Secret scanning - make notification section clearer (#37029)

Co-authored-by: Sophie <29382425+sophietheking@users.noreply.github.com>
2023-05-16 14:53:58 +01:00 · 2023-05-16 14:53:58 +01:00 · f07445fd1d
--- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning.md
+++ b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning.md
@ -116,6 +116,12 @@ Once a secret has been committed to a repository, you should consider the secret

 ## Configuring notifications for {% data variables.secret-scanning.alerts %}

+{% ifversion secret-scanning-backfills %}
+Notifications are different for incremental scans and historical scans.
+
+### Incremental scans
+{% endif %}
+
 {% data reusables.secret-scanning.secret-scanning-configure-notifications %}

 {% ifversion secret-scanning-notification-settings %}
@ -132,7 +138,21 @@ Once a secret has been committed to a repository, you should consider the secret
   ![Screenshot of the notification settings for a user account. An element header, titled "Subscriptions", and a sub-header, titled "Watching", are shown. A checkbox, titled "Email", is highlighted with an orange outline.](/assets/images/help/notifications/secret-scanning-notification-options.png)
 {% endif %}

-For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)" and "[Configuring your watch settings for an individual repository](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#configuring-your-watch-settings-for-an-individual-repository)."
+{% data reusables.secret-scanning.notification-settings %}
+
+{% ifversion secret-scanning-backfills %}
+### Historical scans
+
+For historical scans, {% data variables.product.product_name %} notifies the following users:
+
+- Organization owners, enterprise owners, and security managers—whenever a historical scan is complete, even if no secrets are found.
+- Repository administrators, security managers, and users with custom roles with read/write access—whenever a historical scan detects a secret, and according to their notification preferences.
+
+We do _not_ notify commit authors.
+
+{% data reusables.secret-scanning.notification-settings %}
+
+{% endif %}

 ## Auditing responses to secret scanning alerts

--- a/data/reusables/secret-scanning/notification-settings.md
+++ b/data/reusables/secret-scanning/notification-settings.md
@ -0,0 +1 @@
+For more information about setting up notification preferences, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)" and "[Configuring your watch settings for an individual repository](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#configuring-your-watch-settings-for-an-individual-repository)."
--- a/data/reusables/secret-scanning/secret-scanning-configure-notifications.md
+++ b/data/reusables/secret-scanning/secret-scanning-configure-notifications.md
@ -1,6 +1,16 @@
-When a new secret is detected, {% data variables.product.product_name %} notifies all users with access to security alerts for the repository according to their notification preferences. You will receive an email notification if:
- you are watching the repository.
- you have enabled notifications for "All Activity", or for custom "Security alerts" on the repository{% ifversion secret-scanning-notification-settings %}.
- in your notification settings, under "Subscriptions", then under "Watching", you have selected to receive notifications by email.{% endif %}
+When a new secret is detected, {% data variables.product.product_name %} notifies all users with access to security alerts for the repository according to their notification preferences. These users include:
+- Repository administrators
+- Security managers
+- Users with with custom roles with read/write access
+- Organization owners and enterprise owners, if they are administrators of repositories where secrets were leaked

-You will also be notified if you are the author of the commit that contains the secret and you are not ignoring the repository.
+{% note %}
+
+**Note:** Commit authors who've accidentally committed secrets will be notified, regardless of their notification preferences.
+
+{% endnote %}
+
+You will receive an email notification if:
+- You are watching the repository.
+- You have enabled notifications for "All Activity", or for custom "Security alerts" on the repository{% ifversion secret-scanning-notification-settings %}.
+- In your notification settings, under "Subscriptions", then under "Watching", you have selected to receive notifications by email.{% endif %}
				`@ -0,0 +1 @@`
				For more information about setting up notification preferences, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)" and "[Configuring your watch settings for an individual repository](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#configuring-your-watch-settings-for-an-individual-repository)."