カスタム パターンをスキャンするシークレットの REST API エンドポイント
REST API を使用して、シークレット スキャンのカスタム パターンを管理します。
List organization custom patterns
Lists secret scanning custom patterns for an organization.
Personal access tokens (classic) need the read:org scope to use this endpoint.
"List organization custom patterns" のきめ細かいアクセス トークン
このエンドポイントは、次の粒度の細かいトークンの種類で動作します:
粒度の細かいトークンには次のアクセス許可セットが設定されている必要があります:
- "Administration" organization permissions (read)
"List organization custom patterns" のパラメーター
| 名前, タイプ, 説明 |
|---|
accept string Setting to |
| 名前, タイプ, 説明 |
|---|
org string 必須The organization name. The name is not case sensitive. |
| 名前, タイプ, 説明 |
|---|
state string Filter custom patterns by state. When absent, returns patterns in all states. 次のいずれかにできます: |
push_protection string Filter custom patterns by whether push protection is enabled. When absent, returns patterns regardless of push protection status. 次のいずれかにできます: |
sort string The property to sort the results by. デフォルト: 次のいずれかにできます: |
direction string The direction to sort the results by. デフォルト: 次のいずれかにできます: |
page integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." デフォルト: |
per_page integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." デフォルト: |
"List organization custom patterns" の HTTP 応答状態コード
| 状態コード | 説明 |
|---|---|
200 | OK |
403 | Forbidden |
404 | Resource not found |
"List organization custom patterns" のコード サンプル
要求の例
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/orgs/ORG/secret-scanning/custom-patternsResponse
Status: 200[
{
"id": 1,
"name": "Example Custom Pattern",
"pattern": "[a-z]+_token_[0-9]+",
"slug": "example-custom-pattern",
"state": "published",
"push_protection_enabled": true,
"start_delimiter": null,
"end_delimiter": null,
"must_match": null,
"must_not_match": null,
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
},
{
"id": 2,
"name": "Another Custom Pattern",
"pattern": "prefix_[a-zA-Z0-9]{32}",
"slug": "another-custom-pattern",
"state": "published",
"push_protection_enabled": false,
"start_delimiter": "\\b",
"end_delimiter": "\\b",
"must_match": [
"^prefix_prod"
],
"must_not_match": [
"test"
],
"created_at": "2024-01-16T14:20:00Z",
"updated_at": "2024-01-17T09:15:00Z"
}
]Bulk create organization custom patterns
Bulk creates secret scanning custom patterns for an organization.
Personal access tokens (classic) need the write:org scope to use this endpoint.
"Bulk create organization custom patterns" のきめ細かいアクセス トークン
このエンドポイントは、次の粒度の細かいトークンの種類で動作します:
粒度の細かいトークンには次のアクセス許可セットが設定されている必要があります:
- "Administration" organization permissions (write)
"Bulk create organization custom patterns" のパラメーター
| 名前, タイプ, 説明 |
|---|
accept string Setting to |
| 名前, タイプ, 説明 |
|---|
org string 必須The organization name. The name is not case sensitive. |
| 名前, タイプ, 説明 | |||||||
|---|---|---|---|---|---|---|---|
patterns array of objects 必須The list of custom patterns to create. | |||||||
Properties of |
| 名前, タイプ, 説明 |
|---|
name string 必須The name of the custom pattern. |
pattern string 必須The regular expression of the custom pattern. |
start_delimiter string The start delimiter regex for the custom pattern.
Defaults to デフォルト: |
end_delimiter string The end delimiter regex for the custom pattern.
