Merge branch 'code-scanning-pr-severities-setting' of https://github.com/github/docs-internal into code-scanning-pr-severities-setting
This commit is contained in:
Sarita Iyer
@@ -61,7 +61,7 @@ jobs:
|
||||
owner: 'github',
|
||||
repo: 'docs-internal',
|
||||
title: `@${context.payload.sender.login} confirm that \#${issueNo} should be in the public github/docs repo`,
|
||||
body: `@${context.payload.sender.login} opened https://github.com/github/docs/issues/${issueNo} publicly in the github/docs repo, instead of the private github/docs-internal repo.\n\n@${context.payload.sender.login}, please confirm that this belongs in the public repo and that no sensitive information was disclosed by commenting below and closing the issue.\n\nIf this was not intentional and sensitive information was shared, please delete https://github.com/github/docs/issues/${issueNo} and notify us in the \#docs-open-source channel.\n\nThanks! \n\n/cc @github/docs @github/docs-engineering`,
|
||||
body: `@${context.payload.sender.login} opened https://github.com/github/docs/issues/${issueNo} publicly in the github/docs repo, instead of the private github/docs-internal repo.\n\n@${context.payload.sender.login}, please confirm that this belongs in the public repo and that no sensitive information was disclosed by commenting below and closing the issue.\n\nIf this was not intentional and sensitive information was shared, please delete https://github.com/github/docs/issues/${issueNo} and notify us in the \#docs-open-source channel.\n\nThanks!`,
|
||||
labels: ['OS confirmation'],
|
||||
});
|
||||
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 125 KiB After Width: | Height: | Size: 183 KiB |
|
Before Width: | Height: | Size: 21 KiB After Width: | Height: | Size: 21 KiB |
BIN
assets/images/help/2fa/2fa-password-reset.png
Normal file
BIN
assets/images/help/2fa/2fa-password-reset.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 30 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 84 KiB |
BIN
assets/images/help/repository/code-scanning-search-alerts.png
Normal file
BIN
assets/images/help/repository/code-scanning-search-alerts.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 46 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 10 KiB After Width: | Height: | Size: 24 KiB |
BIN
assets/images/help/settings/password-recovery-page.png
Normal file
BIN
assets/images/help/settings/password-recovery-page.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 26 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 9.5 KiB After Width: | Height: | Size: 72 KiB |
BIN
assets/images/help/sponsors/draft-tier-edit.png
Normal file
BIN
assets/images/help/sponsors/draft-tier-edit.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 16 KiB |
BIN
assets/images/help/sponsors/recommended-rewards.png
Normal file
BIN
assets/images/help/sponsors/recommended-rewards.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 75 KiB |
BIN
assets/images/help/sponsors/tier-editor-button.png
Normal file
BIN
assets/images/help/sponsors/tier-editor-button.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 24 KiB |
BIN
assets/images/help/stars/starring-a-repository.png
Normal file
BIN
assets/images/help/stars/starring-a-repository.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 18 KiB |
BIN
assets/images/help/stars/stars_filter_topic.png
Normal file
BIN
assets/images/help/stars/stars_filter_topic.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 21 KiB |
BIN
assets/images/help/stars/unstarring-a-repository.png
Normal file
BIN
assets/images/help/stars/unstarring-a-repository.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 18 KiB |
@@ -38,6 +38,7 @@ export const DefaultLayout = (props: Props) => {
|
||||
{page.languageVariants.map((languageVariant) => {
|
||||
return (
|
||||
<link
|
||||
key={languageVariant.href}
|
||||
rel="alternate"
|
||||
hrefLang={languageVariant.hreflang}
|
||||
href={`https://docs.github.com${languageVariant.href}`}
|
||||
|
||||
@@ -3,7 +3,7 @@ import Link from 'next/link'
|
||||
import { LinkExternalIcon, MarkGithubIcon } from '@primer/octicons-react'
|
||||
import { useTranslation } from './hooks/useTranslation'
|
||||
import { useMainContext } from './context/MainContext'
|
||||
import { ProductSiteTree } from './product/ProductSiteTree'
|
||||
import { SidebarProduct } from './product/SidebarProduct'
|
||||
import { AllProductsLink } from './product/AllProductsLink'
|
||||
import { useVersion } from './hooks/useVersion'
|
||||
|
||||
@@ -41,7 +41,7 @@ export const SidebarNav = (props: Props) => {
|
||||
</ul>
|
||||
) : (
|
||||
<ul className="sidebar-products">
|
||||
<ProductSiteTree />
|
||||
<SidebarProduct />
|
||||
</ul>
|
||||
)}
|
||||
</nav>
|
||||
|
||||
58
components/article/ArticleVersionPicker.tsx
Normal file
58
components/article/ArticleVersionPicker.tsx
Normal file
@@ -0,0 +1,58 @@
|
||||
import Link from 'next/link'
|
||||
import { useRouter } from 'next/router'
|
||||
import { Dropdown } from '@primer/components'
|
||||
|
||||
import { useMainContext } from 'components/context/MainContext'
|
||||
import { useVersion } from 'components/hooks/useVersion'
|
||||
import { useTranslation } from 'components/hooks/useTranslation'
|
||||
|
||||
export const ArticleVersionPicker = () => {
|
||||
const router = useRouter()
|
||||
const { currentVersion } = useVersion()
|
||||
const { allVersions, page, enterpriseServerVersions } = useMainContext()
|
||||
const { t } = useTranslation('pages')
|
||||
|
||||
if (page.permalinks && page.permalinks.length <= 1) {
|
||||
return null
|
||||
}
|
||||
|
||||
return (
|
||||
<div className="d-none d-lg-flex flex-justify-end">
|
||||
<Dropdown
|
||||
css={`
|
||||
ul {
|
||||
width: unset;
|
||||
}
|
||||
`}
|
||||
>
|
||||
<summary className="f4 h5-mktg btn-outline-mktg btn-mktg p-2">
|
||||
<span className="d-md-none d-xl-inline-block">{t('article_version')}</span>{' '}
|
||||
{allVersions[currentVersion].versionTitle}
|
||||
<Dropdown.Caret />
|
||||
</summary>
|
||||
<Dropdown.Menu direction="sw">
|
||||
{(page.permalinks || []).map((permalink) => {
|
||||
if (permalink.pageVersion === 'homepage') {
|
||||
return null
|
||||
}
|
||||
|
||||
return (
|
||||
<Dropdown.Item key={permalink.href}>
|
||||
<Link href={permalink.href}>
|
||||
<a>{permalink.pageVersionTitle}</a>
|
||||
</Link>
|
||||
</Dropdown.Item>
|
||||
)
|
||||
})}
|
||||
<div className="pb-1">
|
||||
<Link href={`/${router.locale}/${enterpriseServerVersions[0]}/admin/all-releases`}>
|
||||
<a className="f6 no-underline color-text-tertiary pl-3 pr-2 no-wrap">
|
||||
See all Enterprise releases
|
||||
</a>
|
||||
</Link>
|
||||
</div>
|
||||
</Dropdown.Menu>
|
||||
</Dropdown>
|
||||
</div>
|
||||
)
|
||||
}
|
||||
@@ -141,7 +141,11 @@ export const getMainContextFromRequest = (req: any): MainContextT => {
|
||||
),
|
||||
hidden: req.context.page.hidden || false,
|
||||
},
|
||||
enterpriseServerReleases: JSON.parse(JSON.stringify(req.context.enterpriseServerReleases)),
|
||||
enterpriseServerReleases: pick(req.context.enterpriseServerReleases, [
|
||||
'isOldestReleaseDeprecated',
|
||||
'oldestSupported',
|
||||
'nextDeprecationDate',
|
||||
]),
|
||||
enterpriseServerVersions: req.context.enterpriseServerVersions,
|
||||
currentLanguage: req.context.currentLanguage,
|
||||
languages: Object.fromEntries(
|
||||
@@ -158,12 +162,27 @@ export const getMainContextFromRequest = (req: any): MainContextT => {
|
||||
})
|
||||
),
|
||||
allVersions: req.context.allVersions,
|
||||
// this gets rid of some `undefined` values, which is necessary so next.js can serialize the data
|
||||
currentProductTree: JSON.parse(JSON.stringify(req.context.currentProductTree)),
|
||||
currentProductTree: getCurrentProductTree(req.context.currentProductTree),
|
||||
featureFlags: {},
|
||||
}
|
||||
}
|
||||
|
||||
// only pull things we need from the product tree, and make sure there are default values instead of `undefined`
|
||||
const getCurrentProductTree = (input: any): CurrentProductTree => {
|
||||
return {
|
||||
href: input.href,
|
||||
renderedShortTitle: input.renderedShortTitle || '',
|
||||
renderedFullTitle: input.renderedFullTitle || '',
|
||||
page: {
|
||||
hidden: input.page.hidden || false,
|
||||
documentType: input.page.documentType,
|
||||
title: input.page.title,
|
||||
shortTitle: input.page.shortTitle || '',
|
||||
},
|
||||
childPages: (input.childPages || []).map(getCurrentProductTree),
|
||||
}
|
||||
}
|
||||
|
||||
export const MainContext = createContext<MainContextT | null>(null)
|
||||
|
||||
export const useMainContext = (): MainContextT => {
|
||||
|
||||
@@ -1,6 +1,11 @@
|
||||
import { createContext, useContext } from 'react'
|
||||
import pick from 'lodash/pick'
|
||||
|
||||
export type TocItem = {
|
||||
fullPath: string
|
||||
title: string
|
||||
intro?: string
|
||||
}
|
||||
export type FeaturedLink = {
|
||||
title: string
|
||||
href: string
|
||||
@@ -28,19 +33,12 @@ export type ProductLandingContextT = {
|
||||
intro: string
|
||||
beta_product: boolean
|
||||
product: Product
|
||||
// primaryAction: LinkButtonT
|
||||
// secondaryAction?: LinkButtonT
|
||||
introLinks: {
|
||||
quickstart?: string
|
||||
reference?: string
|
||||
overview?: string
|
||||
}
|
||||
} | null
|
||||
product_video?: string
|
||||
// featuredLinks?: {
|
||||
// guides: Array<FeaturedLink>
|
||||
// popular: Array<FeaturedLink>
|
||||
// guideCards: Array<FeaturedLink>
|
||||
// }
|
||||
guideCards: Array<FeaturedLink>
|
||||
productCodeExamples: Array<CodeExample>
|
||||
productUserExamples: Array<{ username: string; description: string }>
|
||||
@@ -53,6 +51,7 @@ export type ProductLandingContextT = {
|
||||
changelog: { label: string; prefix: string }
|
||||
changelogUrl?: string
|
||||
whatsNewChangelog?: Array<{ href: string; title: string; date: string }>
|
||||
tocItems: Array<TocItem>
|
||||
}
|
||||
|
||||
export const ProductLandingContext = createContext<ProductLandingContextT | null>(null)
|
||||
@@ -97,20 +96,26 @@ export const getProductLandingContextFromRequest = (req: any): ProductLandingCon
|
||||
})
|
||||
),
|
||||
|
||||
introLinks: {
|
||||
quickstart: productTree.page.introLinks.quickstart,
|
||||
reference: productTree.page.introLinks.reference,
|
||||
overview: productTree.page.introLinks.overview,
|
||||
},
|
||||
introLinks: productTree.page.introLinks
|
||||
? {
|
||||
quickstart: productTree.page.introLinks.quickstart,
|
||||
reference: productTree.page.introLinks.reference,
|
||||
overview: productTree.page.introLinks.overview,
|
||||
}
|
||||
: null,
|
||||
|
||||
guideCards: (req.context.featuredLinks ? (req.context.featuredLinks.guideCards || []) : []).map((link: any) => {
|
||||
return {
|
||||
href: link.href,
|
||||
