Closed github-product-roadmap closed 2 years ago
After reevaluation, we decided that we can best support our customers and their security teams by re-scoping the initial version of this feature as validity checks for GitHub tokens. This way, we hope that we provide our customers with a better understanding of the state of their alerts before they make the choice to revoke the secret or not.
You can follow our work on validity checks for GitHub tokens here: https://github.com/github/roadmap/issues/531
Summary
Users will have the option to revoke GitHub tokens found by secret scanning with 1 click through the secret's UI alert view.
Intended Outcome
We want to enable GHAS customers to efficiently remediate detections of leaked GitHub tokens surfaced by secret scanning.
How will it work?
After taking any initial remediation steps on a detected GitHub token, users can click a
Revoke secret
button that will authorize GitHub to revoke the detected secret.