diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts.md index 7606417fbc3f..b733dcd5fe1c 100644 --- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts.md +++ b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts.md @@ -23,7 +23,8 @@ There are some additional features that can help you to evaluate alerts in order * Check the validity of a secret, to see if the secret is still active. {% ifversion fpt or ghes %}**Applies to {% data variables.product.company_short %} tokens only**.{% endif %} For more information, see "[Checking a secret's validity](#checking-a-secrets-validity)."{% ifversion secret-scanning-validity-check-partner-patterns %} * Perform an "on-demand" validity check, to get the most up to date validation status. For more information, see "[Performing an on-demand-validity-check](#performing-an-on-demand-validity-check)."{% endif %}{% ifversion secret-scanning-github-token-metadata %} -* Review a token's metadata. **Applies to {% data variables.product.company_short %} tokens only**. For example, to see when the token was last used. For more information, see "[Reviewing {% data variables.product.company_short %} token metadata](#reviewing-github-token-metadata)."{% endif %} +* Review a token's metadata. **Applies to {% data variables.product.company_short %} tokens only**. For example, to see when the token was last used. For more information, see "[Reviewing {% data variables.product.company_short %} token metadata](#reviewing-github-token-metadata)."{% endif %}{% ifversion secret-scanning-multi-repo-public-leak %} +* Review the labels assigned to the alert. For more information, see "[Reviewing alert labels](#reviewing-alert-labels)."{% endif %} ## Checking a secret's validity @@ -95,6 +96,21 @@ Tokens, like {% data variables.product.pat_generic %} and other credentials, are {% endif %} +{% ifversion secret-scanning-multi-repo-public-leak %} + +## Reviewing alert labels + +In the alert view, you can review any labels assigned to the alert. The labels provide additional details about the alert, which can inform the approach you take for remediation. + +{% data variables.product.prodname_secret_scanning_caps %} alerts can have the following labels assigned to them: + +|Label|Description| +|-------------------------|--------------------------------------------------------------------------------| +|`public leak`| The secret detected in your repository has also been found as publicly leaked by at least one of {% data variables.product.github %}'s scans of code, discussions, gists, issues, pull requests, and wikis. This may require you to address the alert with greater urgency, or remediate the alert differently compared to a privately exposed token.| +|`multi-repo`| The secret detected in your repository has been found across multiple repositories in your organization{% ifversion ghec or ghes %} or enterprise{% endif %}. This information may help you more easily dedupe the alert across your organization{% ifversion ghec or ghes %} or enterprise{% endif %}. | + +{% endif %} + ## Next steps * "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts)" diff --git a/data/features/secret-scanning-multi-repo-public-leak.yml b/data/features/secret-scanning-multi-repo-public-leak.yml new file mode 100644 index 000000000000..c9c62a570962 --- /dev/null +++ b/data/features/secret-scanning-multi-repo-public-leak.yml @@ -0,0 +1,6 @@ +# Reference: #15387 +# Secret scanning: multi-repo and public leak indicators added to alerts +versions: + fpt: '*' + ghec: '*' + ghes: '>=3.16' diff --git a/src/audit-logs/data/fpt/organization.json b/src/audit-logs/data/fpt/organization.json index 892cc765abc7..f61ae98f1c7f 100644 --- a/src/audit-logs/data/fpt/organization.json +++ b/src/audit-logs/data/fpt/organization.json @@ -1004,6 +1004,16 @@ "description": "Autofix for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A" }, + { + "action": "org.code_scanning_autofix_third_party_tools_disabled", + "description": "Autofix for third party tools for code scanning alerts was disabled for an organization.", + "docs_reference_links": "N/A" + }, + { + "action": "org.code_scanning_autofix_third_party_tools_enabled", + "description": "Autofix