Defaults to デフォルト: |
must_match array of strings List of regexes that the secret must match. |
must_not_match array of strings List of regexes that the secret must not match. |
"Bulk create organization custom patterns" の HTTP 応答状態コード
| 状態コード | 説明 |
|---|---|
201 | All patterns created successfully. |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
422 | Validation failed for one or more patterns. |
"Bulk create organization custom patterns" のコード サンプル
要求の例
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/orgs/ORG/secret-scanning/custom-patterns \
-d '{"patterns":[{"name":"Example Custom Pattern","pattern":"[a-z]+_token_[0-9]+"},{"name":"Another Custom Pattern","pattern":"prefix_[a-zA-Z0-9]{32}","start_delimiter":"\\b","end_delimiter":"\\b","must_match":["^prefix_prod"],"must_not_match":["test"]}]}'All patterns created successfully.
Status: 201{
"created_patterns": [
{
"id": 1,
"name": "Example Custom Pattern",
"pattern": "[a-z]+_token_[0-9]+",
"slug": "example-custom-pattern",
"state": "unpublished",
"push_protection_enabled": false,
"start_delimiter": null,
"end_delimiter": null,
"must_match": null,
"must_not_match": null,
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
},
{
"id": 2,
"name": "Another Custom Pattern",
"pattern": "prefix_[a-zA-Z0-9]{32}",
"slug": "another-custom-pattern",
"state": "unpublished",
"push_protection_enabled": false,
"start_delimiter": "\\b",
"end_delimiter": "\\b",
"must_match": [
"^prefix_prod"
],
"must_not_match": [
"test"
],
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
}
]
}Bulk delete organization custom patterns
Bulk deletes secret scanning custom patterns for an organization.
Personal access tokens (classic) need the write:org scope to use this endpoint.
"Bulk delete organization custom patterns" のきめ細かいアクセス トークン
このエンドポイントは、次の粒度の細かいトークンの種類で動作します:
粒度の細かいトークンには次のアクセス許可セットが設定されている必要があります:
- "Administration" organization permissions (write)
"Bulk delete organization custom patterns" のパラメーター
| 名前, タイプ, 説明 |
|---|
accept string Setting to |
| 名前, タイプ, 説明 |
|---|
org string 必須The organization name. The name is not case sensitive. |
| 名前, タイプ, 説明 | |||
|---|---|---|---|
patterns array of objects 必須The list of custom patterns to delete. | |||
Properties of |
| 名前, タイプ, 説明 |
|---|
pattern_id integer 必須The ID of the custom pattern to delete. |
custom_pattern_version string or null The version of the entity. This is used to confirm you're updating the current version of the entity and mitigate unintentionally overriding someone else's update. |
post_delete_action string What to do with alerts associated with the deleted patterns.
delete_alerts permanently removes the alerts.
resolve_alerts resolves the alerts as "pattern deleted".
Defaults to delete_alerts when not specified.
デフォルト: delete_alerts
次のいずれかにできます: delete_alerts, resolve_alerts
"Bulk delete organization custom patterns" の HTTP 応答状態コード
| 状態コード | 説明 |
|---|---|
204 | All patterns deleted successfully. |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
412 | Precondition Failed |
"Bulk delete organization custom patterns" のコード サンプル
要求の例
curl -L \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/orgs/ORG/secret-scanning/custom-patterns \
-d '{"patterns":[{"pattern_id":2,"custom_pattern_version":"0ujsswThIGTUYm2K8FjOOfXtY1K"}]}'All patterns deleted successfully.
Status: 204Update an organization custom pattern
Updates a secret scanning custom pattern for an organization.
Personal access tokens (classic) need the write:org scope to use this endpoint.
