Octomerger Bot
@@ -125,8 +125,8 @@ After removing the `autobuild` step, uncomment the `run` step and add build comm
|
||||
|
||||
``` yaml
|
||||
- run: |
|
||||
make bootstrap
|
||||
make release
|
||||
make bootstrap
|
||||
make release
|
||||
```
|
||||
|
||||
For more information about the `run` keyword, see "[Workflow syntax for {% data variables.product.prodname_actions %}](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsrun)."
|
||||
|
||||
21
data/release-notes/enterprise-server/3-2/20.yml
Normal file
21
data/release-notes/enterprise-server/3-2/20.yml
Normal file
@@ -0,0 +1,21 @@
|
||||
date: '2022-10-25'
|
||||
sections:
|
||||
security_fixes:
|
||||
- |
|
||||
**HIGH**: Updated dependencies for the Management Console to the latest patch versions, which addresses security vulnerabilities including [CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) and [CVE-2022-29181](https://github.com/advisories/GHSA-xh29-r2w5-wx8m).
|
||||
- |
|
||||
**MEDIUM**: Updated [CommonMarker](https://github.com/gjtorikian/commonmarker) to address a scenario where parallel requests to the Markdown REST API could result in unbounded resource exhaustion. This vulnerability has been assigned [CVE-2022-39209](https://nvd.nist.gov/vuln/detail/CVE-2022-39209).
|
||||
- |
|
||||
**LOW**: Due to a CSRF vulnerability, a `GET` request to the instance's `site/toggle_site_admin_and_employee_status` endpoint could toggle a user's site administrator status unknowingly.
|
||||
bugs:
|
||||
- |
|
||||
After a site administrator installed a hotpatch containing changes to web interface assets such as JavaScript files or images, the instance did not serve the new assets.
|
||||
known_issues:
|
||||
- On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
|
||||
- Custom firewall rules are removed during the upgrade process.
|
||||
- Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
|
||||
- Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
|
||||
- When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in {% data variables.product.prodname_dotcom_the_website %} search results.
|
||||
- The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
|
||||
- Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
|
||||
- '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}'
|
||||
36
data/release-notes/enterprise-server/3-3/15.yml
Normal file
36
data/release-notes/enterprise-server/3-3/15.yml
Normal file
@@ -0,0 +1,36 @@
|
||||
date: '2022-10-25'
|
||||
sections:
|
||||
security_fixes:
|
||||
- |
|
||||
**HIGH**: Updated dependencies for the Management Console to the latest patch versions, which addresses security vulnerabilities including [CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) and [CVE-2022-29181](https://github.com/advisories/GHSA-xh29-r2w5-wx8m).
|
||||
- |
|
||||
**MEDIUM**: Updated [CommonMarker](https://github.com/gjtorikian/commonmarker) to address a scenario where parallel requests to the Markdown REST API could result in unbounded resource exhaustion. This vulnerability has been assigned [CVE-2022-39209](https://nvd.nist.gov/vuln/detail/CVE-2022-39209).
|
||||
- |
|
||||
**MEDIUM**: Updated Redis to 5.0.14 to address [CVE-2021-32672](https://nvd.nist.gov/vuln/detail/CVE-2021-32672) and [CVE-2021-32762](https://nvd.nist.gov/vuln/detail/CVE-2021-32762).
|
||||
- |
|
||||
**LOW**: Due to a CSRF vulnerability, a `GET` request to the instance's `site/toggle_site_admin_and_employee_status` endpoint could toggle a user's site administrator status unknowingly.
|
||||
- Packages have been updated to the latest security versions.
|
||||
bugs:
|
||||
- |
|
||||
After a site administrator made a change that triggered a configuration run, such as disabling GitHub Actions, validation of services would sometimes fail with the message `WARNING: Validation encountered a problem`.
|
||||
- |
|
||||
After a site administrator installed a hotpatch containing changes to web interface assets such as JavaScript files or images, the instance did not serve the new assets.
|
||||
- |
|
||||
Deleted assets and assets scheduled to be purged within a repository, such as LFS files, took too long to to be cleaned up.
|
||||
- |
|
||||
If a user installed a GitHub App for the user account and then converted the account into an organization, the app was not granted organization permissions.
|
||||
changes:
|
||||
- |
|
||||
To ensure that site administrators can successfully complete an upgrade, the instance will now execute a preflight check to ensure that the virtual machine meets minimum hardware requirements. The check also verifies Elasticsearch's health. You can review the current requirements for CPU, memory, and storage for GitHub Enterprise Server in the "Minimum requirements" section within each article in "[Setting up a GitHub Enterprise Server instance](/admin/installation/setting-up-a-github-enterprise-server-instance)."
|
||||
known_issues:
|
||||
- After upgrading to {% data variables.product.prodname_ghe_server %} 3.3, {% data variables.product.prodname_actions %} may fail to start automatically. To resolve this issue, connect to the appliance via SSH and run the `ghe-actions-start` command.
|
||||
- On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
|
||||
- Custom firewall rules are removed during the upgrade process.
|
||||
- Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
|
||||
- Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
|
||||
- When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in {% data variables.product.prodname_dotcom_the_website %} search results.
|
||||
- The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
|
||||
- Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
|
||||
- '{% data variables.product.prodname_actions %} storage settings cannot be validated and saved in the {% data variables.enterprise.management_console %} when "Force Path Style" is selected, and must instead be configured with the `ghe-actions-precheck` command line utility.'
|
||||
- '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}'
|
||||
- '{% data reusables.release-notes.2022-09-hotpatch-issue %}'
|
||||
39
data/release-notes/enterprise-server/3-4/10.yml
Normal file
39
data/release-notes/enterprise-server/3-4/10.yml
Normal file
@@ -0,0 +1,39 @@
|
||||
date: '2022-10-25'
|
||||
sections:
|
||||
security_fixes:
|
||||
- |
|
||||
**HIGH**: Updated dependencies for the Management Console to the latest patch versions, which addresses security vulnerabilities including [CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) and [CVE-2022-29181](https://github.com/advisories/GHSA-xh29-r2w5-wx8m).
|
||||
- |
|
||||
**MEDIUM**: Updated [CommonMarker](https://github.com/gjtorikian/commonmarker) to address a scenario where parallel requests to the Markdown REST API could result in unbounded resource exhaustion. This vulnerability has been assigned [CVE-2022-39209](https://nvd.nist.gov/vuln/detail/CVE-2022-39209).
|
||||
- |
|
||||
**MEDIUM**: Updated Redis to 5.0.14 to address [CVE-2021-32672](https://nvd.nist.gov/vuln/detail/CVE-2021-32672) and [CVE-2021-32762](https://nvd.nist.gov/vuln/detail/CVE-2021-32762).
|
||||
- |
|
||||
**LOW**: Due to a CSRF vulnerability, a `GET` request to the instance's `site/toggle_site_admin_and_employee_status` endpoint could toggle a user's site administrator status unknowingly.
|
||||
- Packages have been updated to the latest security versions.
|
||||
bugs:
|
||||
- |
|
||||
After a site administrator made a change that triggered a configuration run, such as disabling GitHub Actions, validation of services would sometimes fail with the message `WARNING: Validation encountered a problem`.
|
||||
- |
|
||||
After a site administrator installed a hotpatch containing changes to web interface assets such as JavaScript files or images, the instance did not serve the new assets.
|
||||
- |
|
||||
When a user accessed a renamed repository using Git, the hostname in the Git output incorrectly indicated GitHub.com instead of the instance's hostname.
|
||||
- |
|
||||
Deleted assets and assets scheduled to be purged within a repository, such as LFS files, took too long to to be cleaned up.
|
||||
- |
|
||||
If a user installed a GitHub App for the user account and then converted the account into an organization, the app was not granted organization permissions.
|
||||
changes:
|
||||
- |
|
||||
To ensure that site administrators can successfully complete an upgrade, the instance will now execute a preflight check to ensure that the virtual machine meets minimum hardware requirements. The check also verifies Elasticsearch's health. You can review the current requirements for CPU, memory, and storage for GitHub Enterprise Server in the "Minimum requirements" section within each article in "[Setting up a GitHub Enterprise Server instance](/admin/installation/setting-up-a-github-enterprise-server-instance)."
|
||||
known_issues:
|
||||
- On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
|
||||
- Custom firewall rules are removed during the upgrade process.
|
||||
- Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
|
||||
- Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
|
||||
- When "Users can search GitHub.com" is enabled with {% data variables.product.prodname_github_connect %}, issues in private and internal repositories are not included in {% data variables.product.prodname_dotcom_the_website %} search results.
|
||||
- The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
|
||||
- Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
|
||||
- |
|
||||
After registering a self-hosted runner with the `--ephemeral` parameter on more than one level (for example, both enterprise and organization), the runner may get stuck in an idle state and require re-registration. [Updated: 2022-06-17]
|
||||
- After upgrading to {% data variables.product.prodname_ghe_server %} 3.4, releases may appear to be missing from repositories. This can occur when the required Elasticsearch index migrations have not successfully completed.
|
||||
- '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}'
|
||||
- '{% data reusables.release-notes.2022-09-hotpatch-issue %}'
|
||||
42
data/release-notes/enterprise-server/3-5/7.yml
Normal file
42
data/release-notes/enterprise-server/3-5/7.yml
Normal file
@@ -0,0 +1,42 @@
|
||||
date: '2022-10-25'
|
||||
sections:
|
||||
security_fixes:
|
||||
- |
|
||||
**HIGH**: Updated dependencies for the Management Console to the latest patch versions, which addresses security vulnerabilities including [CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) and [CVE-2022-29181](https://github.com/advisories/GHSA-xh29-r2w5-wx8m).
|
||||
- |
|
||||
**MEDIUM**: Updated [CommonMarker](https://github.com/gjtorikian/commonmarker) to address a scenario where parallel requests to the Markdown REST API could result in unbounded resource exhaustion. This vulnerability has been assigned [CVE-2022-39209](https://nvd.nist.gov/vuln/detail/CVE-2022-39209).
|
||||
- |
|
||||
**MEDIUM**: Updated Redis to 5.0.14 to address [CVE-2021-32672](https://nvd.nist.gov/vuln/detail/CVE-2021-32672) and [CVE-2021-32762](https://nvd.nist.gov/vuln/detail/CVE-2021-32762).
|
||||
- |
|
||||
**LOW**: Due to a CSRF vulnerability, a `GET` request to the instance's `site/toggle_site_admin_and_employee_status` endpoint could toggle a user's site administrator status unknowingly.
|
||||
- Packages have been updated to the latest security versions.
|
||||
bugs:
|
||||
- |
|
||||
After a site administrator made a change that triggered a configuration run, such as disabling GitHub Actions, validation of services would sometimes fail with the message `WARNING: Validation encountered a problem`.
|
||||
- |
|
||||
After a site administrator installed a hotpatch containing changes to web interface assets such as JavaScript files or images, the instance did not serve the new assets.
|
||||
- |
|
||||
When a user accessed a renamed repository using Git, the hostname in the Git output incorrectly indicated GitHub.com instead of the instance's hostname.
|
||||
- |
|
||||
On instances using LDAP authentication and LDAP sync, sync would fail and print `undefined method ord for nil:NilClass` in `ldap-sync.log`.
|
||||
- Addressed a bug in which the endpoint for [creating a tag protection state for a repository](https://docs.github.com/en/enterprise-server@3.5/rest/repos/tags#create-a-tag-protection-state-for-a-repository) was returning a 500 error.
|
||||
- |
|
||||
Deleted assets and assets scheduled to be purged within a repository, such as LFS files, took too long to to be cleaned up.
|
||||
- |
|
||||
If a user installed a GitHub App for the user account and then converted the account into an organization, the app was not granted organization permissions.
|
||||
- |
|
||||
Missing secret scanning alerts on instance with a GitHub Advanced Security license that was not upgraded directly to GitHub Enterprise Server 3.4 are now visible in the web interface and through the REST API.
|
||||
- In some cases, on an instance with a GitHub Advanced Security license, secret scanning alerts did not include a provider type, and instead indicated that the provider type was "unknown."
|
||||
changes:
|
||||
- |
|
||||
To ensure that site administrators can successfully complete an upgrade, the instance will now execute a preflight check to ensure that the virtual machine meets minimum hardware requirements. The check also verifies Elasticsearch's health. You can review the current requirements for CPU, memory, and storage for GitHub Enterprise Server in the "Minimum requirements" section within each article in "[Setting up a GitHub Enterprise Server instance](/admin/installation/setting-up-a-github-enterprise-server-instance)."
|
||||
known_issues:
|
||||
- On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
|
||||
- Custom firewall rules are removed during the upgrade process.
|
||||
- Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
|
||||
- Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
|
||||
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
|
||||
- The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
|
||||
- Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
|
||||
- Actions services need to be restarted after restoring an appliance from a backup taken on a different host.
|
||||
- '{% data reusables.release-notes.2022-09-hotpatch-issue %}'
|
||||
49
data/release-notes/enterprise-server/3-6/3.yml
Normal file
49
data/release-notes/enterprise-server/3-6/3.yml
Normal file
@@ -0,0 +1,49 @@
|
||||
date: '2022-10-25'
|
||||
sections:
|
||||
security_fixes:
|
||||
- |
|
||||
**HIGH**: Updated dependencies for the Management Console to the latest patch versions, which addresses security vulnerabilities including [CVE-2022-30123](https://github.com/advisories/GHSA-wq4h-7r42-5hrr) and [CVE-2022-29181](https://github.com/advisories/GHSA-xh29-r2w5-wx8m).
|
||||
- |
|
||||
**MEDIUM**: Updated [CommonMarker](https://github.com/gjtorikian/commonmarker) to address a scenario where parallel requests to the Markdown REST API could result in unbounded resource exhaustion. This vulnerability has been assigned [CVE-2022-39209](https://nvd.nist.gov/vuln/detail/CVE-2022-39209).
|
||||
- |
|
||||
**MEDIUM**: Updated Redis to 5.0.14 to address [CVE-2021-32672](https://nvd.nist.gov/vuln/detail/CVE-2021-32672) and [CVE-2021-32762](https://nvd.nist.gov/vuln/detail/CVE-2021-32762).
|
||||
- |
|
||||
**LOW**: Due to a CSRF vulnerability, a `GET` request to the instance's `site/toggle_site_admin_and_employee_status` endpoint could toggle a user's site administrator status unknowingly.
|
||||
- Packages have been updated to the latest security versions.
|
||||
bugs:
|
||||
- |
|
||||
After a site administrator made a change that triggered a configuration run, such as disabling GitHub Actions, validation of services would sometimes fail with the message `WARNING: Validation encountered a problem`.
|
||||
- |
|
||||
After a site administrator installed a hotpatch containing changes to web interface assets such as JavaScript files or images, the instance did not serve the new assets.
|
||||
- |
|
||||
When a user accessed a renamed repository using Git, the hostname in the Git output incorrectly indicated GitHub.com instead of the instance's hostname.
|
||||
- |
|
||||
On instances using LDAP authentication and LDAP sync, sync would fail and print `undefined method ord for nil:NilClass` in `ldap-sync.log`.
|
||||
- |
|
||||
When a user visited links to view history or suggest an improvement to the GitHub Advisory Database, the URLs were incorrect, resulting in a `404` error.
|
||||
- |
|
||||
Deleted assets and assets scheduled to be purged within a repository, such as LFS files, took too long to to be cleaned up.
|
||||
- |
|
||||
On instances configured for high availability, `ghe-repl-status` incorrectly reported that replication was behind for repositories that users had previously deleted.
|
||||
- |
|
||||
If a user installed a GitHub App for the user account and then converted the account into an organization, the app was not granted organization permissions.
|
||||
- |
|
||||
Missing secret scanning alerts on instance with a GitHub Advanced Security license that was not upgraded directly to GitHub Enterprise Server 3.4 are now visible in the web interface and through the REST API.
|
||||
- |
|
||||
In some cases, on an instance with a GitHub Advanced Security license, some tokens detected by secret scanning were reported as "unknown tokens."
|
||||
changes:
|
||||
- |
|
||||
To ensure that site administrators can successfully complete an upgrade, the instance will now execute a preflight check to ensure that the virtual machine meets minimum hardware requirements. The check also verifies Elasticsearch's health. You can review the current requirements for CPU, memory, and storage for GitHub Enterprise Server in the "Minimum requirements" section within each article in "[Setting up a GitHub Enterprise Server instance](/admin/installation/setting-up-a-github-enterprise-server-instance)."
|
||||
known_issues:
|
||||
- On a freshly set up {% data variables.product.prodname_ghe_server %} instance without any users, an attacker could create the first admin user.
|
||||
- Custom firewall rules are removed during the upgrade process.
|
||||
- Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
|
||||
- Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
|
||||
- When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
|
||||
- The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
|
||||
- Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
|
||||
- Actions services need to be restarted after restoring an instance from a backup taken on a different host.
|
||||
- In a repository's settings, enabling the option to allow users with read access to create discussions does not enable this functionality.
|
||||
- In some cases, users cannot convert existing issues to discussions.
|
||||
- Custom patterns for secret scanning have `.*` as an end delimiter, specifically in the "After secret" field. This delimiter causes inconsistencies in scans for secrets across repositories, and you may notice gaps in a repository's history where no scans completed. Incremental scans may also be impacted. To prevent issues with scans, modify the end of the pattern to remove the `.*` delimiter.
|
||||
- '{% data reusables.release-notes.2022-09-hotpatch-issue %}'
|
||||
@@ -90,6 +90,8 @@ Google | Google OAuth Refresh Token | google_oauth_refresh_token{% endif %}
|
||||
Grafana | Grafana API Key | grafana_api_key
|
||||
HashiCorp | Terraform Cloud / Enterprise API Token | terraform_api_token
|
||||
HashiCorp | HashiCorp Vault Batch Token | hashicorp_vault_batch_token
|
||||
{%- ifversion fpt or ghec or ghes > 3.8 or ghae > 3.8 %}
|
||||
HashiCorp | HashiCorp Vault Root Service Token | hashicorp_vault_root_service_token{% endif %}
|
||||
HashiCorp | HashiCorp Vault Service Token | hashicorp_vault_service_token
|
||||
Hubspot | Hubspot API Key | hubspot_api_key
|
||||
Intercom | Intercom Access Token | intercom_access_token
|
||||
|
||||
@@ -161,7 +161,7 @@ For example, to see notifications from the octo-org organization, use `org:octo-
|
||||
|
||||
## {% data variables.product.prodname_dependabot %} custom filters
|
||||
|
||||
{% ifversion fpt or ghec or ghes > 3.2 %}
|
||||
{% ifversion fpt or ghec or ghes %}
|
||||
If you use {% data variables.product.prodname_dependabot %} to keep your dependencies up-to-date, you can use and save these custom filters:
|
||||
- `is:repository_vulnerability_alert` to show notifications for {% data variables.product.prodname_dependabot_alerts %}.
|
||||
- `reason:security_alert` to show notifications for {% data variables.product.prodname_dependabot_alerts %} and security update pull requests.
|
||||
@@ -170,7 +170,7 @@ If you use {% data variables.product.prodname_dependabot %} to keep your depende
|
||||
For more information about {% data variables.product.prodname_dependabot %}, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."
|
||||
{% endif %}
|
||||
|
||||
{% ifversion ghes < 3.3 or ghae %}
|
||||
{% ifversion ghae %}
|
||||
|
||||
If you use {% data variables.product.prodname_dependabot %} to tell you about insecure dependencies, you can use and save these custom filters to show notifications for {% data variables.product.prodname_dependabot_alerts %}:
|
||||
- `is:repository_vulnerability_alert`
|
||||
|
||||
@@ -24,7 +24,7 @@ Organizations that use {% data variables.product.prodname_ghe_cloud %} can confi
|
||||
To confirm your organization's identity and display a "Verified" badge on your organization profile page, you can verify your organization's domains with {% data variables.product.prodname_dotcom %}. For more information, see "[Verifying or approving a domain for your organization](/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization)."
|
||||
{% endif %}
|
||||
|
||||
{% ifversion fpt or ghes > 3.2 or ghec %}
|
||||
{% ifversion fpt or ghes or ghec %}
|
||||
|
||||
{% else %}
|
||||
|
||||
|
||||
@@ -1,56 +1,62 @@
|
||||
---
|
||||
title: Setting your profile to private
|
||||
intro: 'A private profile displays only limited information, and hides some activity.'
|
||||
title: Establecer tu perfil en privado
|
||||
intro: Un perfil privado muestra solo información limitada y oculta parte de la actividad.
|
||||
versions:
|
||||
fpt: '*'
|
||||
topics:
|
||||
- Profiles
|
||||
shortTitle: Set profile to private
|
||||
ms.openlocfilehash: c00718c84d99de95a9ca1352f32954279906451d
|
||||
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 10/25/2022
|
||||
ms.locfileid: '148009678'
|
||||
---
|
||||
## About private profiles
|
||||
## Acerca de los perfiles privados
|
||||
|
||||
To hide parts of your profile page, you can make your profile private. This also hides your activity in various social features on {% data variables.product.prodname_dotcom_the_website %}. A private profile hides information from all users, and there is currently no option to allow specified users to see your activity.
|
||||
Para ocultar partes de la página de perfil, puedes hacer que tu perfil sea privado. Esto también oculta la actividad en varias características sociales en {% data variables.product.prodname_dotcom_the_website %}. Un perfil privado oculta la información a todos los usuarios; actualmente no hay ninguna opción para permitir que usuarios específicos vean tu actividad.
|
||||
|
||||
After making your profile private, you can still view all your information when you visit your own profile.
|
||||
Después de hacer que tu perfil sea privado, todavía puedes ver toda la información cuando visites tu propio perfil.
|
||||
|
||||
Private profiles cannot receive sponsorships under [{% data variables.product.prodname_sponsors %}](/sponsors/getting-started-with-github-sponsors/about-github-sponsors). To be eligible for {% data variables.product.prodname_sponsors %}, your profile cannot be private.
|
||||
Los perfiles privados no pueden recibir patrocinios con [{% data variables.product.prodname_sponsors %}](/sponsors/getting-started-with-github-sponsors/about-github-sponsors). Para poder optar a {% data variables.product.prodname_sponsors %}, el perfil no puede ser privado.
|
||||
|
||||
## Differences between private and public profiles
|
||||
## Diferencias entre perfiles privados y públicos
|
||||
|
||||
When your profile is private, the following content is hidden from your profile page:
|
||||
Cuando el perfil es privado, se oculta el siguiente contenido de la página del perfil:
|
||||
|
||||
- Achievements and highlights.
|
||||
- Activity overview and activity feed.
|
||||
- Contribution graph.
|
||||
- Follower and following counts.
|
||||
- Follow and Sponsor buttons.
|
||||
- Organization memberships.
|
||||
- Stars, projects, packages, and sponsoring tabs.
|
||||
- Logros y aspectos destacados.
|
||||
- Información general de la actividad y fuente de actividades.
|
||||
- Gráfico de contribución.
|
||||
- Recuento de seguidores y de perfiles que sigues.
|
||||
- Botones Seguir y Patrocinar.
|
||||
- Pertenencias a organizaciones.
|
||||
- Estrellas, proyectos, paquetes y pestañas de patrocinador.
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note**: When your profile is private, some optional fields are still publicly visible, such as the README, biography, and profile photo.
|
||||
**Nota**: cuando el perfil es privado, algunos campos opcionales siguen siendo visibles públicamente, como el LÉAME, la biografía y la foto de perfil.
|
||||
|
||||
{% endnote %}
|
||||
|
||||
## Changes to reporting on your activities
|
||||
## Cambios en la generación de informes sobre sus actividades
|
||||
|
||||
By making your profile private, you will not remove or hide past activity; this setting only applies to your activity while the private setting is enabled.
|
||||
Al hacer que tu perfil sea privado, no eliminarás u ocultarás la actividad pasada; esta opción solo se aplica a la actividad mientras la configuración privada está habilitada.
|
||||
|
||||
When your profile is private, your {% data variables.product.prodname_dotcom_the_website %} activity will not appear in the following locations:
|
||||
Cuando el perfil es privado, la actividad {% data variables.product.prodname_dotcom_the_website %} no aparecerá en las siguientes ubicaciones:
|
||||
|
||||
- Activity feeds for other users.
|
||||
- Discussions leaderboards.
|
||||
- The [Trending](https://github.com/trending) page.
|
||||
- Fuentes de actividades para otros usuarios.
|
||||
- Tablas de clasificación de discusiones.
|
||||
- Página [Tendencias](https://github.com/trending).
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note**: Your activity on public repositories will still be publicly visible to anyone viewing those repositories, and some activity data may still be available through the {% data variables.product.prodname_dotcom %} API.
|
||||
**Nota**: la actividad en repositorios públicos seguirá siendo visible públicamente para cualquier persona que vea esos repositorios, y es posible que algunos datos de actividad sigan estando disponibles a través de la API {% data variables.product.prodname_dotcom %}.
|
||||
|
||||
{% endnote %}
|
||||
|
||||
## Changing your profile's privacy settings
|
||||
## Cambio de la configuración de privacidad del perfil
|
||||
|
||||
{% data reusables.user-settings.access_settings %}
|
||||
1. Under "Contributions & Activity", select the checkbox next to **Make profile private and hide activity**.
|
||||
1. En «Contribuciones y actividad», activa la casilla situada junto a **Hacer que el perfil sea privado y ocultar actividad**.
|
||||
{% data reusables.user-settings.update-preferences %}
|
||||
|
||||
@@ -69,11 +69,15 @@ The email address in the `From:` field is the address that was set in the [local
|
||||
|
||||
If the email address used for the commit is not connected to your account on {% data variables.location.product_location %}, {% ifversion ghae %}change the email address used to author commits in Git. For more information, see "[Setting your commit email address](/github/setting-up-and-managing-your-github-user-account/setting-your-commit-email-address#setting-your-commit-email-address-in-git)."{% else %}you must [add the email address](/articles/adding-an-email-address-to-your-github-account) to your account on {% data variables.location.product_location %}. Your contributions graph will be rebuilt automatically when you add the new address.{% endif %}
|
||||
|
||||
{% warning %}
|
||||
{% ifversion fpt or ghec %}
|
||||
{% note %}
|
||||
|
||||
**Warning**: Generic email addresses, such as `jane@computer.local`, cannot be added to {% data variables.product.prodname_dotcom %} accounts. If you use such an email for your commits, the commits will not be linked to your {% data variables.product.prodname_dotcom %} profile and will not show up in your contribution graph.
|
||||
**Note**: If you use a {% data variables.enterprise.prodname_managed_user %}, you cannot add additional email addresses to the account, even if multiple email addresses are registered with your identity provider (IdP). Therefore, only commits that are authored by the primary email address registered with your IdP can be associated with your {% data variables.enterprise.prodname_managed_user %}.
|
||||
|
||||
{% endwarning %}
|
||||
{% endnote %}
|
||||
{% endif %}
|
||||
|
||||
Generic email addresses, such as `jane@computer.local`, cannot be added to {% data variables.product.prodname_dotcom %} accounts and linked to commits. If you've authored any commits using a generic email address, the commits will not be linked to your {% data variables.product.prodname_dotcom %} profile and will not show up in your contribution graph.
|
||||
|
||||
### Commit was not made in the default or `gh-pages` branch
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Setting up and managing your personal account on GitHub
|
||||
intro: You can manage settings for your personal account on {% ifversion fpt or ghec or ghes %}{% data variables.location.product_location %}{% elsif ghae %}{% data variables.product.product_name %}{% endif %}, including email preferences, access to personal repositories, and organization memberships. You can also manage the account itself.
|
||||
intro: 'You can manage settings for your personal account on {% ifversion fpt or ghec or ghes %}{% data variables.location.product_location %}{% elsif ghae %}{% data variables.product.product_name %}{% endif %}, including email preferences, access to personal repositories, and organization memberships. You can also manage the account itself.'
|
||||
shortTitle: Personal accounts
|
||||
redirect_from:
|
||||
- /categories/setting-up-and-managing-your-github-user-account
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Managing accessibility settings
|
||||
shortTitle: Manage accessibility settings
|
||||
intro: "{% data variables.product.product_name %}'s user interface can adapt to your vision, hearing, motor, cognitive, or learning needs."
|
||||
intro: '{% data variables.product.product_name %}''s user interface can adapt to your vision, hearing, motor, cognitive, or learning needs.'
|
||||
versions:
|
||||
feature: keyboard-shortcut-accessibility-setting
|
||||
redirect_from:
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
---
|
||||
title: Administración de la configuración de seguridad y análisis para la cuenta personal
|
||||
intro: 'Puedes controlar las características que dan seguridad y analizan tu código en tus proyectos dentro de {% data variables.product.prodname_dotcom %}.'
|
||||
title: Managing security and analysis settings for your personal account
|
||||
intro: 'You can control features that secure and analyze the code in your projects on {% data variables.product.prodname_dotcom %}.'
|
||||
versions:
|
||||
fpt: '*'
|
||||
ghec: '*'
|
||||
ghes: '>3.2'
|
||||
ghes: '*'
|
||||
topics:
|
||||
- Accounts
|
||||
redirect_from:
|
||||
@@ -12,47 +12,43 @@ redirect_from:
|
||||
- /github/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account
|
||||
- /account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account
|
||||
shortTitle: Manage security & analysis
|
||||
ms.openlocfilehash: 61d1944219fd1b75f476c7aef8305018c85735c5
|
||||
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/05/2022
|
||||
ms.locfileid: '145165352'
|
||||
---
|
||||
## Acerca de la administración de los parámetros de seguridad y análisis
|
||||
## About management of security and analysis settings
|
||||
|
||||
{% data variables.product.prodname_dotcom %} puede ayudarte a asegurar tus repositorios. Este tema te muestra cómo puedes administrar las características de seguridad y análisis para todos tus repositorios existentes o nuevos.
|
||||
{% data variables.product.prodname_dotcom %} can help secure your repositories. This topic tells you how you can manage the security and analysis features for all your existing or new repositories.
|
||||
|
||||
Aún puedes administrar las características de seguridad y análisis para los repositorios individuales. Para más información, vea "[Administración de la configuración de seguridad y análisis para el repositorio](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)".
|
||||
You can still manage the security and analysis features for individual repositories. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)."
|
||||
|
||||
También puedes revisar el registro de seguridad para toda la actividad de tu cuenta personal. Para más información, vea "[Revisión del registro de seguridad](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log)".
|
||||
You can also review the security log for all activity on your personal account. For more information, see "[Reviewing your security log](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log)."
|
||||
|
||||
{% data reusables.security.some-security-and-analysis-features-are-enabled-by-default %}
|
||||
|
||||
{% data reusables.security.security-and-analysis-features-enable-read-only %}
|
||||
|
||||
Para obtener información general sobre la seguridad de nivel de repositorio, vea "[Protección del repositorio](/code-security/getting-started/securing-your-repository)".
|
||||
For an overview of repository-level security, see "[Securing your repository](/code-security/getting-started/securing-your-repository)."
|
||||
|
||||
## Habilitar o inhabilitar las características para los repositorios existentes
|
||||
## Enabling or disabling features for existing repositories
|
||||
|
||||
{% data reusables.user-settings.access_settings %} {% data reusables.user-settings.security-analysis %}
|
||||
3. En "Seguridad y análisis de código", a la derecha de la característica, haga clic en **Deshabilitar todo** o **Habilitar todo**.
|
||||
{% ifversion ghes > 3.2 %}{% else %}{% endif %}
|
||||
6. Opcionalmente, habilita la característica predeterminada para los repositorios nuevos que te pertenezcan.
|
||||
{% ifversion ghes > 3.2 %}{% else %}{% endif %}
|
||||
7. Haga clic en **Disable FEATURE** o **Enable FEATURE** a fin de deshabilitar o habilitar la característica para todos los repositorios que posea.
|
||||
{% ifversion ghes > 3.2 %}{% else %}{% endif %}
|
||||
{% data reusables.user-settings.access_settings %}
|
||||
{% data reusables.user-settings.security-analysis %}
|
||||
3. Under "Code security and analysis", to the right of the feature, click **Disable all** or **Enable all**.
|
||||
{% ifversion ghes %}{% else %}{% endif %}
|
||||
6. Optionally, enable the feature by default for new repositories that you own.
|
||||
{% ifversion ghes %}{% else %}{% endif %}
|
||||
7. Click **Disable FEATURE** or **Enable FEATURE** to disable or enable the feature for all the repositories you own.
|
||||
{% ifversion ghes %}{% else %}{% endif %}
|
||||
|
||||
{% data reusables.security.displayed-information %}
|
||||
|
||||
## Habilitar o inhabilitar las características para los repositorios nuevos
|
||||
## Enabling or disabling features for new repositories
|
||||
|
||||
{% data reusables.user-settings.access_settings %} {% data reusables.user-settings.security-analysis %}
|
||||
3. Debajo de "Análisis y seguridad del código", a la derecha de la característica, habilítala o inhabilítala predeterminadamente para los repositorios nuevos que te pertenezcan.
|
||||
{% ifversion ghes > 3.2 %}{% else %}{% endif %}
|
||||
{% data reusables.user-settings.access_settings %}
|
||||
{% data reusables.user-settings.security-analysis %}
|
||||
3. Under "Code security and analysis", to the right of the feature, enable or disable the feature by default for new repositories that you own.
|
||||
{% ifversion ghes %}{% else %}{% endif %}
|
||||
|
||||
## Información adicional
|
||||
## Further reading
|
||||
|
||||
- "[Acerca del gráfico de dependencias](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)"
|
||||
- "[Acerca de {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)"
|
||||
- "[Mantenimiento de las dependencias actualizadas automáticamente](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically)"
|
||||
- "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)"
|
||||
- "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)"
|
||||
- "[Keeping your dependencies updated automatically](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically)"
|
||||
|
||||
@@ -9,12 +9,12 @@ versions:
|
||||
topics:
|
||||
- Accounts
|
||||
shortTitle: Manage cookie preferences
|
||||
ms.openlocfilehash: f2fdbcf8bd552902e7db491aa1b3c6622c5673ab
|
||||
ms.sourcegitcommit: 478f2931167988096ae6478a257f492ecaa11794
|
||||
ms.openlocfilehash: 44f0324a91f8447a10947d5f5c7be111241ad091
|
||||
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/09/2022
|
||||
ms.locfileid: '147760930'
|
||||
ms.lasthandoff: 10/25/2022
|
||||
ms.locfileid: '148109817'
|
||||
---
|
||||
## Acerca de las preferencias de cookies en las páginas de marketing empresarial
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Administrar la configuración de tu tema
|
||||
intro: 'Puedes administrar la forma en que {% data variables.product.product_name %} te ve si configuras las preferencias de tema que ya sea siguen la configuración de tu sistema o siempre utilzian un modo claro u oscuro.'
|
||||
title: Managing your theme settings
|
||||
intro: 'You can manage how {% data variables.product.product_name %} looks to you by setting a theme preference that either follows your system settings or always uses a light or dark mode.'
|
||||
versions:
|
||||
fpt: '*'
|
||||
ghae: '*'
|
||||
@@ -13,52 +13,51 @@ redirect_from:
|
||||
- /github/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-your-theme-settings
|
||||
- /account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-your-theme-settings
|
||||
shortTitle: Manage theme settings
|
||||
ms.openlocfilehash: 6251b265d99271f58a4ad02d2f6cb7fdf722cb6b
|
||||
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/05/2022
|
||||
ms.locfileid: '147580451'
|
||||
---
|
||||
Para obtener elecciones y flexibilidad en la forma y momento de utilizar {% data variables.product.product_name %}, puedes configurar los ajustes de tema para cambiar la forma en la que ves a {% data variables.product.product_name %}. Puedes elegir de entre los temas claros u oscuros o puedes configurar a {% data variables.product.product_name %} para que siga la configuración de tu sistema.
|
||||
|
||||
Puede que quieras utilizar un tema oscuro para reducir el consumo de energía en algunos dispositivos, para reducir la fatiga ocular en condiciones de luz baja o porque te gusta más cómo se ve.
|
||||
For choice and flexibility in how and when you use {% data variables.product.product_name %}, you can configure theme settings to change how {% data variables.product.product_name %} looks to you. You can choose from themes that are light or dark, or you can configure {% data variables.product.product_name %} to follow your system settings.
|
||||
|
||||
{% ifversion fpt or ghes > 3.2 or ghae or ghec %}Si tu visión es limitada, puedes beneficiarse de un tema de contraste alto, con mayor contraste entre los elementos en primer y segundo plano.{% endif %}{% ifversion fpt or ghae or ghec %} Si padeces daltonismo, puedes beneficiarse de nuestros temas claro y oscuro para daltónicos.
|
||||
You may want to use a dark theme to reduce power consumption on certain devices, to reduce eye strain in low-light conditions, or because you prefer how the theme looks.
|
||||
|
||||
If you have low vision, you may benefit from a high contrast theme, with greater contrast between foreground and background elements.{% ifversion fpt or ghae or ghec %} If you have colorblindness, you may benefit from our light and dark colorblind themes.
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% data reusables.user-settings.access_settings %} {% data reusables.user-settings.appearance-settings %}
|
||||
{% data reusables.user-settings.access_settings %}
|
||||
{% data reusables.user-settings.appearance-settings %}
|
||||
|
||||
1. Debajo de "Modo del tema", selecciona el menú desplegable y haz clic en una preferencia de tema.
|
||||
1. Under "Theme mode", select the drop-down menu, then click a theme preference.
|
||||
|
||||
|
||||
1. Haz clic en el tema que quieres usar.
|
||||
- Si eliges un tema simple, haz clic en un tema.
|
||||
|
||||
1. Click the theme you'd like to use.
|
||||
- If you chose a single theme, click a theme.
|
||||
|
||||
{%- ifversion ghes = 3.5 %} {% note %}
|
||||
{%- ifversion ghes = 3.5 %}
|
||||
{% note %}
|
||||
|
||||
**Nota**: El tema de contraste de luz alto no estaba disponible en {% data variables.product.product_name %} 3.5.0, 3.5.1, 3.5.2 y 3.5.3. El tema está disponible a partir de la versión 3.5.4. Para obtener más información sobre las actualizaciones, ponte en contacto con el administrador del sitio.
|
||||
**Note**: The light high contrast theme was unavailable in {% data variables.product.product_name %} 3.5.0, 3.5.1, 3.5.2, and 3.5.3. The theme is available in 3.5.4 and later. For more information about upgrades, contact your site administrator.
|
||||
|
||||
Para obtener más información sobre cómo determinar la versión de {% data variables.product.product_name %} que usas, consulta "[Acerca de las versiones de {% data variables.product.prodname_docs %}](/get-started/learning-about-github/about-versions-of-github-docs#github-enterprise-server)".
|
||||
{% endnote %} {%- endif %}
|
||||
For more information about determining the version of {% data variables.product.product_name %} you're using, see "[About versions of {% data variables.product.prodname_docs %}](/get-started/learning-about-github/about-versions-of-github-docs#github-enterprise-server)."
|
||||
{% endnote %}
|
||||
{%- endif %}
|
||||
|
||||
{% ifversion fpt or ghes > 3.2 or ghae or ghec %}{% else %}{% endif %}
|
||||
- Si eliges seguir tu configuración de sistema, haz clic en un tema de día y de noche.
|
||||
|
||||
- If you chose to follow your system settings, click a day theme and a night theme.
|
||||
|
||||
{% ifversion fpt or ghes > 3.2 or ghae or ghec %}{% else %}{% endif %} {% ifversion fpt or ghec %}
|
||||
- Si te gustaría elegir un tema que se encuentre actualmente en beta público, primero necesitas habilitarlo con la vista previa de características. Para obtener más información, vea "[Explorar versiones de acceso anticipado con la vista previa de la característica](/get-started/using-github/exploring-early-access-releases-with-feature-preview)".{% endif %}
|
||||
|
||||
{% ifversion fpt or ghec %}
|
||||
- If you would like to choose a theme which is currently in public beta, you will first need to enable it with feature preview. For more information, see "[Exploring early access releases with feature preview](/get-started/using-github/exploring-early-access-releases-with-feature-preview)."{% endif %}
|
||||
|
||||
{% ifversion command-palette %}
|
||||
|
||||
{% note %}
|
||||
|
||||
**Nota**: También puede cambiar la configuración del tema con la paleta de comandos. Para obtener más información, vea "[{% data variables.product.prodname_command_palette %}](/get-started/using-github/github-command-palette)".
|
||||
**Note:** You can also change your theme settings with the command palette. For more information, see "[{% data variables.product.prodname_command_palette %}](/get-started/using-github/github-command-palette)".
|
||||
|
||||
{% endnote %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
## Información adicional
|
||||
## Further reading
|
||||
|
||||
- "[Configuración de un tema para {% data variables.product.prodname_desktop %}](/desktop/installing-and-configuring-github-desktop/setting-a-theme-for-github-desktop)"
|
||||
- "[Setting a theme for {% data variables.product.prodname_desktop %}](/desktop/installing-and-configuring-github-desktop/setting-a-theme-for-github-desktop)"
|
||||
|
||||
@@ -231,19 +231,11 @@ For example, this `cleanup.js` will only run on Linux-based runners:
|
||||
|
||||
### `runs.steps`
|
||||
|
||||
{% ifversion fpt or ghes > 3.2 or ghae or ghec %}
|
||||
**Required** The steps that you plan to run in this action. These can be either `run` steps or `uses` steps.
|
||||
{% else %}
|
||||
**Required** The steps that you plan to run in this action.
|
||||
{% endif %}
|
||||
|
||||
#### `runs.steps[*].run`
|
||||
|
||||
{% ifversion fpt or ghes > 3.2 or ghae or ghec %}
|
||||
**Optional** The command you want to run. This can be inline or a script in your action repository:
|
||||
{% else %}
|
||||
**Required** The command you want to run. This can be inline or a script in your action repository:
|
||||
{% endif %}
|
||||
|
||||
{% raw %}
|
||||
```yaml
|
||||
@@ -269,11 +261,7 @@ For more information, see "[`github context`](/actions/reference/context-and-exp
|
||||
|
||||
#### `runs.steps[*].shell`
|
||||
|
||||
{% ifversion fpt or ghes > 3.2 or ghae or ghec %}
|
||||
**Optional** The shell where you want to run the command. You can use any of the shells listed [here](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsshell). Required if `run` is set.
|
||||
{% else %}
|
||||
**Required** The shell where you want to run the command. You can use any of the shells listed [here](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsshell). Required if `run` is set.
|
||||
{% endif %}
|
||||
|
||||
{% ifversion fpt or ghes > 3.3 or ghae > 3.3 or ghec %}
|
||||
#### `runs.steps[*].if`
|
||||
@@ -322,7 +310,6 @@ steps:
|
||||
|
||||
**Optional** Specifies the working directory where the command is run.
|
||||
|
||||
{% ifversion fpt or ghes > 3.2 or ghae or ghec %}
|
||||
#### `runs.steps[*].uses`
|
||||
|
||||
**Optional** Selects an action to run as part of a step in your job. An action is a reusable unit of code. You can use an action defined in the same repository as the workflow, a public repository, or in a [published Docker container image](https://hub.docker.com/).
|
||||
@@ -371,7 +358,6 @@ runs:
|
||||
middle_name: The
|
||||
last_name: Octocat
|
||||
```
|
||||
{% endif %}
|
||||
|
||||
{% ifversion ghes > 3.5 or ghae > 3.5 %}
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Configurar OpenID Connect en HashiCorp Vault
|
||||
shortTitle: Configuring OpenID Connect in HashiCorp Vault
|
||||
shortTitle: OpenID Connect in HashiCorp Vault
|
||||
intro: Utiliza OpenID Connect dentro de tus flujos de trabajo para autenticarte con HashiCorp Vault.
|
||||
miniTocMaxHeadingLevel: 3
|
||||
versions:
|
||||
@@ -10,12 +10,12 @@ versions:
|
||||
type: tutorial
|
||||
topics:
|
||||
- Security
|
||||
ms.openlocfilehash: 7a6ec65ff244a84b47475238b907500b8046135b
|
||||
ms.sourcegitcommit: 478f2931167988096ae6478a257f492ecaa11794
|
||||
ms.openlocfilehash: 174243818443709ee6ffe3b22aa668cff254266f
|
||||
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/09/2022
|
||||
ms.locfileid: '147682278'
|
||||
ms.lasthandoff: 10/25/2022
|
||||
ms.locfileid: '148106633'
|
||||
---
|
||||
{% data reusables.actions.enterprise-beta %} {% data reusables.actions.enterprise-github-hosted-runners %}
|
||||
|
||||
|
||||
@@ -69,13 +69,10 @@ You can use any machine as a self-hosted runner as long at it meets these requir
|
||||
* The machine has enough hardware resources for the type of workflows you plan to run. The self-hosted runner application itself only requires minimal resources.
|
||||
* If you want to run workflows that use Docker container actions or service containers, you must use a Linux machine and Docker must be installed.
|
||||
|
||||
{% ifversion fpt or ghes > 3.2 or ghec or ghae %}
|
||||
## Autoscaling your self-hosted runners
|
||||
|
||||
You can automatically increase or decrease the number of self-hosted runners in your environment in response to the webhook events you receive. For more information, see "[Autoscaling with self-hosted runners](/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners)."
|
||||
|
||||
{% endif %}
|
||||
|
||||
## Usage limits
|
||||
|
||||
There are some limits on {% data variables.product.prodname_actions %} usage when using self-hosted runners. These limits are subject to change.
|
||||
@@ -249,7 +246,6 @@ codeload.github.com
|
||||
|
||||
{% endnote %}
|
||||
|
||||
|
||||
{% endif %}
|
||||
|
||||
## Self-hosted runner security
|
||||
|
||||
@@ -32,7 +32,7 @@ For more information, see "[About self-hosted runners](/github/automating-your-w
|
||||
{% endwarning %}
|
||||
{% endif %}
|
||||
|
||||
{% ifversion fpt or ghec or ghes > 3.2 %}
|
||||
{% ifversion fpt or ghec or ghes %}
|
||||
|
||||
You can set up automation to scale the number of self-hosted runners. For more information, see "[Autoscaling with self-hosted runners](/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners)."
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@ intro: You can automatically scale your self-hosted runners in response to webho
|
||||
versions:
|
||||
fpt: '*'
|
||||
ghec: '*'
|
||||
ghes: '>3.2'
|
||||
ghes: '*'
|
||||
ghae: '*'
|
||||
type: overview
|
||||
---
|
||||
|
||||
@@ -608,7 +608,7 @@ jobs:
|
||||
|
||||
## `secrets` context
|
||||
|
||||
The `secrets` context contains the names and values of secrets that are available to a workflow run. The `secrets` context is not available for composite actions. For more information about secrets, see "[Encrypted secrets](/actions/security-guides/encrypted-secrets)."
|
||||
The `secrets` context contains the names and values of secrets that are available to a workflow run. The `secrets` context is not available for composite actions due to security reasons. If you want to pass a secret to a composite action, you need to do it explicitly as an input. For more information about secrets, see "[Encrypted secrets](/actions/security-guides/encrypted-secrets)."
|
||||
|
||||
`GITHUB_TOKEN` is a secret that is automatically created for every workflow run, and is always included in the `secrets` context. For more information, see "[Automatic token authentication](/actions/security-guides/automatic-token-authentication)."
|
||||
|
||||
|
||||
@@ -87,9 +87,7 @@ The following table shows the permissions granted to the `GITHUB_TOKEN` by defau
|
||||
| issues | read/write | none | read |
|
||||
| metadata | read | read | read |
|
||||
| packages | read/write | none | read |
|
||||
{%- ifversion fpt or ghec or ghes > 3.2 or ghae %}
|
||||
| pages | read/write | none | read |
|
||||
{%- endif %}
|
||||
| pull-requests | read/write | none | read |
|
||||
| repository-projects | read/write | none | read |
|
||||
| security-events | read/write | none | read |
|
||||
|
||||
@@ -7,6 +7,8 @@ redirect_from:
|
||||
- /actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets
|
||||
- /actions/configuring-and-managing-workflows/using-variables-and-secrets-in-a-workflow
|
||||
- /actions/reference/encrypted-secrets
|
||||
- /actions/managing-workflows/storing-secrets
|
||||
|
||||
miniTocMaxHeadingLevel: 3
|
||||
versions:
|
||||
fpt: '*'
|
||||
|
||||
@@ -1,50 +1,49 @@
|
||||
---
|
||||
title: Control del acceso a los ejecutores más grandes
|
||||
intro: 'Puedes utilizar políticas para limitar el acceso a los {% data variables.actions.hosted_runner %} que se hayan agregado a una organización o empresa.'
|
||||
title: Controlling access to larger runners
|
||||
shortTitle: 'Control access to {% data variables.actions.hosted_runner %}s'
|
||||
intro: 'You can use policies to limit access to {% data variables.actions.hosted_runner %}s that have been added to an organization or enterprise.'
|
||||
product: '{% data reusables.gated-features.hosted-runners %}'
|
||||
versions:
|
||||
feature: actions-hosted-runners
|
||||
type: tutorial
|
||||
shortTitle: 'Controlling access to {% data variables.actions.hosted_runner %}s'
|
||||
ms.openlocfilehash: 6761f05ef04d18ebba7b9ef8a2894d7effd2622b
|
||||
ms.sourcegitcommit: 478f2931167988096ae6478a257f492ecaa11794
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/09/2022
|
||||
ms.locfileid: '147764173'
|
||||
---
|
||||
{% data reusables.actions.enterprise-beta %} {% data reusables.actions.enterprise-github-hosted-runners %}
|
||||
|
||||
## Acerca de grupos de ejecutores
|
||||
{% data reusables.actions.enterprise-beta %}
|
||||
{% data reusables.actions.enterprise-github-hosted-runners %}
|
||||
|
||||
{% data reusables.actions.about-runner-groups %} {% ifversion fpt %}Para obtener más información, consulta la [{% data variables.product.prodname_ghe_cloud %} ](/enterprise-cloud@latest/actions/using-github-hosted-runners/controlling-access-to-larger-runners).{% endif %}
|
||||
## About runner groups
|
||||
|
||||
{% data reusables.actions.about-runner-groups %} {% ifversion fpt %}For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/actions/using-github-hosted-runners/controlling-access-to-larger-runners).{% endif %}
|
||||
|
||||
{% ifversion ghec or ghes or ghae %}
|
||||
|
||||
## Creación de un grupo de ejecutores para una organización
|
||||
## Creating a runner group for an organization
|
||||
|
||||
{% data reusables.actions.hosted-runner-security-admonition %} {% data reusables.actions.creating-a-runner-group-for-an-organization %}
|
||||
{% data reusables.actions.hosted-runner-security-admonition %}
|
||||
{% data reusables.actions.creating-a-runner-group-for-an-organization %}
|
||||
|
||||
## Crear un grupo de ejecutores para una organización
|
||||
## Creating a runner group for an enterprise
|
||||
|
||||
{% data reusables.actions.hosted-runner-security-admonition %} {% data reusables.actions.creating-a-runner-group-for-an-enterprise %}
|
||||
{% data reusables.actions.hosted-runner-security-admonition %}
|
||||
{% data reusables.actions.creating-a-runner-group-for-an-enterprise %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
## Cambiar la política de acceso de un grupo de ejecutores
|
||||
## Changing the access policy of a runner group
|
||||
|
||||
{% data reusables.actions.hosted-runner-security-admonition %} {% data reusables.actions.changing-the-access-policy-of-a-runner-group %}
|
||||
{% data reusables.actions.hosted-runner-security-admonition %}
|
||||
{% data reusables.actions.changing-the-access-policy-of-a-runner-group %}
|
||||
|
||||
## Cambiar el nombre de un grupo de ejectuores
|
||||
## Changing the name of a runner group
|
||||
|
||||
{% data reusables.actions.changing-the-name-of-a-runner-group %}
|
||||
|
||||
{% ifversion ghec or ghes or ghae %}
|
||||
## Cambiar un ejecutor a un grupo
|
||||
## Moving a runner to a group
|
||||
|
||||
{% data reusables.actions.moving-a-runner-to-a-group %}
|
||||
|
||||
## Eliminar un grupo de ejecutores
|
||||
## Removing a runner group
|
||||
|
||||
{% data reusables.actions.removing-a-runner-group %}
|
||||
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
---
|
||||
title: Using larger runners
|
||||
shortTitle: 'Larger runners'
|
||||
shortTitle: Larger runners
|
||||
intro: '{% data variables.product.prodname_dotcom %} offers larger runners with more RAM and CPU.'
|
||||
miniTocMaxHeadingLevel: 3
|
||||
product: '{% data reusables.gated-features.hosted-runners %}'
|
||||
versions:
|
||||
feature: 'actions-hosted-runners'
|
||||
feature: actions-hosted-runners
|
||||
---
|
||||
|
||||
## Overview of {% data variables.actions.hosted_runner %}s
|
||||
|
||||
@@ -139,8 +139,8 @@ The following table shows which toolkit functions are available within a workflo
|
||||
| Toolkit function | Equivalent workflow command |
|
||||
| ----------------- | ------------- |
|
||||
| `core.addPath` | Accessible using environment file `GITHUB_PATH` |
|
||||
| `core.debug` | `debug` |{% ifversion fpt or ghes > 3.2 or ghae or ghec %}
|
||||
| `core.notice` | `notice` |{% endif %}
|
||||
| `core.debug` | `debug` |
|
||||
| `core.notice` | `notice` |
|
||||
| `core.error` | `error` |
|
||||
| `core.endGroup` | `endgroup` |
|
||||
| `core.exportVariable` | Accessible using environment file `GITHUB_ENV` |
|
||||
@@ -216,8 +216,6 @@ Write-Output "::debug::Set the Octocat variable"
|
||||
|
||||
{% endpowershell %}
|
||||
|
||||
{% ifversion fpt or ghes > 3.2 or ghae or ghec %}
|
||||
|
||||
## Setting a notice message
|
||||
|
||||
Creates a notice message and prints the message to the log. {% data reusables.actions.message-annotation-explanation %}
|
||||
@@ -245,7 +243,6 @@ Write-Output "::notice file=app.js,line=1,col=5,endColumn=7::Missing semicolon"
|
||||
```
|
||||
|
||||
{% endpowershell %}
|
||||
{% endif %}
|
||||
|
||||
## Setting a warning message
|
||||
|
||||
|
||||
@@ -32,7 +32,7 @@ The name of your workflow. {% data variables.product.prodname_dotcom %} displays
|
||||
{% ifversion actions-run-name %}
|
||||
## `run-name`
|
||||
|
||||
The name for workflow runs generated from the workflow. {% data variables.product.prodname_dotcom %} displays the workflow run name in the list of workflow runs on your repository's "Actions" tab. If you omit `run-name`, the run name is set to event-specific information for the workflow run. For example, for a workflow triggered by a `push` or `pull_request` event, it is set as the commit message.
|
||||
The name for workflow runs generated from the workflow. {% data variables.product.prodname_dotcom %} displays the workflow run name in the list of workflow runs on your repository's "Actions" tab. If `run-name` is omitted or is only whitespace, then the run name is set to event-specific information for the workflow run. For example, for a workflow triggered by a `push` or `pull_request` event, it is set as the commit message.
|
||||
|
||||
This value can include expressions and can reference the [`github`](/actions/learn-github-actions/contexts#github-context) and [`inputs`](/actions/learn-github-actions/contexts#inputs-context) contexts.
