jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-25 02:17:36 -05:00
Code Issues Projects Releases Wiki Activity

[Ready to ship: May 12, 2022] - Secret scanning custom patterns: enterprise-level dry runs - [Public Beta] (#27494)

Browse Source
This commit is contained in:
mc
2022-05-12 17:43:44 +01:00
committed by GitHub
parent b93a3ec387
commit 0303099f79
5 changed files with 23 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
content/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning.md
View File

@@ -124,9 +124,7 @@ Before defining a custom pattern, you must ensure that you enable {% data variab
{% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}
{%- if secret-scanning-org-dry-runs %}
1. When you're ready to test your new custom pattern, to identify matches in select repositories without creating alerts, click **Save and dry run**.
1. Search for and select the repositories where you want to perform the dry run. You can select up to 10 repositories.
![Screenshot showing repositories selected for the dry run](/assets/images/help/repository/secret-scanning-dry-run-custom-pattern-select-repo.png)
1. When you're ready to test your new custom pattern, click **Dry run**.
{% data reusables.advanced-security.secret-scanning-dry-run-select-repos %}
{% data reusables.advanced-security.secret-scanning-dry-run-results %}
{%- endif %}
{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}
@@ -143,8 +141,15 @@ Before defining a custom pattern, you must ensure that you enable secret scannin
{% note %}
{% if secret-scanning-enterprise-dry-runs %}
**Notes:**
- At the enterprise level, only the creator of a custom pattern can edit the pattern, and use it in a dry run.
- Enterprise owners can only make use of dry runs on repositories that they have access to, and enterprise owners do not necessarily have access to all the organizations or repositories within the enterprise.
{% else %}
**Note:** As there is no dry-run functionality, we recommend that you test your custom patterns in a repository before defining them for your entire enterprise. That way, you can avoid creating excess false-positive {% data variables.product.prodname_secret_scanning %} alerts.
{% endif %}
{% endnote %}
{% data reusables.enterprise-accounts.access-enterprise %}
@@ -153,6 +158,11 @@ Before defining a custom pattern, you must ensure that you enable secret scannin
{% data reusables.enterprise-accounts.advanced-security-security-features %}
1. Under "Secret scanning custom patterns", click {% ifversion ghes = 3.2 %}**New custom pattern**{% else %}**New pattern**{% endif %}.
{% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}
{%- if secret-scanning-enterprise-dry-runs %}
1. When you're ready to test your new custom pattern, to identify matches in the repository without creating alerts, click **Save and dry run**.
{% data reusables.advanced-security.secret-scanning-dry-run-select-repos %}
{% data reusables.advanced-security.secret-scanning-dry-run-results %}
{%- endif %}
{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}
After your pattern is created, {% data variables.product.prodname_secret_scanning %} scans for any secrets in repositories within your enterprise's organizations with {% data variables.product.prodname_GH_advanced_security %} enabled, including their entire Git history on all branches. Organization owners and repository administrators will be alerted to any secrets found, and can review the alert in the repository where the secret is found. For more information on viewing {% data variables.product.prodname_secret_scanning %} alerts, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."