APIs to close secret remediation alerts when 'delegated alert dismissal for secret scanning' is enabled

[snair19-wowcorp]

Select Topic Area

General

Body

Dear Github Team and community,
We have noticed that the below API:
PATCH 'https://api.github.com/repos/WoolworthsCORP/csp-driverapp-ui-mui/secret-scanning/alerts/6'
Only works for Organisation Admins when 'Delegate alert dismissal for secret scanning' is enabled. As a repository administrator, when trying to invoke this URL/API, we get a 404. Please see this ticket for more details - https://support.github.com/ticket/enterprise/560/4152125

    Could we have an API that'll allow us, to traverse through the alert dismissal request workflow? Essentially, what we want to do is use an API to trigger the "Close As" action that I see in the UI when trying to resolve the alert.

Thank you.

[jalex19100]

Delegate alert dismissal doesn't sound like it was fully ready for prod and now I regret that we enabled it before it was fully baked. Request dismissal should be consistent with dismiss, which both has an API call AND allows re-opening/cancellation of the dismissal.

In addition to https://github.com/orgs/community/discussions/190728, this is also blocking progress for my project to automate and improve handling of secret-scanning alerts for a large org.

[ahmedsamir46]

Hi there,
It looks like the API for dismissing secret scanning alerts (PATCH https://api.github.com/repos/WoolworthsCORP/csp-driverapp-ui-mui/secret-scanning/alerts/6) only works for Organization Admins if the "Delegate alert dismissal for secret scanning" setting is enabled.
To fix the issue:

1. Enable the "Delegate alert dismissal" setting in the repository's Security settings.
2. Check your permissions to ensure you're an Organization Admin, not just a repository admin.
3. If the issue continues, reach out to GitHub support, referencing this specific behavior.
   Hope this helps!

[jalex19100]

Could we please get consistency in the UI and API when the feature is enabled/disabled?

Assumption: User has permissions to view and dissmiss or request dismissal of a secret-scanning alert, but is not org admin.

When "delegate alert dismissal for secret scanning" is disabled:

• API allows a user to dismiss the alert
• API allows a user to cancel the dismissal
• UI allows a user to dismiss the alert
• UI allows a user to cancel the dismissal.

When "delegate alert dismissal for secret scanning" is enabled:

• API does NOT allow a user to request dismissal of the alert
• API does NOT allow a user to cancel the request for dismissal
• UI allows user to request to dismiss an alert
• UI does NOT allow a user to cancel a request to dismiss an alert (update - cancel is down at the bottom on the right of the related alert history). Cancel should be in the same manner as "cancel/reopen" was for dismissing an alert - near the dismiss/request dismissal button.

This is why I said the feature does not look like it was prod ready. Thanks.

[snair19-wowcorp]

Hi @ahmedsamir46 , If you can see my original post, I have already reached out to GitHub support and they confirmed that the API is incapable of allowing an ordinary user to request the closure of an alert when "Delegate alert dismissal" setting is enabled at the org level.

@jalex19100 Has summarised it perfectly.

At the risk of reiterating - what we require is the API to allow us to request the dismissal of a secret alert by a user (not just org admins).