-
Suggestion
-
Resolution: Unresolved
-
None
-
None
-
20
-
Currently, when a security scan is performed, and secrets are detected:
Email notifications are sent out to everyone involved in the commit history of the secret: the authors, committers, and the developer who pushed or merged the code containing secrets into the repositories
We want the ability to define a specific subset of people, other than admins, to be alerted of any secrets that have been detected. It could be that they are included as recipients in the alerts themselves or that the alerts are shown in a dashboard available only to that subset of users.
In our case, we would want people in our central security team to have visibility into any alerts so that users who included any secrets with their code have some incentive to remediate this, knowing that it won’t go unnoticed. It could be somewhat similar to what GitHub calls “security managers.”