Why am I seeing this note?
While we’ve worked hard to make sure that Canarytokens chirp when it matters, we realise that some solutions will occasionally touch Canarytokens in ways that look a lot like attacker behaviour.
We want to let you know this is happening, but we also want to let you know that to us, this doesn’t look like a full-blown attack.
We add these tiny but visible annotations to alerts to let you know what we think.
What is GitHub Secret Scanner?
If secret scanning is enabled for your GitHub repository, GitHub will scan it for known types of secrets.
When the secret scanner detects possible credentials like AWS or Slack API key Canarytokens, it uses these keys to test if they are active. This process will trigger an alert that someone has used your AWS or Slack API key Canarytoken.
So, what does this mean?
We add these annotations to give you some context to why you may be seeing this particular incident.
If you're seeing this annotation, we've deduced that the alert source looks sufficiently like a scan from GitHub's secret scanner.
If you're seeing this annotation, we've deduced that the alert source looks sufficiently like a scan from GitHub's secret scanner.
How do I ignore these alerts?
If your Canarytokens have been added to a GitHub repository with secret scanning enabled and you would prefer to no longer receive these alerts, simply click on the "Ignore alerts like this" button, which will add them to your Global Ignored Alerts list.
We won't notify you of these alerts any longer, but you can still access them at any time.
We won't notify you of these alerts any longer, but you can still access them at any time.
Example of the Annotation exclusion under the Global settings - Ignored Alerts: