Enabling delegated alert dismissal for secret scanning

You can use delegated alert dismissal to control who can dismiss an alert found by secret scanning.

누가 이 기능을 사용할 수 있나요?

Organization owners, security managers, and repository administrators can enable delegated alert dismissals. Once enabled, organization owners and security managers can dismiss alerts.

이 문서의 내용

About enabling delegated alert dismissal

Note

The ability to use delegated alert dismissal for secret scanning is currently in 공개 미리 보기 and subject to change.

Delegated alert dismissal lets you restrict which users can directly dismiss an alert. When enabled, users attempting to dismiss an alert will instead create a request for dismissal. When this happens, security managers and organization owners will be notified via email so they can review the request and approve it or deny it. The alert will only be dismissed if the dismissal request is approved; otherwise, the alert will remain open.

When you enable this feature, only security managers and organization owners will be able to approve or deny dismissal requests for alerts. This might create friction and you should ensure to have sufficient coverage in your security managers team before you start.

In addition, dismissal request emails are sent to all organization owners and security managers. Be sure to review these lists periodically to ensure that these are the correct people to take action on these requests.

To learn more about the security manager role, see 조직의 보안 관리자 관리.

Configuring delegated dismissal for a repository

Note

If an organization owner configures delegated alert dismissal via an enforced security configuration, the settings can't be changed at the repository level.

  1. GitHub에서 리포지토리의 기본 페이지로 이동합니다.

  2. 리포지토리 이름 아래에서 설정을 클릭합니다. "설정" 탭이 표시되지 않으면 드롭다운 메뉴를 선택한 다음 설정을 클릭합니다.

    탭을 보여 주는 리포지토리 헤더의 스크린샷. "설정" 탭이 진한 주황색 윤곽선으로 강조 표시됩니다.

  3. 사이드바의 "Security" 섹션에서 Code security 를 클릭합니다.

  4. "Code security"에서 "GitHub Advanced Security"를 찾습니다.

  5. Under "Secret scanning", toggle the option "Prevent direct alert dismissals".

Configuring delegated dismissal for an organization

You must configure delegated dismissal for your organization using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your organization.

  1. Create a new custom security configuration, or edit an existing one. See 사용자 지정 보안 구성 만들기.
  2. When creating the custom security configuration, under "Secret scanning", ensure that the dropdown menus for "Alerts" and "Prevent direct alert dismissals" are set to Enabled.
  3. Click Save configuration.
  4. Apply the security configuration to all (or selected) repositories in your organization. See 사용자 지정 보안 구성 적용.

To learn more about security configurations, see 보안 기능의 대규모 사용 정보.