diff --git a/.github/workflows/azure-prod-build-deploy.yml b/.github/workflows/azure-prod-build-deploy.yml index d84551fb9cae..06da6426068b 100644 --- a/.github/workflows/azure-prod-build-deploy.yml +++ b/.github/workflows/azure-prod-build-deploy.yml @@ -119,7 +119,7 @@ jobs: - name: 'Apply updated docker-compose.prod.yaml config to canary slot' run: | - az webapp config container set --multicontainer-config-type COMPOSE --multicontainer-config-file docker-compose.prod.yaml --slot ${{ env.SLOT_NAME }} -n ${{ env.APP_SERVICE_NAME }} -g ${{ env.RESOURCE_GROUP_NAME }} + az webapp config container set --multicontainer-config-type COMPOSE --multicontainer-config-file docker-compose.prod.yaml --slot ${{ env.SLOT_NAME }} -n ${{ env.APP_SERVICE_NAME }} -g ${{ env.RESOURCE_GROUP_NAME }} --container-registry-url ${{ secrets.PROD_REGISTRY_SERVER }} --container-registry-user ${{ env.ACR_TOKEN_NAME }} --container-registry-password ${{ env.ACR_TOKEN_VALUE }} # Watch canary slot instances to see when all the instances are ready - name: Check that canary slot is ready diff --git a/content/admin/managing-iam/understanding-iam-for-enterprises/abilities-and-restrictions-of-managed-user-accounts.md b/content/admin/managing-iam/understanding-iam-for-enterprises/abilities-and-restrictions-of-managed-user-accounts.md index d4aaeafafdae..31b082828c4f 100644 --- a/content/admin/managing-iam/understanding-iam-for-enterprises/abilities-and-restrictions-of-managed-user-accounts.md +++ b/content/admin/managing-iam/understanding-iam-for-enterprises/abilities-and-restrictions-of-managed-user-accounts.md @@ -32,7 +32,7 @@ With {% data variables.product.prodname_emus %}, you can control the user accoun {% data variables.enterprise.prodname_managed_users_caps %}: -* Cannot install {% data variables.product.prodname_github_apps %} on their user accounts. +* Cannot install {% data variables.product.prodname_github_apps %} on their user accounts, unless the app is an internal app. See "[AUTOTITLE](/apps/using-github-apps/internal-github-apps)." * Can install {% data variables.product.prodname_github_apps %} on a repository if the app doesn't request organization permissions and if the {% data variables.enterprise.prodname_managed_user %} has admin access to the repository. * Can install {% data variables.product.prodname_github_apps %} on an organization if the {% data variables.enterprise.prodname_managed_user %} is an organization owner. * Can purchase and install paid {% data variables.product.prodname_github_apps %} only if the {% data variables.enterprise.prodname_managed_user %} is an enterprise owner. diff --git a/content/apps/using-github-apps/internal-github-apps.md b/content/apps/using-github-apps/internal-github-apps.md index 209eef54590a..9d5c14437cc3 100644 --- a/content/apps/using-github-apps/internal-github-apps.md +++ b/content/apps/using-github-apps/internal-github-apps.md @@ -10,7 +10,7 @@ shortTitle: Internal apps Some {% data variables.product.prodname_github_apps %} are internal apps. These apps are owned by {% data variables.product.company_short %} and are granted special capabilities. For example, users can authorize these apps and use them to access data from an organization without requiring approval by the organization. -Some of these internal apps are automatically included with {% data variables.product.company_short %} and do not require user authorization. These apps will not appear in your list of authorized {% data variables.product.prodname_github_apps %} or in your list of installed {% data variables.product.prodname_github_apps %}. +Some of these internal apps are automatically included with {% data variables.product.company_short %} and do not require user authorization. These apps will not appear in your list of authorized {% data variables.product.prodname_github_apps %} or in your list of installed {% data variables.product.prodname_github_apps %}.{% ifversion ghec %}{% data variables.product.prodname_emus %} are allowed to install these internal apps on their user account, while standard, unprivileged apps cannot be installed on {% data variables.product.prodname_emus %} user accounts.{% endif %} These internal apps will appear in the user security log, but will not appear in organization{% ifversion ghes or ghec %} or enterprise{% endif %} audit logs. {% ifversion ghes or ghec %}For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log)," "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization)", and "[AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise)."{% else %}For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log)" and "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization)."{% endif %} diff --git a/content/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription.md b/content/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription.md index e16e7c20a25c..e29aa29ac058 100644 --- a/content/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription.md +++ b/content/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription.md @@ -74,6 +74,8 @@ For example, you link your Azure subscription to your organization {% ifversion * Alternatively, before following the instructions in this article, users who are not able to provide tenant-wide admin consent can work with an Azure AD global administrator to configure an admin consent workflow. See [User and admin consent in Azure Active Directory](https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/user-admin-consent-overview#admin-consent-workflow) in Microsoft Docs. + >[!NOTE] If your tenant provides user consent settings, users included in those settings might not require admin consent to install {% data variables.product.company_short %}'s Subscription Permission Validation app. See [User consent](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/user-admin-consent-overview#user-consent) in Microsoft Docs. + * To select an Azure subscription from the list of available subscriptions, the user must be an owner of the Azure subscription. See [Assign a user as an administrator of an Azure subscription](https://learn.microsoft.com/azure/role-based-access-control/role-assignments-portal-subscription-admin) in Microsoft docs. * You must know your Azure subscription ID. See [Get subscription and tenant IDs in the Azure portal](https://learn.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id) in the Microsoft Docs or [contact Azure support](https://azure.microsoft.com/support/). diff --git a/content/code-security/secret-scanning/enabling-secret-scanning-features/index.md b/content/code-security/secret-scanning/enabling-secret-scanning-features/index.md index 8041ca6b4529..9a8b41397f84 100644 --- a/content/code-security/secret-scanning/enabling-secret-scanning-features/index.md +++ b/content/code-security/secret-scanning/enabling-secret-scanning-features/index.md @@ -1,6 +1,6 @@ --- title: Enabling secret scanning features -shortTitle: Enable secret scanning features +shortTitle: Enable features allowTitleToDifferFromFilename: true intro: 'Learn how to enable {% data variables.product.prodname_secret_scanning %} to detect secrets that are already visible in a repository, as well as push protection to proactively secure you against leaking additional secrets by blocking pushes containing secrets.' product: '{% data reusables.gated-features.secret-scanning %}' diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/index.