diff --git a/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/authenticating-to-the-github-api.md b/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/authenticating-to-the-github-api.md index 511de0b2ba39..6864494b15e0 100644 --- a/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/authenticating-to-the-github-api.md +++ b/content/actions/hosting-your-own-runners/managing-self-hosted-runners-with-actions-runner-controller/authenticating-to-the-github-api.md @@ -28,15 +28,15 @@ You can authenticate {% data variables.product.prodname_actions_runner_controlle 1. For "Homepage URL," enter `https://github.com/actions/actions-runner-controller`. 1. Under "Permissions," click **Repository permissions**. Then use the dropdown menus to select the following access permissions. - * **Administration**: Read and write + * **Administration:** Read and write > [!NOTE] > `Administration: Read and write` is only required when configuring {% data variables.product.prodname_actions_runner_controller %} to register at the repository scope. It is not required to register at the organization scope. - * **Metadata**: Read-only + * **Metadata:** Read-only 1. Under "Permissions," click **Organization permissions**. Then use the dropdown menus to select the following access permissions. - * **Self-hosted runners**: Read and write + * **Self-hosted runners:** Read and write {% data reusables.actions.arc-app-post-install-steps %} diff --git a/content/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners.md b/content/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners.md index 4609a8f32a8b..34fd8a8dc163 100644 --- a/content/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners.md +++ b/content/actions/hosting-your-own-runners/managing-self-hosted-runners/monitoring-and-troubleshooting-self-hosted-runners.md @@ -34,9 +34,9 @@ You may not be able to create a self-hosted runner for an organization-owned rep The status can be one of the following: - * **Idle**: The runner is connected to {% data variables.product.product_name %} and is ready to execute jobs. - * **Active**: The runner is currently executing a job. - * **Offline**: The runner is not connected to {% data variables.product.product_name %}. This could be because the machine is offline, the self-hosted runner application is not running on the machine, or the self-hosted runner application cannot communicate with {% data variables.product.product_name %}. + * **Idle:** The runner is connected to {% data variables.product.product_name %} and is ready to execute jobs. + * **Active:** The runner is currently executing a job. + * **Offline:** The runner is not connected to {% data variables.product.product_name %}. This could be because the machine is offline, the self-hosted runner application is not running on the machine, or the self-hosted runner application cannot communicate with {% data variables.product.product_name %}. ## Troubleshooting network connectivity diff --git a/content/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job.md b/content/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job.md index 3271e1b15a1d..743c2cf8f37e 100644 --- a/content/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job.md +++ b/content/actions/hosting-your-own-runners/managing-self-hosted-runners/running-scripts-before-or-after-a-job.md @@ -17,15 +17,15 @@ The custom scripts are automatically triggered when a specific environment varia The following scripting languages are supported: -* **Bash**: Uses `bash` and can fallback to `sh`. Executes by running `-e {pathtofile}`. -* **PowerShell**: Uses `pwsh` and can fallback to `powershell`. Executes by running `-command \". '{pathtofile}'\"`. +* **Bash:** Uses `bash` and can fallback to `sh`. Executes by running `-e {pathtofile}`. +* **PowerShell:** Uses `pwsh` and can fallback to `powershell`. Executes by running `-command \". '{pathtofile}'\"`. ## Writing the scripts Your custom scripts can use the following features: -* **Variables**: Scripts have access to the default variables. The full webhook event payload can be found in `GITHUB_EVENT_PATH`. For more information, see "[AUTOTITLE](/actions/learn-github-actions/variables#default-environment-variables)." -* **Workflow commands**: Scripts can use workflow commands. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-commands-for-github-actions)". Scripts can also use environment files. For more information, see [Environment files](/actions/using-workflows/workflow-commands-for-github-actions#environment-files). +* **Variables:** Scripts have access to the default variables. The full webhook event payload can be found in `GITHUB_EVENT_PATH`. For more information, see "[AUTOTITLE](/actions/learn-github-actions/variables#default-environment-variables)." +* **Workflow commands:** Scripts can use workflow commands. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-commands-for-github-actions)". Scripts can also use environment files. For more information, see [Environment files](/actions/using-workflows/workflow-commands-for-github-actions#environment-files). Your script files must use a file extension for the relevant language, such as `.sh` or `.ps1`, in order to run successfully. diff --git a/content/actions/managing-workflow-runs-and-deployments/managing-deployments/managing-environments-for-deployment.md b/content/actions/managing-workflow-runs-and-deployments/managing-deployments/managing-environments-for-deployment.md index 6774d27239c0..200068b32a18 100644 --- a/content/actions/managing-workflow-runs-and-deployments/managing-deployments/managing-environments-for-deployment.md +++ b/content/actions/managing-workflow-runs-and-deployments/managing-deployments/managing-environments-for-deployment.md @@ -80,17 +80,17 @@ Use a wait timer to delay a job for a specific amount of time after the job is i Use deployment branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %} to restrict which branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %} can deploy to the environment. Below are the options for deployment branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %} for an environment: {% ifversion deployment-protections-tag-patterns %} -* **No restriction**: No restriction on which branch or tag can deploy to the environment. +* **No restriction:** No restriction on which branch or tag can deploy to the environment. {%- else %} -* **All branches**: All branches in the repository can deploy to the environment. +* **All branches:** All branches in the repository can deploy to the environment. {%- endif %} -* **Protected branches{% ifversion deployment-protections-tag-patterns %} only{% endif %}**: Only branches with branch protection rules enabled can deploy to the environment. If no branch protection rules are defined for any branch in the repository, then all branches can deploy. For more information about branch protection rules, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches)."{% ifversion actions-protected-branches-restrictions %} +* **Protected branches{% ifversion deployment-protections-tag-patterns %} only{% endif %}:** Only branches with branch protection rules enabled can deploy to the environment. If no branch protection rules are defined for any branch in the repository, then all branches can deploy. For more information about branch protection rules, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches)."{% ifversion actions-protected-branches-restrictions %} > [!NOTE] > Deployment workflow runs triggered by tags with the same name as a protected branch and forks with branches that match the protected branch name cannot deploy to the environment. {% endif %} -* **Selected branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %}**: Only branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %} that match your specified name patterns can deploy to the environment. +* **Selected branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %}:** Only branches{% ifversion deployment-protections-tag-patterns %} and tags{% endif %} that match your specified name patterns can deploy to the environment. If you specify `releases/*` as a deployment branch{% ifversion deployment-protections-tag-patterns %} or tag{% endif %} rule, only a branch{% ifversion deployment-protections-tag-patterns %} or tag{% endif %} whose name begins with `releases/` can deploy to the environment. (Wildcard characters will not match `/`. To match branches{% ifversion deployment-protections-tag-patterns %} or tags{% endif %} that begin with `release/` and contain an additional single slash, use `release/*/*`.) If you add `main` as a branch rule, a branch named `main` can also deploy to the environment. For more information about syntax options for deployment branches, see the [Ruby `File.fnmatch` documentation](https://ruby-doc.org/core-2.5.1/File.html#method-c-fnmatch). diff --git a/content/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md b/content/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md index fa27f6eb27a2..1b12c685e2d5 100644 --- a/content/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md +++ b/content/actions/security-for-github-actions/security-hardening-your-deployments/about-security-hardening-with-openid-connect.md @@ -27,9 +27,9 @@ With OpenID Connect (OIDC), you can take a different approach by configuring you By updating your workflows to use OIDC tokens, you can adopt the following good security practices: -* **No cloud secrets**: You won't need to duplicate your cloud credentials as long-lived {% data variables.product.prodname_dotcom %} secrets. Instead, you can configure the OIDC trust on your cloud provider, and then update your workflows to request a short-lived access token from the cloud provider through OIDC. -* **Authentication and authorization management**: You have more granular control over how workflows can use credentials, using your cloud provider's authentication (authN) and authorization (authZ) tools to control access to cloud resources. -* **Rotating credentials**: With OIDC, your cloud provider issues a short-lived access token that is only valid for a single job, and then automatically expires. +* **No cloud secrets:** You won't need to duplicate your cloud credentials as long-lived {% data variables.product.prodname_dotcom %} secrets. Instead, you can configure the OIDC trust on your cloud provider, and then update your workflows to request a short-lived access token from the cloud provider through OIDC. +* **Authentication and authorization management:** You have more granular control over how workflows can use credentials, using your cloud provider's authentication (authN) and authorization (authZ) tools to control access to cloud resources. +* **Rotating credentials:** With OIDC, your cloud provider issues a short-lived access token that is only valid for a single job, and then automatically expires. ### Getting started with OIDC @@ -159,8 +159,8 @@ The token also includes custom claims provided by {% data variables.product.prod With OIDC, a {% data variables.product.prodname_actions %} workflow requires a token in order to access resources in your cloud provider. The workflow requests an access token from your cloud provider, which checks the details presented by the JWT. If the trust configuration in the JWT is a match, your cloud provider responds by issuing a temporary token to the workflow, which can then be used to access resources in your cloud provider. You can configure your cloud provider to only respond to requests that originate from a specific organization's repository. You can also specify additional conditions, described below. Audience and Subject claims are typically used in combination while setting conditions on the cloud role/resources to scope its access to the GitHub workflows. -* **Audience**: By default, this value uses the URL of the organization or repository owner. This can be used to set a condition that only the workflows in the specific organization can access the cloud role. -* **Subject**: By default, has a predefined format and is a concatenation of some of the key metadata about the workflow, such as the {% data variables.product.prodname_dotcom %} organization, repository, branch, or associated [`job`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idenvironment) environment. See "[Example subject claims](#example-subject-claims)" to see how the subject claim is assembled from concatenated metadata. +* **Audience:** By default, this value uses the URL of the organization or repository owner. This can be used to set a condition that only the workflows in the specific organization can access the cloud role. +* **Subject:** By default, has a predefined format and is a concatenation of some of the key metadata about the workflow, such as the {% data variables.product.prodname_dotcom %} organization, repository, branch, or associated [`job`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idenvironment) environment. See "[Example subject claims](#example-subject-claims)" to see how the subject claim is assembled from concatenated metadata. If you need more granular trust conditions, you can customize the {% ifversion ghec %}issuer (`iss`) and {% endif %}subject (`sub`) claim{% ifversion ghec %}s that are{% else %} that's{% endif %} included with the JWT. For more information, see "[Customizing the token claims](#customizing-the-token-claims)". diff --git a/content/actions/security-for-github-actions/security-hardening-your-deployments/using-openid-connect-with-reusable-workflows.md b/content/actions/security-for-github-actions/security-hardening-your-deployments/using-openid-connect-with-reusable-workflows.md index 3ba6e40d69c6..067a47c4ed32 100644 --- a/content/actions/security-for-github-actions/security-hardening-your-deployments/using-openid-connect-with-reusable-workflows.md +++ b/content/actions/security-for-github-actions/security-hardening-your-deployments/using-openid-connect-with-reusable-workflows.md @@ -27,11 +27,11 @@ You should be familiar with the concepts described in "[AUTOTITLE](/actions/usin When combined with OpenID Connect (OIDC), reusable workflows let you enforce consistent deployments across your repository, organization, or enterprise. You can do this by defining trust conditions on cloud roles based on reusable workflows. The available options will vary depending on your cloud provider: -* **Using `job_workflow_ref`**: +* **Using `job_workflow_ref`:** * To create trust conditions based on reusable workflows, your cloud provider must support custom claims for `job_workflow_ref`. This allows your cloud provider to identify which repository the job originally came from. * For clouds that only support the standard claims (audience (`aud`) and subject (`sub`)), you can use the API to customize the `sub` claim to include `job_workflow_ref`. For more information, see "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#customizing-the-token-claims)". Support for custom claims is currently available for Google Cloud Platform and HashiCorp Vault. -* **Customizing the token claims**: +* **Customizing the token claims:** * You can configure more granular trust conditions by customizing the {% ifversion ghec %}issuer (`iss`) and {% endif %}subject (`sub`) claim{% ifversion ghec %}s that are{% else %} that's{% endif %} included with the JWT. For more information, see "[AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#customizing-the-token-claims)". ## How