Allison introduces key updates for GitHub security: security campaigns for secret scanning alerts and assignable alerts for both code and secret scanning, aimed at helping developers and security teams remediate vulnerabilities more effectively.

Accelerate Remediation with GitHub Security Campaigns and Assignable Alerts

Author: Allison

GitHub has launched two significant enhancements designed to streamline the remediation process for security and developer teams:

Security Campaigns for Secret Scanning Alerts

Security campaigns, already available for code scanning alerts, are now rolling out for secret scanning alerts too. These campaigns allow organizations to:

Organize and drive remediation efforts for high-impact secrets across repositories
Centrally track campaign progress, reducing fragmented ownership
Improve accountability and remediation focus

This feature is available in public preview for users with GitHub Secret Protection or GitHub Advanced Security. With security campaigns, teams can prioritize and monitor the handling of critical issues, ensuring vulnerabilities are not only detected but also resolved.

Assignable Alerts for Code Scanning and Secret Scanning

Now, users can assign individuals or teams directly to both code scanning and secret scanning alerts. This workflow improvement lets organizations:

Assign responsibility and ownership for specific security issues
Track remediation efforts within GitHub alongside normal development work
Accelerate resolution cycles by clarifying responsibilities

Assignable alerts are also in public preview for users with GitHub Code Security, GitHub Secret Protection, or GitHub Advanced Security.

Enhanced Team Collaboration

These updates enable organizations to move beyond identifying issues—to coordinating fixes and reducing security debt across their codebases, all integrated within GitHub.

If you have feedback or questions, you can join the discussions:

This post appeared first on “The GitHub Blog”. Read the entire article here