REST API endpoints for secret scanning custom patterns
Use the REST API to manage custom patterns for secret scanning.
List enterprise custom patterns
Lists secret scanning custom patterns for an enterprise.
Personal access tokens (classic) need the admin:enterprise scope to use this endpoint.
Jetons d'accès granulaires pour «List enterprise custom patterns»
Ce point de terminaison ne fonctionne pas avec des jetons d’accès utilisateur de l'application GitHub, les jetons d’accès d’installation de l'application GitHub, ou des jetons d’accès personnels affinés.
Paramètres pour «List enterprise custom patterns »
| Nom, Type, Description |
|---|
accept string Setting to |
| Nom, Type, Description |
|---|
enterprise string RequisThe slug version of the enterprise name. |
| Nom, Type, Description |
|---|
state string Filter custom patterns by state. When absent, returns patterns in all states. Peut être l'un des: |
push_protection string Filter custom patterns by whether push protection is enabled. When absent, returns patterns regardless of push protection status. Peut être l'un des: |
sort string The property to sort the results by. Par défaut: Peut être l'un des: |
direction string The direction to sort the results by. Par défaut: Peut être l'un des: |
page integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Par défaut: |
per_page integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Par défaut: |
Codes d’état de réponse HTTP pour «List enterprise custom patterns »
| Code de statut | Description |
|---|---|
200 | OK |
403 | Forbidden |
404 | Resource not found |
Exemples de code pour «List enterprise custom patterns »
Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.
Exemple de requête
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/enterprises/ENTERPRISE/secret-scanning/custom-patternsResponse
Status: 200[
{
"id": 1,
"name": "Example Custom Pattern",
"pattern": "[a-z]+_token_[0-9]+",
"slug": "example-custom-pattern",
"state": "published",
"push_protection_enabled": true,
"start_delimiter": null,
"end_delimiter": null,
"must_match": null,
"must_not_match": null,
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
},
{
"id": 2,
"name": "Another Custom Pattern",
"pattern": "prefix_[a-zA-Z0-9]{32}",
"slug": "another-custom-pattern",
"state": "published",
"push_protection_enabled": false,
"start_delimiter": "\\b",
"end_delimiter": "\\b",
"must_match": [
"^prefix_prod"
],
"must_not_match": [
"test"
],
"created_at": "2024-01-16T14:20:00Z",
"updated_at": "2024-01-17T09:15:00Z"
}
]Bulk create enterprise custom patterns
Bulk creates secret scanning custom patterns for an enterprise.
Personal access tokens (classic) need the admin:enterprise scope to use this endpoint.
Jetons d'accès granulaires pour «Bulk create enterprise custom patterns»
Ce point de terminaison ne fonctionne pas avec des jetons d’accès utilisateur de l'application GitHub, les jetons d’accès d’installation de l'application GitHub, ou des jetons d’accès personnels affinés.
Paramètres pour «Bulk create enterprise custom patterns »
| Nom, Type, Description |
|---|
accept string Setting to |
| Nom, Type, Description |
|---|
enterprise string RequisThe slug version of the enterprise name. |
| Nom, Type, Description | |||||||
|---|---|---|---|---|---|---|---|
patterns array of objects RequisThe list of custom patterns to create. | |||||||
Properties of |
| Nom, Type, Description |
|---|
name string RequisThe name of the custom pattern. |
pattern string RequisThe regular expression of the custom pattern. |
start_delimiter string The start delimiter regex for the custom pattern.
Defaults to Par défaut: |
end_delimiter string The end delimiter regex for the custom pattern.
Defaults to Par défaut: |
must_match array of strings List of regexes that the secret must match. |
must_not_match array of strings List of regexes that the secret must not match. |
Codes d’état de réponse HTTP pour «Bulk create enterprise custom patterns »
| Code de statut | Description |
|---|---|
201 | All patterns created successfully. |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
422 | Validation failed for one or more patterns. |
Exemples de code pour «Bulk create enterprise custom patterns »
Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.
Exemple de requête
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/enterprises/ENTERPRISE/secret-scanning/custom-patterns \
-d '{"patterns":[{"name":"Example Custom Pattern","pattern":"[a-z]+_token_[0-9]+"},{"name":"Another Custom Pattern","pattern":"prefix_[a-zA-Z0-9]{32}","start_delimiter":"\\b","end_delimiter":"\\b","must_match":["^prefix_prod"],"must_not_match":["test"]}]}'All patterns created successfully.
