docs/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning.md

title, intro, permissions, versions, type, topics, shortTitle

title	intro	permissions	versions	type	topics	shortTitle
Enabling delegated alert dismissal for secret scanning	You can use delegated alert dismissal to control who can dismiss an alert found by {% data variables.product.prodname_secret_scanning %}.	{% data reusables.permissions.delegated-alert-dismissal %}	feature security-delegated-alert-dismissal	how_to	Secret scanning Advanced Security Alerts Repositories	Delegated alert dismissal

About enabling delegated alert dismissal

{% data reusables.security.delegated-alert-dismissal-intro %}

Configuring delegated dismissal for a repository

[!NOTE] If an organization owner configures delegated alert dismissal via an enforced security configuration, the settings can't be changed at the repository level.

{% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %}

1. Under "{% data variables.product.prodname_secret_protection %}", to the right of "Prevent direct alert dismissals", click Enable.

Configuring delegated dismissal for an organization

You must configure delegated dismissal for your organization using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your organization.

1. Create a new custom security configuration, or edit an existing one. See AUTOTITLE.
2. When defining the custom security configuration, under "{% data variables.product.prodname_secret_scanning_caps %}", ensure that the dropdown menu for "Prevent direct alert dismissals" is set to Enabled.
3. Click Save configuration.
4. Apply the security configuration to all (or selected) repositories in your organization. See AUTOTITLE.

To learn more about security configurations, see AUTOTITLE.

Note

You can use {% data variables.product.prodname_github_apps %} with fine-grained permissions to programmatically review and approve delegated dismissal requests. This enables your organization to streamline security request reviews and enforce policies, or integrate with external security tools, ensuring that all reviews meet established standards. For {% data variables.product.prodname_ghe_server %}, the use of {% data variables.product.prodname_github_apps %} to review requests for delegated dismissals is available from version 3.19. For more information about permissions, see Organization permissions for "Organization bypass requests for secret scanning".

{% ifversion secret-scanning-alert-dismiss-custom-role %}

Configuring delegated dismissal for an enterprise

1. Create a new custom security configuration, or edit an existing one. See AUTOTITLE.
2. When defining the custom security configuration, under "{% data variables.product.prodname_secret_protection %}", ensure that the dropdown menu for "Prevent direct alert dismissals" is set to Enabled.
3. Click Save configuration.
4. Apply the security configuration to all (or selected) repositories in your enterprise. See AUTOTITLE.

{% endif %}

Next steps

Now that you have enabled delegated alert dismissal for {% data variables.product.prodname_secret_scanning %}, you should regularly review alert dismissal requests to maintain an accurate alert count and unblock your developers. See AUTOTITLE.