diff --git a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md b/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md index 31551be1d3..2e0d7e550c 100644 --- a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md +++ b/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md @@ -71,9 +71,14 @@ Through the "Code security and analysis" page of your organization's settings, y {% data reusables.code-scanning.beta-org-enable-all %} -1. Click your profile photo, then click **Organizations**. -1. Click **Settings** next to your organization. -1. Click **Code security & analysis**. +{% data reusables.profile.access_org %} +{% data reusables.profile.org_settings %} +{% data reusables.organizations.security-and-analysis %} + +{% ifversion security-configurations %} + {% data reusables.security-configurations.changed-org-settings-security-configurations-callout %} For next steps on enabling {% data variables.product.prodname_code_scanning %} and other security features for all eligible repositories with {% data variables.product.prodname_security_configurations %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)." +{% endif %} + 1. Click **Enable all** next to "{% data variables.product.prodname_code_scanning_caps %}".{% ifversion bulk-code-scanning-query-suite%} 1. In the "Query suites" section of the "Enable {% data variables.product.prodname_code_scanning %} default setup" dialog box displayed, select the query suite your configuration of default setup will run. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites)." 1. To enable your configuration of default setup, click **Enable for eligible repositories**. diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning.md b/content/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning.md index a5d98177d3..de935c14d6 100644 --- a/content/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning.md +++ b/content/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning.md @@ -45,6 +45,11 @@ Note that disabling autofix at the organization level will remove all open autof {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} + +{% ifversion security-configurations %} + {% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For more information on {% data variables.product.prodname_global_settings %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization)." +{% endif %} + 1. Under the "{% data variables.product.prodname_code_scanning_caps %}" section, deselect **Autofix for {% data variables.product.prodname_codeql %}**. ## Disabling autofix for a repository diff --git a/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md b/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md index 3ee8314de3..298801725a 100644 --- a/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md +++ b/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md @@ -101,6 +101,11 @@ You can use the organization settings page for "Code security and analysis" to e {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} + +{% ifversion security-configurations %} + {% data reusables.security-configurations.changed-org-settings-security-configurations-callout %} For next steps on enabling {% data variables.product.prodname_dependabot_alerts %} and other security features at scale with {% data variables.product.prodname_security_configurations %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)." +{% endif %} + 1. Under "Code security and analysis", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Disable all** or **Enable all**. 1. Optionally, to enable {% data variables.product.prodname_dependabot_alerts %} by default for new repositories in your organization, in the dialog box, select "Enable by default for new repositories". 1. Click **Disable {% data variables.product.prodname_dependabot_alerts %}** or **Enable {% data variables.product.prodname_dependabot_alerts %}** to disable or enable {% data variables.product.prodname_dependabot_alerts %} for all the repositories in your organization. diff --git a/content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md b/content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md index 7d1c640344..a42ba8e6d6 100644 --- a/content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md +++ b/content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md @@ -90,6 +90,11 @@ For more information about enabling or disabling {% data variables.product.prodn {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} + +{% ifversion security-configurations %} + {% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For next steps on adding {% data variables.dependabot.auto_triage_rules %} to your organization with {% data variables.product.prodname_global_settings %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#creating-and-managing-dependabot-auto-triage-rules)." +{% endif %} + {% data reusables.dependabot.navigate-to-org-level-dependabot-alert-rules %} {% data reusables.dependabot.click-new-alert-rule %} {% data reusables.dependabot.dependabot-alert-rule-set-name %} @@ -118,6 +123,11 @@ For more information about enabling or disabling {% data variables.product.prodn {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} + +{% ifversion security-configurations %} + {% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For next steps on editing or deleting {% data variables.dependabot.auto_triage_rules %} in your organization with {% data variables.product.prodname_global_settings %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#creating-and-managing-dependabot-auto-triage-rules)." +{% endif %} + {% data reusables.dependabot.navigate-to-org-level-dependabot-alert-rules %} 1. Under "Organization rules", to the right of the rule that you want to edit or delete, click {% octicon "pencil" aria-label="Edit custom rule" %}. {% data reusables.dependabot.custom-alert-rules-edit-rule %} diff --git a/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md b/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md index d36325ffef..35e6f94906 100644 --- a/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md +++ b/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md @@ -93,6 +93,11 @@ Organization owners can enable or disable grouped security updates for all repos {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} + +{% ifversion security-configurations %} + {% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For next steps on enabling or disabling grouped {% data variables.product.prodname_dependabot_security_updates %} in your organization with {% data variables.product.prodname_global_settings %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#grouping-dependabot-security-updates)." +{% endif %} + 1. Under "Code security and analysis", to the right of "Grouped security updates", click **Disable all** or **Enable all**. 