4abdae1a57
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Joe Clark <31087804+jc-clark@users.noreply.github.com>
5.0 KiB
title, intro, permissions, product, versions, type, topics, shortTitle, allowTitleToDifferFromFilename
| title | intro | permissions | product | versions | type | topics | shortTitle | allowTitleToDifferFromFilename | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| About secret scanning alerts | Learn about the different types of {% data variables.secret-scanning.alerts %}. | {% data reusables.permissions.secret-scanning-alerts %} | {% data reusables.gated-features.secret-scanning %} |
|
how_to |
|
About alerts | true |
About types of alerts
{% data reusables.secret-scanning.alert-types %}
About {% ifversion fpt or ghec %}user alerts {% else %}{% data variables.secret-scanning.alerts %}{% endif %}
When {% data variables.product.company_short %} detects a supported secret in a repository that has {% data variables.product.prodname_secret_scanning %} enabled, a {% ifversion fpt or ghec %}user {% else %}{% data variables.product.prodname_secret_scanning %}{% endif %} alert is generated and displayed in the Security tab of the repository.
{% ifversion fpt or ghec %}User {% else %}{% data variables.product.prodname_secret_scanning_caps %} {% endif %}alerts can be of the following types:
- {% ifversion secret-scanning-alert-experimental-list %}Default{% else %}High confidence{% endif %} alerts, which relate to supported patterns and specified custom patterns.
- {% ifversion secret-scanning-generic-tab %}Generic{% elsif ghes = 3.16 %}Experimental{% else %}Other{% endif %} alerts, which can have a higher ratio of false positives or secrets used in tests.
{% data variables.product.prodname_dotcom %} displays {% ifversion secret-scanning-generic-tab %}generic{% elsif ghes = 3.16 %}experimental{% else %}these "other"{% endif %} alerts in a different list to {% ifversion secret-scanning-alert-experimental-list %}default{% else %}high confidence{% endif %} alerts, making triaging a better experience for users. For more information, see AUTOTITLE.
{% data reusables.secret-scanning.secret-scanning-pattern-pair-matches %}
About push protection alerts
Push protection scans pushes for supported secrets. If push protection detects a supported secret, it will block the push. When a contributor bypasses push protection to push a secret to the repository, a push protection alert is generated and displayed in the Security tab of the repository. To see all push protection alerts for a repository, you must filter by bypassed: true on the alerts page. For more information, see AUTOTITLE.
{% data reusables.secret-scanning.secret-scanning-pattern-pair-matches %}
Note
{% ifversion secret-scanning-push-protection-for-users %}You can also enable push protection for your personal account, called "push protection for users", which prevents you from accidentally pushing supported secrets to any public repository. Alerts are not created if you choose to bypass your user-based push protection only. Alerts are only created if the repository itself has push protection enabled. For more information, see AUTOTITLE.{% endif %}
{% data reusables.secret-scanning.push-protection-older-tokens %} For more information about push protection limitations, see AUTOTITLE.
{% ifversion fpt or ghec %}
About partner alerts
When {% data variables.product.company_short %} detects a leaked secret in a public repository or npm package, an alert is sent directly to the secret provider, if they are part of {% data variables.product.company_short %}'s secret scanning partner program. For more information about {% data variables.secret-scanning.partner_alerts %}, see AUTOTITLE and AUTOTITLE.
Partner alerts are not sent to repository administrators, so you do not need to take any action for this type of alert.
{% endif %}