jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-22 11:26:57 -05:00
Code Issues Projects Releases Wiki Activity

Merge branch 'main' into patch-1

Browse Source
This commit is contained in:
Ethan Palm
2021-04-21 16:16:09 -04:00
committed by GitHub
parent d01c995463 5cfad16751
commit 8ba0fc9a2f
270 changed files with 3563 additions and 1239 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
content/github/administering-a-repository/disabling-or-limiting-github-actions-for-a-repository.md
View File

@@ -85,3 +85,22 @@ You can disable all workflows for a repository or set a policy that configures w
{% data reusables.repositories.settings-sidebar-actions %}
{% data reusables.github-actions.private-repository-forks-configure %}
{% endif %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" or currentVersion == "github-ae@next" %}
### Setting the permissions of the `GITHUB_TOKEN` for your repository
{% data reusables.github-actions.workflow-permissions-intro %}
The default permissions can also be configured in the organization settings. If the more restricted default has been selected in the organization settings, the same option is auto-selected in your repository settings and the permissive option is disabled.
{% data reusables.github-actions.workflow-permissions-modifying %}
#### Configuring the default `GITHUB_TOKEN` permissions
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.repositories.settings-sidebar-actions %}
1. Under **Workflow permissions**, choose whether you want the `GITHUB_TOKEN` to have read and write access for all scopes, or just read access for the `contents` scope.
![Set GITHUB_TOKEN permissions for this repository](/assets/images/help/settings/actions-workflow-permissions-repository.png)
1. Click **Save** to apply the settings.
{% endif %}

4
content/github/administering-a-repository/displaying-a-sponsor-button-in-your-repository.md
View File

@@ -12,7 +12,7 @@ topics:
### About FUNDING files
You can configure your sponsor button by editing a _FUNDING.yml_ file in your repository's `.github` folder, on the default branch. You can configure the button to include sponsored developers in {% data variables.product.prodname_sponsors %}, external funding platforms, or a custom funding URL. For more information about {% data variables.product.prodname_sponsors %}, see "[About GitHub Sponsors](/articles/about-github-sponsors)."
You can configure your sponsor button by editing a _FUNDING.yml_ file in your repository's `.github` folder, on the default branch. You can configure the button to include sponsored developers in {% data variables.product.prodname_sponsors %}, external funding platforms, or a custom funding URL. For more information about {% data variables.product.prodname_sponsors %}, see "[About GitHub Sponsors](/sponsors/getting-started-with-github-sponsors/about-github-sponsors)."
You can add one username, package name, or project name per external funding platform and up to four custom URLs. You can add up to four sponsored developers or organizations in {% data variables.product.prodname_sponsors %}. Add each platform on a new line, using the following syntax:
@@ -79,5 +79,5 @@ Anyone with admin permissions can enable a sponsor button in a repository.
{% data reusables.files.propose_new_file %}
### Further reading
- "[About {% data variables.product.prodname_sponsors %} for open source contributors](/github/supporting-the-open-source-community-with-github-sponsors/about-github-sponsors-for-open-source-contributors)"
- "[About {% data variables.product.prodname_sponsors %} for open source contributors](/sponsors/receiving-sponsorships-through-github-sponsors/about-github-sponsors-for-open-source-contributors)"
- "[FAQ with the {% data variables.product.prodname_sponsors %} team](https://github.blog/2019-06-12-faq-with-the-github-sponsors-team/)" on {% data variables.product.prodname_blog %}

26
content/github/authenticating-to-github/reviewing-your-security-log.md
View File

