Clik here to view.
Bypass controls for push protection are generally available
Secret scanning bypass privileges for push protection are now generally available. These controls allow you to choose who is allowed to bypass push protection, and introduce a review and approval cycle...
View ArticleSecret scanning support for public leak and multi-repository indicators in...
Public leak and multi-repository indicators are now included in webhook and audit log event payloads for secret scanning alerts. What are public leak and multi-repo labels? To help you triage and...
View ArticleSecret scanning supports delegated bypass for push protection on file uploads...
Secret scanning now supports delegated bypass controls for repository file uploads from the browser. If delegated bypass is configured for an organization or repository, anyone without bypass...
View ArticlePush protection bypass request details are included in the REST API,...
Secret scanning alerts resulting from an approved push protection bypass request will now show relevant details in the alert information surfaced in the REST API, webhooks, and audit logs. This allows...
View ArticleSecret scanning: ability to add an optional comment when reopening alerts
To remediate and triage alerts more effectively, you can now add an optional comment when reopening a secret scanning alert. Comments will appear in the alert timeline. Previously, you could only add a...
View ArticleAccess a repository’s secret scanning scan history with the REST API
A new REST API endpoint lists the secret scanning scan history for a repository, giving you visibility into when different types of secret scanning scans have occurred in your repository. This...
View ArticleClik here to view.
Reviewers can add a comment on push protection bypass requests for secret...
Reviewers can now add comments to push protection bypass requests in secret scanning. These comments help provide context, explaining the reasoning behind approving or denying a request. Requesters...
View ArticleNotice of breaking changes: Security manager REST API will be retired and...
As part of our ongoing efforts to improve flexibility and control for managing the security manager role, we are retiring the security manager API and replacing it with the more robust organization...
View ArticleImproved filtering for secret scanning alerts
You can now more easily filter secret scanning alerts, with new filter options and advanced filtering. Enterprise and organization level list views now include a new menu with commonly used and...
View ArticleAudit log and webhook events for secret scan completions
To enhance auditing and troubleshooting, we’ve introduced new webhook and audit log events to track the completion of certain secret backfill scans on repositories. The events specify the type of...
View Article