"Update an organization custom pattern" のきめ細かいアクセス トークン
このエンドポイントは、次の粒度の細かいトークンの種類で動作します:
粒度の細かいトークンには次のアクセス許可セットが設定されている必要があります:
- "Administration" organization permissions (write)
"Update an organization custom pattern" のパラメーター
| 名前, タイプ, 説明 |
|---|
accept string Setting to |
| 名前, タイプ, 説明 |
|---|
org string 必須The organization name. The name is not case sensitive. |
pattern_id integer 必須The ID of the custom pattern. |
| 名前, タイプ, 説明 |
|---|
pattern string The updated regular expression of the custom pattern. |
start_delimiter string The updated start delimiter regex for the custom pattern. |
end_delimiter string The updated end delimiter regex for the custom pattern. |
must_match array of strings Updated list of regexes that the secret must match. |
must_not_match array of strings Updated list of regexes that the secret must not match. |
custom_pattern_version string or null 必須The version of the entity. This is used to confirm you're updating the current version of the entity and mitigate unintentionally overriding someone else's update. |
"Update an organization custom pattern" の HTTP 応答状態コード
| 状態コード | 説明 |
|---|---|
200 | Pattern updated successfully. |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
412 | Precondition Failed |
422 | Validation failed, or the endpoint has been spammed. |
"Update an organization custom pattern" のコード サンプル
要求の例
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/orgs/ORG/secret-scanning/custom-patterns/PATTERN_ID \
-d '{"pattern":"updated_secret_[0-9A-Z]{16}","start_delimiter":"[^0-9A-Za-z]","end_delimiter":"[^0-9A-Za-z]","must_match":["updated_secret_[0-9]{2}*"],"must_not_match":["updated_secret_1234567890ABCDEF"],"custom_pattern_version":"0ujsswThIGTUYm2K8FjOOfXtY1K"}'Pattern updated successfully.
Status: 200{
"id": 1,
"name": "Example Custom Pattern",
"pattern": "updated_secret_[0-9A-Z]{16}",
"slug": "example_custom_pattern",
"state": "published",
"push_protection_enabled": true,
"start_delimiter": "[^0-9A-Za-z]",
"end_delimiter": "[^0-9A-Za-z]",
"must_match": [
"updated_secret_[0-9]{2}*"
],
"must_not_match": [
"updated_secret_1234567890ABCDEF"
],
"custom_pattern_version": "0ujsswThIGTUYm2K8FjOOfXtY1K",
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-06-01T12:00:00Z"
}List repository custom patterns
Lists secret scanning custom patterns for a repository.
OAuth app tokens and personal access tokens (classic) need the repo or security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.
"List repository custom patterns" のきめ細かいアクセス トークン
このエンドポイントは、次の粒度の細かいトークンの種類で動作します:
粒度の細かいトークンには次のアクセス許可セットが設定されている必要があります:
- "Secret scanning alerts" repository permissions (read)
"List repository custom patterns" のパラメーター
| 名前, タイプ, 説明 |
|---|
accept string Setting to |
| 名前, タイプ, 説明 |
|---|
owner string 必須The account owner of the repository. The name is not case sensitive. |
repo string 必須The name of the repository without the |
| 名前, タイプ, 説明 |
|---|
state string Filter custom patterns by state. When absent, returns patterns in all states. 次のいずれかにできます: |
push_protection string Filter custom patterns by whether push protection is enabled. When absent, returns patterns regardless of push protection status. 次のいずれかにできます: |
sort string The property to sort the results by. デフォルト: 次のいずれかにできます: |
direction string The direction to sort the results by. デフォルト: 次のいずれかにできます: |
page integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." デフォルト: |
per_page integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." デフォルト: |
"List repository custom patterns" の HTTP 応答状態コード
| 状態コード | 説明 |
|---|---|
200 | OK |
403 | Forbidden |
404 | Resource not found |
"List repository custom patterns" のコード サンプル
要求の例
curl -L \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/repos/OWNER/REPO/secret-scanning/custom-patternsResponse
Status: 200[
{
"id": 1,
"name": "Example Custom Pattern",
"pattern": "[a-z]+_token_[0-9]+",
"slug": "example-custom-pattern",
"state": "published",
"push_protection_enabled": true,
"start_delimiter": null,
"end_delimiter": null,
"must_match": null,
"must_not_match": null,
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
},
{
"id": 2,
"name": "Another Custom Pattern",
"pattern": "prefix_[a-zA-Z0-9]{32}",
"slug": "another-custom-pattern",
"state": "published",
"push_protection_enabled": false,
"start_delimiter": "\\b",
"end_delimiter": "\\b",
"must_match": [
"^prefix_prod"
],
"must_not_match": [
"test"
],
"created_at": "2024-01-16T14:20:00Z",
"updated_at": "2024-01-17T09:15:00Z"
}
]Bulk create repository custom patterns
Bulk creates secret scanning custom patterns for a repository.
