jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-21 19:06:49 -05:00
Code Issues Projects Releases Wiki Activity

Update info on notifications to include new "security alerts" type (#19082)

Browse Source
This commit is contained in:
Felicity Chapman
2021-05-05 16:55:12 +01:00
committed by GitHub
parent eaddbc5db7
commit 6187dc4518
8 changed files with 24 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
content/code-security/secret-security/configuring-secret-scanning-for-your-repositories.md
View File

@@ -73,7 +73,7 @@ You can use a *secret_scanning.yml* file to exclude directories from {% data var
{% endnote %}
You can also ignore individual alerts from {% data variables.product.prodname_secret_scanning %}. For more information, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/github/administering-a-repository/managing-alerts-from-secret-scanning#managing-alerts)."
You can also ignore individual alerts from {% data variables.product.prodname_secret_scanning %}. For more information, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/github/administering-a-repository/managing-alerts-from-secret-scanning#managing-secret-scanning-alerts)."
### Further reading

10
content/code-security/secret-security/managing-alerts-from-secret-scanning.md
View File

@@ -14,7 +14,7 @@ topics:
{% data reusables.secret-scanning.beta %}
### Managing alerts
### Managing {% data variables.product.prodname_secret_scanning %} alerts
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-security %}
@@ -49,3 +49,11 @@ Once a secret has been committed to a repository, you should consider the secret
- For a compromised {% data variables.product.prodname_dotcom %} personal access token, delete the compromised token, create a new token, and update any services that use the old token. For more information, see "[Creating a personal access token for the command line](/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line)."
- For all other secrets, first verify that the secret committed to {% data variables.product.product_name %} is valid. If so, create a new secret, update any services that use the old secret, and then delete the old secret.
{% if currentVersion == "free-pro-team@latest" %}
### Configuring notifications for {% data variables.product.prodname_secret_scanning %} alerts
When a new secret is detected, {% data variables.product.prodname_dotcom %} notifies all users with access to security alerts for the repository according to their notification preferences. You will receive alerts if you are watching the repository, have enabled notifications for security alerts, or are the author of the commit that contains the secret and are not ignoring the repository.
For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)" and "[Configuring notifications](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#configuring-your-watch-settings-for-an-individual-repository)."
{% endif %}