@@ -54,7 +54,7 @@ The events listed in your security log are triggered by your actions. Actions ar
| [`project`](#project-category-actions) | Contains all activities related to project boards.
| [`public_key`](#public_key-category-actions) | Contains all activities related to [your public SSH keys](/articles/adding-a-new-ssh-key-to-your-github-account).
| [`repo`](#repo-category-actions) | Contains all activities related to the repositories you own.{% if currentVersion == "free-pro-team@latest" %}
| [`sponsors`](#sponsors-category-actions) | Contains all events related to {% data variables.product.prodname_sponsors %} and sponsor buttons (see "[About {% data variables.product.prodname_sponsors %}](/articles/about-github-sponsors)" and "[Displaying a sponsor button in your repository](/articles/displaying-a-sponsor-button-in-your-repository)"){% endif %}{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %}
| [`sponsors`](#sponsors-category-actions) | Contains all events related to {% data variables.product.prodname_sponsors %} and sponsor buttons (see "[About {% data variables.product.prodname_sponsors %}](/sponsors/getting-started-with-github-sponsors/about-github-sponsors)" and "[Displaying a sponsor button in your repository](/articles/displaying-a-sponsor-button-in-your-repository)"){% endif %}{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %}
| [`team`](#team-category-actions) | Contains all activities related to teams you are a part of.{% endif %}{% if currentVersion != "github-ae@latest" %}
| [`two_factor_authentication`](#two_factor_authentication-category-actions) | Contains all activities related to [two-factor authentication](/articles/securing-your-account-with-two-factor-authentication-2fa).{% endif %}
| [`user`](#user-category-actions) | Contains all activities related to your account.
@@ -93,6 +93,10 @@ An overview of some of the most common actions that are recorded as events in th
| Action | Description
|------------------|-------------------
| `create` | Triggered when you [create a codespace](/github/developing-online-with-codespaces/creating-a-codespace).
| `resume` | Triggered when you resume a suspended codespace.
| `delete` | Triggered when you [delete a codespace](/github/developing-online-with-codespaces/deleting-a-codespace).
| `manage_access_and_security` | Triggered when you update [the repositories a codespace has access to](/github/developing-online-with-codespaces/managing-access-and-security-for-codespaces).
| `trusted_repositories_access_update` | Triggered when you change your user account's [access and security setting for {% data variables.product.prodname_codespaces %}](/github/developing-online-with-codespaces/managing-access-and-security-for-codespaces).
#### `marketplace_agreement_signature` category actions
@@ -189,19 +193,19 @@ An overview of some of the most common actions that are recorded as events in th
| `custom_amount_settings_change` | Triggered when you enable or disable custom amounts, or when you change the suggested custom amount (see "[Managing your sponsorship tiers](/github/supporting-the-open-source-community-with-github-sponsors/managing-your-sponsorship-tiers)")
| `repo_funding_links_file_action` | Triggered when you change the FUNDING file in your repository (see "[Displaying a sponsor button in your repository](/articles/displaying-a-sponsor-button-in-your-repository)")
| `sponsor_sponsorship_cancel` | Triggered when you cancel a sponsorship (see "[Downgrading a sponsorship](/articles/downgrading-a-sponsorship)")
| `sponsor_sponsorship_create` | Triggered when you sponsor an account (see "[Sponsoring an open source contributor](/github/supporting-the-open-source-community-with-github-sponsors/sponsoring-an-open-source-contributor)")
| `sponsor_sponsorship_preference_change` | Triggered when you change whether you receive email updates from a sponsored developer (see "[Managing your sponsorship](/articles/managing-your-sponsorship)")
| `sponsor_sponsorship_create` | Triggered when you sponsor an account (see "[Sponsoring an open source contributor](/sponsors/sponsoring-open-source-contributors/sponsoring-an-open-source-contributor)")
| `sponsor_sponsorship_preference_change` | Triggered when you change whether you receive email updates from a sponsored developer (see "[Managing your sponsorship](/sponsors/sponsoring-open-source-contributors/managing-your-sponsorship)")
| `sponsor_sponsorship_tier_change` | Triggered when you upgrade or downgrade your sponsorship (see "[Upgrading a sponsorship](/articles/upgrading-a-sponsorship)" and "[Downgrading a sponsorship](/articles/downgrading-a-sponsorship)")