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Configuring dependency review for your appliance
|
||||
shortTitle: Configuring dependency review
|
||||
intro: 'To helps users understand dependency changes when reviewing pull requests, you can enable, configure, and disable dependency review for {% data variables.location.product_location %}.'
|
||||
intro: 'To helps users understand dependency changes when reviewing pull requests, you can enable, configure, and disable dependency review for {% data variables.location.product_location %}.'
|
||||
product: '{% data reusables.gated-features.dependency-review %}'
|
||||
miniTocMaxHeadingLevel: 3
|
||||
versions:
|
||||
@@ -14,8 +14,6 @@ topics:
|
||||
- Security
|
||||
---
|
||||
|
||||
{% data reusables.dependency-review.beta %}
|
||||
|
||||
## About dependency review
|
||||
|
||||
{% data reusables.dependency-review.feature-overview %}
|
||||
|
||||
@@ -15,6 +15,6 @@ topics:
|
||||
|
||||
You can allow users to identify their projects' dependencies by {% ifversion ghes %}enabling{% elsif ghae %}using{% endif %} the dependency graph for {% data variables.location.product_location %}. For more information, see "{% ifversion ghes %}[Enabling the dependency graph for your enterprise](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise){% elsif ghae %}[About the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph){% endif %}."
|
||||
|
||||
You can also allow users on {% data variables.location.product_location %} to find and fix vulnerabilities in their code dependencies by enabling {% data variables.product.prodname_dependabot_alerts %}{% ifversion ghes > 3.2 %} and {% data variables.product.prodname_dependabot_updates %}{% endif %}. For more information, see "[Enabling {% data variables.product.prodname_dependabot %} for your enterprise](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."
|
||||
You can also allow users on {% data variables.location.product_location %} to find and fix vulnerabilities in their code dependencies by enabling {% data variables.product.prodname_dependabot_alerts %}{% ifversion ghes %} and {% data variables.product.prodname_dependabot_updates %}{% endif %}. For more information, see "[Enabling {% data variables.product.prodname_dependabot %} for your enterprise](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."
|
||||
|
||||
After you enable {% data variables.product.prodname_dependabot_alerts %}, you can view vulnerability data from the {% data variables.product.prodname_advisory_database %} on {% data variables.location.product_location %} and manually sync the data. For more information, see "[Viewing the vulnerability data for your enterprise](/admin/code-security/managing-supply-chain-security-for-your-enterprise/viewing-the-vulnerability-data-for-your-enterprise)."
|
||||
|
||||
@@ -16,7 +16,7 @@ topics:
|
||||
|
||||
{% data reusables.dependabot.about-the-dependency-graph %} For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)"
|
||||
|
||||
After you enable the dependency graph for your enterprise, you can enable {% data variables.product.prodname_dependabot %} to detect insecure dependencies in your repository{% ifversion ghes > 3.2 %} and automatically fix the vulnerabilities{% endif %}. For more information, see "[Enabling {% data variables.product.prodname_dependabot %} for your enterprise](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."
|
||||
After you enable the dependency graph for your enterprise, you can enable {% data variables.product.prodname_dependabot %} to detect insecure dependencies in your repository{% ifversion ghes %} and automatically fix the vulnerabilities{% endif %}. For more information, see "[Enabling {% data variables.product.prodname_dependabot %} for your enterprise](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."
|
||||
|
||||
{% ifversion ghes %}
|
||||
You can enable the dependency graph via the {% data variables.enterprise.management_console %} or the administrative shell. We recommend using the {% data variables.enterprise.management_console %} unless {% data variables.location.product_location %} uses clustering.
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Enabling Dependabot for your enterprise
|
||||
intro: 'You can allow users of {% data variables.location.product_location %} to find and fix vulnerabilities in code dependencies by enabling {% data variables.product.prodname_dependabot_alerts %}{% ifversion ghes > 3.2 %} and {% data variables.product.prodname_dependabot_updates %}{% endif %}.'
|
||||
intro: 'You can allow users of {% data variables.location.product_location %} to find and fix vulnerabilities in code dependencies by enabling {% data variables.product.prodname_dependabot_alerts %}{% ifversion ghes %} and {% data variables.product.prodname_dependabot_updates %}{% endif %}.'
|
||||
miniTocMaxHeadingLevel: 3
|
||||
shortTitle: Dependabot
|
||||
redirect_from:
|
||||
@@ -26,7 +26,7 @@ topics:
|
||||
|
||||
## About {% data variables.product.prodname_dependabot %} for {% data variables.product.product_name %}
|
||||
|
||||
{% data variables.product.prodname_dependabot %} helps users of {% data variables.location.product_location %} find and fix vulnerabilities in their dependencies.{% ifversion ghes > 3.2 %} You can enable {% data variables.product.prodname_dependabot_alerts %} to notify users about vulnerable dependencies and {% data variables.product.prodname_dependabot_updates %} to fix the vulnerabilities and keep dependencies updated to the latest version.
|
||||
{% data variables.product.prodname_dependabot %} helps users of {% data variables.location.product_location %} find and fix vulnerabilities in their dependencies.{% ifversion ghes %} You can enable {% data variables.product.prodname_dependabot_alerts %} to notify users about vulnerable dependencies and {% data variables.product.prodname_dependabot_updates %} to fix the vulnerabilities and keep dependencies updated to the latest version.
|
||||
|
||||
### About {% data variables.product.prodname_dependabot_alerts %}
|
||||
{% endif %}
|
||||
@@ -51,7 +51,7 @@ When {% data variables.location.product_location %} receives information about a
|
||||
|
||||
For repositories with {% data variables.product.prodname_dependabot_alerts %} enabled, scanning is triggered on any push to the default branch that contains a manifest file or lock file. Additionally, when a new vulnerability record is added to {% data variables.location.product_location %}, {% data variables.product.product_name %} scans all existing repositories on {% data variables.location.product_location %} and generates alerts for any repository that is vulnerable. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)."
|
||||
|
||||
{% ifversion ghes > 3.2 %}
|
||||
{% ifversion ghes %}
|
||||
### About {% data variables.product.prodname_dependabot_updates %}
|
||||
|
||||
{% data reusables.dependabot.beta-security-and-version-updates %}
|
||||
@@ -124,7 +124,7 @@ After you enable {% data variables.product.prodname_dependabot_alerts %} for you
|
||||
|
||||
|
||||
{% endif %}
|
||||
{% ifversion ghes > 3.2 %}
|
||||
{% ifversion ghes %}
|
||||
|
||||
When you enable {% data variables.product.prodname_dependabot_alerts %}, you should consider also setting up {% data variables.product.prodname_actions %} for {% data variables.product.prodname_dependabot_security_updates %}. This feature allows developers to fix vulnerabilities in their dependencies. For more information, see "[Managing self-hosted runners for {% data variables.product.prodname_dependabot_updates %} on your enterprise](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/managing-self-hosted-runners-for-dependabot-updates)."
|
||||
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
title: Configuring host keys for your instance
|
||||
shortTitle: Configure host keys
|
||||
intro: 'You can increase the security of {% data variables.location.product_location %} by configuring the algorithms that your instance uses to generate and advertise host keys for incoming SSH connections.'
|
||||
permissions: "Site administrators can configure the host keys for a {% data variables.product.product_name %} instance."
|
||||
permissions: 'Site administrators can configure the host keys for a {% data variables.product.product_name %} instance.'
|
||||
versions:
|
||||
ghes: '>= 3.6'
|
||||
type: how_to
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
title: Configuring SSH connections to your instance
|
||||
shortTitle: Configure SSH connections
|
||||
intro: 'You can increase the security of {% data variables.location.product_location %} by configuring the SSH algorithms that clients can use to establish a connection.'
|
||||
permissions: "Site administrators can configure SSH connections to a {% data variables.product.product_name %} instance."
|
||||
permissions: 'Site administrators can configure SSH connections to a {% data variables.product.product_name %} instance.'
|
||||
versions:
|
||||
ghes: '>= 3.6'
|
||||
type: how_to
|
||||
|
||||
@@ -1,26 +1,21 @@
|
||||
---
|
||||
title: Acerca del almacenamiento de repositorios en caché
|
||||
intro: Puedes incrementar el rendimiento de las operaciones de lectura de Git para los equipos distribuidos y las granjas de IC con el almacenamiento de repositorios en caché.
|
||||
title: About repository caching
|
||||
intro: You can increase the performance of Git read operations for distributed teams and CI farms with repository caching.
|
||||
versions:
|
||||
ghes: '>=3.3'
|
||||
ghes: '*'
|
||||
type: overview
|
||||
topics:
|
||||
- Enterprise
|
||||
ms.openlocfilehash: 06a0dd3ba202c73f1ee035d61f7865fadd13b415
|
||||
ms.sourcegitcommit: fb047f9450b41b24afc43d9512a5db2a2b750a2a
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/11/2022
|
||||
ms.locfileid: '145120642'
|
||||
---
|
||||
|
||||
{% data reusables.enterprise.repository-caching-release-phase %}
|
||||
|
||||
Si tienes equipos y granjas de IC que se ubiquen en todo el mundo, puedes experimentar un rendimiento reducido en tu instancia principal de {% data variables.product.prodname_ghe_server %}. Si bien las geo-réplicas activas pueden mejorar el rendimiento de las solicitudes de lectura, esto implica un costo de limitar el rendimiento de escritura. Para reducir la carga de tu instancia primaria y mejorar el rendimiento de la arquitectura, puedes configurar un caché de repositorio, un espejo asíncrono de solo lectura de los repositorios ubicados cerca de estos clientes distribuidos geográficamente.
|
||||
If you have teams and CI farms located around the world, you may experience reduced performance on your primary {% data variables.product.prodname_ghe_server %} instance. While active geo-replicas can improve the performance of read requests, this comes at the cost of limiting write throughput. To reduce load on your primary instance and improve write throughput performance, you can configure a repository cache, an asynchronous read-only mirror of repositories located near these geographically-distributed clients.
|
||||
|
||||
Un caché de repositorio elimina la necesidad de que {% data variables.product.product_name %} transmita los mismos datos de Git a través de un enlace de red a larga distancia varias veces para servir a clientes múltiples, al servir los datos de tu repositorio cerca de las granjas de IC y equipos distribuidos. Por ejemplo, si tu instancia principal está en América del Norte y también tienes una presencia significativa en Asia, te beneficiarías de configurar el caché de repositorios en Asia para que lo utilicen los ejecutores de IC de ahí.
|
||||
A repository cache eliminates the need for {% data variables.product.product_name %} to transmit the same Git data over a long-haul network link multiple times to serve multiple clients, by serving your repository data close to CI farms and distributed teams. For instance, if your primary instance is in North America and you also have a large presence in Asia, you will benefit from setting up the repository cache in Asia for use by CI runners there.
|
||||
|
||||
El caché de repositorios escucha a la instancia principal, ya sea una sola instancia o un conjunto geo-replicado de ellas, para conocer los cambios en los datos de Git. Las granjas de IC y otros consumidores de lectura pesada clonan y recuperan información del caché de repositorio en vez de en la instancia primaria. Los cambios se propagan a lo largo de la red, en intervalos periódicos, una vez por instancia de caché en vez de una vez por cliente. Los datos de Git serán habitualmente visibles en el caché de repositorio dentro de varios minutos después de haber subido los datos a la instancia primaria. {% ifversion ghes > 3.3 %} Los sistemas de CI pueden usar el [webhook `cache_sync`](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#cache_sync) para reaccionar a los datos que están disponibles en la caché.{% endif %}
|
||||
The repository cache listens to the primary instance, whether that's a single instance or a geo-replicated set of instances, for changes to Git data. CI farms and other read-heavy consumers clone and fetch from the repository cache instead of the primary instance. Changes are propagated across the network, at periodic intervals, once per cache instance rather than once per client. Git data will typically be visible on the repository cache within several minutes after the data is pushed to the primary instance. {% ifversion ghes > 3.3 %}The [`cache_sync` webhook](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#cache_sync) can be used by CI systems to react to data being available in the cache.{% endif %}
|
||||
|
||||
Tienes un control minucioso sobre qué repositorios se permite sincronizar al caché del repositorio. Los datos de Git solo se replicarán en las ubicaciones que especifique.
|
||||
You have fine-grained control over which repositories are allowed to sync to the repository cache. Git data will only be replicated to the locations you specify.
|
||||
|
||||
{% data reusables.enterprise.repository-caching-config-summary %} Para más información, vea "[Configuración de una caché de repositorios](/admin/enterprise-management/caching-repositories/configuring-a-repository-cache)".
|
||||
{% data reusables.enterprise.repository-caching-config-summary %} For more information, see "[Configuring a repository cache](/admin/enterprise-management/caching-repositories/configuring-a-repository-cache)."
|
||||
|
||||
@@ -1,107 +1,105 @@
|
||||
---
|
||||
title: Configurar el caché de un repositorio
|
||||
intro: 'Puedes configurar el caché de un repositorio si creas un aplicativo nuevo, conectando el caché del repositorio a tu aplicativo primario y configurando la replicación de redes de repositorio al caché del repositorio.'
|
||||
title: Configuring a repository cache
|
||||
intro: 'You can configure a repository cache by creating a new appliance, connecting the repository cache to your primary appliance, and configuring replication of repository networks to the repository cache.'
|
||||
versions:
|
||||
ghes: '>=3.3'
|
||||
ghes: '*'
|
||||
type: how_to
|
||||
topics:
|
||||
- Enterprise
|
||||
ms.openlocfilehash: dced49e1e6795407e2e41f12275a310c3a98aaf1
|
||||
ms.sourcegitcommit: fb047f9450b41b24afc43d9512a5db2a2b750a2a
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/10/2022
|
||||
ms.locfileid: '146332024'
|
||||
---
|
||||
|
||||
{% data reusables.enterprise.repository-caching-release-phase %}
|
||||
|
||||
## Acerca de la configuración para el almacenamiento en caché de repositorio
|
||||
## About configuration for repository caching
|
||||
|
||||
{% data reusables.enterprise.repository-caching-config-summary %} Entonces, puedes configurar las políticas de ubicación de datos que rijan qué redes de repositorio se replican en el caché del mismo.
|
||||
{% data reusables.enterprise.repository-caching-config-summary %} Then, you can set data location policies that govern which repository networks are replicated to the repository cache.
|
||||
|
||||
El caché de repositorio no es compatible con el clústering.
|
||||
Repository caching is not supported with clustering.
|
||||
|
||||
## DNS para cachés de repositorio
|
||||
## DNS for repository caches
|
||||
|
||||
La instancia principal y el caché de repositorio deben tener nombres de DNS diferentes. Por ejemplo, si la instancia principal está en `github.example.com`, puedes decidir llamar `europe-ci.github.example.com` o `github.asia.example.com` a una memoria caché.
|
||||
The primary instance and repository cache should have different DNS names. For example, if your primary instance is at `github.example.com`, you might decide to name a cache `europe-ci.github.example.com` or `github.asia.example.com`.
|
||||
|
||||
Para que las máquinas de CI realicen capturas desde la memoria caché del repositorio en lugar de la instancia principal, puedes usar la opción de configuración `url.<base>.insteadOf` de Git. Para más información, vea [`git-config`](https://git-scm.com/docs/git-config#Documentation/git-config.txt-urlltbasegtinsteadOf) en la documentación de Git.
|
||||
To have your CI machines fetch from the repository cache instead of the primary instance, you can use Git's `url.<base>.insteadOf` configuration setting. For more information, see [`git-config`](https://git-scm.com/docs/git-config#Documentation/git-config.txt-urlltbasegtinsteadOf) in the Git documentation.
|
||||
|
||||
Por ejemplo, el `.gitconfig` global para la máquina de CI incluiría estas líneas.
|
||||
For example, the global `.gitconfig` for the CI machine would include these lines.
|
||||
|
||||
```
|
||||
[url "https://europe-ci.github.example.com/"]
|
||||
insteadOf = https://github.example.com/
|
||||
insteadOf = https://github.example.com/
|
||||
```
|
||||
|
||||
Después, cuando se le solicite que capture `https://github.example.com/myorg/myrepo`, Git capturará desde `https://europe-ci.github.example.com/myorg/myrepo`.
|
||||
Then, when told to fetch `https://github.example.com/myorg/myrepo`, Git will instead fetch from `https://europe-ci.github.example.com/myorg/myrepo`.
|
||||
|
||||
## Configurar el caché de un repositorio
|
||||
## Configuring a repository cache
|
||||
|
||||
{% ifversion ghes = 3.3 %}
|
||||
1. En el dispositivo principal {% data variables.product.prodname_ghe_server %}, habilita la marca de característica para el almacenamiento en caché del repositorio.
|
||||
1. On your primary {% data variables.product.prodname_ghe_server %} appliance, enable the feature flag for repository caching.
|
||||
|
||||
```
|
||||
$ ghe-config cluster.cache-enabled true
|
||||
```
|
||||
{%- endif %}
|
||||
1. Configurar un aparato {% data variables.product.prodname_ghe_server %} nuevo en la plataforma que desees. Este aplicativo será tu caché de repositorio. Para más información, vea "[Configuración de una instancia de {% data variables.product.prodname_ghe_server %}](/admin/guides/installation/setting-up-a-github-enterprise-server-instance)".
|
||||
1. Set up a new {% data variables.product.prodname_ghe_server %} appliance on your desired platform. This appliance will be your repository cache. For more information, see "[Setting up a {% data variables.product.prodname_ghe_server %} instance](/admin/guides/installation/setting-up-a-github-enterprise-server-instance)."
|
||||
{% data reusables.enterprise_installation.replica-steps %}
|
||||
1. Conéctate a la dirección IP del caché de tu repositorio utilizando SSH.
|
||||
1. Connect to the repository cache's IP address using SSH.
|
||||
|
||||
```shell
|
||||
$ ssh -p 122 admin@<em>REPLICA IP</em>
|
||||
$ ssh -p 122 admin@REPLICA-IP
|
||||
```
|
||||
{%- ifversion ghes = 3.3 %}
|
||||
1. En la réplica de caché, habilita la marca de característica para el almacenamiento en caché del repositorio.
|
||||
1. On your cache replica, enable the feature flag for repository caching.
|
||||
|
||||
```
|
||||
$ ghe-config cluster.cache-enabled true
|
||||
```
|
||||
{%- endif %} {% data reusables.enterprise_installation.generate-replication-key-pair %} {% data reusables.enterprise_installation.add-ssh-key-to-primary %}
|
||||
1. Para comprobar la conexión con el modo principal y habilitar el modo de réplica para la memoria caché del repositorio, vuelve a ejecutar `ghe-repl-setup`.
|
||||
{%- endif %}
|
||||
{% data reusables.enterprise_installation.generate-replication-key-pair %}
|
||||
{% data reusables.enterprise_installation.add-ssh-key-to-primary %}
|
||||
1. To verify the connection to the primary and enable replica mode for the repository cache, run `ghe-repl-setup` again.
|
||||
|
||||
```shell
|
||||
$ ghe-repl-setup <em>PRIMARY IP</em>
|
||||
$ ghe-repl-setup PRIMARY-IP
|
||||
```
|
||||
|
||||
1. Establece `cache_location` para la caché del repositorio, reemplazando *CACHE-LOCATION* por un identificador alfanumérico, como la región donde se implementa la memoria caché. Establece también un nombre de centro de datos para esta memoria caché. Las cachés nuevas intentarán inicializarse desde otra caché del mismo centro de datos.
|
||||
1. Set a `cache_location` for the repository cache, replacing *CACHE-LOCATION* with an alphanumeric identifier, such as the region where the cache is deployed. Also set a datacenter name for this cache; new caches will attempt to seed from another cache in the same datacenter.
|
||||
|
||||
```shell
|
||||
$ ghe-repl-node --cache <em>CACHE-LOCATION</em> --datacenter <em>REPLICA-DC-NAME</em>
|
||||
$ ghe-repl-node --cache CACHE-LOCATION --datacenter REPLICA-DC-NAME
|
||||
```
|
||||
|
||||
{% data reusables.enterprise_installation.replication-command %} {% data reusables.enterprise_installation.verify-replication-channel %}
|
||||
1. Para habilitar la replicación de las redes de repositorio en el caché del mismo, configura una política de ubicación de datos. Para obtener más información, consulta «[Directivas de ubicación de datos](#data-location-policies)».
|
||||
{% data reusables.enterprise_installation.replication-command %}
|
||||
{% data reusables.enterprise_installation.verify-replication-channel %}
|
||||
1. To enable replication of repository networks to the repository cache, set a data location policy. For more information, see "[Data location policies](#data-location-policies)."
|
||||
|
||||
## Políticas de ubicación de datos
|
||||
## Data location policies
|
||||
|
||||
Puedes controlar la ubicación de los datos mediante la configuración de directivas de ubicación de datos para los repositorios con el comando `spokesctl cache-policy`. Las políticas de ubicación de datos determinan qué redes de repositorios se replican en qué cachés de repositorio. Predeterminadamente, ninguna red de repositorio se replicará en ninguno de los cachés de repositorio sino hasta que se configuren las políticas de ubicación.
|
||||
You can control data locality by configuring data location policies for your repositories with the `spokesctl cache-policy` command. Data location policies determine which repository networks are replicated on which repository caches. By default, no repository networks will be replicated on any repository caches until a data location policy is configured.
|
||||
|
||||
Las directivas de ubicación de datos solo afectan al contenido de Git. El contenido de la base de datos, como comentarios sobre problemas y solicitudes de incorporación de cambios, se replicará en todos los nodos independientemente de la directiva.
|
||||
Data location policies affect only Git content. Content in the database, such as issues and pull request comments, will be replicated to all nodes regardless of policy.
|
||||
|
||||
{% note %}
|
||||
|
||||
**Nota:** las directivas de ubicación de datos no son lo mismo que el control de acceso. Debes usar roles de repositorio para controlar qué usuarios pueden acceder a un repositorio. Para obtener más información sobre el acceso al repositorio, consulta «[Roles de repositorio para una organización](/organizations/managing-access-to-your-organizations-repositories/repository-roles-for-an-organization)».
|
||||
**Note:** Data location policies are not the same as access control. You must use repository roles to control which users may access a repository. For more information about repository roles, see "[Repository roles for an organization](/organizations/managing-access-to-your-organizations-repositories/repository-roles-for-an-organization)."
|
||||
|
||||
{% endnote %}
|
||||
|
||||
Puedes configurar una directiva para replicar todas las redes con la marca `--default`. Por ejemplo, este comando creará una directiva para replicar una sola copia de cada red de repositorio en el conjunto de cachés de repositorio cuyo `cache_location` es «kansas».
|
||||
You can configure a policy to replicate all networks with the `--default` flag. For example, this command will create a policy to replicate a single copy of every repository network to the set of repository caches whose `cache_location` is "kansas".
|
||||
|
||||
```
|
||||
$ ghe-spokesctl cache-policy set --default 1 kansas
|
||||
```
|
||||
|
||||
Para configurar la replicación para una red de repositorio, especifica aquél que sea la raíz de la red. Una red de repositorio incluye un repositorio y todas las bifurcaciones de este. No puedes replicar parte de una red sin replicarla integralmente.
|
||||
To configure replication for a repository network, specify the repository that is the root of the network. A repository network includes a repository and all of the repository's forks. You cannot replicate part of a network without replicating the whole network.
|
||||
|
||||
```
|
||||
$ ghe-spokesctl cache-policy set <owner/repository> 1 kansas
|
||||
```
|
||||
|
||||
Puedes anular una política que replica todas las redes y excluye redes específicas si especificas un conteo de réplica de cero para la red. Por ejemplo, este comando especifica que cualquier caché de repositorio en la ubicación "kansas" no puede contener copias de esa red.
|
||||
You can override a policy that replicates all networks and exclude specific networks by specifying a replica count of zero for the network. For example, this command specifies that any repository cache in location "kansas" cannot contain any copies of that network.
|
||||
|
||||
```
|
||||
$ ghe-spokesctl cache-policy set <owner/repository> 0 kansas
|
||||
```
|
||||
|
||||
Los recuentos de réplica mayores a uno un alguna ubicación de caché no son compatibles.
