Release
Delegated alert dismissal for Secret Protection is generally available
Delegated alert dismissal allows you to require a review process before secret scanning alerts are closed. This helps you better manage security risk, as well as meet audit and compliance requirements. This feature is now generally available.
Improvements leading up to GA include:
- Enterprise-level management for secret scanning alert dismissal requests
- REST API support for managing secret scanning alert dismissal requests
- Custom role support for reviewing secret scanning alert dismissal requests
- UX improvements and changes:
- Users can cancel a dismissal request
- Alerts can be reopened after closure via a dismissal request
- All closure requests are shown on the alert timeline
- The user who submitted the request is documented as the user who closed the request
Additional capabilities will be released in the coming weeks, including support for review by programmatic actors, disabling direct dismissal by reviewers, and further API improvements.
Alert dismissal requests can be used in any repository with a GitHub Secret Protection license.
To learn more about alert dismissal requests, view our documentation.