diff --git a/assets/images/enterprise/security/enterprise-security-and-analysis-disable-or-enable-all-with-validity-checks.png b/assets/images/enterprise/security/enterprise-security-and-analysis-disable-or-enable-all-with-validity-checks.png new file mode 100644 index 0000000000..9f4a5a2092 Binary files /dev/null and b/assets/images/enterprise/security/enterprise-security-and-analysis-disable-or-enable-all-with-validity-checks.png differ diff --git a/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise.md b/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise.md index 0652bb9cef..2a360371e2 100644 --- a/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise.md +++ b/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise.md @@ -50,7 +50,7 @@ When you enable one or more security and analysis features for existing reposito * To the right of the feature, click **Disable all** or **Enable all**. {% ifversion ghes or ghec %}If the control for "{% data variables.product.prodname_GH_advanced_security %}" is disabled, you have no available {% ifversion ghas-billing-UI-update %}licenses{% else %}seats{% endif %} for {% data variables.product.prodname_GH_advanced_security %}.{% endif %} {% ifversion ghec %} - ![Screenshot of the "Configure security and analysis features" section of the enterprise settings. To the right of each setting are "Enable all" and "Disable all" buttons, which are outlined in dark orange.](/assets/images/enterprise/security/enterprise-security-and-analysis-disable-or-enable-all-with-user-namespace.png) + ![Screenshot of the "Configure security and analysis features" section of the enterprise settings. To the right of each setting are "Enable all" and "Disable all" buttons, which are outlined in dark orange.](/assets/images/enterprise/security/enterprise-security-and-analysis-disable-or-enable-all-with-validity-checks.png) {% elsif ghes > 3.12 %} ![Screenshot of the "Configure security and analysis features" section of the enterprise settings. To the right of each setting are "Enable all" and "Disable all" buttons, which are outlined in dark orange.](/assets/images/enterprise/security/enterprise-security-and-analysis-disable-or-enable-all-without-validity-check.png) @@ -59,14 +59,6 @@ When you enable one or more security and analysis features for existing reposito ![Screenshot of the "Configure security and analysis features" section of the enterprise settings. To the right of each setting are "Enable all" and "Disable all" buttons, which are outlined in dark orange.](/assets/images/enterprise/security/enterprise-security-and-analysis-disable-or-enable-all.png){% endif %} * To confirm the change, click the **Enable/Disable all** or **Enable/Disable for eligible repositories** button in the dialog that is displayed. 1. Optionally, to enable or disable a feature automatically when new private and internal repositories{% ifversion secret-scanning-user-owned-repos %}, user namespace repositories {% ifversion ghec %}belonging to {% data variables.product.prodname_emus %}{% endif %}{% endif %}, or public repositories and repositories with {% data variables.product.prodname_GH_advanced_security %} enabled are created, select the checkbox below the feature. -{% ifversion secret-scanning-validity-check-partner-patterns %} -1. Optionally, to automatically allow {% data variables.product.prodname_secret_scanning %} to check the validity of a secret by sending it to the relevant partner, select the relevant checkbox under "{% data variables.product.prodname_secret_scanning_caps %}". You can also enable the validity check for a single repository or organization. For more information, see "[AUTOTITLE](/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories#enabling-validity-checks-for-partner-patterns)," and "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization)." - - For information on using the REST API to enable validity checks for partner patterns for your enterprise, see "[AUTOTITLE](/rest/enterprise-admin/code-security-and-analysis#update-code-security-and-analysis-features-for-an-enterprise)." - - {% data reusables.secret-scanning.validity-check-partner-patterns-beta %} - -{%- endif %} {% ifversion secret-scanning-custom-link-on-block %} 1. Optionally, to include a resource link in the message that members will see when they attempt to push a secret, select **Add a resource link in the CLI and web UI when a commit is blocked**, then type a URL, and click **Save link**. diff --git a/content/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories.md b/content/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories.md index c7bffca90f..47b87aecc5 100644 --- a/content/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories.md +++ b/content/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories.md @@ -78,7 +78,7 @@ You can allow {% data variables.product.prodname_secret_scanning %} to automatic {% data reusables.repositories.navigate-to-code-security-and-analysis %} {% data reusables.secret-scanning.validity-check-auto-enable %} -You can also use the REST API to enable validity checks for partner patterns for your repository. For more information, see "[AUTOTITLE](/rest/repos/repos#update-a-repository)." Alternatively, organization owners and enterprise administrators can enable the feature for all repositories in the organization or enterprise settings. For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization)" and "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)." +You can also use the REST API to enable validity checks for partner patterns for your repository. For more information, see "[AUTOTITLE](/rest/repos/repos#update-a-repository)." Alternatively, organization owners and enterprise administrators can enable the feature for all repositories in the organization or enterprise settings. For more information on enabling at the organization-level, see "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration)." For more information on enabling at the enterprise-level, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)" and "[AUTOTITLE](/rest/enterprise-admin/code-security-and-analysis#update-code-security-and-analysis-features-for-an-enterprise)." {% endif %} diff --git a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md index 215a721b6a..1792ee9003 100644 --- a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md +++ b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md @@ -93,19 +93,11 @@ You can choose the severity levels at which {% data variables.product.prodname_c You can customize several {% data variables.product.prodname_global_settings %} for {% data