Alert Types & Response

Learn about the different types of GitHub security alerts and how to respond to them effectively.

Alert Types

Critical Alerts

Secret Exposure: API keys, tokens, or credentials committed to repository.

  • Action: Immediately rotate all exposed credentials

  • Prevention: Use secret scanning pre-commit hooks

Author Mismatch on Protected Branch: Commit from unrecognized author on main/production branch.

  • Action: Investigate immediately, may indicate account compromise

  • Prevention: Enforce commit signing (GPG/SSH)

Force Push to Protected Branch: Git history rewritten on critical branch.

  • Action: Review what was deleted, restore if necessary

  • Prevention: Enable force push restrictions

High Priority Alerts

Critical Dependency Vulnerability: Dependabot reports critical severity vulnerability.

  • Action: Update dependency within 48 hours

  • Prevention: Enable automated dependency updates

New Admin Access: User granted admin permissions to repository.

  • Action: Verify authorization, review access audit log

  • Prevention: Limit admin access, use least privilege principle

Suspicious Commit Pattern: Multiple unusual indicators (timing, location, size).

  • Action: Review commit contents, contact author

  • Prevention: Require commit signing, enable 2FA

Medium Priority Alerts

High/Medium Severity Dependencies: Dependabot alerts for non-critical vulnerabilities.

  • Action: Schedule update in next sprint

  • Prevention: Regular dependency update cycles

Missing Branch Protection: Critical repository lacks branch protection rules.

  • Action: Configure branch protection

  • Prevention: Repository template with security defaults

Unusual Collaborator Addition: New outside collaborator added.

  • Action: Verify need for access, review permissions

  • Prevention: Regular access reviews

Taking Action

Investigating Commits

When suspicious commit detected:

  1. Review the commit diff in GitHub

  2. Check commit author's recent activity

  3. Verify with the supposed author (via separate channel)

  4. Scan commit for malicious code patterns

  5. If malicious, revert and rotate credentials

Responding to Secret Exposure

  1. Immediate: Revoke/rotate the exposed credential

  2. Investigation: Check access logs for unauthorized use

  3. Remediation: Remove secret from git history (git filter-branch or BFG)

  4. Prevention: Add secret to git-secrets or similar pre-commit tool

  5. Documentation: Log incident for security review

Dependency Vulnerability Management

  1. Assess Impact: Determine if vulnerable code path is used

  2. Check Patches: Review available updates and breaking changes

  3. Test Locally: Update and test in development environment

  4. Deploy: Roll out update following normal change management

  5. Verify: Confirm Dependabot alert resolved

Important: Always verify alerts through a separate communication channel. Attackers may use compromised accounts to dismiss or hide alerts.

PreviousConfiguration & Best PracticesNextCI Integration

Last updated