Secret scanning on private repositories now notifies commit authors when they push a change that includes a potential secret. The commit author can view the associated alert and mark it as revoked or false positive. As always, details of the last action taken on the alert are displayed in the UI and in the API.
GitHub Enterprise Cloud enterprise owners may verify domains across their enterprise account and restrict the sending of email notifications to addresses within those domains. This feature expands upon the existing organization verified domains functionality, allowing the email notification restrictions to apply to specific organizations or the entire enterprise.