Skip to content

Secret scanning changes coming to how you opt-in to alert notifications

We are changing how you receive notifications of secret scanning alerts. Previously, to receive secret scanning alert notifications, you had to watch a repository with "All activity" or "Security alerts" and enable Dependabot email alerts to receive notifications.

Beginning March 16, here are the steps you need to take to continue to receive notifications from secret scanning:

  1. (No change required) Watch repositories of interest by choosing "All activity" or "Security alerts". This help you choose what events GitHub will notify you about.
  2. (Action needed) In your user notification settings, choose "Email" in the "Watching" section. This tells GitHub how to notify you. Secret scanning only supports email notifications at this time.

watching settings

In GitHub Desktop 3.1, we introduced viewing the diff of changes across multiple commits. This allows you to be certain there are no unintended changes in the group of commits you are about to push. Taking that feature to the next level, GitHub Desktop 3.2 allows you to Preview your Pull Request – see a diff of all the changes being introduced by your feature branch into your repository's default branch.

Preview Pull Request Image showing debugger in a diff

Learn more about GitHub Desktop here.

See more

You can now set up both SMS and an authenticator app (TOTP) for two-factor authentication on your GitHub.com account. Previously these methods were mutually exclusive, and you needed to create a "fallback" SMS registration that could be used for account recovery.

2FA settings page showing both authenticator app and SMS registered

With this update, we are removing the fallback SMS option, and will migrate all fallback SMS registrations to be standard 2FA methods today. A small set of users had both a primary and fallback SMS registration on their account – they continue to have that fallback SMS registration, and will receive email about it today.

To learn more about setting up 2FA and GitHub's account recovery methods, see "Configuring 2FA" and "Configuring 2fa recovery methods"

See more