diff --git a/assets/images/help/organizations/security-and-analysis-disable-or-enable-all-ghas-dotcom.png b/assets/images/help/organizations/security-and-analysis-disable-or-enable-all-ghas-dotcom.png new file mode 100644 index 0000000000..22beed7afd Binary files /dev/null and b/assets/images/help/organizations/security-and-analysis-disable-or-enable-all-ghas-dotcom.png differ diff --git a/assets/images/help/organizations/security-and-analysis-disable-or-enable-all.png b/assets/images/help/organizations/security-and-analysis-disable-or-enable-all.png deleted file mode 100644 index 80f95c37a4..0000000000 Binary files a/assets/images/help/organizations/security-and-analysis-disable-or-enable-all.png and /dev/null differ diff --git a/assets/images/help/organizations/security-and-analysis-enable-or-disable-feature-checkbox-dotcom.png b/assets/images/help/organizations/security-and-analysis-enable-or-disable-feature-checkbox-dotcom.png new file mode 100644 index 0000000000..1fbeec5190 Binary files /dev/null and b/assets/images/help/organizations/security-and-analysis-enable-or-disable-feature-checkbox-dotcom.png differ diff --git a/assets/images/help/organizations/security-and-analysis-enable-or-disable-feature-checkbox.png b/assets/images/help/organizations/security-and-analysis-enable-or-disable-feature-checkbox.png deleted file mode 100644 index 6b01311f0e..0000000000 Binary files a/assets/images/help/organizations/security-and-analysis-enable-or-disable-feature-checkbox.png and /dev/null differ diff --git a/assets/images/help/organizations/security-and-analysis-highlight-ghas.png b/assets/images/help/organizations/security-and-analysis-highlight-ghas.png new file mode 100644 index 0000000000..cd441e834a Binary files /dev/null and b/assets/images/help/organizations/security-and-analysis-highlight-ghas.png differ diff --git a/assets/images/help/repository/dependency-graph-enable-button.png b/assets/images/help/repository/dependency-graph-enable-button.png index 813b0ada5a..768617e607 100644 Binary files a/assets/images/help/repository/dependency-graph-enable-button.png and b/assets/images/help/repository/dependency-graph-enable-button.png differ diff --git a/assets/images/help/repository/enable-ghas-confirmation-dotcom.png b/assets/images/help/repository/enable-ghas-confirmation-dotcom.png new file mode 100644 index 0000000000..e220b74272 Binary files /dev/null and b/assets/images/help/repository/enable-ghas-confirmation-dotcom.png differ diff --git a/assets/images/help/repository/enable-ghas-dotcom.png b/assets/images/help/repository/enable-ghas-dotcom.png new file mode 100644 index 0000000000..1cd0df7494 Binary files /dev/null and b/assets/images/help/repository/enable-ghas-dotcom.png differ diff --git a/assets/images/help/repository/enable-secret-scanning-dotcom.png b/assets/images/help/repository/enable-secret-scanning-dotcom.png new file mode 100644 index 0000000000..66c7da0847 Binary files /dev/null and b/assets/images/help/repository/enable-secret-scanning-dotcom.png differ diff --git a/assets/images/help/repository/repo-change-confirm.png b/assets/images/help/repository/repo-change-confirm.png index 217d2362f4..8131fe667a 100644 Binary files a/assets/images/help/repository/repo-change-confirm.png and b/assets/images/help/repository/repo-change-confirm.png differ diff --git a/assets/images/help/repository/repo-change-select.png b/assets/images/help/repository/repo-change-select.png index 161f81e6e4..750ace9809 100644 Binary files a/assets/images/help/repository/repo-change-select.png and b/assets/images/help/repository/repo-change-select.png differ diff --git a/assets/images/help/repository/security-and-analysis-disable-or-enable-dotcom-private.png b/assets/images/help/repository/security-and-analysis-disable-or-enable-dotcom-private.png new file mode 100644 index 0000000000..3ec05be4d6 Binary files /dev/null and b/assets/images/help/repository/security-and-analysis-disable-or-enable-dotcom-private.png differ diff --git a/assets/images/help/repository/security-and-analysis-disable-or-enable-dotcom-public.png b/assets/images/help/repository/security-and-analysis-disable-or-enable-dotcom-public.png new file mode 100644 index 0000000000..8ee5919cb8 Binary files /dev/null and b/assets/images/help/repository/security-and-analysis-disable-or-enable-dotcom-public.png differ diff --git a/content/github/administering-a-repository/configuring-secret-scanning-for-private-repositories.md b/content/github/administering-a-repository/configuring-secret-scanning-for-your-repositories.md similarity index 55% rename from content/github/administering-a-repository/configuring-secret-scanning-for-private-repositories.md rename to content/github/administering-a-repository/configuring-secret-scanning-for-your-repositories.md index 085767d24e..25f7892409 100644 --- a/content/github/administering-a-repository/configuring-secret-scanning-for-private-repositories.md +++ b/content/github/administering-a-repository/configuring-secret-scanning-for-your-repositories.md @@ -1,8 +1,10 @@ --- -title: Configuring secret scanning for private repositories +title: Configuring secret scanning for your repositories intro: 'You can configure how {% data variables.product.product_name %} scans your private repositories for secrets.' -product: '{% data reusables.gated-features.secret-scanning %}' permissions: 'People with admin permissions to a private repository can enable {% data variables.product.prodname_secret_scanning %} for the repository.' +redirect_from: + - /github/administering-a-repository/configuring-secret-scanning-for-private-repositories +product: '{% data reusables.gated-features.secret-scanning %}' versions: free-pro-team: '*' --- @@ -14,8 +16,19 @@ versions: {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-security-and-analysis %} -4. To the right of "Secret scanning", click **Enable**. -![Enable secret scanning for your repository](/assets/images/help/repository/enable-secret-scanning.png) + +{% if currentVersion == "free-pro-team@latest" %} +4. If "{% data variables.product.prodname_secret_scanning_caps %}" is not shown on the page, you need to enable {% data variables.product.prodname_GH_advanced_security %} first. To the right of "{% data variables.product.prodname_GH_advanced_security %}", click **Enable**. + ![Enable {% data variables.product.prodname_GH_advanced_security %} for your repository](/assets/images/help/repository/enable-ghas-dotcom.png) +5. Click **Enable {% data variables.product.prodname_GH_advanced_security %} for this repository** to confirm the action. + ![Confirm enabling {% data variables.product.prodname_GH_advanced_security %} for your repository](/assets/images/help/repository/enable-ghas-confirmation-dotcom.png) +6. When you enable {% data variables.product.prodname_GH_advanced_security %} this may automatically enable {% data variables.product.prodname_secret_scanning %} for the repository (this is controlled by the organization configuration). If "{% data variables.product.prodname_secret_scanning_caps %}" is shown with an **Enable** button, you still need to enable {% data variables.product.prodname_secret_scanning %} by clicking **Enable**. If you see a **Disable** button, {% data variables.product.prodname_secret_scanning %} is already enabled. + ![Enable {% data variables.product.prodname_secret_scanning %} for your repository](/assets/images/help/repository/enable-secret-scanning-dotcom.png){% endif %} + + {% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %} +4. To the right of "{% data variables.product.prodname_secret_scanning_caps %}", click **Enable**. + ![Enable {% data variables.product.prodname_secret_scanning %} for your repository](/assets/images/help/repository/enable-secret-scanning-ghe.png) + {% endif %} ### Excluding alerts from {% data variables.product.prodname_secret_scanning %} in private repositories diff --git a/content/github/administering-a-repository/index.md b/content/github/administering-a-repository/index.md index 1f27602bae..48a96e6206 100644 --- a/content/github/administering-a-repository/index.md +++ b/content/github/administering-a-repository/index.md @@ -66,7 +66,7 @@ versions: {% topic_link_in_list /securing-your-repository %} {% link_in_list /about-securing-your-repository %} {% link_in_list /about-secret-scanning %} - {% link_in_list /configuring-secret-scanning-for-private-repositories %} + {% link_in_list /configuring-secret-scanning-for-your-repositories %} {% link_in_list /managing-alerts-from-secret-scanning %} {% link_in_list /managing-security-and-analysis-settings-for-your-repository %} {% topic_link_in_list /keeping-your-dependencies-updated-automatically %} diff --git a/content/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository.md b/content/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository.md index c43877ac01..8cf3c3baed 100644 --- a/content/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository.md +++ b/content/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository.md @@ -11,17 +11,33 @@ versions: free-pro-team: '*' --- -### Enabling or disabling security and analysis features +{% if currentVersion == "free-pro-team@latest" %} +### Enabling or disabling security and analysis features for public repositories -{% data reusables.security.some-security-and-analysis-features-are-enabled-by-default %} +You can manage a subset of security and analysis features for public repositories. Other features are permanently enabled, including dependency graph and secret scanning. + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.sidebar-settings %} +{% data reusables.repositories.navigate-to-security-and-analysis %} +4. Under "Configure security and analysis features", to the right of the feature, click **Disable** or **Enable**. + !["Enable" or "Disable" button for "Configure security and analysis" features in a public repository](/assets/images/help/repository/security-and-analysis-disable-or-enable-dotcom-public.png) +{% endif %} + +### Enabling or disabling security and analysis features{% if currentVersion == "free-pro-team@latest" %} for private repositories{% endif %} + +You can manage the security and analysis features for your {% if currentVersion == "free-pro-team@latest" %}private or internal {% endif %}repository. If your organization or enterprise has a license for {% data variables.product.prodname_GH_advanced_security %} then extra options are available. {% data reusables.advanced-security.more-info-ghas %} {% data reusables.security.security-and-analysis-features-enable-read-only %} {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-security-and-analysis %} -4. Under "Configure security and analysis features", to the right of the feature, click **Disable** or **Enable**. - !["Enable" or "Disable" button for "Configure security and analysis" features](/assets/images/help/repository/security-and-analysis-disable-or-enable.png) +4. Under "Configure security and analysis features", to the right of the feature, click **Disable** or **Enable**. {% if currentVersion == "free-pro-team@latest" %}If "{% data variables.product.prodname_secret_scanning_caps %}" is not displayed, you may need to enable {% data variables.product.prodname_GH_advanced_security %} first. + !["Enable" or "Disable" button for "Configure security and analysis" features](/assets/images/help/repository/security-and-analysis-disable-or-enable-dotcom-private.png) + {% endif %} + {% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %} + !["Enable" or "Disable" button for "Configure security and analysis" features](/assets/images/help/repository/security-and-analysis-disable-or-enable-ghe.png) + {% endif %} ### Granting access to security alerts diff --git a/content/github/administering-a-repository/setting-repository-visibility.md b/content/github/administering-a-repository/setting-repository-visibility.md index 1618d5076c..7fd8db9d0c 100644 --- a/content/github/administering-a-repository/setting-repository-visibility.md +++ b/content/github/administering-a-repository/setting-repository-visibility.md @@ -24,7 +24,8 @@ We recommend reviewing the following caveats before you change the visibility of * If you change a repository's visibility from internal to private, {% data variables.product.prodname_dotcom %} will remove forks that belong to any user without access to the newly private repository. {% if currentVersion == "free-pro-team@latest" or enterpriseServerVersions contains currentVersion %}The visibility of any forks will also change to private.{% elsif currentVersion == "github-ae@latest" %}If the internal repository has any forks, the visibility of the forks is already private.{% endif %} For more information, see "[What happens to forks when a repository is deleted or changes visibility?](/articles/what-happens-to-forks-when-a-repository-is-deleted-or-changes-visibility)"{% if currentVersion == "free-pro-team@latest" %} * If you're using {% data variables.product.prodname_free_user %} for user accounts or organizations, some features won't be available in the repository after you change the visibility to private. {% data reusables.gated-features.more-info %}{% endif %} * Any published {% data variables.product.prodname_pages %} site will be automatically unpublished.