About enabling delegated alert dismissal
Note
The ability to use delegated alert dismissal for secret scanning is currently in public preview and subject to change.
Delegated alert dismissal lets you restrict which users can directly dismiss an alert. When enabled, users attempting to dismiss an alert will instead create a request for dismissal. When this happens, security managers and organization owners will be notified via email so they can review the request and approve it or deny it. The alert will only be dismissed if the dismissal request is approved; otherwise, the alert will remain open.
When you enable this feature, only security managers and organization owners will be able to approve or deny dismissal requests for alerts. This might create friction and you should ensure to have sufficient coverage in your security managers team before you start.
In addition, dismissal request emails are sent to all organization owners and security managers. Be sure to review these lists periodically to ensure that these are the correct people to take action on these requests.
To learn more about the security manager role, see Verwalten von Sicherheitsmanagern in deiner Organisation.
Configuring delegated dismissal for a repository
Note
If an organization owner configures delegated alert dismissal via an enforced security configuration, the settings can't be changed at the repository level.
-
Navigieren Sie auf GitHub zur Hauptseite des Repositorys.
-
Wähle unter dem Namen deines Repositorys die Option Einstellungen aus. Wenn die Registerkarte „Einstellungen“ nicht angezeigt wird, wähle im Dropdownmenü die Option Einstellungen aus.
-
Klicke im Abschnitt „Security“ der Seitenleiste auf „Code security“.
-
Suche unter „Code security“ nach „GitHub Advanced Security“.
-
Under "Secret scanning", toggle the option "Prevent direct alert dismissals".
Configuring delegated dismissal for an organization
You must configure delegated dismissal for your organization using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your organization.
- Create a new custom security configuration, or edit an existing one. See Erstellen einer benutzerdefinierten Sicherheitskonfiguration.
- When creating the custom security configuration, under "Secret scanning", ensure that the dropdown menus for "Alerts" and "Prevent direct alert dismissals" are set to Enabled.
- Click Save configuration.
- Apply the security configuration to all (or selected) repositories in your organization. See Anwenden einer benutzerdefinierten Sicherheitskonfiguration.
To learn more about security configurations, see Informationen zum Aktivieren von Sicherheitsfeatures im großen Stil.