Secret scanning: public leak locations and alert de-duplication across an organization or enterprise - feedback

[erinhav]

What do you think about secret scanning's new public leak and multi-repo indicators?

Public leak locations and duplicate alerts

To help you triage and remediate secret leaks more effectively, GitHub secret scanning now indicates if a secret detected in your repository has also leaked publicly with a public leak label on the alert. The alert also indicates if the secret was exposed in other repositories across your organization or enterprise with a multi-repo label.

These labels provide additional understanding into the distribution of an exposed secret, while also making it easier to assess an alert’s risk and urgency. For example, a secret which has a known associated exposure in a public location has a higher likelihood of exploitation. Detection of public leaks is only currently supported for provider-based patterns.

The multi-repo label makes it easier to de-duplicate alerts and is supported for all secret types, including custom patterns. Both indicators apply only for newly created alerts.

Exact locations, REST API, webhook support

Coming next: you'll be able to view exact locations of known public leaks for a secret scanning alert, as well as any repository names with duplicate alerts across your organization or enterprise. Public leak and multi-repo labels will also be surfaced via the REST API and webhooks.

📖 Helpful information and some friendly reminders:

Learn more about the feature via product documentation. Let us know what you think by signing up for a 60 minute feedback session or commenting below -- we're listening!

[Lashaats]

GitHub's secret scanning now tells you if a leaked secret is public or found in multiple repositories. This helps you quickly understand the risk. Soon, you’ll also be able to see exact leak locations and get API support for easier management.