title: link.title,
|
||||
intro: link.intro,
|
||||
authors: link.page.authors || [],
|
||||
guideCards: (req.context.featuredLinks ? req.context.featuredLinks.guideCards || [] : []).map(
|
||||
(link: any) => {
|
||||
return {
|
||||
href: link.href,
|
||||
title: link.title,
|
||||
intro: link.intro,
|
||||
authors: link.page.authors || [],
|
||||
}
|
||||
}
|
||||
}),
|
||||
),
|
||||
|
||||
tocItems: req.context.tocItems || [],
|
||||
|
||||
featuredArticles: Object.entries(req.context.featuredLinks || [])
|
||||
.filter(([key]) => {
|
||||
@@ -119,7 +124,10 @@ export const getProductLandingContextFromRequest = (req: any): ProductLandingCon
|
||||
.map(([key, links]: any) => {
|
||||
return {
|
||||
label: req.context.site.data.ui.toc[key],
|
||||
viewAllHref: key === 'guides' && !req.context.currentCategory ? `${req.context.currentPath}/${key}` : '',
|
||||
viewAllHref:
|
||||
key === 'guides' && !req.context.currentCategory
|
||||
? `${req.context.currentPath}/${key}`
|
||||
: '',
|
||||
articles: links.map((link: any) => {
|
||||
return {
|
||||
hideIntro: key === 'popular',
|
||||
@@ -130,7 +138,6 @@ export const getProductLandingContextFromRequest = (req: any): ProductLandingCon
|
||||
}
|
||||
}),
|
||||
}
|
||||
}
|
||||
),
|
||||
}),
|
||||
}
|
||||
}
|
||||
|
||||
@@ -21,7 +21,7 @@ export const FeaturedArticles = () => {
|
||||
{featuredArticles.map((section, i) => {
|
||||
return (
|
||||
<div
|
||||
key={section.label}
|
||||
key={section.label + i}
|
||||
className={cx('col-12 mb-4 mb-lg-0', changelog ? 'col-lg-4' : 'col-lg-6')}
|
||||
>
|
||||
<ArticleList
|
||||
@@ -72,7 +72,7 @@ const ArticleList = ({ title, viewAllHref, articles }: ArticleListProps) => {
|
||||
</div>
|
||||
|
||||
<ul className="list-style-none">
|
||||
{articles.map((link) => {
|
||||
{articles.map((link, i) => {
|
||||
return (
|
||||
<li key={link.href} className="border-top">
|
||||
<Link href={link.href}>
|
||||
|
||||
@@ -16,12 +16,12 @@ export const ProductArticlesList = () => {
|
||||
|
||||
return (
|
||||
<div className="d-flex gutter flex-wrap">
|
||||
{currentProductTree.childPages.map((childPage) => {
|
||||
{currentProductTree.childPages.map((childPage, i) => {
|
||||
if (childPage.page.documentType === 'article') {
|
||||
return null
|
||||
}
|
||||
|
||||
return <ArticleList key={childPage.href} page={childPage} />
|
||||
return <ArticleList key={childPage.href + i} page={childPage} />
|
||||
})}
|
||||
</div>
|
||||
)
|
||||
@@ -45,14 +45,18 @@ const ArticleList = ({ page }: { page: CurrentProductTree }) => {
|
||||
}
|
||||
|
||||
return (
|
||||
<li className={cx('mb-3', index >= maxArticles ? 'd-none' : null)}>
|
||||
<li
|
||||
key={grandchildPage.href + index}
|
||||
className={cx('mb-3', index >= maxArticles ? 'd-none' : null)}
|
||||
>
|
||||
<Link href={grandchildPage.href}>
|
||||
<a>{grandchildPage.page.title}</a>
|
||||
</Link>
|
||||
{grandchildPage.page.documentType === 'mapTopic' ? (
|
||||
<small className="color-text-secondary d-inline-block">
|
||||
• {page.childPages.length} articles
|
||||
</small>) : null}
|
||||
<small className="color-text-secondary d-inline-block">
|
||||
• {page.childPages.length} articles
|
||||
</small>
|
||||
) : null}
|
||||
</li>
|
||||
)
|
||||
})}
|
||||
|
||||
34
components/landing/TableOfContents.tsx
Normal file
34
components/landing/TableOfContents.tsx
Normal file
@@ -0,0 +1,34 @@
|
||||
import { useRouter } from 'next/router'
|
||||
import Link from 'next/link'
|
||||
import cx from 'classnames'
|
||||
|
||||
import type { TocItem } from '../context/ProductLandingContext'
|
||||
|
||||
export const TableOfContents = (props: { items?: Array<TocItem> }) => {
|
||||
const router = useRouter()
|
||||
|
||||
return (
|
||||
<div>
|
||||
{(props.items || []).map((obj) => {
|
||||
if (!obj) {
|
||||
return null
|
||||
}
|
||||
const { fullPath: href, title, intro } = obj
|
||||
const isActive = router.pathname === href
|
||||
return (
|
||||
<div key={href} className={cx('mb-5', isActive && 'color-auto-gray-4')}>
|
||||
<Link href={href}>
|
||||
<a className="Bump-link--hover no-underline d-block py-1 border-bottom color-border-primary">
|
||||
<h4>
|
||||
{title}
|
||||
<span className="Bump-link-symbol">→</span>
|
||||
</h4>
|
||||
</a>
|
||||
</Link>
|
||||
{intro && <p className="f4 mt-3" dangerouslySetInnerHTML={{ __html: intro }} />}
|
||||
</div>
|
||||
)
|
||||
})}
|
||||
</div>
|
||||
)
|
||||
}
|
||||
@@ -11,7 +11,7 @@ import { AllProductsLink } from 'components/product/AllProductsLink'
|
||||
// hierarchy of the current page. If an item's URL is also the same as the current URL, the item
|
||||
// also gets an `is-current-page` class.
|
||||
// -->
|
||||
export const ProductSiteTree = () => {
|
||||
export const SidebarProduct = () => {
|
||||
const router = useRouter()
|
||||
const { currentProductTree: currentProductTree } = useMainContext()
|
||||
|
||||
@@ -20,14 +20,16 @@ export const ProductSiteTree = () => {
|
||||
}
|
||||
|
||||
const productTitle = currentProductTree.renderedShortTitle || currentProductTree.renderedFullTitle
|
||||
const routePath = `/${router.locale}${router.asPath.split('?')[0]}` // remove query string
|
||||
return (
|
||||
<>
|
||||
<AllProductsLink />
|
||||
|
||||
{!currentProductTree.page.hidden && (
|
||||
<>
|
||||
<li title="" className="sidebar-product mb-2">
|
||||
<Link href={currentProductTree.href}>
|
||||
<a className="pl-4 pr-5 pb-1 f4">{productTitle}</a>
|
||||
<a className="pl-4 pr-5 pb-1 f4 color-text-primary">{productTitle}</a>
|
||||
</Link>
|
||||
</li>
|
||||
|
||||
@@ -37,10 +39,11 @@ export const ProductSiteTree = () => {
|
||||
const isStandaloneCategory = childPage.page.documentType === 'article'
|
||||
|
||||
const childTitle = childPage.renderedShortTitle || childPage.renderedFullTitle
|
||||
const isActive = router.asPath.includes(childPage.href)
|
||||
const isCurrent = router.asPath === childPage.href
|
||||
const isActive = routePath.includes(childPage.href)
|
||||
const isCurrent = routePath === childPage.href
|
||||
return (
|
||||
<li
|
||||
key={childPage.href + i}
|
||||
className={cx(
|
||||
'sidebar-category py-1',
|
||||
isActive && 'active',
|
||||
@@ -50,21 +53,19 @@ export const ProductSiteTree = () => {
|
||||
>
|
||||
{isStandaloneCategory ? (
|
||||
<Link href={childPage.href}>
|
||||
<a className="pl-4 pr-2 py-2 f6 text-uppercase d-block flex-auto mr-3">
|
||||
<a className="pl-4 pr-2 py-2 f6 text-uppercase d-block flex-auto mr-3 color-text-primary">
|
||||
{childTitle}
|
||||
</a>
|
||||
</Link>
|
||||
) : (
|
||||
<details
|
||||
className={cx(
|
||||
'dropdown-withArrow details details-reset',
|
||||
router.asPath.includes(childPage.href) || i < 3 ? 'open' : ''
|
||||
)}
|
||||
className={cx('dropdown-withArrow details details-reset')}
|
||||
open={routePath.includes(childPage.href) || i < 3}
|
||||
>
|
||||
<summary>
|
||||
<div className="d-flex flex-justify-between">
|
||||
<Link href={childPage.href}>
|
||||
<a className="pl-4 pr-2 py-2 f6 text-uppercase d-block flex-auto mr-3">
|
||||
<a className="pl-4 pr-2 py-2 f6 text-uppercase d-block flex-auto mr-3 color-text-primary">
|
||||
{childTitle}
|
||||
</a>
|
||||
</Link>
|
||||
@@ -87,19 +88,20 @@ export const ProductSiteTree = () => {
|
||||
)}
|
||||
</div>
|
||||
</summary>
|
||||
{router.asPath.includes(childPage.href) || i < 3 ? (
|
||||
{routePath.includes(childPage.href) || i < 3 ? (
|
||||
<>
|
||||
{/* <!-- some categories have maptopics with child articles --> */}
|
||||
{childPage.childPages[0].page.documentType === 'mapTopic' ? (
|
||||
<ul className="sidebar-topics list-style-none position-relative">
|
||||
{childPage.childPages.map((grandchildPage) => {
|
||||
{childPage.childPages.map((grandchildPage, i) => {
|
||||
const grandchildTitle =
|
||||
grandchildPage.renderedShortTitle ||
|
||||
grandchildPage.renderedFullTitle
|
||||
const isActive = router.asPath.includes(grandchildPage.href)
|
||||
const isCurrent = router.asPath === grandchildPage.href
|
||||
const isActive = routePath.includes(grandchildPage.href)
|
||||
const isCurrent = routePath === grandchildPage.href
|
||||
return (
|
||||
<li
|
||||
key={childPage.href + i}
|
||||
className={cx(
|
||||
'sidebar-maptopic',
|
||||
isActive && 'active',
|
||||
@@ -107,7 +109,7 @@ export const ProductSiteTree = () => {
|
||||
)}
|
||||
>
|
||||
<Link href={grandchildPage.href}>
|
||||
<a className="pl-4 pr-5 py-2">{grandchildTitle}</a>
|
||||
<a className="pl-4 pr-5 py-2 color-text-primary">{grandchildTitle}</a>
|
||||
</Link>
|
||||
<ul className="sidebar-articles my-2">
|
||||
{grandchildPage.childPages.map(
|
||||
@@ -116,13 +118,13 @@ export const ProductSiteTree = () => {
|
||||
greatgrandchildPage.renderedShortTitle ||
|
||||
greatgrandchildPage.renderedFullTitle
|
||||
const isLast = i === arr.length - 1
|
||||
const isActive = router.asPath.includes(
|
||||
const isActive = routePath.includes(
|
||||
greatgrandchildPage.href
|
||||
)
|
||||
const isCurrent =
|
||||
router.asPath === greatgrandchildPage.href
|
||||
const isCurrent = routePath === greatgrandchildPage.href
|
||||
return (
|
||||
<li
|
||||
key={greatgrandchildPage.href + i}
|
||||
className={cx(
|
||||
'sidebar-article',
|
||||
isActive && 'active',
|
||||
@@ -132,7 +134,7 @@ export const ProductSiteTree = () => {
|
||||
<Link href={greatgrandchildPage.href}>
|
||||
<a
|
||||
className={cx(
|
||||
'pl-6 pr-5 py-1',
|
||||
'pl-6 pr-5 py-1 color-text-primary',
|
||||
isLast && 'pb-2'
|
||||
)}
|
||||
>
|
||||
@@ -156,10 +158,11 @@ export const ProductSiteTree = () => {
|
||||
grandchildPage.renderedShortTitle ||
|
||||
grandchildPage.renderedFullTitle
|
||||
const isLast = i === arr.length - 1
|
||||
const isActive = router.asPath.includes(grandchildPage.href)
|
||||
const isCurrent = router.asPath === grandchildPage.href
|
||||
const isActive = routePath.includes(grandchildPage.href)
|
||||
const isCurrent = routePath === grandchildPage.href
|
||||
return (
|
||||
<li
|
||||
key={grandchildPage.href + i}
|
||||
className={cx(
|
||||
'sidebar-article',
|
||||
isActive && 'active',
|
||||
@@ -167,7 +170,7 @@ export const ProductSiteTree = () => {
|
||||
)}
|
||||
>
|
||||
<Link href={grandchildPage.href}>
|
||||
<a className={cx('pl-6 pr-5 py-1', isLast && 'pb-2')}>
|
||||
<a className={cx('pl-6 pr-5 py-1 color-text-primary', isLast && 'pb-2')}>
|
||||
{grandchildTitle}
|
||||
</a>
|
||||
</Link>
|
||||
@@ -24,7 +24,7 @@ topics:
|
||||
|
||||
This guide shows you how to create a workflow that performs continuous integration (CI) for your Xamarin project. The workflow you create will allow you to see when commits to a pull request cause build or test failures against your default branch; this approach can help ensure that your code is always healthy.
|
||||
|
||||
{% data variables.product.prodname_actions %}-hosted macOS runner stores Xamarin SDK versions and the associated Mono versions as a set of symlinks to Xamarin SDK locations that are available by a single bundle symlink. For a full list of available Xamarin SDK versions and their corresponding bundles, see the runners documentation:
|
||||
For a full list of available Xamarin SDK versions on the {% data variables.product.prodname_actions %}-hosted macOS runners, see the documentation:
|
||||
|
||||
* [macOS 10.15](https://github.com/actions/virtual-environments/blob/main/images/macos/macos-10.15-Readme.md#xamarin-bundles)
|
||||
* [macOS 11](https://github.com/actions/virtual-environments/blob/main/images/macos/macos-11-Readme.md#xamarin-bundles)
|
||||
@@ -41,7 +41,7 @@ We recommend that you have a basic understanding of Xamarin, .NET Core SDK, YAML
|
||||
|
||||
### Bulding Xamarin.iOS apps
|
||||
|
||||
The example below demonstrates how to change the default Xamarin bundle and build a Xamarin.iOS application.
|
||||
The example below demonstrates how to change the default Xamarin SDK versions and build a Xamarin.iOS application.
|
||||
|
||||
{% raw %}
|
||||
```yaml
|
||||
@@ -55,34 +55,33 @@ jobs:
|
||||
runs-on: macos-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Select default Xamarin bundle to 6_12_6
|
||||
run: |
|
||||
XAMARIN_SDK=6_12_6
|
||||
$VM_ASSETS/select-xamarin-sdk.sh $XAMARIN_SDK
|
||||
- uses: actions/checkout@v2
|
||||
- name: Set default Xamarin SDK versions
|
||||
run: |
|
||||
$VM_ASSETS/select-xamarin-sdk-v2.sh --mono=6.12 --ios=14.10
|
||||
|
||||
- name: Set default Xcode 12.3
|
||||
run: |
|
||||
XCODE_ROOT=/Applications/Xcode_12.3.0.app
|
||||
echo "MD_APPLE_SDK_ROOT=$XCODE_ROOT" >> $GITHUB_ENV
|
||||
sudo xcode-select -s $XCODE_ROOT
|
||||
|
||||
- name: Set default Xcode 12.3
|
||||
run: |
|
||||
XCODE_ROOT=/Applications/Xcode_12.3.0.app
|
||||
echo "MD_APPLE_SDK_ROOT=$XCODE_ROOT" >> $GITHUB_ENV
|
||||
sudo xcode-select -s $XCODE_ROOT
|
||||
- name: Setup .NET Core SDK 5.0.x
|
||||
uses: actions/setup-dotnet@v1
|
||||
with:
|
||||
dotnet-version: '5.0.x'
|
||||
|
||||
- name: Setup .NET Core SDK 5.0.x
|
||||
uses: actions/setup-dotnet@v1
|
||||
with:
|
||||
dotnet-version: '5.0.x'
|
||||
- name: Install dependencies
|
||||
run: nuget restore <sln_file_path>
|
||||
|
||||
- name: Install dependencies
|
||||
run: nuget restore <sln_file_path>
|
||||
|
||||
- name: Build
|
||||
run: msbuild <csproj_file_path> /p:Configuration=Debug /p:Platform=iPhoneSimulator /t:Rebuild
|
||||
- name: Build
|
||||
run: msbuild <csproj_file_path> /p:Configuration=Debug /p:Platform=iPhoneSimulator /t:Rebuild
|
||||
```
|
||||
{% endraw %}
|
||||
|
||||
### Bulding Xamarin.Android apps
|
||||
|
||||
The example below demonstrates how to change default the Xamarin bundle and build a Xamarin.Android application.
|
||||
The example below demonstrates how to change default Xamarin SDK versions and build a Xamarin.Android application.
|
||||
|
||||
{% raw %}
|
||||
```yaml
|
||||
@@ -96,22 +95,21 @@ jobs:
|
||||
runs-on: macos-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Select default Xamarin bundle to 6_12_6
|
||||
run: |
|
||||
XAMARIN_SDK=6_12_6
|
||||
$VM_ASSETS/select-xamarin-sdk.sh $XAMARIN_SDK
|
||||
- uses: actions/checkout@v2
|
||||
- name: Set default Xamarin SDK versions
|
||||
run: |
|
||||
$VM_ASSETS/select-xamarin-sdk-v2.sh --mono=6.10 --android=10.2
|
||||
|
||||
- name: Setup .NET Core SDK 5.0.x
|
||||
uses: actions/setup-dotnet@v1
|
||||
with:
|
||||
dotnet-version: '5.0.x'
|
||||
- name: Setup .NET Core SDK 5.0.x
|
||||
uses: actions/setup-dotnet@v1
|
||||
with:
|
||||
dotnet-version: '5.0.x'
|
||||
|
||||
- name: Install dependencies
|
||||
run: nuget restore <sln_file_path>
|
||||
- name: Install dependencies
|
||||
run: nuget restore <sln_file_path>
|
||||
|
||||
- name: Build
|
||||
run: msbuild <csproj_file_path> /t:PackageForAndroid /p:Configuration=Debug
|
||||
- name: Build
|
||||
run: msbuild <csproj_file_path> /t:PackageForAndroid /p:Configuration=Debug
|
||||
```
|
||||
{% endraw %}
|
||||
|
||||
|
||||
@@ -77,8 +77,8 @@ The following operating systems are supported for the self-hosted runner applica
|
||||
|
||||
#### Linux
|
||||
|
||||
- Red Hat Enterprise Linux 7
|
||||
- CentOS 7
|
||||
- Red Hat Enterprise Linux 7 or later
|
||||
- CentOS 7 or later
|
||||
- Oracle Linux 7
|
||||
- Fedora 29 or later
|
||||
- Debian 9 or later
|
||||
|
||||
@@ -20,7 +20,7 @@ topics:
|
||||
|
||||
Subdomain isolation mitigates cross-site scripting and other related vulnerabilities. For more information, see "[Cross-site scripting](http://en.wikipedia.org/wiki/Cross-site_scripting)" on Wikipedia. We highly recommend that you enable subdomain isolation on {% data variables.product.product_location %}.
|
||||
|
||||
When subdomain isolation is enabled, {% data variables.product.prodname_ghe_server %} replaces several paths with subdomains.
|
||||
When subdomain isolation is enabled, {% data variables.product.prodname_ghe_server %} replaces several paths with subdomains. After enabling subdomain isolation, attempts to access the previous paths for some user-supplied content, such as `http(s)://HOSTNAME/raw/`, may return `404` errors.
|
||||
|
||||
{% if currentVersion == "enterprise-server@2.22" %}
|
||||
To use Docker with {% data variables.product.prodname_registry %}, you must also enable subdomain isolation. For more information, see "[Working with the Docker registry](/enterprise/{{ currentVersion }}/user/packages/working-with-a-github-packages-registry/working-with-the-docker-registry)."
|
||||
|
||||
@@ -22,7 +22,7 @@ featuredLinks:
|
||||
- '{% if currentVersion == "github-ae@latest" %}/admin/user-management/customizing-user-messages-for-your-enterprise{% endif %}'
|
||||
- '{% if currentVersion == "github-ae@latest" %}/admin/github-actions/getting-started-with-github-actions-for-github-ae{% endif %}'
|
||||
popular:
|
||||
- '{% if currentVersion == "github-ae@latest" %}/admin/overview/github-ae-release-notes{% endif %}'
|
||||
- '{% if currentVersion == "github-ae@latest" %}/admin/release-notes{% endif %}'
|
||||
- '{% if enterpriseServerVersions contains currentVersion %}/github/getting-started-with-github/setting-up-a-trial-of-github-enterprise-server{% endif %}'
|
||||
- '{% if enterpriseServerVersions contains currentVersion %}/admin/installation{% endif %}'
|
||||
- '{% if currentVersion == "github-ae@latest" %}/admin/authentication/configuring-authentication-and-provisioning-for-your-enterprise-using-azure-ad{% endif %}'
|
||||
@@ -50,14 +50,3 @@ children:
|
||||
- /release-notes
|
||||
- /all-releases
|
||||
---
|
||||
<!-- . -->
|
||||
<!-- . -->
|
||||
<!-- . -->
|
||||
<!-- . -->
|
||||
<!-- . -->
|
||||
<!-- . -->
|
||||
<!-- . -->
|
||||
<!-- . -->
|
||||
<!-- . -->
|
||||
<!-- . -->
|
||||
<!-- . -->
|
||||
|
||||
@@ -45,5 +45,5 @@ To upgrade your enterprise to a new release, see "[Release notes](/enterprise-se
|
||||
|
||||
- [ {% data variables.product.prodname_roadmap %} ]( {% data variables.product.prodname_roadmap_link %} ) in the `github/roadmap` repository
|
||||
{% if currentVersion == "github-ae@latest" %}
|
||||
- [ {% data variables.product.prodname_ghe_managed %} release notes](/admin/overview/github-ae-release-notes)
|
||||
- [ {% data variables.product.prodname_ghe_managed %} release notes](/admin/release-notes)
|
||||
{% endif %}
|
||||
|
||||
@@ -1,89 +0,0 @@
|
||||
---
|
||||
title: GitHub AE release notes
|
||||
intro: March 1, 2021
|
||||
versions:
|
||||
github-ae: '*'
|
||||
---
|
||||
|
||||
### Features
|
||||
|
||||
#### {% data variables.product.prodname_actions %} beta
|
||||
|
||||
[{% data variables.product.prodname_actions %}](https://github.com/features/actions) is a powerful, flexible solution for CI/CD and workflow automation. For more information, see "[Introduction to {% data variables.product.prodname_actions %}](/actions/learn-github-actions/introduction-to-github-actions)."
|
||||
|
||||
{% data variables.product.prodname_actions %} on {% data variables.product.product_name %} uses a new [{% data variables.actions.hosted_runner %}](/actions/using-github-hosted-runners/about-ae-hosted-runners), only available for {% data variables.product.product_name %}, that enables you to customize the size, image, and networking configuration of the runners. These runners are a finished-service CI compute environment with auto-scaling and management, fully managed by {% data variables.product.company_short %}. During the beta, the use {% data variables.actions.hosted_runner %}s is free of charge. For more information, see "[Adding {% data variables.actions.hosted_runner %}s](/actions/using-github-hosted-runners/adding-ae-hosted-runners)."
|
||||
|
||||
Please note that when {% data variables.product.prodname_actions %} is enabled during this upgrade, two organizations named "GitHub Actions" (@**actions** and @**github**) will appear in {% data variables.product.product_location %}. These organizations are required by {% data variables.product.prodname_actions %}. Users named @**ghost** and @**actions** appear as the actors for creation of these organizations in the audit log.
|
||||
|
||||
#### {% data variables.product.prodname_registry %} beta
|
||||
|
||||
[{% data variables.product.prodname_registry %}](https://github.com/features/packages) is a package hosting service, natively integrated with {% data variables.product.prodname_actions %}, APIs, and webhooks. Create an [end-to-end DevOps workflow](/github-ae@latest/packages/quickstart) that includes your code, continuous integration, and deployment solutions. For more information, see "[About {% data variables.product.prodname_registry %}](/packages/learn-github-packages/about-github-packages)."
|
||||
|
||||
During this beta, {% data variables.product.prodname_registry %} is free of charge to {% data variables.product.product_name %} customers.
|
||||
|
||||
#### {% data variables.product.prodname_GH_advanced_security %} beta
|
||||
|
||||
{% data variables.product.prodname_GH_advanced_security %} is available in beta and includes both {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}. Repository administrators and organization owners can opt into {% data variables.product.prodname_advanced_security %} features in the settings for a repository or organization, within the **Security and analysis** tab. For more information, see "[About {% data variables.product.prodname_GH_advanced_security %}](/github/getting-started-with-github/about-github-advanced-security)."
|
||||
|
||||
During this beta, {% data variables.product.prodname_advanced_security %} features are free of charge to {% data variables.product.product_name %} customers.
|
||||
|
||||
#### Manage teams from your identity provider (IdP)
|
||||
|
||||
Customers using SCIM (System for Cross-domain Identity Management) can now sync security groups in Azure Active Directory with {% data variables.product.company_short %} teams. Once a team has been linked to a security group, membership will be automatically updated in {% data variables.product.product_name %} when a user is added or removed from their assigned security group. For more information, see "[Synchronizing a team with an identity provider group](/organizations/organizing-members-into-teams/synchronizing-a-team-with-an-identity-provider-group)."