for third party tools for code scanning alerts was enabled for an organization.", + "docs_reference_links": "N/A" + }, { "action": "org.codeql_disabled", "description": "Code scanning using the default setup was disabled for an organization.", @@ -2324,6 +2334,16 @@ "description": "Autofix for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A" }, + { + "action": "repo.code_scanning_autofix_third_party_tools_disabled", + "description": "Autofix for third party tools for code scanning alerts was disabled for a repository.", + "docs_reference_links": "N/A" + }, + { + "action": "repo.code_scanning_autofix_third_party_tools_enabled", + "description": "Autofix for third party tools for code scanning alerts was enabled for a repository.", + "docs_reference_links": "N/A" + }, { "action": "repo.code_scanning_configuration_for_branch_deleted", "description": "A code scanning configuration for a branch of a repository was deleted.", diff --git a/src/audit-logs/data/ghec/enterprise.json b/src/audit-logs/data/ghec/enterprise.json index 9684f1a11d7e..e6af60a586f6 100644 --- a/src/audit-logs/data/ghec/enterprise.json +++ b/src/audit-logs/data/ghec/enterprise.json @@ -1804,6 +1804,16 @@ "description": "Autofix for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A" }, + { + "action": "org.code_scanning_autofix_third_party_tools_disabled", + "description": "Autofix for third party tools for code scanning alerts was disabled for an organization.", + "docs_reference_links": "N/A" + }, + { + "action": "org.code_scanning_autofix_third_party_tools_enabled", + "description": "Autofix for third party tools for code scanning alerts was enabled for an organization.", + "docs_reference_links": "N/A" + }, { "action": "org.codeql_disabled", "description": "Code scanning using the default setup was disabled for an organization.", @@ -3059,6 +3069,16 @@ "description": "Autofix for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A" }, + { + "action": "repo.code_scanning_autofix_third_party_tools_disabled", + "description": "Autofix for third party tools for code scanning alerts was disabled for a repository.", + "docs_reference_links": "N/A" + }, + { + "action": "repo.code_scanning_autofix_third_party_tools_enabled", + "description": "Autofix for third party tools for code scanning alerts was enabled for a repository.", + "docs_reference_links": "N/A" + }, { "action": "repo.code_scanning_configuration_for_branch_deleted", "description": "A code scanning configuration for a branch of a repository was deleted.", diff --git a/src/audit-logs/data/ghec/organization.json b/src/audit-logs/data/ghec/organization.json index 892cc765abc7..f61ae98f1c7f 100644 --- a/src/audit-logs/data/ghec/organization.json +++ b/src/audit-logs/data/ghec/organization.json @@ -1004,6 +1004,16 @@ "description": "Autofix for code scanning alerts was enabled for an organization.", "docs_reference_links": "N/A" }, + { + "action": "org.code_scanning_autofix_third_party_tools_disabled", + "description": "Autofix for third party tools for code scanning alerts was disabled for an organization.", + "docs_reference_links": "N/A" + }, + { + "action": "org.code_scanning_autofix_third_party_tools_enabled", + "description": "Autofix for third party tools for code scanning alerts was enabled for an organization.", + "docs_reference_links": "N/A" + }, { "action": "org.codeql_disabled", "description": "Code scanning using the default setup was disabled for an organization.", @@ -2324,6 +2334,16 @@ "description": "Autofix for code scanning alerts was enabled for a repository.", "docs_reference_links": "N/A" }, + { + "action": "repo.code_scanning_autofix_third_party_tools_disabled", + "description": "Autofix for third party tools for code scanning alerts was disabled for a repository.", + "docs_reference_links": "N/A" + }, + { + "action": "repo.code_scanning_autofix_third_party_tools_enabled", + "description": "Autofix for third party tools for code scanning alerts was enabled for a repository.", + "docs_reference_links": "N/A" + }, { "action": "repo.code_scanning_configuration_for_branch_deleted", "description": "A code scanning configuration for a branch of a repository was