Status: 201{
"created_patterns": [
{
"id": 1,
"name": "Example Custom Pattern",
"pattern": "[a-z]+_token_[0-9]+",
"slug": "example-custom-pattern",
"state": "unpublished",
"push_protection_enabled": false,
"start_delimiter": null,
"end_delimiter": null,
"must_match": null,
"must_not_match": null,
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
},
{
"id": 2,
"name": "Another Custom Pattern",
"pattern": "prefix_[a-zA-Z0-9]{32}",
"slug": "another-custom-pattern",
"state": "unpublished",
"push_protection_enabled": false,
"start_delimiter": "\\b",
"end_delimiter": "\\b",
"must_match": [
"^prefix_prod"
],
"must_not_match": [
"test"
],
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
}
]
}Bulk delete enterprise custom patterns
Bulk deletes secret scanning custom patterns for an enterprise.
Personal access tokens (classic) need the admin:enterprise scope to use this endpoint.
Jetons d'accès granulaires pour «Bulk delete enterprise custom patterns»
Ce point de terminaison ne fonctionne pas avec des jetons d’accès utilisateur de l'application GitHub, les jetons d’accès d’installation de l'application GitHub, ou des jetons d’accès personnels affinés.
Paramètres pour «Bulk delete enterprise custom patterns »
| Nom, Type, Description |
|---|
accept string Setting to |
| Nom, Type, Description |
|---|
enterprise string RequisThe slug version of the enterprise name. |
| Nom, Type, Description | |||
|---|---|---|---|
patterns array of objects RequisThe list of custom patterns to delete. | |||
Properties of |
| Nom, Type, Description |
|---|
pattern_id integer RequisThe ID of the custom pattern to delete. |
custom_pattern_version string or null The version of the entity. This is used to confirm you're updating the current version of the entity and mitigate unintentionally overriding someone else's update. |
post_delete_action string What to do with alerts associated with the deleted patterns.
delete_alerts permanently removes the alerts.
resolve_alerts resolves the alerts as "pattern deleted".
Defaults to delete_alerts when not specified.
Par défaut: delete_alerts
Peut être l'un des: delete_alerts, resolve_alerts
Codes d’état de réponse HTTP pour «Bulk delete enterprise custom patterns »
| Code de statut | Description |
|---|---|
204 | All patterns deleted successfully. |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
412 | Precondition Failed |
Exemples de code pour «Bulk delete enterprise custom patterns »
Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.
Exemple de requête
curl -L \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/enterprises/ENTERPRISE/secret-scanning/custom-patterns \
-d '{"patterns":[{"pattern_id":2,"custom_pattern_version":"0ujsswThIGTUYm2K8FjOOfXtY1K"}]}'All patterns deleted successfully.
Status: 204Update an enterprise custom pattern
Updates a secret scanning custom pattern for an enterprise.
Personal access tokens (classic) need the admin:enterprise scope to use this endpoint.
Jetons d'accès granulaires pour «Update an enterprise custom pattern»
Ce point de terminaison ne fonctionne pas avec des jetons d’accès utilisateur de l'application GitHub, les jetons d’accès d’installation de l'application GitHub, ou des jetons d’accès personnels affinés.
Paramètres pour «Update an enterprise custom pattern »
| Nom, Type, Description |
|---|
accept string Setting to |
| Nom, Type, Description |
|---|
enterprise string RequisThe slug version of the enterprise name. |
pattern_id integer RequisThe ID of the custom pattern. |
| Nom, Type, Description |
|---|
pattern string The updated regular expression of the custom pattern. |
start_delimiter string The updated start delimiter regex for the custom pattern. |
end_delimiter string The updated end delimiter regex for the custom pattern. |
must_match array of strings Updated list of regexes that the secret must match. |
must_not_match array of strings Updated list of regexes that the secret must not match. |
custom_pattern_version string or null RequisThe version of the entity. This is used to confirm you're updating the current version of the entity and mitigate unintentionally overriding someone else's update. |
Codes d’état de réponse HTTP pour «Update an enterprise custom pattern »
| Code de statut | Description |
|---|---|
200 | Pattern updated successfully. |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
412 | Precondition Failed |
422 | Validation failed, or the endpoint has been spammed. |
Exemples de code pour «Update an enterprise custom pattern »
Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.