| `sponsored_developer_approve` | Triggered when your {% data variables.product.prodname_sponsors %} account is approved (see "[Setting up {% data variables.product.prodname_sponsors %} for your user account](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account)")
| `sponsored_developer_create` | Triggered when your {% data variables.product.prodname_sponsors %} account is created (see "[Setting up {% data variables.product.prodname_sponsors %} for your user account](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account)")
| `sponsored_developer_approve` | Triggered when your {% data variables.product.prodname_sponsors %} account is approved (see "[Setting up {% data variables.product.prodname_sponsors %} for your user account](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-user-account)")
| `sponsored_developer_create` | Triggered when your {% data variables.product.prodname_sponsors %} account is created (see "[Setting up {% data variables.product.prodname_sponsors %} for your user account](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-user-account)")
| `sponsored_developer_disable` | Triggered when your {% data variables.product.prodname_sponsors %} account is disabled
| `sponsored_developer_redraft` | Triggered when your {% data variables.product.prodname_sponsors %} account is returned to draft state from approved state
| `sponsored_developer_profile_update` | Triggered when you edit your sponsored developer profile (see "[Editing your profile details for {% data variables.product.prodname_sponsors %}](/github/supporting-the-open-source-community-with-github-sponsors/editing-your-profile-details-for-github-sponsors)")
| `sponsored_developer_request_approval` | Triggered when you submit your application for {% data variables.product.prodname_sponsors %} for approval (see "[Setting up {% data variables.product.prodname_sponsors %} for your user account](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account)")
| `sponsored_developer_tier_description_update` | Triggered when you change the description for a sponsorship tier (see "[Managing your sponsorship tiers](/github/supporting-the-open-source-community-with-github-sponsors/managing-your-sponsorship-tiers)")
| `sponsored_developer_update_newsletter_send` | Triggered when you send an email update to your sponsors (see "[Contacting your sponsors](/articles/contacting-your-sponsors)")
| `waitlist_invite_sponsored_developer` | Triggered when you are invited to join {% data variables.product.prodname_sponsors %} from the waitlist (see "[Setting up {% data variables.product.prodname_sponsors %} for your user account](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account)")
| `waitlist_join` | Triggered when you join the waitlist to become a sponsored developer (see "[Setting up {% data variables.product.prodname_sponsors %} for your user account](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account)")
| `sponsored_developer_profile_update` | Triggered when you edit your sponsored developer profile (see "[Editing your profile details for {% data variables.product.prodname_sponsors %}](/sponsors/receiving-sponsorships-through-github-sponsors/editing-your-profile-details-for-github-sponsors)")
| `sponsored_developer_request_approval` | Triggered when you submit your application for {% data variables.product.prodname_sponsors %} for approval (see "[Setting up {% data variables.product.prodname_sponsors %} for your user account](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-user-account)")
| `sponsored_developer_tier_description_update` | Triggered when you change the description for a sponsorship tier (see "[Managing your sponsorship tiers](/sponsors/receiving-sponsorships-through-github-sponsors/managing-your-sponsorship-tiers)")
| `sponsored_developer_update_newsletter_send` | Triggered when you send an email update to your sponsors (see "[Contacting your sponsors](/sponsors/receiving-sponsorships-through-github-sponsors/contacting-your-sponsors)")
| `waitlist_invite_sponsored_developer` | Triggered when you are invited to join {% data variables.product.prodname_sponsors %} from the waitlist (see "[Setting up {% data variables.product.prodname_sponsors %} for your user account](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-user-account)")
| `waitlist_join` | Triggered when you join the waitlist to become a sponsored developer (see "[Setting up {% data variables.product.prodname_sponsors %} for your user account](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-user-account)")
{% endif %}
{% if currentVersion == "free-pro-team@latest" %}

