docs/content/github/administering-a-repository/managing-alerts-from-secret-scanning.md

title, intro, product, versions

title	intro	product	versions
Managing alerts from secret scanning	You can view and close alerts for secrets checked in to your repository.	{% data reusables.gated-features.secret-scanning %}	free-pro-team *

{% data reusables.secret-scanning.beta %}

Managing alerts

{% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-security %} 3. In the left sidebar, click Detected secrets. 4. Under "Secret scanning" click the alert you want to view. 5. Optionally, use the "Resolve" drop-down menu and click a reason for resolving an alert.

Securing compromised secrets

Once a secret has been committed to a repository, you should consider the secret compromised. {% data variables.product.prodname_dotcom %} recommends the following actions for compromised secrets:

• For a compromised {% data variables.product.prodname_dotcom %} personal access token, delete the compromised token, create a new token, and update any services that use the old token. For more information, see "Creating a personal access token for the command line."
• For all other secrets, first verify that the secret committed to {% data variables.product.prodname_dotcom %} is valid. If so, create a new secret, update any services that use the old secret, and then delete the old secret.