|
||||
Replica counts greater than one in a given cache location are not supported.
|
||||
|
||||
@@ -1,18 +1,13 @@
|
||||
---
|
||||
title: Guardar repositorios en caché
|
||||
intro: 'Puedes mejorar el rendimiento de tu equipo distribuido geográficamente con el almacenamiento de repositorios en chacé, el cual proporciona espejos de solo lectura para tus usuarios y clientes de IC.'
|
||||
title: Caching repositories
|
||||
intro: 'You can improve performance for your geographically-distributed team with repository caching, which provides read-only mirrors close to your users and CI clients.'
|
||||
versions:
|
||||
ghes: '>=3.3'
|
||||
ghes: '*'
|
||||
topics:
|
||||
- Enterprise
|
||||
children:
|
||||
- /about-repository-caching
|
||||
- /configuring-a-repository-cache
|
||||
ms.openlocfilehash: 4c019db4ea99bc2383c4496fb9632e8723a7a02b
|
||||
ms.sourcegitcommit: fb047f9450b41b24afc43d9512a5db2a2b750a2a
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/11/2022
|
||||
ms.locfileid: '145112801'
|
||||
---
|
||||
|
||||
{% data reusables.enterprise.repository-caching-release-phase %}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Acerca de la Replicación geográfica
|
||||
intro: 'La Replicación geográfica en {% data variables.product.prodname_ghe_server %} utiliza múltiples réplicas activas para responder las solicitudes de los centros de datos distribuidos geográficamente.'
|
||||
title: About geo-replication
|
||||
intro: 'Geo-replication on {% data variables.product.prodname_ghe_server %} uses multiple active replicas to fulfill requests from geographically distributed data centers.'
|
||||
redirect_from:
|
||||
- /enterprise/admin/installation/about-geo-replication
|
||||
- /enterprise/admin/enterprise-management/about-geo-replication
|
||||
@@ -11,32 +11,26 @@ type: overview
|
||||
topics:
|
||||
- Enterprise
|
||||
- High availability
|
||||
ms.openlocfilehash: 0e4e2feb161dd897172385bf25cf997268527fd3
|
||||
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/05/2022
|
||||
ms.locfileid: '146332812'
|
||||
---
|
||||
Contar con múltiples réplicas puede permitir una menor distancia a la réplica más cercana. Por ejemplo, una organización con oficinas en San Francisco, Nueva York y Londres podrían ejecutar el aparato principal en un centro de datos cercano a Nueva York y dos réplicas en centros de datos cercanos a San Francisco y Londres. Al usar DNS con información de geolocalización, se puede dirigir a los usuarios al servidor disponible más cercano para que accedan a los datos más rápido. Designar como principal el aparato cercano a Nueva York ayuda a reducir la latencia entre los hosts, a diferencia de si se designa como principal el aparato cercano a San Francisco, que tiene mayor latencia con Londres.
|
||||
Multiple active replicas can provide a shorter distance to the nearest replica. For example, an organization with offices in San Francisco, New York, and London could run the primary appliance in a datacenter near New York and two replicas in datacenters near San Francisco and London. Using geolocation-aware DNS, users can be directed to the closest server available and access repository data faster. Designating the appliance near New York as the primary helps reduce the latency between the hosts, compared to the appliance near San Francisco being the primary which has a higher latency to London.
|
||||
|
||||
Los proxies de la réplica activa solicitan que no se pueda procesar esta misma para la instancia principal. Las réplicas funcionan como un punto de presencia al terminar todas las conexiones SSL. El tráfico entre los servidores se envía a través de una conexión VPN encriptada, similar a una configuración de dos nodos de alta disponibilidad sin replicación geográfica.
|
||||
The active replica proxies requests that it can't process itself to the primary instance. The replicas function as a point of presence terminating all SSL connections. Traffic between hosts is sent through an encrypted VPN connection, similar to a two-node high availability configuration without geo-replication.
|
||||
|
||||
Las solicitudes de Git y las solicitudes de archivos específicos a los servidores, tales como LFS y cargas de archivos, pueden servirse directamente de la réplica sin cargar ningún dato desde el primario. Las solicitudes web siempre se enrutan hacia el principal, pero si la réplica está más cerca del usuario, las solicitudes son más rápidas porque la terminación SSL está más cerca.
|
||||
Git requests and specific file server requests, such as LFS and file uploads, can be served directly from the replica without loading any data from the primary. Web requests are always routed to the primary, but if the replica is closer to the user the requests are faster due to the closer SSL termination.
|
||||
|
||||
El DNS geográfico, como el [servicio Route 53 de Amazon](http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html#routing-policy-geo), es necesario para que la replicación geográfica funcione sin problemas. El nombre del host para la instancia se debe resolver con la réplica más cercana a la ubicación del usuario.
|
||||
Geo DNS, such as [Amazon's Route 53 service](http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html#routing-policy-geo), is required for geo-replication to work seamlessly. The hostname for the instance should resolve to the replica that is closest to the user's location.
|
||||
|
||||
## Limitaciones
|
||||
## Limitations
|
||||
|
||||
Escribir solicitudes para la réplica exige que se envíen los datos al principal y a todas las réplicas. Esto significa que el rendimiento de todos los escritos se limita de acuerdo con la replica más lenta, aunque las geo-replicas nuevas pueden poblar la mayoría de sus datos desde geo-replicas existentes co-ubicadas, en vez de desde el primario. {% ifversion ghes > 3.2 %}Para reducir la latencia y el ancho de banda ocasionado por la distribución de equipos y granjas grandes de IC sin afectar a la arquitectura de rendimiento de escritura, una mejor opción consiste en configurar el almacenamiento en caché del repositorio. Para obtener más información, consulta "[Acerca del almacenamiento en caché del repositorio](/admin/enterprise-management/caching-repositories/about-repository-caching)".{% endif %}
|
||||
Writing requests to the replica requires sending the data to the primary and all replicas. This means that the performance of all writes is limited by the slowest replica, although new geo-replicas can seed the majority of their data from existing co-located geo-replicas, rather than from the primary. To reduce the latency and bandwidth caused by distributed teams and large CI farms without impacting write throughput, you can configure repository caching instead. For more information, see "[About repository caching](/admin/enterprise-management/caching-repositories/about-repository-caching)."
|
||||
|
||||
La replicación geográfica no le agregará capacidad a una instancia de {% data variables.product.prodname_ghe_server %} ni resolverá problemas de rendimiento relacionados con recursos de CPU o de memoria insuficientes. Si el aparato principal está fuera de línea, las réplicas activas no podrán atender ninguna solicitud de lectura o escritura.
|
||||
Geo-replication will not add capacity to a {% data variables.product.prodname_ghe_server %} instance or solve performance issues related to insufficient CPU or memory resources. If the primary appliance is offline, active replicas will be unable to serve any read or write requests.
|
||||
|
||||
{% data reusables.enterprise_installation.replica-limit %}
|
||||
|
||||
## Monitorear la configuración de una replicación geográfica
|
||||
## Monitoring a geo-replication configuration
|
||||
|
||||
{% data reusables.enterprise_installation.monitoring-replicas %}
|
||||
|
||||
## Información adicional
|
||||
- "[Creación de réplicas de replicación geográfica](/enterprise/admin/guides/installation/creating-a-high-availability-replica/#creating-geo-replication-replicas)"
|
||||
## Further reading
|
||||
- "[Creating geo-replication replicas](/enterprise/admin/guides/installation/creating-a-high-availability-replica/#creating-geo-replication-replicas)"
|
||||
|
||||
@@ -13,12 +13,12 @@ topics:
|
||||
- High availability
|
||||
- Infrastructure
|
||||
shortTitle: About HA configuration
|
||||
ms.openlocfilehash: 921a1a935bbfa930c77e2c72d7856f00d54d6016
|
||||
ms.sourcegitcommit: fb047f9450b41b24afc43d9512a5db2a2b750a2a
|
||||
ms.openlocfilehash: b54ca60c6cf1d79b9435ca8deedebec09ed39396
|
||||
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/10/2022
|
||||
ms.locfileid: '146332755'
|
||||
ms.lasthandoff: 10/25/2022
|
||||
ms.locfileid: '148109881'
|
||||
---
|
||||
Cuando configuras la alta disponibilidad, hay una configuración automática unidireccional, una replicación asincrónica de todos los almacenes de datos (repositorios de Git, MySQL, Redis y Elasticsearch) desde el aparato principal hacia la réplica. La mayoría de los ajustes de configuración de {% data variables.product.prodname_ghe_server %} también se replican, incluyendo la contraseña de la {% data variables.enterprise.management_console %}. Para obtener más información, consulta "[Acceso a la consola de administración](/admin/configuration/configuring-your-enterprise/accessing-the-management-console)".
|
||||
|
||||
@@ -35,8 +35,8 @@ Utiliza la configuración de alta disponibilidad para la protección contra lo s
|
||||
|
||||
Una configuración de alta disponibilidad no es una buena solución para lo siguiente:
|
||||
|
||||
- **Escalado horizontal**. Mientras que puedes distribuir el tráfico geográficamente utilizando la replicación geográfica, el rendimiento de las escrituras queda limitado a la velocidad y la disponibilidad del dispositivo principal. Para obtener más información, consulta "[Acerca de la replicación geográfica](/enterprise/admin/guides/installation/about-geo-replication/)".{% ifversion ghes > 3.2 %}
|
||||
- **Carga de CI/CD**. Si tienes una cantidad grande de clientes de IC que estén distanciados geográficamente de tu instancia primaria, puedes beneficiarte de configurar un caché de repositorio. Para obtener más información, consulta "[Acerca del almacenamiento en caché del repositorio](/admin/enterprise-management/caching-repositories/about-repository-caching)".{% endif %}
|
||||
- **Escalado horizontal**. Mientras que puedes distribuir el tráfico geográficamente utilizando la replicación geográfica, el rendimiento de las escrituras queda limitado a la velocidad y la disponibilidad del dispositivo principal. Para obtener más información, consulta "[Acerca de la replicación geográfica](/enterprise/admin/guides/installation/about-geo-replication/)".
|
||||
- **Carga de CI/CD**. Si tienes una cantidad grande de clientes de IC que estén distanciados geográficamente de tu instancia primaria, puedes beneficiarte de configurar un caché de repositorio. Para más información, vea "[Acerca del almacenamiento en caché del repositorio](/admin/enterprise-management/caching-repositories/about-repository-caching)".
|
||||
- **Copia de seguridad del dispositivo principal**. Una réplica de alta disponibilidad no reemplaza las copias de seguridad externas en tu plan de recuperación ante desastres. Algunas formas de corrupción o pérdida de datos se pueden replicar de inmediato desde el aparato principal hacia la réplica. Para asegurar una reversión segura a un estado antiguo estable, debes realizar copias de seguridad de rutina con instantáneas históricas.
|
||||
- **Actualizaciones de tiempo de inactividad cero**. Para evitar la pérdida de datos y las situaciones de cerebro dividido en escenarios de promoción controlados, coloca el aparato principal en el modo de mantenimiento y espera a que se completen todas las escrituras entes de promover la réplica.
|
||||
|
||||
|
||||
@@ -39,7 +39,7 @@ shortTitle: Create HA replica
|
||||
|
||||
This example configuration uses a primary and two replicas, which are located in three different geographic regions. While the three nodes can be in different networks, all nodes are required to be reachable from all the other nodes. At the minimum, the required administrative ports should be open to all the other nodes. For more information about the port requirements, see "[Network Ports](/enterprise/admin/guides/installation/network-ports/#administrative-ports)."
|
||||
|
||||
{% data reusables.enterprise_clustering.network-latency %}{% ifversion ghes > 3.2 %} If latency is more than 70 milliseconds, we recommend cache replica nodes instead. For more information, see "[Configuring a repository cache](/admin/enterprise-management/caching-repositories/configuring-a-repository-cache)."{% endif %}
|
||||
{% data reusables.enterprise_clustering.network-latency %} If latency is more than 70 milliseconds, we recommend cache replica nodes instead. For more information, see "[Configuring a repository cache](/admin/enterprise-management/caching-repositories/configuring-a-repository-cache)."
|
||||
|
||||
1. Create the first replica the same way you would for a standard two node configuration by running `ghe-repl-setup` on the first replica.
|
||||
```shell
|
||||
|
||||
@@ -17,7 +17,6 @@ topics:
|
||||
{% note %}
|
||||
|
||||
**Notes:**
|
||||
{% ifversion ghes < 3.3 %}- Features such as {% data variables.product.prodname_actions %}, {% data variables.product.prodname_registry %}, {% data variables.product.prodname_mobile %} and {% data variables.product.prodname_GH_advanced_security %} are available on {% data variables.product.prodname_ghe_server %} 3.0 or higher. We highly recommend upgrading to 3.0 or later releases to take advantage of critical security updates, bug fixes and feature enhancements.{% endif %}
|
||||
- Upgrade packages are available at [enterprise.github.com](https://enterprise.github.com/releases) for supported versions. Verify the availability of the upgrade packages you will need to complete the upgrade. If a package is not available, contact {% data variables.contact.contact_ent_support %} for assistance.
|
||||
- If you're using {% data variables.product.prodname_ghe_server %} Clustering, see "[Upgrading a cluster](/enterprise/admin/guides/clustering/upgrading-a-cluster/)" in the {% data variables.product.prodname_ghe_server %} Clustering Guide for specific instructions unique to clustering.
|
||||
- The release notes for {% data variables.product.prodname_ghe_server %} provide a comprehensive list of new features for every version of {% data variables.product.prodname_ghe_server %}. For more information, see the [releases page](https://enterprise.github.com/releases).
|
||||
|
||||
@@ -23,7 +23,6 @@ topics:
|
||||
shortTitle: Upgrading GHES
|
||||
---
|
||||
|
||||
{% ifversion ghes < 3.3 %}{% data reusables.enterprise.upgrade-ghes-for-features %}{% endif %}
|
||||
|
||||
## Preparing to upgrade
|
||||
|
||||
@@ -70,8 +69,7 @@ There are two types of snapshots:
|
||||
| Azure | VM | <https://docs.microsoft.com/azure/backup/backup-azure-vms-first-look-arm>
|
||||
| Hyper-V | VM | <https://docs.microsoft.com/windows-server/virtualization/hyper-v/manage/enable-or-disable-checkpoints-in-hyper-v>
|
||||
| Google Compute Engine | Disk | <https://cloud.google.com/compute/docs/disks/create-snapshots>
|
||||
| VMware | VM | <https://pubs.vmware.com/vsphere-50/topic/com.vmware.wssdk.pg.doc_50/PG_Ch11_VM_Manage.13.3.html>{% ifversion ghes < 3.3 %}
|
||||
| XenServer | VM | <https://docs.citrix.com/en-us/xencenter/current-release/vms-snapshots.html>{% endif %}
|
||||
| VMware | VM | <https://pubs.vmware.com/vsphere-50/topic/com.vmware.wssdk.pg.doc_50/PG_Ch11_VM_Manage.13.3.html>
|
||||
|
||||
## Upgrading with a hotpatch
|
||||
|
||||
|
||||
@@ -41,4 +41,4 @@ To restore a backup of {% data variables.location.product_location %} with {% da
|
||||
```
|
||||
{% data reusables.actions.apply-configuration-and-enable %}
|
||||
1. After {% data variables.product.prodname_actions %} is configured and enabled, to restore the rest of the data from the backup, use the `ghe-restore` command. For more information, see "[Restoring a backup](/admin/configuration/configuring-backups-on-your-appliance#restoring-a-backup)."
|
||||
1. Re-register your self-hosted runners on the destination instance. For more information, see "[Adding self-hosted runners](/actions/hosting-your-own-runners/adding-self-hosted-runners)."
|
||||
1. Re-register your self-hosted runners on the destination instance. For more information, see "[Adding self-hosted runners](/actions/hosting-your-own-runners/adding-self-hosted-runners)."
|
||||
|
||||
@@ -156,7 +156,7 @@ If any of these services are at or near 100% CPU utilization, or the memory is n
|
||||
When running `ghe-config-apply`, if you see output like `Failed to run nomad job '/etc/nomad-jobs/<name>.hcl'`, then the change has likely over-allocated CPU or memory resources. If this happens, edit the configuration files again and lower the allocated CPU or memory, then re-run `ghe-config-apply`.
|
||||
1. After the configuration is applied, run `ghe-actions-check` to verify that the {% data variables.product.prodname_actions %} services are operational.
|
||||
|
||||
{% ifversion fpt or ghec or ghes > 3.2 %}
|
||||
{% ifversion fpt or ghec or ghes %}
|
||||
## Troubleshooting failures when {% data variables.product.prodname_dependabot %} triggers existing workflows
|
||||
|
||||
{% data reusables.dependabot.beta-security-and-version-updates %}
|
||||
|
||||
@@ -12,11 +12,11 @@ children:
|
||||
- /enabling-github-actions-with-minio-gateway-for-nas-storage
|
||||
- /managing-self-hosted-runners-for-dependabot-updates
|
||||
shortTitle: Enable GitHub Actions
|
||||
ms.openlocfilehash: 675bbbe0ccbb68d676602b0553c8534f1601bcf6
|
||||
ms.sourcegitcommit: fcf3546b7cc208155fb8acdf68b81be28afc3d2d
|
||||
ms.openlocfilehash: 273e03407dd8c3c0a125e2c215a973c88aaf884b
|
||||
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/10/2022
|
||||
ms.locfileid: '145120449'
|
||||
ms.lasthandoff: 10/25/2022
|
||||
ms.locfileid: '148109900'
|
||||
---
|
||||
|
||||
|
||||
@@ -12,13 +12,6 @@ topics:
|
||||
- Enterprise
|
||||
---
|
||||
|
||||
{% ifversion ghes < 3.3 %}
|
||||
{% note %}
|
||||
|
||||
**Note:** {% data reusables.enterprise.upgrade-ghes-for-actions %}
|
||||
|
||||
{% endnote %}
|
||||
{% endif %}
|
||||
|
||||
## About {% data variables.product.prodname_actions %} for enterprises
|
||||
|
||||
@@ -56,7 +49,6 @@ You can create your own unique automations, or you can use and adapt workflows f
|
||||
After you finish planning, you can follow the instructions for getting started with {% data variables.product.prodname_actions %}. For more information, see {% ifversion ghec %}"[Getting started with {% data variables.product.prodname_actions %} for {% data variables.product.prodname_ghe_cloud %}](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud)."{% elsif ghae %}"[Getting started with {% data variables.product.prodname_actions %} for {% data variables.product.prodname_ghe_managed %}](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-ae)."{% endif %}
|
||||
{% endif %}
|
||||
|
||||
|
||||
## Further reading
|
||||
|
||||
- "[Understanding {% data variables.product.prodname_actions %}](/actions/learn-github-actions/understanding-github-actions)"{% ifversion ghec %}
|
||||
|
||||
@@ -23,8 +23,6 @@ topics:
|
||||
|
||||
This article explains how site administrators can configure {% data variables.product.prodname_ghe_server %} to use {% data variables.product.prodname_actions %}.
|
||||
|
||||
{% data reusables.enterprise.upgrade-ghes-for-actions %}
|
||||
|
||||
{% data reusables.actions.ghes-actions-not-enabled-by-default %} You'll need to determine whether your instance has adequate CPU and memory resources to handle the load from {% data variables.product.prodname_actions %} without causing performance loss, and possibly increase those resources. You'll also need to decide which storage provider you'll use for the blob storage required to store artifacts{% ifversion actions-caching %} and caches{% endif %} generated by workflow runs. Then, you'll enable {% data variables.product.prodname_actions %} for your enterprise, manage access permissions, and add self-hosted runners to run workflows.
|
||||
|
||||
{% data reusables.actions.introducing-enterprise %}
|
||||
@@ -33,7 +31,6 @@ This article explains how site administrators can configure {% data variables.pr
|
||||
|
||||
## Review hardware requirements
|
||||
|
||||
|
||||
{%- ifversion ghes < 3.6 %}
|
||||
|
||||
The CPU and memory resources available to {% data variables.location.product_location %} determine the number of jobs that can be run concurrently without performance loss. {% data reusables.actions.minimum-hardware %}
|
||||
@@ -50,14 +47,6 @@ The peak quantity of connected runners without performance loss depends on such
|
||||
|
||||
{% endif %}
|
||||
|
||||
{%- ifversion ghes = 3.2 %}
|
||||
|
||||
{% data reusables.actions.hardware-requirements-3.2 %}
|
||||
|
||||
Maximum concurrency was measured using multiple repositories, job duration of approximately 10 minutes, and 10 MB artifact uploads. You may experience different performance depending on the overall levels of activity on your instance.
|
||||
|
||||
{%- endif %}
|
||||
|
||||
{%- ifversion ghes = 3.3 %}
|
||||
|
||||
{% data reusables.actions.hardware-requirements-3.3 %}
|
||||
@@ -88,7 +77,6 @@ Maximum concurrency was measured using multiple repositories, job duration of ap
|
||||
|
||||
{%- endif %}
|
||||
|
||||
|
||||
{%- ifversion ghes = 3.6 %}
|
||||
|
||||
{% data reusables.actions.hardware-requirements-3.6 %}
|
||||
@@ -114,8 +102,7 @@ For more information about minimum hardware requirements for {% data variables.l
|
||||
- [Google Cloud Platform](/admin/installation/installing-github-enterprise-server-on-google-cloud-platform#hardware-considerations)
|
||||
- [Hyper-V](/admin/installation/installing-github-enterprise-server-on-hyper-v#hardware-considerations)
|
||||
- [OpenStack KVM](/admin/installation/installing-github-enterprise-server-on-openstack-kvm#hardware-considerations)
|
||||
- [VMware](/admin/installation/installing-github-enterprise-server-on-vmware#hardware-considerations){% ifversion ghes < 3.3 %}
|
||||
- [XenServer](/admin/installation/installing-github-enterprise-server-on-xenserver#hardware-considerations){% endif %}
|
||||
- [VMware](/admin/installation/installing-github-enterprise-server-on-vmware#hardware-considerations)
|
||||
|
||||
{% data reusables.enterprise_installation.about-adjusting-resources %}
|
||||
|
||||
|
||||
@@ -32,9 +32,7 @@ This guide shows you how to apply a centralized management approach to self-host
|
||||
1. Deploy a self-hosted runner for your enterprise
|
||||
1. Create a group to manage access to the runners available to your enterprise
|
||||
1. Optionally, further restrict the repositories that can use the runner
|
||||
{%- ifversion ghec or ghae or ghes > 3.2 %}
|
||||
1. Optionally, build custom tooling to automatically scale your self-hosted runners
|
||||
{% endif %}
|
||||
|
||||
You'll also find additional information about how to monitor and secure your self-hosted runners,{% ifversion ghes or ghae %} how to access actions from {% data variables.product.prodname_dotcom_the_website %},{% endif %} and how to customize the software on your runner machines.
|
||||
|
||||
@@ -122,14 +120,10 @@ Optionally, organization owners can further restrict the access policy of the ru
|
||||
|
||||
For more information, see "[Managing access to self-hosted runners using groups](/actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group)."
|
||||
|
||||
{% ifversion ghec or ghae or ghes > 3.2 %}
|
||||
|
||||
## 5. Automatically scale your self-hosted runners
|
||||
|
||||
Optionally, you can build custom tooling to automatically scale the self-hosted runners for {% ifversion ghec or ghae %}your enterprise{% elsif ghes %}{% data variables.location.product_location %}{% endif %}. For example, your tooling can respond to webhook events from {% data variables.location.product_location %} to automatically scale a cluster of runner machines. For more information, see "[Autoscaling with self-hosted runners](/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners)."
|
||||
|
||||
{% endif %}
|
||||
|
||||
## Next steps
|
||||
|
||||
- You can monitor self-hosted runners and troubleshoot common issues. For more information, see "[Monitoring and troubleshooting self-hosted runners](/actions/hosting-your-own-runners/monitoring-and-troubleshooting-self-hosted-runners)."
|
||||
|
||||
@@ -18,8 +18,6 @@ topics:
|
||||
|
||||
|
||||
|
||||
{% data reusables.enterprise.upgrade-ghes-for-actions %}
|
||||
|
||||
Before you introduce {% data variables.product.prodname_actions %} to a large enterprise, you first need to plan your adoption and make decisions about how your enterprise will use {% data variables.product.prodname_actions %} to best support your unique needs.
|
||||
|
||||
## Governance and compliance
|
||||
@@ -102,7 +100,7 @@ You may need to upgrade the CPU and memory resources for {% data variables.locat
|
||||
|
||||
You also have to decide where to add each runner. You can add a self-hosted runner to an individual repository, or you can make the runner available to an entire organization or your entire enterprise. Adding runners at the organization or enterprise levels allows sharing of runners, which might reduce the size of your runner infrastructure. You can use policies to limit access to self-hosted runners at the organization and enterprise levels by assigning groups of runners to specific repositories or organizations. For more information, see "[Adding self-hosted runners](/actions/hosting-your-own-runners/adding-self-hosted-runners)" and "[Managing access to self-hosted runners using groups](/actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups)."
|
||||
|
||||
{% ifversion ghec or ghes > 3.2 %}
|
||||
{% ifversion ghec or ghes %}
|
||||
You should consider using autoscaling to automatically increase or decrease the number of available self-hosted runners. For more information, see "[Autoscaling with self-hosted runners](/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners)."
|
||||
{% endif %}
|
||||
|
||||
|
||||
@@ -31,7 +31,7 @@ Alternatively, if you want stricter control over which actions are allowed in yo
|
||||
|
||||
{% data reusables.actions.github-connect-resolution %}
|
||||
|
||||
If a user has already created an organization and repository in your enterprise that matches an organization and repository name on {% data variables.product.prodname_dotcom_the_website %}, the repository on your enterprise will be used instead of the {% data variables.product.prodname_dotcom_the_website %} repository. {% ifversion ghes < 3.3 or ghae %}A malicious user could take advantage of this behavior to run code as part of a workflow{% else %}For more information, see "[Automatic retirement of namespaces for actions accessed on {% data variables.product.prodname_dotcom_the_website%}](#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)."
|
||||
If a user has already created an organization and repository in your enterprise that matches an organization and repository name on {% data variables.product.prodname_dotcom_the_website %}, the repository on your enterprise will be used instead of the {% data variables.product.prodname_dotcom_the_website %} repository. {% ifversion ghae %}A malicious user could take advantage of this behavior to run code as part of a workflow.{% else %}For more information, see "[Automatic retirement of namespaces for actions accessed on {% data variables.product.prodname_dotcom_the_website%}](#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)."
