diff --git a/content/actions/administering-github-actions/usage-limits-billing-and-administration.md b/content/actions/administering-github-actions/usage-limits-billing-and-administration.md index 7722a551d142..c98c46e3c593 100644 --- a/content/actions/administering-github-actions/usage-limits-billing-and-administration.md +++ b/content/actions/administering-github-actions/usage-limits-billing-and-administration.md @@ -118,7 +118,7 @@ The workflow runs in a repository's workflow run history are retained for 400 da {% data reusables.actions.disabling-github-actions %} -{% ifversion actions-cache-admin-ui %}You can also manage {% data variables.product.prodname_actions %} settings for your enterprise, such as workflow permissions and cache storage.{% endif %} +{% ifversion ghes %}You can also manage {% data variables.product.prodname_actions %} settings for your enterprise, such as workflow permissions and cache storage.{% endif %} For more information, see: * [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository) diff --git a/content/actions/managing-workflow-runs-and-deployments/managing-deployments/managing-environments-for-deployment.md b/content/actions/managing-workflow-runs-and-deployments/managing-deployments/managing-environments-for-deployment.md index 6cc71fcfa935..948bbc9e58ed 100644 --- a/content/actions/managing-workflow-runs-and-deployments/managing-deployments/managing-environments-for-deployment.md +++ b/content/actions/managing-workflow-runs-and-deployments/managing-deployments/managing-environments-for-deployment.md @@ -28,7 +28,7 @@ Environments are used to describe a general deployment target like `production`, You can configure environments with protection rules and secrets. When a workflow job references an environment, the job won't start until all of the environment's protection rules pass. A job also cannot access secrets that are defined in an environment until all the deployment protection rules pass. -{% ifversion actions-break-glass %}Optionally, you can bypass an environment's protection rules and force all pending jobs referencing the environment to proceed. For more information, see [AUTOTITLE](/actions/managing-workflow-runs/reviewing-deployments#bypassing-environment-protection-rules).{% endif %} +Optionally, you can bypass an environment's protection rules and force all pending jobs referencing the environment to proceed. For more information, see [AUTOTITLE](/actions/managing-workflow-runs/reviewing-deployments#bypassing-environment-protection-rules). {% ifversion fpt %} @@ -41,14 +41,12 @@ You can configure environments with protection rules and secrets. When a workflo ## Deployment protection rules -Deployment protection rules require specific conditions to pass before a job referencing the environment can proceed. You can use deployment protection rules to require a manual approval, delay a job, or restrict the environment to certain branches.{% ifversion actions-custom-deployment-protection-rules-beta %} You can also create and implement custom protection rules powered by {% data variables.product.prodname_github_apps %} to use third-party systems to control deployments referencing environments configured on {% data variables.product.github %}. +Deployment protection rules require specific conditions to pass before a job referencing the environment can proceed. You can use deployment protection rules to require a manual approval, delay a job, or restrict the environment to certain branches. You can also create and implement custom protection rules powered by {% data variables.product.prodname_github_apps %} to use third-party systems to control deployments referencing environments configured on {% data variables.product.github %}. Third-party systems can be observability systems, change management systems, code quality systems, or other manual configurations that you use to assess readiness before deployments are safely rolled out to environments. {% data reusables.actions.custom-deployment-protection-rules-limits %} -{% endif %} - ### Required reviewers Use required reviewers to require a specific person or team to approve workflow jobs that reference the environment. You can list up to six users or teams as reviewers. The reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed. @@ -107,8 +105,6 @@ Use deployment branches{% ifversion deployment-protections-tag-patterns %} and t {% endif %} -{% ifversion actions-break-glass %} - ### Allow administrators to bypass configured protection rules By default, administrators can bypass the protection rules and force deployments to specific environments. For more information, see [AUTOTITLE](/actions/managing-workflow-runs/reviewing-deployments#bypassing-environment-protection-rules). @@ -121,9 +117,6 @@ Alternatively, you can configure environments to disallow bypassing the protecti > Allowing administrators to bypass protection rules is only available for public repositories for users on {% data variables.product.prodname_free_user %}, {% data variables.product.prodname_pro %}, and {% data variables.product.prodname_team %} plans. {% endif %} -{% endif %} - -{% ifversion actions-custom-deployment-protection-rules-beta %} ### Custom deployment protection rules @@ -140,8 +133,6 @@ Once custom deployment protection rules have been created and installed on a rep {% endif %} -{% endif %} - ## Environment secrets Secrets stored in an environment are only available to workflow jobs that reference the environment. If the environment requires approval, a job cannot access environment secrets until one of the required reviewers approves it. For more information about secrets, see [AUTOTITLE](/actions/security-guides/using-secrets-in-github-actions). @@ -195,16 +186,12 @@ Variables stored in an environment are only available to workflow jobs that refe 1. Select **Wait timer**. 1. Enter the number of minutes to wait. 1. Click **Save protection rules**. -{%- ifversion actions-break-glass %} 1. Optionally, disallow bypassing configured protection rules. For more information, see [Allow administrators to bypass configured protection rules](#allow-administrators-to-bypass-configured-protection-rules). 1. Deselect **Allow administrators to bypass configured protection rules**. 1. Click **Save protection rules**. -{%- endif %} -{%- ifversion actions-custom-deployment-protection-rules-beta %} 1. Optionally, enable any custom deployment protection rules that have been created with {% data variables.product.prodname_github_apps %}. For more information, see [Custom deployment protection rules](#custom-deployment-protection-rules). 1. Select the custom protection rule you want to enable. 1. Click **Save protection rules**. -{%- endif %} 1. Optionally, specify what branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %} can deploy to this environment. For more information, see [Deployment branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %}](/actions/deployment/targeting-different-environments/managing-environments-for-deployment#deployment-branches{% ifversion deployment-protections-tag-patterns %}-and-tags{% endif %}). 1. Select the desired option in the **Deployment branches** dropdown. 1. If you chose **Selected branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %}**, to add a new rule, click **Add deployment branch{% ifversion deployment-protections-tag-patterns %} or tag{% endif %} rule** diff --git a/content/actions/managing-workflow-runs-and-deployments/managing-deployments/reviewing-deployments.md b/content/actions/managing-workflow-runs-and-deployments/managing-deployments/reviewing-deployments.md index 4e84b29e1881..316be4d33d30 100644 --- a/content/actions/managing-workflow-runs-and-deployments/managing-deployments/reviewing-deployments.md +++ b/content/actions/managing-workflow-runs-and-deployments/managing-deployments/reviewing-deployments.md @@ -34,8 +34,6 @@ For more information about environments and required approvals, see [AUTOTITLE]( {% endif %} -{% ifversion actions-break-glass %} - ## Bypassing deployment protection rules If you have configured deployment protection rules that control whether software can be deployed to an environment, you can bypass these rules and force all pending jobs referencing the environment to proceed. @@ -50,4 +48,3 @@ If you have configured deployment protection rules that control whether software 1. In the pop-up window, select the environments for which you want to bypass deployment protection rules. 1. Under **Leave a comment**, enter a description for bypassing the deployment protection rules. 1. Click **I understand the consequences, start deploying**. -{% endif %} diff --git a/content/actions/writing-workflows/choosing-what-your-workflow-does/caching-dependencies-to-speed-up-workflows.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/caching-dependencies-to-speed-up-workflows.md index c12de102babf..426c578c9525 100644 --- a/content/actions/writing-workflows/choosing-what-your-workflow-does/caching-dependencies-to-speed-up-workflows.md +++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/caching-dependencies-to-speed-up-workflows.md @@ -257,22 +257,14 @@ For example, if a pull request contains a `feature` branch and targets the defau ## Usage limits and eviction policy -{% data variables.product.prodname_dotcom %} will remove any cache entries that have not been accessed in over 7 days. There is no limit on the number of caches you can store, but the total size of all caches in a repository is limited{% ifversion actions-cache-policy-apis %}. By default, the limit is 10 GB per repository, but this limit might be different depending on policies set by your enterprise owners or repository administrators.