variables.product.prodname_secret_scanning %}: -{% ifversion secret-scanning-validity-check-partner-patterns %} -* [Verifying partner pattern secrets automatically](#verifying-partner-pattern-secrets-automatically){% endif %}{% ifversion secret-scanning-non-provider-patterns %} +{% ifversion secret-scanning-non-provider-patterns %} * [Scanning for non-provider patterns](#scanning-for-non-provider-patterns){% endif %} * [Adding a resource link for blocked commits](#adding-a-resource-link-for-blocked-commits){% ifversion ghec or ghes %} * [Defining custom patterns](#defining-custom-patterns){% endif %} -{% ifversion secret-scanning-validity-check-partner-patterns %} - -### Verifying partner pattern secrets automatically - -To reduce the rate of false positive {% data variables.product.prodname_secret_scanning %} alerts, you can automatically verify the validity of some partner pattern secrets by sending each secret to the provider. To enable this automatic verification, select **Automatically verify if a secret is valid by sending it to the relevant partner**. For information on which partners support validity checks, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning#checking-a-secrets-validity)." - -{% endif %} {% ifversion secret-scanning-non-provider-patterns %} ### Scanning for non-provider patterns diff --git a/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration.md b/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration.md index 2048a6565d..93a852db6a 100644 --- a/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration.md +++ b/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration.md @@ -46,7 +46,8 @@ With {% data variables.product.prodname_custom_security_configurations %}, you c 1. In the "{% data variables.product.prodname_code_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for {% data variables.product.prodname_code_scanning %} default setup. To learn about default setup, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#about-default-setup)." 1. In the "{% data variables.product.prodname_secret_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for the following security features: - * {% data variables.product.prodname_secret_scanning_caps %}. To learn about {% data variables.product.prodname_secret_scanning %}, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)." + * {% data variables.product.prodname_secret_scanning_caps %}. To learn about {% data variables.product.prodname_secret_scanning %}, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)."{% ifversion secret-scanning-validity-check-partner-patterns %} + * Validity check. To learn more about validity checks for partner patterns, see "[Checking a secret's validity](/code-security/secret-scanning/managing-alerts-from-secret-scanning#checking-a-secrets-validity)".{% endif %} * Push protection. To learn about push protection, see "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations)." {% ifversion fpt or ghec %} 1. In the "Private vulnerability reporting" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for private vulnerability reporting. To learn about private vulnerability reporting, see "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository)." diff --git a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md index 6048bd770c..4486a66dfe 100644 --- a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md +++ b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md @@ -145,22 +145,6 @@ To allow {% data variables.product.prodname_dependabot %} to access a private{% 1. A list of matching repositories in the organization is displayed, click the repository you want to allow access to and this adds the repository to the allowed list. 1. Optionally, to remove a repository from the list, to the right of the repository, click {% octicon "x" aria-label="The X icon" %}. -{% ifversion secret-scanning-validity-check-partner-patterns %} - -## Allowing validity checks for partner patterns in an organization - -{% data reusables.secret-scanning.validity-check-partner-patterns-beta %} -{% data reusables.gated-features.partner-pattern-validity-check-ghas %} - -You can allow {% data variables.product.prodname_secret_scanning %} to automatically check the validity of a secret by sending it to the relevant partner. When you select the checkbox in the organization settings, the feature is enabled for all repositories in the organization. Alternatively, you can enable the validity check for a single repository, or at the enterprise level. For more information, see "[AUTOTITLE](/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories#enabling-validity-checks-for-partner-patterns)" and "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)." - -You can also use the REST API to enable validity checks for partner patterns for your organization. For more information, see "[AUTOTITLE](/rest/orgs/orgs#update-an-organization)." - -1. Go to the security and analysis settings for your organization. For more information, see "[Displaying the security and analysis settings](#displaying-the-security-and-analysis-settings)." -{% data reusables.secret-scanning.validity-check-auto-enable %} - -{% endif %} - {% ifversion ghes or ghec %} ## Removing access to {% data variables.product.prodname_GH_advanced_security %} from individual repositories in an organization diff --git a/data/reusables/secret-scanning/validity-check-partner-patterns-enabled.md b/data/reusables/secret-scanning/validity-check-partner-patterns-enabled.md index 74b46ac43a..bdbd7fbc85 100644 --- a/data/reusables/secret-scanning/validity-check-partner-patterns-enabled.md +++ b/data/reusables/secret-scanning/validity-check-partner-patterns-enabled.md @@ -1 +1 @@ -To be able to filter by validity status, you need to have validity checks for partner patterns enabled at the repository, organization, or enterprise level. For more information, see "[AUTOTITLE](/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories#enabling-validity-checks-for-partner-patterns)," "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization)," and "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise#managing-advanced-security-features)." +To be able to filter by validity status, you need to have validity checks for partner patterns enabled at the repository, organization, or enterprise level. For more information, see "[AUTOTITLE](/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories#enabling-validity-checks-for-partner-patterns)," "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration)," and "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise#managing-advanced-security-features)."