|
||||
{% endif %}
|
||||
|
||||
## Enabling automatic access to all {% data variables.product.prodname_dotcom_the_website %} actions
|
||||
@@ -46,8 +46,6 @@ Before enabling access to all actions from {% data variables.product.prodname_do
|
||||
|
||||
1. {% data reusables.actions.enterprise-limit-actions-use %}
|
||||
|
||||
{% ifversion ghes > 3.2 or ghae %}
|
||||
|
||||
## Automatic retirement of namespaces for actions accessed on {% data variables.product.prodname_dotcom_the_website %}
|
||||
|
||||
When you enable {% data variables.product.prodname_github_connect %}, users see no change in behavior for existing workflows because {% data variables.product.prodname_actions %} searches {% data variables.location.product_location %} for each action before falling back to {% data variables.product.prodname_dotcom_the_website%}. This ensures that any custom versions of actions your enterprise has created are used in preference to their counterparts on {% data variables.product.prodname_dotcom_the_website%}.
|
||||
@@ -67,5 +65,3 @@ After using an action from {% data variables.product.prodname_dotcom_the_website
|
||||
**Tip:** When you unretire a namespace, always create the new repository with that name as soon as possible. If a workflow calls the associated action on {% data variables.product.prodname_dotcom_the_website %} before you create the local repository, the namespace will be retired again. For actions used in workflows that run frequently, you may find that a namespace is retired again before you have time to create the local repository. In this case, you can temporarily disable the relevant workflows until you have created the new repository.
|
||||
|
||||
{% endtip %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
@@ -33,13 +33,11 @@ If your machine has access to both systems at the same time, you can do the sync
|
||||
|
||||
The `actions-sync` tool can only download actions from {% data variables.product.prodname_dotcom_the_website %} that are stored in public repositories.
|
||||
|
||||
{% ifversion ghes > 3.2 or ghae %}
|
||||
{% note %}
|
||||
|
||||
**Note:** The `actions-sync` tool is intended for use in systems where {% data variables.product.prodname_github_connect %} is not enabled. If you run the tool on a system with {% data variables.product.prodname_github_connect %} enabled, you may see the error `The repository <repo_name> has been retired and cannot be reused`. This indicates that a workflow has used that action directly on {% data variables.product.prodname_dotcom_the_website %} and the namespace is retired on {% data variables.location.product_location %}. For more information, see "[Automatic retirement of namespaces for actions accessed on {% data variables.product.prodname_dotcom_the_website%}](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)."
|
||||
|
||||
{% endnote %}
|
||||
{% endif %}
|
||||
|
||||
## Prerequisites
|
||||
|
||||
|
||||
@@ -47,10 +47,8 @@ Once {% data variables.product.prodname_github_connect %} is configured, you can
|
||||
1. Configure your workflow's YAML to use `{% data reusables.actions.action-checkout %}`.
|
||||
1. Each time your workflow runs, the runner will use the specified version of `actions/checkout` from {% data variables.product.prodname_dotcom_the_website %}.
|
||||
|
||||
{% ifversion ghes > 3.2 or ghae %}
|
||||
{% note %}
|
||||
|
||||
**Note:** The first time the `checkout` action is used from {% data variables.product.prodname_dotcom_the_website %}, the `actions/checkout` namespace is automatically retired on {% data variables.location.product_location %}. If you ever want to revert to using a local copy of the action, you first need to remove the namespace from retirement. For more information, see "[Automatic retirement of namespaces for actions accessed on {% data variables.product.prodname_dotcom_the_website%}](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)."
|
||||
|
||||
{% endnote %}
|
||||
{% endif %}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
title: About Enterprise Managed Users
|
||||
title: About {% data variables.product.prodname_emus %}
|
||||
shortTitle: About managed users
|
||||
intro: 'You can centrally manage identity and access for your enterprise members on {% data variables.product.prodname_dotcom %} from your identity provider.'
|
||||
redirect_from:
|
||||
@@ -16,6 +16,7 @@ topics:
|
||||
- Authentication
|
||||
- Enterprise
|
||||
- SSO
|
||||
allowTitleToDifferFromFilename: true
|
||||
---
|
||||
|
||||
## About {% data variables.product.prodname_emus %}
|
||||
@@ -24,8 +25,6 @@ With {% data variables.product.prodname_emus %}, you can control the user accoun
|
||||
|
||||
In your IdP, you can give each {% data variables.enterprise.prodname_managed_user %} the role of user, enterprise owner, or billing manager. {% data variables.enterprise.prodname_managed_users_caps %} can own organizations within your enterprise and can add other {% data variables.enterprise.prodname_managed_users %} to the organizations and teams within. For more information, see "[Roles in an enterprise](/github/setting-up-and-managing-your-enterprise/managing-users-in-your-enterprise/roles-in-an-enterprise)" and "[About organizations](/organizations/collaborating-with-groups-in-organizations/about-organizations)."
|
||||
|
||||
Organization membership can be managed manually, or you can update membership automatically as {% data variables.enterprise.prodname_managed_users %} are added to IdP groups that are connected to teams within the organization. When a {% data variables.enterprise.prodname_managed_user %} is manually added to an organization, unassigning them from the {% data variables.product.prodname_emu_idp_application %} application on your IdP will suspend the user but not remove them from the organization. For more information about managing organization and team membership automatically, see "[Managing team memberships with identity provider groups](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/managing-team-memberships-with-identity-provider-groups)."
|
||||
|
||||
{% ifversion oidc-for-emu %}
|
||||
|
||||
{% data reusables.enterprise-accounts.emu-cap-validates %} For more information, see "[About support for your IdP's Conditional Access Policy](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-support-for-your-idps-conditional-access-policy)."
|
||||
@@ -46,6 +45,17 @@ To use {% data variables.product.prodname_emus %}, you need a separate type of e
|
||||
|
||||
{% endnote %}
|
||||
|
||||
## About organization membership management
|
||||
|
||||
Organization memberships can be managed manually, or you can update memberships automatically using IdP groups. To manage organization memberships through your IdP, the members must be added to an IdP group, and the IdP group must be connected to a team within the organization. For more information about managing organization and team memberships automatically, see "[Managing team memberships with identity provider groups](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/managing-team-memberships-with-identity-provider-groups)."
|
||||
|
||||
The way a member is added to an organization owned by your enterprise (through IdP groups or manually) determines how they must be removed from an organization.
|
||||
|
||||
- If a member was added to an organization manually, you must remove them manually. Unassigning them from the {% data variables.product.prodname_emu_idp_application %} application on your IdP will suspend the user but not remove them from the organization.
|
||||
- If a user became a member of an organization because they were added to IdP groups mapped to one or more teams in the organization, removing them from _all_ of the mapped IdP groups associated with the organization will remove them from the organization.
|
||||
|
||||
To discover how a member was added to an organization, you can filter the member list by type. For more information, see "[Viewing people in your enterprise](/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#filtering-by-member-type-in-an-enterprise-with-managed-users)."
|
||||
|
||||
## Identity provider support
|
||||
|
||||
{% data variables.product.prodname_emus %} supports the following IdPs{% ifversion oidc-for-emu %} and authentication methods:
|
||||
|
||||
@@ -145,7 +145,13 @@ After you enable LDAP sync, a synchronization job will run at the specified time
|
||||
A synchronization job will also run at the specified time interval to perform the following operations on each team that has been mapped to an LDAP group:
|
||||
|
||||
- If a team's corresponding LDAP group has been removed, remove all members from the team.
|
||||
- If LDAP member entries have been removed from the LDAP group, remove the corresponding users from the team. If the user is no longer a member of any team in the organization, remove the user from the organization. If the user loses access to any repositories as a result, delete any private forks the user has of those repositories.
|
||||
- If LDAP member entries have been removed from the LDAP group, remove the corresponding users from the team. If the user is no longer a member of any team in the organization and is not an owner of the organization, remove the user from the organization. If the user loses access to any repositories as a result, delete any private forks the user has of those repositories.
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note:** LDAP Sync will not remove a user from an organization if the user is an owner of that organization. Another organization owner will need to manually remove the user instead.
|
||||
|
||||
{% endnote %}
|
||||
- If LDAP member entries have been added to the LDAP group, add the corresponding users to the team. If the user regains access to any repositories as a result, restore any private forks of the repositories that were deleted because the user lost access in the past 90 days.
|
||||
|
||||
{% data reusables.enterprise_user_management.ldap-sync-nested-teams %}
|
||||
|
||||
@@ -15,12 +15,12 @@ topics:
|
||||
- Enterprise
|
||||
type: how_to
|
||||
shortTitle: Configure SAML SSO with Okta
|
||||
ms.openlocfilehash: 2772285f266a2593e8fc0900b39602325d30c46d
|
||||
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
|
||||
ms.openlocfilehash: e9cbf6e70fb5e07f9cd2c5e27d9b952921e18fdc
|
||||
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/05/2022
|
||||
ms.locfileid: '147094810'
|
||||
ms.lasthandoff: 10/25/2022
|
||||
ms.locfileid: '148110060'
|
||||
---
|
||||
{% data reusables.enterprise-accounts.emu-saml-note %}
|
||||
|
||||
|
||||
@@ -108,4 +108,4 @@ Ensure that you set the value for `Audience` on your IdP to the `EntityId` for {
|
||||
|
||||
{% ifversion ghec %}
|
||||
{% data reusables.saml.authentication-loop %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
@@ -105,14 +105,6 @@ featuredLinks:
|
||||
- '{% ifversion ghec %}/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/managing-global-webhooks{% endif %}'
|
||||
- /billing/managing-your-license-for-github-enterprise/using-visual-studio-subscription-with-github-enterprise/setting-up-visual-studio-subscription-with-github-enterprise
|
||||
- /admin/enterprise-support/about-github-enterprise-support
|
||||
videos:
|
||||
- title: GitHub in the Enterprise – Maya Ross
|
||||
href: 'https://www.youtube-nocookie.com/embed/1-i39RqaxRs'
|
||||
- title: What's new for GitHub Enterprise – Jarryd McCree
|
||||
href: 'https://www.youtube-nocookie.com/embed/ZZviWZgrqhM'
|
||||
- title: Enforcing information security policy through GitHub Enterprise – Thomas Worley
|
||||
href: 'https://www.youtube-nocookie.com/embed/DCu-ZTT7WTI'
|
||||
videosHeading: GitHub Universe 2021 videos
|
||||
layout: product-landing
|
||||
versions:
|
||||
ghec: '*'
|
||||
|
||||
@@ -18,14 +18,13 @@ children:
|
||||
- /installing-github-enterprise-server-on-hyper-v
|
||||
- /installing-github-enterprise-server-on-openstack-kvm
|
||||
- /installing-github-enterprise-server-on-vmware
|
||||
- /installing-github-enterprise-server-on-xenserver
|
||||
- /setting-up-a-staging-instance
|
||||
shortTitle: Set up an instance
|
||||
ms.openlocfilehash: 23fe586f2c4baa87a2e2b388685bf8e42d5e10a4
|
||||
ms.sourcegitcommit: fb047f9450b41b24afc43d9512a5db2a2b750a2a
|
||||
ms.openlocfilehash: 7c23ae31e8e976f2acc664f87fbff82ffe025a0e
|
||||
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/11/2022
|
||||
ms.locfileid: '147881465'
|
||||
ms.lasthandoff: 10/25/2022
|
||||
ms.locfileid: '148109880'
|
||||
---
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@ redirect_from:
|
||||
- /enterprise/admin/installation/setting-up-a-staging-instance
|
||||
- /admin/installation/setting-up-a-staging-instance
|
||||
versions:
|
||||
ghes: "*"
|
||||
ghes: '*'
|
||||
type: how_to
|
||||
topics:
|
||||
- Enterprise
|
||||
|
||||
@@ -46,9 +46,7 @@ As an enterprise owner{% ifversion ghes %} or site administrator{% endif %}, you
|
||||
{%- ifversion ghes %}
|
||||
- You can forward audit and system logs, from your enterprise to an third-party hosted monitoring system. For more information, see "[Log forwarding](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/log-forwarding)."
|
||||
{%- endif %}
|
||||
{%- ifversion ghec or ghes > 3.2 or ghae %}
|
||||
- You can use the Audit log API to view actions performed in your enterprise. For more information, see "[Using the audit log API for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/using-the-audit-log-api-for-your-enterprise)."
|
||||
{%- endif %}
|
||||
|
||||
For a full list of audit log actions that may appear in your enterprise audit log, see "[Audit log actions for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise)."
|
||||
|
||||
|
||||
@@ -265,7 +265,6 @@ Action | Description
|
||||
| `config_entry.update` | A configuration setting was edited. These events are only visible in the site admin audit log. The type of events recorded relate to:</br>- Enterprise settings and policies</br>- Organization and repository permissions and settings</br>- Git, Git LFS, {% data variables.product.prodname_github_connect %}, {% data variables.product.prodname_registry %}, project, and code security settings.
|
||||
{%- endif %}
|
||||
|
||||
{%- ifversion fpt or ghec or ghes > 3.2 or ghae %}
|
||||
## `dependabot_alerts` category actions
|
||||
|
||||
| Action | Description
|
||||
@@ -285,9 +284,8 @@ Action | Description
|
||||
| Action | Description
|
||||
|--------|-------------
|
||||
| `dependabot_repository_access.repositories_updated` | The repositories that {% data variables.product.prodname_dependabot %} can access were updated.
|
||||
{%- endif %}
|
||||
|
||||
{%- ifversion fpt or ghec or ghes > 3.2 %}
|
||||
{%- ifversion fpt or ghec or ghes %}
|
||||
## `dependabot_security_updates` category actions
|
||||
|
||||
| Action | Description
|
||||
@@ -1341,7 +1339,7 @@ Before you'll see `git` category actions, you must enable Git events in the audi
|
||||
|--------|-------------
|
||||
| `staff.disable_repo` | An organization{% ifversion ghes %}, repository or site{% else %} or repository{% endif %} administrator disabled access to a repository and all of its forks.
|
||||
| `staff.enable_repo` | An organization{% ifversion ghes %}, repository or site{% else %} or repository{% endif %} administrator re-enabled access to a repository and all of its forks.
|
||||
{%- ifversion ghes > 3.2 or ghae %}
|
||||
{%- ifversion ghes or ghae %}
|
||||
| `staff.exit_fake_login` | An enterprise owner{% ifversion ghes %} or site administrator{% endif %} ended an impersonation session on {% data variables.product.product_name %}.
|
||||
| `staff.fake_login` | An enterprise owner{% ifversion ghes %} or site administrator{% endif %} signed into {% data variables.product.product_name %} as another user.
|
||||
{%- endif %}
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
---
|
||||
title: Configuring the audit log for your enterprise
|
||||
intro: "You can configure settings for your enterprise's audit log."
|
||||
intro: You can configure settings for your enterprise's audit log.
|
||||
shortTitle: Configure audit logs
|
||||
permissions: 'Enterprise owners can configure the audit log.'
|
||||
permissions: Enterprise owners can configure the audit log.
|
||||
versions:
|
||||
feature: audit-data-retention-tab
|
||||
type: how_to
|
||||
@@ -53,4 +53,4 @@ Before you can enable Git events in the audit log, you must configure a retentio
|
||||
|
||||
1. Click **Save**.
|
||||
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Using the audit log API for your enterprise
|
||||
intro: 'You can programmatically retrieve enterprise events with the{% ifversion ghec or ghes > 3.2 %} REST or{% endif %} GraphQL API.'
|
||||
intro: 'You can programmatically retrieve enterprise events with the REST or GraphQL API.'
|
||||
shortTitle: Audit log API
|
||||
permissions: 'Enterprise owners {% ifversion ghes %}and site administrators {% endif %}can use the audit log API.'
|
||||
miniTocMaxHeadingLevel: 3
|
||||
@@ -18,7 +18,7 @@ topics:
|
||||
|
||||
## Using the audit log API
|
||||
|
||||
You can interact with the audit log using the GraphQL API{% ifversion ghec or ghes > 3.2 or ghae %} or the REST API{% endif %}.
|
||||
You can interact with the audit log using the GraphQL API or the REST API.
|
||||
|
||||
Timestamps and date fields in the API response are measured in [UTC epoch milliseconds](http://en.wikipedia.org/wiki/Unix_time).
|
||||
|
||||
@@ -106,7 +106,6 @@ This query uses the [AuditEntry](/graphql/reference/interfaces#auditentry) inter
|
||||
|
||||
For more query examples, see the [platform-samples repository](https://github.com/github/platform-samples/blob/master/graphql/queries).
|
||||
|
||||
{% ifversion ghec or ghes > 3.2 or ghae %}
|
||||
## Querying the audit log REST API
|
||||
|
||||
To ensure your intellectual property is secure, and you maintain compliance for your enterprise, you can use the audit log REST API to keep copies of your audit log data and monitor:
|
||||
@@ -137,5 +136,3 @@ curl -H "Authorization: Bearer TOKEN" \
|
||||
--request GET \
|
||||
"https://api.github.com/enterprises/avocado-corp/audit-log?phrase=action:pull_request+created:>=2022-01-01+actor:octocat"
|
||||
```
|
||||
|
||||
{% endif %}
|
||||
|
||||
@@ -9,15 +9,13 @@ type: overview
|
||||
topics:
|
||||
- Enterprise
|
||||
- Upgrades
|
||||
ms.openlocfilehash: 196745ee4ededaf78bd5afe876e4afa09141e930
|
||||
ms.sourcegitcommit: fb047f9450b41b24afc43d9512a5db2a2b750a2a
|
||||
ms.openlocfilehash: b3a2d340ef73ffe92f2117caf38a84e76ba0c8d1
|
||||
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/11/2022
|
||||
ms.locfileid: '145120202'
|
||||
ms.lasthandoff: 10/25/2022
|
||||
ms.locfileid: '148109831'
|
||||
---
|
||||
{% ifversion ghes < 3.3 %}{% data reusables.enterprise.upgrade-ghes-for-features %}{% endif %}
|
||||
|
||||
{% data reusables.enterprise.constantly-improving %}{% ifversion ghae %}{% data variables.product.prodname_ghe_managed %} es un servicio totalmente administrado, de manera que {% data variables.product.company_short %} completa el proceso de actualización automáticamente para la empresa.{% endif %}
|
||||
|
||||
Los lanzamientos de características incluyen mejoras de funcionalidades y características y, habitualmente, suceden cada trimestre. {% ifversion ghae %}{% data variables.product.company_short %} actualizará tu empresa al lanzamiento de características más reciente. Se te notificará previamente sobre cualquier tiempo de inactividad que se planee para tu empresa.{% endif %}
|
||||
|
||||
@@ -2,9 +2,9 @@
|
||||
title: Migrating your enterprise to the Container registry from the Docker registry
|
||||
intro: 'You can migrate Docker images previously stored in the Docker registry on {% data variables.location.product_location %} to the {% data variables.product.prodname_container_registry %}.'
|
||||
product: '{% data reusables.gated-features.packages %}'
|
||||
permissions: "Enterprise owners can migrate Docker images to the {% data variables.product.prodname_container_registry %}."
|
||||
permissions: 'Enterprise owners can migrate Docker images to the {% data variables.product.prodname_container_registry %}.'
|
||||
versions:
|
||||
feature: 'docker-ghcr-enterprise-migration'
|
||||
feature: docker-ghcr-enterprise-migration
|
||||
shortTitle: Migrate to Container registry
|
||||
topics:
|
||||
- Containers
|
||||
|
||||
@@ -20,12 +20,12 @@ topics:
|
||||
- Policies
|
||||
- Projects
|
||||
shortTitle: Project board policies
|
||||
ms.openlocfilehash: 2066ab3fd36814150ff79457930d05909027513e
|
||||
ms.sourcegitcommit: 478f2931167988096ae6478a257f492ecaa11794
|
||||
ms.openlocfilehash: 2bb72b21094fadea8f584eb4749ed0cea69619ee
|
||||
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/09/2022
|
||||
ms.locfileid: '147854143'
|
||||
ms.lasthandoff: 10/25/2022
|
||||
ms.locfileid: '148109813'
|
||||
---
|
||||
## Acerca de las políticas para proyectos en tu empresa
|
||||
|
||||
|
||||
@@ -14,11 +14,11 @@ children:
|
||||
- /enforcing-policies-for-your-enterprise
|
||||
- /enforcing-policy-with-pre-receive-hooks
|
||||
shortTitle: Set policies
|
||||
ms.openlocfilehash: 075d4f949435539c9c45ae651aedb0878f3317db
|
||||
ms.sourcegitcommit: 5f9527483381cfb1e41f2322f67c80554750a47d
|
||||
ms.openlocfilehash: 6fae4d9a9aa9c137be114b51eb90d79eb16d71df
|
||||
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/11/2022
|
||||
ms.locfileid: '147400374'
|
||||
ms.lasthandoff: 10/25/2022
|
||||
ms.locfileid: '148109919'
|
||||
---
|
||||
|
||||
|
||||
@@ -33,11 +33,11 @@ children:
|
||||
- /managing-projects-using-jira
|
||||
- /continuous-integration-using-jenkins
|
||||
shortTitle: Manage organizations
|
||||
ms.openlocfilehash: 5d1430bc4efff03e6cddfe81f3c018d4f2064155
|
||||
ms.sourcegitcommit: 5f9527483381cfb1e41f2322f67c80554750a47d
|
||||
ms.openlocfilehash: 333d9b8d50bcdb86f709a447fee5a4078353dfe2
|
||||
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/11/2022
|
||||
ms.locfileid: '147884249'
|
||||
ms.lasthandoff: 10/25/2022
|
||||
ms.locfileid: '148109918'
|
||||
---
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@ title: Hacerse pasar por un usuario
|
||||
intro: 'Puedes hacerte pasar por usuarios y realizar acciones en su nombre, para solucionar problemas, hacer desbloqueos y otras razones legítimas.'
|
||||
permissions: Enterprise owners can impersonate users within their enterprise.
|
||||
versions:
|
||||
ghes: '>3.2'
|
||||
ghes: '*'
|
||||
ghae: '*'
|
||||
type: how_to
|
||||
topics:
|
||||
@@ -11,12 +11,12 @@ topics:
|
||||
- Enterprise
|
||||
- User account
|
||||
shortTitle: Impersonate a user
|
||||
ms.openlocfilehash: 8e237c6ace7e7feb4badefcbd863b0974c983732
|
||||
ms.sourcegitcommit: fb047f9450b41b24afc43d9512a5db2a2b750a2a
|
||||
ms.openlocfilehash: df0513c3ca2931378e656f228939540dd5ea5816
|
||||
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/11/2022
|
||||
ms.locfileid: '145116266'
|
||||
ms.lasthandoff: 10/25/2022
|
||||
ms.locfileid: '148109966'
|
||||
---
|
||||
## Acerca de hacerse pasar por un usuario
|
||||
|
||||
|
||||
@@ -36,11 +36,11 @@ children:
|
||||
- /customizing-user-messages-for-your-enterprise
|
||||
- /rebuilding-contributions-data
|
||||
shortTitle: Manage users
|
||||
ms.openlocfilehash: 9ec6d7dc6822e71ff72542dd6b67ded031a1c44d
|
||||
ms.sourcegitcommit: ac00e2afa6160341c5b258d73539869720b395a4
|
||||
ms.openlocfilehash: 763277882c2af96505c2a6d4c236c05475ab9f3f
|
||||
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/09/2022
|
||||
ms.locfileid: '147878516'
|
||||
ms.lasthandoff: 10/25/2022
|
||||
ms.locfileid: '148009675'
|
||||
---
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Viewing people in your enterprise
|
||||
intro: 'To audit access to enterprise-owned resources or user license usage, enterprise owners can view every administrator and member of the enterprise.'
|
||||
permissions: 'Enterprise owners can view the people in an enterprise.'
|
||||
permissions: Enterprise owners can view the people in an enterprise.
|
||||
redirect_from:
|
||||
- /github/setting-up-and-managing-your-enterprise-account/viewing-people-in-your-enterprise-account
|
||||
- /articles/viewing-people-in-your-enterprise-account
|
||||
@@ -116,7 +116,7 @@ If you use {% data variables.product.prodname_vss_ghe %}, the list of pending in
|
||||
|
||||
## Viewing suspended members in an {% data variables.enterprise.prodname_emu_enterprise %}
|
||||
|
||||
If your enterprise uses {% data variables.product.prodname_emus %}, you can also view suspended users. Suspended users are members who have been deprovisioned after being unassigned from the {% data variables.product.prodname_emu_idp_application %} application or deleted from the identity provider. For more information, see "[About Enterprise Managed Users](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/about-enterprise-managed-users)."
|
||||
If your enterprise uses {% data variables.product.prodname_emus %}, you can view suspended users. Suspended users are members who have been deprovisioned after being unassigned from the {% data variables.product.prodname_emu_idp_application %} application or deleted from the identity provider. For more information, see "[About {% data variables.product.prodname_emus %}](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/about-enterprise-managed-users)."
|
||||
|
||||
{% data reusables.enterprise-accounts.access-enterprise %}
|
||||
{% data reusables.enterprise-accounts.people-tab %}
|
||||
@@ -129,6 +129,21 @@ If your enterprise uses {% data variables.product.prodname_emus %}, you can also
|
||||
|
||||
You can view a list of all dormant users {% ifversion ghes or ghae %} who have not been suspended and {% endif %}who are not site administrators. {% data reusables.enterprise-accounts.dormant-user-activity-threshold %} For more information, see "[Managing dormant users](/admin/user-management/managing-users-in-your-enterprise/managing-dormant-users)."
|
||||
|
||||
{% ifversion filter-by-enterprise-member-type %}
|
||||
## Filtering by member type{% ifversion ghec %} in an {% data variables.enterprise.prodname_emu_enterprise %}{% endif %}
|
||||
|
||||
{% ifversion ghec %}If your enterprise uses {% data variables.product.prodname_emus %}, you{% elsif ghes or ghae %}You{% endif %} can filter the member list of an organization by type to determine if memberships are managed through an IdP or managed directly. Memberships managed through an IdP were added through an IdP group, and the IdP group was connected to a team within the organization. Memberships managed directly were added to the organization manually. The way a membership is mananaged in an organization determines how it must be removed. You can use this filter to determine how members were added to an organization, so you know how to remove them.{% ifversion ghec %} For more information, see "[About {% data variables.product.prodname_emus %}](/enterprise-cloud@latest/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/about-enterprise-managed-users#about-organization-membership-management)."{% endif %}
|
||||
|
||||
{% data reusables.enterprise-accounts.access-enterprise %}
|
||||
1. Under "Organizations," in the search bar, begin typing the organization's name until the organization appears in the search results, then click the name of the organization.