|
||||
|
||||
#### IP allow lists beta
|
||||
|
||||
Enterprise and organization owners can now use IP allow lists to restrict traffic to the enterprise or specific organizations. After you configure an IP allow list, only visitors from IP addresses on the list are permitted to access the resources protected by the list.
|
||||
|
||||
This functionality is provided in addition to the ability to request network security group changes that filter traffic to the entirety of the {% data variables.product.product_name %} tenant.
|
||||
|
||||
For more information, see "[Restricting network traffic to your enterprise](/admin/configuration/restricting-network-traffic-to-your-enterprise)" and "[Managing allowed IP addresses for your organization](/organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization)."
|
||||
|
||||
#### Pull request auto-merge
|
||||
|
||||
With auto-merge, pull requests can be set to merge automatically when all merge requirements have been satisfied. This saves users from needing to constantly check the state of their pull requests just to merge them. Auto-merge can be enabled by a user with permission to merge and on pull requests that have unsatisfied merge requirements (like missing approvals or pending or failing required status checks). For more information, see "[Automatically merging a pull request](/github/collaborating-with-issues-and-pull-requests/automatically-merging-a-pull-request)."
|
||||
|
||||
### Changes
|
||||
|
||||
#### Developer changes
|
||||
|
||||
- [Organization owners can now disable publication](/organizations/managing-organization-settings/managing-the-publication-of-github-pages-sites-for-your-organization) of {% data variables.product.prodname_pages %} sites from repositories in the organization. This will not unpublish existing sites.
|
||||
- Repositories that use {% data variables.product.prodname_pages %} can now [build and deploy from any branch](/pages/getting-started-with-github-pages/about-github-pages#publishing-sources-for-github-pages-sites).
|
||||
- When writing an issue or pull request, the list syntax for bullets, numbers, and tasks will now be autocompleted after you press `return` or `enter`.
|
||||
- You can now delete a directory in a repository from the repository page. When navigating to a directory, a new kebab button next to the "Add file" button gives the option to delete the directory.
|
||||
- It’s now easier and faster to [reference issues or pull requests](/github/writing-on-github/basic-writing-and-formatting-syntax#referencing-issues-and-pull-requests), with search across multiple words after the "#".
|
||||
|
||||
##### Administration changes
|
||||
|
||||
- Enterprise owners can now [publish a mandatory message](/admin/user-management/customizing-user-messages-for-your-enterprise#creating-a-mandatory-message). The message is shown to all users and they must acknowledge it. This can be used to display important information, terms of service or policies.
|
||||
- The {% data variables.product.prodname_github_app%} single file path permission can now [support up to ten files](/developers/apps/creating-a-github-app-using-url-parameters).
|
||||
- When configuring a {% data variables.product.prodname_github_app%}, the authorization callback URL is a required field. Now we will permit the integrator to specify multiple callback URLs. {% data variables.product.product_name %} denies authorization if the callback URL from the request is not listed.
|
||||
- A [new API endpoint](/rest/reference/apps#create-a-scoped-access-token) enables the exchange of a user to server token for a user to server token scoped to specific repositories.
|
||||
- Events are now logged in the audit log on [promoting a team member to be a team maintainer and on demoting a team maintainer to be a team member](/admin/user-management/audited-actions#teams).
|
||||
- The [OAuth device authorization flow](/developers/apps/authorizing-oauth-apps#device-flow) is now supported. This allows any CLI client or developer tool to authenticate using a secondary system.
|
||||
- A user can no longer delete their account if SCIM provisioning is enabled.
|
||||
|
||||
##### Default branch renaming
|
||||
|
||||
Enterprise and organization owners can now set the default branch name for new repositories. Enterprise owners can also enforce their choice of default branch name across all organizations or allow individual organizations to choose their own. For more information, see "[Enforcing repository management policies in your enterprise](/admin/policies/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-on-the-default-branch-name)" and "[Managing the default branch name for repositories in your organization](/organizations/managing-organization-settings/managing-the-default-branch-name-for-repositories-in-your-organization)."
|
||||
|
||||
Existing repositories are unaffected by these settings, and their default branch name will not be changed.
|
||||
|
||||
This change is one of many changes {% data variables.product.company_short %} is making to support projects and maintainers that want to rename their default branch. To learn more, see [github/renaming](https://github.com/github/renaming).
|
||||
|
||||
|
||||
### Bug fixes
|
||||
- Users can no longer set a backup email address on their profile. Their email address is set through the IdP only.
|
||||
- You can no longer enable two-factor authentication after configuring authentication through your IdP.
|
||||
- {% data variables.product.product_name %} can now connect to Azure Boards.
|
||||
- Version headers were missing from the APIs, and have now been set to "GitHub AE."
|
||||
- Links to documentation have been fixed.
|
||||
- Configuration of audit log forwarding within the enterprise's settings was failing.
|
||||
- Navigating to gists could result in a 500 error.
|
||||
- The Support email or URL was failing to save. It now saves after a period of a few minutes.
|
||||
- Organization level pull request templates were not being applied to all pull requests in the organization.
|
||||
|
||||
### Known issues
|
||||
|
||||
- Geographic location data is not shown in the audit log. Location information can otherwise be discerned from the IP address associated with each event.
|
||||
- The link to {% data variables.product.prodname_registry %} from a repository page shows an incorrect search page when that repository does not have any packages.
|
||||
@@ -8,6 +8,7 @@ versions:
|
||||
github-ae: '*'
|
||||
children:
|
||||
- /about-github-ae
|
||||
- /about-upgrades-to-new-releases
|
||||
- /about-data-residency
|
||||
- /about-enterprise-accounts
|
||||
- /managing-your-github-enterprise-license
|
||||
@@ -15,6 +16,5 @@ children:
|
||||
- /about-upgrades-to-new-releases
|
||||
- /system-overview
|
||||
- /about-the-github-enterprise-api
|
||||
- /github-ae-release-notes
|
||||
---
|
||||
For more information, or to purchase {% data variables.product.prodname_enterprise %}, see [{% data variables.product.prodname_enterprise %}](https://github.com/enterprise).
|
||||
|
||||
@@ -1,11 +1,12 @@
|
||||
---
|
||||
title: Release notes
|
||||
intro: 'The release notes for {{ allVersions[currentVersion].versionTitle }}.'
|
||||
layout: release-notes
|
||||
versions:
|
||||
enterprise-server: '*'
|
||||
github-ae: '*'
|
||||
topics:
|
||||
- Enterprise
|
||||
- Upgrades
|
||||
redirect_from:
|
||||
- /admin/overview/github-ae-release-notes
|
||||
---
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ versions:
|
||||
enterprise-server: '*'
|
||||
type: how_to
|
||||
topics:
|
||||
- 2fa
|
||||
- 2FA
|
||||
- Enterprise
|
||||
- Organizations
|
||||
- Policies
|
||||
|
||||
@@ -5,6 +5,7 @@ redirect_from:
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/about-billing-for-git-large-file-storage
|
||||
- /articles/about-billing-for-git-large-file-storage
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/about-billing-for-git-large-file-storage
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-git-large-file-storage/about-billing-for-git-large-file-storage
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: overview
|
||||
|
||||
@@ -7,6 +7,7 @@ redirect_from:
|
||||
- /articles/downgrading-storage-and-bandwidth-for-an-organization/
|
||||
- /articles/downgrading-git-large-file-storage
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/downgrading-git-large-file-storage
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-git-large-file-storage/downgrading-git-large-file-storage
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: how_to
|
||||
|
||||
@@ -7,6 +7,7 @@ redirect_from:
|
||||
- /articles/purchasing-additional-storage-and-bandwidth-for-an-organization/
|
||||
- /articles/upgrading-git-large-file-storage
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/upgrading-git-large-file-storage
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-git-large-file-storage/upgrading-git-large-file-storage
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: how_to
|
||||
|
||||
@@ -7,6 +7,7 @@ redirect_from:
|
||||
- /articles/viewing-storage-and-bandwidth-usage-for-an-organization/
|
||||
- /articles/viewing-your-git-large-file-storage-usage
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/viewing-your-git-large-file-storage-usage
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-git-large-file-storage/viewing-your-git-large-file-storage-usage
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: how_to
|
||||
|
||||
@@ -4,6 +4,7 @@ intro: 'If you want to use {% data variables.product.prodname_actions %} beyond
|
||||
product: '{% data reusables.gated-features.actions %}'
|
||||
redirect_from:
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/about-billing-for-github-actions
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-github-actions/about-billing-for-github-actions
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: overview
|
||||
|
||||
@@ -4,6 +4,7 @@ intro: 'You can set a spending limit for {% data variables.product.prodname_acti
|
||||
product: '{% data reusables.gated-features.actions %}'
|
||||
redirect_from:
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-your-spending-limit-for-github-actions
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-github-actions/managing-your-spending-limit-for-github-actions
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: how_to
|
||||
|
||||
@@ -4,6 +4,7 @@ intro: 'You can view details of your usage of minutes and storage for {% data va
|
||||
product: '{% data reusables.gated-features.actions %}'
|
||||
redirect_from:
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/viewing-your-github-actions-usage
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-github-actions/viewing-your-github-actions-usage
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: how_to
|
||||
|
||||
@@ -5,6 +5,7 @@ redirect_from:
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/about-billing-for-github-marketplace
|
||||
- /articles/about-billing-for-github-marketplace
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/about-billing-for-github-marketplace
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-github-marketplace-apps/about-billing-for-github-marketplace
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: overview
|
||||
|
||||
@@ -7,6 +7,7 @@ redirect_from:
|
||||
- /articles/canceling-an-app-for-your-organization/
|
||||
- /articles/canceling-a-github-marketplace-app
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/canceling-a-github-marketplace-app
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-github-marketplace-apps/canceling-a-github-marketplace-app
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: how_to
|
||||
|
||||
@@ -7,6 +7,7 @@ redirect_from:
|
||||
- /articles/downgrading-an-app-for-your-organization/
|
||||
- /articles/downgrading-the-billing-plan-for-a-github-marketplace-app
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/downgrading-the-billing-plan-for-a-github-marketplace-app
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-github-marketplace-apps/downgrading-the-billing-plan-for-a-github-marketplace-app
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: how_to
|
||||
|
||||
@@ -7,6 +7,7 @@ redirect_from:
|
||||
- /articles/upgrading-an-app-for-your-organization/
|
||||
- /articles/upgrading-the-billing-plan-for-a-github-marketplace-app
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/upgrading-the-billing-plan-for-a-github-marketplace-app
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-github-marketplace-apps/upgrading-the-billing-plan-for-a-github-marketplace-app
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: how_to
|
||||
|
||||
@@ -4,6 +4,7 @@ intro: 'If you want to use {% data variables.product.prodname_registry %} beyond
|
||||
product: '{% data reusables.gated-features.packages %}'
|
||||
redirect_from:
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/about-billing-for-github-packages
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-github-packages/about-billing-for-github-packages
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: overview
|
||||
|
||||
@@ -4,6 +4,7 @@ intro: 'You can set a spending limit for {% data variables.product.prodname_regi
|
||||
product: '{% data reusables.gated-features.packages %}'
|
||||
redirect_from:
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-your-spending-limit-for-github-packages
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-github-packages/managing-your-spending-limit-for-github-packages
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: how_to
|
||||
|
||||
@@ -4,6 +4,7 @@ intro: 'You can view details of your usage of storage and data transfer for {% d
|
||||
product: '{% data reusables.gated-features.packages %}'
|
||||
redirect_from:
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/viewing-your-github-packages-usage
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-github-packages/viewing-your-github-packages-usage
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: how_to
|
||||
|
||||
@@ -5,6 +5,7 @@ redirect_from:
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/about-billing-for-github-sponsors
|
||||
- /articles/about-billing-for-github-sponsors
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/about-billing-for-github-sponsors
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-github-sponsors/about-billing-for-github-sponsors
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: overview
|
||||
|
||||
@@ -5,6 +5,7 @@ redirect_from:
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/downgrading-a-sponsorship
|
||||
- /articles/downgrading-a-sponsorship
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/downgrading-a-sponsorship
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-github-sponsors/downgrading-a-sponsorship
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: how_to
|
||||
|
||||
@@ -5,6 +5,7 @@ redirect_from:
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/upgrading-a-sponsorship
|
||||
- /articles/upgrading-a-sponsorship
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/upgrading-a-sponsorship
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-github-sponsors/upgrading-a-sponsorship
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: how_to
|
||||
|
||||
@@ -12,6 +12,7 @@ redirect_from:
|
||||
- /articles/github-s-billing-plans
|
||||
- /articles/about-billing-for-github-accounts
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/about-billing-for-github-accounts
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-your-github-account/about-billing-for-github-accounts
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: overview
|
||||
|
||||
@@ -5,6 +5,7 @@ redirect_from:
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/about-per-user-pricing
|
||||
- /articles/about-per-user-pricing
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/about-per-user-pricing
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-your-github-account/about-per-user-pricing
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: overview
|
||||
|
||||
@@ -8,6 +8,7 @@ redirect_from:
|
||||
- /articles/discounted-billing-plans/
|
||||
- /articles/discounted-subscriptions-for-github-accounts
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/discounted-subscriptions-for-github-accounts
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-your-github-account/discounted-subscriptions-for-github-accounts
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: reference
|
||||
|
||||
@@ -17,6 +17,7 @@ redirect_from:
|
||||
- /articles/downgrading-your-github-billing-plan/
|
||||
- /articles/downgrading-your-github-subscription
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/downgrading-your-github-subscription
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-your-github-account/downgrading-your-github-subscription
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
topics:
|
||||
|
||||
@@ -5,6 +5,7 @@ redirect_from:
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/how-does-upgrading-or-downgrading-affect-the-billing-process
|
||||
- /articles/how-does-upgrading-or-downgrading-affect-the-billing-process
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/how-does-upgrading-or-downgrading-affect-the-billing-process
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-your-github-account/how-does-upgrading-or-downgrading-affect-the-billing-process
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: how_to
|
||||
|
||||
@@ -19,6 +19,7 @@ redirect_from:
|
||||
- /articles/upgrading-your-github-billing-plan/
|
||||
- /articles/upgrading-your-github-subscription
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/upgrading-your-github-subscription
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-your-github-account/upgrading-your-github-subscription
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: how_to
|
||||
|
||||
@@ -8,6 +8,7 @@ redirect_from:
|
||||
- /articles/viewing-and-managing-pending-changes-to-your-billing-plan/
|
||||
- /articles/viewing-and-managing-pending-changes-to-your-subscription
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/viewing-and-managing-pending-changes-to-your-subscription
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-your-github-account/viewing-and-managing-pending-changes-to-your-subscription
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: how_to
|
||||
|
||||
@@ -4,6 +4,7 @@ intro: 'If you want to use {% data variables.product.prodname_GH_advanced_securi
|
||||
product: '{% data reusables.gated-features.ghas %}'
|
||||
redirect_from:
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/about-licensing-for-github-advanced-security
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-licensing-for-github-advanced-security/about-licensing-for-github-advanced-security
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: overview
|
||||
|
||||
@@ -4,6 +4,7 @@ intro: 'You can view usage of your {% data variables.product.prodname_GH_advance
|
||||
permissions: 'Enterprise owners can manage access to {% data variables.product.prodname_GH_advanced_security %} for their organization or enterprise organizations.'
