secret-scanning

Procedural guide for configuring and managing GitHub secret scanning — enabling Secret Protection, turning on push protection for command line/UI/REST pushes, defining custom patterns, triaging user/partner/push-protection alerts, configuring delegated bypass, and writing `secret_scanning.yml` path exclusions. Also references pre-commit scanning via the `advanced-security@copilot-plugins` MCP plugin.