|
||||
|
||||
1. Under the organization name, click {% octicon "person" aria-label="The Person icon" %} **People**.
|
||||
|
||||
1. Above the list of members, click **Type**, then select the type of members you want to view.
|
||||
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% ifversion ghec or ghes %}
|
||||
## Viewing members without an email address from a verified domain
|
||||
|
||||
|
||||
@@ -24,13 +24,15 @@ If you can't access {% data variables.product.product_name %}, contact your loca
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% ifversion fpt or ghec %}
|
||||
{% ifversion ghec %}
|
||||
|
||||
{% data reusables.saml.dotcom-saml-explanation %} Organization owners can invite your personal account on {% data variables.product.prodname_dotcom %} to join their organization that uses SAML SSO, which allows you to contribute to the organization and retain your existing identity and contributions on {% data variables.product.prodname_dotcom %}.
|
||||
|
||||
If you're a member of an {% data variables.enterprise.prodname_emu_enterprise %}, you will instead use a new account that is provisioned for you and controlled by your enterprise. {% data reusables.enterprise-accounts.emu-more-info-account %}
|
||||
|
||||
When you access private resources within an organization that uses SAML SSO, {% data variables.product.prodname_dotcom %} will redirect you to the organization's SAML IdP to authenticate. After you successfully authenticate with your account on the IdP, the IdP redirects you back to {% data variables.product.prodname_dotcom %}, where you can access the organization's resources.
|
||||
When you attempt to access most resources within an organization that uses SAML SSO, {% data variables.product.prodname_dotcom %} will redirect you to the organization's SAML IdP to authenticate. After you successfully authenticate with your account on the IdP, the IdP redirects you back to {% data variables.product.prodname_dotcom %}, where you can access the organization's resources.
|
||||
|
||||
{% data reusables.saml.resources-without-sso %}
|
||||
|
||||
{% data reusables.saml.outside-collaborators-exemption %}
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Creating a personal access token
|
||||
intro: You can create a {% data variables.product.pat_generic %} to use in place of a password with the command line or with the API.
|
||||
intro: 'You can create a {% data variables.product.pat_generic %} to use in place of a password with the command line or with the API.'
|
||||
redirect_from:
|
||||
- /articles/creating-an-oauth-token-for-command-line-use
|
||||
- /articles/creating-an-access-token-for-command-line-use
|
||||
@@ -17,7 +17,7 @@ versions:
|
||||
topics:
|
||||
- Identity
|
||||
- Access management
|
||||
shortTitle: Create a {% data variables.product.pat_generic %}
|
||||
shortTitle: 'Create a {% data variables.product.pat_generic %}'
|
||||
---
|
||||
|
||||
{% warning %}
|
||||
@@ -112,9 +112,9 @@ If you selected an organization as the resource owner and the organization requi
|
||||
{% ifversion pat-v2 %}1. In the left sidebar, under **{% octicon "key" aria-label="The key icon" %} {% data variables.product.pat_generic_caps %}s**, click **Tokens (classic)**.{% else %}{% data reusables.user-settings.personal_access_tokens %}{% endif %}
|
||||
{% ifversion pat-v2%}1. Select **Generate new token**, then click **Generate new token (classic)**.{% else %}{% data reusables.user-settings.generate_new_token %}{% endif %}
|
||||
5. Give your token a descriptive name.
|
||||
{% ifversion fpt or ghes > 3.2 or ghae or ghec %}
|
||||
|
||||
6. To give your token an expiration, select the **Expiration** drop-down menu, then click a default or use the calendar picker.
|
||||
{% endif %}
|
||||
|
||||
7. Select the scopes you'd like to grant this token. To use your token to access repositories from the command line, select **repo**. A token with no assigned scopes can only access public information. For more information, see "[Available scopes](/apps/building-oauth-apps/scopes-for-oauth-apps#available-scopes)".
|
||||
{% ifversion fpt or ghes or ghec %}
|
||||
|
||||
@@ -143,5 +143,5 @@ Instead of manually entering your {% data variables.product.pat_generic %} for e
|
||||
|
||||
## Further reading
|
||||
|
||||
- "[About authentication to GitHub](/github/authenticating-to-github/about-authentication-to-github)"{% ifversion fpt or ghae or ghes > 3.2 or ghec %}
|
||||
- "[Token expiration and revocation](/github/authenticating-to-github/keeping-your-account-and-data-secure/token-expiration-and-revocation)"{% endif %}
|
||||
- "[About authentication to GitHub](/github/authenticating-to-github/about-authentication-to-github)"
|
||||
- "[Token expiration and revocation](/github/authenticating-to-github/keeping-your-account-and-data-secure/token-expiration-and-revocation)"
|
||||
|
||||
@@ -109,7 +109,7 @@ An overview of some of the most common actions that are recorded as events in th
|
||||
| Action | Description
|
||||
|------------------|-------------------
|
||||
| `create` | Triggered when you [grant access to an {% data variables.product.prodname_oauth_app %}](/github/authenticating-to-github/keeping-your-account-and-data-secure/authorizing-oauth-apps).
|
||||
| `destroy` | Triggered when you [revoke an {% data variables.product.prodname_oauth_app %}'s access to your account](/articles/reviewing-your-authorized-integrations){% ifversion fpt or ghae or ghes > 3.2 or ghec %} and when [authorizations are revoked or expire](/github/authenticating-to-github/keeping-your-account-and-data-secure/token-expiration-and-revocation).{% else %}.{% endif %}
|
||||
| `destroy` | Triggered when you [revoke an {% data variables.product.prodname_oauth_app %}'s access to your account](/articles/reviewing-your-authorized-integrations) and when [authorizations are revoked or expire](/github/authenticating-to-github/keeping-your-account-and-data-secure/token-expiration-and-revocation).
|
||||
|
||||
{% ifversion fpt or ghec %}
|
||||
|
||||
|
||||
@@ -14,7 +14,7 @@ redirect_from:
|
||||
- /github/authenticating-to-github/keeping-your-account-and-data-secure/token-expiration-and-revocation
|
||||
---
|
||||
|
||||
When a token {% ifversion fpt or ghae or ghes > 3.2 or ghec %}has expired or {% endif %} has been revoked, it can no longer be used to authenticate Git and API requests. It is not possible to restore an expired or revoked token, you or the application will need to create a new token.
|
||||
When a token has expired or has been revoked, it can no longer be used to authenticate Git and API requests. It is not possible to restore an expired or revoked token, you or the application will need to create a new token.
|
||||
|
||||
This article explains the possible reasons your {% data variables.product.product_name %} token might be revoked or expire.
|
||||
|
||||
@@ -24,11 +24,9 @@ This article explains the possible reasons your {% data variables.product.produc
|
||||
|
||||
{% endnote %}
|
||||
|
||||
{% ifversion fpt or ghae or ghes > 3.2 or ghec %}
|
||||
## Token revoked after reaching its expiration date
|
||||
|
||||
When you create a {% data variables.product.pat_generic %}, we recommend that you set an expiration for your token. Upon reaching your token's expiration date, the token is automatically revoked. For more information, see "[Creating a {% data variables.product.pat_generic %}](/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token)."
|
||||
{% endif %}
|
||||
|
||||
{% ifversion fpt or ghec %}
|
||||
## Token revoked when pushed to a public repository or public gist
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Signing commits
|
||||
intro: You can sign commits locally using GPG{% ifversion ssh-commit-verification %}, SSH,{% endif %} or S/MIME.
|
||||
title: Firmar confirmaciones
|
||||
intro: 'Puedes firmar confirmaciones localmente mediante GPG{% ifversion ssh-commit-verification %}, SSH{% endif %} o S/MIME.'
|
||||
redirect_from:
|
||||
- /articles/signing-commits-and-tags-using-gpg
|
||||
- /articles/signing-commits-using-gpg
|
||||
@@ -15,42 +15,48 @@ versions:
|
||||
topics:
|
||||
- Identity
|
||||
- Access management
|
||||
ms.openlocfilehash: 8550393cc31571756099ac364698434f38b02cfa
|
||||
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 10/25/2022
|
||||
ms.locfileid: '148106753'
|
||||
---
|
||||
{% data reusables.gpg.desktop-support-for-commit-signing %}
|
||||
|
||||
{% tip %}
|
||||
|
||||
**Tips:**
|
||||
**Sugerencias:**
|
||||
|
||||
To configure your Git client to sign commits by default for a local repository, in Git versions 2.0.0 and above, run `git config commit.gpgsign true`. To sign all commits by default in any local repository on your computer, run `git config --global commit.gpgsign true`.
|
||||
Para configurar su cliente Git a fin de firmar confirmaciones de manera predeterminada de un repositorio local, en versiones de Git 2.0.0 y posteriores, ejecute `git config commit.gpgsign true`. Para firmar todas las confirmaciones de manera predeterminada en cualquier repositorio local del equipo, ejecute `git config --global commit.gpgsign true`.
|
||||
|
||||
To store your GPG key passphrase so you don't have to enter it every time you sign a commit, we recommend using the following tools:
|
||||
- For Mac users, the [GPG Suite](https://gpgtools.org/) allows you to store your GPG key passphrase in the Mac OS Keychain.
|
||||
- For Windows users, the [Gpg4win](https://www.gpg4win.org/) integrates with other Windows tools.
|
||||
Para almacenar tus contraseña de llave GPG para no tener que ingresarla cada vez que firmas una confirmación, recomendamos utilizando las siguientes herramientas:
|
||||
- Para los usuarios de Mac, [GPG Suite](https://gpgtools.org/) permite almacenar su frase de contraseña de clave GPG en la cadena de claves de Mac OS.
|
||||
- Para los usuarios de Windows, [Gpg4win](https://www.gpg4win.org/) se integra con otras herramientas de Windows.
|
||||
|
||||
You can also manually configure [gpg-agent](http://linux.die.net/man/1/gpg-agent) to save your GPG key passphrase, but this doesn't integrate with Mac OS Keychain like ssh-agent and requires more setup.
|
||||
También puede configurar de forma manual [gpg-agent](http://linux.die.net/man/1/gpg-agent) para guardar su frase de contraseña de clave GPG, pero esta no se integra con la cadena de claves de Mac OS como ssh-agent y requiere mayor configuración.
|
||||
|
||||
{% endtip %}
|
||||
|
||||
If you have multiple keys or are attempting to sign commits or tags with a key that doesn't match your committer identity, you should [tell Git about your signing key](/articles/telling-git-about-your-signing-key).
|
||||
Si tiene varias claves o está intentando firmar confirmaciones o etiquetas con una clave que no coincide con su identidad de confirmante del cambio, debería [informarle a Git acerca de su clave de firma](/articles/telling-git-about-your-signing-key).
|
||||
|
||||
1. When committing changes in your local branch, add the -S flag to the git commit command:
|
||||
1. Cuando confirmas los cambios en tu rama local, agrega la marca -S al comando de confirmación de Git:
|
||||
```shell
|
||||
$ git commit -S -m "YOUR_COMMIT_MESSAGE"
|
||||
# Creates a signed commit
|
||||
```
|
||||
2. If you're using GPG, after you create your commit, provide the passphrase you set up when you [generated your GPG key](/articles/generating-a-new-gpg-key).
|
||||
3. When you've finished creating commits locally, push them to your remote repository on {% data variables.product.product_name %}:
|
||||
2. Si usa GPG, después de crear la confirmación, proporcione la frase de contraseña que configuró al [generar la clave GPG](/articles/generating-a-new-gpg-key).
|
||||
3. Cuando terminaste de crear confirmaciones de forma local, súbelas a tu repositorio remoto en {% data variables.product.product_name %}:
|
||||
```shell
|
||||
$ git push
|
||||
# Pushes your local commits to the remote repository
|
||||
```
|
||||
4. On {% data variables.product.product_name %}, navigate to your pull request.
|
||||
4. En {% data variables.product.product_name %}, desplázate hasta la solicitud de extracción.
|
||||
{% data reusables.repositories.review-pr-commits %}
|
||||
5. To view more detailed information about the verified signature, click Verified.
|
||||
|
||||
5. Para ver información más detallada acerca de la firma verificada, haz clic en Verified (Verificada).
|
||||
|
||||
|
||||
## Further reading
|
||||
## Información adicional
|
||||
|
||||
* "[Telling Git about your signing key](/articles/telling-git-about-your-signing-key)"
|
||||
* "[Signing tags](/articles/signing-tags)"
|
||||
* "[Notificación de la clave de firma a Git](/articles/telling-git-about-your-signing-key)"
|
||||
* "[Firma de etiquetas](/articles/signing-tags)"
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Signing tags
|
||||
intro: You can sign tags locally using GPG{% ifversion ssh-commit-verification %}, SSH,{% endif %} or S/MIME.
|
||||
title: Firmar etiquetas
|
||||
intro: 'Puedes firmar etiquetas localmente mediante GPG{% ifversion ssh-commit-verification %}, SSH,{% endif %} o S/MIME.'
|
||||
redirect_from:
|
||||
- /articles/signing-tags-using-gpg
|
||||
- /articles/signing-tags
|
||||
@@ -14,23 +14,29 @@ versions:
|
||||
topics:
|
||||
- Identity
|
||||
- Access management
|
||||
ms.openlocfilehash: 22bdc1c5095a8fa82d2ac406a19dc633f8f44fc6
|
||||
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 10/25/2022
|
||||
ms.locfileid: '148106681'
|
||||
---
|
||||
{% data reusables.gpg.desktop-support-for-commit-signing %}
|
||||
|
||||
1. To sign a tag, add `-s` to your `git tag` command.
|
||||
1. Para firmar una etiqueta, agregue `-s` al comando `git tag`.
|
||||
```shell
|
||||
$ git tag -s MYTAG
|
||||
# Creates a signed tag
|
||||
```
|
||||
2. Verify your signed tag by running `git tag -v [tag-name]`.
|
||||
2. Compruebe la etiqueta firmada mediante la ejecución de `git tag -v [tag-name]`.
|
||||
```shell
|
||||
$ git tag -v MYTAG
|
||||
# Verifies the signed tag
|
||||
```
|
||||
|
||||
## Further reading
|
||||
## Información adicional
|
||||
|
||||
- "[Viewing your repository's tags](/articles/viewing-your-repositorys-tags)"
|
||||
- "[Telling Git about your signing key](/articles/telling-git-about-your-signing-key)"
|
||||
- "[Associating an email with your GPG key](/articles/associating-an-email-with-your-gpg-key)"
|
||||
- "[Signing commits](/articles/signing-commits)"
|
||||
- "[Visualización de las etiquetas del repositorio](/articles/viewing-your-repositorys-tags)"
|
||||
- "[Notificación de la clave de firma a Git](/articles/telling-git-about-your-signing-key)"
|
||||
- "[Asociación de un correo electrónico con la clave GPG](/articles/associating-an-email-with-your-gpg-key)"
|
||||
- "[Firma de confirmaciones](/articles/signing-commits)"
|
||||
|
||||
@@ -54,11 +54,11 @@ children:
|
||||
- /managing-billing-for-github-marketplace-apps
|
||||
- /managing-billing-for-git-large-file-storage
|
||||
- /setting-up-paid-organizations-for-procurement-companies
|
||||
ms.openlocfilehash: 816bfb699135974a180ccf350aa04bc36dfbf25a
|
||||
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
|
||||
ms.openlocfilehash: 977d170024ddec1d49f51723b654ee7171915e94
|
||||
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/05/2022
|
||||
ms.locfileid: '147110902'
|
||||
ms.lasthandoff: 10/25/2022
|
||||
ms.locfileid: '148109967'
|
||||
---
|
||||
|
||||
|
||||
@@ -11,3 +11,4 @@ children:
|
||||
- /viewing-your-github-codespaces-usage
|
||||
- /managing-spending-limits-for-github-codespaces
|
||||
---
|
||||
|
||||
|
||||
@@ -54,4 +54,4 @@ Enterprise owners and billing managers can view {% data variables.product.prodna
|
||||
|
||||
## Further reading
|
||||
|
||||
- "[Listing the codespaces in your organization](/codespaces/managing-codespaces-for-your-organization/listing-the-codespaces-in-your-organization)"
|
||||
- "[Listing the codespaces in your organization](/codespaces/managing-codespaces-for-your-organization/listing-the-codespaces-in-your-organization)"
|
||||
|
||||
@@ -72,9 +72,12 @@ In addition to licensed seats, your bill may include other charges, such as {% d
|
||||
- Enterprise owners who are a member or owner of at least one organization in the enterprise
|
||||
- Organization members, including owners
|
||||
- Outside collaborators on private or internal repositories owned by your organization, excluding forks
|
||||
- Dormant users
|
||||
|
||||
If your enterprise does not use {% data variables.product.prodname_emus %}, you will also be billed for each of the following accounts:
|
||||
|
||||
- Anyone with a pending invitation to become an organization owner or member
|
||||
- Anyone with a pending invitation to become an outside collaborator on private or internal repositories owned by your organization, excluding forks
|
||||
- Dormant users
|
||||
|
||||
{% note %}
|
||||
|
||||
|
||||
@@ -18,11 +18,11 @@ children:
|
||||
- /phase-4-create-internal-documentation
|
||||
- /phase-5-rollout-and-scale-code-scanning
|
||||
- /phase-6-rollout-and-scale-secret-scanning
|
||||
ms.openlocfilehash: c5624ca33d347e1be1c7bfc9a687f1c06bb828ed
|
||||
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
|
||||
ms.openlocfilehash: 5430d24ecf8979f5421c6f3fea9f10ad3f580e4c
|
||||
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/05/2022
|
||||
ms.locfileid: '147145430'
|
||||
ms.lasthandoff: 10/25/2022
|
||||
ms.locfileid: '148110096'
|
||||
---
|
||||
|
||||
|
||||
@@ -14,12 +14,12 @@ redirect_from:
|
||||
- /admin/advanced-security/deploying-github-advanced-security-in-your-enterprise
|
||||
- /admin/code-security/managing-github-advanced-security-for-your-enterprise/deploying-github-advanced-security-in-your-enterprise
|
||||
miniTocMaxHeadingLevel: 2
|
||||
ms.openlocfilehash: 0993205a2f51262c0766062995caa1c2e2714742
|
||||
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
|
||||
ms.openlocfilehash: f42a461b3c53565725d6909680fa8e6a202c0439
|
||||
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/05/2022
|
||||
ms.locfileid: '147145429'
|
||||
ms.lasthandoff: 10/25/2022
|
||||
ms.locfileid: '148110093'
|
||||
---
|
||||
## Acerca de estos artículos
|
||||
|
||||
|
||||
@@ -9,12 +9,12 @@ topics:
|
||||
- Advanced Security
|
||||
shortTitle: 1. Align on strategy
|
||||
miniTocMaxHeadingLevel: 3
|
||||
ms.openlocfilehash: 63154ac960e4b3a9d29f41e72cd925230838069c
|
||||
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
|
||||
ms.openlocfilehash: b2677cf11c300ad657f9bd6b8862fb1f292c2fb7
|
||||
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/05/2022
|
||||
ms.locfileid: '147145398'
|
||||
ms.lasthandoff: 10/25/2022
|
||||
ms.locfileid: '148110088'
|
||||
---
|
||||
{% note %}
|
||||
|
||||
|
||||
@@ -9,12 +9,12 @@ topics:
|
||||
- Advanced Security
|
||||
shortTitle: 2. Preparation
|
||||
miniTocMaxHeadingLevel: 3
|
||||
ms.openlocfilehash: a34711765e8beb6d57215c0c8fd16519e975539d
|
||||
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
|
||||
ms.openlocfilehash: 79368897c125ff23541520a253a34a2aae8c7c27
|
||||
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/05/2022
|
||||
ms.locfileid: '147145390'
|
||||
ms.lasthandoff: 10/25/2022
|
||||
ms.locfileid: '148110092'
|
||||
---
|
||||
{% note %}
|
||||
|
||||
|
||||
@@ -9,12 +9,12 @@ topics:
|
||||
- Advanced Security
|
||||
shortTitle: 3. Pilot programs
|
||||
miniTocMaxHeadingLevel: 3
|
||||
ms.openlocfilehash: 3df893158c402b9180260ddd1c82c96f62b84717
|
||||
ms.sourcegitcommit: 5f9527483381cfb1e41f2322f67c80554750a47d
|
||||
ms.openlocfilehash: d56427173580558a192d0709ae700cbd497e2935
|
||||
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/11/2022
|
||||
ms.locfileid: '147145397'
|
||||
ms.lasthandoff: 10/25/2022
|
||||
ms.locfileid: '148109917'
|
||||
---
|
||||
{% note %}
|
||||
|
||||
|
||||
@@ -9,12 +9,12 @@ topics:
|
||||
- Advanced Security
|
||||
shortTitle: 4. Create internal documentation
|
||||
miniTocMaxHeadingLevel: 3
|
||||
ms.openlocfilehash: e9852eacc95b98eca5358aafb9a9b13811888f15
|
||||
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
|
||||
ms.openlocfilehash: caf35f06c3f836ea7532b7c5e9dfb419ba8c325b
|
||||
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/05/2022
|
||||
ms.locfileid: '147145382'
|
||||
ms.lasthandoff: 10/25/2022
|
||||
ms.locfileid: '148109916'
|
||||
---
|
||||
{% note %}
|
||||
|
||||
|
||||
@@ -9,12 +9,12 @@ topics:
|
||||
- Advanced Security
|
||||
shortTitle: 5. Rollout code scanning
|
||||
miniTocMaxHeadingLevel: 3
|
||||
ms.openlocfilehash: 69c5a4e88c5490cbd7dcddca902426862047dff5
|
||||
ms.sourcegitcommit: fb047f9450b41b24afc43d9512a5db2a2b750a2a
|
||||
ms.openlocfilehash: abbcdf4c1e4a231a568e8d8cd488877ebdf2fd9f
|
||||
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 09/11/2022
|
||||
ms.locfileid: '147145389'
|
||||
ms.lasthandoff: 10/25/2022
|
||||
ms.locfileid: '148109915'
|
||||
---
|
||||
{% note %}
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
title: 'Fase 6: Lanzamiento y escalado del análisis de secretos'
|
||||
intro: 'Para la fase final, te centrarás en el lanzamiento de {% data variables.product.prodname_secret_scanning %}. {% data variables.product.prodname_secret_scanning_caps %} es una herramienta más sencilla de lanzar que {% data variables.product.prodname_code_scanning %}, ya que implica menos configuración, pero es fundamental tener una estrategia para controlar los resultados nuevos y antiguos.'
|
||||
title: 'Phase 6: Rollout and scale secret scanning'
|
||||
intro: 'For the final phase, you will focus on the rollout of {% data variables.product.prodname_secret_scanning %}. {% data variables.product.prodname_secret_scanning_caps %} is a more straightforward tool to rollout than {% data variables.product.prodname_code_scanning %}, as it involves less configuration, but it''s critical to have a strategy for handling new and old results.'
|
||||
versions:
|
||||
ghes: '*'
|
||||
ghae: '*'
|
||||
@@ -9,103 +9,98 @@ topics:
|
||||
- Advanced Security
|
||||
shortTitle: 6. Rollout secret scanning
|
||||
miniTocMaxHeadingLevel: 3
|
||||
ms.openlocfilehash: 791ce9924ac9f2cb918db4e1c416a8755b790bf5
|
||||
ms.sourcegitcommit: 74d6918dae0cf489c86eee049fb0f061a63df44c
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: es-ES
|
||||
ms.lasthandoff: 07/15/2022
|
||||
ms.locfileid: '147145381'
|
||||
---
|
||||
|
||||
{% note %}
|
||||
|
||||
Este artículo forma parte de una serie sobre la adopción de {% data variables.product.prodname_GH_advanced_security %} a escala. Para ver el artículo anterior de esta serie, consulta "[Fase 5: Lanzamiento y escalado del análisis de código](/code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning)".
|
||||
This article is part of a series on adopting {% data variables.product.prodname_GH_advanced_security %} at scale. For the previous article in this series, see "[Phase 5: Rollout and scale code scanning](/code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning)."
|
||||
|
||||
{% endnote %}
|
||||
|
||||
Puedes habilitar el análisis de secretos para repositorios individuales o para todos los repositorios de una organización. Para obtener más información, consulta "[Administración de la configuración de seguridad y análisis del repositorio](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)" o "[Administración de la configuración de seguridad y análisis para la organización](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)".
|
||||
You can enable secret scanning for individual repositories or for all repositories in an organization. For more information, see "[Managing security and analysis settings for your repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)" or "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)."
|
||||
|
||||
En este artículo se explica un proceso de alto nivel centrado en habilitar {% data variables.product.prodname_secret_scanning %} para todos los repositorios de una organización. Los principios que se describen en este artículo se pueden seguir aplicando incluso si adoptas el enfoque más escalonado de habilitar {% data variables.product.prodname_secret_scanning %} para repositorios individuales.
|
||||
This article explains a high-level process focusing on enabling {% data variables.product.prodname_secret_scanning %} for all repositories in an organization. The principles described in this article can still be applied even if you take a more staggered approach of enabling {% data variables.product.prodname_secret_scanning %} for individual repositories.
|
||||
|
||||
### <a name="1-focus-on-newly-committed-secrets"></a>1. Céntrate en los secretos recién confirmados
|
||||
### 1. Focus on newly committed secrets
|
||||
|
||||
Al habilitar {% data variables.product.prodname_secret_scanning %}, debes centrarte en corregir las credenciales recién confirmadas detectadas por el análisis de secretos. Si te centras en limpiar las credenciales confirmadas, los desarrolladores podrían seguir insertando accidentalmente nuevas credenciales, lo que significa que el recuento total de secretos permanecerá aproximadamente al mismo nivel, no disminuirá como se prevé. Por este motivo, es esencial detener la filtración de nuevas credenciales antes de centrarse en revocar los secretos actuales.
|
||||
When you enable {% data variables.product.prodname_secret_scanning %}, you should focus on remediating any newly committed credentials detected by secret scanning. If you focus on cleaning up committed credentials, developers could continue to accidentally push new credentials, which means your total secret count will stay around the same level, not decrease as intended. This is why it is essential to stop new credentials being leaked before focusing on revoking any current secrets.