Exemple de requête
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/enterprises/ENTERPRISE/secret-scanning/custom-patterns/PATTERN_ID \
-d '{"pattern":"updated_secret_[0-9A-Z]{16}","start_delimiter":"[^0-9A-Za-z]","end_delimiter":"[^0-9A-Za-z]","must_match":["updated_secret_[0-9]{2}*"],"must_not_match":["updated_secret_1234567890ABCDEF"],"custom_pattern_version":"0ujsswThIGTUYm2K8FjOOfXtY1K"}'Pattern updated successfully.
Status: 200{
"id": 1,
"name": "Example Custom Pattern",
"pattern": "updated_secret_[0-9A-Z]{16}",
"slug": "example_custom_pattern",
"state": "published",
"push_protection_enabled": true,
"start_delimiter": "[^0-9A-Za-z]",
"end_delimiter": "[^0-9A-Za-z]",
"must_match": [
"updated_secret_[0-9]{2}*"
],
"must_not_match": [
"updated_secret_1234567890ABCDEF"
],
"custom_pattern_version": "0ujsswThIGTUYm2K8FjOOfXtY1K",
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-06-01T12:00:00Z"
}List organization custom patterns
Lists secret scanning custom patterns for an organization.
Personal access tokens (classic) need the read:org scope to use this endpoint.
Jetons d'accès granulaires pour «List organization custom patterns»
Ce point de terminaison fonctionne avec les types de tokens à granularité fine suivants:
- jetons d’accès utilisateur de l’application GitHub
- jetons d’accès d’installation de l’application GitHub
- Tokens d’accès personnel à granularité fine
Le token à granularité fine doit disposer de l’ensemble d’autorisations suivant:
- "Administration" organization permissions (read)
Paramètres pour «List organization custom patterns »
| Nom, Type, Description |
|---|
accept string Setting to |
| Nom, Type, Description |
|---|
org string RequisThe organization name. The name is not case sensitive. |
| Nom, Type, Description |
|---|
state string Filter custom patterns by state. When absent, returns patterns in all states. Peut être l'un des: |
push_protection string Filter custom patterns by whether push protection is enabled. When absent, returns patterns regardless of push protection status. Peut être l'un des: |
sort string The property to sort the results by. Par défaut: Peut être l'un des: |
direction string The direction to sort the results by. Par défaut: Peut être l'un des: |
page integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Par défaut: |
per_page integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Par défaut: |
Codes d’état de réponse HTTP pour «List organization custom patterns »
| Code de statut | Description |
|---|---|
200 | OK |
403 | Forbidden |
404 | Resource not found |
Exemples de code pour «List organization custom patterns »
Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.
Exemple de requête
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/orgs/ORG/secret-scanning/custom-patternsResponse
Status: 200[
{
"id": 1,
"name": "Example Custom Pattern",
"pattern": "[a-z]+_token_[0-9]+",
"slug": "example-custom-pattern",
"state": "published",
"push_protection_enabled": true,
"start_delimiter": null,
"end_delimiter": null,
"must_match": null,
"must_not_match": null,
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
},
{
"id": 2,
"name": "Another Custom Pattern",
"pattern": "prefix_[a-zA-Z0-9]{32}",
"slug": "another-custom-pattern",
"state": "published",
"push_protection_enabled": false,
"start_delimiter": "\\b",
"end_delimiter": "\\b",
"must_match": [
"^prefix_prod"
],
"must_not_match": [
"test"
],
"created_at": "2024-01-16T14:20:00Z",
"updated_at": "2024-01-17T09:15:00Z"
}
]Bulk create organization custom patterns
Bulk creates secret scanning custom patterns for an organization.
Personal access tokens (classic) need the write:org scope to use this endpoint.
Jetons d'accès granulaires pour «Bulk create organization custom patterns»
Ce point de terminaison fonctionne avec les types de tokens à granularité fine suivants:
- jetons d’accès utilisateur de l’application GitHub
- jetons d’accès d’installation de l’application GitHub
- Tokens d’accès personnel à granularité fine
Le token à granularité fine doit disposer de l’ensemble d’autorisations suivant:
- "Administration" organization permissions (write)
Paramètres pour «Bulk create organization custom patterns »
| Nom, Type, Description |
|---|
accept string Setting to |
| Nom, Type, Description |
|---|
org string RequisThe organization name. The name is not case sensitive. |
| Nom, Type, Description | |||||||
|---|---|---|---|---|---|---|---|
patterns array of objects RequisThe list of custom patterns to create. | |||||||
Properties of |
| Nom, Type, Description |
|---|
name string RequisThe name of the custom pattern. |
pattern string RequisThe regular expression of the custom pattern. |
start_delimiter string The start delimiter regex for the custom pattern.