|
||||
product: '{% data reusables.gated-features.ghas %}'
|
||||
redirect_from:
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-licensing-for-github-advanced-security/viewing-your-github-advanced-security-usage
|
||||
- /github/setting-up-and-managing-your-enterprise/managing-use-of-advanced-security-for-organizations-in-your-enterprise-account
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/viewing-your-github-advanced-security-usage
|
||||
versions:
|
||||
|
||||
@@ -5,6 +5,7 @@ redirect_from:
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/about-billing-on-github
|
||||
- /articles/about-billing-on-github
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/about-billing-on-github
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-your-github-billing-settings/about-billing-on-github
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: overview
|
||||
|
||||
@@ -13,6 +13,7 @@ redirect_from:
|
||||
- /articles/adding-information-to-your-organization-s-receipts/
|
||||
- /articles/adding-information-to-your-receipts
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/adding-information-to-your-receipts
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-your-github-billing-settings/adding-information-to-your-receipts
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: how_to
|
||||
|
||||
@@ -17,6 +17,7 @@ redirect_from:
|
||||
- /articles/switching-payment-methods-for-your-organization/
|
||||
- /articles/adding-or-editing-a-payment-method
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/adding-or-editing-a-payment-method
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-your-github-billing-settings/adding-or-editing-a-payment-method
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: how_to
|
||||
|
||||
@@ -8,6 +8,7 @@ redirect_from:
|
||||
- /articles/switching-between-monthly-and-yearly-billing-for-your-organization/
|
||||
- /articles/changing-the-duration-of-your-billing-cycle
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/changing-the-duration-of-your-billing-cycle
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-your-github-billing-settings/changing-the-duration-of-your-billing-cycle
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: how_to
|
||||
|
||||
@@ -8,6 +8,7 @@ redirect_from:
|
||||
- /articles/redeeming-a-coupon-for-organizations/
|
||||
- /articles/redeeming-a-coupon
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/redeeming-a-coupon
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-your-github-billing-settings/redeeming-a-coupon
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: how_to
|
||||
|
||||
@@ -9,6 +9,7 @@ redirect_from:
|
||||
- /articles/removing-a-payment-method-associated-with-your-organization/
|
||||
- /articles/removing-a-payment-method
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/removing-a-payment-method
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-your-github-billing-settings/removing-a-payment-method
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: how_to
|
||||
|
||||
@@ -9,6 +9,7 @@ redirect_from:
|
||||
- /articles/setting-your-organization-s-billing-email/
|
||||
- /articles/setting-your-billing-email
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/setting-your-billing-email
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-your-github-billing-settings/setting-your-billing-email
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: how_to
|
||||
|
||||
@@ -6,6 +6,7 @@ redirect_from:
|
||||
- /articles/what-do-i-do-if-my-card-is-declined/
|
||||
- /articles/troubleshooting-a-declined-credit-card-charge
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/troubleshooting-a-declined-credit-card-charge
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-your-github-billing-settings/troubleshooting-a-declined-credit-card-charge
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: how_to
|
||||
|
||||
@@ -11,6 +11,7 @@ redirect_from:
|
||||
- /articles/unlocking-a-locked-organization-account/
|
||||
- /articles/unlocking-a-locked-account
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/unlocking-a-locked-account
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-your-github-billing-settings/unlocking-a-locked-account
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: how_to
|
||||
|
||||
@@ -8,6 +8,7 @@ redirect_from:
|
||||
- /articles/downloading-receipts-for-organizations/
|
||||
- /articles/viewing-your-payment-history-and-receipts
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/viewing-your-payment-history-and-receipts
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/managing-your-github-billing-settings/viewing-your-payment-history-and-receipts
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: how_to
|
||||
|
||||
@@ -6,6 +6,7 @@ redirect_from:
|
||||
- /articles/about-organizations-for-resellers/
|
||||
- /articles/about-organizations-for-procurement-companies
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/about-organizations-for-procurement-companies
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/setting-up-paid-organizations-for-procurement-companies/about-organizations-for-procurement-companies
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: overview
|
||||
|
||||
@@ -5,6 +5,7 @@ redirect_from:
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/creating-and-paying-for-an-organization-on-behalf-of-a-client
|
||||
- /articles/creating-and-paying-for-an-organization-on-behalf-of-a-client
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/creating-and-paying-for-an-organization-on-behalf-of-a-client
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/setting-up-paid-organizations-for-procurement-companies/creating-and-paying-for-an-organization-on-behalf-of-a-client
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: quick_start
|
||||
|
||||
@@ -6,6 +6,7 @@ redirect_from:
|
||||
- /articles/renewing-your-client-s-paid-organization
|
||||
- /articles/renewing-your-clients-paid-organization
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/renewing-your-clients-paid-organization
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/setting-up-paid-organizations-for-procurement-companies/renewing-your-clients-paid-organization
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: how_to
|
||||
|
||||
@@ -6,6 +6,7 @@ redirect_from:
|
||||
- /articles/upgrading-or-downgrading-your-client-s-paid-organization
|
||||
- /articles/upgrading-or-downgrading-your-clients-paid-organization
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/upgrading-or-downgrading-your-clients-paid-organization
|
||||
- /github/setting-up-and-managing-billing-and-payments-on-github/setting-up-paid-organizations-for-procurement-companies/upgrading-or-downgrading-your-clients-paid-organization
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
type: how_to
|
||||
|
||||
@@ -1,89 +0,0 @@
|
||||
---
|
||||
title: About securing your repository
|
||||
intro: '{% data variables.product.product_name %} provides a number of ways that you can help keep your repository secure.'
|
||||
redirect_from:
|
||||
- /github/administering-a-repository/about-securing-your-repository
|
||||
- /articles/securing-your-repository
|
||||
- /github/administering-a-repository/securing-your-repository
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=3.0'
|
||||
github-ae: '*'
|
||||
topics:
|
||||
- Repositories
|
||||
---
|
||||
|
||||
### Setting up your repository securely
|
||||
|
||||
The first step to securing a repository is to set up who can see and modify your code. For more information, see "[Managing repository settings](/github/administering-a-repository/managing-repository-settings)."
|
||||
|
||||
### Securing your repository
|
||||
|
||||
{% data variables.product.prodname_dotcom %} has a growing set of security features that help you keep your code secure. You can find these on the **Security** tab for your repository.
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
|
||||
#### Available for all repositories
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" or currentVersion == 'github-ae@next' %}
|
||||
- **Security policy**
|
||||
|
||||
Make it easy for your users to confidentially report security vulnerabilities they've found in your repository. For more information, see "[Adding a security policy to your repository](/code-security/getting-started/adding-a-security-policy-to-your-repository)."
|
||||
{% endif %}
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" %}
|
||||
- **Security advisories**
|
||||
|
||||
Privately discuss and fix security vulnerabilities in your repository's code. You can then publish a security advisory to alert your community to the vulnerability and encourage them to upgrade. For more information, see "[About {% data variables.product.prodname_security_advisories %}](/github/managing-security-vulnerabilities/about-github-security-advisories)."
|
||||
|
||||
- **{% data variables.product.prodname_dependabot_alerts %} and security updates**
|
||||
|
||||
View alerts about dependencies that are known to contain security vulnerabilities, and choose whether to have pull requests generated automatically to update these dependencies. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)"
|
||||
and "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)."
|
||||
{% endif %}
|
||||
|
||||
{% if currentVersion ver_gt "enterprise-server@2.22" %}
|
||||
- **{% data variables.product.prodname_dependabot_alerts %}**
|
||||
|
||||
View alerts about dependencies that are known to contain security vulnerabilities, and manage these alerts. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)."
|
||||
{% endif %}
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" %}
|
||||
- **{% data variables.product.prodname_dependabot %} version updates**
|
||||
|
||||
Use {% data variables.product.prodname_dependabot %} to automatically raise pull requests to keep your dependencies up-to-date. This helps reduce your exposure to older versions of dependencies. Using newer versions makes it easier to apply patches if security vulnerabilities are discovered, and also makes it easier for {% data variables.product.prodname_dependabot_security_updates %} to successfully raise pull requests to upgrade vulnerable dependencies. For more information, see "[About {% data variables.product.prodname_dependabot_version_updates %}](/github/administering-a-repository/about-dependabot-version-updates)."
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %}
|
||||
|
||||
#### Available {% if currentVersion == "free-pro-team@latest" %}for public repositories and for repositories {% endif %}with {% data variables.product.prodname_advanced_security %}
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
|
||||
These features are available {% if currentVersion == "free-pro-team@latest" %}for all public repositories, and for private repositories owned by organizations with {% else %}if you have {% endif %}an {% data variables.product.prodname_advanced_security %} license. {% data reusables.advanced-security.more-info-ghas %}
|
||||
{% endif %}
|
||||
|
||||
- **{% data variables.product.prodname_code_scanning_capc %} alerts**
|
||||
|
||||
Automatically detect security vulnerabilities and coding errors in new or modified code. Potential problems are highlighted, with detailed information, allowing you to fix the code before it's merged into your default branch. For more information, see "[About code scanning](/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning)."
|
||||
|
||||
- **{% data variables.product.prodname_secret_scanning_caps %} alerts**
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" %}For private repositories, view {% else %}View {% endif %}any secrets that {% data variables.product.prodname_dotcom %} has found in your code. You should treat tokens or credentials that have been checked into the repository as compromised. For more information, see "[About secret scanning](/github/administering-a-repository/about-secret-scanning)."