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/index.md index 6dd0553b9b8c..8397f42bf3a5 100644 --- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/index.md +++ b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/index.md @@ -16,7 +16,7 @@ topics: - Advanced Security - Alerts - Repositories -shortTitle: Managing alerts +shortTitle: Manage alerts children: - /about-alerts - /viewing-alerts diff --git a/content/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/index.md b/content/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/index.md index 8cbdd7d96ba4..5144b122f615 100644 --- a/content/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/index.md +++ b/content/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/index.md @@ -1,6 +1,6 @@ --- title: Troubleshooting secret scanning and push protection -shortTitle: Troubleshoot secret scanning +shortTitle: Troubleshoot intro: 'If you have problems with {% data variables.product.prodname_secret_scanning %} or push protection, you can use these tips to help resolve issues.' product: '{% data reusables.gated-features.secret-scanning %}' versions: diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection.md index e63738b1921c..09dba6e19c7e 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection.md @@ -10,27 +10,33 @@ topics: - Advanced Security - Alerts - Repositories -shortTitle: Delegated bypass +shortTitle: About delegated bypass --- ## About delegated bypass for push protection {% data reusables.secret-scanning.push-protection-delegate-bypass-beta-note %} -{% data reusables.secret-scanning.push-protection-delegated-bypass-intro %} +By default, when push protection is enabled for a repository, anyone with write access can still push a secret to the repository, provided that they specify a reason for bypassing push protection. -When you enable push protection, by default, anyone with write access to the repository can choose to bypass the protection by specifying a reason for allowing the push containing a secret. With delegated bypass, only specific roles and teams can bypass push protection. All other contributors are instead obligated to make a request for "bypass privileges", which is sent to a designated group of reviewers who either approve or deny the request to bypass push protection. +With delegated bypass for push protection, you can: -If the request to bypass push protection is approved, the contributor can push the commit containing the secret. If the request is denied, the contributor must remove the secret from the commit (or commits) containing the secret before pushing again. +* **Choose** which individuals, roles, and teams can bypass push protection. +* Introduce a **review and approval** cycle for pushes containing secrets from all other contributors. -To configure delegated bypass, organization owners or repository administrators must change the "Who can bypass push protection for {% data variables.product.prodname_secret_scanning %}" setting in the UI from **Anyone with write access** to **Specific roles and teams**. +{% ifversion push-protection-delegated-bypass-file-upload-support %}Delegated bypass applies to files created, edited, and uploaded on {% data variables.product.prodname_dotcom %}.{% endif %} -Organization owners or repository administrators are then prompted to create a "bypass list". The bypass list comprises the specific roles and teams, such as the security team or repository administrators, who oversee requests from non-members to bypass push protection. For more information, see "[Configuring delegated bypass for an organization](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#configuring-delegated-bypass-for-an-organization)" and "[Configuring delegated bypass for a repository](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#configuring-delegated-bypass-for-a-repository)." +To set up delegated bypass, organization owners or repository administrators create a list of users with bypass privileges. This designated list of users can then: +* Bypass push protection, by specifying a reason for bypassing the block. +* Manage (approve or deny) bypass requests coming from all other contributors. These requests are located in the "Push protection bypass" page in the **Security** tab of the repository. -{% ifversion push-protection-bypass-fine-grained-permissions %} Alternatively, instead of creating a bypass list, you can grant specific organization members the ability to review and manage bypass requests using fine-grained permissions. For more information, see "[Using fine-grained permissions to control who can review and manage bypass requests](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#using-fine-grained-permissions-to-control-who-can-review-and-manage-bypass-requests)."{% endif %} +The following types of users can always bypass push protection without having to request bypass privileges: +* Organization owners +* Security managers +* Users in teams, default roles, or custom roles that have been added to the bypass list.{% ifversion push-protection-bypass-fine-grained-permissions %} +* Users who are assigned (either directly or via a team) a custom role with the "review and manage secret scanning bypass requests" fine-grained permission.{% endif %} -Members {% ifversion push-protection-bypass-fine-grained-permissions %}with permission to review (approve or deny) bypass requests can manage these {% else %}of the bypass list can review and manage {% endif %}requests through the "Push protection bypass" page in the **Security** tab of the repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection)." +## Next steps -{% data reusables.secret-scanning.push-protection-delegated-bypass-note %} - -For information about enabling delegated bypass, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection)." +* "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection)" +* "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection)" diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/index.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/index.md index 6546c4d8f392..8736fdd06d6d 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/index.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/index.md @@ -6,7 +6,7 @@ intro: 'You can control the ability to bypass push protection by setting up a re product: '{% data reusables.gated-features.secret-scanning %}' versions: fpt: '*' - ghes: '*' + ghes: '>=3.14' ghec: '*' topics: - Secret scanning diff --git a/content/code-security/security-overview/about-security-overview.md b/content/code-security/security-overview/about-security-overview.md index e20c9ff27145..cea74e023434 100644 --- a/content/code-security/security-overview/about-security-overview.md +++ b/content/code-security/security-overview/about-security-overview.md @@ -1,7 +1,6 @@ --- title: About security overview intro: 'You can gain insights into the overall security landscape of your organization or enterprise and identify repositories that require intervention using security overview.' -permissions: '{% data reusables.security-overview.permissions %}' product: '{% data reusables.gated-features.security-overview %}' redirect_from: - /code-security/security-overview/exploring-security-alerts diff --git a/content/code-security/security-overview/assessing-adoption-code-security.md b/content/code-security/security-overview/assessing-adoption-code-security.md index 944c6183c1cf..c475b80effc5 100644 --- a/content/code-security/security-overview/assessing-adoption-code-security.md +++ b/content/code-security/security-overview/assessing-adoption-code-security.md @@ -3,8 +3,7 @@ title: Assessing adoption of code security features shortTitle: Assess adoption of features allowTitleToDifferFromFilename: true intro: 'You can use security overview to see which teams and repositories have already enabled code security features, and identify any that are not yet protected.' -permissions: '{% data reusables.security-overview.permissions %}' -product: '{% data reusables.gated-features.security-overview %}' +permissions: '{% data reusables.permissions.security-overview %}' type: how_to topics: - Security overview @@ -22,7 +21,7 @@ versions: You can use security overview to see which repositories and teams have already enabled each code security feature, and where people need more encouragement to adopt these features. The "Security coverage" view shows a summary and detailed information on feature enablement for an organization. You can filter the view to show a subset of repositories using the "enabled" and "not enabled" links, the "Teams" dropdown menu, and a search field in the page header. -![Screenshot of the header section of the "Security coverage" view on the "Security" tab for an organization. The options for filtering are outlined in dark orange, including "enabled" and "not enabled" links, "Teams" selector, and search field.](/assets/images/help/security-overview/security-coverage-view-summary.png) +![Screenshot of the header section of the "Security coverage" view on the "Security" tab for an organization.](/assets/images/help/security-overview/security-coverage-view-summary.png) >[!NOTE] "Pull request alerts" are reported as enabled only when {% data variables.product.prodname_code_scanning %} has analyzed at least one pull request since alerts were enabled for the repository. @@ -38,18 +37,14 @@ You can use the "Enablement trends" view to see enablement status and enablement ## Viewing the enablement of code security features for an organization -You can view data to assess the enablement of code security features across organizations in an enterprise. {% data reusables.security-overview.information-varies-GHAS %} - -{% ifversion dependabot-updates-paused-enterprise-orgs %} - -In the list of repositories, the "Paused" label under "{% data variables.product.prodname_dependabot %}" indicates repositories for which {% data variables.product.prodname_dependabot_updates %} are paused. For information about inactivity criteria, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates)" and "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates)," for security and version updates, respectively.{% endif %} +You can view data to assess the enablement of code security features across repositories in an organization. {% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.security-overview %} 1. To display the "Security coverage" view, in the sidebar, click **{% octicon "meter" aria-hidden="true" %} Coverage**. {% data reusables.code-scanning.using-security-overview-coverage %} - ![Screenshot of the header section of the "Security coverage" view on the "Security" tab for an organization. The options for filtering are outlined in dark orange, including "enabled" and "not enabled" links, "Teams" selector, archived repositories, and search field.](/assets/images/help/security-overview/security-coverage-view-highlights.png) + ![Screenshot of the "Security coverage" view. The options for filtering are outlined in dark orange.](/assets/images/help/security-overview/security-coverage-view-highlights.png) {% ifversion pre-security-configurations %} 1. Optionally, click **{% octicon "gear" aria-hidden="true" %} Security settings** to enable code security features for a repository and click **Save security settings** to confirm the changes. If a feature is not shown, it has more complex configuration requirements and you need to use the repository settings dialog. For more information, see "[AUTOTITLE](/code-security/getting-started/securing-your-repository)." @@ -59,24 +54,26 @@ In the list of repositories, the "Paused" label under "{% data variables.product {% endif %} -{% ifversion security-overview-org-risk-coverage-enterprise %} +{% ifversion dependabot-updates-paused-enterprise-orgs %} + +In the list of repositories, a "Paused" label under "{% data variables.product.prodname_dependabot %}" indicates repositories for which {% data variables.product.prodname_dependabot_updates %} are paused. For information about inactivity criteria, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates)" and "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates)," for security and version updates, respectively.{% endif %} ## Viewing the enablement of code security features for an enterprise -You can view data to assess the enablement of code security features across organizations in an enterprise. {% data reusables.security-overview.information-varies-GHAS %} - -In the enterprise-level view, you can view data about the enablement of features, but you cannot enable or disable features. For more information about enabling features, see {% ifversion security-configurations %}"[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization){% else %}"[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories){% endif %}." +You can view data to assess the enablement of code security features across organizations in an enterprise. -{% data reusables.security-overview.enterprise-filters-tip %} +{% ifversion pre-security-configurations %} +In the enterprise-level view, you can view data about the enablement of features, but you cannot enable or disable features. +{% endif %} {% data reusables.enterprise-accounts.access-enterprise-on-dotcom %} {% data reusables.code-scanning.click-code-security-enterprise %} 1. To display the "Security coverage" view, in the sidebar, click **Coverage**. {% data reusables.code-scanning.using-security-overview-coverage %} - ![Screenshot of the header section of the "Security coverage" view for an enterprise. The options for filtering are outlined in dark orange, including "enabled" and "not enabled" links, "Teams" selector, archived repositories, and search field.](/assets/images/help/security-overview/security-coverage-view-highlights-enterprise.png) + ![Screenshot of the header section of the "Security coverage" view. The options for filtering are outlined in dark orange.](/assets/images/help/security-overview/security-coverage-view-highlights-enterprise.png) -{% endif %} +{% data reusables.security-overview.enterprise-filters-tip %} {% ifversion security-overview-tool-adoption %} @@ -114,8 +111,6 @@ You can view data to assess the enablement status and enablement status trends o You can view data to assess the enablement status and enablement status trends of code security features across organizations in an enterprise. ->[!TIP] You can use the `owner:` filter in the search field to filter the data by organization. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)." - {% data reusables.enterprise-accounts.access-enterprise-on-dotcom %} {% data reusables.code-scanning.click-code-security-enterprise %} 1. To display the "Enablement trends" view, in the sidebar, click **Enablement trends**. @@ -124,6 +119,8 @@ You can view data to assess the enablement status and enablement status trends o * Use the date picker to set the time range that you want to view enablement trends for. * Click in the search box to add further filters on the enablement trends displayed. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)." +>[!TIP] You can use the `owner:` filter in the search field to filter the data by organization. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)." + {% endif %} ## Interpreting and acting on the enablement data diff --git a/content/code-security/security-overview/assessing-code-security-risk.md b/content/code-security/security-overview/assessing-code-security-risk.md index 47a463d00070..92ce508626fe 100644 --- a/content/code-security/security-overview/assessing-code-security-risk.md +++ b/content/code-security/security-overview/assessing-code-security-risk.md @@ -3,8 +3,7 @@ title: Assessing your code security risk shortTitle: Assess security risk to code allowTitleToDifferFromFilename: true intro: 'You can use security overview to see which teams and repositories are affected by security alerts, and identify repositories for urgent remedial action.' -permissions: '{% data reusables.security-overview.permissions %}' -product: '{% data reusables.gated-features.security-overview %}' +permissions: '{% data reusables.permissions.security-overview %}' type: how_to topics: - Security overview @@ -41,8 +40,6 @@ For information about the **Overview**, see "[AUTOTITLE](/code-security/security ## Viewing organization-level code security risks -{% data reusables.security-overview.information-varies-GHAS %} - {% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.security-overview %} {% data reusables.security-overview.open-security-risk-view %} @@ -59,7 +56,7 @@ For information about the **Overview**, see "[AUTOTITLE](/code-security/security ## Viewing enterprise-level code security risks -You can view data for security alerts across organizations in an enterprise. {% data reusables.security-overview.information-varies-GHAS %} +You can view data for security alerts across organizations in an enterprise. {% data reusables.security-overview.enterprise-filters-tip %} diff --git a/content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md b/content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md index 9dd03190d3d1..92a30a235aed 100644 --- a/content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md +++ b/content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md @@ -2,8 +2,7 @@ title: Enabling security features for multiple repositories shortTitle: Enable security features intro: You can use security overview to select a subset of repositories and enable security features for them all. -permissions: '{% data reusables.security-overview.permissions %}' -product: '{% data reusables.gated-features.security-overview %}' +permissions: '{% data reusables.permissions.security-org-enable %}' allowTitleToDifferFromFilename: true versions: feature: security-configurations-beta-and-pre-beta diff --git a/content/code-security/security-overview/exporting-data-from-security-overview.md b/content/code-security/security-overview/exporting-data-from-security-overview.md index 7b977bcc8bfa..996a7329f025 100644 --- a/content/code-security/security-overview/exporting-data-from-security-overview.md +++ b/content/code-security/security-overview/exporting-data-from-security-overview.md @@ -2,8 +2,7 @@ title: Exporting data from security overview shortTitle: Export data intro: You can export CSV files of your organization's{% ifversion security-overview-export-dashboard-data %} overview,{% endif %} risk and coverage data from security overview. -permissions: '{% data reusables.security-overview.permissions %}' -product: '{% data reusables.gated-features.security-overview %}' +permissions: '{% data reusables.permissions.security-overview %}' versions: feature: security-overview-export-data type: how_to diff --git a/content/code-security/security-overview/filtering-alerts-in-security-overview.md b/content/code-security/security-overview/filtering-alerts-in-security-overview.md index 7b24d4e06cb5..391fec24a8fa 100644 --- a/content/code-security/security-overview/filtering-alerts-in-security-overview.md +++ b/content/code-security/security-overview/filtering-alerts-in-security-overview.md @@ -1,8 +1,7 @@ --- title: Filtering alerts in security overview intro: Use filters to view specific categories of alerts -permissions: '{% data reusables.security-overview.permissions %}' -product: '{% data reusables.gated-features.security-overview %}' +permissions: '{% data reusables.permissions.security-overview %}' allowTitleToDifferFromFilename: true versions: ghes: '*' diff --git a/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md b/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md index 78d33e46af1c..87f7aaade665 100644 --- a/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md +++ b/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md @@ -2,8 +2,7 @@ title: Reviewing requests to bypass push protection shortTitle: Review bypass requests intro: 'You can use security overview to review requests to bypass push protection from contributors pushing to repositories across your organization.' -permissions: '{% data reusables.security-overview.permissions %}' -product: '{% data reusables.gated-features.security-overview %}' +permissions: '{% data reusables.permissions.security-overview %}' type: how_to topics: - Security overview diff --git a/content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md b/content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md index f03999e92cab..041b03424482 100644 --- a/content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md +++ b/content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md @@ -3,8 +3,7 @@ title: Viewing metrics for pull request alerts shortTitle: View PR alert metrics allowTitleToDifferFromFilename: true intro: 'You can use security overview to see how {% data variables.product.prodname_codeql %} is performing in pull requests for repositories across your organization, and to identify repositories where you may need to take action.' -permissions: '{% data reusables.security-overview.permissions %}' -product: '{% data reusables.gated-features.security-overview %}' +permissions: '{% data reusables.permissions.security-overview %}' type: how_to topics: - Security overview diff --git a/content/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection.md b/content/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection.md index 0e7786b87e1d..5fbaf4fad0f9 100644 --- a/content/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection.md +++ b/content/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection.md @@ -3,8 +3,7 @@ title: Viewing metrics for secret scanning push protection shortTitle: View secret scanning metrics allowTitleToDifferFromFilename: true intro: 'You can use security overview to see how {% data variables.product.prodname_secret_scanning %} push protection is performing in repositories across your organization{% ifversion security-overview-enterprise-secret-scanning-metrics %} or enterprise{% endif %}, and to identify repositories where you may need to take action.' -permissions: '{% data reusables.security-overview.permissions %}' -product: '{% data reusables.gated-features.security-overview %}' +permissions: '{% data reusables.permissions.security-overview %}' type: how_to redirect_from: - /code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection-in-your-organization diff --git a/content/code-security/security-overview/viewing-security-insights.md b/content/code-security/security-overview/viewing-security-insights.md index 31225a10139d..dbcadacf9f44 100644 --- a/content/code-security/security-overview/viewing-security-insights.md +++ b/content/code-security/security-overview/viewing-security-insights.md @@ -2,8 +2,7 @@ title: Viewing security insights shortTitle: View security insights intro: 'You can use the overview dashboard in security overview to monitor the security landscape of the repositories in your organization{% ifversion security-overview-dashboard-enterprise %} or enterprise{% endif %}.' -permissions: '{% data reusables.security-overview.permissions %}' -product: '{% data reusables.gated-features.security-overview %}' +permissions: '{% data reusables.permissions.security-overview %}' versions: feature: security-overview-dashboard type: how_to @@ -76,13 +75,13 @@ Keep in mind that the overview page tracks changes over time for security alert ## Viewing the security overview dashboard for your enterprise -{% data reusables.security-overview.enterprise-filters-tip %} - {% data reusables.enterprise-accounts.access-enterprise-on-dotcom %} {% data reusables.code-scanning.click-code-security-enterprise %}{% ifversion security-overview-3-tab-dashboard %} 1. By default, the **Detection** tab is displayed. If you want to switch to another tab to see other metrics, click **Remediation** or **Prevention**.{% endif %} {% data reusables.security-overview.filter-and-toggle %} +{% data reusables.security-overview.enterprise-filters-tip %} + {% endif %} ## Understanding the overview dashboard diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/indexing-repositories-for-copilot-chat.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/indexing-repositories-for-copilot-chat.md index 0269b8e41181..ce37a578fb94 100644 --- a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/indexing-repositories-for-copilot-chat.md +++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/indexing-repositories-for-copilot-chat.md @@ -16,7 +16,7 @@ redirect_from: {% data variables.product.prodname_copilot %}'s ability to answer natural language questions, in the context of a {% data variables.product.prodname_dotcom %} repository, is improved when the repository has been indexed for semantic code search. -Indexing repositories is not a requirement and will not affect responses to questions about information in knowledge bases, pull requests, issues, discussions, or commits. However, indexing can help {% data variables.product.prodname_copilot_chat_short %} answer questions that relate directly to the code within a repository. +Indexing repositories is not a requirement and will not affect responses to questions about information in pull requests, issues, discussions, or commits. However, indexing can help {% data variables.product.prodname_copilot_chat_short %} answer questions that relate directly to the code within a repository. The indexing status of a repository is displayed on {% data variables.product.github %} when you start a conversation that has a repository context. You can index the repository if it has not been indexed yet. diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/managing-copilot-knowledge-bases.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/managing-copilot-knowledge-bases.md index dc722a38d8f4..dcf6097d91df 100644 --- a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/managing-copilot-knowledge-bases.md +++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/managing-copilot-knowledge-bases.md @@ -40,11 +40,11 @@ Knowledge bases you create will be accessible by all organization members with a {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} -1. In the left sidebar, click **{% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %}** then click **Customize**. -1. To the right of "Knowledge", click **Add knowledge base**. +1. In the left sidebar, click **{% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %}** then click **Knowledge bases**. +1. To the right of "Knowledge bases", click **New knowledge base**. 1. In the "Name" field, enter a unique name for the knowledge base. Optionally, in the "Description" field, you can add a description for the knowledge base. - ![Screenshot of the "Add knowledge base" page.](/assets/images/help/copilot/copilot-create-knowledge-base-page.png) + ![Screenshot of the "New knowledge base" page.](/assets/images/help/copilot/copilot-create-knowledge-base-page.png) 1. Under "Content", to see a full list of available repositories, click **Select repositories**. @@ -54,7 +54,7 @@ Knowledge bases you create will be accessible by all organization members with a ![Screenshot of the "Select repositories" page.](/assets/images/help/copilot/copilot-select-repositories-page.png) -1. Optionally, you can define which paths within the selected repositories to index. +1. Optionally, you can specify particular paths within the selected repositories for searches. When a search is conducted using the knowledge base, only the files located in those designated paths will be included in the results. For more information on specifying repository paths, see "[AUTOTITLE](/search-github/github-code-search/understanding-github-code-search-syntax#path-qualifier)" * Click **Edit file paths**. @@ -71,7 +71,7 @@ Organization owners can update a knowledge base created in their organization. {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} -1. In the left sidebar, click **{% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %}** then click **Customize**. +1. In the left sidebar, click **{% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %}** then click **Knowledge bases**. 