{% else %} to 10 GB.{% endif %} {% data reusables.actions.cache-eviction-policy %} +{% data variables.product.prodname_dotcom %} will remove any cache entries that have not been accessed in over 7 days. There is no limit on the number of caches you can store, but the total size of all caches in a repository is limited{% ifversion ghes %}. By default, the limit is 10 GB per repository, but this limit might be different depending on policies set by your enterprise owners or repository administrators.{% else %} to 10 GB.{% endif %} {% data reusables.actions.cache-eviction-policy %} -{% data reusables.actions.cache-eviction-process %} {% ifversion actions-cache-ui %}The cache eviction process may cause cache thrashing, where caches are created and deleted at a high frequency. To reduce this, you can review the caches for a repository and take corrective steps, such as removing caching from specific workflows. For more information, see [Managing caches](#managing-caches).{% endif %}{% ifversion actions-cache-admin-ui %} You can also increase the cache size limit for a repository. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-cache-storage-for-a-repository). - -{% elsif actions-cache-policy-apis %} - -For information on changing the policies for the repository cache size limit, see [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-for-cache-storage-in-your-enterprise) and [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-cache-storage-for-a-repository). +{% data reusables.actions.cache-eviction-process %} The cache eviction process may cause cache thrashing, where caches are created and deleted at a high frequency. To reduce this, you can review the caches for a repository and take corrective steps, such as removing caching from specific workflows. For more information, see [Managing caches](#managing-caches).{% ifversion ghes %} You can also increase the cache size limit for a repository. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#configuring-cache-storage-for-a-repository). {% endif %} -{% ifversion actions-cache-management %} - ## Managing caches -{% ifversion actions-cache-ui %} - To manage caches created from your workflows, you can: * View a list of all cache entries for a repository. @@ -289,16 +281,6 @@ There are multiple ways to manage caches for your repositories: > [!NOTE] > If you are doing this manually, ensure you have version 2.32.0 or higher of the CLI installed. -{% else %} - -You can use the {% data variables.product.product_name %} REST API to manage your caches. {% ifversion actions-cache-list-delete-apis %}You can use the API to list and delete cache entries, and see your cache usage.{% elsif actions-cache-management %}At present, you can use the API to see your cache usage, with more functionality expected in future updates.{% endif %} For more information, see [AUTOTITLE](/rest/actions/cache). - -You can also install a {% data variables.product.prodname_cli %} extension to manage your caches from the command line. For more information about the extension, see [the extension documentation](https://github.com/actions/gh-actions-cache#readme). For more information about {% data variables.product.prodname_cli %} extensions, see [AUTOTITLE](/github-cli/github-cli/using-github-cli-extensions). - -{% endif %} - -{% ifversion actions-cache-ui %} - ### Viewing cache entries You can use the web interface to view a list of cache entries for a repository. In the cache list, you can see how much disk space each cache is using, when the cache was created, and when the cache was last used. @@ -324,12 +306,6 @@ Users with `write` access to a repository can use the {% data variables.product. ![Screenshot of the list of cache entries. A trash can icon, used to delete a cache, is highlighted with a dark orange outline.](/assets/images/help/repository/actions-cache-delete.png) -{% endif %} - -{% endif %} - -{% ifversion actions-cache-list-delete-apis %} - ### Force deleting cache entries Caches have branch scope restrictions in place, which means some caches have limited usage options. For more information on cache scope restrictions, see [Restrictions for accessing a cache](#restrictions-for-accessing-a-cache), earlier in this article. If caches limited to a specific branch are using a lot of storage quota, it may cause caches from the `default` branch to be created and deleted at a high frequency. @@ -371,5 +347,3 @@ jobs: ``` Alternatively, you can use the API to automatically list or delete all caches on your own cadence. For more information, see [AUTOTITLE](/rest/actions/cache#about-the-cache-in-github-actions). - -{% endif %} diff --git a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md index 8a6b95eabf94..23b09fa55960 100644 --- a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md +++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md @@ -111,7 +111,7 @@ By default, artifacts and log files generated by workflows are retained for 90 d Changes only apply to new artifacts and log files. -{% ifversion actions-cache-policy-apis %} +{% ifversion ghes %} ### Maximum and default cache size limits @@ -124,7 +124,7 @@ By default: You can customize both the default total cache size for each repository and the maximum total cache size allowed for a repository. For example, you might want the default total cache size for each repository to be 5 GB, but also allow administrators to configure a total cache size up to 15 GB for individual repositories. -{% ifversion actions-cache-admin-ui %}Organization owners can set a lower total cache size that applies to each repository in their organization. {% endif %}People with admin access to a repository can set a total cache size for their repository up to the maximum cache size allowed by the enterprise {% ifversion actions-cache-admin-ui %}or organization{% endif %} policy setting. +Organization owners can set a lower total cache size that applies to each repository in their organization. People with admin access to a repository can set a total cache size for their repository up to the maximum cache size allowed by the enterprise or organization policy setting. {% endif %} diff --git a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md index e4de9af65db1..2d650852eac4 100644 --- a/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md +++ b/content/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication.md @@ -41,13 +41,9 @@ If you're a member of an {% data variables.enterprise.prodname_emu_enterprise %} > * If you're a member{% ifversion fpt or ghec %} or billing manager{% endif %} of an organization that requires 2FA, you will be unable to access that organization's resources while you have 2FA disabled. > * If you disable 2FA, you will automatically lose access to the organization. To regain access to the organization, if you're a member{% ifversion fpt or ghec %} or billing manager{% endif %}, you must re-enable 2FA. If you're an outside collaborator, you will also lose access to any private forks you have of the organization's private repositories after disabling 2FA, and must re-enable 2FA and contact an organization owner to have access restored. -{% ifversion 2fa-reconfiguration-inline-update %} - > [!NOTE] > You can reconfigure your 2FA settings without disabling 2FA entirely, allowing you to keep both your recovery codes and your membership in organizations that require 2FA. -{% endif %} - ## Configuring two-factor authentication using a TOTP app A time-based one-time password (TOTP) application automatically generates an authentication code that changes after a certain period of time. These apps can be downloaded to your phone or desktop. We recommend using cloud-based TOTP apps. {% data variables.product.prodname_dotcom %} is app-agnostic when it comes to TOTP apps, so you have the freedom to choose any TOTP app you prefer. Just search for `TOTP app` in your browser to find various options. You can also refine your search by adding keywords like `free` or `open source` to match your preferences. diff --git a/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md b/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md index 9c88c9602ee8..9207a188d3c5 100644 --- a/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md +++ b/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md @@ -1,6 +1,6 @@ --- title: About Dependabot alerts -intro: '{% data variables.product.product_name %} sends {% data variables.product.prodname_dependabot_alerts %} when we detect that your repository uses a vulnerable dependency.' +intro: '{% data variables.product.github %} sends {% data variables.product.prodname_dependabot_alerts %} when we detect that your repository uses a vulnerable dependency.' product: '{% data reusables.gated-features.dependabot-alerts %}' redirect_from: - /articles/about-security-alerts-for-vulnerable-dependencies @@ -67,12 +67,12 @@ You can also enable or disable {% data variables.product.prodname_dependabot_ale For information about access requirements for actions related to {% data variables.product.prodname_dependabot_alerts %}, see [AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization#access-requirements-for-security-features). -{% data variables.product.product_name %} starts generating the dependency graph immediately and generates alerts for any insecure dependencies as soon as they are identified. The graph is usually populated within minutes but this may take longer for repositories with many dependencies. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories). +{% data variables.product.github %} starts generating the dependency graph immediately and generates alerts for any insecure dependencies as soon as they are identified. The graph is usually populated within minutes but this may take longer for repositories with many dependencies. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-private-repositories). {% endif %} -When {% data variables.product.product_name %} identifies a vulnerable dependency, we generate a {% data variables.product.prodname_dependabot %} alert and display it on the **Security** tab for the repository and in the repository's dependency graph. The alert includes a link to the affected file in the project, and information about a fixed version. +When {% data variables.product.github %} identifies a vulnerable dependency, we generate a {% data variables.product.prodname_dependabot %} alert and display it on the **Security** tab for the repository and in the repository's dependency graph. The alert includes a link to the affected file in the project, and information about a fixed version. -{% data variables.product.product_name %} may also notify the maintainers of affected repositories about new alerts according to their notification preferences.{% ifversion dependabot-suppressed-notifications %} When {% data variables.product.prodname_dependabot %} is first enabled, {% data variables.product.product_name %} does not send notifications for all vulnerable dependencies found in your repository, only for new vulnerable dependencies identified after {% data variables.product.prodname_dependabot %} is enabled.{% endif %} For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts). +{% data variables.product.github %} may also notify the maintainers of affected repositories about new alerts according to their notification preferences.{% ifversion dependabot-suppressed-notifications %} When {% data variables.product.prodname_dependabot %} is first enabled, {% data variables.product.github %} does not send notifications for all vulnerable dependencies found in your repository, only for new vulnerable dependencies identified after {% data variables.product.prodname_dependabot %} is enabled.{% endif %} For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts). {% data reusables.dependabot.dependabot-alert-create-PR %} @@ -83,13 +83,13 @@ When {% data variables.product.product_name %} identifies a vulnerable dependenc {% endif %} > [!WARNING] -> {% data variables.product.product_name %}'s security features do not claim to catch all vulnerabilities. We actively maintain {% data variables.product.prodname_advisory_database %} and generate alerts with the most up-to-date information. However, we cannot catch everything or tell you about known vulnerabilities within a guaranteed time frame. These features are not substitutes for human review of each dependency for potential vulnerabilities or any other issues, and we recommend consulting with a security service or conducting a thorough dependency review when necessary. +> {% data variables.product.github %}'s security features do not claim to catch all vulnerabilities. We actively maintain {% data variables.product.prodname_advisory_database %} and generate alerts with the most up-to-date information. However, we cannot catch everything or tell you about known vulnerabilities within a guaranteed time frame. These features are not substitutes for human review of each dependency for potential vulnerabilities or any other issues, and we recommend consulting with a security service or conducting a thorough dependency review when necessary. ## Access to {% data variables.product.prodname_dependabot_alerts %} You can see all of the alerts that affect a particular project{% ifversion fpt or ghec %} on the repository's **Security** tab or{% endif %} in the repository's dependency graph. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts). -By default, we notify people with write, maintain, or admin permissions in the affected repositories about new {% data variables.product.prodname_dependabot_alerts %}. {% ifversion fpt or ghec %}{% data variables.product.product_name %} never publicly discloses insecure dependencies for any repository. You can also make {% data variables.product.prodname_dependabot_alerts %} visible to additional people or teams working with repositories that you own or have admin permissions for. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts). +By default, we notify people with write, maintain, or admin permissions in the affected repositories about new {% data variables.product.prodname_dependabot_alerts %}. {% ifversion fpt or ghec %}{% data variables.product.github %} never publicly discloses insecure dependencies for any repository. You can also make {% data variables.product.prodname_dependabot_alerts %} visible to additional people or teams working with repositories that you own or have admin permissions for. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts). {% endif %} {% data reusables.notifications.vulnerable-dependency-notification-enable %} diff --git a/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md b/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md index fc2d3d4a710b..26a90e32575f 100644 --- a/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md +++ b/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md @@ -68,7 +68,7 @@ When you enable {% data variables.product.prodname_dependabot_alerts %} for exis You can manage {% data variables.product.prodname_dependabot_alerts %} for your public, private or internal repository. -By default, we notify people with write, maintain, or admin permissions in the affected repositories about new {% data variables.product.prodname_dependabot_alerts %}. {% data variables.product.product_name %} never publicly discloses insecure dependencies for any repository. You can also make {% data variables.product.prodname_dependabot_alerts %} visible to additional people or teams working on repositories that you own or have admin permissions for. +By default, we notify people with write, maintain, or admin permissions in the affected repositories about new {% data variables.product.prodname_dependabot_alerts %}. {% data variables.product.github %} never publicly discloses insecure dependencies for any repository. You can also make {% data variables.product.prodname_dependabot_alerts %} visible to additional people or teams working on repositories that you own or have admin permissions for. {% data reusables.security.security-and-analysis-features-enable-read-only %} diff --git a/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md b/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md index 26612b5f4391..57ff634244f3 100644 --- a/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md +++ b/content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md @@ -22,12 +22,12 @@ topics: ## About notifications for {% data variables.product.prodname_dependabot_alerts %} -When {% data variables.product.prodname_dependabot %} detects vulnerable dependencies in your repositories, we generate a {% data variables.product.prodname_dependabot %} alert and display it on the **Security** tab for the repository. {% data variables.product.product_name %} notifies the maintainers of affected repositories about the new alert according to their notification preferences.{% ifversion fpt or ghec %} {% data variables.product.prodname_dependabot %} is enabled by default on all public repositories, and needs to be enabled on private repositories. By default, you will receive {% data variables.product.prodname_dependabot_alerts %} by email. You can override the default overall behavior by choosing the type of notifications you want to receive, or switching notifications off altogether in the settings page for your user notifications at [https://github.com/settings/notifications](https://github.com/settings/notifications). +When {% data variables.product.prodname_dependabot %} detects vulnerable dependencies in your repositories, we generate a {% data variables.product.prodname_dependabot %} alert and display it on the **Security** tab for the repository. {% data variables.product.github %} notifies the maintainers of affected repositories about the new alert according to their notification preferences.