Managing secret scanning alerts
-
On your GitHub Enterprise Server instance, navigate to the main page of the repository.
-
Under your repository name, click Security.
-
In the left sidebar, click Secret scanning alerts.
-
Under "Secret scanning" click the alert you want to view.
-
Optionally, select the "Mark as" drop-down menu and click a reason for resolving an alert.
Securing compromised secrets
Once a secret has been committed to a repository, you should consider the secret compromised. GitHub recommends the following actions for compromised secrets:
- For a compromised GitHub personal access token, delete the compromised token, create a new token, and update any services that use the old token. For more information, see "Creating a personal access token for the command line."
- For all other secrets, first verify that the secret committed to GitHub Enterprise Server is valid. If so, create a new secret, update any services that use the old secret, and then delete the old secret.