1. To the right of the knowledge base you want to edit, click {% octicon "pencil" aria-label="The pencil symbol" %}. 1. Make your desired changes to your knowledge base. 1. Click **Update knowledge base**. @@ -83,6 +83,10 @@ Organization owners can delete a knowledge base created in their organization. {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} -1. In the left sidebar, click **{% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %}** then click **Customize**. +1. In the left sidebar, click **{% octicon "copilot" aria-hidden="true" %} {% data variables.product.prodname_copilot_short %}** then click **Knowledge bases**. 1. To the right of the knowledge base you want to delete, click {% octicon "trash" aria-label="The trash symbol" %}. 1. In the "Confirm deletion" dialog box, review the information and click **Delete**. + +## Indexing repositories within a knowledge base + +For more information about indexing, see "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/customizing-copilot-for-your-organization/indexing-repositories-for-copilot-chat)" diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/excluding-content-from-github-copilot.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/excluding-content-from-github-copilot.md index a840adb44601..d2cda32f49ad 100644 --- a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/excluding-content-from-github-copilot.md +++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/excluding-content-from-github-copilot.md @@ -181,7 +181,14 @@ git@gitlab.com:gitlab-org/gitlab-runner.git: As an enterprise owner, you can use the enterprise settings to specify files that {% data variables.product.prodname_copilot %} should ignore. The files can be within a Git repository or anywhere on the file system that is not under Git control. -You apply rules in the same way as described in the previous section "[Configuring content exclusions for your organization](#configuring-content-exclusions-for-your-organization)" but from the settings for your enterprise. The key difference is that rules set at the enterprise level apply to all {% data variables.product.prodname_copilot_short %} users in the enterprise, whereas the rules set by organization owners only apply to users who are assigned a {% data variables.product.prodname_copilot_short %} seat by that organization. +{% data reusables.enterprise-accounts.access-enterprise %} +{% data reusables.enterprise-accounts.policies-tab %} +{% data reusables.enterprise-accounts.copilot-tab %} +1. Click the **Content exclusion** tab. +1. Use paths to specify which content to exclude. See the previous section, "[Configuring content exclusions for your organization](#configuring-content-exclusions-for-your-organization)." + +> [!NOTE] +> The key difference between setting content exclusion at the enterprise level and the organization level is that rules set at the enterprise level apply to all {% data variables.product.prodname_copilot_short %} users in the enterprise, whereas the rules set by organization owners only apply to users who are assigned a {% data variables.product.prodname_copilot_short %} seat by that organization. {% endif %} diff --git a/content/get-started/using-github/github-mobile.md b/content/get-started/using-github/github-mobile.md index ddc373c6392d..b94f8c5b1c3e 100644 --- a/content/get-started/using-github/github-mobile.md +++ b/content/get-started/using-github/github-mobile.md @@ -1,6 +1,7 @@ --- title: GitHub Mobile intro: 'Triage, collaborate, and manage your work on {% data variables.product.product_name %} from your mobile device.' +shortTitle: GitHub Mobile versions: fpt: '*' ghes: '*' diff --git a/content/index.md b/content/index.md index f07db6050ed3..7cfdb8d58185 100644 --- a/content/index.md +++ b/content/index.md @@ -100,7 +100,14 @@ childGroups: - repositories - pull-requests - discussions + - name: GitHub Copilot + octicon: CopilotIcon + children: - copilot + - copilot/using-github-copilot/getting-code-suggestions-in-your-ide-with-github-copilot + - copilot/using-github-copilot/prompt-engineering-for-github-copilot + - copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom + - copilot/using-github-copilot/example-use-cases/refactoring-code-with-github-copilot - name: CI/CD and DevOps octicon: GearIcon children: @@ -120,6 +127,7 @@ childGroups: octicon: DeviceMobileIcon children: - github-cli + - get-started/using-github/github-mobile - desktop - name: Project management octicon: ProjectIcon @@ -134,12 +142,15 @@ childGroups: - rest - graphql - webhooks + - copilot/building-copilot-extensions - github-models - name: Enterprise and Teams octicon: OrganizationIcon children: - organizations + - code-security/securing-your-organization - admin + - gh-wa - name: Community octicon: GlobeIcon children: @@ -151,8 +162,8 @@ childGroups: - name: More docs octicon: PencilIcon children: - - electron - codeql + - electron - npm externalProducts: electron: @@ -162,7 +173,7 @@ externalProducts: external: true codeql: id: codeql - name: CodeQL + name: CodeQL query writing href: 'https://codeql.github.com/docs' external: true npm: @@ -170,4 +181,9 @@ externalProducts: name: npm href: 'https://docs.npmjs.com/' external: true + gh-wa: + id: gh-wa + name: GitHub Well-Architected + href: 'https://wellarchitected.github.com/' + external: true --- diff --git a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-repositories-from-github-enterprise-server-to-github-enterprise-cloud.md b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-repositories-from-github-enterprise-server-to-github-enterprise-cloud.md index 39a0599b5486..4d6f01e7c22e 100644 --- a/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-repositories-from-github-enterprise-server-to-github-enterprise-cloud.md +++ b/content/migrations/using-github-enterprise-importer/migrating-between-github-products/migrating-repositories-from-github-enterprise-server-to-github-enterprise-cloud.md @@ -449,8 +449,8 @@ If you're migrating from {% data variables.product.prodname_ghe_server %} 3.7 or {% data reusables.enterprise-migration-tool.azure-storage-connection-key %} * For AWS S3, set the following environment variables. - * `AWS_ACCESS_KEY`: The access key for your bucket - * `AWS_SECRET_KEY`: The secret key for your bucket + * `AWS_ACCESS_KEY_ID`: The access key id for your bucket + * `AWS_SECRET_ACCESS_KEY`: The secret key for your bucket * `AWS_REGION`: The AWS region where your bucket is located * `AWS_SESSION_TOKEN`: The session token, if you're using AWS temporary credentials (see [Using temporary credentials with AWS resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html) in the AWS documentation) diff --git a/content/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/migrating-repositories-from-bitbucket-server-to-github-enterprise-cloud.md