the token works with reusable workflows @@ -83,11 +83,11 @@ If your reusable workflow performs deployment steps, then it will typically need You can configure a custom claim that filters for any reusable workflow in a specific repository. In this example, the workflow run must have originated from a job defined in a reusable workflow in the `octo-org/octo-automation` repository, and in any repository that is owned by the `octo-org` organization. -* **Subject**: +* **Subject:** * Syntax: `repo:ORG_NAME/*` * Example: `repo:octo-org/*` -* **Custom claim**: +* **Custom claim:** * Syntax: `job_workflow_ref:ORG_NAME/REPO_NAME` * Example: `job_workflow_ref:octo-org/octo-automation@*` @@ -95,10 +95,10 @@ You can configure a custom claim that filters for any reusable workflow in a spe You can configure a custom claim that filters for a specific reusable workflow. In this example, the workflow run must have originated from a job defined in the reusable workflow `octo-org/octo-automation/.github/workflows/deployment.yml`, and in any repository that is owned by the `octo-org` organization. -* **Subject**: +* **Subject:** * Syntax: `repo:ORG_NAME/*` * Example: `repo:octo-org/*` -* **Custom claim**: +* **Custom claim:** * Syntax: `job_workflow_ref:ORG_NAME/REPO_NAME/.github/workflows/WORKFLOW_FILE@ref` * Example: `job_workflow_ref:octo-org/octo-automation/.github/workflows/deployment.yml@ 10040c56a8c0253d69db7c1f26a0d227275512e2` diff --git a/content/actions/using-github-hosted-runners/using-larger-runners/controlling-access-to-larger-runners.md b/content/actions/using-github-hosted-runners/using-larger-runners/controlling-access-to-larger-runners.md index 5d825bca61b2..3ec3fff02440 100644 --- a/content/actions/using-github-hosted-runners/using-larger-runners/controlling-access-to-larger-runners.md +++ b/content/actions/using-github-hosted-runners/using-larger-runners/controlling-access-to-larger-runners.md @@ -25,8 +25,8 @@ redirect_from: Runner groups are used to control which repositories can run jobs on your {% data variables.actions.hosted_runner %}s. You must manage access to the group from each level of the management hierarchy, depending on where you've defined the {% data variables.actions.hosted_runner %}: -* **Runners at the enterprise level**: {% data reusables.actions.about-enterprise-level-runner-groups %} -* **Runners at the organization level**: {% data reusables.actions.about-organization-level-runner-groups %} +* **Runners at the enterprise level:** {% data reusables.actions.about-enterprise-level-runner-groups %} +* **Runners at the organization level:** {% data reusables.actions.about-organization-level-runner-groups %} For example, the following diagram has a runner group named `grp-ubuntu-20.04-16core` at the enterprise level. Before the repository named `octo-repo` can use the runners in the group, you must first configure the group at the enterprise level to allow access to the `octo-org` organization. You must then configure the group at the organization level to allow access to `octo-repo`. diff --git a/content/actions/using-github-hosted-runners/using-larger-runners/managing-larger-runners.md b/content/actions/using-github-hosted-runners/using-larger-runners/managing-larger-runners.md index 306096b6b283..460533a60ca6 100644 --- a/content/actions/using-github-hosted-runners/using-larger-runners/managing-larger-runners.md +++ b/content/actions/using-github-hosted-runners/using-larger-runners/managing-larger-runners.md @@ -48,8 +48,8 @@ Repositories are granted access to {% data variables.actions.hosted_runner %}s t Organization owners can use and configure enterprise-level runner groups for the repositories in their organization, or they can create organization-level runner groups to control access.{% ifversion custom-org-roles %} Users with the "Manage organization runners and runner groups" can only manage organization-level runner groups. For more information, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles)."{% endif %} -* **For enterprise-level runner groups**: {% data reusables.actions.about-enterprise-level-runner-groups %} -* **For organization-level runner groups**: {% data reusables.actions.about-organization-level-runner-groups %} +* **For enterprise-level runner groups:** {% data reusables.actions.about-enterprise-level-runner-groups %} +* **For organization-level runner groups:** {% data reusables.actions.about-organization-level-runner-groups %} Once a repository has access to {% data variables.actions.hosted_runner %}s, the {% data variables.actions.hosted_runner %}s can be added to workflow files. For more information, see "[AUTOTITLE](/actions/using-github-hosted-runners/running-jobs-on-larger-runners)." diff --git a/content/actions/writing-workflows/choosing-what-your-workflow-does/storing-and-sharing-data-from-a-workflow.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/storing-and-sharing-data-from-a-workflow.md index 86741403e76e..0bfc8792b3eb 100644 --- a/content/actions/writing-workflows/choosing-what-your-workflow-does/storing-and-sharing-data-from-a-workflow.md +++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/storing-and-sharing-data-from-a-workflow.md @@ -51,8 +51,8 @@ Artifacts are uploaded during a workflow run, and you can view an artifact's nam To share data between jobs: -* **Uploading files**: Give the uploaded file a name and upload the data before the job ends. -* **Downloading files**: You can only download artifacts that were uploaded during the same workflow run. When you download a file, you can reference it by name. +* **Uploading files:** Give the uploaded file a name and upload the data before the job ends. +* **Downloading files:** You can only download artifacts that were uploaded during the same workflow run. When you download a file, you can reference it by name. The steps of a job share the same environment on the runner machine, but run in their own individual processes. To pass data between steps in a job, you can use inputs and outputs. For more information about inputs and outputs, see "[AUTOTITLE](/actions/creating-actions/metadata-syntax-for-github-actions)." diff --git a/content/actions/writing-workflows/choosing-what-your-workflow-does/using-pre-written-building-blocks-in-your-workflow.md b/content/actions/writing-workflows/choosing-what-your-workflow-does/using-pre-written-building-blocks-in-your-workflow.md index 10d98b646f5c..2b8eeaa4eb62 100644 --- a/content/actions/writing-workflows/choosing-what-your-workflow-does/using-pre-written-building-blocks-in-your-workflow.md +++ b/content/actions/writing-workflows/choosing-what-your-workflow-does/using-pre-written-building-blocks-in-your-workflow.md @@ -26,10 +26,10 @@ You can use pre-written building blocks, called actions, in your workflow. An ac Actions can be: -* **Reusable**: actions can be used across different workflows and repositories, allowing you to avoid rewriting the same code. -* **Pre-written**: many actions are available in the {% data variables.product.prodname_marketplace %}, covering a wide range of tasks like checking out code, setting up environments, running tests, and deploying applications. -* **Configurable**: you can configure actions with inputs, outputs, and environment variables to tailor them to your specific needs. -* **Community-driven**: you can create your own actions and share them with others or use actions developed by the community. +* **Reusable:** actions can be used across different workflows and repositories, allowing you to avoid rewriting the same code. +* **Pre-written:** many actions are available in the {% data variables.product.prodname_marketplace %}, covering a wide range of tasks like checking out code, setting up environments, running tests, and deploying applications. +* **Configurable:** you can configure actions with inputs, outputs, and environment variables to tailor them to your specific needs. +* **Community-driven:** you can create your own actions and share them with others or use actions developed by the community. The actions you use in your workflow can be defined in: diff --git a/content/admin/administering-your-instance/administering-your-instance-from-the-web-ui/about-the-management-console.md b/content/admin/administering-your-instance/administering-your-instance-from-the-web-ui/about-the-management-console.md index 3d7b1f76ddca..49000a4edb1b 100644 --- a/content/admin/administering-your-instance/administering-your-instance-from-the-web-ui/about-the-management-console.md +++ b/content/admin/administering-your-instance/administering-your-instance-from-the-web-ui/about-the-management-console.md @@ -34,13 +34,13 @@ When someone performs an action in the {% data variables.enterprise.management_c In the {% data variables.enterprise.management_console %}, you can perform administrative tasks for {% data variables.location.product_location %}, including: -* **Initial setup**: Walk through the initial setup process when first launching {% data variables.location.product_location %} by visiting {% data variables.location.product_location %}'s IP address in your browser. +* **Initial setup:** Walk through the initial setup process when first launching {% data variables.location.product_location %} by visiting {% data variables.location.product_location %}'s IP address in your browser. {%- ifversion enterprise-management-console-multi-user-auth %} -* **Identity and access management**: Improve the security of {% data variables.location.product_location %} by creating dedicated user accounts for the {% data variables.enterprise.management_console %}. {% ifversion management-console-editor %}The root site administrator account can control these user accounts' access by assigning either the editor or operator role. {% endif %}For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console)."{% ifversion management-console-editor %} +* **Identity and access management:** Improve the security of {% data variables.location.product_location %} by creating dedicated user accounts for the {% data variables.enterprise.management_console %}. {% ifversion management-console-editor %}The root site administrator account can control these user accounts' access by assigning either the editor or operator role. {% endif %}For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console)."{% ifversion management-console-editor %} {% data reusables.enterprise.editor-role-note %}{% endif %} {%- endif %} -* **Configuring authentication policies for the {% data variables.enterprise.management_console %}**: Set rate limits for login attempts, and the lockout duration if someone exceeds the rate limit. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console#configuring-rate-limits-for-authentication-to-the-management-console)." -* **Configuring basic settings for your instance**: Configure DNS, hostname, SSL, user authentication, email, monitoring services, and log forwarding on the Settings page. -* **Scheduling maintenance windows**: Take {% data variables.location.product_location %} offline while performing maintenance using the {% data variables.enterprise.management_console %} or administrative shell. -* **Troubleshooting**: Generate a support bundle or view high level diagnostic information. -* **License management**: View or update your {% data variables.product.prodname_enterprise %} license. +* **Configuring authentication policies for the {% data variables.enterprise.management_console %}:** Set rate limits for login attempts, and the lockout duration if someone exceeds the rate limit. For more information, see "[AUTOTITLE](/admin/configuration/administering-your-instance-from-the-management-console/managing-access-to-the-management-console#configuring-rate-limits-for-authentication-to-the-management-console)." +* **Configuring basic settings for your instance:** Configure DNS, hostname, SSL, user authentication, email, monitoring services, and log forwarding on the Settings page. +* **Scheduling maintenance windows:** Take {% data variables.location.product_location %} offline while performing maintenance using the {% data variables.enterprise.management_console %} or administrative shell. +* **Troubleshooting:** Generate a support bundle or view high level diagnostic information. +* **License management:** View or update your {% data variables.product.prodname_enterprise %} license. diff --git a/content/admin/administering-your-instance/administering-your-instance-from-the-web-ui/managing-access-to-the-management-console.md b/content/admin/administering-your-instance/administering-your-instance-from-the-web-ui/managing-access-to-the-management-console.md index 4a388c42884a..f2c1eeda3a88 100644 --- a/content/admin/administering-your-instance/administering-your-instance-from-the-web-ui/managing-access-to-the-management-console.md +++ b/content/admin/administering-your-instance/administering-your-instance-from-the-web-ui/managing-access-to-the-management-console.md @@ -44,8 +44,8 @@ Only {% data variables.enterprise.management_console %} users with the operator The root site administrator can provision one of two roles for {% data variables.enterprise.management_console %} users: -* **Editor**: A {% data variables.enterprise.management_console %} user with the editor role can perform basic administrative tasks for {% data variables.location.product_location %} in the {% data variables.enterprise.management_console %}. Editors cannot add public SSH keys to the {% data variables.enterprise.management_console %} to grant administrative SSH access to the instance. -* **Operator**: A {% data variables.enterprise.management_console %} user with the operator role +* **Editor:** A {% data variables.enterprise.management_console %} user with the editor role can perform basic administrative tasks for {% data variables.location.product_location %} in the {% data variables.enterprise.management_console %}. Editors cannot add public SSH keys to the {% data variables.enterprise.management_console %} to grant administrative SSH access to the instance. +* **Operator:** A {% data variables.enterprise.management_console %} user with the operator role {%- else %} {% data variables.enterprise.management_console %} users, sometimes called operators, {%- endif %} can perform basic administrative tasks for {% data variables.location.product_location %} in the {% data variables.enterprise.management_console %} and can add SSH keys to the {% data variables.enterprise.management_console %} to grant administrative access to the instance via SSH. diff --git a/content/admin/configuring-packages/enabling-github-packages-with-aws.md b/content/admin/configuring-packages/enabling-github-packages-with-aws.md index cbb4e8295035..4306893650eb 100644 --- a/content/admin/configuring-packages/enabling-github-packages-with-aws.md +++ b/content/admin/configuring-packages/enabling-github-packages-with-aws.md @@ -45,7 +45,7 @@ Ensure your AWS access key ID and secret have the following permissions: For more information, see "[AWS service endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html)" in the AWS documentation. * **AWS S3 Bucket:** The name of your S3 bucket dedicated to {% data variables.product.prodname_registry %}. - * **AWS S3 Access Key** and **AWS S3 Secret Key**: The AWS access key ID and secret key to access your bucket. + * **AWS S3 Access Key** and **AWS S3 Secret Key:** The AWS access key ID and secret key to access your bucket. For more information on managing AWS access keys, see the "[AWS Identity and Access Management Documentation](https://docs.aws.amazon.com/iam/index.html)." {%- endif %} diff --git a/content/admin/configuring-packages/enabling-github-packages-with-minio.md b/content/admin/configuring-packages/enabling-github-packages-with-minio.md index acf4c390c56f..41f62168a67c 100644 --- a/content/admin/configuring-packages/enabling-github-packages-with-minio.md +++ b/content/admin/configuring-packages/enabling-github-packages-with-minio.md @@ -45,7 +45,7 @@ Although MinIO does not currently appear in the user interface under "Package St 1. Enter your MinIO storage bucket's details in the AWS storage settings. * **AWS Service URL:** The hosting URL for your MinIO bucket. * **AWS S3 Bucket:** The name of your S3-compatible MinIO bucket dedicated to {% data variables.product.prodname_registry %}. - * **AWS S3 Access Key** and **AWS S3 Secret Key**: Enter the MinIO access key ID and secret key to access your bucket. + * **AWS S3 Access Key** and **AWS S3 Secret Key:** Enter the MinIO access key ID and secret key to access your bucket. {%- endif %} {% data reusables.enterprise_management_console.save-settings %} diff --git a/content/admin/configuring-settings/configuring-github-connect/enabling-dependabot-for-your-enterprise.md b/content/admin/configuring-settings/configuring-github-connect/enabling-dependabot-for-your-enterprise.md index e2cdee276458..4c11d4e61f71 100644 --- a/content/admin/configuring-settings/configuring-github-connect/enabling-dependabot-for-your-enterprise.md +++ b/content/admin/configuring-settings/configuring-github-connect/enabling-dependabot-for-your-enterprise.md @@ -63,8 +63,8 @@ You can enable {% data variables.product.prodname_dependabot_updates %} for spec With {% data variables.product.prodname_dependabot_updates %}, {% data variables.product.company_short %} automatically creates pull requests to update dependencies in two ways. -* **{% data variables.product.prodname_dependabot_version_updates %}**: Users add a {% data variables.product.prodname_dependabot %} configuration file to the repository to enable {% data variables.product.prodname_dependabot %} to create pull requests when a new version of a tracked dependency is released. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates)." -* **{% data variables.product.prodname_dependabot_security_updates %}**: Users toggle a repository setting to enable {% data variables.product.prodname_dependabot %} to create pull requests when {% data variables.product.prodname_dotcom %} detects a vulnerability in one of the dependencies of the dependency graph for the repository. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)" and "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)." +* **{% data variables.product.prodname_dependabot_version_updates %}:** Users add a {% data variables.product.prodname_dependabot %} configuration file to the repository to enable {% data variables.product.prodname_dependabot %} to create pull requests when a new version of a tracked dependency is released. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates)." +* **{% data variables.product.prodname_dependabot_security_updates %}:** Users toggle a repository setting to enable {% data variables.product.prodname_dependabot %} to create pull requests when {% data variables.product.prodname_dotcom %} detects a vulnerability in one of the dependencies of the dependency graph for the repository. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)" and "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)." ## Enabling {% data variables.product.prodname_dependabot_alerts %} diff --git a/content/admin/configuring-settings/configuring-github-connect/enabling-github-connect-for-ghecom.md b/content/admin/configuring-settings/configuring-github-connect/enabling-github-connect-for-ghecom.md index 0e5ae9a85fe3..e02740006c5b 100644 --- a/content/admin/configuring-settings/configuring-github-connect/enabling-github-connect-for-ghecom.md +++ b/content/admin/configuring-settings/configuring-github-connect/enabling-github-connect-for-ghecom.md @@ -22,7 +22,7 @@ On {% data variables.enterprise.data_residency_site %}, {% data variables.produc * **Administrative access:** You need administrative access to both an enterprise account on {% data variables.enterprise.data_residency_site %} and a {% data variables.product.prodname_ghe_server %} instance. * **Version requirement:** Your {% data variables.product.prodname_ghe_server %} instance must run {% data variables.product.prodname_ghe_server %} 3.12 or later. -* **Proxy configuration**: If using a proxy server, allow connectivity to the following {% data variables.enterprise.data_residency_site %} hostnames (replace SUBDOMAIN with your enterprise's subdomain). +* **Proxy configuration:** If using a proxy server, allow connectivity to the following {% data variables.enterprise.data_residency_site %} hostnames (replace SUBDOMAIN with your enterprise's subdomain). * `{% data variables.enterprise.data_residency_domain %}` * `{% data variables.enterprise.data_residency_api %}` diff --git a/content/admin/data-residency/about-github-enterprise-cloud-with-data-residency.md b/content/admin/data-residency/about-github-enterprise-cloud-with-data-residency.md index 046d8e9f6ba5..7dd6aa9f9382 100644 --- a/content/admin/data-residency/about-github-enterprise-cloud-with-data-residency.md +++ b/content/admin/data-residency/about-github-enterprise-cloud-with-data-residency.md @@ -20,7 +20,7 @@ Access to this feature is currently managed by {% data variables.contact.contact {% data variables.product.github %} is a complete developer platform for building, scaling, and delivering secure software. In addition to these capabilities, {% data variables.product.product_name %} offers several key features designed to further optimize and secure your use of the platform: -* Includes an **enterprise account**: a dedicated, shared space for your company to store code, collaborate, and access {% data variables.product.company_short %} features +* Includes an **enterprise account:** a dedicated, shared space for your company to store code, collaborate, and access {% data variables.product.company_short %} features * Centralizes billing, administration, governance, and audit of your company’s resources and activity * Is accessible only to authorized users, isolated from the wider {% data variables.product.prodname_dotcom_the_website %} community * Includes management of authentication and user lifecycles from an external identity management system: diff --git a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md index 880656685f9f..4f53f47f9fde 100644 --- a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md +++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md @@ -50,8 +50,8 @@ In the "Policies" section, you can control which organizations within your enter You can also limit the use of public actions {% ifversion actions-workflow-policy %}and reusable workflows{% endif %}, with the following options: -* **Allow all actions {% ifversion actions-workflow-policy %}and reusable workflows{% endif %}**: Any action {% ifversion actions-workflow-policy %}or reusable workflow{% endif %} can be used, regardless of who authored it or where it is defined. -* **Allow enterprise actions {% ifversion actions-workflow-policy %}and reusable workflows{% endif %}**: Only actions {% ifversion actions-workflow-policy %}and reusable workflows{% endif %} defined in a repository within the enterprise can be used. {% ifversion ghec or fpt %}Blocks all access to actions authored by {% data variables.product.prodname_dotcom %}, such as the [`actions/checkout`](https://github.com/actions/checkout) action.{% endif %} +* **Allow all actions {% ifversion actions-workflow-policy %}and reusable workflows{% endif %}:** Any action {% ifversion actions-workflow-policy %}or reusable workflow{% endif %} can be used, regardless of who authored it or where it is defined. +* **Allow enterprise actions {% ifversion actions-workflow-policy %}and reusable workflows{% endif %}:** Only actions {% ifversion actions-workflow-policy %}and reusable workflows{% endif %} defined in a repository within the enterprise can be used. {% ifversion ghec or fpt %}Blocks all access to actions authored by {% data variables.product.prodname_dotcom %}, such as the [`actions/checkout`](https://github.com/actions/checkout) action.{% endif %} * {% data reusables.actions.policy-label-for-select-actions-workflows %}: Any action {% ifversion actions-workflow-policy %}or reusable workflow{% endif %} defined in a repository within the enterprise can be used, plus any action {% ifversion actions-workflow-policy %}or reusable workflow{% endif %} that matches criteria you specify. @@ -87,8 +87,8 @@ By default, anyone with admin access to a repository can add a self-hosted runne In the "Runners" section, you can mediate these risks by disabling the use of repository-level self-hosted runners. {% ifversion ghec %} -* **Disable for all organizations**: Prevents the creation of runners at the repository level. -* **Disable in all Enterprise Managed User (EMU) repositories**: Prevents the creation of runners for repositories owned by {% data variables.enterprise.prodname_managed_users %}. +* **Disable for all organizations:** Prevents the creation of runners at the repository level. +* **Disable in all Enterprise Managed User (EMU) repositories:** Prevents the creation of runners for repositories owned by {% data variables.enterprise.prodname_managed_users %}. {% endif %} {% data reusables.actions.disable-selfhosted-runners-note %} @@ -163,8 +163,8 @@ If a policy is enabled for an enterprise, the policy can be selectively disabled In the "Workflow permissions" section, you can set the **default** permissions granted to the `GITHUB_TOKEN`. -* **Read and write permissions**: By default, `GITHUB_TOKEN` has read and write access for all scopes. -* **Read repository contents and packages permissions**: By default, `GITHUB_TOKEN` has only read access for the `contents` and `packages` scopes. The more permissive setting cannot be chosen as the default for individual organizations or repositories. +* **Read and write permissions:** By default, `GITHUB_TOKEN` has read and write access for all scopes. +* **Read repository contents and packages permissions:** By default, `GITHUB_TOKEN` has only read access for the `contents` and `packages` scopes. The more permissive setting cannot be chosen as the default for individual organizations or repositories. Anyone with write access to a repository can still modify the permissions granted to the `GITHUB_TOKEN` for a specific workflow, by editing the `permissions` key in the workflow file. diff --git a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise.md index a05e70264f68..16a8d62994a5 100644 --- a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise.md +++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-personal-access-tokens-in-your-enterprise.md @@ -18,9 +18,9 @@ redirect_from: ## Restricting access by {% data variables.product.pat_generic_plural %} Enterprise owners can prevent their members from using {% data variables.product.pat_generic_plural %} to access resources owned by the enterprise. You can configure these restrictions for {% data variables.product.pat_v1_plural %} and {% data variables.product.pat_v2_plural %} independently with the following options: -* **Allow organizations to configure access requirements**: Each organization owned by the enterprise can decide whether to restrict or permit access by {% data variables.product.pat_generic_plural %}. -* **Restrict access via {% data variables.product.pat_generic_plural %}**: {% data variables.product.pat_generic_caps_plural %} cannot access organizations owned by the enterprise. SSH keys created by these {% data variables.product.pat_generic_plural %} will continue to work. Organizations cannot override this setting. -* **Allow access via {% data variables.product.pat_generic_plural %}**: {% data variables.product.pat_generic_caps_plural %} can access organizations owned by the enterprise. Organizations cannot override this setting. +* **Allow organizations to configure access requirements:** Each organization owned by the enterprise can decide whether to restrict or permit access by {% data variables.product.pat_generic_plural %}. +* **Restrict access via {% data variables.product.pat_generic_plural %}:** {% data variables.product.pat_generic_caps_plural %} cannot access organizations owned by the enterprise. SSH keys created by these {% data variables.product.pat_generic_plural %} will continue to work. Organizations cannot override this setting. +* **Allow access via {% data variables.product.pat_generic_plural %}:** {% data variables.product.pat_generic_caps_plural %} can access organizations owned by the enterprise. Organizations cannot override this setting. Regardless of the chosen policy, {% data variables.product.pat_generic_caps_plural %} will have access to public resources within the organizations managed by your enterprise. @@ -61,9 +61,9 @@ When you set a policy, tokens with non-compliant lifetimes will be blocked from ## Enforcing an approval policy for {% data variables.product.pat_v2_plural %} Enterprise owners can manage approval requirements for each {% data variables.product.pat_v2 %} with the following options: -* **Allow organizations to configure approval requirements**: Enterprise owners can allow each organization in the enterprise to set its own approval requirements for the tokens. -* **Require approval**: Enterprise owners can require that all organizations within the enterprise must approve each {% data variables.product.pat_v2 %} that can access the organization. These tokens can still read public resources within the organization without needing approval. -* **Disable approval**: {% data variables.product.pat_v2_caps %}s created by organization members can access organizations owned by the enterprise without prior approval. Organizations cannot override this setting. +* **Allow organizations to configure approval requirements:** Enterprise owners can allow each organization in the enterprise to set its own approval requirements for the tokens. +* **Require approval:** Enterprise owners can require that all organizations within the enterprise must approve each {% data variables.product.pat_v2 %} that can access the organization. These tokens can still read public resources within the organization without needing approval. +* **Disable approval:** {% data variables.product.pat_v2_caps %}s created by organization members can access organizations owned by the enterprise without prior approval. Organizations cannot override this setting. > [!NOTE] > Only {% data variables.product.pat_v2 %}s, not {% data variables.product.pat_v1_plural %}, are subject to approval. Any {% data variables.product.pat_v1 %} can access organization resources without prior approval, unless the organization or enterprise has restricted access by {% data variables.product.pat_v1_plural %} For more information about restricting {% data variables.product.pat_v1_plural %}, see "[Restricting access by {% data variables.product.pat_generic_plural %}](#restricting-access-by-personal-access-tokens)" on this page and "[AUTOTITLE](/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization)." diff --git