Managing alerts
-
On GitHub, navigate to the main page of the repository.
-
Under your repository name, click Security.
-
In the left sidebar, click Secret scanning alerts.
-
Under "Secret scanning" click the alert you want to view.
-
Optionally, use the "Mark as" drop-down menu and click a reason for resolving an alert.
Securing compromised secrets
Once a secret has been committed to a repository, you should consider the secret compromised. GitHub recommends the following actions for compromised secrets:
- For a compromised GitHub personal access token, delete the compromised token, create a new token, and update any services that use the old token. For more information, see "Creating a personal access token for the command line."
- For all other secrets, first verify that the secret committed to GitHub is valid. If so, create a new secret, update any services that use the old secret, and then delete the old secret.