{% ifversion fpt or ghec %} {% data variables.product.prodname_dependabot %} is enabled by default on all public repositories, and needs to be enabled on private repositories. By default, you will receive {% data variables.product.prodname_dependabot_alerts %} by email. You can override the default overall behavior by choosing the type of notifications you want to receive, or switching notifications off altogether in the settings page for your user notifications at [https://github.com/settings/notifications](https://github.com/settings/notifications). {% endif %} {% data reusables.dependabot.no-dependabot-alerts-for-malware %} -{% ifversion dependabot-suppressed-notifications %}Regardless of your notification preferences, when {% data variables.product.prodname_dependabot %} is first enabled, {% data variables.product.product_name %} does not send notifications for all vulnerable dependencies found in your repository. Instead, you will receive notifications for new vulnerable dependencies identified after {% data variables.product.prodname_dependabot %} is enabled, if your notification preferences allow it.{% endif %} +{% ifversion dependabot-suppressed-notifications %}Regardless of your notification preferences, when {% data variables.product.prodname_dependabot %} is first enabled, {% data variables.product.github %} does not send notifications for all vulnerable dependencies found in your repository. Instead, you will receive notifications for new vulnerable dependencies identified after {% data variables.product.prodname_dependabot %} is enabled, if your notification preferences allow it.{% endif %} {% ifversion fpt or ghec %}If you're an organization owner, you can enable or disable {% data variables.product.prodname_dependabot_alerts %} for all repositories in your organization with one click. You can also set whether {% data variables.product.prodname_dependabot_alerts %} will be enabled or disabled for newly-created repositories. For more information, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-new-repositories-when-they-are-added). {% endif %} @@ -40,7 +40,7 @@ Enterprise owners can also enable {% data variables.product.prodname_dependabot_ ## Configuring notifications for {% data variables.product.prodname_dependabot_alerts %} -When a new {% data variables.product.prodname_dependabot %} alert is detected, {% data variables.product.product_name %} notifies all users with access to {% data variables.product.prodname_dependabot_alerts %} for the repository according to their notification preferences. You will receive alerts if you are watching the repository, have enabled notifications for security alerts or for all the activity on the repository, and are not ignoring the repository. For more information, see [AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#configuring-your-watch-settings-for-an-individual-repository). +When a new {% data variables.product.prodname_dependabot %} alert is detected, {% data variables.product.github %} notifies all users with access to {% data variables.product.prodname_dependabot_alerts %} for the repository according to their notification preferences. You will receive alerts if you are watching the repository, have enabled notifications for security alerts or for all the activity on the repository, and are not ignoring the repository. For more information, see [AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#configuring-your-watch-settings-for-an-individual-repository). You can configure notification settings for yourself or your organization from the Manage notifications drop-down {% octicon "bell" aria-label="The notifications bell" %} shown at the top of each page. For more information, see [AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications#choosing-your-notification-settings). diff --git a/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md b/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md index 579756c2e78f..f9bfbd9c067b 100644 --- a/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md +++ b/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md @@ -1,6 +1,6 @@ --- title: Viewing and updating Dependabot alerts -intro: 'If {% data variables.product.product_name %} discovers insecure dependencies in your project, you can view details on the Dependabot alerts tab of your repository. Then, you can update your project to resolve or dismiss the alert.' +intro: 'If {% data variables.product.github %} discovers insecure dependencies in your project, you can view details on the Dependabot alerts tab of your repository. Then, you can update your project to resolve or dismiss the alert.' redirect_from: - /articles/viewing-and-updating-vulnerable-dependencies-in-your-repository - /github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository @@ -30,7 +30,7 @@ You can enable automatic security updates for any repository that uses {% data v ## About updates for vulnerable dependencies in your repository -{% data variables.product.product_name %} generates {% data variables.product.prodname_dependabot_alerts %} when we detect that the default branch of your codebase is using dependencies with known security risks. For repositories where {% data variables.product.prodname_dependabot_security_updates %} are enabled, when {% data variables.product.product_name %} detects a vulnerable dependency in the default branch, {% data variables.product.prodname_dependabot %} creates a pull request to fix it. The pull request will upgrade the dependency to the minimum possible secure version needed to avoid the vulnerability. +{% data variables.product.github %} generates {% data variables.product.prodname_dependabot_alerts %} when we detect that the default branch of your codebase is using dependencies with known security risks. For repositories where {% data variables.product.prodname_dependabot_security_updates %} are enabled, when {% data variables.product.github %} detects a vulnerable dependency in the default branch, {% data variables.product.prodname_dependabot %} creates a pull request to fix it. The pull request will upgrade the dependency to the minimum possible secure version needed to avoid the vulnerability. {% data reusables.dependabot.no-dependabot-alerts-for-malware %} diff --git a/content/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories.md b/content/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories.md index ea2e5e7e89ee..ce6920d47f02 100644 --- a/content/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories.md +++ b/content/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories.md @@ -34,7 +34,7 @@ You can configure updates for repositories that contain a dependency manifest or {% ifversion ghes %} > [!NOTE] -> To ensure that {% data variables.product.product_name %} supports {% data variables.product.prodname_dependabot_updates %} for the latest supported ecosystem versions, your enterprise owner must download the most recent version of the [{% data variables.product.prodname_dependabot %} action](https://github.com/github/dependabot-action). {% data reusables.actions.action-bundled-actions %} +> To ensure that {% data variables.product.prodname_ghe_server %} supports {% data variables.product.prodname_dependabot_updates %} for the latest supported ecosystem versions, your enterprise owner must download the most recent version of the [{% data variables.product.prodname_dependabot %} action](https://github.com/github/dependabot-action). {% data reusables.actions.action-bundled-actions %} {% endif %} > [!NOTE] diff --git a/content/code-security/dependabot/troubleshooting-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md b/content/code-security/dependabot/troubleshooting-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md index 2f50c05f190d..5073ffcfea98 100644 --- a/content/code-security/dependabot/troubleshooting-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md +++ b/content/code-security/dependabot/troubleshooting-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md @@ -1,6 +1,6 @@ --- title: Troubleshooting the detection of vulnerable dependencies -intro: 'If the dependency information reported by {% data variables.product.product_name %} is not what you expected, there are a number of points to consider, and various things you can check.' +intro: 'If the dependency information reported by {% data variables.product.github %} is not what you expected, there are a number of points to consider, and various things you can check.' shortTitle: Troubleshoot vulnerability detection redirect_from: - /github/managing-security-vulnerabilities/troubleshooting-the-detection-of-vulnerable-dependencies diff --git a/content/code-security/dependabot/troubleshooting-dependabot/viewing-dependabot-job-logs.md b/content/code-security/dependabot/troubleshooting-dependabot/viewing-dependabot-job-logs.md index 91efc7a59701..c43797d775f6 100644 --- a/content/code-security/dependabot/troubleshooting-dependabot/viewing-dependabot-job-logs.md +++ b/content/code-security/dependabot/troubleshooting-dependabot/viewing-dependabot-job-logs.md @@ -1,6 +1,6 @@ --- title: Viewing Dependabot job logs -intro: 'To support debugging of {% data variables.product.prodname_dependabot %} pull requests, {% data variables.product.product_name %} provides logs of all {% data variables.product.prodname_dependabot %} jobs.' +intro: 'To support debugging of {% data