|
||||
|
||||
Hay algunos enfoques para abordar las credenciales recién confirmadas, pero un enfoque de ejemplo sería el siguiente:
|
||||
There are a few approaches for tackling newly committed credentials, but one example approach would be:
|
||||
|
||||
1. **Notificación**: usa webhooks para asegurarte de que los equipos adecuados vean las nuevas alertas de secretos lo antes posible. Un webhook se desencadena cuando se crea, se resuelve o se vuelve a abrir una alerta de secreto. Después, puedes analizar la carga del webhook e integrarla en las herramientas que tú y tu equipo uséis, como Slack, Teams, Splunk o el correo electrónico. Para obtener más información, consulta "[Acerca de los webhooks](/developers/webhooks-and-events/webhooks/about-webhooks)" y "[Eventos y cargas de webhook](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#secret_scanning_alert)".
|
||||
2. **Seguimiento**: crea un proceso de corrección de alto nivel que funcione para todos los tipos de secretos. Por ejemplo, puedes ponerte en contacto con el desarrollador que confirmó el secreto y su responsable técnico en ese proyecto, resaltar los peligros de confirmar secretos en GitHub y pedirles que revoquen y actualicen el secreto detectado.
|
||||
1. **Notify**: Use webhooks to ensure that any new secret alerts are seen by the right teams as quickly as possible. A webhook fires when a secret alert is either created, resolved, or reopened. You can then parse the webhook payload, and integrate it into any tools you and your team use such Slack, Teams, Splunk, or email. For more information, see "[About webhooks](/developers/webhooks-and-events/webhooks/about-webhooks)" and "[Webhook events and payloads](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#secret_scanning_alert)."
|
||||
2. **Follow Up**: Create a high-level remediation process that works for all secret types. For example, you could contact the developer who committed the secret and their technical lead on that project, highlighting the dangers of committing secrets to GitHub, and asking the them to revoke, and update the detected secret.
|
||||
|
||||
{% note %}
|
||||
|
||||
**Nota:** Este paso se puede automatizar. En el caso de grandes empresas y organizaciones con cientos de repositorios, el seguimiento manual es insostenible. Puedes incorporar la automatización en el proceso de webhook definido en el primer paso. La carga del webhook contiene información sobre el repositorio y la organización acerca del secreto filtrado. Con esta información, puedes ponerte en contacto con los mantenedores actuales del repositorio y crear un correo electrónico o mensaje para las personas responsables o bien abrir una incidencia.
|
||||
**Note:** You can automate this step. For large enterprises and organizations with hundreds of repositories, manually following up is unsustainable. You could incorporate automation into the webhook process defined in the first step. The webhook payload contains repository and organization information about the leaked secret. Using this information, you can contact the current maintainers on the repository and create an email/message to the responsible people or open an issue.
|
||||
|
||||
{% endnote %}
|
||||
3. **Formación**: crea un documento de formación interno asignado al desarrollador que confirmó el secreto. En este documento de formación, puedes explicar los riesgos creados mediante la confirmación de secretos y dirigirlos a la información de procedimientos recomendados sobre el uso de secretos de forma segura en el desarrollo. Si un desarrollador no aprende de la experiencia y continúa confirmando secretos, podrías crear un proceso de escalación, pero la formación suele funcionar bien.
|
||||
3. **Educate**: Create an internal training document assigned to the developer who committed the secret. Within this training document, you can explain the risks created by committing secrets and direct them to your best practice information about using secrets securely in development. If the a developer doesn't learn from the experience and continues to commit secrets, you could create an escalation process, but education usually works well.
|
||||
|
||||
Repite los dos últimos pasos para cualquier secreto nuevo que se haya filtrado. Este proceso anima a los desarrolladores a asumir la responsabilidad de administrar los secretos usados en su código de forma segura y te permite medir la reducción de los secretos recién confirmados.
|
||||
Repeat the last two steps for any new secrets leaked. This process encourages developers to take responsibility for managing the secrets used in their code securely, and allows you to measure the reduction in newly committed secrets.
|
||||
|
||||
{% note %}
|
||||
|
||||
**Nota:** Es posible que las organizaciones más avanzadas quieran realizar la corrección automática de determinados tipos de secretos. Hay una iniciativa de código abierto denominada [Corrector automático del analizador de secretos de GitHub](https://github.com/NickLiffen/GSSAR) que puedes implementar en tu entorno de AWS, Azure o GCP y adaptar para revocar automáticamente determinados tipos de secretos en función de lo que definas como más crítico. También es una excelente manera de reaccionar a los nuevos secretos que se confirman con un enfoque más automatizado.
|
||||
**Note:** More advanced organizations may want to perform auto-remediation of certain types of secrets. There is an open-source initiative called [GitHub Secret Scanner Auto Remediator](https://github.com/NickLiffen/GSSAR) which you can deploy into your AWS, Azure, or GCP environment and tailor to automatically revoke certain types of secrets based on what you define as the most critical. This is also an excellent way to react to new secrets being committed with a more automated approach.
|
||||
|
||||
{% endnote %}
|
||||
|
||||
### <a name="2-remediate-previously-committed-secrets-starting-with-the-most-critical"></a>2. Corrige los secretos confirmados previamente, empezando por el más crítico
|
||||
### 2. Remediate previously committed secrets, starting with the most critical
|
||||
|
||||
Después de haber establecido un proceso para supervisar, notificar y corregir los secretos recién publicados, puedes empezar a trabajar en los secretos confirmados antes de la introducción de {% data variables.product.prodname_GH_advanced_security %}.
|
||||
After you have established a process to monitor, notify and remediate newly published secrets, you can start work on secrets committed before {% data variables.product.prodname_GH_advanced_security %} was introduced.
|
||||
|
||||
La forma en que definas los secretos más críticos dependerá de los procesos e integraciones de la organización. Por ejemplo, es probable que una empresa no esté preocupada por un secreto de webhook entrante de Slack si no usa Slack. Es posible que te resulte útil empezar por centrarte en los cinco tipos de credenciales más críticos de tu organización.
|
||||
How you define your most critical secrets will depend on your organization's processes and integrations. For example, a company likely isn’t worried about a Slack Incoming Webhook secret if they don’t use Slack. You may find it useful to start by focusing on the top five most critical credential types for your organization.
|
||||
|
||||
Una vez que hayas decidido los tipos de secretos, puedes hacer lo siguiente:
|
||||
Once you have decided on the secret types, you can do the following:
|
||||
|
||||
1. Define un proceso para corregir cada tipo de secreto. El procedimiento real para cada tipo de secreto suele ser drásticamente diferente. Anota el proceso para cada tipo de secreto en un documento o knowledge base internos.
|
||||
1. Define a process for remediating each type of secret. The actual procedure for each secret type is often drastically different. Write down the process for each type of secret in a document or internal knowledge base.
|
||||
|
||||
{% note %}
|
||||
|
||||
**Nota:** Al crear el proceso para revocar secretos, prueba y asigna la responsabilidad de revocar los secretos al equipo que mantiene el repositorio en lugar de un equipo central. Uno de los principios de GHAS es que los desarrolladores toman posesión de la seguridad y tienen la responsabilidad de corregir los problemas de seguridad, especialmente si los han creado.
|
||||
**Note:** When you create the process for revoking secrets, try and give the responsibility for revoking secrets to the team maintaining the repository instead of a central team. One of the principles of GHAS is developers taking ownership of security and having the responsibility of fixing security issues, especially if they have created them.
|
||||
|
||||
{% endnote %}
|
||||
|
||||
2. Cuando hayas creado el proceso que seguirán los equipos para revocar las credenciales, puedes intercalar información sobre los tipos de secretos y otros metadatos asociados a los secretos filtrados para poder determinar a quién debes comunicar el nuevo proceso.
|
||||
2. When you have created the process that teams will follow for revoking credentials, you can collate information about the types of secrets and other metadata associated with the leaked secrets so you can discern who to communicate the new process to.
|
||||
|
||||
{% ifversion not ghae %}
|
||||
|
||||
Puedes usar la información general de seguridad para recopilar esta información. Para obtener más información sobre el uso de la información general de seguridad, consulta "[Filtrado de alertas en la información general de seguridad](/code-security/security-overview/filtering-alerts-in-the-security-overview)".
|
||||
You can use the security overview to collect this information. For more information about using the security overview, see "[Filtering alerts in the security overview](/code-security/security-overview/filtering-alerts-in-the-security-overview)."
|
||||
|
||||
{% endif %}
|
||||
|
||||
Parte de la información que puede que quieras recopilar incluye la siguiente:
|
||||
Some information you may want to collect includes:
|
||||
|
||||
- Organización
|
||||
- Repositorio
|
||||
- Tipo de secreto
|
||||
- Valor del secreto
|
||||
- Mantenedores en el repositorio con quienes ponerte en contacto
|
||||
- Organization
|
||||
- Repository
|
||||
- Secret type
|
||||
- Secret value
|
||||
- Maintainers on repository to contact
|
||||
|
||||
{% note %}
|
||||
|
||||
**Nota:** Usa la interfaz de usuario si tienes pocos secretos filtrados de ese tipo. Si tienes cientos de secretos filtrados, usa la API para recopilar la información. Para obtener más información, consulta la "[API de REST de análisis de secretos](/rest/reference/secret-scanning)".
|
||||
**Note:** Use the UI if you have few secrets leaked of that type. If you have hundreds of leaked secrets, use the API to collect information. For more information, see "[Secret scanning REST API](/rest/reference/secret-scanning)."
|
||||
|
||||
{% endnote %}
|
||||
|
||||
3. Después de recopilar información sobre los secretos filtrados, crea un plan de comunicación dirigido para los usuarios que mantienen los repositorios afectados por cada tipo de secreto. Puedes usar el correo electrónico, la mensajería o incluso crear incidencias de GitHub en los repositorios afectados. Si puedes usar las API que proporcionan estas herramientas para enviar las comunicaciones de forma automatizada, esto te facilitará el escalado entre varios tipos de secretos.
|
||||
3. After you collect information about leaked secrets, create a targeted communication plan for the users who maintain the repositories affected by each secret type. You could use email, messaging, or even create GitHub issues in the affected repositories. If you can use APIs provided by these tools to send out the communications in an automated manner, this will make it easier for you to scale across multiple secret types.
|
||||
|
||||
### <a name="3-expand-the-program-to-include-more-secret-types-and-custom-patterns"></a>3. Expande el programa para incluir más tipos de secretos y patrones personalizados
|
||||
### 3. Expand the program to include more secret types and custom patterns
|
||||
|
||||
Ahora puedes ir más allá de los cinco tipos de secretos más críticos y crear una lista más completa, con un enfoque adicional en la formación. Puedes repetir el paso anterior, corregir los secretos confirmados previamente, para los distintos tipos de secretos a los que te has dirigido.
|
||||
You can now expand beyond the five most critical secret types into a more comprehensive list, with an additional focus on education. You can repeat the previous step, remediating previously committed secrets, for the different secret types you have targeted.
|
||||
|
||||
También puedes incluir más patrones personalizados intercalados en las fases anteriores e invitar a los equipos de seguridad y a los equipos de desarrolladores a enviar más patrones, con lo que puedes establecer un proceso para enviar nuevos patrones a medida que se crean nuevos tipos de secretos. Para más información, vea "[Definición de patrones personalizados para el análisis de secretos](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)".
|
||||
You can also include more of the custom patterns collated in the earlier phases and invite security teams and developer teams to submit more patterns, establishing a process for submitting new patterns as new secret types are created. For more information, see "[Defining custom patterns for secret scanning](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
|
||||
|
||||
{% ifversion secret-scanning-push-protection %}
|
||||
|
||||
También puedes habilitar la protección de inserciones con el análisis de secretos. Una vez habilitado, el análisis de secretos comprueba si hay secretos de confianza elevada y bloquea la inserción. Para más información, vea "[Protección de inserciones para el examen de secretos](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#using-secret-scanning-as-a-push-protection-from-the-command-line)".
|
||||
You can also enable push protection with secret scanning. Once enabled, secret scanning checks pushes for high-confidence secrets and blocks the push. For more information, see "[Protecting pushes with secret scanning](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#using-secret-scanning-as-a-push-protection-from-the-command-line)."
|
||||
|
||||
{% endif %}
|
||||
|
||||
A medida que sigas compilando los procesos de corrección para otros tipos de secretos, empieza a crear material de formación proactivo que se pueda compartir con todos los desarrolladores de GitHub de tu organización. Hasta este punto, gran parte del enfoque ha sido reactivo. Es una excelente idea cambiar la atención a ser proactivo y animar a los desarrolladores a no insertar credenciales en GitHub en primer lugar. Esto se puede lograr de varias maneras, pero crear un breve documento que explique los riesgos y las razones sería un gran punto de partida.
|
||||
As you continue to build your remediation processes for other secret types, start to create proactive training material that can be shared with all developers of GitHub in your organization. Until this point, a lot of the focus has been reactive. It is an excellent idea to shift focus to being proactive and encourage developers not to push credentials to GitHub in the first place. This can be achieved in multiple ways but creating a short document explaining the risks and reasons would be a great place to start.
|
||||
|
||||
{% note %}
|
||||
|
||||
Este es el último artículo de una serie sobre la adopción de {% data variables.product.prodname_GH_advanced_security %} a escala. Si tienes preguntas o necesitas soporte técnico, consulta la sección sobre {% data variables.contact.github_support %} y {% data variables.product.prodname_professional_services_team %} en "[Introducción a la adopción de {% data variables.product.prodname_GH_advanced_security %} a escala](/code-security/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale#github-support-and-professional-services)".
|
||||
This is the final article of a series on adopting {% data variables.product.prodname_GH_advanced_security %} at scale. If you have questions or need support, see the section on {% data variables.contact.github_support %} and {% data variables.product.prodname_professional_services_team %} in "[Introduction to adopting {% data variables.product.prodname_GH_advanced_security %} at scale](/code-security/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale#github-support-and-professional-services)."
|
||||
|
||||
{% endnote %}
|
||||
|
||||
@@ -73,9 +73,7 @@ By default, the {% data variables.product.prodname_codeql_workflow %} uses the `
|
||||
|
||||
If you scan on push, then the results appear in the **Security** tab for your repository. For more information, see "[Managing code scanning alerts for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository)."
|
||||
|
||||
{% ifversion fpt or ghes > 3.2 or ghae or ghec %}
|
||||
Additionally, when an `on:push` scan returns results that can be mapped to an open pull request, these alerts will automatically appear on the pull request in the same places as other pull request alerts. The alerts are identified by comparing the existing analysis of the head of the branch to the analysis for the target branch. For more information on {% data variables.product.prodname_code_scanning %} alerts in pull requests, see "[Triaging {% data variables.product.prodname_code_scanning %} alerts in pull requests](/code-security/secure-coding/triaging-code-scanning-alerts-in-pull-requests)."
|
||||
{% endif %}
|
||||
|
||||
### Scanning pull requests
|
||||
|
||||
@@ -85,9 +83,7 @@ For more information about the `pull_request` event, see "[Events that trigger w
|
||||
|
||||
If you scan pull requests, then the results appear as alerts in a pull request check. For more information, see "[Triaging code scanning alerts in pull requests](/code-security/secure-coding/triaging-code-scanning-alerts-in-pull-requests)."
|
||||
|
||||
{% ifversion fpt or ghes > 3.2 or ghae or ghec %}
|
||||
Using the `pull_request` trigger, configured to scan the pull request's merge commit rather than the head commit, will produce more efficient and accurate results than scanning the head of the branch on each push. However, if you use a CI/CD system that cannot be configured to trigger on pull requests, you can still use the `on:push` trigger and {% data variables.product.prodname_code_scanning %} will map the results to open pull requests on the branch and add the alerts as annotations on the pull request. For more information, see "[Scanning on push](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#scanning-on-push)."
|
||||
{% endif %}
|
||||
Using the `pull_request` trigger, configured to scan the pull request's merge commit rather than the head commit, will produce more efficient and accurate results than scanning the head of the branch on each push. However, if you use a CI/CD system that cannot be configured to trigger on pull requests, you can still use the `on:push` trigger and {% data variables.product.prodname_code_scanning %} will map the results to open pull requests on the branch and add the alerts as annotations on the pull request. For more information, see "[Scanning on push](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#scanning-on-push)."
|
||||
|
||||
### Defining the severities causing pull request check failure
|
||||
|
||||
|
||||
@@ -41,7 +41,7 @@ For general information about configuring {% data variables.product.prodname_cod
|
||||
## About autobuild for {% data variables.product.prodname_codeql %}
|
||||
|
||||
{% data variables.product.prodname_code_scanning_capc %} works by running queries against one or more databases. Each database contains a representation of all of the code in a single language in your repository.
|
||||
For the compiled languages C/C++, C#, and Java, the process of populating this database involves building the code and extracting data. {% data reusables.code-scanning.analyze-go %}
|
||||
For the compiled languages C/C++, C#,{% ifversion codeql-go-autobuild %} Go,{% endif %} and Java, the process of populating this database involves building the code and extracting data. {% data reusables.code-scanning.analyze-go %}
|
||||
|
||||
{% data reusables.code-scanning.autobuild-compiled-languages %}
|
||||
|
||||
@@ -90,6 +90,20 @@ The `autobuild` process attempts to autodetect a suitable build method for C# us
|
||||
If `autobuild` detects multiple solution or project files at the same (shortest) depth from the top level directory, it will attempt to build all of them.
|
||||
3. Invoke a script that looks like a build script—_build_ and _build.sh_ (in that order, for Linux) or _build.bat_, _build.cmd_, _and build.exe_ (in that order, for Windows).
|
||||
|
||||
### Go
|
||||
|
||||
| Supported system type | System name |
|
||||
|----|----|
|
||||
| Operating system | Windows, macOS, and Linux |
|
||||
| Build system | Go modules, `dep` and Glide, as well as build scripts including Makefiles and Ninja scripts |
|
||||
|
||||
The `autobuild` process attempts to autodetect a suitable way to install the dependencies needed by a Go repository before extracting all `.go` files:
|
||||
|
||||
1. Invoke `make`, `ninja`, `./build` or `./build.sh` (in that order) until one of these commands succeeds and a subsequent `go list ./...` also succeeds, indicating that the needed dependencies have been installed.
|
||||
2. If none of those commands succeeded, look for `go.mod`, `Gopkg.toml` or `glide.yaml`, and run `go get` (unless vendoring is in use), `dep ensure -v` or `glide install` respectively to try to install dependencies.
|
||||
3. Finally, if configurations files for these dependency managers are not found, rearrange the repository directory structure suitable for addition to `GOPATH`, and use `go get` to install dependencies. The directory structure reverts to normal after extraction completes.
|
||||
4. Extract all Go code in the repository, similar to running `go build ./...`.
|
||||
|
||||
### Java
|
||||
|
||||
| Supported system type | System name |
|
||||
@@ -107,7 +121,7 @@ The `autobuild` process tries to determine the build system for Java codebases b
|
||||
|
||||
{% data reusables.code-scanning.autobuild-add-build-steps %} For information on how to edit the workflow file, see "[Configuring {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/configuring-code-scanning#editing-a-code-scanning-workflow)."
|
||||
|
||||
After removing the `autobuild` step, uncomment the `run` step and add build commands that are suitable for your repository. The workflow `run` step runs command-line programs using the operating system's shell. You can modify these commands and add more commands to customize the build process.
|
||||
After removing the `autobuild` step, uncomment the `run` step and add build commands that are suitable for your repository. The workflow `run` step runs command-line programs using the operating system's shell. You can modify these commands and add more commands to customize the build process.
|
||||
|
||||
``` yaml
|
||||
- run: |
|
||||
|
||||
@@ -153,12 +153,9 @@ The names of the {% data variables.product.prodname_code_scanning %} analysis ch
|
||||
|
||||
When the {% data variables.product.prodname_code_scanning %} jobs complete, {% data variables.product.prodname_dotcom %} works out whether any alerts were added by the pull request and adds the "{% data variables.product.prodname_code_scanning_capc %} results / TOOL NAME" entry to the list of checks. After {% data variables.product.prodname_code_scanning %} has been performed at least once, you can click **Details** to view the results of the analysis.
|
||||
|
||||
{% ifversion fpt or ghec or ghes > 3.4 or ghae > 3.4 %}
|
||||
<!--Troubleshooting section no longer relevant-->
|
||||
{% elsif ghes < 3.5 or ghae %}
|
||||
If you used a pull request to add {% data variables.product.prodname_code_scanning %} to the repository, you will initially see {% ifversion ghes > 3.2 or ghae %}an "Analysis not found"{% elsif ghes = 3.2 %}a "Missing analysis"{% endif %} message when you click **Details** on the "{% data variables.product.prodname_code_scanning_capc %} results / TOOL NAME" check.
|
||||
{% ifversion ghes < 3.5 or ghae %}
|
||||
If you used a pull request to add {% data variables.product.prodname_code_scanning %} to the repository, you will initially see an "Analysis not found" message when you click **Details** on the "{% data variables.product.prodname_code_scanning_capc %} results / TOOL NAME" check.
|
||||
|
||||
{% ifversion ghes > 3.2 or ghae %}
|
||||
|
||||
|
||||
The table lists one or more categories. Each category relates to specific analyses, for the same tool and commit, performed on a different language or a different part of the code. For each category, the table shows the two analyses that {% data variables.product.prodname_code_scanning %} attempted to compare to determine which alerts were introduced or fixed in the pull request.
|
||||
@@ -167,13 +164,8 @@ For example, in the screenshot above, {% data variables.product.prodname_code_sc
|
||||
|
||||
### Reasons for the "Analysis not found" message
|
||||
|
||||
{% elsif ghes = 3.2 %}
|
||||
|
||||
|
||||
### Reasons for the "Missing analysis" message
|
||||
{% endif %}
|
||||
|
||||
After {% data variables.product.prodname_code_scanning %} has analyzed the code in a pull request, it needs to compare the analysis of the topic branch (the branch you used to create the pull request) with the analysis of the base branch (the branch into which you want to merge the pull request). This allows {% data variables.product.prodname_code_scanning %} to compute which alerts are newly introduced by the pull request, which alerts were already present in the base branch, and whether any existing alerts are fixed by the changes in the pull request. Initially, if you use a pull request to add {% data variables.product.prodname_code_scanning %} to a repository, the base branch has not yet been analyzed, so it's not possible to compute these details. In this case, when you click through from the results check on the pull request you will see the {% ifversion ghes > 3.2 or ghae %}"Analysis not found"{% elsif ghes = 3.2 %}"Missing analysis for base commit SHA-HASH"{% endif %} message.
|
||||
After {% data variables.product.prodname_code_scanning %} has analyzed the code in a pull request, it needs to compare the analysis of the topic branch (the branch you used to create the pull request) with the analysis of the base branch (the branch into which you want to merge the pull request). This allows {% data variables.product.prodname_code_scanning %} to compute which alerts are newly introduced by the pull request, which alerts were already present in the base branch, and whether any existing alerts are fixed by the changes in the pull request. Initially, if you use a pull request to add {% data variables.product.prodname_code_scanning %} to a repository, the base branch has not yet been analyzed, so it's not possible to compute these details. In this case, when you click through from the results check on the pull request you will see the "Analysis not found" message.
|
||||
|
||||
There are other situations where there may be no analysis for the latest commit to the base branch for a pull request. These include:
|
||||
|
||||
|
||||
@@ -35,9 +35,7 @@ In repositories where {% data variables.product.prodname_code_scanning %} is con
|
||||
|
||||
If you have write permission for the repository, you can see any existing {% data variables.product.prodname_code_scanning %} alerts on the **Security** tab. For information about repository alerts, see "[Managing {% data variables.product.prodname_code_scanning %} alerts for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)."
|
||||
|
||||
{% ifversion fpt or ghes > 3.2 or ghae or ghec %}
|
||||
In repositories where {% data variables.product.prodname_code_scanning %} is configured to scan each time code is pushed, {% data variables.product.prodname_code_scanning %} will also map the results to any open pull requests and add the alerts as annotations in the same places as other pull request checks. For more information, see "[Scanning on push](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#scanning-on-push)."
|
||||
{% endif %}
|
||||
|
||||
If your pull request targets a protected branch that uses {% data variables.product.prodname_code_scanning %}, and the repository owner has configured required status checks, then the "{% data variables.product.prodname_code_scanning_capc %} results" check must pass before you can merge the pull request. For more information, see "[About protected branches](/github/administering-a-repository/about-protected-branches#require-status-checks-before-merging)."
|
||||
|
||||
@@ -49,10 +47,9 @@ There are many options for configuring {% data variables.product.prodname_code_s
|
||||
|
||||
For all configurations of {% data variables.product.prodname_code_scanning %}, the check that contains the results of {% data variables.product.prodname_code_scanning %} is: **{% data variables.product.prodname_code_scanning_capc %} results**. The results for each analysis tool used are shown separately. Any new alerts caused by changes in the pull request are shown as annotations.
|
||||
|
||||
{% ifversion fpt or ghes > 3.2 or ghae or ghec %} To see the full set of alerts for the analyzed branch, click **View all branch alerts**. This opens the full alert view where you can filter all the alerts on the branch by type, severity, tag, etc. For more information, see "[Managing code scanning alerts for your repository](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository#filtering-and-searching-for-code-scanning-alerts)."
|
||||
To see the full set of alerts for the analyzed branch, click **View all branch alerts**. This opens the full alert view where you can filter all the alerts on the branch by type, severity, tag, etc. For more information, see "[Managing code scanning alerts for your repository](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository#filtering-and-searching-for-code-scanning-alerts)."
|
||||
|
||||
|
||||
{% endif %}
|
||||
|
||||
### {% data variables.product.prodname_code_scanning_capc %} results check failures
|
||||
|
||||
|
||||
@@ -49,7 +49,7 @@ To produce more detailed logging output, you can enable step debug logging. For
|
||||
## Creating {% data variables.product.prodname_codeql %} debugging artifacts
|
||||
|
||||
You can obtain artifacts to help you debug {% data variables.product.prodname_codeql %}.
|
||||
The debug artifacts will be uploaded to the workflow run as an artifact named `debug-artifacts`. The data contains the {% data variables.product.prodname_codeql %} logs, {% data variables.product.prodname_codeql %} database(s), and any SARIF file(s) produced by the workflow.
|
||||
The debug artifacts will be uploaded to the workflow run as an artifact named `debug-artifacts`. The data contains the {% data variables.product.prodname_codeql %} logs, {% data variables.product.prodname_codeql %} database(s), and any SARIF file(s) produced by the workflow.
|
||||
|
||||
These artifacts will help you debug problems with {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}. If you contact GitHub support, they might ask for this data.