1. Optionally, to enable grouped {% data variables.product.prodname_dependabot_security_updates %} for new repositories in your organization, select **Automatically enable for new repositories**. diff --git a/content/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning.md b/content/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning.md index cc0971c752..b80fe15876 100644 --- a/content/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning.md +++ b/content/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning.md @@ -112,6 +112,11 @@ Before defining a custom pattern, you must ensure that you enable {% data variab {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} + +{% ifversion security-configurations %} + {% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For next steps on defining a custom pattern for your organization with {% data variables.product.prodname_global_settings %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#defining-custom-patterns)." +{% endif %} + {% data reusables.repositories.navigate-to-ghas-settings %} {% data reusables.advanced-security.secret-scanning-new-custom-pattern %} {% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %} diff --git a/content/code-security/secret-scanning/generating-regular-expressions-for-custom-patterns-with-ai.md b/content/code-security/secret-scanning/generating-regular-expressions-for-custom-patterns-with-ai.md index d2f635411f..fd68775bc9 100644 --- a/content/code-security/secret-scanning/generating-regular-expressions-for-custom-patterns-with-ai.md +++ b/content/code-security/secret-scanning/generating-regular-expressions-for-custom-patterns-with-ai.md @@ -40,6 +40,11 @@ For more information about the generator, see "[AUTOTITLE](/code-security/secret {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} + +{% ifversion security-configurations %} + {% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For detail on using the {% data variables.secret-scanning.custom-pattern-regular-expression-generator %}, reference the following steps in this procedure. For more information on configuring {% data variables.product.prodname_global_settings %} for your organization, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization)." +{% endif %} + {% data reusables.repositories.navigate-to-ghas-settings %} {% data reusables.advanced-security.secret-scanning-new-custom-pattern %} {% data reusables.advanced-security.secret-scanning-generate-regular-expression-custom-pattern %} diff --git a/content/code-security/secret-scanning/push-protection-for-repositories-and-organizations.md b/content/code-security/secret-scanning/push-protection-for-repositories-and-organizations.md index c8958ba6cf..96bfbd862b 100644 --- a/content/code-security/secret-scanning/push-protection-for-repositories-and-organizations.md +++ b/content/code-security/secret-scanning/push-protection-for-repositories-and-organizations.md @@ -98,6 +98,11 @@ You can use the organization settings page for "Code security and analysis" to e {% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.org_settings %} {% data reusables.organizations.security-and-analysis %} + +{% ifversion security-configurations %} + {% data reusables.security-configurations.changed-org-settings-security-configurations-callout %} For next steps on enabling push protection and other security features at scale with {% data variables.product.prodname_security_configurations %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)." +{% endif %} + {% data reusables.repositories.navigate-to-ghas-settings %} {% data reusables.advanced-security.secret-scanning-push-protection-org %} @@ -152,6 +157,11 @@ Before enabling push protection for a custom pattern at organization level, you {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} + +{% ifversion security-configurations %} + {% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For next steps on managing custom patterns for your organization with {% data variables.product.prodname_global_settings %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#defining-custom-patterns)." For information on enabling push protection for specific custom patterns, reference the following steps. +{% endif %} + {% data reusables.repositories.navigate-to-ghas-settings %} {% data reusables.advanced-security.secret-scanning-edit-custom-pattern %} 1. To enable push protection for your custom pattern, scroll down to "Push Protection", and click **Enable**. diff --git a/content/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization.md b/content/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization.md index 7c87bfc83f..ce2b202a06 100644 --- a/content/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization.md +++ b/content/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization.md @@ -34,6 +34,11 @@ For more information about configuring notification preferences, see "[AUTOTITLE {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} + +{% ifversion security-configurations %} + {% data reusables.security-configurations.changed-org-settings-security-configurations-callout %} For next steps on enabling private vulnerability reporting and other security features at scale with {% data variables.product.prodname_security_configurations %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)." +{% endif %} + 1. Under "Code security and analysis", to the right of "Private vulnerability reporting", click **Enable all** or **Disable all**, to enable