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" %}
|
||||
- **Dependency review** - Show the full impact of changes to dependencies and see details of any vulnerable versions before you merge a pull request. For more information, see "[About dependency review](/code-security/supply-chain-security/about-dependency-review)."
|
||||
{% endif %}
|
||||
|
||||
{% if currentVersion != "github-ae@latest" %}
|
||||
### Exploring dependencies
|
||||
{% data variables.product.prodname_dotcom %}'s dependency graph allows you to explore:
|
||||
|
||||
* Ecosystems and packages that your repository depends on
|
||||
* Repositories and packages that depend on your repository
|
||||
|
||||
You must enable the dependency graph before {% data variables.product.prodname_dotcom %} can generate {% data variables.product.prodname_dependabot_alerts %} for dependencies with security vulnerabilities. {% if currentVersion == "free-pro-team@latest" %}Enabling the dependency graph also enables {% data variables.product.prodname_dotcom %} to run dependency reviews of pull requests.{% endif %}
|
||||
|
||||
You can find the dependency graph on the **Insights** tab for your repository. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)."
|
||||
{% endif %}
|
||||
@@ -9,8 +9,12 @@ versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=3.1'
|
||||
github-ae: 'next'
|
||||
type: how_to
|
||||
topics:
|
||||
- Security
|
||||
- Security policies
|
||||
- Vulnerabilities
|
||||
- Repositories
|
||||
- Health
|
||||
---
|
||||
|
||||
### About security policies
|
||||
@@ -54,6 +58,6 @@ By making security reporting instructions clearly available, you make it easy fo
|
||||
|
||||
### Further reading
|
||||
|
||||
- "[About securing your repository](/github/administering-a-repository/about-securing-your-repository)"{% if currentVersion != 'github-ae@next' %}
|
||||
- "[Securing your repository](/code-security/getting-started/securing-your-repository)"{% if currentVersion != 'github-ae@next' %}
|
||||
- "[Setting up your project for healthy contributions](/communities/setting-up-your-project-for-healthy-contributions)"{% endif %}{% if currentVersion == "free-pro-team@latest" %}
|
||||
- [{% data variables.product.prodname_security %}]({% data variables.product.prodname_security_link %}){% endif %}
|
||||
|
||||
@@ -0,0 +1,86 @@
|
||||
---
|
||||
title: GitHub security features
|
||||
intro: 'An overview of {% data variables.product.prodname_dotcom %} security features.'
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=3.0'
|
||||
github-ae: '*'
|
||||
type: overview
|
||||
topics:
|
||||
- Repositories
|
||||
- Dependencies
|
||||
- Vulnerabilities
|
||||
- Advanced Security
|
||||
---
|
||||
|
||||
### About {% data variables.product.prodname_dotcom %}'s security features
|
||||
|
||||
{% data variables.product.prodname_dotcom %} has security features that help keep code and secrets secure in repositories and across organizations. Some features are available for all repositories and others are only available {% if currentVersion == "free-pro-team@latest" %}for public repositories and for repositories {% endif %}with a {% data variables.product.prodname_GH_advanced_security %} license.
|
||||
|
||||
The {% data variables.product.prodname_advisory_database %} contains a curated list of security vulnerabilities that you can view, search, and filter. {% data reusables.security-advisory.link-browsing-advisory-db %}
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
|
||||
### Available for all repositories
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" or currentVersion == 'github-ae@next' %}
|
||||
#### Security policy
|
||||
|
||||
Make it easy for your users to confidentially report security vulnerabilities they've found in your repository. For more information, see "[Adding a security policy to your repository](/code-security/getting-started/adding-a-security-policy-to-your-repository)."
|
||||
{% endif %}
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" %}
|
||||
#### Security advisories
|
||||
|
||||
Privately discuss and fix security vulnerabilities in your repository's code. You can then publish a security advisory to alert your community to the vulnerability and encourage community members to upgrade. For more information, see "[About {% data variables.product.prodname_security_advisories %}](/github/managing-security-vulnerabilities/about-github-security-advisories)."
|
||||
|
||||
#### {% data variables.product.prodname_dependabot_alerts %} and security updates
|
||||
|
||||
View alerts about dependencies that are known to contain security vulnerabilities, and choose whether to have pull requests generated automatically to update these dependencies. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)"
|
||||
and "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)."
|
||||
{% endif %}
|
||||
|
||||
{% if currentVersion ver_gt "enterprise-server@2.22" %}
|
||||
#### {% data variables.product.prodname_dependabot_alerts %}
|
||||
|
||||
View alerts about dependencies that are known to contain security vulnerabilities, and manage these alerts. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)."
|
||||
{% endif %}
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" %}
|
||||
#### {% data variables.product.prodname_dependabot %} version updates
|
||||
|
||||
Use {% data variables.product.prodname_dependabot %} to automatically raise pull requests to keep your dependencies up-to-date. This helps reduce your exposure to older versions of dependencies. Using newer versions makes it easier to apply patches if security vulnerabilities are discovered, and also makes it easier for {% data variables.product.prodname_dependabot_security_updates %} to successfully raise pull requests to upgrade vulnerable dependencies. For more information, see "[About {% data variables.product.prodname_dependabot_version_updates %}](/github/administering-a-repository/about-dependabot-version-updates)."
|
||||
{% endif %}
|
||||
|
||||
#### Dependency graph
|
||||
The dependency graph allows you to explore the ecosystems and packages that your repository depends on and the repositories and packages that depend on your repository.
|
||||
|
||||
You can find the dependency graph on the **Insights** tab for your repository. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)."
|
||||
{% endif %}
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %}
|
||||
|
||||
### Available {% if currentVersion == "free-pro-team@latest" %}for public repositories and for repositories {% endif %}with {% data variables.product.prodname_advanced_security %}
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
|
||||
These features are available {% if currentVersion == "free-pro-team@latest" %}for all public repositories, and for private repositories owned by organizations with {% else %}if you have {% endif %}an {% data variables.product.prodname_advanced_security %} license. {% data reusables.advanced-security.more-info-ghas %}
|
||||
{% endif %}
|
||||
|
||||
#### {% data variables.product.prodname_code_scanning_capc %} alerts
|
||||
|
||||
Automatically detect security vulnerabilities and coding errors in new or modified code. Potential problems are highlighted, with detailed information, allowing you to fix the code before it's merged into your default branch. For more information, see "[About code scanning](/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning)."
|
||||
|
||||
#### {% data variables.product.prodname_secret_scanning_caps %} alerts
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" %}For private repositories, view {% else %}View {% endif %}any secrets that {% data variables.product.prodname_dotcom %} has found in your code. You should treat tokens or credentials that have been checked into the repository as compromised. For more information, see "[About secret scanning](/github/administering-a-repository/about-secret-scanning)."
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" %}
|
||||
#### Dependency review
|
||||
|
||||
Show the full impact of changes to dependencies and see details of any vulnerable versions before you merge a pull request. For more information, see "[About dependency review](/code-security/supply-chain-security/about-dependency-review)."
|
||||
{% endif %}
|
||||
|
||||
### Further reading
|
||||
- "[{% data variables.product.prodname_dotcom %}'s products](/github/getting-started-with-github/githubs-products)"
|
||||
- "[{% data variables.product.prodname_dotcom %} language support](/github/getting-started-with-github/github-language-support)"
|
||||
@@ -7,9 +7,13 @@ versions:
|
||||
enterprise-server: '>=3.0'
|
||||
github-ae: '*'
|
||||
topics:
|
||||
- Security
|
||||
- Repositories
|
||||
- Dependencies
|
||||
- Vulnerabilities
|
||||
children:
|
||||
- /about-securing-your-repository
|
||||
- /github-security-features
|
||||
- /securing-your-repository
|
||||
- /securing-your-organization
|
||||
- /adding-a-security-policy-to-your-repository
|
||||
---
|
||||
|
||||
|
||||
@@ -0,0 +1,112 @@
|
||||
---
|
||||
title: Securing your organization
|
||||
intro: 'You can use a number of {% data variables.product.prodname_dotcom %} features to help keep your organization secure.'
|
||||
permissions: 'Organization owners can configure organization security settings.'
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=3.0'
|
||||
github-ae: '*'
|
||||
type: how_to
|
||||
topics:
|
||||
- Organizations
|
||||
- Dependencies
|
||||
- Vulnerabilities
|
||||
- Advanced Security
|
||||
---
|
||||
|
||||
### Introduction
|
||||
This guide shows you how to configure security features for an organization. Your organization's security needs are unique and you may not need to enable every security feature. For more information, see "[{% data variables.product.prodname_dotcom %} security features](/code-security/getting-started/github-security-features)."
|
||||
|
||||
Some security features are only available {% if currentVersion == "free-pro-team@latest" %}for public repositories, and for private repositories owned by organizations with {% else %}if you have {% endif %}an {% data variables.product.prodname_advanced_security %} license. {% data reusables.advanced-security.more-info-ghas %}
|
||||
|
||||
### Managing access to your organization
|
||||
|
||||
You can use permission levels to control what actions people can take in your organization. For more information, see "[Permission levels for an organization](/organizations/managing-peoples-access-to-your-organization-with-roles/permission-levels-for-an-organization)."
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" or currentVersion == "github-ae@next" %}
|
||||
|
||||
### Creating a default security policy
|
||||
|
||||
You can create a default security policy that will display in any of your organization's public repositories that do not have their own security policy. For more information, see "[Creating a default community health file](/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file)."
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
|
||||
### Managing {% data variables.product.prodname_dependabot_alerts %} and the dependency graph
|
||||
|
||||
By default, {% data variables.product.prodname_dotcom %} detects vulnerabilities in public repositories and generates {% data variables.product.prodname_dependabot_alerts %} and a dependency graph. You can enable or disable {% data variables.product.prodname_dependabot_alerts %} and the dependency graph for all repositories owned by your organization.
|
||||
|
||||
1. Click your profile photo, then click **Organizations**.
|
||||
2. Click **Settings** next to your organization.
|
||||
3. Click **Security & analysis**.
|
||||
4. Click **Enable all** or **Disable all** next to the feature that you want to manage.
|
||||
5. Optionally, select **Automatically enable for new repositories**.
|
||||
|
||||
For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)," "[Exploring the dependencies of a repository](/code-security/supply-chain-security/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)," and "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)."
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" %}
|
||||
|
||||
### Managing dependency review
|
||||
|
||||
Dependency review lets you visualize dependency changes in pull requests before they are merged into your repositories. Dependency review is available in all public repositories and in repositories owned by organizations with an {% data variables.product.prodname_advanced_security %} license that have the dependency graph enabled. For more information, see "[About dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)."
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" %}
|
||||
### Managing {% data variables.product.prodname_dependabot_security_updates %}
|
||||
|
||||
For any repository that uses {% data variables.product.prodname_dependabot_alerts %}, you can enable {% data variables.product.prodname_dependabot_security_updates %} to raise pull requests with security updates when vulnerabilities are detected. You can also enable or disable {% data variables.product.prodname_dependabot_security_updates %} for all repositories across your organization.
|
||||
|
||||
1. Click your profile photo, then click **Organizations**.
|
||||
2. Click **Settings** next to your organization.
|
||||
3. Click **Security & analysis**.
|
||||
4. Click **Enable all** or **Disable all** next to {% data variables.product.prodname_dependabot_security_updates %}.
|
||||
5. Optionally, select **Automatically enable for new repositories**.
|
||||
|
||||
For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/about-dependabot-security-updates)" and "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)."
|
||||
|
||||
### Managing {% data variables.product.prodname_dependabot_version_updates %}
|
||||
|
||||
You can enable {% data variables.product.prodname_dependabot %} to automatically raise pull requests to keep your dependencies up-to-date. For more information, see "[About {% data variables.product.prodname_dependabot_version_updates %}](/code-security/supply-chain-security/about-dependabot-version-updates)."
|
||||
|
||||
To enable {% data variables.product.prodname_dependabot_version_updates %}, you must create a *dependabot.yml* configuration file. For more information, see "[Enabling and disabling version updates](/code-security/supply-chain-security/enabling-and-disabling-version-updates)."
