Add content for enabling code scanning without a workflow file (#33700)
Co-authored-by: github-actions <github-actions@github.com> Co-authored-by: Dorothy Mitchell <dorothymitchell@github.com> Co-authored-by: Felicity Chapman <felicitymay@github.com>
This commit is contained in:
Sam Browning
@@ -30,7 +30,7 @@ Your security needs are unique to your repository, so you may not need to enable
|
||||
|
||||
The first step to securing a repository is to set up who can see and modify your code. For more information, see "[Managing repository settings](/github/administering-a-repository/managing-repository-settings)."
|
||||
|
||||
From the main page of your repository, click **{% octicon "gear" aria-label="The Settings gear" %}Settings**, then scroll down to the "Danger Zone."
|
||||
From the main page of your repository, click **{% octicon "gear" aria-label="The Settings gear" %} Settings**, then scroll down to the "Danger Zone."
|
||||
|
||||
- To change who can view your repository, click **Change visibility**. For more information, see "[Setting repository visibility](/github/administering-a-repository/setting-repository-visibility)."{% ifversion fpt or ghec or ghes > 3.3 or ghae > 3.3 %}
|
||||
- To change who can access your repository and adjust permissions, click **Manage access**. For more information, see"[Managing teams and people with access to your repository](/github/administering-a-repository/managing-teams-and-people-with-access-to-your-repository)."{% endif %}
|
||||
@@ -38,9 +38,9 @@ From the main page of your repository, click **{% octicon "gear" aria-label="The
|
||||
## Setting a security policy
|
||||
|
||||
1. From the main page of your repository, click **{% octicon "shield" aria-label="The shield symbol" %} Security**.
|
||||
2. Click **Security policy**.
|
||||
3. Click **Start setup**.
|
||||
4. Add information about supported versions of your project and how to report vulnerabilities.
|
||||
1. Click **Security policy**.
|
||||
1. Click **Start setup**.
|
||||
1. Add information about supported versions of your project and how to report vulnerabilities.
|
||||
|
||||
For more information, see "[Adding a security policy to your repository](/code-security/getting-started/adding-a-security-policy-to-your-repository)."
|
||||
|
||||
@@ -50,8 +50,8 @@ For more information, see "[Adding a security policy to your repository](/code-s
|
||||
The dependency graph is automatically generated for all public repositories, and you can choose to enable it for private repositories. It interprets manifest and lock files in a repository to identify dependencies.
|
||||
|
||||
1. From the main page of your repository, click **{% octicon "gear" aria-label="The Settings gear" %} Settings**.
|
||||
2. Click **Security & analysis**.
|
||||
3. Next to Dependency graph, click **Enable** or **Disable**.
|
||||
1. Click **Security & analysis**.
|
||||
1. Next to Dependency graph, click **Enable** or **Disable**.
|
||||
{% endif %}
|
||||
|
||||
{% data reusables.dependabot.dependabot-alerts-dependency-graph-enterprise %}
|
||||
@@ -64,8 +64,8 @@ For more information, see "[Exploring the dependencies of a repository](/code-se
|
||||
|
||||
{% ifversion fpt or ghec %}
|
||||
1. Click your profile photo, then click **Settings**.
|
||||
2. Click **Security & analysis**.
|
||||
3. Click **Enable all** next to {% data variables.product.prodname_dependabot_alerts %}.
|
||||
1. Click **Security & analysis**.
|
||||
1. Click **Enable all** next to {% data variables.product.prodname_dependabot_alerts %}.
|
||||
{% endif %}
|
||||
|
||||
{% data reusables.dependabot.dependabot-alerts-beta %}
|
||||
@@ -77,12 +77,12 @@ For more information, see "[About {% data variables.product.prodname_dependabot_
|
||||
|
||||
Dependency review lets you visualize dependency changes in pull requests before they are merged into your repositories. For more information, see "[About dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)."
