Alert dismissal requests - GitHub Enterprise Cloud Docs

List alert dismissal requests for secret scanning for an enterprise

Lists requests to dismiss secret scanning alerts in an enterprise.

The authenticated user must be an enterprise owner or an enterprise security manager to access this endpoint. Personal access tokens (classic) need the security_events scope to use this endpoint.

Parameters for "List alert dismissal requests for secret scanning for an enterprise"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`enterprise` string Required The slug version of the enterprise name.

Query parameters
Name, Type, Description
`organization_name` string The name of the organization to filter on.
`reviewer` string Filter bypass requests by the handle of the GitHub user who reviewed the bypass request.
`requester` string Filter bypass requests by the handle of the GitHub user who requested the bypass.
`time_period` string The time period to filter by. For example, `day` will filter for rule suites that occurred in the past 24 hours, and `week` will filter for rule suites that occurred in the past 7 days (168 hours). Default: `day` Can be one of: `hour`, `day`, `week`, `month`
`request_status` string The status of the dismissal request to filter on. When specified, only requests with this status will be returned. Default: `all` Can be one of: `completed`, `cancelled`, `approved`, `expired`, `denied`, `open`, `all`
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default: `30`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Default: `1`

http_status_code

status_code	Description
`200`	A list of the alert dismissal requests.
`403`	Forbidden
`404`	Resource not found
`500`	Internal Error

code_samples

data_residency_notice

request_example

get/enterprises/{enterprise}/dismissal-requests/secret-scanning

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/enterprises/ENTERPRISE/dismissal-requests/secret-scanning

A list of the alert dismissal requests.

Status: 200

[
  {
    "id": 21,
    "number": 42,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "secret_scanning_closure",
    "data": [
      {
        "secret_type": "adafruit_io_key",
        "alert_number": 17,
        "reason": "false_positive"
      }
    ],
    "resource_identifier": 17,
    "status": "denied",
    "requester_comment": "Test token used in the readme as an example",
    "expires_at": "2024-07-08T08:43:03Z",
    "created_at": "2024-07-01T08:43:03Z",
    "responses": [
      {
        "id": 42,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "denied",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/secret-scanning/21",
    "html_url": "https://github.com/octo-org/smile/security/secret-scanning/17"
  },
  {
    "id": 22,
    "number": 43,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "secret_scanning_closure",
    "data": [
      {
        "secret_type": "adafruit_io_key",
        "alert_number": 19
      }
    ],
    "resource_identifier": 19,
    "status": "denied",
    "requester_comment": "Test token used in the readme as an example",
    "expires_at": "2024-07-08T08:43:03Z",
    "created_at": "2024-07-01T08:43:03Z",
    "responses": [
      {
        "id": 46,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "approved",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/secret-scanning/22",
    "html_url": "https://github.com/octo-org/smile/security/secret-scanning/19"
  }
]

List alert dismissal requests for secret scanning for an org

Lists requests to dismiss secret scanning alerts in an org.

Delegated alert dismissal must be enabled on repositories in the org and the user must be an org admin, security manager, or have the "Review and manage secret scanning alert dismissal requests" permission to access this endpoint.

fine_grained_access

works_with_fine_grained_tokens:

permission_set:

"Secret scanning alert dismissal requests" organization permissions (read) and "Secret scanning alerts" repository permissions (read)

Parameters for "List alert dismissal requests for secret scanning for an org"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`org` string Required The organization name. The name is not case sensitive.

Query parameters
Name, Type, Description
`repository_name` string The name of the repository to filter on.
`reviewer` string Filter bypass requests by the handle of the GitHub user who reviewed the bypass request.
`requester` string Filter bypass requests by the handle of the GitHub user who requested the bypass.
`time_period` string The time period to filter by. For example, `day` will filter for rule suites that occurred in the past 24 hours, and `week` will filter for rule suites that occurred in the past 7 days (168 hours). Default: `day` Can be one of: `hour`, `day`, `week`, `month`
`request_status` string The status of the dismissal request to filter on. When specified, only requests with this status will be returned. Default: `all` Can be one of: `completed`, `cancelled`, `approved`, `expired`, `denied`, `open`, `all`
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default: `30`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Default: `1`

http_status_code

status_code	Description
`200`	A list of the alert dismissal requests.
`403`	Forbidden
`404`	Resource not found
`500`	Internal Error

code_samples

data_residency_notice

request_example

get/orgs/{org}/dismissal-requests/secret-scanning

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/orgs/ORG/dismissal-requests/secret-scanning

A list of the alert dismissal requests.

