►
From YouTube: Learn how to dry run custom patterns for secret scanning
Description
GitHub Advanced Security customers can now dry run their secret scanning custom patterns on all repositories within an organization.
In this edition of GitHub Checkout, Secret Scanning Product Manager Mariam Sulakian shows us how to dry run custom patterns for your entire organization.
Presented by: Andrea Griffiths
B
B
So
in
my
organization
and
the
organization
of
your
choice,
if
you
have
github
advanced
security,
enabled
which
I
do
here,
I
have
secret
scanning
enabled
I
can
go
into
my
custom
patterns
and
click
new
pattern.
Again,
I'm
working
at
the
org
level,
but
I
can
do
this
at
the
repo
enterprise
level
as
well.
Let's
say
I'm
looking
for
a
g
private
key
there
we
go,
I'm
going
to
add
in
my
pattern,
string
that
I
want
to
match
and
I
have
more
options
here
too.
B
So
if
I
want
to
add
in
something
before
my
secret
after
or
add
additional
requirements,
I
can
do
that.
But,
let's
just
say
for
time's
sake,
I'm
just
going
to
go
into
the
sample
test
string
and
just
to
test
things
out,
make
sure
they're
working
as
they
should
now.
I
see
I've
had
a
match,
I'm
going
to
click,
save
and
dryer.
Now
so
I
could
select
up
to
10
repositories.
I
want
to
dry
around
this
on.
B
B
You
could
just
wait
for
that
email
to
pop
up
in
your
email
inbox,
which
will
let
you
know
that
the
dry
iron
is
complete.
Let's
say
for
now
I
just
reload
here
you
can
see.
I
have
a
good
number
of
findings
within
my
organization,
so
I
can
give
these
a
little
test.
I
can
go
here
see
if
it
looks
like
a
legitimate
finding.
I
think
that
it
does.
I
can
easily
do
that
through
all
the
findings
in
my
organization
and
if
things
look
good
and
again,
I
just
figured
out
yeah
looks
good
to
me.
B
A
B
That's
a
great
question,
so
we
launched
custom
patterns
back
in
june
of
2021
and
almost
immediately.
We
noticed
that
admins
could
write
patterns,
but
they
didn't
want.
They
were
sometimes
afraid
to
just
publish
those
patterns
right
off
the
bat,
because
custom
patterns
can
be
pretty
noisy
if
you're
scanning
for
generic
type
secrets,
for
example.
B
So
we
built
custom
patterns
with
dry
runs
so
that
admins
could
test
their
custom
patterns
before
they
actually
publish
the
patterns
and
potentially
spam
their
developers
with
thousands
of
alerts.
So
the
idea
is
that,
after
a
dry
run,
admins
have
the
information
they
need
to
make
a
decision
on
whether
or
not
they
should
publish
that
custom
pattern
or
if
they
need
to
make
a
few
tweaks
before
they
hit
that
publish
button.
A
B
Yeah,
so
custom
patterns
has
helped
unblock
a
lot
of
customers
already
using
custom
patterns,
but
maybe
they
were
only
using
it
at
the
repo
level
because
they
were
a
little
iffy
on
taking
a
custom
pattern
and
publishing
it
on
the
entire
org.
So
we've
seen
a
lot
of
especially
large
customers
now
using
custom
patterns
at
the
org
level.