b/content/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/migrating-repositories-from-bitbucket-server-to-github-enterprise-cloud.md index 62ee2417628b..52acf50aa145 100644 --- a/content/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/migrating-repositories-from-bitbucket-server-to-github-enterprise-cloud.md +++ b/content/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/migrating-repositories-from-bitbucket-server-to-github-enterprise-cloud.md @@ -278,8 +278,8 @@ To migrate your repositories, run the generated script. Before running the script, you must set additional environment variables to authenticate to your blob storage provider. * For AWS S3, set the following environment variables. - * `AWS_ACCESS_KEY`: The access key for your bucket - * `AWS_SECRET_KEY`: The secret key for your bucket + * `AWS_ACCESS_KEY_ID`: The access key id for your bucket + * `AWS_SECRET_ACCESS_KEY`: The secret key for your bucket * `AWS_REGION`: The AWS region where your bucket is located * `AWS_SESSION_TOKEN`: The session token, if you're using AWS temporary credentials (see [Using temporary credentials with AWS resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html) in the AWS documentation) * For Azure Blob Storage, set `AZURE_STORAGE_CONNECTION_STRING` to the connection string for your Azure storage account. diff --git a/data/release-notes/enterprise-server/3-13/0.yml b/data/release-notes/enterprise-server/3-13/0.yml index 9e61b5e3bb48..a2ffba974f15 100644 --- a/data/release-notes/enterprise-server/3-13/0.yml +++ b/data/release-notes/enterprise-server/3-13/0.yml @@ -185,6 +185,8 @@ sections: Memory utilization may increase after the upgrade. During periods of high traffic, interruptions in service may occur due to insufficient memory allocations for internal components. - | Following an upgrade, Elasticsearch search migrations are sometimes incorrectly reported as failing in the audit log, even though the migrations completed successfully. [Updated: 2024-08-02] + - | + Images embedded in wiki pages may stop rendering shortly after being published. [Updated: 2024-10-16] deprecations: # https://github.com/github/releases/issues/2732 diff --git a/data/release-notes/enterprise-server/3-13/2.yml b/data/release-notes/enterprise-server/3-13/2.yml index 68bb53c9cc1f..2709cd53e56b 100644 --- a/data/release-notes/enterprise-server/3-13/2.yml +++ b/data/release-notes/enterprise-server/3-13/2.yml @@ -169,3 +169,5 @@ sections: If a hotpatch upgrade requires the `haproxy-frontend` service to be restarted, the restart will hang if there are existing long-lived connections, such as browser web sockets or Git operations. No new connections will be accepted for up to 5 minutes. Any existing unfinished connections at this time will be disconnected. - | Following an upgrade, Elasticsearch search migrations are sometimes incorrectly reported as failing in the audit log, even though the migrations completed successfully. [Updated: 2024-08-02] + - | + Images embedded in wiki pages may stop rendering shortly after being published. [Updated: 2024-10-16] diff --git a/data/release-notes/enterprise-server/3-14/0.yml b/data/release-notes/enterprise-server/3-14/0.yml index 88083677c9be..aebcfe34f7a9 100644 --- a/data/release-notes/enterprise-server/3-14/0.yml +++ b/data/release-notes/enterprise-server/3-14/0.yml @@ -220,6 +220,8 @@ sections: When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded. - | Following an upgrade, Elasticsearch search migrations are sometimes incorrectly reported as failing in the audit log, even though the migrations completed successfully. [Updated: 2024-09-27] + - | + Images embedded in wiki pages may stop rendering shortly after being published. [Updated: 2024-10-16] deprecations: - | @@ -230,4 +232,4 @@ sections: These release notes previously indicated as a known issue that on GitHub Enterprise Server 3.14.0 when log forwarding is enabled, some forwarded log entries may be duplicated. The fix for this problem was already included prior to the release of GitHub Enterprise Server 3.14.0. [Updated: 2024-09-16] - | - These release notes did not include a note for support of the `directories` key in `dependabot.yml` files. [Updated: 2024-10-07] \ No newline at end of file + These release notes did not include a note for support of the `directories` key in `dependabot.yml` files. [Updated: 2024-10-07] diff --git a/data/release-notes/enterprise-server/3-14/1.yml b/data/release-notes/enterprise-server/3-14/1.yml index 6d07e8a84b91..70c5bda5781a 100644 --- a/data/release-notes/enterprise-server/3-14/1.yml +++ b/data/release-notes/enterprise-server/3-14/1.yml @@ -72,3 +72,5 @@ sections: When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. - | Services may respond with a `503` status due to an out of date `haproxy` configuration. This can usually be resolved with a `ghe-config-apply` run. + - | + Images embedded in wiki pages may stop rendering shortly after being published. [Updated: 2024-10-16] diff --git a/data/release-notes/enterprise-server/3-14/2.yml b/data/release-notes/enterprise-server/3-14/2.yml index e569ef47c4ec..cd75c747023d 100644 --- a/data/release-notes/enterprise-server/3-14/2.yml +++ b/data/release-notes/enterprise-server/3-14/2.yml @@ -76,3 +76,5 @@ sections: When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. - | Services may respond with a `503` status due to an out of date `haproxy` configuration. This can usually be resolved with a `ghe-config-apply` run. + - | + Images embedded in wiki pages may stop rendering shortly after being published. [Updated: 2024-10-16] diff --git a/data/reusables/codespaces/workspaces-directory.md b/data/reusables/codespaces/workspaces-directory.md index 53f100e79da4..081c21fcf880 100644 --- a/data/reusables/codespaces/workspaces-directory.md +++ b/data/reusables/codespaces/workspaces-directory.md @@ -1,5 +1,5 @@ When you create a codespace, your repository is cloned into the `/workspaces` directory in your codespace. This is a persistent directory that is mounted into the container. Any changes you make inside this directory, including editing, adding, or deleting files, are preserved when you stop and start the codespace, and when you rebuild the container in the codespace. -Outside the `/workspaces` directory, your codespace contains a Linux directory structure that varies depending on the dev container image used to build your codespace. You can add files or make changes to files outside the `/workspaces` directory: for example, you can install new programs, or you can set up your shell configuration in a file such as `~/.bashrc`. As a non-root user, you may not automatically have write access to certain directories, but most images allow root access to these directories with the `sudo` command. +Outside the `/workspaces` directory, your codespace contains a Linux directory structure that varies depending on the dev container image used to build your codespace. You can add files or make changes to files outside the `/workspaces` directory. For example, you can install new programs, or