jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 09:57:42 -05:00
Code Issues Projects Releases Wiki Activity

Code scanning alerts can be assigned to individual users [GA] (#58647)

Browse Source
This commit is contained in:
mc
2025-12-16 11:56:45 +00:00
committed by GitHub
parent c87f209bae
commit ac5e8a8bdf
4 changed files with 23 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
content/code-security/securing-your-organization/fixing-security-alerts-at-scale/about-security-campaigns.md
View File

@@ -70,13 +70,28 @@ The creation workflow is the same for all campaigns, but you will notice a few d
## Assigning alerts{% ifversion security-campaigns-assign-to-cca %} to users and {% data variables.copilot.copilot_coding_agent %}{% endif %}
{% ifversion code-secret-alert-assignees-ga %}{% elsif ghes = 3.20 %}
>[!NOTE]
> The option to assign {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %} alerts is currently in public preview and is subject to change.
{% endif %}
You can assign a {% data variables.product.prodname_code_scanning %} or {% data variables.product.prodname_secret_scanning %} alert to any user who has **write** access for the repository.
If the assignee for a {% data variables.product.prodname_secret_scanning %} alert **cannot view the alert list**, their permissions are temporarily raised for that alert. Any additional permissions are revoked when they are unassigned from the alert.
{% ifversion code-secret-alert-assignees-ga %}
{% data variables.product.github %} notifies users:
* When they are assigned to an alert
* When that alert is dismissed
For {% data variables.product.prodname_code_scanning %}, you can also perform some of these operations programmatically using the REST API, such as assigning or unassigning users to alerts, and filtering alerts by assignee. For more information, see [AUTOTITLE](/rest/reference/code-scanning) in the REST API documentation. Additionally, webhooks are available to notify you when an alert is assigned or an assignment is removed.
{% endif %}
{% ifversion security-campaigns-assign-to-cca %}
If an autofix has been generated for alerts in a security campaign, you can select those alerts and assign them to {% data variables.copilot.copilot_coding_agent %}. {% data variables.product.prodname_copilot_short %} will create a pull request and add you as a requested reviewer. See [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/fixing-alerts-in-security-campaign#assigning-alerts-to-copilot-coding-agent).