deleted.", diff --git a/src/audit-logs/data/ghes-3.11/enterprise.json b/src/audit-logs/data/ghes-3.11/enterprise.json index d8f4924cfa6d..b9625490a0b8 100644 --- a/src/audit-logs/data/ghes-3.11/enterprise.json +++ b/src/audit-logs/data/ghes-3.11/enterprise.json @@ -704,6 +704,21 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules" }, + { + "action": "gist.create", + "description": "A gist was created.", + "docs_reference_links": "N/A" + }, + { + "action": "gist.destroy", + "description": "A gist was deleted.", + "docs_reference_links": "N/A" + }, + { + "action": "gist.visibility_change", + "description": "The visibility of a gist was updated.", + "docs_reference_links": "N/A" + }, { "action": "git.clone", "description": "A repository was cloned.", diff --git a/src/audit-logs/data/ghes-3.11/user.json b/src/audit-logs/data/ghes-3.11/user.json index 468f03106b3b..4be67b96841b 100644 --- a/src/audit-logs/data/ghes-3.11/user.json +++ b/src/audit-logs/data/ghes-3.11/user.json @@ -314,6 +314,21 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules" }, + { + "action": "gist.create", + "description": "A gist was created.", + "docs_reference_links": "N/A" + }, + { + "action": "gist.destroy", + "description": "A gist was deleted.", + "docs_reference_links": "N/A" + }, + { + "action": "gist.visibility_change", + "description": "The visibility of a gist was updated.", + "docs_reference_links": "N/A" + }, { "action": "git_signing_ssh_public_key.create", "description": "An SSH key was added to a user account as a Git commit signing key.", diff --git a/src/audit-logs/data/ghes-3.12/enterprise.json b/src/audit-logs/data/ghes-3.12/enterprise.json index 4d8068cec9cf..7b06ca1baba9 100644 --- a/src/audit-logs/data/ghes-3.12/enterprise.json +++ b/src/audit-logs/data/ghes-3.12/enterprise.json @@ -734,6 +734,21 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules" }, + { + "action": "gist.create", + "description": "A gist was created.", + "docs_reference_links": "N/A" + }, + { + "action": "gist.destroy", + "description": "A gist was deleted.", + "docs_reference_links": "N/A" + }, + { + "action": "gist.visibility_change", + "description": "The visibility of a gist was updated.", + "docs_reference_links": "N/A" + }, { "action": "git.clone", "description": "A repository was cloned.", diff --git a/src/audit-logs/data/ghes-3.12/user.json b/src/audit-logs/data/ghes-3.12/user.json index 021be9f9edc3..4ace7cd4c904 100644 --- a/src/audit-logs/data/ghes-3.12/user.json +++ b/src/audit-logs/data/ghes-3.12/user.json @@ -314,6 +314,21 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules" }, + { + "action": "gist.create", + "description": "A gist was created.", + "docs_reference_links": "N/A" + }, + { + "action": "gist.destroy", + "description": "A gist was deleted.", + "docs_reference_links": "N/A" + }, + { + "action": "gist.visibility_change", + "description": "The visibility of a gist was updated.", + "docs_reference_links": "N/A" + }, { "action": "git_signing_ssh_public_key.create", "description": "An SSH key was added to a user account as a Git commit signing key.", diff --git a/src/audit-logs/data/ghes-3.13/enterprise.json b/src/audit-logs/data/ghes-3.13/enterprise.json index 727396680d8d..cd97fa9fed3b 100644 --- a/src/audit-logs/data/ghes-3.13/enterprise.json +++ b/src/audit-logs/data/ghes-3.13/enterprise.json @@ -759,6 +759,21 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules" }, + { + "action": "gist.create", + "description": "A gist was created.", + "docs_reference_links": "N/A" + }, + { + "action": "gist.destroy", + "description": "A gist was deleted.", + "docs_reference_links": "N/A" + }, + { + "action": "gist.visibility_change", + "description": "The visibility of a gist was updated.", + "docs_reference_links": "N/A" + }, { "action": "git.clone", "description": "A repository was cloned.", diff --git a/src/audit-logs/data/ghes-3.13/user.json b/src/audit-logs/data/ghes-3.13/user.json index 82520f05cbd9..2963c6aa0588 100644 --- a/src/audit-logs/data/ghes-3.13/user.json +++ b/src/audit-logs/data/ghes-3.13/user.json @@ -319,6 +319,21 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules" }, + { + "action": "gist.create", + "description": "A