{% if currentVersion == "free-pro-team@latest" %} If you added a custom domain to the {% data variables.product.prodname_pages %} site, you should remove or update your DNS records before making the repository private, to avoid the risk of a domain takeover. For more information, see "[Managing a custom domain for your {% data variables.product.prodname_pages %} site](/articles/managing-a-custom-domain-for-your-github-pages-site)."{% endif %}{% if currentVersion == "free-pro-team@latest" %} -* {% data variables.product.prodname_dotcom %} will no longer include the repository in the {% data variables.product.prodname_archive %}. For more information, see "[About archiving content and data on {% data variables.product.prodname_dotcom %}](/github/creating-cloning-and-archiving-repositories/about-archiving-content-and-data-on-github#about-the-github-archive-program)."{% endif %}{% if enterpriseServerVersions contains currentVersion %} +* {% data variables.product.prodname_dotcom %} will no longer include the repository in the {% data variables.product.prodname_archive %}. For more information, see "[About archiving content and data on {% data variables.product.prodname_dotcom %}](/github/creating-cloning-and-archiving-repositories/about-archiving-content-and-data-on-github#about-the-github-archive-program)."{% endif %}{% if currentVersion == "free-pro-team@latest" or enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %} +* {% data variables.product.prodname_GH_advanced_security %} features, such as {% data variables.product.prodname_code_scanning %}, will stop working unless the repository is owned by an organization that has a license for {% data variables.product.prodname_advanced_security %}. {% data reusables.advanced-security.more-info-ghas %}{% endif %}{% if enterpriseServerVersions contains currentVersion %} * Anonymous Git read access is no longer available. For more information, see "[Enabling anonymous Git read access for a repository](/enterprise/{{ currentVersion }}/user/articles/enabling-anonymous-git-read-access-for-a-repository)."{% endif %} {% if currentVersion == "free-pro-team@latest" or currentVersion == "github-ae@latest" or currentVersion ver_gt "enterprise-server@2.19" %} @@ -46,7 +47,10 @@ We recommend reviewing the following caveats before you change the visibility of #### Making a repository public * {% data variables.product.product_name %} will detach private forks and turn them into a standalone private repository. For more information, see "[What happens to forks when a repository is deleted or changes visibility?](/articles/what-happens-to-forks-when-a-repository-is-deleted-or-changes-visibility#changing-a-private-repository-to-a-public-repository)"{% if currentVersion == "free-pro-team@latest" %} -* If you're converting your private repository to a public repository as part of a move toward creating an open source project, see the [Open Source Guides](http://opensource.guide) for helpful tips and guidelines. You can also take a free course on managing an open source project with [{% data variables.product.prodname_learning %}]({% data variables.product.prodname_learning_link %}). Once your repository is public, you can also view your repository's community profile to see whether your project meets best practices for supporting contributors. For more information, see "[Viewing your community profile](/articles/viewing-your-community-profile)."{% endif %} +* If you're converting your private repository to a public repository as part of a move toward creating an open source project, see the [Open Source Guides](http://opensource.guide) for helpful tips and guidelines. You can also take a free course on managing an open source project with [{% data variables.product.prodname_learning %}]({% data variables.product.prodname_learning_link %}). Once your repository is public, you can also view your repository's community profile to see whether your project meets best practices for supporting contributors. For more information, see "[Viewing your community profile](/articles/viewing-your-community-profile)." +* The repository will automatically gain access to {% data variables.product.prodname_GH_advanced_security %} features. + +For information about improving repository security, see "[About securing your repository](/github/administering-a-repository/about-securing-your-repository)."{% endif %} {% endif %} @@ -59,7 +63,7 @@ We recommend reviewing the following caveats before you change the visibility of 3. Under "Danger Zone", to the right of to "Change repository visibility", click **Change visibility**. ![Change visibility button](/assets/images/help/repository/repo-change-vis.png) 4. Select a visibility. - ![Dialog of options for repository visibility](/assets/images/help/repository/repo-change-select.png) + ![Dialog of options for repository visibility](/assets/images/help/repository/repo-change-select.png) 5. To verify that you're changing the correct repository's visibility, type the name of the repository you want to change the visibility of. 6. Click **I understand, change repository visibility**. ![Confirm change of repository visibility button](/assets/images/help/repository/repo-change-confirm.png) diff --git a/content/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-codeql-code-scanning-in-your-ci-system.md b/content/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-codeql-code-scanning-in-your-ci-system.md index 9ea1c457d6..e53bd81edc 100644 --- a/content/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-codeql-code-scanning-in-your-ci-system.md +++ b/content/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-codeql-code-scanning-in-your-ci-system.md @@ -12,6 +12,7 @@ versions: {% data reusables.code-scanning.beta-codeql-runner %} {% data reusables.code-scanning.beta %} +{% data reusables.code-scanning.not-available %} ### The `init` command takes too long diff --git a/content/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-the-codeql-workflow.md b/content/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-the-codeql-workflow.md index 4307659a80..f1c4d3e53a 100644 --- a/content/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-the-codeql-workflow.md +++ b/content/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-the-codeql-workflow.md @@ -11,6 +11,7 @@ versions: --- {% data reusables.code-scanning.beta %} +{% data reusables.code-scanning.not-available %} ### Automatic build for a compiled language fails diff --git a/content/github/finding-security-vulnerabilities-and-errors-in-your-code/uploading-a-sarif-file-to-github.md b/content/github/finding-security-vulnerabilities-and-errors-in-your-code/uploading-a-sarif-file-to-github.md index 4b900eaf08..32aa381f4e 100644 --- a/content/github/finding-security-vulnerabilities-and-errors-in-your-code/uploading-a-sarif-file-to-github.md +++ b/content/github/finding-security-vulnerabilities-and-errors-in-your-code/uploading-a-sarif-file-to-github.md @@ -27,6 +27,8 @@ You can upload the results using {% data variables.product.prodname_actions %}{% - The {% data variables.product.prodname_codeql_runner %}, to run {% data variables.product.prodname_code_scanning %} in your CI system, by default the runner automatically uploads results to {% data variables.product.prodname_dotcom %} on completion. If you block the automatic upload, when you are ready to upload results you can use the `upload` command (for more information, see "[Running {% data variables.product.prodname_code_scanning %} in your CI system](/github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-your-ci-system)"). - A tool that generates results as an artifact outside of your repository, you can use the {% data variables.product.prodname_code_scanning %} API to upload the file (for more information, see "[Upload a SARIF file](/rest/reference/code-scanning#upload-a-sarif-file)"). +{% data reusables.code-scanning.not-available %} + ### Uploading a {% data variables.product.prodname_code_scanning %} analysis with {% data variables.product.prodname_actions %} To use {% data variables.product.prodname_actions %} to upload a third-party SARIF file to a repository, you'll need a workflow. For more information, see "[Learn {% data variables.product.prodname_actions %}](/actions/getting-started-with-github-actions/about-github-actions)" and "[Learn {% data variables.product.prodname_actions %}](/actions/learn-github-actions)." diff --git a/content/github/getting-started-with-github/about-github-advanced-security.md b/content/github/getting-started-with-github/about-github-advanced-security.md new file mode 100644 index 0000000000..34a1caaf08 --- /dev/null +++ b/content/github/getting-started-with-github/about-github-advanced-security.md @@ -0,0 +1,46 @@ +--- +title: About GitHub Advanced Security +intro: '{% data variables.product.prodname_dotcom %} makes extra security features available to customers under an {% data variables.product.prodname_advanced_security %} license. These features are also enabled for public repositories on {% data variables.product.prodname_dotcom_the_website %}.' +versions: + free-pro-team: '*' + enterprise-server: '>=3.0' +--- + +### About {% data variables.product.prodname_GH_advanced_security %} + +{% data variables.product.prodname_dotcom %} has many features that help you improve and maintain the quality of your code. Some of these are included in all plans, for example: dependency graph and {% data variables.product.prodname_dependabot_alerts %}. Other security features require a license for {% data variables.product.prodname_GH_advanced_security %} to run on repositories apart from public repositories on {% data variables.product.prodname_dotcom_the_website %}. (That is, private and internal repositories on {% data variables.product.prodname_dotcom_the_website %}, and all repositories on {% data variables.product.prodname_ghe_server %}.) + +For an overview of all security features, see "[About securing your repository](/github/administering-a-repository/about-securing-your-repository#setting-up-your-repository-securely)." + +### About {% data variables.product.prodname_advanced_security %} features + +A {% data variables.product.prodname_GH_advanced_security %} license provides the following additional features: + +- **{% data variables.product.prodname_code_scanning_capc %}** - Search for potential security vulnerabilities and coding errors in your code. For more information, see "[About {% data variables.product.prodname_code_scanning %}](/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning)." + +- **{% data variables.product.prodname_secret_scanning_caps %}** - Detect secrets, for example keys and tokens, that have been checked into the repository. For more information, see "[About {% data variables.product.prodname_secret_scanning %}](/github/administering-a-repository/about-secret-scanning)." + +{% if currentVersion == "free-pro-team@latest" %} +- **Dependency review** - Show the full impact of changes to dependencies and see details of any vulnerable versions before you merge a pull request. For more information, see "[Reviewing dependency changes in a pull request](/github/collaborating-with-issues-and-pull-requests/reviewing-dependency-changes-in-a-pull-request)." +{% endif %} + +For information about {% data variables.product.prodname_advanced_security %} features that are in development, see "[{% data variables.product.prodname_dotcom %} public roadmap](https://github.com/github/roadmap)." + +{% if currentVersion ver_gt "enterprise-server@2.22" %} +### Enabling {% data variables.product.prodname_advanced_security %} features on {% data variables.product.prodname_ghe_server %} + +The site administrator must enable {% data variables.product.prodname_advanced_security %} for {% data variables.product.product_location %} before you can use these features. For more information, see "[Configuring Advanced Security features](/admin/configuration/configuring-advanced-security-features)." + +Once your system is set up, you can enable and disable these features at the organization or repository level. For more information, see "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)" and "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)." + +For information about purchasing a license for {% data variables.product.prodname_GH_advanced_security %}, contact {% data variables.contact.contact_enterprise_sales %}. +{% endif %} + +### Enabling {% data variables.product.prodname_advanced_security %} features on {% data variables.product.prodname_dotcom_the_website %} + +For public repositories on {% data variables.product.prodname_dotcom_the_website %}, these features are permanently on and are only disabled if you change the visibility of the