed, or the endpoint has been spammed.

Exemples de code pour «Update a repository custom pattern »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

patch/repos/{owner}/{repo}/secret-scanning/custom-patterns/{pattern_id}
curl -L \ -X PATCH \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/repos/OWNER/REPO/secret-scanning/custom-patterns/PATTERN_ID \ -d '{"pattern":"updated_secret_[0-9A-Z]{16}","start_delimiter":"[^0-9A-Za-z]","end_delimiter":"[^0-9A-Za-z]","must_match":["updated_secret_[0-9]{2}*"],"must_not_match":["updated_secret_1234567890ABCDEF"],"custom_pattern_version":"0ujsswThIGTUYm2K8FjOOfXtY1K"}'

Pattern updated successfully.

Status: 200
{ "id": 1, "name": "Example Custom Pattern", "pattern": "updated_secret_[0-9A-Z]{16}", "slug": "example_custom_pattern", "state": "published", "push_protection_enabled": true, "start_delimiter": "[^0-9A-Za-z]", "end_delimiter": "[^0-9A-Za-z]", "must_match": [ "updated_secret_[0-9]{2}*" ], "must_not_match": [ "updated_secret_1234567890ABCDEF" ], "custom_pattern_version": "0ujsswThIGTUYm2K8FjOOfXtY1K", "created_at": "2024-01-15T10:30:00Z", "updated_at": "2024-06-01T12:00:00Z" }