Defaults to Par défaut: |
end_delimiter string The end delimiter regex for the custom pattern.
Defaults to Par défaut: |
must_match array of strings List of regexes that the secret must match. |
must_not_match array of strings List of regexes that the secret must not match. |
Codes d’état de réponse HTTP pour «Bulk create organization custom patterns »
| Code de statut | Description |
|---|---|
201 | All patterns created successfully. |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
422 | Validation failed for one or more patterns. |
Exemples de code pour «Bulk create organization custom patterns »
Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.
Exemple de requête
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/orgs/ORG/secret-scanning/custom-patterns \
-d '{"patterns":[{"name":"Example Custom Pattern","pattern":"[a-z]+_token_[0-9]+"},{"name":"Another Custom Pattern","pattern":"prefix_[a-zA-Z0-9]{32}","start_delimiter":"\\b","end_delimiter":"\\b","must_match":["^prefix_prod"],"must_not_match":["test"]}]}'All patterns created successfully.
Status: 201{
"created_patterns": [
{
"id": 1,
"name": "Example Custom Pattern",
"pattern": "[a-z]+_token_[0-9]+",
"slug": "example-custom-pattern",
"state": "unpublished",
"push_protection_enabled": false,
"start_delimiter": null,
"end_delimiter": null,
"must_match": null,
"must_not_match": null,
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
},
{
"id": 2,
"name": "Another Custom Pattern",
"pattern": "prefix_[a-zA-Z0-9]{32}",
"slug": "another-custom-pattern",
"state": "unpublished",
"push_protection_enabled": false,
"start_delimiter": "\\b",
"end_delimiter": "\\b",
"must_match": [
"^prefix_prod"
],
"must_not_match": [
"test"
],
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
}
]
}Bulk delete organization custom patterns
Bulk deletes secret scanning custom patterns for an organization.
Personal access tokens (classic) need the write:org scope to use this endpoint.
Jetons d'accès granulaires pour «Bulk delete organization custom patterns»
Ce point de terminaison fonctionne avec les types de tokens à granularité fine suivants:
- jetons d’accès utilisateur de l’application GitHub
- jetons d’accès d’installation de l’application GitHub
- Tokens d’accès personnel à granularité fine
Le token à granularité fine doit disposer de l’ensemble d’autorisations suivant:
- "Administration" organization permissions (write)
Paramètres pour «Bulk delete organization custom patterns »
| Nom, Type, Description |
|---|
accept string Setting to |
| Nom, Type, Description |
|---|
org string RequisThe organization name. The name is not case sensitive. |
| Nom, Type, Description | |||
|---|---|---|---|
patterns array of objects RequisThe list of custom patterns to delete. | |||
Properties of |
| Nom, Type, Description |
|---|
pattern_id integer RequisThe ID of the custom pattern to delete. |
custom_pattern_version string or null The version of the entity. This is used to confirm you're updating the current version of the entity and mitigate unintentionally overriding someone else's update. |
post_delete_action string What to do with alerts associated with the deleted patterns.
delete_alerts permanently removes the alerts.
resolve_alerts resolves the alerts as "pattern deleted".
Defaults to delete_alerts when not specified.
Par défaut: delete_alerts
Peut être l'un des: delete_alerts, resolve_alerts
Codes d’état de réponse HTTP pour «Bulk delete organization custom patterns »
| Code de statut | Description |
|---|---|
204 | All patterns deleted successfully. |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
412 | Precondition Failed |
Exemples de code pour «Bulk delete organization custom patterns »
Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.
Exemple de requête
curl -L \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/orgs/ORG/secret-scanning/custom-patterns \
-d '{"patterns":[{"pattern_id":2,"custom_pattern_version":"0ujsswThIGTUYm2K8FjOOfXtY1K"}]}'All patterns deleted successfully.
Status: 204Update an organization custom pattern
Updates a secret scanning custom pattern for an organization.
Personal access tokens (classic) need the write:org scope to use this endpoint.