a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/deleting-users-from-your-instance.md b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/deleting-users-from-your-instance.md index 2195fac7708e..c70521b51846 100644 --- a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/deleting-users-from-your-instance.md +++ b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/deleting-users-from-your-instance.md @@ -25,8 +25,8 @@ Once a user account has been deleted, the username will be available for use wit You cannot delete a user that is currently an **organization owner**. -* **If the user is the only owner**: Transfer ownership to another person, or delete the organization. See "[AUTOTITLE](/organizations/managing-organization-settings/transferring-organization-ownership)" and "[AUTOTITLE](/organizations/managing-organization-settings/deleting-an-organization-account)." -* **If there are other owners**: Remove the user from the organization. See "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/removing-yourself-from-an-organization)." +* **If the user is the only owner:** Transfer ownership to another person, or delete the organization. See "[AUTOTITLE](/organizations/managing-organization-settings/transferring-organization-ownership)" and "[AUTOTITLE](/organizations/managing-organization-settings/deleting-an-organization-account)." +* **If there are other owners:** Remove the user from the organization. See "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-membership-in-organizations/removing-yourself-from-an-organization)." You cannot delete **your own user account**. If you need to delete your own user account, ask another site administrator to delete your account for you. diff --git a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise.md b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise.md index d97e8dd005d7..f18de4c4c0d0 100644 --- a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise.md +++ b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise.md @@ -17,8 +17,8 @@ shortTitle: Manage support entitlements People with support entitlements for your enterprise account can use the support portal to open, view, and comment on support tickets associated with the enterprise account. Enterprise owners and billing managers automatically have a support entitlement. Enterprise owners can add support entitlements to a limited number of enterprise members. -* **{% data variables.product.premium_support_plan %}**: Up to 20 members -* **{% data variables.product.premium_plus_support_plan %}**: Up to 40 members +* **{% data variables.product.premium_support_plan %}:** Up to 20 members +* **{% data variables.product.premium_plus_support_plan %}:** Up to 40 members ## Adding a support entitlement to an enterprise member diff --git a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise.md b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise.md index 9fcb8fc4436c..df5cc267cb0a 100644 --- a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise.md +++ b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise.md @@ -19,13 +19,13 @@ topics: All users that are part of your enterprise have one of the following roles. -* **Enterprise owner**: Can manage all enterprise settings, members, and policies +* **Enterprise owner:** Can manage all enterprise settings, members, and policies {%- ifversion ghec %} -* **Billing manager**: Can manage enterprise billing settings +* **Billing manager:** Can manage enterprise billing settings {%- endif %} -* **Enterprise member**: Is a member or owner of any organization in the enterprise +* **Enterprise member:** Is a member or owner of any organization in the enterprise {%- ifversion guest-collaborators %} -* **Guest collaborator**: Can be granted access to repositories or organizations, but has limited access by default ({% data variables.product.prodname_emus %} only) +* **Guest collaborator:** Can be granted access to repositories or organizations, but has limited access by default ({% data variables.product.prodname_emus %} only) {%- endif %} {% ifversion ghec %}For information about which users consume a license, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/about-per-user-pricing#people-that-consume-a-license)."{% endif %} diff --git a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md index fb4a7b968f5c..bdbaf1a9e429 100644 --- a/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md +++ b/content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md @@ -210,9 +210,9 @@ If you use SAML authentication and SCIM provisioning, you can filter members bas {% data reusables.enterprise-accounts.people-tab %} 1. Select **Account Type**, then choose from the following options. - * **Built-in**: Users with local accounts on {% data variables.location.product_location %} who authenticate with a username and password. - * **SAML linked**: Users who authenticate with SAML via an identity provider, but were not provisioned by SCIM. - * **SAML and SCIM linked**: Users who authenticate with SAML via an identity provider, and were provisioned by SCIM. + * **Built-in:** Users with local accounts on {% data variables.location.product_location %} who authenticate with a username and password. + * **SAML linked:** Users who authenticate with SAML via an identity provider, but were not provisioned by SCIM. + * **SAML and SCIM linked:** Users who authenticate with SAML via an identity provider, and were provisioned by SCIM. {% endif %} diff --git a/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-amazon-s3-storage.md b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-amazon-s3-storage.md index a390178c36e8..5a5cba59d095 100644 --- a/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-amazon-s3-storage.md +++ b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-amazon-s3-storage.md @@ -144,9 +144,9 @@ To configure {% data variables.product.prodname_ghe_server %} to use OIDC with a {% data reusables.actions.enterprise-enable-checkbox %} {% data reusables.actions.enterprise-s3-storage-setup %} 1. Under "Authentication", select **OpenID Connect (OIDC)**, and enter the values for your storage: - * **AWS S3 Bucket**: The name of your S3 bucket. - * **AWS Role**: The ARN for the role you created in the previous procedures. For example, `arn:aws:iam::123456789:role/my-role-name`. - * **AWS Region**: The AWS region for your bucket. For example, `us-east-1`. + * **AWS S3 Bucket:** The name of your S3 bucket. + * **AWS Role:** The ARN for the role you created in the previous procedures. For example, `arn:aws:iam::123456789:role/my-role-name`. + * **AWS Region:** The AWS region for your bucket. For example, `us-east-1`. {% data reusables.enterprise_management_console.test-storage-button %} {% data reusables.enterprise_management_console.save-settings %} diff --git a/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage.md b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage.md index 48d36d6c71c7..91d02869ff20 100644 --- a/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage.md +++ b/content/admin/managing-github-actions-for-your-enterprise/enabling-github-actions-for-github-enterprise-server/enabling-github-actions-with-google-cloud-storage.md @@ -108,14 +108,14 @@ To configure {% data variables.product.prodname_ghe_server %} to use OIDC with G {% data reusables.actions.enterprise-enable-checkbox %} {% data reusables.actions.enterprise-gcp-storage-setup %} 1. Under "Authentication", select **OpenID Connect (OIDC)**, and enter the values for your storage: - * **Service URL**: The service URL for your bucket. This is usually `https://storage.googleapis.com`. - * **Bucket name**: The name of your bucket. - * **Workload Identity Provider ID**: The identity provider ID for your identity pool. + * **Service URL:** The service URL for your bucket. This is usually `https://storage.googleapis.com`. + * **Bucket name:** The name of your bucket. + * **Workload Identity Provider ID:** The identity provider ID for your identity pool. This is in the format `projects/PROJECT-NUMBER/locations/global/workloadIdentityPools/POOL-NAME/providers/PROVIDER-NAME`. Note that you must remove the `https://iam.googleapis.com/` prefix from the value noted in the previous procedure. For example, `projects/1234567890/locations/global/workloadIdentityPools/my-pool/providers/my-provider`. - * **Service account**: The service account email address that you noted in the previous procedure. For example, `ghes-oidc-service-account@my-project.iam.gserviceaccount.com`. + * **Service account:** The service account email address that you noted in the previous procedure. For example, `ghes-oidc-service-account@my-project.iam.gserviceaccount.com`. {% data reusables.enterprise_management_console.test-storage-button %} {% data reusables.enterprise_management_console.save-settings %} diff --git a/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-authentication-and-provisioning-with-pingfederate.md b/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-authentication-and-provisioning-with-pingfederate.md index 7d0116609acc..4a9b0373b526 100644 --- a/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-authentication-and-provisioning-with-pingfederate.md +++ b/content/admin/managing-iam/provisioning-user-accounts-with-scim/configuring-authentication-and-provisioning-with-pingfederate.md @@ -269,14 +269,14 @@ Before starting this section, ensure you have followed {% ifversion ghec %}the p On the "Attribute Mapping" tab, you will need to map fields from your LDAP server to SCIM fields. See the following list for {% data variables.product.github %}'s supported SCIM fields and the values expected in each one. -* **Username**: This will be normalized and used as the {% data variables.product.github %} username for the provisioned user. See "[AUTOTITLE](/admin/managing-iam/iam-configuration-reference/username-considerations-for-external-authentication#about-username-normalization)." This must match the normalization of the subject sent with the SAML assertion that you configured with the `SAML_SUBJECT` property in PingFederate. -* **Email**: A field containing the user's email address. -* **Display Name**: A human-readable name for the user. -* **Formatted Name**: The user's full name, including all middle names, titles, and suffixes, formatted for display. -* **First Name**: The first name of the user. -* **Last Name**: The last name of the user. -* **External ID**: This identifier is generated by an IdP provider. -* **Roles**: This field should contain a string that represents the user's intended role on {% data variables.product.github %}. Valid roles are {% ifversion ghec %}`enterprise_owner`, `user`, `billing_manager`, and `guest_collaborator`{% else %}`enterprise_owner` and `user`{% endif %}. +* **Username:** This will be normalized and used as the {% data variables.product.github %} username for the provisioned user. See "[AUTOTITLE](/admin/managing-iam/iam-configuration-reference/username-considerations-for-external-authentication#about-username-normalization)." This must match the normalization of the subject sent with the SAML assertion that you configured with the `SAML_SUBJECT` property in PingFederate. +* **Email:** A field containing the user's email address. +* **Display Name:** A human-readable name for the user. +* **Formatted Name:** The user's full name, including all middle names, titles, and suffixes, formatted for display. +* **First Name:** The first name of the user. +* **Last Name:** The last name of the user. +* **External ID:** This identifier is generated by an IdP provider. +* **Roles:** This field should contain a string that represents the user's intended role on {% data variables.product.github %}. Valid roles are {% ifversion ghec %}`enterprise_owner`, `user`, `billing_manager`, and `guest_collaborator`{% else %}`enterprise_owner` and `user`{% endif %}. When you have finished configuring these settings, click **Next**. diff --git a/content/admin/managing-your-enterprise-account/creating-an-enterprise-account.md b/content/admin/managing-your-enterprise-account/creating-an-enterprise-account.md index 635835c14ff3..3c85616cedb2 100644 --- a/content/admin/managing-your-enterprise-account/creating-an-enterprise-account.md +++ b/content/admin/managing-your-enterprise-account/creating-an-enterprise-account.md @@ -41,17 +41,17 @@ In these cases, contact {% data variables.contact.contact_enterprise_sales %}. The following changes also apply to single organizations that are automatically upgraded to an enterprise account. For details, see [{% data variables.product.prodname_blog %}](https://github.blog/changelog/2024-06-19-upcoming-automatic-upgrade-to-the-enterprise-account-experience/). -* **Ownership transfer**: Your organization will automatically be owned by the enterprise account. For details, see "[AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#about-addition-of-organizations-to-your-enterprise-account)." -* **Ownership roles**: All organization owners will become enterprise owners. -* **Billing details**: The organization’s billing details will now apply to the enterprise account. -* **Billing managers**: All organization billing managers will become enterprise billing managers. -* **Billing process**: {% data variables.product.company_short %} will bill the enterprise account for usage within **all** organizations owned by the enterprise. -* **Enterprise account name**: During the upgrade, the new enterprise account name will match your organization name or be as close as possible if taken. You can rename it after the upgrade. +* **Ownership transfer:** Your organization will automatically be owned by the enterprise account. For details, see "[AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise#about-addition-of-organizations-to-your-enterprise-account)." +* **Ownership roles:** All organization owners will become enterprise owners. +* **Billing details:** The organization’s billing details will now apply to the enterprise account. +* **Billing managers:** All organization billing managers will become enterprise billing managers. +* **Billing process:** {% data variables.product.company_short %} will bill the enterprise account for usage within **all** organizations owned by the enterprise. +* **Enterprise account name:** During the upgrade, the new enterprise account name will match your organization name or be as close as possible if taken. You can rename it after the upgrade. * **SAML SSO:** Existing SAML SSO will stay at the organization level after being added to the new enterprise account. You can configure SSO at the enterprise level post-upgrade, which will override the organization level. Existing PATs and SAML-authorized tokens will remain unchanged. -* **Policies**: The new enterprise account starts with no policies, so existing organization policies won't be overridden. -* **Spending limits**: Existing organization spending limits transfer to the new enterprise account. Post-upgrade, billing is handled at the enterprise level. To adjust spending limits, under "Settings" in the enterprise account sidebar, select **Billing**. -* **Coupons**: Existing coupons will carry over to the new enterprise account with no interruptions. -* **Workflow permissions**: The new enterprise account will inherit your organization's workflow permissions. If the organization has a permissive setting ("Read and write"), the enterprise account will also default to permissive. Otherwise, it defaults