From 5777e87c556c453852c1946677c7d13ac34e037e Mon Sep 17 00:00:00 2001
From: Dylan Rinker <dylan-rinker@github.com>
Date: Wed, 26 Oct 2022 16:44:03 -0400
Subject: [PATCH] Add details above fine-grain token for secret scanning

Added the scopes needed for new fine-grained token to properly sync secret scanning results
---
 README.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index c01c08c..015f02e 100644
--- a/README.md
+++ b/README.md
@@ -56,7 +56,13 @@ Currently, two-way integration is not yet possible via the action. If you need i
 
 
 #### Using this Action to synchronize secret scanning alerts
-Secret scanning alerts can only be queried with the API in private repositories. For public repositories, there will just be an empty results list. You'll need to pass in a PAT via `github_token` that has admin rights to access secret scanning alerts. Ensure the PAT has the `security_events` scope:
+Secret scanning alerts can only be queried with the API in private repositories. For public repositories, there will just be an empty results list. You'll need to pass in a PAT via `github_token` that has admin rights to access secret scanning alerts.
+
+The PAT needs the following scope to retrieve secret scanning alerts:
+
+**Fine-grained tokens:** `Secret scanning alerts - Read-only`  
+**Tokens (classic):** `security_events`
+
 ```
         with:
           jira_url: '<INSERT JIRA SERVER URL>'