or disable the feature for all the public repositories within the organization, respectively. ![Screenshot of the "Code security and analysis" page with the "Disable all" and the "Enable all" button emphasized for private vulnerability reporting.](/assets/images/help/security/private-vulnerability-reporting-enable-or-disable-org.png) @@ -42,6 +47,11 @@ For more information about configuring notification preferences, see "[AUTOTITLE {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} + +{% ifversion security-configurations %} + {% data reusables.security-configurations.changed-org-settings-security-configurations-callout %} For next steps on setting a default {% data variables.product.prodname_security_configuration %} for new public repositories that will automatically enable private vulnerability reporting, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)." +{% endif %} + 1. Under "Code security and analysis", to the right of the feature, click **Automatically enable for new public repositories**. ![Screenshot of the "Code security and analysis" page with the "Automatically enable for new public repositories" checkbox emphasized for private vulnerability reporting.](/assets/images/help/security/private-vulnerability-reporting-enable-or-disable-org-new-repos.png) diff --git a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md index a28c2b30ae..ccdb4f6cf3 100644 --- a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md +++ b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md @@ -41,6 +41,10 @@ shortTitle: Manage security & analysis {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} +{% ifversion security-configurations %} + >[!NOTE] If your organization is enrolled in the {% data variables.product.prodname_security_configurations %} and {% data variables.product.prodname_global_settings %} public beta, instead of "Code security and analysis", you will see a **Code security** dropdown menu. You can manage your repository-level security settings with {% data variables.product.prodname_security_configurations %}, and your organization-level security settings with {% data variables.product.prodname_global_settings %}. See "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)" and "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization)." +{% endif %} + The page that's displayed allows you to enable or disable all security and analysis features for the repositories in your organization. {% ifversion ghec %}If your organization belongs to an enterprise with a license for {% data variables.product.prodname_GH_advanced_security %}, the page will also contain options to enable and disable {% data variables.product.prodname_advanced_security %} features. Any repositories that use {% data variables.product.prodname_GH_advanced_security %} are listed at the bottom of the page.{% endif %} diff --git a/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization.md b/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization.md index 8710f54ca0..32fc5b61f2 100644 --- a/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization.md +++ b/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization.md @@ -37,6 +37,11 @@ You can assign the security manager role to a maximum of 10 teams in your organi {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} + +{% ifversion security-configurations %} + {% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For next steps on assigning the security manager role in your organization with {% data variables.product.prodname_global_settings %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#creating-security-managers-for-your-organization)." +{% endif %} + 1. In the "Security managers" section, in the search field, search for and select the team to give the role. Each team you select will appear in a list below the search bar. ## Removing the security manager role from a team in your organization @@ -46,4 +51,9 @@ You can assign the security manager role to a maximum of 10 teams in your organi {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} + +{% ifversion security-configurations %} + {% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For next steps on managing the security manager role in your organization with {% data variables.product.prodname_global_settings %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#creating-security-managers-for-your-organization)." For detail on removing security managers, reference the following steps. +{% endif %} + 1. Under **Security managers**, next to the team you want to remove as security managers, click {% octicon "x" aria-label="Remove TEAM" %}. diff --git a/data/reusables/security-configurations/changed-org-settings-global-settings-callout.md b/data/reusables/security-configurations/changed-org-settings-global-settings-callout.md new file mode 100644 index 0000000000..0694b907cc --- /dev/null +++ b/data/reusables/security-configurations/changed-org-settings-global-settings-callout.md @@ -0,0 +1 @@ +>[!NOTE] If your organization is enrolled in the {% data variables.product.prodname_security_configurations %} and {% data variables.product.prodname_global_settings %} public beta, instead of "Code security and analysis", you will see a "Code security" dropdown menu. Select {% octicon "codescan" aria-hidden="true" %} **Code security**, then click **{% data variables.product.prodname_global_settings_caps %}**. diff --git a/data/reusables/security-configurations/changed-org-settings-security-configurations-callout.md b/data/reusables/security-configurations/changed-org-settings-security-configurations-callout.md new file mode 100644 index 0000000000..bf701e3118 --- /dev/null +++ b/data/reusables/security-configurations/changed-org-settings-security-configurations-callout.md @@ -0,0 +1 @@ +>[!NOTE] If your organization is enrolled in the {% data variables.product.prodname_security_configurations %} and {% data variables.product.prodname_global_settings %} public beta, instead of "Code security and analysis", you will see a "Code security" dropdown menu. Select {% octicon "codescan" aria-hidden="true" %} **Code security**, then click **Configurations**.