to restrictive ("Read repository contents and packages"). For workflows with the id-token permission, the default changes to read-only due to a February 2023 update. Add an explicit permissions block in these workflows to grant the required permissions. +* **Policies:** The new enterprise account starts with no policies, so existing organization policies won't be overridden. +* **Spending limits:** Existing organization spending limits transfer to the new enterprise account. Post-upgrade, billing is handled at the enterprise level. To adjust spending limits, under "Settings" in the enterprise account sidebar, select **Billing**. +* **Coupons:** Existing coupons will carry over to the new enterprise account with no interruptions. +* **Workflow permissions:** The new enterprise account will inherit your organization's workflow permissions. If the organization has a permissive setting ("Read and write"), the enterprise account will also default to permissive. Otherwise, it defaults to restrictive ("Read repository contents and packages"). For workflows with the id-token permission, the default changes to read-only due to a February 2023 update. Add an explicit permissions block in these workflows to grant the required permissions. ## Upgrading an organization to an enterprise account diff --git a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-the-monitor-dashboards.md b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-the-monitor-dashboards.md index 10fa7812131b..044539d53c9d 100644 --- a/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-the-monitor-dashboards.md +++ b/content/admin/monitoring-and-managing-your-instance/monitoring-your-instance/about-the-monitor-dashboards.md @@ -74,12 +74,12 @@ The system health graphs provide a general overview of services and system resou These graphs include key metrics for the resource utilization of services that power {% data variables.product.prodname_ghe_server %}. They help visualize ongoing issues while processing requests. -* **Nomad jobs**: The CPU and memory usage of individual services. {% data variables.product.prodname_ghe_server %} utilizes Nomad internally as the workload orchestrator. -* **Response code**: The number of responses by status code returned across {% data variables.product.prodname_ghe_server %} services. -* **Response time**: The speed of web requests at the 90th percentile in milliseconds. -* **Active workers**: The number of web workers busy per {% data variables.product.prodname_ghe_server %} application. -* **Queued requests**: The number of web requests queued per {% data variables.product.prodname_ghe_server %} application. It is expected for this panel to display 'No data' when no requests are queued up. -* **ElasticSearch Cluster Health**: The health status of the ElasticSearch cluster, based on the state of its primary and replica shards. This cluster powers {% data variables.product.prodname_ghe_server %} search. +* **Nomad jobs:** The CPU and memory usage of individual services. {% data variables.product.prodname_ghe_server %} utilizes Nomad internally as the workload orchestrator. +* **Response code:** The number of responses by status code returned across {% data variables.product.prodname_ghe_server %} services. +* **Response time:** The speed of web requests at the 90th percentile in milliseconds. +* **Active workers:** The number of web workers busy per {% data variables.product.prodname_ghe_server %} application. +* **Queued requests:** The number of web requests queued per {% data variables.product.prodname_ghe_server %} application. It is expected for this panel to display 'No data' when no requests are queued up. +* **ElasticSearch Cluster Health:** The health status of the ElasticSearch cluster, based on the state of its primary and replica shards. This cluster powers {% data variables.product.prodname_ghe_server %} search. {% endif %} ### Processes diff --git a/content/admin/overview/about-github-enterprise-server.md b/content/admin/overview/about-github-enterprise-server.md index 3b1c23b0aa8a..8e6016152857 100644 --- a/content/admin/overview/about-github-enterprise-server.md +++ b/content/admin/overview/about-github-enterprise-server.md @@ -27,10 +27,10 @@ Most features are released on {% data variables.product.prodname_dotcom_the_webs You can also configure optional features on {% data variables.product.product_name %} to improve the software development lifecycle for your enterprise. -* **{% data variables.product.prodname_actions %}**: Automate CI/CD and development workflows -* **{% data variables.product.prodname_GH_advanced_security %}**: Scan code for secrets and vulnerabilities -* **{% data variables.product.prodname_github_connect %}**: Benefit from data and features on {% data variables.product.prodname_dotcom_the_website %} -* **{% data variables.product.prodname_registry %}**: Host software packages for your enterprise +* **{% data variables.product.prodname_actions %}:** Automate CI/CD and development workflows +* **{% data variables.product.prodname_GH_advanced_security %}:** Scan code for secrets and vulnerabilities +* **{% data variables.product.prodname_github_connect %}:** Benefit from data and features on {% data variables.product.prodname_dotcom_the_website %} +* **{% data variables.product.prodname_registry %}:** Host software packages for your enterprise ## How do I deploy {% data variables.product.product_name %}? diff --git a/content/admin/overview/about-github-for-enterprises.md b/content/admin/overview/about-github-for-enterprises.md index 40f3500f55c2..f7497f3ab8b2 100644 --- a/content/admin/overview/about-github-for-enterprises.md +++ b/content/admin/overview/about-github-for-enterprises.md @@ -69,13 +69,13 @@ When businesses adopt {% data variables.product.prodname_enterprise %}, their re {% data reusables.enterprise.ghe-includes-ghec-and-ghes %} You can choose to use **one or both** of these deployment options. -**With {% data variables.product.prodname_ghe_cloud %}**: +**With {% data variables.product.prodname_ghe_cloud %}:** * Your repositories and other resources are hosted by {% data variables.product.company_short %}, and you'll automatically have access to the latest features and bugfixes. * You can choose for your enterprise to be hosted on {% data variables.product.prodname_dotcom_the_website %} or, for more control over where your company's code and data reside, on your own subdomain of {% data variables.enterprise.data_residency_site %}. * To access your resources, members of your enterprise can use their personal account or, if you use {% data variables.product.prodname_emus %}, you will provision accounts for users using an external system. -**With {% data variables.product.prodname_ghe_server %}**: +**With {% data variables.product.prodname_ghe_server %}:** * You run your own {% data variables.product.prodname_dotcom %} instance, either on-premises or on a public cloud service. * You create accounts for users, and authenticate users using either built-in authentication or an external system. diff --git a/content/apps/using-github-apps/installing-your-own-github-app.md b/content/apps/using-github-apps/installing-your-own-github-app.md index 69d56cd9660a..6ae920fc226a 100644 --- a/content/apps/using-github-apps/installing-your-own-github-app.md +++ b/content/apps/using-github-apps/installing-your-own-github-app.md @@ -20,9 +20,9 @@ shortTitle: Install your own app After creating a {% data variables.product.prodname_github_app %}, you can install it based on its visibility. -* **Only on this account**: The {% data variables.product.prodname_github_app %} can only be installed on the organization or user account that created it.{% ifversion ghec %} If you are an {% data variables.product.prodname_emu %}, this option is not available for apps you create.{% ifversion enterprise-apps-public-beta %} This visibility is not available for apps registered by an enterprise.{% endif %}{% endif %} -* **Any account**: You can install this {% data variables.product.prodname_github_app %} on your user account or any organization account where you are an organization owner.{% ifversion enterprise-apps-public-beta %} This visibility is not available for apps registered by an enterprise. -* **Only enterprise organizations**: If the {% data variables.product.prodname_github_app %} is owned by an enterprise, you can only install the app on organizations within the enterprise. Organizations where you are an organization owner will appear in the installation options.{% endif %}{% ifversion ghec %} +* **Only on this account:** The {% data variables.product.prodname_github_app %} can only be installed on the organization or user account that created it.{% ifversion ghec %} If you are an {% data variables.product.prodname_emu %}, this option is not available for apps you create.{% ifversion enterprise-apps-public-beta %} This visibility is not available for apps registered by an enterprise.{% endif %}{% endif %} +* **Any account:** You can install this {% data variables.product.prodname_github_app %} on your user account or any organization account where you are an organization owner.{% ifversion enterprise-apps-public-beta %} This visibility is not available for apps registered by an enterprise. +* **Only enterprise organizations:** If the {% data variables.product.prodname_github_app %} is owned by an enterprise, you can only install the app on organizations within the enterprise. Organizations where you are an organization owner will appear in the installation options.{% endif %}{% ifversion ghec %} If you are an {% data variables.product.prodname_emu %}, you cannot install a {% data variables.product.prodname_github_app %} on your user account.{% endif %} diff --git a/content/authentication/troubleshooting-ssh/using-ssh-over-the-https-port.md b/content/authentication/troubleshooting-ssh/using-ssh-over-the-https-port.md index 80ae728046f2..849fb795d97a 100644 --- a/content/authentication/troubleshooting-ssh/using-ssh-over-the-https-port.md +++ b/content/authentication/troubleshooting-ssh/using-ssh-over-the-https-port.md @@ -14,7 +14,7 @@ shortTitle: Use SSH over HTTPS port --- {% tip %} -**{% data variables.product.prodname_ghe_server %} users**: Accessing {% data variables.product.prodname_ghe_server %} via SSH over the HTTPS port is currently not supported. +**{% data variables.product.prodname_ghe_server %} users:** Accessing {% data variables.product.prodname_ghe_server %} via SSH over the HTTPS port is currently not supported. {% endtip %} diff --git a/content/code-security/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md b/content/code-security/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md index ed104aeba5dc..e3909c14c799 100644 --- a/content/code-security/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md +++ b/content/code-security/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md @@ -37,13 +37,13 @@ When you enable {% data variables.product.prodname_secret_scanning %}, you shoul There are a few approaches for tackling newly committed credentials, but one example approach would be: -1. **Notify**: Use webhooks to ensure that any new secret alerts are seen by the right teams as quickly as possible. A webhook fires when a secret alert is either created, resolved, or reopened. You can then parse the webhook payload, and integrate it into any tools you and your team use such Slack, Teams, Splunk, or email. For more information, see "[AUTOTITLE](/webhooks-and-events/webhooks/about-webhooks)" and "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#secret_scanning_alert)." -1. **Follow Up**: Create a high-level remediation process that works for all secret types. For example, you could contact the developer who committed the secret and their technical lead on that project, highlighting the dangers of committing secrets to {% data variables.product.prodname_dotcom %}, and asking the them to revoke, and update the detected secret. +1. **Notify:** Use webhooks to ensure that any new secret alerts are seen by the right teams as quickly as possible. A webhook fires when a secret alert is either created, resolved, or reopened. You can then parse the webhook payload, and integrate it into any tools you and your team use such Slack, Teams, Splunk, or email. For more information, see "[AUTOTITLE](/webhooks-and-events/webhooks/about-webhooks)" and "[AUTOTITLE](/webhooks-and-events/webhooks/webhook-events-and-payloads#secret_scanning_alert)." +1. **Follow Up:** Create a high-level remediation process that works for all secret types. For example, you could contact the developer who committed the secret and their technical lead on that project, highlighting the dangers of committing secrets to {% data variables.product.prodname_dotcom %}, and asking the them to revoke, and update the detected secret. > [!NOTE] > You can automate this step. For large enterprises and organizations with hundreds of repositories, manually following up is unsustainable. You could incorporate automation into the webhook process defined in the first step. The webhook payload contains repository and organization information about the leaked secret. Using this information, you can contact the current maintainers on the repository and create an email/message to the responsible people or open an issue. -1. **Educate**: Create an internal training document assigned to the developer who committed the secret. Within this training document, you can explain the risks created by committing secrets and direct them to your best practice information about using secrets securely in development. If a developer doesn't learn from the experience and continues to commit secrets, you could create an escalation process, but education usually works well. +1. **Educate:** Create an internal training document assigned to the developer who committed the secret. Within this training document, you can explain the risks created by committing secrets and direct them to your best practice information about using secrets securely in development. If a developer doesn't learn from the experience and continues to commit secrets, you could create an escalation process, but education usually works well. Repeat the last two steps for any new secrets leaked. This process encourages developers to take responsibility for managing the secrets used in their code securely, and allows you to measure the reduction in newly committed secrets. @@ -56,13 +56,13 @@ Once you have enabled {% data variables.product.prodname_secret_scanning %}, you Once enabled, you can do the following: -1. **Provide guidance**: Configure a custom link in the message that contributors will see if their push is blocked by {% data variables.product.prodname_secret_scanning %}. The linked resource can provide guidance for contributors on how to resolve the blocked push. For more information, see "[AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository)." +1. **Provide guidance:** Configure a custom link in the message that contributors will see if their push is blocked by {% data variables.product.prodname_secret_scanning %}. The linked resource can provide guidance for contributors on how to resolve the blocked push. For more information, see "[AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository)." -1. **Notify**: Define a webhook that specifically tracks {% data variables.secret-scanning.alerts %} created when someone bypasses push protection by using the alert property `"push_protection_bypassed": true`. Or, use the API to get updates on which {% data variables.secret-scanning.alerts %} were the result of a push protection bypass by filtering the list of results for `"push_protection_bypassed": true`. For more information, see "[AUTOTITLE](/code-security/getting-started/auditing-security-alerts)." +1. **Notify:** Define a webhook that specifically tracks {% data variables.secret-scanning.alerts %} created when someone bypasses push protection by using the alert property `"push_protection_bypassed": true`. Or, use the API to get updates on which {% data variables.secret-scanning.alerts %} were the result of a push protection bypass by filtering the list of results for `"push_protection_bypassed": true`. For more information, see "[AUTOTITLE](/code-security/getting-started/auditing-security-alerts)." {%- ifversion security-overview-push-protection-metrics-page %} -1. **Monitor**: Use security overview to view metrics on how push protection is performing in repositories across your organization, so you can quickly identify any repositories where you might need to take action. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection)." +1. **Monitor:** Use security overview to view metrics on how push protection is performing in repositories across your organization, so you can quickly identify any repositories where you might need to take action. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection)." {%- endif %} diff --git a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/using-the-codeql-model-editor.md b/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/using-the-codeql-model-editor.md index f58b14c6d063..2be02933cdcb 100644 --- a/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/using-the-codeql-model-editor.md +++ b/content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/using-the-codeql-model-editor.md @@ -25,9 +25,9 @@ When you open the model editor, it analyzes the currently selected {% data varia The model editor has two different modes: -* **Application mode** (default view): The editor lists each external framework used by the selected {% data variables.product.prodname_codeql %} database. When you expand a framework, a list of all calls to and from the external API is shown with the options available to model dataflow through each call. This mode is most useful for improving the {% data variables.product.prodname_codeql %} results for a specific codebase. +* **Application mode (default view)**: The editor lists each external framework used by the selected {% data variables.product.prodname_codeql %} database. When you expand a framework, a list of all calls to and from the external API is shown with the options available to model dataflow through each call. This mode is most useful for improving the {% data variables.product.prodname_codeql %} results for a specific codebase. -* **Dependency mode**: The editor identifies all of the publicly accessible APIs in the selected {% data variables.product.prodname_codeql %} database. This view guides you through modeling each public API that the codebase makes available. When you have finished modeling the entire API, you can save the model and use it to improve the {% data variables.product.prodname_codeql %} analysis for all codebases that use the dependency. +* **Dependency mode:** The editor identifies all of the publicly accessible APIs in the selected {% data variables.product.prodname_codeql %} database. This view guides you through modeling each public API that the codebase makes available. When you have finished modeling the entire API, you can save the model and use it to improve the {% data variables.product.prodname_codeql %} analysis for all codebases that use the dependency. The rest of this article covers the practical aspects of modelling dependencies using the {% data variables.product.prodname_codeql %} model editor. For technical information, see [Customizing library models for Java and Kotlin](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-java-and-kotlin/){% ifversion fpt or ghec or ghes > 3.14 %}, [Customizing Library Models for Python](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-python/), [Customizing Library Models for Ruby](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-ruby/), and [Customizing library models for C#](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-csharp/){% elsif ghes > 3.12 %}, [Customizing Library Models for Ruby](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-ruby/), and [Customizing library models for C#](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-csharp/){% endif %} in the {% data variables.product.prodname_codeql %} language documentation. diff --git a/content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md b/content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md index 4ce447da6c9e..fb043eab08c7 100644 --- a/content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md +++ b/content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md @@ -26,8 +26,8 @@ Repository administrators can create {% data variables.dependabot.custom_rules % Organization owners and security managers can set {% data variables.dependabot.custom_rules %} at the organization-level, and then choose if a rule is enforced or enabled across all public {% ifversion ghec %}and private {% endif %} repositories in the organization. - * **Enforced**: If an organization-level rule is "enforced", repository administrators cannot edit, disable, or delete the rule. - * **Enabled**: If an organization-level rule is "enabled", repository administrators can still disable the rule for their repository. + * **Enforced:** If an organization-level rule is "enforced", repository administrators cannot edit, disable, or delete the rule. + * **Enabled:** If an organization-level rule is "enabled", repository administrators can still disable the rule for their repository. > [!NOTE] > In the event that an organization-level rule and a repository-level rule specify conflicting behaviors, the action set out by the organization-level rule takes precedence. Dismissal rules always act before rules which trigger {% data variables.product.prodname_dependabot %} pull requests. diff --git a/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md b/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md index 986df68a0268..ff14867bd7aa 100644 --- a/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md +++ b/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md @@ -996,18 +996,18 @@ updates: #### Versioning tag glossary -* **`alpha`**: Early version, may be unstable and have incomplete features. -* **`beta`**: More stable than alpha but may still have bugs. -* **`canary`**: Regularly updated pre-release version for testing. -* **`dev`**: Represents development versions. -* **`experimental`**: Versions with experimental features. -* **`latest`**: The latest stable release. -* **`legacy`**: Older or deprecated versions. -* **`next`**: Upcoming release version. -* **`nightly`**: Versions built nightly; often includes the latest changes. -* **`rc`**: Release candidate, close to stable release. -* **`release`**: The official release version. -* **`stable`**: The most reliable, production-ready version. +* **`alpha`:** Early version, may be unstable and have incomplete features. +* **`beta`:** More stable than alpha but may still have bugs. +* **`canary`:** Regularly updated pre-release version for testing. +* **`dev`:** Represents development versions. +* **`experimental`:** Versions with experimental features. +* **`latest`:** The latest stable release. +* **`legacy`:** Older or deprecated versions. +* **`next`:** Upcoming release version. +* **`nightly`:** Versions built nightly; often includes the latest changes. +* **`rc`:** Release candidate, close to stable release. +* **`release`:** The official release version. +* **`stable`:** The most reliable, production-ready version. {% endif %} diff --git a/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md b/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md index 48fbce04da2a..345185eb7d45 100644 --- a/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md +++ b/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md @@ -256,8 +256,8 @@ If you continue to see CI failures, you should remove the group configuration so If you unblock {% data variables.product.prodname_dependabot %}, you can manually trigger a fresh attempt to create a pull request. -* **Security updates**: Display the {% data variables.product.prodname_dependabot %} alert that shows the error you have fixed and click **Create {% data variables.product.prodname_dependabot %} security update**. -* **Version updates**: On the **Insights** tab for the repository click **Dependency graph**, and then click the **Dependabot** tab. Click **Last checked _TIME_ ago** to see the log file that {% data variables.product.prodname_dependabot %} generated during the last check for version updates. Click **Check for updates**. +* **Security updates:** Display the {% data variables.product.prodname_dependabot %} alert that shows the error you have fixed and click **Create {% data variables.product.prodname_dependabot %} security update**. +* **Version updates:** On the **Insights** tab for the repository click **Dependency graph**, and then click the **Dependabot** tab. Click **Last checked _TIME_ ago** to see the log file that {% data variables.product.prodname_dependabot %} generated during the last check for version updates. Click **Check for updates**. ## Further reading diff --git a/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md b/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md index 4f2544e5e51c..9f9ebbe7a773 100644 --- a/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md +++ b/content/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies.md @@ -42,7 +42,7 @@ topics: * Direct dependencies explicitly declared in a manifest or lockfile * Transitive dependencies declared in a lockfile -**Check**: Is the uncaught vulnerability for a component that's not specified in the repository's manifest or lockfile? +**Check:** Is the uncaught vulnerability for a component that's not specified in the repository's manifest or lockfile? ## Why don't I get {% data variables.product.prodname_dependabot_alerts %} for some ecosystems? @@ -50,7 +50,7 @@ topics: It's worth noting that security advisories may exist for other ecosystems. The information in an unreviewed security advisory is provided by the maintainers of a particular repository. This data is not curated by {% data variables.product.prodname_dotcom %}. {% data reusables.security-advisory.link-browsing-advisory-db %} -**Check**: Does the uncaught vulnerability apply to an unsupported ecosystem? +**Check:** Does the uncaught vulnerability apply to an unsupported ecosystem? ## Does {% data variables.product.prodname_dependabot %} generate alerts for vulnerabilities that have been known for many years? @@ -58,7 +58,7 @@ The {% data variables.product.prodname_advisory_database %} was launched in Nove Some information on older vulnerabilities is available, especially where these CVEs are particularly widespread, however some old vulnerabilities are not included in the {% data variables.product.prodname_advisory_database %}. If there's a specific old vulnerability that you need to be included in the database, contact {% data variables.contact.contact_support %}. -**Check**: Does the uncaught vulnerability have a publish date earlier than 2017 in the National Vulnerability Database? +**Check:** Does the uncaught vulnerability have a publish date earlier than 2017 in the National Vulnerability Database? ## Why does {% data variables.product.prodname_advisory_database %} use a subset of published vulnerability data? @@ -80,7 +80,7 @@ Legacy {% data variables.product.prodname_dependabot_alerts %} were grouped into The {% data variables.product.prodname_dependabot_alerts %} count in {% data variables.product.prodname_dotcom %} shows a total for the number of alerts, which is the number of vulnerabilities, not the number of dependencies. -**Check**: If there is a discrepancy in the totals you are seeing, check that you are not comparing alert numbers with dependency numbers. Also check that you are viewing all alerts and not a subset of filtered alerts. +**Check:** If there is a discrepancy in the totals you are seeing, check that you are not comparing alert numbers with dependency numbers. Also check that you are viewing all alerts and not a subset of filtered alerts. {% endif %} ## Can Dependabot ignore specific dependencies? diff --git a/content/code-security/secret-scanning/introduction/about-push-protection.md b/content/code-security/secret-scanning/introduction/about-push-protection.md index 4792c34c38cf..0c957edf3e26 100644 --- a/content/code-security/secret-scanning/introduction/about-push-protection.md +++ b/content/code-security/secret-scanning/introduction/about-push-protection.md @@ -57,19 +57,19 @@ By default, anyone with write access to the repository can choose to bypass push ## About the benefits of push protection -* **Preventative security**: Push protection acts as a frontline defense mechanism by scanning code for secrets at the time of the push. This preventative approach helps to catch potential issues before they are merged into your repository. +* **Preventative security:** Push protection acts as a frontline defense mechanism by scanning code for secrets at the time of the push. This preventative approach helps to catch potential issues before they are merged into your repository. -* **Immediate feedback**: Developers receive instant feedback if a potential secret is detected during a push attempt. This immediate notification allows for quick remediation, reducing the likelihood of sensitive information being exposed. +* **Immediate feedback:** Developers receive instant feedback if a potential secret is detected during a push attempt. This immediate notification allows for quick remediation, reducing the likelihood of sensitive information being exposed. -* **Reduced risk of data leaks**: By blocking commits that contain sensitive information, push protection significantly reduces the risk of accidental data leaks. This helps in safeguarding against unauthorized access to your infrastructure, services, and data. +* **Reduced risk of data leaks:** By blocking commits that contain sensitive information, push protection significantly reduces the risk of accidental data leaks. This helps in safeguarding against unauthorized access to your infrastructure, services, and data. -* **Efficient secret management**: Instead of retrospectively dealing with exposed secrets, developers can address issues at the source. This makes secret management more efficient and less time-consuming. +* **Efficient secret management:** Instead of retrospectively dealing with exposed secrets, developers can address issues at the source. This makes secret management more efficient and less time-consuming. -* **Integration with CI/CD pipelines**: Push Protection can be integrated into your Continuous Integration/Continuous Deployment (CI/CD) pipelines, ensuring that every push is scanned for secrets before it gets deployed. This adds an extra layer of security to your DevOps practices. +* **Integration with CI/CD pipelines:** Push Protection can be integrated into your Continuous Integration/Continuous Deployment (CI/CD) pipelines, ensuring that every push is scanned for secrets before it gets deployed. This adds an extra layer of security to your DevOps practices. -{% ifversion secret-scanning-push-protection-custom-patterns %}* **Ability to detect custom patterns**: Organizations can define custom patterns for detecting secrets unique to their environment. This customization ensures that push Protection can effectively identify and block even non-standard secrets.