you can set up your shell configuration in a file such as `~/.bashrc`. As a non-root user, you may not automatically have write access to certain directories, but most images allow root access to these directories with the `sudo` command. Outside `/workspaces`, with the exception of the `/tmp` directory, the directories in a codespace are tied to the lifecycle of the container. This means any changes you make are preserved when you stop and start your codespace, but are not preserved when you rebuild the container. diff --git a/data/reusables/gated-features/security-overview.md b/data/reusables/gated-features/security-overview.md index c4f4109a29a8..df0121b48c97 100644 --- a/data/reusables/gated-features/security-overview.md +++ b/data/reusables/gated-features/security-overview.md @@ -1,5 +1,7 @@ {% ifversion fpt %} -Security overview is available for organizations that use {% data variables.product.prodname_enterprise %}. For more information, see "[AUTOTITLE](/get-started/learning-about-github/githubs-plans)." -{% elsif security-overview-displayed-alerts %} -All enterprises and their organizations have a security overview. If you use {% data variables.product.prodname_GH_advanced_security %} features{% ifversion ghec %}, which are free for public repositories,{% endif %} you will see additional information. {% data reusables.advanced-security.more-info-ghas %} +Organizations that use {% data variables.product.prodname_enterprise %} +{% elsif ghec %} +Enterprises and their organizations +{% elsif ghes %} +Organizations {% endif %} diff --git a/data/reusables/permissions/security-overview.md b/data/reusables/permissions/security-overview.md new file mode 100644 index 000000000000..6aefa0841259 --- /dev/null +++ b/data/reusables/permissions/security-overview.md @@ -0,0 +1,3 @@ +Access requires: +* Organization views: **write** access to repositories in the organization +* Enterprise views: organization owners and security managers diff --git a/data/reusables/repositories/actions-workflow-status-badge-intro.md b/data/reusables/repositories/actions-workflow-status-badge-intro.md index d0b94f92bc91..989985cfe755 100644 --- a/data/reusables/repositories/actions-workflow-status-badge-intro.md +++ b/data/reusables/repositories/actions-workflow-status-badge-intro.md @@ -1,3 +1,3 @@ -A status badge shows whether a workflow is currently failing or passing. A common place to add a status badge is in the `README.md` file of your repository, but you can add it to any web page you'd like. By default, badges display the status of your default branch. You can also display the status of a workflow run for a specific branch or event using the `branch` and `event` query parameters in the URL. +A status badge shows whether a workflow is currently failing or passing. A common place to add a status badge is in the `README.md` file of your repository, but you can add it to any web page you'd like. By default, badges display the status of your default branch. If there are no workflow runs on your default branch, it will display the status of the most recent run across all branches. You can display the status of a workflow run for a specific branch or event using the `branch` and `event` query parameters in the URL. ![Screenshot of a workflow status badge. The left side contains the octocat logo and "GitHub Actions Demo", the name of the workflow. The right half is green with the text "passing."](/assets/images/help/repository/actions-workflow-status-badge.png) diff --git a/data/reusables/secret-scanning/what-is-scanned.md b/data/reusables/secret-scanning/what-is-scanned.md index 57d883051026..2ea2839fcd47 100644 --- a/data/reusables/secret-scanning/what-is-scanned.md +++ b/data/reusables/secret-scanning/what-is-scanned.md @@ -7,7 +7,7 @@ Additionally, {% data variables.product.prodname_secret_scanning %} scans:{% ifv * Titles, descriptions, and comments in {% data variables.product.prodname_discussions %}{% endif %}{% ifversion secret-scanning-enhancements-wikis %} * Wikis{% endif %} -{% ifversion fpt or ghec %} +{% ifversion ghec %} This additional scanning is free for public repositories. {% endif %} diff --git a/data/reusables/security-overview/information-varies-GHAS.md b/data/reusables/security-overview/information-varies-GHAS.md index 28a17ce878c2..b9d2d67fe56d 100644 --- a/data/reusables/security-overview/information-varies-GHAS.md +++ b/data/reusables/security-overview/information-varies-GHAS.md @@ -1 +1 @@ -The information shown by security overview varies according to your access to repositories{% ifversion security-overview-org-risk-coverage-enterprise %} and organizations{% endif %}, and according to whether {% data variables.product.prodname_GH_advanced_security %} is used by those repositories {% ifversion security-overview-org-risk-coverage-enterprise %} and organizations{% endif %}. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview#permission-to-view-data-in-security-overview)." +The information shown by security overview varies according to your access to repositories and organizations, and according to whether {% data variables.product.prodname_GH_advanced_security %} is used by those repositories and organizations. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview#permission-to-view-data-in-security-overview)." diff --git a/src/README.md b/src/README.md index b9e6d514c25e..4cb74fb47748 100644 --- a/src/README.md +++ b/src/README.md @@ -60,3 +60,5 @@ it's important to point out two things: 1. When you add an entry to `.github/workflows/test.yml`, and it's gone into `main`, don't forget to add it to the branch protection's required checks. + +❖ diff --git a/src/frame/middleware/index.ts b/src/frame/middleware/index.ts index fe11bf133f59..9e8794259476 100644 --- a/src/frame/middleware/index.ts +++ b/src/frame/middleware/index.ts @@ -214,6 +214,12 @@ export default function (app: Express) { // *** Headers *** app.set('etag', false) // We will manage our own ETags if desired + // temporary + app.use(function (req, res, next) { + res.set('x-ptcl', req.secure ? 'o' : 'x') + next() + }) + // *** Config and context for redirects *** app.use(detectLanguage) // Must come before context, breadcrumbs, find-page, handle-errors, homepages app.use(asyncMiddleware(reloadTree)) // Must come before context diff --git a/src/rest/README.md b/src/rest/README.md index bb89442099a2..1c483805a47d 100644 --- a/src/rest/README.md +++ b/src/rest/README.md @@ -77,4 +77,4 @@ Writers can also add an introduction paragraph _above_ the following Markdown co Slack: `#docs-engineering` Repo: `github/docs-engineering` -If you have a question about the REST pipeline, you can ask in the `#docs-engineering` Slack channel. If you notice a problem with the REST pipeline, you can open an issue in the `github/docs-engineering` repository. \ No newline at end of file +If you have a question about the REST pipeline, you can ask in the `#docs-engineering` Slack channel. If you notice a problem with the REST pipeline, you can open an issue in the `github/docs-engineering` repository. 🚀