project so that the code is no longer public. + +For all other repositories, once you have a license, you can enable and disable these features at the organization or repository level. {% if currentVersion == "free-pro-team@latest" %}For more information, see "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)" and "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)." + +For information about purchasing a license for {% data variables.product.prodname_GH_advanced_security %}, contact {% data variables.contact.contact_enterprise_sales %}. +{% endif %} \ No newline at end of file diff --git a/content/github/getting-started-with-github/githubs-products.md b/content/github/getting-started-with-github/githubs-products.md index 3735db6d81..dfe5f0a4bf 100644 --- a/content/github/getting-started-with-github/githubs-products.md +++ b/content/github/getting-started-with-github/githubs-products.md @@ -97,7 +97,7 @@ For more information about hosting your own instance of [{% data variables.produ - {% data variables.contact.github_support %} {% data variables.product.premium_plus_support_plan %} - {% data variables.product.prodname_insights %} -- {% data variables.product.prodname_advanced_security %}{% if currentVersion == "free-pro-team@latest" %}. For more information, see "[About {% data variables.product.prodname_code_scanning %}](/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning)" and "[About {% data variables.product.prodname_secret_scanning %}](/github/administering-a-repository/about-secret-scanning) (beta)."{% endif %}{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21" %}. For more information, see "[About {% data variables.product.prodname_code_scanning %}](/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning) (beta)."{% endif %} +- {% data variables.product.prodname_GH_advanced_security %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}. For more information, see "[About {% data variables.product.prodname_GH_advanced_security %}](/github/getting-started-with-github/about-github-advanced-security)."{% endif %}{% if enterpriseServerVersions contains currentVersion and currentVersion == "enterprise-server@2.22" %}. For more information, see "[About {% data variables.product.prodname_code_scanning %}](/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning)" (beta).{% endif %} - [{% data variables.product.prodname_learning %} for organizations](https://lab.github.com/organizations) For more information about signing up for {% data variables.product.prodname_ghe_one %}, contact [{% data variables.product.product_name %}'s Sales team](https://enterprise.github.com/contact). diff --git a/content/github/getting-started-with-github/index.md b/content/github/getting-started-with-github/index.md index c8b857b90e..d5970dd910 100644 --- a/content/github/getting-started-with-github/index.md +++ b/content/github/getting-started-with-github/index.md @@ -28,6 +28,7 @@ versions: {% link_in_list /be-social %} {% topic_link_in_list /learning-about-github %} {% link_in_list /githubs-products %} + {% link_in_list /about-github-advanced-security %} {% link_in_list /exploring-early-access-releases-with-feature-preview %} {% link_in_list /types-of-github-accounts %} {% link_in_list /faq-about-changes-to-githubs-plans %} diff --git a/content/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization.md b/content/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization.md index 4dfec3a11e..7fcb1ff573 100644 --- a/content/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization.md +++ b/content/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization.md @@ -8,7 +8,8 @@ versions: ### About management of security and analysis settings -{% data variables.product.prodname_dotcom %} can help secure the repositories in your organization. You can manage the security and analysis features for all existing or new repositories that members create in your organization. +{% data variables.product.prodname_dotcom %} can help secure the repositories in your organization. You can manage the security and analysis features for all existing or new repositories that members create in your organization. {% if currentVersion == "free-pro-team@latest" %}If you have a license for {% data variables.product.prodname_GH_advanced_security %} then you can also manage access to these features. {% data reusables.advanced-security.more-info-ghas %}{% endif %} + {% data reusables.security.some-security-and-analysis-features-are-enabled-by-default %} {% data reusables.security.security-and-analysis-features-enable-read-only %} @@ -19,26 +20,58 @@ versions: {% data reusables.organizations.org_settings %} {% data reusables.organizations.security-and-analysis %} -The page that's displayed allows you to enable or disable security and analysis features for the repositories in your organization. +The page that's displayed allows you to enable or disable all security and analysis features for the repositories in your organization. {% if currentVersion == "free-pro-team@latest" %}If your organization, or the enterprise that owns it, has a license for {% data variables.product.prodname_GH_advanced_security %}, the page will also contain options to enable and disable {% data variables.product.prodname_advanced_security %} features. + +![{% data variables.product.prodname_GH_advanced_security %} features](/assets/images/help/organizations/security-and-analysis-highlight-ghas.png) +{% endif %} ### Enabling or disabling a feature for all existing repositories +You can enable or disable features for all repositories. {% if currentVersion == "free-pro-team@latest" %}The impact of your changes on repositories in your organization is determined by their visibility: + +- **Dependency graph** - Your changes affect only private repositories because the feature is always enabled for public repositories. +- **{% data variables.product.prodname_dependabot_alerts %}** - Your changes affect all repositories. +- **{% data variables.product.prodname_dependabot_security_updates %}** - Your changes affect all repositories. +- **{% data variables.product.prodname_GH_advanced_security %}** - Your changes affect only private repositories because {% data variables.product.prodname_GH_advanced_security %} and the related features are always enabled for public repositories. +- **{% data variables.product.prodname_secret_scanning_caps %}** - Your changes affect only private repositories where {% data variables.product.prodname_GH_advanced_security %} is also enabled. {% data variables.product.prodname_secret_scanning_caps %} is always enabled for public repositories.