[2023-03-16]: Secret scanning users can choose how they receive notifications in their user settings - [GA] #9138 (#35281)

Co-authored-by: Sophie <29382425+sophietheking@users.noreply.github.com>
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>

content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md

@@ -244,6 +244,12 @@ The notification options for your user account are available at [https://github.
 
 For more information about the notification delivery methods available to you, and advice on optimizing your notifications for {% data variables.product.prodname_dependabot_alerts %}, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts)."
 
+## {% data variables.product.prodname_secret_scanning_caps %} notification options
+
+{% data reusables.secret-scanning.secret-scanning-configure-notifications %}
+
+For more information on how to configure notifications for {% data variables.secret-scanning.alerts %}, see "[Configuring notifications for secret scanning alerts](/code-security/secret-scanning/managing-alerts-from-secret-scanning#configuring-notifications-for-secret-scanning-alerts)."
+
 {% ifversion update-notification-settings-22 or ghes %}
 ## {% data variables.product.prodname_actions %} notification options
 

content/code-security/secret-scanning/about-secret-scanning.md

@@ -86,12 +86,16 @@ When you enable {% data variables.product.prodname_secret_scanning %} for a repo
 
 If {% data variables.product.prodname_secret_scanning %} detects a secret, {% data variables.product.prodname_dotcom %} generates an alert.
 
-- {% data variables.product.prodname_dotcom %} sends an email alert to the repository administrators and organization owners. You'll receive an alert if you are watching the repository, and if you have enabled notifications either for security alerts or for all the activity on the repository.
+- {% data variables.product.prodname_dotcom %} sends an email alert to the repository administrators and organization owners. You'll receive an alert if you are watching the repository{% ifversion secret-scanning-notification-settings %}, {% else %}, and {% endif %}if you have enabled notifications either for security alerts or for all the activity on the repository{% ifversion secret-scanning-notification-settings %}, and if, in your notification settings, you have selected to receive email notifications for the repositories that you are watching.{% else %}.{% endif %}
 - If the contributor who committed the secret isn't ignoring the repository, {% data variables.product.prodname_dotcom %} will also send an email alert to the contributor. The emails contains a link to the related {% data variables.product.prodname_secret_scanning %} alert. The commit author can then view the alert in the repository, and resolve the alert.
 - {% data variables.product.prodname_dotcom %} displays an alert in the **Security** tab of the repository.
 
 For more information about viewing and resolving {% data variables.secret-scanning.alerts %}, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)."
 
+{% ifversion secret-scanning-notification-settings %}
+For more information on how to configure notifications for {% data variables.secret-scanning.alerts %}, see "[Configuring notifications for secret scanning alerts](/code-security/secret-scanning/managing-alerts-from-secret-scanning#configuring-notifications-for-secret-scanning-alerts)."
+{% endif %}
+
 Repository administrators and organization owners can grant users and teams access to {% data variables.secret-scanning.alerts %}. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)."
 
 {% ifversion ghec or ghes or ghae > 3.4 %}

content/code-security/secret-scanning/managing-alerts-from-secret-scanning.md

@@ -87,9 +87,23 @@ Once a secret has been committed to a repository, you should consider the secret
 
 ## Configuring notifications for {% data variables.secret-scanning.alerts %}
 
-When a new secret is detected, {% data variables.product.product_name %} notifies all users with access to security alerts for the repository according to their notification preferences. You will receive an email notification if you are watching the repository, have enabled notifications for security alerts or for all the activity on the repository, or are the author of the commit that contains the secret and are not ignoring the repository.
+{% data reusables.secret-scanning.secret-scanning-configure-notifications %}
 
-For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)" and "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#configuring-your-watch-settings-for-an-individual-repository)."
+{% ifversion secret-scanning-notification-settings %}
+{% data reusables.repositories.navigate-to-repo %}
+1. To start watching the repository, select **{% octicon "eye" aria-label="The Eye icon" %}Watch**.
+
+   ![Screenshot of the repository's main page. A dropdown menu, titled "Watch", is highlighted with an orange outline.](/assets/images/help/repository/repository-watch-dropdown.png)
+
+1. In the dropdown menu, click **All Activity**. Alternatively, to only subscribe to security alerts, click **Custom**, then click **Security alerts**.
+1. Navigate to the notification settings for your personal account. These are available at [https://github.com/settings/notifications](https://github.com/settings/notifications).
+1. On your notification settings page, under "Subscriptions", then under "Watching", select the **Notify me** dropdown.
+1. Select "Email" as a notification option, then click **Save**.
+
+   ![Screenshot of the notification settings for a user account. An element header, titled "Subscriptions", and a sub-header, titled "Watching", are shown. A checkbox, titled "Email", is highlighted with an orange outline.](/assets/images/help/notifications/secret-scanning-notification-options.png)
+{% endif %}
+
+For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)" and "[Configuring your watch settings for an individual repository](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#configuring-your-watch-settings-for-an-individual-repository)."
 
 ## Auditing responses to secret scanning alerts
 

data/features/secret-scanning-notification-settings.yml

@@ -0,0 +1,7 @@
+# Reference: #9138.
+# Documentation for secret scanning: users can choose how they receive notifications in their notification settings.
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>= 3.9'
+  ghae: '>= 3.9'

data/reusables/secret-scanning/secret-scanning-configure-notifications.md

@@ -0,0 +1,6 @@
+When a new secret is detected, {% data variables.product.product_name %} notifies all users with access to security alerts for the repository according to their notification preferences. You will receive an email notification if:
+- you are watching the repository.
+- you have enabled notifications for "All Activity", or for custom "Security alerts" on the repository{% ifversion secret-scanning-notification-settings %}.
+- in your notification settings, under "Subscriptions", then under "Watching", you have selected to receive notifications by email.{% endif %}
+
+You will also be notified if you are the author of the commit that contains the secret and you are not ignoring the repository.