jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-21 19:06:49 -05:00
Code Issues Projects Releases Wiki Activity
Files
copilot/add-changelog-file
docs/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/monitoring-alerts.md
Kevin Heis 39beae4778 Add aria-labels to octicons (#55740)
2025-05-20 16:45:25 -07:00

2.6 KiB
Raw Permalink Blame History

title, intro, permissions, versions, type, topics, shortTitle, allowTitleToDifferFromFilename
title intro permissions versions type topics shortTitle allowTitleToDifferFromFilename
Monitoring alerts from secret scanning Learn how and when {% data variables.product.github %} will notify you about a secret scanning alert. {% data reusables.permissions.secret-scanning-alerts %}
fpt ghes ghec
* * *
how_to
Secret scanning
Secret Protection
Alerts
Repositories
Monitor alerts true

Configuring notifications for {% data variables.secret-scanning.alerts %}

In addition to displaying an alert in the Security tab of the repository, {% data variables.product.github %} can also send email notifications for alerts. These notifications are different for incremental scans and historical scans.

Incremental scans

{% data reusables.secret-scanning.secret-scanning-configure-notifications %}

{% data reusables.repositories.navigate-to-repo %}

  1. To start watching the repository, select {% octicon "eye" aria-hidden="true" aria-label="eye" %} Watch.

    Screenshot of the repository's main page. A dropdown menu, titled "Watch", is highlighted with an orange outline.

  2. In the dropdown menu, click All Activity. Alternatively, to only subscribe to security alerts, click Custom, then click Security alerts.

  3. Navigate to the notification settings for your personal account. These are available at https://github.com/settings/notifications.

  4. On your notification settings page, under "Subscriptions", then under "Watching", select the Notify me dropdown.

  5. Select "Email" as a notification option, then click Save.

    Screenshot of the notification settings for a user account. Under "Subscriptions" and "Watching" a checkbox, titled "Email", is outlined in orange.

{% data reusables.notifications.watch-settings %}

Historical scans

For historical scans, {% data variables.product.github %} notifies the following users:

  • Organization owners, enterprise owners, and security managers—whenever a historical scan is complete, even if no secrets are found.
  • Repository administrators, security managers, and users with custom roles with read/write access—whenever a historical scan detects a secret, and according to their notification preferences.

We do not notify commit authors.

{% data reusables.notifications.watch-settings %}

Auditing responses to secret scanning alerts

{% data reusables.secret-scanning.audit-secret-scanning-events %}

Reference in New Issue View Git Blame Copy Permalink