Jetons d'accès granulaires pour «Update an organization custom pattern»
Ce point de terminaison fonctionne avec les types de tokens à granularité fine suivants:
- jetons d’accès utilisateur de l’application GitHub
- jetons d’accès d’installation de l’application GitHub
- Tokens d’accès personnel à granularité fine
Le token à granularité fine doit disposer de l’ensemble d’autorisations suivant:
- "Administration" organization permissions (write)
Paramètres pour «Update an organization custom pattern »
| Nom, Type, Description |
|---|
accept string Setting to |
| Nom, Type, Description |
|---|
org string RequisThe organization name. The name is not case sensitive. |
pattern_id integer RequisThe ID of the custom pattern. |
| Nom, Type, Description |
|---|
pattern string The updated regular expression of the custom pattern. |
start_delimiter string The updated start delimiter regex for the custom pattern. |
end_delimiter string The updated end delimiter regex for the custom pattern. |
must_match array of strings Updated list of regexes that the secret must match. |
must_not_match array of strings Updated list of regexes that the secret must not match. |
custom_pattern_version string or null RequisThe version of the entity. This is used to confirm you're updating the current version of the entity and mitigate unintentionally overriding someone else's update. |
Codes d’état de réponse HTTP pour «Update an organization custom pattern »
| Code de statut | Description |
|---|---|
200 | Pattern updated successfully. |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
412 | Precondition Failed |
422 | Validation failed, or the endpoint has been spammed. |
Exemples de code pour «Update an organization custom pattern »
Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.
Exemple de requête
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/orgs/ORG/secret-scanning/custom-patterns/PATTERN_ID \
-d '{"pattern":"updated_secret_[0-9A-Z]{16}","start_delimiter":"[^0-9A-Za-z]","end_delimiter":"[^0-9A-Za-z]","must_match":["updated_secret_[0-9]{2}*"],"must_not_match":["updated_secret_1234567890ABCDEF"],"custom_pattern_version":"0ujsswThIGTUYm2K8FjOOfXtY1K"}'Pattern updated successfully.
Status: 200{
"id": 1,
"name": "Example Custom Pattern",
"pattern": "updated_secret_[0-9A-Z]{16}",
"slug": "example_custom_pattern",
"state": "published",
"push_protection_enabled": true,
"start_delimiter": "[^0-9A-Za-z]",
"end_delimiter": "[^0-9A-Za-z]",
"must_match": [
"updated_secret_[0-9]{2}*"
],
"must_not_match": [
"updated_secret_1234567890ABCDEF"
],
"custom_pattern_version": "0ujsswThIGTUYm2K8FjOOfXtY1K",
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-06-01T12:00:00Z"
}List repository custom patterns
Lists secret scanning custom patterns for a repository.
OAuth app tokens and personal access tokens (classic) need the repo or security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.
Jetons d'accès granulaires pour «List repository custom patterns»
Ce point de terminaison fonctionne avec les types de tokens à granularité fine suivants:
- jetons d’accès utilisateur de l’application GitHub
- jetons d’accès d’installation de l’application GitHub
- Tokens d’accès personnel à granularité fine
Le token à granularité fine doit disposer de l’ensemble d’autorisations suivant:
- "Secret scanning alerts" repository permissions (read)
Paramètres pour «List repository custom patterns »
| Nom, Type, Description |
|---|
accept string Setting to |
| Nom, Type, Description |
|---|
owner string RequisThe account owner of the repository. The name is not case sensitive. |
repo string RequisThe name of the repository without the |
| Nom, Type, Description |
|---|
state string Filter custom patterns by state. When absent, returns patterns in all states. Peut être l'un des: |
push_protection string Filter custom patterns by whether push protection is enabled. When absent, returns patterns regardless of push protection status. Peut être l'un des: |
sort string The property to sort the results by. Par défaut: Peut être l'un des: |
direction string The direction to sort the results by. Par défaut: Peut être l'un des: |
page integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Par défaut: |
per_page integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Par défaut: |
Codes d’état de réponse HTTP pour «List repository custom patterns »
| Code de statut | Description |
|---|---|
200 | OK |
403 | Forbidden |
404 | Resource not found |
Exemples de code pour «List repository custom patterns »
Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.
