Security campaigns for secret scanning alerts are now in public preview

[samus-aran]

Security campaigns are already generally available for code scanning alerts. Starting this week, you will also be able to create security campaigns for secret scanning alerts, enabling your organization to more easily coordinate large-scale remediation efforts. With campaigns, you can prioritize and track progress on critical security issues, moving beyond detection to ensure issues get resolved. Available in public preview, security campaigns for secret scanning alerts help to:

• Organize and drive remediation for high-impact secrets across repositories
• Track campaign progress centrally, reducing fragmented ownership and manual processes
• Improve accountability and focus remediation on what matters most

Security campaigns for secret scanning alerts will be available to customers with GitHub Secret Protection or GitHub Advanced Security. It will be rolling out for customers over the next several days.

To learn more about security campaigns for both code scanning and secret scanning, see About security campaigns.

[Jumwah]

Seems to be a bug with generic secrets. You can add them manually as filters, but it does not offer them as options in the pull downs and it displays an error.

[RobertBolender]

Thank you for the report! As you discovered, the queries are functional but we are incorrectly displaying errors that are not errors. We will work on fixing that UI experience.

[Omprakash3104]

That's excellent news! The expansion of security campaigns to include secret scanning alerts is a significant enhancement for organizations using GitHub Advanced Security.

This integration addresses a key pain point in security management - coordinating the remediation of exposed secrets across multiple repositories. By providing organization-level overviews and centralized tracking, teams can now:

Systematically prioritize and address high-risk secret exposures

Reduce manual coordination efforts between different teams

Maintain clear accountability throughout the remediation process

Focus on the most critical security issues with proper context

The combination of code scanning and secret scanning campaigns creates a unified approach to security remediation, moving beyond mere detection to ensure actual resolution of vulnerabilities. This is particularly valuable for organizations managing large codebases where secret sprawl can be challenging to track manually.

For teams already using Secret Protection or Advanced Security, this should significantly streamline their security operations and help prevent credential leaks from falling through the cracks during remediation efforts.