Today, we’re announcing two major enhancements that help security and developer teams remediate security debt more efficiently.

Security campaigns for secret scanning alerts

Security campaigns are already generally available for code scanning alerts. Starting this week, you will also be able to create security campaigns for secret scanning alerts, enabling your organization to more easily coordinate large-scale remediation efforts. With campaigns, you can prioritize and track progress on critical security issues, moving beyond detection to ensure issues get resolved. Available in public preview, security campaigns for secret scanning alerts help to:

  • Organize and drive remediation for high-impact secrets across repositories
  • Track campaign progress centrally, reducing fragmented ownership and manual processes
  • Improve accountability and focus remediation on what matters most

Organization-level overview for secret scanning campaigns

Security campaigns for secret scanning alerts will be available to customers with GitHub Secret Protection or GitHub Advanced Security. It will be rolling out for customers over the next several days.

To learn more about security campaigns for both code scanning and secret scanning, see About security campaigns.

Assignable alerts for code scanning and secret scanning

Starting today, you can now assign users directly to both code scanning and secret scanning alerts. Now available in public preview, assignable alerts empower teams and individuals to:

  • Take direct ownership of specific security issues
  • Track remediation work within GitHub, integrating alert management with regular development tasks
  • Accelerate remediation cycles and developer engagement by making responsibility clear and actionable

Alert assignees are available to customers with GitHub Code Security, GitHub Secret Protection, or GitHub Advanced Security.

Example of assignment on a code scanning alert

Together, these updates move teams from simply finding vulnerabilities to actually fixing them—helping organizations reduce risk and remediate security debt faster, all within GitHub.

Share your feedback

Have feedback or questions? Join the community discussions to share feedback and tips: