[3 releases] Security campaigns for secret scanning alerts, and code/secret alert assignees (#57592)

Co-authored-by: Laura Coursen <lecoursen@github.com> Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
2025-12-25 02:17:36 -05:00 · 2025-09-23 16:25:36 +01:00
parent 3321203cdf
commit 84d8eeb49e
22 changed files with 208 additions and 51 deletions
--- a/content/code-security/trialing-github-advanced-security/explore-trial-secret-scanning.md
+++ b/content/code-security/trialing-github-advanced-security/explore-trial-secret-scanning.md
@@ -21,7 +21,8 @@ This guide assumes that you have planned and started a trial of {% data variable
 * Identify additional access tokens you use by defining custom patterns.
 * Detect potential passwords using AI.
 * Control and audit the bypass process for push protection and {% data variables.secret-scanning.alerts %}.
-* Enable validity checks for exposed tokens.
+* Enable validity checks for exposed tokens.{% ifversion security-campaigns-secrets %}
+* Create security campaigns where security specialists and developers can collaborate to effectively reduce technical debt.{% endif %}

 To find out how to run a free secret risk assessment, see [Generating an initial secret risk assessment](/enterprise-cloud@latest/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization#generating-an-initial-secret-risk-assessment){% ifversion fpt or ghes %} in the {% data variables.product.prodname_ghe_cloud %} documentation{% endif %}.

@@ -67,6 +68,14 @@ Reviewers are defined in an organization-level security configuration or in the

 You can enable validity checks to check whether detected tokens are still active at the repository, organization, and enterprise level. Generally, it is worth enabling this feature across the whole enterprise using enterprise or organization-level security configurations. For more information, see [AUTOTITLE](/enterprise-cloud@latest/code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository){% ifversion fpt or ghes %} in the {% data variables.product.prodname_ghe_cloud %} documentation{% endif %}.

+{% ifversion security-campaigns-secrets %}
+
+## Engage developers in security remediation
+
+Security campaigns provide a way for security teams to engage with developers to remediate security technical debt. They also provide a practical way to combine education in secret storage with examples of exposed secrets that your developers can fix. For more information, see [AUTOTITLE](/enterprise-cloud@latest/code-security/securing-your-organization/fixing-security-alerts-at-scale/about-security-campaigns) and [AUTOTITLE](/enterprise-cloud@latest/code-security/securing-your-organization/fixing-security-alerts-at-scale/best-practice-fix-alerts-at-scale){% ifversion fpt or ghes %} in the {% data variables.product.prodname_ghe_cloud %} documentation{% endif %}.
+
+{% endif %}
+
 ## Next steps

 When you have enabled the additional controls for {% data variables.product.prodname_secret_protection %}, you're ready to test them against your business needs, and explore further. You may also be ready to look into exploring the options available with {% data variables.product.prodname_GH_code_security %}.