Exemple de requête
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/repos/OWNER/REPO/secret-scanning/custom-patternsResponse
Status: 200[
{
"id": 1,
"name": "Example Custom Pattern",
"pattern": "[a-z]+_token_[0-9]+",
"slug": "example-custom-pattern",
"state": "published",
"push_protection_enabled": true,
"start_delimiter": null,
"end_delimiter": null,
"must_match": null,
"must_not_match": null,
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
},
{
"id": 2,
"name": "Another Custom Pattern",
"pattern": "prefix_[a-zA-Z0-9]{32}",
"slug": "another-custom-pattern",
"state": "published",
"push_protection_enabled": false,
"start_delimiter": "\\b",
"end_delimiter": "\\b",
"must_match": [
"^prefix_prod"
],
"must_not_match": [
"test"
],
"created_at": "2024-01-16T14:20:00Z",
"updated_at": "2024-01-17T09:15:00Z"
}
]Bulk create repository custom patterns
Bulk creates secret scanning custom patterns for a repository.
OAuth app tokens and personal access tokens (classic) need the repo or security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.
Jetons d'accès granulaires pour «Bulk create repository custom patterns»
Ce point de terminaison fonctionne avec les types de tokens à granularité fine suivants:
- jetons d’accès utilisateur de l’application GitHub
- jetons d’accès d’installation de l’application GitHub
- Tokens d’accès personnel à granularité fine
Le token à granularité fine doit disposer de l’ensemble d’autorisations suivant:
- "Secret scanning alerts" repository permissions (write)
Paramètres pour «Bulk create repository custom patterns »
| Nom, Type, Description |
|---|
accept string Setting to |
| Nom, Type, Description |
|---|
owner string RequisThe account owner of the repository. The name is not case sensitive. |
repo string RequisThe name of the repository without the |
| Nom, Type, Description | |||||||
|---|---|---|---|---|---|---|---|
patterns array of objects RequisThe list of custom patterns to create. | |||||||
Properties of |
| Nom, Type, Description |
|---|
name string RequisThe name of the custom pattern. |
pattern string RequisThe regular expression of the custom pattern. |
start_delimiter string The start delimiter regex for the custom pattern.
Defaults to Par défaut: |
end_delimiter string The end delimiter regex for the custom pattern.
Defaults to Par défaut: |
must_match array of strings List of regexes that the secret must match. |
must_not_match array of strings List of regexes that the secret must not match. |
Codes d’état de réponse HTTP pour «Bulk create repository custom patterns »
| Code de statut | Description |
|---|---|
201 | All patterns created successfully. |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
422 | Validation failed for one or more patterns. |
Exemples de code pour «Bulk create repository custom patterns »
Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.
Exemple de requête
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/repos/OWNER/REPO/secret-scanning/custom-patterns \
-d '{"patterns":[{"name":"Example Custom Pattern","pattern":"[a-z]+_token_[0-9]+"},{"name":"Another Custom Pattern","pattern":"prefix_[a-zA-Z0-9]{32}","start_delimiter":"\\b","end_delimiter":"\\b","must_match":["^prefix_prod"],"must_not_match":["test"]}]}'All patterns created successfully.
Status: 201{
"created_patterns": [
{
"id": 1,
"name": "Example Custom Pattern",
"pattern": "[a-z]+_token_[0-9]+",
"slug": "example-custom-pattern",
"state": "unpublished",
"push_protection_enabled": false,
"start_delimiter": null,
"end_delimiter": null,
"must_match": null,
"must_not_match": null,
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
},
{
"id": 2,
"name": "Another Custom Pattern",
"pattern": "prefix_[a-zA-Z0-9]{32}",
"slug": "another-custom-pattern",
"state": "unpublished",
"push_protection_enabled": false,
"start_delimiter": "\\b",
"end_delimiter": "\\b",
"must_match": [
"^prefix_prod"
],
"must_not_match": [
"test"
],
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
}
]
}Bulk delete repository custom patterns
Bulk deletes secret scanning custom patterns for a repository.
OAuth app tokens and personal access tokens (classic) need the repo or security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.