{% endif %} +{% ifversion secret-scanning-push-protection-custom-patterns %}* **Ability to detect custom patterns:** Organizations can define custom patterns for detecting secrets unique to their environment. This customization ensures that push Protection can effectively identify and block even non-standard secrets.{% endif %} -{% ifversion push-protection-delegated-bypass %}* **Delegated bypass for flexibility**: For cases where false positives occur or when certain patterns are necessary, the delegated bypass feature allows designated users to approve specific pushes. This provides flexibility without compromising overall security.{% endif %} +{% ifversion push-protection-delegated-bypass %}* **Delegated bypass for flexibility:** For cases where false positives occur or when certain patterns are necessary, the delegated bypass feature allows designated users to approve specific pushes. This provides flexibility without compromising overall security.{% endif %} {% ifversion secret-scanning-push-protection-for-users %} diff --git a/content/code-security/secret-scanning/introduction/about-secret-scanning.md b/content/code-security/secret-scanning/introduction/about-secret-scanning.md index ef6afa7c951d..21765ae52294 100644 --- a/content/code-security/secret-scanning/introduction/about-secret-scanning.md +++ b/content/code-security/secret-scanning/introduction/about-secret-scanning.md @@ -48,47 +48,47 @@ You can also use security overview to see an organization-level view of which re Below is a typical workflow that explains how {% data variables.product.prodname_secret_scanning %} works: -* **Detection**: {% data variables.product.prodname_secret_scanning_caps %} automatically scans your repository's contents for sensitive data, such as API keys, passwords, tokens, and other secrets. It looks for patterns and heuristics that match known types of secrets. +* **Detection:** {% data variables.product.prodname_secret_scanning_caps %} automatically scans your repository's contents for sensitive data, such as API keys, passwords, tokens, and other secrets. It looks for patterns and heuristics that match known types of secrets. -* **Alerts**: When a potential secret is detected, {% data variables.product.prodname_dotcom %} generates an alert and notifies the relevant repository administrators and users. This notification includes details about the detected secret, such as its location in the repository. For more information about alert types and alert details, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts)." +* **Alerts:** When a potential secret is detected, {% data variables.product.prodname_dotcom %} generates an alert and notifies the relevant repository administrators and users. This notification includes details about the detected secret, such as its location in the repository. For more information about alert types and alert details, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts)." -* **Review**: When a secret is detected, you'll need to review the alert details provided. +* **Review:** When a secret is detected, you'll need to review the alert details provided. -* **Remediation**: You then need to take appropriate actions to remediate the exposure. This might include: +* **Remediation:** You then need to take appropriate actions to remediate the exposure. This might include: * Rotating the affected credential to ensure it is no longer usable. * Removing the secret from the repository's history (using tools like BFG Repo-Cleaner or {% data variables.product.prodname_dotcom %}'s built-in features). -* **Monitoring**: It's good practice to regularly audit and monitor your repositories to ensure no other secrets are exposed. +* **Monitoring:** It's good practice to regularly audit and monitor your repositories to ensure no other secrets are exposed. {% ifversion fpt or ghec %} -* **Integration with partners**: {% data variables.product.prodname_dotcom %} works with various service providers to validate secrets. When a partner secret is detected, {% data variables.product.prodname_dotcom %} notifies the provider so they can take appropriate action, such as revoking the credential. For more information about the partnership program, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program)." +* **Integration with partners:** {% data variables.product.prodname_dotcom %} works with various service providers to validate secrets. When a partner secret is detected, {% data variables.product.prodname_dotcom %} notifies the provider so they can take appropriate action, such as revoking the credential. For more information about the partnership program, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program)." {% endif %} ## About the benefits of {% data variables.product.prodname_secret_scanning %} -* **Enhanced security**: {% data variables.product.prodname_secret_scanning_caps %} scans your repositories for sensitive information like API keys, passwords, tokens, and other secrets. By detecting these early, you can mitigate potential security risks before they are exploited by malicious actors. +* **Enhanced security:** {% data variables.product.prodname_secret_scanning_caps %} scans your repositories for sensitive information like API keys, passwords, tokens, and other secrets. By detecting these early, you can mitigate potential security risks before they are exploited by malicious actors. -* **Automated detection**: The feature automatically scans your codebase, including commits, issues, and pull requests, ensuring continuous protection without requiring manual intervention. This automation helps in maintaining security even as your repository evolves. +* **Automated detection:** The feature automatically scans your codebase, including commits, issues, and pull requests, ensuring continuous protection without requiring manual intervention. This automation helps in maintaining security even as your repository evolves. -* **Real-time alerts**: When a secret is detected, {% data variables.product.prodname_secret_scanning %} provides real-time alerts to repository administrators and contributors. This immediate feedback allows for swift remediation actions. +* **Real-time alerts:** When a secret is detected, {% data variables.product.prodname_secret_scanning %} provides real-time alerts to repository administrators and contributors. This immediate feedback allows for swift remediation actions. {% ifversion fpt or ghec %} -* **Integration with service providers**: {% data variables.product.prodname_dotcom %} partners with various service providers to validate detected secrets. When a secret is identified, {% data variables.product.prodname_dotcom %} notifies the corresponding service provider to take appropriate actions, such as revoking the exposed credential. For more information, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program)." +* **Integration with service providers:** {% data variables.product.prodname_dotcom %} partners with various service providers to validate detected secrets. When a secret is identified, {% data variables.product.prodname_dotcom %} notifies the corresponding service provider to take appropriate actions, such as revoking the exposed credential. For more information, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program)." {% endif %} {% ifversion ghec or ghes %} -* **Custom pattern support**: Organizations can define custom patterns to detect proprietary or unique types of secrets that may not be covered by default patterns. This flexibility allows for tailored security measures specific to your environment. +* **Custom pattern support:** Organizations can define custom patterns to detect proprietary or unique types of secrets that may not be covered by default patterns. This flexibility allows for tailored security measures specific to your environment. {% endif %} {% ifversion secret-scanning-non-provider-patterns %} -* **Ability to detect non-provider patterns**: You can expand the detection to include non-provider patterns such as connection strings, authentication headers, and private keys, for your repository or organization. +* **Ability to detect non-provider patterns:** You can expand the detection to include non-provider patterns such as connection strings, authentication headers, and private keys, for your repository or organization. {% endif %} @@ -120,8 +120,8 @@ Define your own patterns for secrets used by your organization that {% data vari ### {% data variables.secret-scanning.copilot-secret-scanning %} -* **{% data variables.secret-scanning.generic-secret-detection-caps %}**: Leverage {% data variables.product.prodname_secret_scanning %}'s AI capabilities to detect unstructured secrets, such as passwords, in your repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets)."{% ifversion secret-scanning-custom-pattern-ai-generated %} -* **{% data variables.secret-scanning.custom-pattern-regular-expression-generator-caps %}**: Leverage {% data variables.product.prodname_secret_scanning %}'s AI capabilities to generate regular expressions that will capture all your custom patterns. For more information, see "[AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-regex-generator).{% endif %} +* **{% data variables.secret-scanning.generic-secret-detection-caps %}:** Leverage {% data variables.product.prodname_secret_scanning %}'s AI capabilities to detect unstructured secrets, such as passwords, in your repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets)."{% ifversion secret-scanning-custom-pattern-ai-generated %} +* **{% data variables.secret-scanning.custom-pattern-regular-expression-generator-caps %}:** Leverage {% data variables.product.prodname_secret_scanning %}'s AI capabilities to generate regular expressions that will capture all your custom patterns. For more information, see "[AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-regex-generator).{% endif %} {% endif %} diff --git a/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md b/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md index 86a5216596ec..b312d0032199 100644 --- a/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md +++ b/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md @@ -33,19 +33,19 @@ If you believe that {% data variables.product.prodname_secret_scanning %} should This table lists the secrets supported by {% data variables.product.prodname_secret_scanning %}. You can see the types of alert that get generated for each token, as well as whether a validity check is performed on the token. -* **Provider**: Name of the token provider.{% ifversion fpt or ghec %} -* **Partner**: Token for which leaks are reported to the relevant token partner. Applies to public repositories only. -* **User**: Token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}.{% ifversion secret-scanning-non-provider-patterns %} +* **Provider:** Name of the token provider.{% ifversion fpt or ghec %} +* **Partner:** Token for which leaks are reported to the relevant token partner. Applies to public repositories only. +* **User:** Token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}.{% ifversion secret-scanning-non-provider-patterns %} * Applies to public repositories, and to private repositories where {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_secret_scanning %} are enabled. * Includes {% ifversion secret-scanning-alert-experimental-list %}default{% else %}high confidence{% endif %} tokens, which relate to supported patterns and specified custom patterns, as well as non-provider tokens such as private keys, which usually have a higher ratio of false positives. * For {% data variables.product.prodname_secret_scanning %} to scan for non-provider patterns, the detection of non-provider patterns must be enabled for the repository or the organization. For more information, see "[AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository)." {% data reusables.secret-scanning.non-provider-patterns-beta %}{% endif %}{% endif %}{% ifversion ghes %} -* **{% data variables.product.prodname_secret_scanning_caps %} alert**: Token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}.{% ifversion secret-scanning-non-provider-patterns %} +* **{% data variables.product.prodname_secret_scanning_caps %} alert:** Token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}.{% ifversion secret-scanning-non-provider-patterns %} * Applies to private repositories where {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_secret_scanning %} are enabled. * Includes {% ifversion secret-scanning-alert-experimental-list %}default{% else %}high confidence{% endif %} tokens, which relate to supported patterns and specified custom patterns, as well as non-provider tokens such as private keys, which often result in false positives.{% else %} Applies to private repositories where {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_secret_scanning %} enabled.{% endif %}{% endif %} -* **Push protection**: Token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}. Applies to repositories with {% data variables.product.prodname_secret_scanning %} and push protection enabled. +* **Push protection:** Token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}. Applies to repositories with {% data variables.product.prodname_secret_scanning %} and push protection enabled. -* **Validity check**: Token for which a validity check is implemented. {% ifversion secret-scanning-validity-check-partner-patterns %}For partner tokens, {% data variables.product.prodname_dotcom %} sends the token to the relevant partner. Note that not all partners are based in the United States. For more information, see "[{% data variables.product.prodname_advanced_security %}](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security)" in the Site Policy documentation.{% else %} {% ifversion ghes %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens.{% endif %} {% ifversion fpt %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens, and not shown in the table. For more information about validity check support see "[AUTOTITLE](/enterprise-cloud@latest/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}{% endif %} +* **Validity check:** Token for which a validity check is implemented. {% ifversion secret-scanning-validity-check-partner-patterns %}For partner tokens, {% data variables.product.prodname_dotcom %} sends the token to the relevant partner. Note that not all partners are based in the United States. For more information, see "[{% data variables.product.prodname_advanced_security %}](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security)" in the Site Policy documentation.{% else %} {% ifversion ghes %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens.{% endif %} {% ifversion fpt %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens, and not shown in the table. For more information about validity check support see "[AUTOTITLE](/enterprise-cloud@latest/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}{% endif %} {% ifversion secret-scanning-non-provider-patterns %} diff --git a/content/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program.md b/content/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program.md index dab2de9795b8..b8fc5f3468c3 100644 --- a/content/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program.md +++ b/content/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program.md @@ -82,10 +82,10 @@ Create a public, internet accessible HTTP endpoint at the URL you provided to us The message body is a JSON array that contains one or more objects, with each object representing a single secret match. Your endpoint should be able to handle requests with a large number of matches without timing out. The keys for each secret match are: -* **token**: The value of the secret match. -* **type**: The unique name you provided to identify your regular expression. -* **url**: The public URL where the match was found (may be empty) -* **source**: Where the token was found on {% data variables.product.prodname_dotcom %}. +* **token:** The value of the secret match. +* **type:** The unique name you provided to identify your regular expression. +* **url:** The public URL where the match was found (may be empty) +* **source:** Where the token was found on {% data variables.product.prodname_dotcom %}. The list of valid values for `source` are: diff --git a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-rest-api.md b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-rest-api.md index 2a81b932b264..7f79cf4bbc4b 100644 --- a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-rest-api.md +++ b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-rest-api.md @@ -24,7 +24,7 @@ If you make a request with these endpoints whose content includes a supported se To resolve the error, you can either: * **Remove** the secret from the content of your API request before trying again. -* **Create a push protection bypass**: You can bypass push protection using the "Create a push protection bypass" endpoint. For more information, see "[AUTOTITLE](/rest/secret-scanning/secret-scanning?apiVersion=2022-11-28#create-a-push-protection-bypass)." +* **Create a push protection bypass:** You can bypass push protection using the "Create a push protection bypass" endpoint. For more information, see "[AUTOTITLE](/rest/secret-scanning/secret-scanning?apiVersion=2022-11-28#create-a-push-protection-bypass)." ## Further reading diff --git a/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/best-practices-for-writing-repository-security-advisories.md b/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/best-practices-for-writing-repository-security-advisories.md index 1196a061794c..eaad4d26e089 100644 --- a/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/best-practices-for-writing-repository-security-advisories.md +++ b/content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/best-practices-for-writing-repository-security-advisories.md @@ -51,9 +51,9 @@ For more information about the {% data variables.product.prodname_advisory_datab ### Glossary -* **Vulnerable Version Range (VVR)**: the range of versions that are vulnerable to a particular software bug. -* **Operator**: any symbol that indicates the boundary of a vulnerable version range. -* **Open Source Vulnerability format (OSV)**: format that the {% data variables.product.prodname_advisory_database %} data strives to be compatible with. +* **Vulnerable Version Range (VVR):** the range of versions that are vulnerable to a particular software bug. +* **Operator:** any symbol that indicates the boundary of a vulnerable version range. +* **Open Source Vulnerability format (OSV):** format that the {% data variables.product.prodname_advisory_database %} data strives to be compatible with. ### Version syntax diff --git a/content/code-security/security-overview/viewing-security-insights.md b/content/code-security/security-overview/viewing-security-insights.md index 26e0f8035658..7c1280cd5e7d 100644 --- a/content/code-security/security-overview/viewing-security-insights.md +++ b/content/code-security/security-overview/viewing-security-insights.md @@ -34,9 +34,9 @@ You can view a variety of metrics about the security alerts in your organization {% ifversion security-overview-3-tab-dashboard %} The dashboard is divided into three tabs, each focused around a different security goal: -* **Detection**: this tab shows metrics about the status and age of alerts in your organization{% ifversion security-overview-dashboard-enterprise %} or enterprise{% endif %}, the secrets that have been blocked or bypassed, and the top repositories and vulnerabilities that pose the highest potential security risk. -* **Remediation**: this tab shows metrics about how alerts are resolved and alert activity over time. -* **Prevention**: this tab shows metrics about how vulnerabilities have been prevented and fixed. +* **Detection:** this tab shows metrics about the status and age of alerts in your organization{% ifversion security-overview-dashboard-enterprise %} or enterprise{% endif %}, the secrets that have been blocked or bypassed, and the top repositories and vulnerabilities that pose the highest potential security risk. +* **Remediation:** this tab shows metrics about how alerts are resolved and alert activity over time. +* **Prevention:** this tab shows metrics about how vulnerabilities have been prevented and fixed. >[!NOTE] > Unlike the **Detection** and **Remediation** tabs which report alerts on the default branch, the **Prevention** tab gives you insights for {% data variables.product.prodname_codeql %} alerts found in merged pull requests. diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md index a8ce6db98c20..e81bd205a4b3 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md @@ -139,31 +139,31 @@ For more information about {% data variables.product.prodname_dependabot_updates {% ifversion fpt or ghec %} Public repositories: -* **Dependency graph**: Enabled by default and cannot be disabled. -* **Dependency review**: Enabled by default and cannot be disabled. -* **{% data variables.product.prodname_dependabot_alerts %}**: Not enabled by default. {% data variables.product.prodname_dotcom %} detects insecure dependencies and displays information in the dependency graph, but does not generate {% data variables.product.prodname_dependabot_alerts %} by default. Repository owners or people with admin access can enable {% data variables.product.prodname_dependabot_alerts %}. +* **Dependency graph:** Enabled by default and cannot be disabled. +* **Dependency review:** Enabled by default and cannot be disabled. +* **{% data variables.product.prodname_dependabot_alerts %}:** Not enabled by default. {% data variables.product.prodname_dotcom %} detects insecure dependencies and displays information in the dependency graph, but does not generate {% data variables.product.prodname_dependabot_alerts %} by default. Repository owners or people with admin access can enable {% data variables.product.prodname_dependabot_alerts %}. You can also enable or disable Dependabot alerts for all repositories owned by your user account or organization. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-security-and-analysis-settings-for-your-personal-account)" or "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." Private repositories: -* **Dependency graph**: Not enabled by default. The feature can be enabled by repository administrators. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)." +* **Dependency graph:** Not enabled by default. The feature can be enabled by repository administrators. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)." {% ifversion fpt %} -* **Dependency review**: Available in private repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_advanced_security %}. For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review). +* **Dependency review:** Available in private repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_advanced_security %}. For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review). {% elsif ghec %} -* **Dependency review**: Available in private repositories owned by organizations provided you have a license for {% data variables.product.prodname_GH_advanced_security %} and the dependency graph enabled. For more information, see "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)" and "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)." +* **Dependency review:** Available in private repositories owned by organizations provided you have a license for {% data variables.product.prodname_GH_advanced_security %} and the dependency graph enabled. For more information, see "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)" and "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)." {% endif %} -* **{% data variables.product.prodname_dependabot_alerts %}**: Not enabled by default. Owners of private repositories, or people with admin access, can enable {% data variables.product.prodname_dependabot_alerts %} by enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} for their repositories. +* **{% data variables.product.prodname_dependabot_alerts %}:** Not enabled by default. Owners of private repositories, or people with admin access, can enable {% data variables.product.prodname_dependabot_alerts %} by enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} for their repositories. You can also enable or disable Dependabot alerts for all repositories owned by your user account or organization. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-security-and-analysis-settings-for-your-personal-account)" or "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." Any repository type: -* **{% data variables.product.prodname_dependabot_security_updates %}**: Not enabled by default. You can enable {% data variables.product.prodname_dependabot_security_updates %} for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For information about enabling security updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)." -* **{% data variables.product.prodname_dependabot_version_updates %}**: Not enabled by default. People with write permissions to a repository can enable {% data variables.product.prodname_dependabot_version_updates %}. For information about enabling version updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates)." +* **{% data variables.product.prodname_dependabot_security_updates %}:** Not enabled by default. You can enable {% data variables.product.prodname_dependabot_security_updates %} for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For information about enabling security updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)." +* **{% data variables.product.prodname_dependabot_version_updates %}:** Not enabled by default. People with write permissions to a repository can enable {% data variables.product.prodname_dependabot_version_updates %}. For information about enabling version updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates)." {% endif %} {% ifversion ghes %} -* **Dependency graph** and **{% data variables.product.prodname_dependabot_alerts %}**: Not enabled by default. Both features are configured at an enterprise level by the enterprise owner. For more information, see {% ifversion ghes %}"[AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise)" and {% endif %}"[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)." -* **Dependency review**: Available when dependency graph is enabled for your instance and {% data variables.product.prodname_advanced_security %} is enabled for the organization or repository. For more information, see "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)." +* **Dependency graph and {% data variables.product.prodname_dependabot_alerts %}:** Not enabled by default. Both features are configured at an enterprise level by the enterprise owner. For more information, see {% ifversion ghes %}"[AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise)" and {% endif %}"[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)." +* **Dependency review:** Available when dependency graph is enabled for your instance and {% data variables.product.prodname_advanced_security %} is enabled for the organization or repository. For more information, see "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)." {% endif %} {% ifversion ghes %} -* **{% data variables.product.prodname_dependabot_security_updates %}**: Not enabled by default. You can enable {% data variables.product.prodname_dependabot_security_updates %} for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For information about enabling security updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)." -* **{% data variables.product.prodname_dependabot_version_updates %}**: Not enabled by default. People with write permissions to a repository can enable {% data variables.product.prodname_dependabot_version_updates %}. For information about enabling version updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates)." +* **{% data variables.product.prodname_dependabot_security_updates %}:** Not enabled by default. You can enable {% data variables.product.prodname_dependabot_security_updates %} for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For information about enabling security updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)." +* **{% data variables.product.prodname_dependabot_version_updates %}:** Not enabled by default. People with write permissions to a repository can enable {% data variables.product.prodname_dependabot_version_updates %}. For information about enabling version updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates)." {% endif %} diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md index 951aadd6ca7d..73b98cc49411 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md @@ -28,7 +28,7 @@ The dependency graph doesn't automatically include "loose" dependencies. "Loose" However, you can use the {% data variables.dependency-submission-api.name %} to add dependencies to a project's dependency graph, even if the dependencies are not declared in a manifest or lock file, such as dependencies resolved when a project is built. {% data reusables.dependency-graph.dependency-submission-API-short %} For more information on the {% data variables.dependency-submission-api.name %}, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)." -**Check**: Is the missing dependency for a component that's not specified in the repository's manifest or lockfile? +**Check:** Is the missing dependency for a component that's not specified in the repository's manifest or lockfile? ## Does the dependency graph detect dependencies specified using variables? @@ -36,7 +36,7 @@ The dependency graph analyzes manifests as they’re pushed to {% data variables However, you can use the {% data variables.dependency-submission-api.name %} to add dependencies to a project's dependency graph, even if the dependencies are only resolved when a project is built. For more information on the {% data variables.dependency-submission-api.name %}, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)." -**Check**: Is the missing dependency declared in the manifest by using a variable for its name or version? +**Check:** Is the missing dependency declared in the manifest by using a variable for its name or version? ## Are there limits which affect the dependency graph data?