|
||||
|
||||
Dependency review is a {% data variables.product.prodname_GH_advanced_security %} feature. {% ifversion fpt or ghec %}Dependency review is already enabled for all public repositories. {% ifversion fpt %}Organizations that use {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_advanced_security %} can additionally enable dependency review for private and internal repositories. For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/getting-started/securing-your-repository#managing-dependency-review). {% endif %}{% endif %}{% ifversion ghec or ghes or ghae %}To enable dependency review for a {% ifversion ghec %}private or internal {% endif %}repository, ensure that the dependency graph is enabled and enable {% data variables.product.prodname_GH_advanced_security %}.
|
||||
Dependency review is a {% data variables.product.prodname_GH_advanced_security %} feature. {% ifversion fpt or ghec %}Dependency review is already enabled for all public repositories. {% ifversion fpt %}Organizations that use {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_advanced_security %} can additionally enable dependency review for private and internal repositories. For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/getting-started/securing-your-repository#managing-dependency-review). {% endif %}{% endif %}{% ifversion ghec or ghes or ghae %}To enable dependency review for a {% ifversion ghec %}private or internal {% endif %}repository, ensure that the dependency graph is enabled and enable {% data variables.product.prodname_GH_advanced_security %}.
|
||||
|
||||
1. From the main page of your repository, click **{% octicon "gear" aria-label="The Settings gear" %}Settings**.
|
||||
2. Click **Security & analysis**.
|
||||
3. {% ifversion ghec %}If dependency graph is not already enabled, click **Enable**.{% elsif ghes or ghae %}Check that dependency graph is configured for your enterprise.{% endif %}
|
||||
4. If {% data variables.product.prodname_GH_advanced_security %} is not already enabled, click **Enable**.
|
||||
1. Click **Security & analysis**.
|
||||
1. {% ifversion ghec %}If dependency graph is not already enabled, click **Enable**.{% elsif ghes or ghae %}Check that dependency graph is configured for your enterprise.{% endif %}
|
||||
1. If {% data variables.product.prodname_GH_advanced_security %} is not already enabled, click **Enable**.
|
||||
|
||||
{% endif %}
|
||||
|
||||
@@ -93,8 +93,8 @@ Dependency review is a {% data variables.product.prodname_GH_advanced_security %
|
||||
For any repository that uses {% data variables.product.prodname_dependabot_alerts %}, you can enable {% data variables.product.prodname_dependabot_security_updates %} to raise pull requests with security updates when vulnerabilities are detected.
|
||||
|
||||
1. From the main page of your repository, click **{% octicon "gear" aria-label="The Settings gear" %}Settings**.
|
||||
2. Click **Security & analysis**.
|
||||
3. Next to {% data variables.product.prodname_dependabot_security_updates %}, click **Enable**.
|
||||
1. Click **Security & analysis**.
|
||||
1. Next to {% data variables.product.prodname_dependabot_security_updates %}, click **Enable**.
|
||||
|
||||
For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/about-dependabot-security-updates)" and "[Configuring {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/configuring-dependabot-security-updates)."
|
||||
|
||||
@@ -104,9 +104,9 @@ You can enable {% data variables.product.prodname_dependabot %} to automatically
|
||||
|
||||
{% ifversion dependabot-settings-update-37 %}
|
||||
1. From the main page of your repository, click **{% octicon "gear" aria-label="The Settings gear" %} Settings**.
|
||||
2. Click **Security & analysis**.
|
||||
3. Next to {% data variables.product.prodname_dependabot_version_updates %}, click **Enable** to create a basic *dependabot.yml* configuration file.
|
||||
4. Specify the dependencies to update and commit the file to the repository. For more information, see "[Configuring Dependabot version updates](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#enabling-dependabot-version-updates)."
|
||||
1. Click **Security & analysis**.
|
||||
1. Next to {% data variables.product.prodname_dependabot_version_updates %}, click **Enable** to create a basic *dependabot.yml* configuration file.
|
||||
1. Specify the dependencies to update and commit the file to the repository. For more information, see "[Configuring Dependabot version updates](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#enabling-dependabot-version-updates)."
|
||||
|
||||
{% else %}
|
||||
To enable {% data variables.product.prodname_dependabot_version_updates %}, you must create a *dependabot.yml* configuration file. For more information, see "[Configuring {% data variables.product.prodname_dependabot %} version updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates)."