Jetons d'accès granulaires pour «Bulk delete repository custom patterns»
Ce point de terminaison fonctionne avec les types de tokens à granularité fine suivants:
- jetons d’accès utilisateur de l’application GitHub
- jetons d’accès d’installation de l’application GitHub
- Tokens d’accès personnel à granularité fine
Le token à granularité fine doit disposer de l’ensemble d’autorisations suivant:
- "Secret scanning alerts" repository permissions (write)
Paramètres pour «Bulk delete repository custom patterns »
| Nom, Type, Description |
|---|
accept string Setting to |
| Nom, Type, Description |
|---|
owner string RequisThe account owner of the repository. The name is not case sensitive. |
repo string RequisThe name of the repository without the |
| Nom, Type, Description | |||
|---|---|---|---|
patterns array of objects RequisThe list of custom patterns to delete. | |||
Properties of |
| Nom, Type, Description |
|---|
pattern_id integer RequisThe ID of the custom pattern to delete. |
custom_pattern_version string or null The version of the entity. This is used to confirm you're updating the current version of the entity and mitigate unintentionally overriding someone else's update. |
post_delete_action string What to do with alerts associated with the deleted patterns.
delete_alerts permanently removes the alerts.
resolve_alerts resolves the alerts as "pattern deleted".
Defaults to delete_alerts when not specified.
Par défaut: delete_alerts
Peut être l'un des: delete_alerts, resolve_alerts
Codes d’état de réponse HTTP pour «Bulk delete repository custom patterns »
| Code de statut | Description |
|---|---|
204 | All patterns deleted successfully. |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
412 | Precondition Failed |
Exemples de code pour «Bulk delete repository custom patterns »
Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.
Exemple de requête
curl -L \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/repos/OWNER/REPO/secret-scanning/custom-patterns \
-d '{"patterns":[{"pattern_id":2,"custom_pattern_version":"0ujsswThIGTUYm2K8FjOOfXtY1K"}]}'All patterns deleted successfully.
Status: 204Update a repository custom pattern
Updates a secret scanning custom pattern for a repository.
OAuth app tokens and personal access tokens (classic) need the repo or security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.
Jetons d'accès granulaires pour «Update a repository custom pattern»
Ce point de terminaison fonctionne avec les types de tokens à granularité fine suivants:
- jetons d’accès utilisateur de l’application GitHub
- jetons d’accès d’installation de l’application GitHub
- Tokens d’accès personnel à granularité fine
Le token à granularité fine doit disposer de l’ensemble d’autorisations suivant:
- "Secret scanning alerts" repository permissions (write)
Paramètres pour «Update a repository custom pattern »
| Nom, Type, Description |
|---|
accept string Setting to |
| Nom, Type, Description |
|---|
owner string RequisThe account owner of the repository. The name is not case sensitive. |
repo string RequisThe name of the repository without the |
pattern_id integer RequisThe ID of the custom pattern. |
| Nom, Type, Description |
|---|
pattern string The updated regular expression of the custom pattern. |
start_delimiter string The updated start delimiter regex for the custom pattern. |
end_delimiter string The updated end delimiter regex for the custom pattern. |
must_match array of strings Updated list of regexes that the secret must match. |
must_not_match array of strings Updated list of regexes that the secret must not match. |
custom_pattern_version string or null RequisThe version of the entity. This is used to confirm you're updating the current version of the entity and mitigate unintentionally overriding someone else's update. |
Codes d’état de réponse HTTP pour «Update a repository custom pattern »
| Code de statut | Description |
|---|---|
200 | Pattern updated successfully. |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
412 | Precondition Failed |
422 | Validation failed, or the endpoint has been spammed. |
Exemples de code pour «Update a repository custom pattern »
Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.
Exemple de requête
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/repos/OWNER/REPO/secret-scanning/custom-patterns/PATTERN_ID \
-d '{"pattern":"updated_secret_[0-9A-Z]{16}","start_delimiter":"[^0-9A-Za-z]","end_delimiter":"[^0-9A-Za-z]","must_match":["updated_secret_[0-9]{2}*"],"must_not_match":["updated_secret_1234567890ABCDEF"],"custom_pattern_version":"0ujsswThIGTUYm2K8FjOOfXtY1K"}'Pattern updated successfully.
Status: 200{
"id": 1,
"name": "Example Custom Pattern",
"pattern": "updated_secret_[0-9A-Z]{16}",
"slug": "example_custom_pattern",
"state": "published",
"push_protection_enabled": true,
"start_delimiter": "[^0-9A-Za-z]",
"end_delimiter": "[^0-9A-Za-z]",
"must_match": [
"updated_secret_[0-9]{2}*"
],
"must_not_match": [
"updated_secret_1234567890ABCDEF"
],
"custom_pattern_version": "0ujsswThIGTUYm2K8FjOOfXtY1K",
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-06-01T12:00:00Z"
}