Secret scanning alerts for non-provider patterns and passwords are retrievable with the REST API

Secret scanning alerts for non-provider patterns and generic passwords can now be retrieved using the REST API.

With the “List secret scanning alerts” endpoint for an enterprise, organization, or repository, you can use the query parameter secret_type to request alerts for non-provider patterns or passwords. To retrieve alerts for non-provider patterns, use the “Token” value in this table. To retrieve alerts for passwords, use the value password.

The secret_type parameter can be used to return several secret types, separated by commas: e.g. api.github.com/orgs/ORG/secret-scanning/alerts?secret_type=rsa_private_key,password.

Alerts for non-provider patterns and passwords are not returned by default with the “List secret scanning alerts” endpoint; they must be specifically requested.

Learn more about secret scanning or join the discussion in our dedicated Github community post.

JUN.17Improvement
Secret scanning updates – June 2026
- Application Security
JUN.16Release
GitHub Code Quality generally available July 20, 2026
- Application Security
JUN.16Release
Organization-level enablement for GitHub Code Quality
- Application Security
JUN.10Improvement
Incremental analysis for Go, C/C++, and CodeQL CLI
- Application Security
JUN.10Improvement
Dedicated security review command now available in Copilot CLI
- Application Security
JUN.9Release
Periodic code scanning of inactive repositories
- Application Security
JUN.9Improvement
Security validation for third-party coding agents
- Application Security
JUN.5Improvement
CodeQL 2.25.6 adds Swift 6.3.2 support and improves C# coverage
- Application Security
JUN.2Release
Cloud and local sandboxes for GitHub Copilot now in public preview
- Application Security

Secret scanning alerts for non-provider patterns and passwords are retrievable with the REST API

Related Posts

Subscribe to our developer newsletter