variables.product.prodname_dependabot %} pull requests, {% data variables.product.github %} provides logs of all {% data variables.product.prodname_dependabot %} jobs.' shortTitle: Viewing Dependabot logs permissions: '{% data reusables.permissions.dependabot-various-tasks %}' versions: diff --git a/content/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners.md b/content/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners.md index b77a81fc1ae5..dc71126c3736 100644 --- a/content/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners.md +++ b/content/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners.md @@ -39,9 +39,9 @@ If you are transitioning to using {% data variables.product.prodname_dependabot {% data reusables.dependabot.dependabot-on-actions-enterprise-policy-condition %} -## Enabling or disabling {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_dotcom %}-hosted runners +## Enabling or disabling {% data variables.product.prodname_dependabot %} on {% data variables.product.github %}-hosted runners -This section only applies to standard {% data variables.product.prodname_dotcom %}-hosted runners, not larger runners. +This section only applies to standard {% data variables.product.github %}-hosted runners, not larger runners. New repositories that you create in your user account or in your organization will automatically be configured to run {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} if any of the following is true: * {% data variables.product.prodname_dependabot %} is installed and enabled, and {% data variables.product.prodname_actions %} is enabled and in use. @@ -49,7 +49,7 @@ New repositories that you create in your user account or in your organization wi For existing repositories, you can opt in to run {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} as follows. -Future releases of {% data variables.product.product_name %} will remove the ability to disable running {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %}. +Future releases of {% data variables.product.github %} will remove the ability to disable running {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %}. If you restrict access to your organization's or repository's private resources, you may need to update your list of allowed IP addresses prior to enabling {% data variables.product.prodname_dependabot %} on {% data variables.product.prodname_actions %} runners. You can update your IP allow list to use the {% data variables.product.prodname_dotcom %}-hosted runners IP addresses (instead of the {% data variables.product.prodname_dependabot %} IP addresses), sourced from the [meta](/rest/meta) REST API endpoint. diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings.md b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings.md index 802e26d13f1f..517d97791f6b 100644 --- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings.md +++ b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings.md @@ -43,7 +43,7 @@ To best secure your organization, you should encourage contributors to review an {% data reusables.security-configurations.secret-scanning-security-configs-summary %} {% ifversion fpt or ghec %}There are two types of {% data variables.product.prodname_secret_scanning %} alerts: * {% data variables.secret-scanning.partner_alerts_caps %}, which are sent to the provider who issued the secret -* {% data variables.secret-scanning.user_alerts_caps %}, which appear on {% data variables.product.product_name %} and can be resolved +* {% data variables.secret-scanning.user_alerts_caps %}, which appear on {% data variables.product.github %} and can be resolved {% endif %} You can view {% data variables.product.prodname_secret_scanning %} alerts for an organization by navigating to the main page of that organization, clicking the **{% octicon "shield" aria-hidden="true" %} Security** tab, then clicking **{% octicon "key" aria-hidden="true" %} {% data variables.product.prodname_secret_scanning_caps %}**. diff --git a/content/code-security/supply-chain-security/end-to-end-supply-chain/end-to-end-supply-chain-overview.md b/content/code-security/supply-chain-security/end-to-end-supply-chain/end-to-end-supply-chain-overview.md index c93a1965676a..98c3861e225d 100644 --- a/content/code-security/supply-chain-security/end-to-end-supply-chain/end-to-end-supply-chain-overview.md +++ b/content/code-security/supply-chain-security/end-to-end-supply-chain/end-to-end-supply-chain-overview.md @@ -23,7 +23,7 @@ For information about features in {% data variables.product.prodname_dotcom %} t ## About these guides -This series of guides explains how to think about securing your end-to-end supply chain: personal account, code, and build processes. Each guide explains the risk to that area, and introduces the {% data variables.product.product_name %} features that can help you address that risk. +This series of guides explains how to think about securing your end-to-end supply chain: personal account, code, and build processes. Each guide explains the risk to that area, and introduces the {% data variables.product.github %} features that can help you address that risk. Everyone's needs are different, so each guide starts with the highest impact change, and continues from there with additional improvements you should consider. You should feel free to skip around and focus on improvements you think will have the biggest benefit. The goal isn't to do everything at once but to continuously improve security in your systems over time. diff --git a/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-accounts.md b/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-accounts.md index c41d771afd02..cadb8c126ebd 100644 --- a/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-accounts.md +++ b/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-accounts.md @@ -21,7 +21,7 @@ This guide describes the highest impact changes you can make to increase account ## What's the risk? -Account security is fundamental to the security of your supply chain. If an attacker can take over your account on {% data variables.product.product_name %}, they can then make malicious changes to your code or build process. So your first goal should be to make it difficult for someone to take over your account and the accounts of other {% ifversion ghes %}users{% else %}members{% endif %} of {% ifversion fpt %}your organization{% elsif ghec %}your organization or enterprise{% elsif ghes %}your instance{% endif %}. +Account security is fundamental to the security of your supply chain. If an attacker can take over your account on {% data variables.product.github %}, they can then make malicious changes to your code or build process. So your first goal should be to make it difficult for someone to take over your account and the accounts of other {% ifversion ghes %}users{% else %}members{% endif %} of {% ifversion fpt %}your organization{% elsif ghec %}your organization or enterprise{% elsif ghes %}your instance{% endif %}. {% ifversion ghec or ghes %} @@ -30,21 +30,21 @@ Account security is fundamental to the security of your supply chain. If an atta {% endif %} {% ifversion ghec %} -If you're an enterprise or organization owner, you can configure centralized authentication with SAML. While you can add or remove members manually, it's simpler and more secure to set up single sign-on (SSO) and SCIM between {% data variables.product.product_name %} and your SAML identity provider (IdP). This also simplifies the authentication process for all members of your enterprise. +If you're an enterprise or organization owner, you can configure centralized authentication with SAML. While you can add or remove members manually, it's simpler and more secure to set up single sign-on (SSO) and SCIM between {% data variables.product.github %} and your SAML identity provider (IdP). This also simplifies the authentication process for all members of your enterprise. You can configure SAML authentication for an enterprise or organization account. With SAML, you can grant access to the personal accounts of members of your enterprise or organization on {% data variables.product.prodname_dotcom %} through your IdP, or you can create and control the accounts that belong to your enterprise by using {% data variables.product.prodname_emus %}. For more information, see [AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise). After you configure SAML authentication, when members request access to your resources, they'll be directed to your SSO flow to ensure they are still recognized by your IdP. If they are unrecognized, their request is declined. -Some IdPs support a protocol called SCIM, which can automatically provision or deprovision access on {% data variables.product.product_name %} when you make changes on your IdP. With SCIM, you can simplify administration as your team grows, and you can quickly revoke access to accounts. SCIM is available for individual organizations on {% data variables.product.product_name %}, or for enterprises that use {% data variables.product.prodname_emus %}. For more information, see [AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/about-scim-for-organizations). +Some IdPs support a protocol called SCIM, which can