OAuth app tokens and personal access tokens (classic) need the repo or security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.
"Bulk create repository custom patterns" のきめ細かいアクセス トークン
このエンドポイントは、次の粒度の細かいトークンの種類で動作します:
粒度の細かいトークンには次のアクセス許可セットが設定されている必要があります:
- "Secret scanning alerts" repository permissions (write)
"Bulk create repository custom patterns" のパラメーター
| 名前, タイプ, 説明 |
|---|
accept string Setting to |
| 名前, タイプ, 説明 |
|---|
owner string 必須The account owner of the repository. The name is not case sensitive. |
repo string 必須The name of the repository without the |
| 名前, タイプ, 説明 | |||||||
|---|---|---|---|---|---|---|---|
patterns array of objects 必須The list of custom patterns to create. | |||||||
Properties of |
| 名前, タイプ, 説明 |
|---|
name string 必須The name of the custom pattern. |
pattern string 必須The regular expression of the custom pattern. |
start_delimiter string The start delimiter regex for the custom pattern.
Defaults to デフォルト: |
end_delimiter string The end delimiter regex for the custom pattern.
Defaults to デフォルト: |
must_match array of strings List of regexes that the secret must match. |
must_not_match array of strings List of regexes that the secret must not match. |
"Bulk create repository custom patterns" の HTTP 応答状態コード
| 状態コード | 説明 |
|---|---|
201 | All patterns created successfully. |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
422 | Validation failed for one or more patterns. |
"Bulk create repository custom patterns" のコード サンプル
要求の例
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/repos/OWNER/REPO/secret-scanning/custom-patterns \
-d '{"patterns":[{"name":"Example Custom Pattern","pattern":"[a-z]+_token_[0-9]+"},{"name":"Another Custom Pattern","pattern":"prefix_[a-zA-Z0-9]{32}","start_delimiter":"\\b","end_delimiter":"\\b","must_match":["^prefix_prod"],"must_not_match":["test"]}]}'All patterns created successfully.
Status: 201{
"created_patterns": [
{
"id": 1,
"name": "Example Custom Pattern",
"pattern": "[a-z]+_token_[0-9]+",
"slug": "example-custom-pattern",
"state": "unpublished",
"push_protection_enabled": false,
"start_delimiter": null,
"end_delimiter": null,
"must_match": null,
"must_not_match": null,
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
},
{
"id": 2,
"name": "Another Custom Pattern",
"pattern": "prefix_[a-zA-Z0-9]{32}",
"slug": "another-custom-pattern",
"state": "unpublished",
"push_protection_enabled": false,
"start_delimiter": "\\b",
"end_delimiter": "\\b",
"must_match": [
"^prefix_prod"
],
"must_not_match": [
"test"
],
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
}
]
}Bulk delete repository custom patterns
Bulk deletes secret scanning custom patterns for a repository.
OAuth app tokens and personal access tokens (classic) need the repo or security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.
"Bulk delete repository custom patterns" のきめ細かいアクセス トークン
このエンドポイントは、次の粒度の細かいトークンの種類で動作します:
粒度の細かいトークンには次のアクセス許可セットが設定されている必要があります:
- "Secret scanning alerts" repository permissions (write)
"Bulk delete repository custom patterns" のパラメーター
| 名前, タイプ, 説明 |
|---|
accept string Setting to |
| 名前, タイプ, 説明 |
|---|
owner string 必須The account owner of the repository. The name is not case sensitive. |
repo string 必須The name of the repository without the |
| 名前, タイプ, 説明 | |||
|---|---|---|---|
patterns array of objects 必須The list of custom patterns to delete. | |||
Properties of |
| 名前, タイプ, 説明 |
|---|
pattern_id integer 必須The ID of the custom pattern to delete. |
custom_pattern_version string or null The version of the entity. This is used to confirm you're updating the current version of the entity and mitigate unintentionally overriding someone else's update. |
post_delete_action string What to do with alerts associated with the deleted patterns.
delete_alerts permanently removes the alerts.
resolve_alerts resolves the alerts as "pattern deleted".