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %}
|
||||
### Managing {% data variables.product.prodname_GH_advanced_security %}
|
||||
|
||||
If your organization has an {% data variables.product.prodname_advanced_security %} license, you can enable or disable {% data variables.product.prodname_advanced_security %} features.
|
||||
|
||||
1. Click your profile photo, then click **Organizations**.
|
||||
2. Click **Settings** next to your organization.
|
||||
3. Click **Security & analysis**.
|
||||
4. Click **Enable all** or **Disable all** next to {% data variables.product.prodname_GH_advanced_security %}.
|
||||
5. Optionally, select **Automatically enable for new private repositories**.
|
||||
|
||||
For more information, see "[About {% data variables.product.prodname_GH_advanced_security %}](/github/getting-started-with-github/about-github-advanced-security)" and "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)."
|
||||
|
||||
### Configuring {% data variables.product.prodname_secret_scanning %}
|
||||
{% data variables.product.prodname_secret_scanning_caps %} is available {% if currentVersion == "free-pro-team@latest" %}for all public repositories, and for private repositories owned by organizations with {% else %}if you have {% endif %}an {% data variables.product.prodname_advanced_security %} license.
|
||||
|
||||
You can enable or disable {% data variables.product.prodname_secret_scanning %} for all repositories across your organization that have {% data variables.product.prodname_advanced_security %} enabled.
|
||||
|
||||
1. Click your profile photo, then click **Organizations**.
|
||||
2. Click **Settings** next to your organization.
|
||||
3. Click **Security & analysis**.
|
||||
4. Click **Enable all** or **Disable all** next to {% data variables.product.prodname_secret_scanning_caps %} ({% data variables.product.prodname_GH_advanced_security %} repositories only).
|
||||
5. Optionally, select **Automatically enable for private repositories added to {% data variables.product.prodname_advanced_security %}**.
|
||||
|
||||
For more information, see "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)."
|
||||
|
||||
{% endif %}
|
||||
|
||||
### Next steps
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion == "github-ae@next" %}You can view, filter, and sort security alerts for repositories owned by your organization in the security overview. For more information, see "[Exploring security alerts](/code-security/security-overview/exploring-security-alerts)."{% endif %}
|
||||
|
||||
You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %} "[Viewing and updating vulnerable dependencies in your repository](/code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository),"{% endif %} {% if currentVersion == "free-pro-team@latest" %}"[Managing pull requests for dependency updates](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Managing {% data variables.product.prodname_code_scanning %} for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," and "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" %}If you have a security vulnerability, you can create a security advisory to privately discuss and fix the vulnerability. For more information, see "[About {% data variables.product.prodname_security_advisories %}](/code-security/security-advisories/about-github-security-advisories)" and "[Creating a security advisory](/code-security/security-advisories/creating-a-security-advisory)."
|
||||
{% endif %}
|
||||
@@ -0,0 +1,124 @@
|
||||
---
|
||||
title: Securing your repository
|
||||
intro: 'You can use a number of {% data variables.product.prodname_dotcom %} features to help keep your repository secure.'
|
||||
permissions: 'Repository administrators and organization owners can configure repository security settings.'
|
||||
redirect_from:
|
||||
- /github/administering-a-repository/about-securing-your-repository
|
||||
- /github/code-security/getting-started/about-securing-your-repository
|
||||
versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=3.0'
|
||||
github-ae: '*'
|
||||
type: how_to
|
||||
topics:
|
||||
- Repositories
|
||||
- Dependencies
|
||||
- Vulnerabilities
|
||||
- Advanced Security
|
||||
---
|
||||
|
||||
### Introduction
|
||||
This guide shows you how to configure security features for a repository. You must be a repository administrator or organization owner to configure security settings for a repository.
|
||||
|
||||
Your security needs are unique to your repository, so you may not need to enable every feature for your repository. For more information, see "[{% data variables.product.prodname_dotcom %} security features](/code-security/getting-started/github-security-features)."
|
||||
|
||||
Some security features are only available {% if currentVersion == "free-pro-team@latest" %}for public repositories, and for private repositories owned by organizations with {% else %}if you have {% endif %}an {% data variables.product.prodname_advanced_security %} license. {% data reusables.advanced-security.more-info-ghas %}
|
||||
|
||||
### Managing access to your repository
|
||||
|
||||
The first step to securing a repository is to set up who can see and modify your code. For more information, see "[Managing repository settings](/github/administering-a-repository/managing-repository-settings)."
|
||||
|
||||
From the main page of your repository, click **{% octicon "gear" aria-label="The Settings gear" %}Settings**, then scroll down to the "Danger Zone."
|
||||
|
||||
- To change who can view your repository, click **Change visibility**. For more information, see "[Setting repository visibility](/github/administering-a-repository/setting-repository-visibility)."{% if currentVersion == "free-pro-team@latest" %}
|
||||
- To change who can access your repository and adjust permissions, click **Manage access**. For more information, see"[Managing teams and people with access to your repository](/github/administering-a-repository/managing-teams-and-people-with-access-to-your-repository)."{% endif %}
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" or currentVersion == 'github-ae@next' %}
|
||||
### Setting a security policy
|
||||
|
||||
1. From the main page of your repository, click **{% octicon "shield" aria-label="The shield symbol" %} Security**.
|
||||
2. Click **Security policy**.
|
||||
3. Click **Start setup**.
|
||||
4. Add information about supported versions of your project and how to report vulnerabilities.
|
||||
|
||||
For more information, see "[Adding a security policy to your repository](/code-security/getting-started/adding-a-security-policy-to-your-repository)."
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
|
||||
### Managing the dependency graph
|
||||
|
||||
The dependency graph is automatically generated for {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %} all public repositories and you can choose to enable it for private repositories.{% else %} all repositories.{% endif %}
|
||||
|
||||
1. From the main page of your repository, click **{% octicon "gear" aria-label="The Settings gear" %} Settings**.
|
||||
2. Click **Security & analysis**.
|
||||
3. Next to Dependency graph, click **Enable** or **Disable**.
|
||||
|
||||
For more information, see "[Exploring the dependencies of a repository](/code-security/supply-chain-security/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)."
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
|
||||
### Managing {% data variables.product.prodname_dependabot_alerts %}
|
||||
|
||||
By default, {% data variables.product.prodname_dotcom %} detects vulnerabilities in public repositories and generates {% data variables.product.prodname_dependabot_alerts %}. {% data variables.product.prodname_dependabot_alerts %} can also be enabled for private repositories.
|
||||
|
||||
1. Click your profile photo, then click **Settings**.
|
||||
2. Click **Security & analysis**.
|
||||
3. Click **Enable all** next to {% data variables.product.prodname_dependabot_alerts %}.
|
||||
|
||||
For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies){% if currentVersion == "free-pro-team@latest" %}" and "[Managing security and analysis settings for your user account](/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account){% endif %}."
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" %}
|
||||
### Managing dependency review
|
||||
|
||||
Dependency review lets you visualize dependency changes in pull requests before they are merged into your repository. Dependency review is available in all public repositories and in repositories owned by organizations with an {% data variables.product.prodname_advanced_security %} license that have the dependency graph enabled. For more information, see "[About dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)."
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" %}
|
||||
|
||||
### Managing {% data variables.product.prodname_dependabot_security_updates %}
|
||||
|
||||
For any repository that uses {% data variables.product.prodname_dependabot_alerts %}, you can enable {% data variables.product.prodname_dependabot_security_updates %} to raise pull requests with security updates when vulnerabilities are detected.
|
||||
|
||||
1. From the main page of your repository, click **{% octicon "gear" aria-label="The Settings gear" %}Settings**.
|
||||
2. Click **Security & analysis**.
|
||||
3. Next to {% data variables.product.prodname_dependabot_security_updates %}, click **Enable**.
|
||||
|
||||
For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/about-dependabot-security-updates)" and "[Configuring {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/configuring-dependabot-security-updates)."
|
||||
|
||||
### Managing {% data variables.product.prodname_dependabot_version_updates %}
|
||||
|
||||
You can enable {% data variables.product.prodname_dependabot %} to automatically raise pull requests to keep your dependencies up-to-date. For more information, see "[About {% data variables.product.prodname_dependabot_version_updates %}](/code-security/supply-chain-security/about-dependabot-version-updates)."
|
||||
|
||||
To enable {% data variables.product.prodname_dependabot_version_updates %}, you must create a *dependabot.yml* configuration file. For more information, see "[Enabling and disabling version updates](/code-security/supply-chain-security/enabling-and-disabling-version-updates)."
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %}
|
||||
### Configuring {% data variables.product.prodname_code_scanning %}
|
||||
|
||||
{% data variables.product.prodname_code_scanning_capc %} is available {% if currentVersion == "free-pro-team@latest" %}for all public repositories, and for private repositories owned by organizations with {% else %} for organization-owned repositories if you have {% endif %}an {% data variables.product.prodname_advanced_security %} license.
|
||||
|
||||
You can set up {% data variables.product.prodname_code_scanning %} to automatically identify vulnerabilities and errors in the code stored in your repository by using a {% data variables.product.prodname_codeql_workflow %} or third-party tool. For more information, see "[Setting up {% data variables.product.prodname_code_scanning %} for a repository](/code-security/secure-coding/setting-up-code-scanning-for-a-repository)."
|
||||
|
||||
### Configuring {% data variables.product.prodname_secret_scanning %}
|
||||
{% data variables.product.prodname_secret_scanning_caps %} is available {% if currentVersion == "free-pro-team@latest" %}for all public repositories, and for private repositories owned by organizations with {% else %} for organization-owned repositories if you have {% endif %}an {% data variables.product.prodname_advanced_security %} license.
|
||||
|
||||
{% data variables.product.prodname_secret_scanning_caps %} may be enabled for your repository by default depending upon your organization's settings.
|
||||
|
||||
1. From the main page of your repository, click **{% octicon "gear" aria-label="The Settings gear" %}Settings**.
|
||||
2. Click **Security & analysis**.
|
||||
3. If {% data variables.product.prodname_GH_advanced_security %} is not already enabled, click **Enable**.
|
||||
4. Next to {% data variables.product.prodname_secret_scanning_caps %}, click **Enable**.
|
||||
|
||||
{% endif %}
|
||||
|
||||
### Next steps
|
||||
You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %} "[Viewing and updating vulnerable dependencies in your repository](/code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository),"{% endif %} {% if currentVersion == "free-pro-team@latest" %}"[Managing pull requests for dependency updates](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Managing {% data variables.product.prodname_code_scanning %} for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," and "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" %}If you have a security vulnerability, you can create a security advisory to privately discuss and fix the vulnerability. For more information, see "[About {% data variables.product.prodname_security_advisories %}](/code-security/security-advisories/about-github-security-advisories)" and "[Creating a security advisory](/code-security/security-advisories/creating-a-security-advisory)."
