Pricing Templates
Log in Sign up
Integrations / GitHub / ...

GET /repos/{owner}/{repo}/secret-scanning/alerts

Lists secret scanning alerts for an eligible repository, from newest to oldest.

The authenticated user must be an administrator for the repository or for the organization that owns the repository to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the repo or security_events scope to use this endpoint. If this endpoint is only used with public repositories, the token can use the public_repo scope instead.

Servers

Path parameters

Name Type Required Description
repo String Yes

The name of the repository without the .git extension. The name is not case sensitive.
owner String Yes

The account owner of the repository. The name is not case sensitive.

Query parameters

Name Type Required Description
resolution String No

A comma-separated list of resolutions. Only secret scanning alerts with one of these resolutions are listed. Valid resolutions are false_positive, wont_fix, revoked, pattern_edited, pattern_deleted or used_in_tests.
page Integer No

The page number of the results to fetch. For more information, see "Using pagination in the REST API."

Default value: 1
is_multi_repo Boolean No

A boolean value representing whether or not to filter alerts by the multi-repo tag being present.

Default value: false
direction String No

The direction to sort the results by.

Possible values:

  • "desc"
  • "asc"

Default value: "desc"
secret_type String No

A comma-separated list of secret types to return. All default secret patterns are returned. To return generic patterns, pass the token name(s) in the parameter. See "Supported secret scanning patterns" for a complete list of secret types.
sort String No

The property to sort the results by. created means when the alert was created. updated means when the alert was updated or resolved.

Possible values:

  • "updated"
  • "created"

Default value: "created"
per_page Integer No

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

Default value: 30
after String No

A cursor, as given in the Link header. If specified, the query only searches for events after this cursor. To receive an initial cursor on your first request, include an empty "after" query string.
state String No

Set to open or resolved to only list secret scanning alerts in a specific state.

Possible values:

  • "open"
  • "resolved"
before String No

A cursor, as given in the Link header. If specified, the query only searches for events before this cursor. To receive an initial cursor on your first request, include an empty "before" query string.
validity String No

A comma-separated list of validities that, when present, will return alerts that match the validities in this list. Valid options are active, inactive, and unknown.
is_publicly_leaked Boolean No

A boolean value representing whether or not to filter alerts by the publicly-leaked tag being present.

Default value: false

How to start integrating

  1. Add HTTP Task to your workflow definition.
  2. Search for the API you want to integrate with and click on the name.
    • This loads the API reference documentation and prepares the Http request settings.
  3. Click Test request to test run your request to the API and see the API's response.
All third party trademarks (including logos and icons) are the property of their respective owners, which do not sponsor, authorize, or endorse this website.
Pricing Templates Integrations Blog Contact Us Help
© 2025 SimWorkflow
Terms of Service Privacy Policy