{% endif %} + +{% data reusables.advanced-security.note-org-enable-uses-seats %} + 1. Go to the security and analysis settings for your organization. For more information, see "[Displaying the security and analysis settings](#displaying-the-security-and-analysis-settings)." 1. Under "Configure security and analysis features", to the right of the feature, click **Disable all** or **Enable all**. - !["Enable all" or "Disable all" button for "Configure security and analysis" features](/assets/images/help/organizations/security-and-analysis-disable-or-enable-all.png) -1. Optionally, enable the feature by default for new repositories in your organization. - !["Enable by default" option for new repositories](/assets/images/help/organizations/security-and-analysis-enable-by-default-in-modal.png) + {% if currentVersion == "free-pro-team@latest" %} + !["Enable all" or "Disable all" button for "Configure security and analysis" features](/assets/images/help/organizations/security-and-analysis-disable-or-enable-all-ghas-dotcom.png) + {% endif %} + {% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %} + !["Enable all" or "Disable all" button for "Configure security and analysis" features](/assets/images/help/organizations/security-and-analysis-disable-or-enable-all-ghe.png) + {% endif %} +2. Optionally, enable the feature by default for new repositories in your organization. + {% if currentVersion == "free-pro-team@latest" %} + !["Enable by default" option for new repositories](/assets/images/help/organizations/security-and-analysis-enable-by-default-in-modal.png) + {% endif %} + {% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %} + !["Enable by default" option for new repositories](/assets/images/help/organizations/security-and-analysis-secret-scanning-enable-by-default-ghe.png) + {% endif %} 1. Click **Disable FEATURE** or **Enable FEATURE** to disable or enable the feature for all the repositories in your organization. ![Button to disable or enable feature](/assets/images/help/organizations/security-and-analysis-enable-dependency-graph.png) -### Enabling or disabling a feature for all new repositories when they are added +### Enabling or disabling a feature automatically when new repositories are added 1. Go to the security and analysis settings for your organization. For more information, see "[Displaying the security and analysis settings](#displaying-the-security-and-analysis-settings)." -1. Under "Configure security and analysis features", to the right of the feature, enable or disable the feature by default for new repositories in your organization. - ![Checkbox for enabling or disabling a feature for new repositories](/assets/images/help/organizations/security-and-analysis-enable-or-disable-feature-checkbox.png) +1. Under "Configure security and analysis features", to the right of the feature, enable or disable the feature by default for new repositories{% if currentVersion == "free-pro-team@latest" %}, or all new private repositories,{% endif %} in your organization. + {% if currentVersion == "free-pro-team@latest" %} + ![Checkbox for enabling or disabling a feature for new repositories](/assets/images/help/organizations/security-and-analysis-enable-or-disable-feature-checkbox-dotcom.png) + {% endif %} + {% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %} + ![Checkbox for enabling or disabling a feature for new repositories](/assets/images/help/organizations/security-and-analysis-enable-or-disable-secret-scanning-checkbox-ghe.png) + {% endif %} + + {% data reusables.advanced-security.note-org-enable-uses-seats %} ### Allowing Dependabot to access private repositories +{% data reusables.dependabot.beta-note %} + {% data variables.product.prodname_dependabot %} can check for outdated dependency references in a project and automatically generate a pull request to update them. To do this, {% data variables.product.prodname_dependabot %} must have access to all of the targeted dependency files. Typically, version updates will fail if one or more dependencies are inaccessible. By default, {% data variables.product.prodname_dependabot %} can't update dependencies that are located in private repositories. However, if a dependency is in a private {% data variables.product.prodname_dotcom %} repository within the same organization as the project that uses that dependency, you can allow {% data variables.product.prodname_dependabot %} to update the version successfully by giving it access to the host repository. For more information, including details of limitations to private dependency support, see "[About Dependabot version updates](/github/administering-a-repository/about-dependabot-version-updates)." diff --git a/content/github/setting-up-and-managing-organizations-and-teams/repository-permission-levels-for-an-organization.md b/content/github/setting-up-and-managing-organizations-and-teams/repository-permission-levels-for-an-organization.md index 2e21db1c13..bd5e816583 100644 --- a/content/github/setting-up-and-managing-organizations-and-teams/repository-permission-levels-for-an-organization.md +++ b/content/github/setting-up-and-managing-organizations-and-teams/repository-permission-levels-for-an-organization.md @@ -107,7 +107,8 @@ In addition to managing organization-level settings, organization owners have ad | [Dismiss {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository) | | | | | **X** | | [Designate additional people or teams to receive {% data variables.product.prodname_dependabot_alerts %}](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository) for vulnerable dependencies | | | | | **X** | | [Manage data use settings for your private repository](/github/understanding-how-github-uses-and-protects-your-data/managing-data-use-settings-for-your-private-repository) | | | | | **X** | -| Create [security advisories](/github/managing-security-vulnerabilities/about-github-security-advisories) | | | | | **X** | {% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %} +| Create [security advisories](/github/managing-security-vulnerabilities/about-github-security-advisories) | | | | | **X** | +| Manage access to {% data variables.product.prodname_GH_advanced_security %} features (see "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)") | | | | | **X** |{% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %} | [View {% data variables.product.prodname_code_scanning %} alerts on pull requests](/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests) | **X** | **X** | **X** | **X** | **X** | | [List, dismiss, and delete {% data variables.product.prodname_code_scanning %} alerts](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository) | | | **X** | **X** | **X** |{% endif %} | [Manage the forking policy for a repository](/github/administering-a-repository/managing-the-forking-policy-for-your-repository) | | | | | **X** | @@ -115,8 +116,7 @@ In addition to managing organization-level settings, organization owners have ad | [Delete or transfer repositories out of the organization](/articles/setting-permissions-for-deleting-or-transferring-repositories) | | | | | **X** | | [Archive repositories](/articles/about-archiving-repositories) | | | | | **X** |{% if currentVersion == "free-pro-team@latest" %} | Display a sponsor button (see "[Displaying a sponsor button in your repository](/articles/displaying-a-sponsor-button-in-your-repository)") | | | | | **X** |{% endif %} -| Create autolink references to external resources, like JIRA or Zendesk (see "[Configuring autolinks to reference external resources](/articles/configuring-autolinks-to-reference-external-resources)") | | | | | **X** |{% if currentVersion == "free-pro-team@latest" %} -| Create [security advisories](/github/managing-security-vulnerabilities/about-github-security-advisories) | | | | | **X** | {% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %} +| Create autolink references to external resources, like JIRA or Zendesk (see "[Configuring autolinks to reference external resources](/articles/configuring-autolinks-to-reference-external-resources)") | | | | | **X** |{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %} | [View {% data variables.product.prodname_code_scanning %} alerts on pull requests](/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests) | **X** | **X** | **X** | **X** | **X** | | [List, dismiss, and delete {% data variables.product.prodname_code_scanning %} alerts](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository) | | | **X** | **X** | **X** |{% endif %}{% if currentVersion == "free-pro-team@latest" %} | [Enable {% data variables.product.prodname_discussions %}](/github/administering-a-repository/enabling-or-disabling-github-discussions-for-a-repository) in a repository | | | | **X** | **X** | diff --git a/content/github/setting-up-and-managing-organizations-and-teams/reviewing-the-audit-log-for-your-organization.md b/content/github/setting-up-and-managing-organizations-and-teams/reviewing-the-audit-log-for-your-organization.md index e4d3ba9c9a..c59633f47f 100644 --- a/content/github/setting-up-and-managing-organizations-and-teams/reviewing-the-audit-log-for-your-organization.md +++ b/content/github/setting-up-and-managing-organizations-and-teams/reviewing-the-audit-log-for-your-organization.md @@ -324,6 +324,8 @@ For more information, see "[Restricting publication of {% data variables.product | Action | Description |------------------|-------------------{% if currentVersion == "free-pro-team@latest"%} +| `advanced_security_disabled` | Triggered when an organization admin disables {% data variables.product.prodname_GH_advanced_security %} for all existing private and internal repositories. For more information, see "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)." +| `advanced_security_enabled` | Triggered when an organization admin enables {% data variables.product.prodname_GH_advanced_security %} for all existing private and internal repositories. | `audit_log_export` | Triggered when an organization admin [creates an export of the organization audit log](#exporting-the-audit-log). If the export included a query, the log will list the query used and the number of audit log entries matching that query. | `block_user` | Triggered when an organization owner [blocks a user from accessing the organization's repositories](/articles/blocking-a-user-from-your-organization). | `cancel_invitation` | Triggered when an organization invitation has been revoked. {% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %} @@ -451,7 +453,9 @@ For more information, see "[Restricting publication of {% data variables.product |------------------|------------------- | `access` | Triggered when a user [changes the visibility](/github/administering-a-repository/setting-repository-visibility) of a repository in the organization. | `add_member` | Triggered when a user accepts an [invitation to have collaboration access to a repository](/articles/inviting-collaborators-to-a-personal-repository). -| `add_topic` | Triggered when a repository admin [adds a topic](/articles/classifying-your-repository-with-topics) to a repository. +| `add_topic` | Triggered when a repository admin [adds a topic](/articles/classifying-your-repository-with-topics) to a repository.{% if currentVersion == "free-pro-team@latest" %} +| `advanced_security_disabled` | Triggered when a repository owner disables {% data variables.product.prodname_GH_advanced_security %}. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)." +| `advanced_security_enabled` | Triggered when a repository owner enables {% data variables.product.prodname_GH_advanced_security %}.{% endif %} | `archived` | Triggered when a repository admin [archives a repository](/articles/about-archiving-repositories).{% if enterpriseServerVersions contains currentVersion %} | `config.disable_anonymous_git_access` | Triggered when [anonymous Git read access is disabled](/enterprise/{{ currentVersion }}/user/articles/enabling-anonymous-git-read-access-for-a-repository) in a public repository. | `config.enable_anonymous_git_access` | Triggered when [anonymous Git read access is enabled](/enterprise/{{ currentVersion }}/user/articles/enabling-anonymous-git-read-access-for-a-repository) in a public repository. diff --git a/content/github/understanding-how-github-uses-and-protects-your-data/managing-data-use-settings-for-your-private-repository.md b/content/github/understanding-how-github-uses-and-protects-your-data/managing-data-use-settings-for-your-private-repository.md index dc1c7cecd5..75069e955c 100644 --- a/content/github/understanding-how-github-uses-and-protects-your-data/managing-data-use-settings-for-your-private-repository.md +++ b/content/github/understanding-how-github-uses-and-protects-your-data/managing-data-use-settings-for-your-private-repository.md @@ -22,7 +22,7 @@ When you enable data use for your private repository, you'll be able to access t {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-security-and-analysis %} 4. Under "Configure security and analysis features", to the right of the feature, click **Disable** or **Enable**. - !