automatically provision or deprovision access on {% data variables.product.github %} when you make changes on your IdP. With SCIM, you can simplify administration as your team grows, and you can quickly revoke access to accounts. SCIM is available for individual organizations on {% data variables.product.prodname_enterprise %}, or for enterprises that use {% data variables.product.prodname_emus %}. For more information, see [AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/about-scim-for-organizations). {% endif %} {% ifversion ghes %} -If you're the site administrator for your instance, you can simplify the login experience for users by choosing an authentication method that connects with your existing identity provider (IdP), like CAS, SAML, or LDAP. This means that they no longer need to remember an extra password for {% data variables.product.prodname_dotcom %}. +If you're the site administrator for your instance, you can simplify the login experience for users by choosing an authentication method that connects with your existing identity provider (IdP), like CAS, SAML, or LDAP. This means that they no longer need to remember an extra password for {% data variables.product.github %}. -Some authentication methods also support communicating additional information to {% data variables.product.product_name %}, for example, what groups the user is a member of, or synchronizing cryptographic keys for the user. This is a great way to simplify your administration as your organization grows. +Some authentication methods also support communicating additional information to {% data variables.product.github %}, for example, what groups the user is a member of, or synchronizing cryptographic keys for the user. This is a great way to simplify your administration as your organization grows. -For more information about the authentication methods available for {% data variables.product.product_name %}, see [AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise). +For more information about the authentication methods available for {% data variables.product.github %}, see [AUTOTITLE](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise). {% endif %} ## Configure two-factor authentication @@ -68,7 +68,7 @@ If you're an enterprise owner, you may be able to configure a policy to require {% endif %} {% ifversion ghes %} -If you're the site administrator for your instance, you may be able to configure 2FA for all users of your instance. The availability of 2FA on {% data variables.product.product_name %} depends on the authentication method that you use. For more information, see [Centralize authentication](#centralize-authentication). +If you're the site administrator for your instance, you may be able to configure 2FA for all users of your instance. The availability of 2FA depends on the authentication method that you use. For more information, see [Centralize authentication](#centralize-authentication). {% endif %} If you're an organization owner, then you {% ifversion fpt %}can{% else %}may be able to{% endif %} require that all members of the organization enable 2FA. @@ -79,17 +79,17 @@ To learn more about enabling 2FA on your own account, see [AUTOTITLE](/authentic ### Configure your enterprise account -Enterprise owners may be able to require 2FA for all {% ifversion ghes %}users on{% elsif ghec %}members of{% endif %} the {% ifversion ghes %}instance{% elsif ghec %}enterprise{% endif %}. The availability of 2FA policies on {% data variables.product.product_name %} depends on how {% ifversion ghes %}users{% else %}members{% endif %} authenticate to access your {% ifversion ghes %}instance{% elsif ghec %}enterprise's resources{% endif %}. +Enterprise owners may be able to require 2FA for all {% ifversion ghes %}users on{% elsif ghec %}members of{% endif %} the {% ifversion ghes %}instance{% elsif ghec %}enterprise{% endif %}. The availability of 2FA policies on {% data variables.product.github %} depends on how {% ifversion ghes %}users{% else %}members{% endif %} authenticate to access your {% ifversion ghes %}instance{% elsif ghec %}enterprise's resources{% endif %}. {% ifversion ghes %} * If you sign into {% data variables.product.prodname_ghe_server %} through an external IdP using CAS or SAML SSO, you {% elsif ghec %} If your enterprise uses {% data variables.product.prodname_emus %} or SAML authentication is enforced for your enterprise, you -{%- endif %} cannot configure 2FA on {% data variables.product.product_name %}. Someone with administrative access to your IdP must configure 2FA for the IdP. +{%- endif %} cannot configure 2FA on {% data variables.product.github %}. Someone with administrative access to your IdP must configure 2FA for the IdP. {% ifversion ghes %} -* If you sign into {% data variables.product.prodname_ghe_server %} through an external LDAP directory, you can require 2FA for your enterprise on {% data variables.product.product_name %}. If you allow built-in authentication for users outside of your directory, individual users can enable 2FA, but you cannot require 2FA for your enterprise. +* If you sign into {% data variables.product.prodname_ghe_server %} through an external LDAP directory, you can require 2FA for your enterprise on {% data variables.product.github %}. If you allow built-in authentication for users outside of your directory, individual users can enable 2FA, but you cannot require 2FA for your enterprise. {% endif %} @@ -106,7 +106,7 @@ For more information, see {% ifversion ghec %}[AUTOTITLE](/admin/identity-and-ac {% endif %} -{% data variables.product.product_name %} supports several options for 2FA, and while any of them is better than nothing, the most secure option is a WebAuthn credential. WebAuthn requires an authenticator such as a FIDO2 hardware security key, a platform authenticator like Windows Hello, an Apple or Google phone, or a password manager. It's possible, although difficult, to phish other forms of 2FA (for example, someone asking you to read them your 6 digit one-time password). However WebAuthn is much more resistant to phishing, because domain scoping is built into the protocol, which prevents credentials from a website impersonating the login page from being used on {% data variables.product.product_name %}. +{% data variables.product.github %} supports several options for 2FA, and while any of them is better than nothing, the most secure option is a WebAuthn credential. WebAuthn requires an authenticator such as a FIDO2 hardware security key, a platform authenticator like Windows Hello, an Apple or Google phone, or a password manager. It's possible, although difficult, to phish other forms of 2FA (for example, someone asking you to read them your 6 digit one-time password). However WebAuthn is much more resistant to phishing, because domain scoping is built into the protocol, which prevents credentials from a website impersonating the login page from being used on {% data variables.product.github %}. When you set up 2FA, you should always download the recovery codes and set up more than one 2FA credential. This ensures that access to your account doesn't depend on a single device. For more information, see [AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication) and [AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication-recovery-methods). @@ -125,9 +125,9 @@ If you're an organization owner, you can see which users don't have 2FA enabled, 1. [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/preparing-to-require-two-factor-authentication-in-your-organization) 1. [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization) -## Connect to {% data variables.product.product_name %} using SSH keys +## Connect to {% data variables.product.github %} using SSH keys -There are other ways to interact with {% data variables.product.product_name %} beyond signing into the website. Many people authorize the code they push to {% data variables.product.prodname_dotcom %} with an SSH private key. For more information, see [AUTOTITLE](/authentication/connecting-to-github-with-ssh/about-ssh). +There are other ways to interact with {% data variables.product.github %} beyond signing into the website. Many people authorize the code they push to {% data variables.product.github %} with an SSH private key. For more information, see [AUTOTITLE](/authentication/connecting-to-github-with-ssh/about-ssh). Just like your account password, if an attacker were able to get your SSH private key, they could impersonate you and push malicious code to any repository you have write access for. If you store your SSH private key on a disk drive, it's a good idea to protect it with a passphrase. For more information, see [AUTOTITLE](/authentication/connecting-to-github-with-ssh/working-with-ssh-key-passphrases). diff --git a/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-code.md b/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-code.md index dcdadf429e7d..9b48bfd2e1e0 100644 --- a/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-code.md +++ b/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-code.md @@ -75,8 +75,8 @@ Code often needs to communicate with other systems over a network, and requires {% endif %} {% ifversion fpt %} -You can enable and configure additional scanning that will alert you about accidentally leaked secrets on {% data variables.product.product_name %} if you own: - * Public repositories on {% data variables.product.prodname_dotcom %}. +You can enable and configure additional scanning that will alert you about accidentally leaked secrets on {% data variables.product.github %} if you own: + * Public repositories. * An organization using {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_advanced_security %}. {% data variables.product.prodname_secret_scanning_caps %} will also analyze your private repositories. {% elsif secret-scanning-user-owned-repos %} @@ -87,7 +87,7 @@ You can also define custom patterns to detect additional secrets at the reposito You can configure {% data variables.product.prodname_secret_scanning %} to check for secrets issued by many service providers and to notify you when any are detected. You can also define custom patterns to detect additional secrets at the repository, organization, or enterprise level. For more information, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning) and [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns). {% endif %} -### Secure storage of secrets you use in {% data variables.product.product_name %} +### Secure storage of secrets you use on {% data variables.product.github %} {% ifversion fpt or ghec %} Besides your code, you probably need to use secrets in other places. For example, to allow {% data variables.product.prodname_actions %} workflows, {% data variables.product.prodname_dependabot %}, or your {% data variables.product.prodname_github_codespaces %} development environment to communicate with other systems. For more information on how to securely store and use secrets, see [AUTOTITLE](/actions/security-guides/encrypted-secrets), [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#storing-credentials-for-dependabot-to-use), and [AUTOTITLE](/codespaces/managing-your-codespaces/managing-encrypted-secrets-for-your-codespaces). diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md index acea800a95c5..397b79a21f72 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md @@ -35,7 +35,7 @@ By checking the dependency reviews in a pull request, and changing any dependenc Dependency review supports the same languages and package management ecosystems as the dependency graph. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/dependency-graph-supported-package-ecosystems#supported-package-ecosystems). -For more information on supply chain features available on {% data variables.product.product_name %}, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security). +For more information on supply chain features available on {% data variables.product.github %}, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security). {% ifversion ghec or ghes %} diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md index d12b0792a58b..494fb45328ad 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md @@ -1,6 +1,6 @@ --- title: About supply chain security -intro: '{% data variables.product.product_name %} helps you secure your supply chain, from understanding the dependencies in your environment, to knowing about vulnerabilities in those dependencies, and patching them.' +intro: '{% data variables.product.github %} helps you secure your supply chain, from understanding the dependencies in your environment, to knowing about vulnerabilities in those dependencies, and patching them.' shortTitle: Supply chain security redirect_from: - /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies @@ -29,9 +29,9 @@ One of the most important things you can do to protect your supply chain is to p You add dependencies directly to your supply chain when you specify them in a manifest file or a lockfile. Dependencies can also be included transitively, that is, even if you don’t specify a particular dependency, but a dependency of yours uses it, then you’re also dependent on that dependency. -{% data variables.product.product_name %} offers a range of features to help you understand the dependencies in your environment, know about vulnerabilities in those dependencies, and patch them. +{% data variables.product.github %} offers a range of features to help you understand the dependencies in your environment, know about vulnerabilities in those dependencies, and patch them. -The supply chain features on {% data variables.product.product_name %} are: +The supply chain features on {% data variables.product.github %} are: * **Dependency graph** * **Dependency review** * **{% data variables.product.prodname_dependabot_alerts %}** @@ -59,7 +59,7 @@ To generate the dependency graph, {% data variables.product.company_short %} loo * The dependency graph includes information on your _direct_ dependencies and _transitive_ dependencies. * The dependency graph is automatically updated when you push a commit to {% data variables.product.company_short %} that changes or adds a supported manifest or lock file to the default branch, and when anyone pushes a change to the repository of one of your dependencies. -* You can see the dependency graph by opening the repository's main page on {% data variables.product.product_name %}, and navigating to the **Insights** tab. +* You can see the dependency graph by opening the repository's main page on {% data variables.product.github %}, and navigating to the **Insights** tab. * {% data reusables.dependency-graph.sbom-export %} {% data reusables.dependency-submission.dependency-submission-link %} @@ -91,13 +91,13 @@ The term "{% data variables.product.prodname_dependabot %}" encompasses the foll * If {% data variables.product.prodname_actions %} is enabled for the repository, {% data variables.product.prodname_dotcom %} runs {% data variables.product.prodname_dependabot_updates %} on {% data variables.product.prodname_actions %}. -* If {% data variables.product.prodname_actions %} is not enabled for the repository, {% data variables.product.prodname_dotcom %} generates {% data variables.product.prodname_dependabot_alerts %} using the built-in {% data variables.product.prodname_dependabot %} application in {% data variables.product.product_name %}. +* If {% data variables.product.prodname_actions %} is not enabled for the repository, {% data variables.product.github %} generates {% data variables.product.prodname_dependabot_alerts %} using its built-in {% data variables.product.prodname_dependabot %} application. For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners). {% else %} -{% data variables.product.prodname_dependabot_security_updates %} and {% data variables.product.prodname_dependabot_version_updates %} require {% data variables.product.prodname_actions %} to run on {% data variables.product.product_name %}. {% data variables.product.prodname_dependabot_alerts %} do not require {% data variables.product.prodname_actions %}. For more information, see [AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise). +{% data variables.product.prodname_dependabot_security_updates %} and {% data variables.product.prodname_dependabot_version_updates %} require {% data variables.product.prodname_actions %} to run on {% data variables.product.prodname_ghe_server %}. {% data variables.product.prodname_dependabot_alerts %} do not require {% data variables.product.prodname_actions %}. For more information, see [AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise). {% endif %} diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md index e584a52ff3bf..05dccccfcd59 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md @@ -22,7 +22,7 @@ shortTitle: Dependency graph {% data reusables.dependabot.about-the-dependency-graph %} -When you push a commit to {% data variables.product.product_name %} that changes or adds a supported manifest or lock file to the default branch, the dependency graph is automatically updated.{% ifversion fpt or ghec %} In addition, the graph is updated when anyone pushes a change to the repository of one of your dependencies.{% endif %} +When you push a commit to {% data variables.product.github %} that changes or adds a supported manifest or lock file to the default branch, the dependency graph is automatically updated.{% ifversion fpt or ghec %} In addition, the graph is updated when anyone pushes a change to the repository of one of your dependencies.{% endif %} For information on the supported ecosystems and manifest files, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/dependency-graph-supported-package-ecosystems#supported-package-ecosystems). @@ -55,7 +55,7 @@ The dependency graph includes all the dependencies of a repository that are deta The dependency graph identifies indirect dependencies{% ifversion fpt or ghec %} only if they are defined in a lock file or have been submitted using the {% data variables.dependency-submission-api.name %}. For the most reliable graph, you should use lock files (or their equivalent) because they define exactly which versions of the direct and indirect dependencies you currently use. If you use lock files, you also ensure that all contributors to the repository are using the same versions, which will make it easier for you to test and debug code{% else %} from the lock files{% endif %}. If your ecosystem does not have lock files, you can use pre-made actions that resolve transitive dependencies for many ecosystems. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api#using-pre-made-actions). -For more information on how {% data variables.product.product_name %} helps you understand the dependencies in your environment, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security). +For more information on how {% data variables.product.github %} helps you understand the dependencies in your environment, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security). {% ifversion fpt or ghec %} diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph.md index f908005681a5..4276c4cdfb7c 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph.md @@ -25,7 +25,7 @@ For more information, see [AUTOTITLE](/code-security/supply-chain-security/under ## Configuring the dependency graph -To generate a dependency graph, {% data variables.product.product_name %} needs read-only access to the dependency manifest and lock files for a repository. The dependency graph is automatically generated for all public repositories and you can choose to enable it for private {% ifversion ghec %}and internal {% endif %}repositories. For more information on viewing the dependency graph, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository). +To generate a dependency graph, {% data variables.product.github %} needs read-only access to the dependency manifest and lock files for a repository. The dependency graph is automatically generated for all public repositories and you can choose to enable it for private {% ifversion ghec %}and internal {% endif %}repositories. For more information on viewing the dependency graph, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository). {% data reusables.dependency-submission.dependency-submission-link %} diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md index 44eaff50cd93..899b6de82599 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md @@ -67,7 +67,7 @@ If vulnerabilities have been detected in the repository, these are shown at the {% ifversion ghes %} > [!NOTE] -> {% data variables.product.product_name %} does not populate the **Dependents** view. +> {% data variables.product.prodname_ghe_server %} does not populate the **Dependents** view. {% endif %} diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api.md index 82054076e1ab..73388ec62e91 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api.md @@ -37,7 +37,7 @@ Alternatively, you can write your own action to submit dependencies for your pro 1. Translate the list of dependencies into the snapshot format accepted by the {% data variables.dependency-submission-api.name %}. For more information about the format, see the body parameters for the "Create a repository snapshot" API endpoint in [AUTOTITLE](/rest/dependency-graph/dependency-submission). 1. Submit the formatted list of dependencies to the {% data variables.dependency-submission-api.name %}. -{% data variables.product.product_name %} maintains the [Dependency Submission Toolkit](https://github.com/github/dependency-submission-toolkit), a TypeScript library to help you build your own GitHub Action for submitting dependencies to the {% data variables.dependency-submission-api.name %}. For more information about writing an action, see [AUTOTITLE](/actions/creating-actions). +{% data variables.product.github %} maintains the [Dependency Submission Toolkit](https://github.com/github/dependency-submission-toolkit), a TypeScript library to help you build your own GitHub Action for submitting dependencies to the {% data variables.dependency-submission-api.name %}. For more information about writing an action, see [AUTOTITLE](/actions/creating-actions). ## Generating and submitting a software bill of materials (SBOM) diff --git a/content/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization.md b/content/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization.md index c2da6e554cf9..36dd28daac30 100644 --- a/content/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization.md +++ b/content/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization.md @@ -190,7 +190,7 @@ By default, when you create a new organization, workflows are not allowed to {% ## Managing {% data variables.product.prodname_actions %} cache storage for your organization -Organization administrators can view {% ifversion actions-cache-admin-ui %}and manage {% endif %}{% data variables.product.prodname_actions %} cache storage for all repositories in the organization. +Organization administrators can view {% ifversion ghes %}and manage {% endif %}{% data variables.product.prodname_actions %} cache storage for all repositories in the organization. ### Viewing {% data variables.product.prodname_actions %} cache storage by repository @@ -202,7 +202,7 @@ For each repository in your organization, you can see how much cache storage a r 1. In the left sidebar, click **{% octicon "play" aria-hidden="true" %} Actions**, then click **Caches**. 1. Review the list of repositories for information about their {% data variables.product.prodname_actions %} caches. You can click on a repository name to see more detail about the repository's caches. -{% ifversion actions-cache-admin-ui %} +{% ifversion ghes %} ### Configuring {% data variables.product.prodname_actions %} cache storage for your organization diff --git a/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository.md b/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository.md index e33f5143da4e..d1f1ff89b2fa 100644 --- a/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository.md +++ b/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository.md @@ -203,15 +203,13 @@ You can also define a custom retention period for a specific artifact created by {% data reusables.repositories.settings-sidebar-actions-general %} {% data reusables.actions.change-retention-period-for-artifacts-logs %} -{% ifversion actions-cache-policy-apis %} +{% ifversion ghes %} ## Configuring cache storage for a repository {% data reusables.actions.cache-default-size %} However, these default sizes might be different if an enterprise owner has changed them. {% data reusables.actions.cache-eviction-process %} -You can set a total cache storage size for your repository up to the maximum size allowed by the {% ifversion actions-cache-admin-ui %}organization or{% endif %} enterprise policy setting{% ifversion actions-cache-admin-ui %}s{% endif %}. - -{% ifversion actions-cache-admin-ui %} +You can set a total cache storage size for your repository up to the maximum size allowed by the organization or enterprise policy settings. {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} @@ -219,4 +217,3 @@ You can set a total cache storage size for your repository up to the maximum siz {% data reusables.actions.change-cache-size-limit %} {% endif %} -{% endif %} diff --git a/data/reusables/actions/about-environments.md b/data/reusables/actions/about-environments.md index 998b2b1c39e0..cb97e67f34c1 100644 --- a/data/reusables/actions/about-environments.md +++ b/data/reusables/actions/about-environments.md @@ -1 +1 @@ -Environments are used to describe a general deployment target like `production`, `staging`, or `development`. When a {% data variables.product.prodname_actions %} workflow deploys to an environment, the environment is displayed on the main page of the repository. You can use environments to require approval for a job to proceed, restrict which branches can trigger a workflow{% ifversion actions-custom-deployment-protection-rules-beta %}, gate deployments with custom deployment protection rules{% endif %}, or limit access to secrets. For more information about creating environments, see [AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment). +Environments are used to describe a general deployment target like `production`, `staging`, or `development`. When a {% data variables.product.prodname_actions %} workflow deploys to an environment, the environment is displayed on the main page of the repository. You can use environments to require approval for a job to proceed, restrict which branches can trigger a workflow, gate deployments with custom deployment protection rules, or limit access to secrets. For more information about creating environments, see [AUTOTITLE](/actions/deployment/targeting-different-environments/managing-environments-for-deployment). diff --git a/data/reusables/actions/change-retention-period-for-artifacts-logs.md b/data/reusables/actions/change-retention-period-for-artifacts-logs.md index 77c70f2d1a0a..afb53f1d9626 100644 --- a/data/reusables/actions/change-retention-period-for-artifacts-logs.md +++ b/data/reusables/actions/change-retention-period-for-artifacts-logs.md @@ -1,2 +1,2 @@ -1. {% ifversion actions-cache-admin-ui %}In the "Artifact, log, and cache settings" section, u{% else %}U{% endif %}nder **Artifact and log retention**, enter a new value. +1. {% ifversion ghes %}In the "Artifact, log, and cache settings" section, u{% else %}U{% endif %}nder **Artifact and log retention**, enter a new value. 1. Click **Save** to apply the change.