Status: 200

[
  {
    "id": 21,
    "number": 42,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "secret_scanning_closure",
    "data": [
      {
        "secret_type": "adafruit_io_key",
        "alert_number": 17,
        "reason": "false_positive"
      }
    ],
    "resource_identifier": 17,
    "status": "denied",
    "requester_comment": "Test token used in the readme as an example",
    "expires_at": "2024-07-08T08:43:03Z",
    "created_at": "2024-07-01T08:43:03Z",
    "responses": [
      {
        "id": 42,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "denied",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/secret-scanning/21",
    "html_url": "https://github.com/octo-org/smile/security/secret-scanning/17"
  },
  {
    "id": 22,
    "number": 43,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "secret_scanning_closure",
    "data": [
      {
        "secret_type": "adafruit_io_key",
        "alert_number": 19
      }
    ],
    "resource_identifier": 19,
    "status": "denied",
    "requester_comment": "Test token used in the readme as an example",
    "expires_at": "2024-07-08T08:43:03Z",
    "created_at": "2024-07-01T08:43:03Z",
    "responses": [
      {
        "id": 46,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "approved",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/secret-scanning/22",
    "html_url": "https://github.com/octo-org/smile/security/secret-scanning/19"
  }
]

List alert dismissal requests for secret scanning for a repository

Lists requests to dismiss secret scanning alerts in a repository.

Delegated alert dismissal must be enabled on the repository and the user must be an org admin, security manager, or have the "Review and manage secret scanning alert dismissal requests" permission to access this endpoint.

fine_grained_access

works_with_fine_grained_tokens:

permission_sets:

"Secret scanning alerts" repository permissions (read) and "Contents" repository permissions (read) and "Secret scanning alert dismissal requests" repository permissions (read)
"Secret scanning alerts" repository permissions (read) and "Contents" repository permissions (read) and "Secret scanning alert dismissal requests" organization permissions (read)

Parameters for "List alert dismissal requests for secret scanning for a repository"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.

Query parameters
Name, Type, Description
`reviewer` string Filter bypass requests by the handle of the GitHub user who reviewed the bypass request.
`requester` string Filter bypass requests by the handle of the GitHub user who requested the bypass.
`time_period` string The time period to filter by. For example, `day` will filter for rule suites that occurred in the past 24 hours, and `week` will filter for rule suites that occurred in the past 7 days (168 hours). Default: `day` Can be one of: `hour`, `day`, `week`, `month`
`request_status` string The status of the dismissal request to filter on. When specified, only requests with this status will be returned. Default: `all` Can be one of: `completed`, `cancelled`, `approved`, `expired`, `denied`, `open`, `all`
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Default: `30`
`page` integer The page number of the results to fetch. For more information, see "Using pagination in the REST API." Default: `1`

http_status_code

status_code	Description
`200`	A list of the alert dismissal requests.
`403`	Forbidden
`404`	Resource not found
`500`	Internal Error

code_samples

data_residency_notice

request_example

get/repos/{owner}/{repo}/dismissal-requests/secret-scanning

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/repos/OWNER/REPO/dismissal-requests/secret-scanning

A list of the alert dismissal requests.

Status: 200

[
  {
    "id": 21,
    "number": 42,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "secret_scanning_closure",
    "data": [
      {
        "secret_type": "adafruit_io_key",
        "alert_number": 17,
        "reason": "false_positive"
      }
    ],
    "resource_identifier": 17,
    "status": "denied",
    "requester_comment": "Test token used in the readme as an example",
    "expires_at": "2024-07-08T08:43:03Z",
    "created_at": "2024-07-01T08:43:03Z",
    "responses": [
      {
        "id": 42,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "denied",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/secret-scanning/21",
    "html_url": "https://github.com/octo-org/smile/security/secret-scanning/17"
  },
  {
    "id": 22,
    "number": 43,
    "repository": {
      "id": 1,
      "name": "smile",
      "full_name": "octo-org/smile"
    },
    "organization": {
      "id": 1,
      "name": "octo-org"
    },
    "requester": {
      "actor_id": 12,
      "actor_name": "monalisa"
    },
    "request_type": "secret_scanning_closure",
    "data": [
      {
        "secret_type": "adafruit_io_key",
        "alert_number": 19
      }
    ],
    "resource_identifier": 19,
    "status": "denied",
    "requester_comment": "Test token used in the readme as an example",
    "expires_at": "2024-07-08T08:43:03Z",
    "created_at": "2024-07-01T08:43:03Z",
    "responses": [
      {
        "id": 46,
        "reviewer": {
          "actor_id": 4,
          "actor_name": "octocat"
        },
        "status": "approved",
        "created_at": "2024-07-02T08:43:04Z"
      }
    ],
    "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/secret-scanning/22",
    "html_url": "https://github.com/octo-org/smile/security/secret-scanning/19"
  }
]