["Enable" or "Disable" button for "Configure security and analysis" features](/assets/images/help/repository/security-and-analysis-disable-or-enable.png) + !["Enable" or "Disable" button for "Configure security and analysis" features](/assets/images/help/repository/security-and-analysis-disable-or-enable-dotcom-private.png) ### Further reading diff --git a/data/reusables/advanced-security/more-info-ghas.md b/data/reusables/advanced-security/more-info-ghas.md new file mode 100644 index 0000000000..4a510456e9 --- /dev/null +++ b/data/reusables/advanced-security/more-info-ghas.md @@ -0,0 +1,3 @@ +{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %} +For more information, see "[About {% data variables.product.prodname_GH_advanced_security %}](/github/getting-started-with-github/about-github-advanced-security)." +{% endif %} diff --git a/data/reusables/advanced-security/note-org-enable-uses-seats.md b/data/reusables/advanced-security/note-org-enable-uses-seats.md new file mode 100644 index 0000000000..48f3c5a99a --- /dev/null +++ b/data/reusables/advanced-security/note-org-enable-uses-seats.md @@ -0,0 +1,7 @@ +{% if currentVersion == "free-pro-team@latest" %} +{% note %} + +**Note:** If you enable {% data variables.product.prodname_GH_advanced_security %}, committers to these repositories will use seats on your {% data variables.product.prodname_GH_advanced_security %} license. + +{% endnote %} +{% endif %} \ No newline at end of file diff --git a/data/reusables/code-scanning/codeql-runner-license.md b/data/reusables/code-scanning/codeql-runner-license.md index 689b46e679..c60abccd58 100644 --- a/data/reusables/code-scanning/codeql-runner-license.md +++ b/data/reusables/code-scanning/codeql-runner-license.md @@ -4,7 +4,7 @@ **Note:** The {% data variables.product.prodname_codeql_runner %} uses the {% data variables.product.prodname_codeql %} CLI to analyze code and therefore has the same license conditions. It's free to use on public repositories that are maintained on {% data variables.product.prodname_dotcom_the_website %}, and available to use on private repositories that are owned by customers with an {% data variables.product.prodname_advanced_security %} license. For information, see "[{% data variables.product.product_name %} {% data variables.product.prodname_codeql %} Terms and Conditions](https://securitylab.github.com/tools/codeql/license)" and "[{% data variables.product.prodname_codeql %} CLI](https://help.semmle.com/codeql/codeql-cli.html)." {% else %} -**Note:** The {% data variables.product.prodname_codeql_runner %} is available to customers with an {% data variables.product.prodname_advanced_security %} license. +**Note:** The {% data variables.product.prodname_codeql_runner %} is available to customers with an {% data variables.product.prodname_advanced_security %} license. {% if currentVersion ver_gt "enterprise-server@2.22" %}For more information, see "[About GitHub Advanced Security](/github/getting-started-with-github/about-github-advanced-security)."{% endif %} {% endif %} {% endnote %} diff --git a/data/reusables/code-scanning/not-available.md b/data/reusables/code-scanning/not-available.md new file mode 100644 index 0000000000..6531f5e1d0 --- /dev/null +++ b/data/reusables/code-scanning/not-available.md @@ -0,0 +1,7 @@ +{% if currentVersion == "free-pro-team@latest" %} +{% note %} + +**Note:** For private and internal repositories, {% data variables.product.prodname_code_scanning %} is available when {% data variables.product.prodname_GH_advanced_security %} features are enabled for the repository. If you see the error `Advanced Security must be enabled for this repository to use code scanning.` check that {% data variables.product.prodname_GH_advanced_security %} is enabled. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)." + +{% endnote %} +{% endif %} diff --git a/data/reusables/gated-features/code-scanning.md b/data/reusables/gated-features/code-scanning.md index 2bcd80c1d4..69e6abf27f 100644 --- a/data/reusables/gated-features/code-scanning.md +++ b/data/reusables/gated-features/code-scanning.md @@ -1 +1 @@ -{% data variables.product.prodname_code_scanning_capc %} is available {% if currentVersion == "free-pro-team@latest" %}in public repositories, and in private repositories owned by organizations with {% else %}if you have {% endif %}an {% data variables.product.prodname_advanced_security %} license. {% data reusables.gated-features.more-info %} +{% if currentVersion == "free-pro-team@latest" %}{% data variables.product.prodname_code_scanning_capc %} is available for all public repositories and for private repositories owned by organizations where {% data variables.product.prodname_GH_advanced_security %} is enabled.{% else %}{% data variables.product.prodname_code_scanning_capc %} is available if you have a license for {% data variables.product.prodname_GH_advanced_security %}.{% endif %} {% data reusables.advanced-security.more-info-ghas %} diff --git a/data/reusables/gated-features/secret-scanning.md b/data/reusables/gated-features/secret-scanning.md index bd279034ee..7396ad8e24 100644 --- a/data/reusables/gated-features/secret-scanning.md +++ b/data/reusables/gated-features/secret-scanning.md @@ -1 +1 @@ -{% data variables.product.prodname_secret_scanning_caps %} is available in public repositories, and in private repositories owned by organizations with an {% data variables.product.prodname_advanced_security %} license. {% data reusables.gated-features.more-info %} +{% data variables.product.prodname_secret_scanning_caps %} is available {% if currentVersion == "free-pro-team@latest" %}in public repositories, and in private repositories owned by organizations with {% else %}if you have {% endif %}an {% data variables.product.prodname_advanced_security %} license. {% data reusables.advanced-security.more-info-ghas %} diff --git a/data/variables/product.yml b/data/variables/product.yml index 16ef0bcf1e..211d5f32b1 100644 --- a/data/variables/product.yml +++ b/data/variables/product.yml @@ -110,6 +110,7 @@ prodname_sponsors: 'GitHub Sponsors' prodname_matching_fund: 'GitHub Sponsors Matching Fund' # GitHub Advanced Security +prodname_GH_advanced_security: 'GitHub Advanced Security' prodname_advanced_security: 'Advanced Security' # Codespaces