Managing alerts from secret scanning
Learn how to find, evaluate, and resolve alerts for secrets stored in your repository.
Who can use this feature?
Secret scanning alerts for partners runs automatically on public repositories and public npm packages to notify service providers about leaked secrets on GitHub.
Secret scanning alerts for users are available for user-owned public repositories for free. Organizations using GitHub Enterprise Cloud with a license for GitHub Advanced Security can also enable secret scanning alerts for users on their private and internal repositories. Additionally, secret scanning alerts for users are available and in beta on user-owned repositories for GitHub Enterprise Cloud with Enterprise Managed Users. For more information, see "About secret scanning alerts" and "About GitHub Advanced Security."
For information about how you can try GitHub Advanced Security for free, see "Setting up a trial of GitHub Advanced Security."
About secret scanning alerts
Learn about the different types of secret scanning alerts.
Viewing and filtering alerts from secret scanning
Learn how to find and filter secret scanning alerts for users for your repository.
Evaluating alerts from secret scanning
Learn about additional features that can help you evaluate alerts and prioritize their remediation, such as checking a secret's validity.
Resolving alerts from secret scanning
After reviewing the details of a secret scanning alert, you should fix and then close the alert.
Monitoring alerts from secret scanning
Learn how and when GitHub Enterprise Cloud will notify you about a secret scanning alert.