|
||||
|
||||
@@ -59,11 +59,10 @@ These artifacts will help you debug problems with {% data variables.product.prod
|
||||
|
||||
### Creating {% data variables.product.prodname_codeql %} debugging artifacts by re-running jobs with debug logging enabled
|
||||
|
||||
You can create {% data variables.product.prodname_codeql %} debugging artifacts by enabling debug logging and re-running the jobs. For more information about re-running {% data variables.product.prodname_actions %} workflows and jobs, see "[Re-running workflows and jobs](/actions/managing-workflow-runs/re-running-workflows-and-jobs)."
|
||||
You can create {% data variables.product.prodname_codeql %} debugging artifacts by enabling debug logging and re-running the jobs. For more information about re-running {% data variables.product.prodname_actions %} workflows and jobs, see "[Re-running workflows and jobs](/actions/managing-workflow-runs/re-running-workflows-and-jobs)."
|
||||
|
||||
You need to ensure that you select **Enable debug logging** . This option enables runner diagnostic logging and step debug logging for the run. You'll then be able to download `debug-artifacts` to investigate further. You do not need to modify the workflow file when creating {% data variables.product.prodname_codeql %} debugging artifacts by re-running jobs.
|
||||
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% ifversion fpt or ghec or ghes > 3.3 or ghae > 3.3 %}
|
||||
@@ -87,7 +86,7 @@ If an automatic build of code for a compiled language within your project fails,
|
||||
|
||||
- Remove the `autobuild` step from your {% data variables.product.prodname_code_scanning %} workflow and add specific build steps. For information about editing the workflow, see "[Configuring {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/configuring-code-scanning#editing-a-code-scanning-workflow)." For more information about replacing the `autobuild` step, see "[Configuring the {% data variables.product.prodname_codeql %} workflow for compiled languages](/code-security/secure-coding/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
|
||||
|
||||
- If your workflow doesn't explicitly specify the languages to analyze, {% data variables.product.prodname_codeql %} implicitly detects the supported languages in your code base. In this configuration, out of the compiled languages C/C++, C#, and Java, {% data variables.product.prodname_codeql %} only analyzes the language with the most source files. Edit the workflow and add a matrix specifying the languages you want to analyze. The default CodeQL analysis workflow uses such a matrix.
|
||||
- If your workflow doesn't explicitly specify the languages to analyze, {% data variables.product.prodname_codeql %} implicitly detects the supported languages in your code base. In this configuration, out of the compiled languages C/C++, C#,{% ifversion codeql-go-autobuild %} Go,{% endif %} and Java, {% data variables.product.prodname_codeql %} only analyzes the language with the most source files. Edit the workflow and add a matrix specifying the languages you want to analyze. The default CodeQL analysis workflow uses such a matrix.
|
||||
|
||||
The following extracts from a workflow show how you can use a matrix within the job strategy to specify languages, and then reference each language within the "Initialize {% data variables.product.prodname_codeql %}" step:
|
||||
|
||||
@@ -131,14 +130,15 @@ If your workflow fails with an error `No source code was seen during the build`
|
||||
```
|
||||
|
||||
For more information, see the workflow extract in "[Automatic build for a compiled language fails](#automatic-build-for-a-compiled-language-fails)" above.
|
||||
1. Your {% data variables.product.prodname_code_scanning %} workflow is analyzing a compiled language (C, C++, C#, or Java), but the code was not compiled. By default, the {% data variables.product.prodname_codeql %} analysis workflow contains an `autobuild` step, however, this step represents a best effort process, and may not succeed in building your code, depending on your specific build environment. Compilation may also fail if you have removed the `autobuild` step and did not include build steps manually. For more information about specifying build steps, see "[Configuring the {% data variables.product.prodname_codeql %} workflow for compiled languages](/code-security/secure-coding/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
|
||||
1. Your workflow is analyzing a compiled language (C, C++, C#, or Java), but portions of your build are cached to improve performance (most likely to occur with build systems like Gradle or Bazel). Since {% data variables.product.prodname_codeql %} observes the activity of the compiler to understand the data flows in a repository, {% data variables.product.prodname_codeql %} requires a complete build to take place in order to perform analysis.
|
||||
1. Your workflow is analyzing a compiled language (C, C++, C#, or Java), but compilation does not occur between the `init` and `analyze` steps in the workflow. {% data variables.product.prodname_codeql %} requires that your build happens in between these two steps in order to observe the activity of the compiler and perform analysis.
|
||||
1. Your compiled code (in C, C++, C#, or Java) was compiled successfully, but {% data variables.product.prodname_codeql %} was unable to detect the compiler invocations. The most common causes are:
|
||||
|
||||
* Running your build process in a separate container to {% data variables.product.prodname_codeql %}. For more information, see "[Running CodeQL code scanning in a container](/code-security/secure-coding/running-codeql-code-scanning-in-a-container)."
|
||||
* Building using a distributed build system external to GitHub Actions, using a daemon process.
|
||||
* {% data variables.product.prodname_codeql %} isn't aware of the specific compiler you are using.
|
||||
1. Your {% data variables.product.prodname_code_scanning %} workflow is analyzing a compiled language (C, C++, C#,{% ifversion codeql-go-autobuild %} Go,{% endif %} or Java), but the code was not compiled. By default, the {% data variables.product.prodname_codeql %} analysis workflow contains an `autobuild` step, however, this step represents a best effort process, and may not succeed in building your code, depending on your specific build environment. Compilation may also fail if you have removed the `autobuild` step and did not include build steps manually. For more information about specifying build steps, see "[Configuring the {% data variables.product.prodname_codeql %} workflow for compiled languages](/code-security/secure-coding/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
|
||||
1. Your workflow is analyzing a compiled language (C, C++, C#,{% ifversion codeql-go-autobuild %} Go,{% endif %} or Java), but portions of your build are cached to improve performance (most likely to occur with build systems like Gradle or Bazel). Since {% data variables.product.prodname_codeql %} observes the activity of the compiler to understand the data flows in a repository, {% data variables.product.prodname_codeql %} requires a complete build to take place in order to perform analysis.
|
||||
1. Your workflow is analyzing a compiled language (C, C++, C#,{% ifversion codeql-go-autobuild %} Go,{% endif %} or Java), but compilation does not occur between the `init` and `analyze` steps in the workflow. {% data variables.product.prodname_codeql %} requires that your build happens in between these two steps in order to observe the activity of the compiler and perform analysis.
|
||||
1. Your compiled code (in C, C++, C#,{% ifversion codeql-go-autobuild %} Go,{% endif %} or Java) was compiled successfully, but {% data variables.product.prodname_codeql %} was unable to detect the compiler invocations. The most common causes are:
|
||||
|
||||
- Running your build process in a separate container to {% data variables.product.prodname_codeql %}. For more information, see "[Running CodeQL code scanning in a container](/code-security/secure-coding/running-codeql-code-scanning-in-a-container)."
|
||||
- Building using a distributed build system external to GitHub Actions, using a daemon process.
|
||||
- {% data variables.product.prodname_codeql %} isn't aware of the specific compiler you are using.
|
||||
|
||||
For .NET Framework projects, and for C# projects using either `dotnet build` or `msbuild`, you should specify `/p:UseSharedCompilation=false` in your workflow's `run` step, when you build your code.
|
||||
|
||||
@@ -151,9 +151,10 @@ If your workflow fails with an error `No source code was seen during the build`
|
||||
|
||||
If you encounter another problem with your specific compiler or configuration, contact {% data variables.contact.contact_support %}.
|
||||
|
||||
For more information about specifying build steps, see "[Configuring the {% data variables.product.prodname_codeql %} workflow for compiled languages](/code-security/secure-coding/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
|
||||
For more information about specifying build steps, see "[Configuring the {% data variables.product.prodname_codeql %} workflow for compiled languages](/code-security/secure-coding/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
|
||||
|
||||
{% ifversion fpt or ghes > 3.1 or ghae or ghec %}
|
||||
|
||||
## Lines of code scanned are lower than expected
|
||||
|
||||
For compiled languages like C/C++, C#, Go, and Java, {% data variables.product.prodname_codeql %} only scans files that are built during the analysis. Therefore the number of lines of code scanned will be lower than expected if some of the source code isn't compiled correctly. This can happen for several reasons:
|
||||
@@ -163,12 +164,13 @@ For compiled languages like C/C++, C#, Go, and Java, {% data variables.product.p
|
||||
|
||||
If your {% data variables.product.prodname_codeql %} analysis scans fewer lines of code than expected, there are several approaches you can try to make sure all the necessary source files are compiled.
|
||||
|
||||
### Replace the `autobuild` step
|
||||
### Replace the `autobuild` step
|
||||
|
||||
Replace the `autobuild` step with the same build commands you would use in production. This makes sure that {% data variables.product.prodname_codeql %} knows exactly how to compile all of the source files you want to scan.
|
||||
For more information, see "[Configuring the {% data variables.product.prodname_codeql %} workflow for compiled languages](/code-security/secure-coding/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
|
||||
For more information, see "[Configuring the {% data variables.product.prodname_codeql %} workflow for compiled languages](/code-security/secure-coding/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
|
||||
|
||||
### Inspect the copy of the source files in the {% data variables.product.prodname_codeql %} database
|
||||
|
||||
You may be able to understand why some source files haven't been analyzed by inspecting the copy of the source code included with the {% data variables.product.prodname_codeql %} database. To obtain the database from your Actions workflow, modify the `init` step of your {% data variables.product.prodname_codeql %} workflow file and set `debug: true`.
|
||||
|
||||
```yaml
|
||||
@@ -188,12 +190,13 @@ The artifact will contain an archived copy of the source files scanned by {% dat
|
||||
|
||||
## Extraction errors in the database
|
||||
|
||||
The {% data variables.product.prodname_codeql %} team constantly works on critical extraction errors to make sure that all source files can be scanned. However, the {% data variables.product.prodname_codeql %} extractors do occasionally generate errors during database creation. {% data variables.product.prodname_codeql %} provides information about extraction errors and warnings generated during database creation in a log file.
|
||||
The {% data variables.product.prodname_codeql %} team constantly works on critical extraction errors to make sure that all source files can be scanned. However, the {% data variables.product.prodname_codeql %} extractors do occasionally generate errors during database creation. {% data variables.product.prodname_codeql %} provides information about extraction errors and warnings generated during database creation in a log file.
|
||||
The extraction diagnostics information gives an indication of overall database health. Most extractor errors do not significantly impact the analysis. A small number of extractor errors is healthy and typically indicates a good state of analysis.
|
||||
|
||||
However, if you see extractor errors in the overwhelming majority of files that were compiled during database creation, you should look into the errors in more detail to try to understand why some source files weren't extracted properly.
|
||||
|
||||
{% else %}
|
||||
|
||||
## Portions of my repository were not analyzed using `autobuild`
|
||||
|
||||
The {% data variables.product.prodname_codeql %} `autobuild` feature uses heuristics to build the code in a repository, however, sometimes this approach results in incomplete analysis of a repository. For example, when multiple `build.sh` commands exist in a single repository, the analysis may not complete since the `autobuild` step will only execute one of the commands. The solution is to replace the `autobuild` step with build steps which build all of the source code which you wish to analyze. For more information, see "[Configuring the {% data variables.product.prodname_codeql %} workflow for compiled languages](/code-security/secure-coding/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
|
||||
@@ -201,7 +204,7 @@ The {% data variables.product.prodname_codeql %} `autobuild` feature uses heuris
|
||||
|
||||
## The build takes too long
|
||||
|
||||
If your build with {% data variables.product.prodname_codeql %} analysis takes too long to run, there are several approaches you can try to reduce the build time.
|
||||
If your build with {% data variables.product.prodname_codeql %} analysis takes too long to run, there are several approaches you can try to reduce the build time.
|
||||
|
||||
### Increase the memory or cores
|
||||
|
||||
@@ -225,7 +228,7 @@ If your analysis is still too slow to be run during `push` or `pull_request` eve
|
||||
|
||||
### Check which query suites the workflow runs
|
||||
|
||||
By default, there are three main query suites available for each language. If you have optimized the CodeQL database build and the process is still too long, you could reduce the number of queries you run. The default query suite is run automatically; it contains the fastest security queries with the lowest rates of false positive results.
|
||||
By default, there are three main query suites available for each language. If you have optimized the CodeQL database build and the process is still too long, you could reduce the number of queries you run. The default query suite is run automatically; it contains the fastest security queries with the lowest rates of false positive results.
|
||||
|
||||
You may be running extra queries or query suites in addition to the default queries. Check whether the workflow defines an additional query suite or additional queries to run using the `queries` element. You can experiment with disabling the additional query suite or queries. For more information, see "[Configuring {% data variables.product.prodname_code_scanning %}](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs)."
|
||||
|
||||
@@ -237,6 +240,7 @@ You may be running extra queries or query suites in addition to the default quer
|
||||
{% endif %}
|
||||
|
||||
{% ifversion fpt or ghec %}
|
||||
|
||||
## Results differ between analysis platforms
|
||||
|
||||
If you are analyzing code written in Python, you may see different results depending on whether you run the {% data variables.product.prodname_codeql_workflow %} on Linux, macOS, or Windows.
|
||||
@@ -256,11 +260,13 @@ On very large projects, {% data variables.product.prodname_codeql %} may run out
|
||||
{% else %}If you encounter this issue, try increasing the memory on the runner.{% endif %}
|
||||
|
||||
{% ifversion fpt or ghec %}
|
||||
|
||||
## Error: 403 "Resource not accessible by integration" when using {% data variables.product.prodname_dependabot %}
|
||||
|
||||
{% data variables.product.prodname_dependabot %} is considered untrusted when it triggers a workflow run, and the workflow will run with read-only scopes. Uploading {% data variables.product.prodname_code_scanning %} results for a branch usually requires the `security_events: write` scope. However, {% data variables.product.prodname_code_scanning %} always allows the uploading of results when the `pull_request` event triggers the action run. This is why, for {% data variables.product.prodname_dependabot %} branches, we recommend you use the `pull_request` event instead of the `push` event.
|
||||
|
||||
A simple approach is to run on pushes to the default branch and any other important long-running branches, as well as pull requests opened against this set of branches:
|
||||
|
||||
```yaml
|
||||
on:
|
||||
push:
|
||||
@@ -270,7 +276,9 @@ on:
|
||||
branches:
|
||||
- main
|
||||
```
|
||||
|
||||
An alternative approach is to run on all pushes except for {% data variables.product.prodname_dependabot %} branches:
|
||||
|
||||
```yaml
|
||||
on:
|
||||
push:
|
||||
@@ -282,6 +290,7 @@ on:
|
||||
### Analysis still failing on the default branch
|
||||
|
||||
If the {% data variables.product.prodname_codeql_workflow %} still fails on a commit made on the default branch, you need to check:
|
||||
|
||||
- whether {% data variables.product.prodname_dependabot %} authored the commit
|
||||
- whether the pull request that includes the commit has been merged using `@dependabot squash and merge`
|
||||
|
||||
|
||||
@@ -49,21 +49,12 @@ redirect_from:
|
||||
Use the {% data variables.product.prodname_codeql_cli %} to analyze:
|
||||
|
||||
- Dynamic languages, for example, JavaScript and Python.
|
||||
- Compiled languages, for example, C/C++, C# and Java.
|
||||
- Compiled languages, for example, C/C++, C#,{% ifversion codeql-go-autobuild %} Go,{% endif %} and Java.
|
||||
- Codebases written in a mixture of languages.
|
||||
|
||||
For more information, see "[Installing {% data variables.product.prodname_codeql_cli %} in your CI system](/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/installing-codeql-cli-in-your-ci-system)."
|
||||
|
||||
{% data reusables.code-scanning.licensing-note %}
|
||||
|
||||
{% ifversion ghes = 3.2 %}
|
||||
<!-- Content for GHES 3.2 only. CodeQL CLI 2.6.2, which introduces full feature parity between CodeQL CLI and CodeQL runner, is officially recommended for GHES 3.0+ -->
|
||||
|
||||
Since version 2.6.3, the {% data variables.product.prodname_codeql_cli %} has had full feature parity with the {% data variables.product.prodname_codeql_runner %}.
|
||||
|
||||
{% data reusables.code-scanning.deprecation-codeql-runner %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
<!--Content for GHES 3.1 only. Both CodeQL CLI and CodeQL runner are available -->
|
||||
|
||||
|
||||
@@ -78,8 +78,8 @@ You can display the command-line help for any command using the <nobr>`--help`</
|
||||
| <nobr>`--command`</nobr> | | Recommended. Use to specify the build command or script that invokes the build process for the codebase. Commands are run from the current folder or, where it is defined, from <nobr>`--source-root`</nobr>. Not needed for Python and JavaScript/TypeScript analysis. |
|
||||
| <nobr>`--db-cluster`</nobr> | | Optional. Use in multi-language codebases to generate one database for each language specified by <nobr>`--language`</nobr>.
|
||||
| <nobr>`--no-run-unnecessary-builds`</nobr> | | Recommended. Use to suppress the build command for languages where the {% data variables.product.prodname_codeql_cli %} does not need to monitor the build (for example, Python and JavaScript/TypeScript).
|
||||
| <nobr>`--source-root`</nobr> | | Optional. Use if you run the CLI outside the checkout root of the repository. By default, the `database create` command assumes that the current directory is the root directory for the source files, use this option to specify a different location. |{% ifversion fpt or ghec or ghes > 3.2 or ghae %}
|
||||
| <nobr>`--codescanning-config`</nobr> | | Optional (Advanced). Use if you have a configuration file that specifies how to create the {% data variables.product.prodname_codeql %} databases and what queries to run in later steps. For more information, see "[Using a custom configuration file](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-a-custom-configuration-file)" and "[database create](https://codeql.github.com/docs/codeql-cli/manual/database-create/#cmdoption-codeql-database-create-codescanning-config)." |{% endif %}
|
||||
| <nobr>`--source-root`</nobr> | | Optional. Use if you run the CLI outside the checkout root of the repository. By default, the `database create` command assumes that the current directory is the root directory for the source files, use this option to specify a different location. |
|
||||
| <nobr>`--codescanning-config`</nobr> | | Optional (Advanced). Use if you have a configuration file that specifies how to create the {% data variables.product.prodname_codeql %} databases and what queries to run in later steps. For more information, see "[Using a custom configuration file](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-a-custom-configuration-file)" and "[database create](https://codeql.github.com/docs/codeql-cli/manual/database-create/#cmdoption-codeql-database-create-codescanning-config)." |
|
||||
|
||||
For more information, see [Creating {% data variables.product.prodname_codeql %} databases](https://codeql.github.com/docs/codeql-cli/creating-codeql-databases/) in the documentation for the {% data variables.product.prodname_codeql_cli %}.
|
||||
|
||||
|
||||
@@ -115,7 +115,7 @@ $ /path/to-runner/codeql-runner-linux init --config-file .github/codeql/codeql-c
|
||||
|
||||
## Configuring {% data variables.product.prodname_code_scanning %} for compiled languages
|
||||
|
||||
For the compiled languages C/C++, C#, and Java, {% data variables.product.prodname_codeql %} builds the code before analyzing it. {% data reusables.code-scanning.analyze-go %}
|
||||
For the compiled languages C/C++, C#,{% ifversion codeql-go-autobuild %} Go,{% endif %} and Java, {% data variables.product.prodname_codeql %} builds the code before analyzing it. {% data reusables.code-scanning.analyze-go %}
|
||||
|
||||
For many common build systems, the {% data variables.product.prodname_codeql_runner %} can build the code automatically. To attempt to build the code automatically, run `autobuild` between the `init` and `analyze` steps. Note that if your repository requires a specific version of a build tool, you may need to install the build tool manually first.
|
||||
|
||||
|
||||
@@ -76,7 +76,7 @@ For information about access requirements for actions related to {% data variabl
|
||||
|
||||
When {% data variables.product.product_name %} identifies a vulnerable dependency{% ifversion GH-advisory-db-supports-malware %} or malware{% endif %}, we generate a {% data variables.product.prodname_dependabot %} alert and display it {% ifversion fpt or ghec or ghes %} on the Security tab for the repository and{% endif %} in the repository's dependency graph. The alert includes {% ifversion fpt or ghec or ghes %}a link to the affected file in the project, and {% endif %}information about a fixed version. {% data variables.product.product_name %} may also notify the maintainers of affected repositories about the new alert according to their notification preferences. For more information, see "[Configuring notifications for {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts)."
|
||||
|
||||
{% ifversion fpt or ghec or ghes > 3.2 %}
|
||||
{% ifversion fpt or ghec or ghes %}
|
||||
For repositories where {% data variables.product.prodname_dependabot_security_updates %} are enabled, the alert may also contain a link to a pull request to update the manifest or lock file to the minimum version that resolves the vulnerability. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)."
|
||||
{% endif %}
|
||||
|
||||
@@ -98,7 +98,7 @@ By default, we notify people with admin permissions in the affected repositories
|
||||
|
||||
You can also see all the {% data variables.product.prodname_dependabot_alerts %} that correspond to a particular advisory in the {% data variables.product.prodname_advisory_database %}. {% data reusables.security-advisory.link-browsing-advisory-db %}
|
||||
|
||||
{% ifversion fpt or ghec or ghes > 3.2 %}
|
||||
{% ifversion fpt or ghec or ghes %}
|
||||
## Further reading
|
||||
|
||||
- "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)"
|
||||
|
||||
@@ -49,7 +49,7 @@ If you have {% data variables.product.prodname_github_connect %} enabled for {%
|
||||
|
||||
1. Navigate to `https://HOSTNAME/advisories`.
|
||||
2. Select the security advisory you would like to contribute to.
|
||||
3. On the right-hand side of the page, click the **Suggest improvements for this vulnerability on Github.com.** link. A new tab opens with the same security advisory on {% data variables.product.prodname_dotcom_the_website %}.
|
||||
3. On the right-hand side of the page, click the **Suggest improvements for this vulnerability on {% data variables.product.prodname_dotcom_the_website %}.** link. A new tab opens with the same security advisory on {% data variables.product.prodname_dotcom_the_website %}.
|
||||
|
||||
4. Edit the advisory, following steps four through six in "[Editing advisories in the GitHub Advisory Database](#editing-advisories-in-the-github-advisory-database)" above.
|
||||
{% endif %}
|
||||
|
||||
@@ -26,13 +26,13 @@ topics:
|
||||
{% data reusables.dependabot.beta-security-and-version-updates %}
|
||||
{% data reusables.dependabot.enterprise-enable-dependabot %}
|
||||
|
||||
Your repository's {% data variables.product.prodname_dependabot_alerts %} tab lists all open and closed {% data variables.product.prodname_dependabot_alerts %}{% ifversion fpt or ghec or ghes > 3.2 %} and corresponding {% data variables.product.prodname_dependabot_security_updates %}{% endif %}. You can{% ifversion fpt or ghec or ghes > 3.4 or ghae > 3.4 %} filter alerts by package, ecosystem, or manifest. You can {% endif %} sort the list of alerts, and you can click into specific alerts for more details. {% ifversion dependabot-bulk-alerts %}You can also dismiss or reopen alerts, either one by one or by selecting multiple alerts at once.{% else %}You can also dismiss or reopen alerts. {% endif %} For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."
|
||||
Your repository's {% data variables.product.prodname_dependabot_alerts %} tab lists all open and closed {% data variables.product.prodname_dependabot_alerts %}{% ifversion fpt or ghec or ghes %} and corresponding {% data variables.product.prodname_dependabot_security_updates %}{% endif %}. You can{% ifversion fpt or ghec or ghes > 3.4 or ghae > 3.4 %} filter alerts by package, ecosystem, or manifest. You can {% endif %} sort the list of alerts, and you can click into specific alerts for more details. {% ifversion dependabot-bulk-alerts %}You can also dismiss or reopen alerts, either one by one or by selecting multiple alerts at once.{% else %}You can also dismiss or reopen alerts. {% endif %} For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."
|
||||
|
||||
{% ifversion fpt or ghec or ghes > 3.2 %}
|
||||
{% ifversion fpt or ghec or ghes %}
|
||||
You can enable automatic security updates for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)."
|
||||
{% endif %}
|
||||
|
||||
{% ifversion fpt or ghec or ghes > 3.2 %}
|
||||
{% ifversion fpt or ghec or ghes %}
|
||||
## About updates for vulnerable dependencies in your repository
|
||||
|
||||
{% data variables.product.product_name %} generates {% data variables.product.prodname_dependabot_alerts %} when we detect that your codebase is using dependencies with known security risks. For repositories where {% data variables.product.prodname_dependabot_security_updates %} are enabled, when {% data variables.product.product_name %} detects a vulnerable dependency in the default branch, {% data variables.product.prodname_dependabot %} creates a pull request to fix it. The pull request will upgrade the dependency to the minimum possible secure version needed to avoid the vulnerability.
|
||||
@@ -144,16 +144,16 @@ For supported languages, {% data variables.product.prodname_dependabot %} detect
|
||||
### Fixing vulnerable dependencies
|
||||
|
||||
1. View the details for an alert. For more information, see "[Viewing {% data variables.product.prodname_dependabot_alerts %}](#viewing-dependabot-alerts)" (above).
|
||||
{% ifversion fpt or ghec or ghes > 3.2 %}
|
||||
{% ifversion fpt or ghec or ghes %}
|
||||
1. If you have {% data variables.product.prodname_dependabot_security_updates %} enabled, there may be a link to a pull request that will fix the dependency. Alternatively, you can click **Create {% data variables.product.prodname_dependabot %} security update** at the top of the alert details page to create a pull request.
|
||||
|
||||
1. Optionally, if you do not use {% data variables.product.prodname_dependabot_security_updates %}, you can use the information on the page to decide which version of the dependency to upgrade to and create a pull request to update the dependency to a secure version.
|
||||
{% elsif ghes < 3.3 or ghae %}
|
||||
{% elsif ghae %}
|
||||
1. You can use the information on the page to decide which version of the dependency to upgrade to and create a pull request to the manifest or lock file to a secure version.
|
||||
{% endif %}
|
||||
1. When you're ready to update your dependency and resolve the vulnerability, merge the pull request.
|
||||
|
||||
{% ifversion fpt or ghec or ghes > 3.2 %}
|
||||
{% ifversion fpt or ghec or ghes %}
|
||||
Each pull request raised by {% data variables.product.prodname_dependabot %} includes information on commands you can use to control {% data variables.product.prodname_dependabot %}. For more information, see "[Managing pull requests for dependency updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands)."
|
||||
{% endif %}
|
||||
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user