jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 18:10:59 -05:00
Code Issues Projects Releases Wiki Activity

Secret risk assessment - Add more cross-links (#56919)

Browse Source
This commit is contained in:
Vanessa
2025-08-01 12:39:15 +10:00
committed by GitHub
parent e28e99afb3
commit 63a325e669
6 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
content/code-security/secret-scanning/introduction/about-secret-scanning.md
View File

@@ -33,7 +33,9 @@ shortTitle: Secret scanning
{% ifversion ghas-products %}{% ifversion secret-risk-assessment %}
> [!TIP]
> Regardless of the enablement status of {% data variables.product.prodname_AS %} features, organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %} can run a free report to scan the code in the organization for leaked secrets, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment).{% endif %}{% else %}{% endif %}
> Regardless of the enablement status of {% data variables.product.prodname_AS %} features, organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %} can run a free report to scan the code in the organization for leaked secrets.
>
> To generate a report, open {% data reusables.security-overview.navigate-to-risk-assessment %}.{% endif %}{% else %}{% endif %}
When a supported secret is leaked, {% data variables.product.github %} generates a {% data variables.product.prodname_secret_scanning %} alert. Alerts are reported on the **Security** tab of repositories on {% data variables.product.github %}, where you can view, evaluate, and resolve them. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning).

2
content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment.md
View File

@@ -60,6 +60,6 @@ Because the {% data variables.product.prodname_secret_risk_assessment %} report
Now that you know about the {% data variables.product.prodname_secret_risk_assessment %} report, you may want to learn how to:
* Generate the report to see your organization risk. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization).
* Generate the report to see your organization risk. Navigate to {% data reusables.security-overview.navigate-to-risk-assessment %}.
* Interpret the results of the report. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results).
* Enable {% data variables.product.prodname_GH_secret_protection %} to improve your secret leak footprint. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/choosing-github-secret-protection#enabling-secret-protection).

6
content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/choosing-github-secret-protection.md
View File

@@ -21,7 +21,9 @@ topics:
{% data reusables.secret-protection.product-list %}
In addition, {% data variables.product.prodname_secret_protection %} includes a free scanning feature, the **risk assessment** report, to help organizations understand their secret leak footprint across their {% data variables.product.github %} perimeter. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment).
In addition, {% data variables.product.prodname_secret_protection %} includes a free scanning feature, the **risk assessment** report, to help organizations understand their secret leak footprint across their {% data variables.product.github %} perimeter.
To generate a {% data variables.product.prodname_secret_risk_assessment %} report, navigate to {% data reusables.security-overview.navigate-to-risk-assessment %}.
{% data variables.product.prodname_secret_protection %} is billed per active committer to the repositories where it is enabled. It is available to users with a {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %} plan, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
@@ -29,7 +31,7 @@ In addition, {% data variables.product.prodname_secret_protection %} includes a
{% data variables.product.github %} recommends enabling {% data variables.product.prodname_GH_secret_protection %} products for all repositories, in order to protect your organization from the risk of secret leaks and exposures. {% data variables.product.prodname_GH_secret_protection %} is free to enable for public repositories, and available as a purchasable add-on for private and internal repositories.
* {% data reusables.secret-risk-assessment.what-is-scanned %}. See [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)
* {% data reusables.secret-risk-assessment.what-is-scanned %}. See [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning).
* The {% data variables.product.prodname_secret_risk_assessment %} and {% data variables.product.prodname_secret_scanning %} _scan code that has already been committed_ into your repositories. With **push protection**, your code is scanned for secrets _before_ commits are saved on {% data variables.product.github %}, during the push process, and the push is blocked if any secrets are detected. See [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).

2
content/code-security/trialing-github-advanced-security/explore-trial-secret-scanning.md
View File

@@ -22,6 +22,8 @@ This guide assumes that you have planned and started a trial of {% data variable
* Control and audit the bypass process for push protection and {% data variables.secret-scanning.alerts %}.
* Enable validity checks for exposed tokens.
To find out how to run a free secret risk assessment, see [Generating an initial secret risk assessment](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization#generating-an-initial-secret-risk-assessment).
If you have already scanned the code in your organization for leaked secrets using the free secret risk assessment, you will also want to explore that data more completely using the additional views on the **{% octicon "shield" aria-hidden="true" aria-label="shield" %} Security** tab for the organization.
For full details of the features available, see [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security#github-secret-protection).

1
data/reusables/security-overview/navigate-to-risk-assessment.md Normal file
View File

@@ -0,0 +1 @@
the **{% octicon "shield" aria-hidden="true" aria-label="shield" %} Security** tab for your organization, display the **{% octicon "key" aria-hidden="true" aria-label="key" %} Assessments** page, then click **Scan your organization**

2
data/reusables/security-overview/open-assessments-view.md
View File

@@ -1 +1 @@
1. In the sidebar, under "Security", click **Assessments**.
1. In the sidebar, under "Security", click **{% octicon "key" aria-hidden="true" aria-label="key" %} Assessments**.