|
||||
{% endif %}
|
||||
@@ -7,7 +7,9 @@ versions:
|
||||
enterprise-server: '>=3.0'
|
||||
github-ae: '*'
|
||||
topics:
|
||||
- Security
|
||||
- Repositories
|
||||
- Dependencies
|
||||
- Vulnerabilities
|
||||
children:
|
||||
- /getting-started
|
||||
- /secret-security
|
||||
|
||||
@@ -11,8 +11,10 @@ versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=3.0'
|
||||
github-ae: '*'
|
||||
type: overview
|
||||
topics:
|
||||
- Repositories
|
||||
- Secret scanning
|
||||
- Advanced Security
|
||||
---
|
||||
|
||||
{% data reusables.secret-scanning.beta %}
|
||||
@@ -77,5 +79,5 @@ To monitor results from {% data variables.product.prodname_secret_scanning %} ac
|
||||
|
||||
### Further reading
|
||||
|
||||
- "[About securing your repository](/github/administering-a-repository/about-securing-your-repository)"
|
||||
- "[Securing your repository](/code-security/getting-started/securing-your-repository)"
|
||||
- "[Keeping your account and data secure](/github/authenticating-to-github/keeping-your-account-and-data-secure)"
|
||||
|
||||
@@ -10,7 +10,10 @@ versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=3.0'
|
||||
github-ae: '*'
|
||||
type: how_to
|
||||
topics:
|
||||
- Secret scanning
|
||||
- Advanced Security
|
||||
- Repositories
|
||||
---
|
||||
|
||||
|
||||
@@ -8,6 +8,8 @@ versions:
|
||||
enterprise-server: '>=3.0'
|
||||
github-ae: '*'
|
||||
topics:
|
||||
- Secret scanning
|
||||
- Advanced Security
|
||||
- Repositories
|
||||
children:
|
||||
- /about-secret-scanning
|
||||
|
||||
@@ -8,7 +8,11 @@ versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=3.0'
|
||||
github-ae: '*'
|
||||
type: how_to
|
||||
topics:
|
||||
- Secret scanning
|
||||
- Advanced Security
|
||||
- Alerts
|
||||
- Repositories
|
||||
---
|
||||
|
||||
|
||||
@@ -10,8 +10,11 @@ versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=3.0'
|
||||
github-ae: '*'
|
||||
type: overview
|
||||
topics:
|
||||
- Security
|
||||
- Advanced Security
|
||||
- Code scanning
|
||||
- CodeQL
|
||||
---
|
||||
<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
|
||||
|
||||
@@ -59,6 +62,6 @@ You can run third-party analysis tools within {% data variables.product.product_
|
||||
|
||||
### Further reading
|
||||
|
||||
- "[About securing your repository](/github/administering-a-repository/about-securing-your-repository)"
|
||||
- "[Securing your repository](/code-security/getting-started/securing-your-repository)"
|
||||
- [{% data variables.product.prodname_security %}](https://securitylab.github.com/)
|
||||
- [OASIS Static Analysis Results Interchange Format (SARIF) TC](https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=sarif) on the OASIS Committee website
|
||||
|
||||
@@ -11,8 +11,15 @@ versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=3.0'
|
||||
github-ae: '*'
|
||||
type: how_to
|
||||
topics:
|
||||
- Security
|
||||
- Advanced Security
|
||||
- Code scanning
|
||||
- Actions
|
||||
- Repositories
|
||||
- Pull requests
|
||||
- JavaScript
|
||||
- Python
|
||||
---
|
||||
<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
|
||||
|
||||
|
||||
@@ -13,8 +13,16 @@ versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=3.0'
|
||||
github-ae: '*'
|
||||
type: how_to
|
||||
topics:
|
||||
- Security
|
||||
- Advanced Security
|
||||
- Code scanning
|
||||
- CodeQL
|
||||
- Actions
|
||||
- Repositories
|
||||
- C/C++
|
||||
- C#
|
||||
- Java
|
||||
---
|
||||
<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
|
||||
|
||||
|
||||
@@ -10,7 +10,8 @@ versions:
|
||||
enterprise-server: '>=3.0'
|
||||
github-ae: '*'
|
||||
topics:
|
||||
- Security
|
||||
- Advanced Security
|
||||
- Code scanning
|
||||
children:
|
||||
- /about-code-scanning
|
||||
- /triaging-code-scanning-alerts-in-pull-requests
|
||||
|
||||
@@ -13,8 +13,12 @@ redirect_from:
|
||||
- /github/finding-security-vulnerabilities-and-errors-in-your-code/managing-alerts-from-code-scanning
|
||||
- /github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository
|
||||
- /code-security/secure-coding/managing-code-scanning-alerts-for-your-repository
|
||||
type: how_to
|
||||
topics:
|
||||
- Security
|
||||
- Advanced Security
|
||||
- Code scanning
|
||||
- Alerts
|
||||
- Repositories
|
||||
---
|
||||
<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
|
||||
|
||||
@@ -48,7 +52,7 @@ You need write permission to view a summary of all the alerts for a repository o
|
||||
{% data reusables.repositories.sidebar-security %}
|
||||
{% data reusables.repositories.sidebar-code-scanning-alerts %}
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1"%}
|
||||
1. Optionally, use the drop-down menus to filter alerts. For example, you can filter by the tool that was used to identify alerts.
|
||||
1. Optionally, use{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.2" %} the free text search box or{% endif %} the drop-down menus to filter alerts. For example, you can filter by the tool that was used to identify alerts.
|
||||
{% endif %}
|
||||
1. Under "{% data variables.product.prodname_code_scanning_capc %}," click the alert you'd like to explore.
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1"%}
|
||||
@@ -61,12 +65,49 @@ You need write permission to view a summary of all the alerts for a repository o
|
||||
1. Alerts from {% data variables.product.prodname_codeql %} analysis include a description of the problem. Click **Show more** for guidance on how to fix your code.
|
||||
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.2" %}
|
||||
### Searching {% data variables.product.prodname_code_scanning %} alerts
|
||||
|
||||
You can search the list of alerts. This is useful if there is a large number of alerts in your repository, or if you don't know the exact name for an alert for example. {% data variables.product.product_name %} performs the free text search across:
|
||||
- The name of the alert
|
||||
- The alert description
|
||||
- The alert details (this also includes the information hidden from view by default in the **Show more** collapsible section)
|
||||
|
||||
|
||||
|
||||
| Supported search | Syntax example | Results |
|
||||
| ---- | ---- | ---- |
|
||||
| Single word search | `injection` | Returns all the alerts containing the word `injection` |
|
||||
| Multiple word search | `sql injection` | Returns all the alerts containing `sql` or `injection` |
|
||||
| Exact match search</br>(use double quotes) | `"sql injection"` | Returns all the alerts containing the exact phrase `sql injection` |
|
||||
| OR search | `sql OR injection` | Returns all the alerts containing `sql` or `injection` |
|
||||
| AND search | `sql AND injection` | Returns all the alerts containing both words `sql` and `injection` |
|
||||
|
||||
{% tip %}
|
||||
|
||||
**Tips:**
|
||||
- The multiple word search is equivalent to an OR search.
|
||||
- The AND search will return results where the search terms are found _anywhere_, in any order in the alert name, description, or details.
|
||||
|
||||
{% endtip %}
|
||||
|
||||
{% data reusables.repositories.navigate-to-repo %}
|
||||
{% data reusables.repositories.sidebar-security %}
|
||||
{% data reusables.repositories.sidebar-code-scanning-alerts %}
|
||||
1. To the right of the **Filters** drop-down menus, type the keywords to search for in the free text search box.
|
||||
|
||||
2. Press <kbd>return</kbd>. The alert listing will contain the open {% data variables.product.prodname_code_scanning %} alerts matching your search criteria.
|
||||
|
||||
{% endif %}
|
||||
|
||||
### Fixing an alert
|
||||
|
||||
Anyone with write permission for a repository can fix an alert by committing a correction to the code. If the repository has {% data variables.product.prodname_code_scanning %} scheduled to run on pull requests, it's best to raise a pull request with your correction. This will trigger {% data variables.product.prodname_code_scanning %} analysis of the changes and test that your fix doesn't introduce any new problems. For more information, see "[Configuring {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/configuring-code-scanning)" and "[Triaging {% data variables.product.prodname_code_scanning %} alerts in pull requests](/code-security/secure-coding/triaging-code-scanning-alerts-in-pull-requests)."
|
||||
|
||||
If you have write permission for a repository, you can view fixed alerts by viewing the summary of alerts and clicking **Closed**. For more information, see "[Viewing the alerts for a repository](#viewing-the-alerts-for-a-repository)." The "Closed" list shows fixed alerts and alerts that users have dismissed.
|
||||
|
||||
You can use{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.2" %} the free text search or{% endif %} the filters to display a subset of alerts and then in turn mark all matching alerts as closed.
|
||||
|
||||
Alerts may be fixed in one branch but not in another. You can use the "Branch" drop-down menu, on the summary of alerts, to check whether an alert is fixed in a particular branch.
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1"%}
|
||||
@@ -105,7 +146,7 @@ To dismiss or delete alerts:
|
||||
|
||||
|
||||
|
||||
Optionally, you can use the filters to display a subset of alerts and then delete all matching alerts at once. For example, if you have removed a query from {% data variables.product.prodname_codeql %} analysis, you can use the "Rule" filter to list just the alerts for that query and then select and delete all of those alerts.
|
||||
Optionally, you can use{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.2" %} the free text search or{% endif %} the filters to display a subset of alerts and then delete all matching alerts at once. For example, if you have removed a query from {% data variables.product.prodname_codeql %} analysis, you can use the "Rule" filter to list just the alerts for that query and then select and delete all of those alerts.
|
||||
|
||||
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1"%}
|
||||
|
||||
|
||||
@@ -10,8 +10,15 @@ versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=3.0'
|
||||
github-ae: '*'
|
||||
type: how_to
|
||||
topics:
|
||||
- Security
|
||||
- Advanced Security
|
||||
- Code scanning
|
||||
- CodeQL
|
||||
- Actions
|
||||
- Repositories
|
||||
- Containers
|
||||
- Java
|
||||
---
|
||||
<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
|
||||
|
||||
|
||||
@@ -14,8 +14,12 @@ versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=3.0'
|
||||
github-ae: '*'
|
||||
type: how_to
|
||||
topics:
|
||||
- Security
|
||||
- Advanced Security
|
||||
- Code scanning
|
||||
- Actions
|
||||
- Repositories
|
||||
---
|
||||
<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
|
||||
|
||||
|
||||
@@ -11,8 +11,13 @@ versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=3.0'
|
||||
github-ae: '*'
|
||||
type: how_to
|
||||
topics:
|
||||
- Security
|
||||
- Advanced Security
|
||||
- Code scanning
|
||||
- Pull requests
|
||||
- Alerts
|
||||
- Repositories
|
||||
---
|
||||
<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
|
||||
|
||||
|
||||
@@ -11,8 +11,18 @@ versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=3.0'
|
||||
github-ae: '*'
|
||||
type: how_to
|
||||
topics:
|
||||
- Security
|
||||
- Advanced Security
|
||||
- Code scanning
|
||||
- CodeQL
|
||||
- Actions
|
||||
- Troubleshooting
|
||||
- Repositories
|
||||
- Pull requests
|
||||
- C/C++
|
||||
- C#
|
||||
- Java
|
||||
---
|
||||
<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
|
||||
|
||||
|
||||
@@ -11,7 +11,9 @@ versions:
|
||||
enterprise-server: '>=3.0'
|
||||
github-ae: '*'
|
||||
topics:
|
||||
- Security
|
||||
- Advanced Security
|
||||
- Code scanning
|
||||
- CodeQL
|
||||
children:
|
||||
- /automatically-scanning-your-code-for-vulnerabilities-and-errors
|
||||
- /integrating-with-code-scanning
|
||||
|
||||
@@ -10,8 +10,12 @@ versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=3.0'
|
||||
github-ae: '*'
|
||||
type: overview
|
||||
topics:
|
||||
- Security
|
||||
- Advanced Security
|
||||
- Code scanning
|
||||
- Webhooks
|
||||
- Integration
|
||||
---
|
||||
<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
|
||||
|
||||
|
||||
@@ -11,7 +11,9 @@ versions:
|
||||
enterprise-server: '>=3.0'
|
||||
github-ae: '*'
|
||||
topics:
|
||||
- Security
|
||||
- Advanced Security
|
||||
- Code scanning
|
||||
- Integration
|
||||
children:
|
||||
- /about-integration-with-code-scanning
|
||||
- /uploading-a-sarif-file-to-github
|
||||
|
||||
@@ -12,8 +12,12 @@ versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=3.0'
|
||||
github-ae: '*'
|
||||
type: reference
|
||||
topics:
|
||||
- Security
|
||||
- Advanced Security
|
||||
- Code scanning
|
||||
- Integration
|
||||
- SARIF
|
||||
---
|
||||
<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
|
||||
|
||||
|
||||
@@ -12,8 +12,15 @@ versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=3.0'
|
||||
github-ae: '*'
|
||||
type: how_to
|
||||
topics:
|
||||
- Security
|
||||
- Advanced Security
|
||||
- Code scanning
|
||||
- Integration
|
||||
- Actions
|
||||
- Repositories
|
||||
- CI
|
||||
- SARIF
|
||||
---
|
||||
<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
|
||||
|
||||
|
||||
@@ -8,7 +8,14 @@ versions:
|
||||
enterprise-server: '>=3.0'
|
||||
github-ae: '*'
|
||||
topics:
|
||||
- Security
|
||||
- Advanced Security
|
||||
- Code scanning
|
||||
- CodeQL
|
||||
- Repositories
|
||||
- Pull requests
|
||||
- Integration
|
||||
- CI
|
||||
- SARIF
|
||||
redirect_from:
|
||||
- /code-security/secure-coding/about-codeql-code-scanning-in-your-ci-system
|
||||
---
|
||||
|
||||
@@ -13,8 +13,18 @@ versions:
|
||||
free-pro-team: '*'
|
||||
enterprise-server: '>=3.0'
|
||||
github-ae: '*'
|
||||
type: how_to
|
||||
topics:
|
||||
- Security
|
||||
- Advanced Security
|
||||
- Code scanning
|
||||
- CodeQL
|
||||
- Integration
|
||||
- CI
|
||||
- Repositories
|
||||
- Pull requests
|
||||
- C/C++
|
||||
- C#
|
||||
- Java
|
||||
---
|
||||
<!--For this article in earlier GHES versions, see /content/github/finding-security-vulnerabilities-and-errors-in-your-code-->
|
||||
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user