gist was created.", + "docs_reference_links": "N/A" + }, + { + "action": "gist.destroy", + "description": "A gist was deleted.", + "docs_reference_links": "N/A" + }, + { + "action": "gist.visibility_change", + "description": "The visibility of a gist was updated.", + "docs_reference_links": "N/A" + }, { "action": "git_signing_ssh_public_key.create", "description": "An SSH key was added to a user account as a Git commit signing key.", diff --git a/src/audit-logs/data/ghes-3.14/enterprise.json b/src/audit-logs/data/ghes-3.14/enterprise.json index 66e3b374ee68..38b4c99d2376 100644 --- a/src/audit-logs/data/ghes-3.14/enterprise.json +++ b/src/audit-logs/data/ghes-3.14/enterprise.json @@ -904,6 +904,21 @@ "description": "An external identity was updated.", "docs_reference_links": "N/A" }, + { + "action": "gist.create", + "description": "A gist was created.", + "docs_reference_links": "N/A" + }, + { + "action": "gist.destroy", + "description": "A gist was deleted.", + "docs_reference_links": "N/A" + }, + { + "action": "gist.visibility_change", + "description": "The visibility of a gist was updated.", + "docs_reference_links": "N/A" + }, { "action": "git.clone", "description": "A repository was cloned.", diff --git a/src/audit-logs/data/ghes-3.14/user.json b/src/audit-logs/data/ghes-3.14/user.json index 0bb45c86dfdb..efc376c703a6 100644 --- a/src/audit-logs/data/ghes-3.14/user.json +++ b/src/audit-logs/data/ghes-3.14/user.json @@ -319,6 +319,21 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules" }, + { + "action": "gist.create", + "description": "A gist was created.", + "docs_reference_links": "N/A" + }, + { + "action": "gist.destroy", + "description": "A gist was deleted.", + "docs_reference_links": "N/A" + }, + { + "action": "gist.visibility_change", + "description": "The visibility of a gist was updated.", + "docs_reference_links": "N/A" + }, { "action": "git_signing_ssh_public_key.create", "description": "An SSH key was added to a user account as a Git commit signing key.", diff --git a/src/audit-logs/data/ghes-3.15/enterprise.json b/src/audit-logs/data/ghes-3.15/enterprise.json index f3138d91dd19..456e0876df21 100644 --- a/src/audit-logs/data/ghes-3.15/enterprise.json +++ b/src/audit-logs/data/ghes-3.15/enterprise.json @@ -904,6 +904,21 @@ "description": "An external identity was updated.", "docs_reference_links": "N/A" }, + { + "action": "gist.create", + "description": "A gist was created.", + "docs_reference_links": "N/A" + }, + { + "action": "gist.destroy", + "description": "A gist was deleted.", + "docs_reference_links": "N/A" + }, + { + "action": "gist.visibility_change", + "description": "The visibility of a gist was updated.", + "docs_reference_links": "N/A" + }, { "action": "git.clone", "description": "A repository was cloned.", diff --git a/src/audit-logs/data/ghes-3.15/user.json b/src/audit-logs/data/ghes-3.15/user.json index 991cbb00692c..89957cd4c3ff 100644 --- a/src/audit-logs/data/ghes-3.15/user.json +++ b/src/audit-logs/data/ghes-3.15/user.json @@ -319,6 +319,21 @@ "description": "A GitHub Actions deployment protection rule was updated via the API.", "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules" }, + { + "action": "gist.create", + "description": "A gist was created.", + "docs_reference_links": "N/A" + }, + { + "action": "gist.destroy", + "description": "A gist was deleted.", + "docs_reference_links": "N/A" + }, + { + "action": "gist.visibility_change", + "description": "The visibility of a gist was updated.", + "docs_reference_links": "N/A" + }, { "action": "git_signing_ssh_public_key.create", "description": "An SSH key was added to a user account as a Git commit signing key.", diff --git a/src/audit-logs/lib/config.json b/src/audit-logs/lib/config.json index 17d2d27a9b4c..2d03f10fe893 100644 --- a/src/audit-logs/lib/config.json +++ b/src/audit-logs/lib/config.json @@ -3,5 +3,5 @@ "apiOnlyEvents": "This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.", "apiRequestEvent": "This event is only available via audit log streaming." }, - "sha": "b31fcffae9cdc4ebb8e4a2542da3ccf3dcab5b07" + "sha": "218fadadb5342f3d6c49bf661619afe7e47f6b21" } \ No newline at end of file