|
||||
@@ -116,7 +116,18 @@ To enable {% data variables.product.prodname_dependabot_version_updates %}, you
|
||||
|
||||
## Configuring {% data variables.product.prodname_code_scanning %}
|
||||
|
||||
You can set up {% data variables.product.prodname_code_scanning %} to automatically identify vulnerabilities and errors in the code stored in your repository by using a {% data variables.code-scanning.codeql_workflow %} or third-party tool. For more information, see "[Setting up {% data variables.product.prodname_code_scanning %} for a repository](/code-security/secure-coding/setting-up-code-scanning-for-a-repository)."
|
||||
You can set up {% data variables.product.prodname_code_scanning %} to automatically identify vulnerabilities and errors in the code stored in your repository by using a {% data variables.code-scanning.codeql_workflow %} or third-party tool.{% ifversion code-scanning-without-workflow %} Depending on the programming languages in your repository, you can configure {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %} using the default setup, in which {% data variables.product.prodname_dotcom %} automatically determines the languages to scan, query suites to run, and events that will trigger a new scan.{% else %} For more information, see "[Setting up {% data variables.product.prodname_code_scanning %} for a repository](/code-security/secure-coding/setting-up-code-scanning-for-a-repository)."{% endif %}
|
||||
|
||||
{% ifversion code-scanning-without-workflow %}
|
||||
|
||||
1. From the main page of your repository, click {% octicon "gear" aria-label="The gear icon" %} **Settings**.
|
||||
1. In the "Security" section of the sidebar, click **{% octicon "shield-lock" aria-label="The shield-lock icon" %} Code security and analysis**.
|
||||
1. In the "{% data variables.product.prodname_code_scanning_capc %}" section, select **Set up** {% octicon "triangle-down" aria-label="The downwards-facing triangle icon" %}, then click **Default**.
|
||||
1. In the pop-up window that appears, review the default configuration settings for your repository, then click **Enable {% data variables.product.prodname_codeql %}**.
|
||||
|
||||
Alternatively, you can use the advanced setup, which generates a workflow file you can edit to customize your {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %}. For more information, see "[Setting up {% data variables.product.prodname_code_scanning %} for a repository](/code-security/secure-coding/setting-up-code-scanning-for-a-repository#creating-an-advanced-setup)."
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% data variables.product.prodname_code_scanning_capc %} is available {% ifversion fpt or ghec %}for all public repositories, and for private repositories owned by organizations that are part of an enterprise with a license for {% else %}for organization-owned repositories if your enterprise uses {% endif %}{% data variables.product.prodname_GH_advanced_security %}.
|
||||
|
||||
@@ -130,9 +141,9 @@ You can set up {% data variables.product.prodname_code_scanning %} to automatica
|
||||
{% data variables.product.prodname_secret_scanning_caps %} is {% ifversion ghec %}enabled for all public repositories and is available for private repositories owned by organizations that are part of an enterprise with a license for {% else %}available for organization-owned repositories if your enterprise uses {% endif %}{% data variables.product.prodname_GH_advanced_security %}. {% ifversion fpt %}For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/getting-started/securing-your-repository#configuring-secret-scanning).{% else %}{% data variables.product.prodname_secret_scanning_caps %} may already be enabled for your repository, depending upon your organization's settings.
|
||||
|
||||
1. From the main page of your repository, click **{% octicon "gear" aria-label="The Settings gear" %}Settings**.
|
||||
2. Click **Security & analysis**.
|
||||
3. If {% data variables.product.prodname_GH_advanced_security %} is not already enabled, click **Enable**.
|
||||
4. Next to {% data variables.product.prodname_secret_scanning_caps %}, click **Enable**.
|
||||
1. Click **Security & analysis**.
|
||||
1. If {% data variables.product.prodname_GH_advanced_security %} is not already enabled, click **Enable**.
|
||||
1. Next to {% data variables.product.prodname_secret_scanning_caps %}, click **Enable**.
|
||||
{% endif %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
Reference in New Issue
Block a user