Skip to main content
Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

GitHub Advanced Security

Additional security features are available on GitHub.com

Secret scanning enabled

👋 Hello!

Secret Scanning is a feature which is now enabled for all repositories in the Department of Veterans Affairs organization.

For more details about Secret Scanning, see About secret scanning.

You may notice that you receive alerts or notifications about potentially vulnerable secrets such as API tokens found in your code.

You can investigate and remediate these by navigating to the security tab on your repository page, and selecting “Detected Secrets” from the left side menu.
secret scanning

For more details on taking action on alerts, see Managing alerts from secret scanning.

Training opportunities

There are pre-recorded mini-lessons for Advanced Security available:

There is also a self-guided Learning Lab course available here.

We will also be providing a hackathon to get teams up and running with Advanced Security on November 3rd. Please go here for more information.

Still need help

Should you need support or have questions about this feature, please open an issue or contact the GitHub team at va-delivery@githhub.com.

These features are only available in GitHub.com and will roll out to GitHub Server (github.va.gov) at a later date.

Lean more about all the offerings from the GitHub Services Team available to the VA here.

Return to Announcements