Secret scanning: public leak (high priority) and multi-repo (deduping) indicators for alerts [GA]
#1040
Labels
ga
Feature phase: Generally available
GHES 3.16
GHES 3.16
GitHub Advanced Security (GHAS)
Product SKU: GitHub Advanced Security
Comments
glider-bot
added
ga
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Value Prop
To help you triage and remediate secret leaks more effectively, GitHub secret scanning indicates if a secret detected in your repository has also leaked publicly with a
public leaklabel on the alert. The alert also indicates if the secret was exposed in other repositories across your organization or enterprise with amulti-repolabel.Expected Outcome
These labels provide additional understanding into the distribution of an exposed secret, while also making it easier to assess an alert’s risk and urgency. For example, a secret which has a known associated exposure in a public location has a higher likelihood of exploitation. Detection of public leaks is only currently supported for provider-based patterns.
The
multi-repolabel makes it easier to de-duplicate alerts and is supported for all secret types, including custom patterns. You can only view and navigate to other enterprise repositories with duplicate alerts if you have appropriate permissions to view them.The text was updated successfully, but these errors were encountered: