Context
During the repo hygiene pass, two GitHub secret-scanning toggles silently failed to enable via the REST API:
secret_scanning_non_provider_patterns — catches generic high-entropy strings (custom tokens, internal secrets) that don't match known provider patterns.secret_scanning_validity_checks — when a token is detected, GitHub live-checks whether it's still active so you know whether rotation is urgent.
Both stayed disabled after PATCH attempts on /repos/stultus/scriptty. Likely cause: these features need GitHub Advanced Security on personal accounts, or a user-level toggle, and aren't reachable per-repo via API.
Action
Visit Settings → Code security on the repo and check whether these two toggles are clickable. If yes, enable both. If they're gated behind GHAS, decide whether to skip or upgrade.
URL: https://github.com/stultus/scriptty/settings/security_analysis
Context
During the repo hygiene pass, two GitHub secret-scanning toggles silently failed to enable via the REST API:
secret_scanning_non_provider_patterns— catches generic high-entropy strings (custom tokens, internal secrets) that don't match known provider patterns.secret_scanning_validity_checks— when a token is detected, GitHub live-checks whether it's still active so you know whether rotation is urgent.Both stayed
disabledafter PATCH attempts on/repos/stultus/scriptty. Likely cause: these features need GitHub Advanced Security on personal accounts, or a user-level toggle, and aren't reachable per-repo via API.Action
Visit Settings → Code security on the repo and check whether these two toggles are clickable. If yes, enable both. If they're gated behind GHAS, decide whether to skip or upgrade.
URL: https://github.com/stultus/scriptty/settings/security_analysis