Get an alert dismissal request for secret scanning

Gets a specific request to dismiss a secret scanning alert in a repository.

fine_grained_access

works_with_fine_grained_tokens:

permission_set:

"Secret scanning alerts" repository permissions (read) and "Contents" repository permissions (read)

Parameters for "Get an alert dismissal request for secret scanning"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.
`alert_number` integer Required The number that identifies the secret scanning alert in a repository.

http_status_code

status_code	Description
`200`	A single dismissal request.
`403`	Forbidden
`404`	Resource not found
`500`	Internal Error

code_samples

data_residency_notice

request_example

get/repos/{owner}/{repo}/dismissal-requests/secret-scanning/{alert_number}

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/repos/OWNER/REPO/dismissal-requests/secret-scanning/ALERT_NUMBER

A single dismissal request.

Status: 200

{
  "id": 21,
  "number": 42,
  "repository": {
    "id": 1,
    "name": "smile",
    "full_name": "octo-org/smile"
  },
  "organization": {
    "id": 1,
    "name": "octo-org"
  },
  "requester": {
    "actor_id": 12,
    "actor_name": "monalisa"
  },
  "request_type": "secret_scanning_closure",
  "data": [
    {
      "secret_type": "adafruit_io_key",
      "alert_number": 17,
      "reason": "false_positive"
    }
  ],
  "resource_identifier": 17,
  "status": "denied",
  "requester_comment": "Test token used in the readme as an example",
  "expires_at": "2024-07-08T08:43:03Z",
  "created_at": "2024-07-01T08:43:03Z",
  "responses": [
    {
      "id": 42,
      "reviewer": {
        "actor_id": 4,
        "actor_name": "octocat"
      },
      "status": "denied",
      "created_at": "2024-07-02T08:43:04Z"
    }
  ],
  "url": "https://api.github.com/repos/octo-org/smile/dismissal-requests/secret-scanning/21",
  "html_url": "https://github.com/octo-org/smile/security/secret-scanning/17"
}

Review an alert dismissal request for secret scanning

Approve or deny a request to dismiss a secret scanning alert in a repository.

fine_grained_access

works_with_fine_grained_tokens:

permission_sets:

"Secret scanning alerts" repository permissions (read) and "Contents" repository permissions (read) and "Secret scanning alert dismissal requests" organization permissions (write)
"Secret scanning alerts" repository permissions (read) and "Contents" repository permissions (read) and "Secret scanning alert dismissal requests" repository permissions (write)

Parameters for "Review an alert dismissal request for secret scanning"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`owner` string Required The account owner of the repository. The name is not case sensitive.
`repo` string Required The name of the repository without the `.git` extension. The name is not case sensitive.
`alert_number` integer Required The number that identifies the secret scanning alert in a repository.

Body parameters
Name, Type, Description
`status` string Required The review action to perform on the dismissal request. Can be one of: `approve`, `deny`
`message` string Required A message to include with the review. Has a maximum character length of 2048.

http_status_code

status_code	Description
`200`	The review of the dismissal request.
`403`	Forbidden
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.
`500`	Internal Error

code_samples

data_residency_notice

request_example

patch/repos/{owner}/{repo}/dismissal-requests/secret-scanning/{alert_number}

curl -L \
  -X PATCH \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2026-03-10" \
  https://api.github.com/repos/OWNER/REPO/dismissal-requests/secret-scanning/ALERT_NUMBER \
  -d '{"status":"deny","message":"This secret has not been revoked."}'

The review of the dismissal request.

Status: 200

{
  "dismissal_review_id": 1
}