Defaults to delete_alerts when not specified.
デフォルト: delete_alerts
次のいずれかにできます: delete_alerts, resolve_alerts
"Bulk delete repository custom patterns" の HTTP 応答状態コード
| 状態コード | 説明 |
|---|---|
204 | All patterns deleted successfully. |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
412 | Precondition Failed |
"Bulk delete repository custom patterns" のコード サンプル
要求の例
curl -L \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/repos/OWNER/REPO/secret-scanning/custom-patterns \
-d '{"patterns":[{"pattern_id":2,"custom_pattern_version":"0ujsswThIGTUYm2K8FjOOfXtY1K"}]}'All patterns deleted successfully.
Status: 204Update a repository custom pattern
Updates a secret scanning custom pattern for a repository.
OAuth app tokens and personal access tokens (classic) need the repo or security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.
"Update a repository custom pattern" のきめ細かいアクセス トークン
このエンドポイントは、次の粒度の細かいトークンの種類で動作します:
粒度の細かいトークンには次のアクセス許可セットが設定されている必要があります:
- "Secret scanning alerts" repository permissions (write)
"Update a repository custom pattern" のパラメーター
| 名前, タイプ, 説明 |
|---|
accept string Setting to |
| 名前, タイプ, 説明 |
|---|
owner string 必須The account owner of the repository. The name is not case sensitive. |
repo string 必須The name of the repository without the |
pattern_id integer 必須The ID of the custom pattern. |
| 名前, タイプ, 説明 |
|---|
pattern string The updated regular expression of the custom pattern. |
start_delimiter string The updated start delimiter regex for the custom pattern. |
end_delimiter string The updated end delimiter regex for the custom pattern. |
must_match array of strings Updated list of regexes that the secret must match. |
must_not_match array of strings Updated list of regexes that the secret must not match. |
custom_pattern_version string or null 必須The version of the entity. This is used to confirm you're updating the current version of the entity and mitigate unintentionally overriding someone else's update. |
"Update a repository custom pattern" の HTTP 応答状態コード
| 状態コード | 説明 |
|---|---|
200 | Pattern updated successfully. |
400 | Bad Request |
403 | Forbidden |
404 | Resource not found |
412 | Precondition Failed |
422 | Validation failed, or the endpoint has been spammed. |
"Update a repository custom pattern" のコード サンプル
要求の例
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
-H "X-GitHub-Api-Version: 2026-03-10" \
https://api.github.com/repos/OWNER/REPO/secret-scanning/custom-patterns/PATTERN_ID \
-d '{"pattern":"updated_secret_[0-9A-Z]{16}","start_delimiter":"[^0-9A-Za-z]","end_delimiter":"[^0-9A-Za-z]","must_match":["updated_secret_[0-9]{2}*"],"must_not_match":["updated_secret_1234567890ABCDEF"],"custom_pattern_version":"0ujsswThIGTUYm2K8FjOOfXtY1K"}'Pattern updated successfully.
Status: 200{
"id": 1,
"name": "Example Custom Pattern",
"pattern": "updated_secret_[0-9A-Z]{16}",
"slug": "example_custom_pattern",
"state": "published",
"push_protection_enabled": true,
"start_delimiter": "[^0-9A-Za-z]",
"end_delimiter": "[^0-9A-Za-z]",
"must_match": [
"updated_secret_[0-9]{2}*"
],
"must_not_match": [
"updated_secret_1234567890ABCDEF"
],
"custom_pattern_version": "0ujsswThIGTUYm2K8FjOOfXtY1K",
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-06-01T12:00:00Z"
}