35
content/github/developing-online-with-codespaces/configuring-codespaces-for-your-project.md
View File

@@ -25,20 +25,23 @@ You can create a default codespace configuration using a pre-built container con
{% data variables.product.prodname_codespaces %} uses settings contained in a configuration file named `devcontainer.json`. {% data reusables.codespaces.devcontainer-location %}
You can use your `devcontainer.json` to set default settings for the entire codespace environment, including the {% data variables.product.prodname_vscode %} editor, but you can also set editor-specific settings in a file named `.vscode/settings.json`.
Each new codespace created from a branch that contains the `.devcontainer` folder will be configured according to the folder's contents. For more information, see "[Creating a codespace](/github/developing-online-with-codespaces/creating-a-codespace)."
Changes to a repository's codespace configuration apply only to every new codespace and do not affect any existing codespace.
You can use your `devcontainer.json` to set default settings for the entire codespace environment, including the {% data variables.product.prodname_vscode %} editor, but you can also set editor-specific settings in a file named `.vscode/settings.json`.
### Using a pre-built container configuration
You can use any pre-built container configuration for {% data variables.product.prodname_vscode %} that is available in the [`vscode-dev-containers`](https://github.com/microsoft/vscode-dev-containers) repository. Pre-built container definitions include a common configuration for a particular project type, and can help you quickly get started with a configuration that already has the appropriate container options, {% data variables.product.prodname_vscode %} settings, and {% data variables.product.prodname_vscode %} extensions that should be installed.
Pre-built container definitions include a common configuration for a particular project type, and can help you quickly get started with a configuration that already has the appropriate container options, {% data variables.product.prodname_vscode %} settings, and {% data variables.product.prodname_vscode %} extensions that should be installed.
1. Clone or download the [`vscode-dev-containers`](https://github.com/microsoft/vscode-dev-containers) repository.
1. In the `vscode-dev-containers` repository, navigate to the [`containers`](https://github.com/microsoft/vscode-dev-containers/tree/master/containers) folder, then choose a container configuration for your project's needs. We'll use the [Node.js & JavaScript](https://aka.ms/vscode-dev-containers/definitions/node) container configuration as an example.
1. From the [`Node.js & JavaScript`](https://aka.ms/vscode-dev-containers/definitions/node) folder, copy the `.devcontainer` folder to the root of your project's repository.
1. Commit and push the new configuration to your project's repository on {% data variables.product.prodname_dotcom %}.
Each new codespace created from a branch which contains the `.devcontainer` folder will be configured according to the folder's contents. For more information, see "[Creating a codespace](/github/developing-online-with-codespaces/creating-a-codespace)."
1. Access the command palette (`shift command P` / `shift control P`), then start typing "Codespaces: Add Development Container Configuration Files...". Click **Codespaces: Add Development Container Configuration Files...**
!["Codespaces: Add Development Container Configuration Files..." in the command palette](/assets/images/help/codespaces/add-prebuilt-container-command.png)
1. Click the definition you want to use.
![List of predefined container definitions](/assets/images/help/codespaces/predefined-container-definitions-list.png)
1. Follow the prompts to customize your definition.
1. Click **OK**.
![OK button](/assets/images/help/codespaces/prebuilt-container-ok-button.png)
1. To apply the changes, in the bottom right corner of the screen, click **Rebuild now**. For more information about rebuilding your container, see "[Applying changes to your configuration](#applying-changes-to-your-configuration)."
!["Codespaces: Rebuild Container" in the command palette](/assets/images/help/codespaces/rebuild-prompt.png)
### Creating a custom codespace configuration
@@ -53,6 +56,8 @@ You can define default editor settings for {% data variables.product.prodname_vs
* Editor settings defined in `.vscode/settings.json` are applied as _Workspace_-scoped settings in the codespace.
* Editor settings defined in the `settings` key in `devcontainer.json` are applied as _Remote [Codespaces]_-scoped settings in the codespace.
After updating the `devcontainer.json` file, you can rebuild the container for your codespace to apply the changes. For more information, see "[Applying changes to your configuration](#applying-changes-to-your-configuration)."
### Supported codespace configuration keys
You can use configuration keys supported by {% data variables.product.prodname_codespaces %} in `devcontainer.json`.
@@ -80,3 +85,15 @@ You can use configuration keys supported by {% data variables.product.prodname_c
- `dockerComposeFile`
For more information about the available settings for `devcontainer.json`, see [devcontainer.json reference](https://aka.ms/vscode-remote/devcontainer.json) in the {% data variables.product.prodname_vscode %} documentation.
### Applying changes to your configuration
{% data reusables.codespaces.apply-devcontainer-changes %}
1. {% data reusables.codespaces.rebuild-command %}
!["Codespaces: Rebuild Container" in the command palette](/assets/images/help/codespaces/rebuild-container-command.png)
1. {% data reusables.codespaces.recovery-mode %} Fix the errors in the configuration.
![Error message about recovery mode](/assets/images/help/codespaces/recovery-mode-error-message.png)
- To diagnose the error by reviewing the creation logs, click **View creation log**.
- To fix the errors identified in the logs, update your `devcontainer.json` file.
- To apply the changes, rebuild your container. {% data reusables.codespaces.rebuild-command %}

30
content/github/developing-online-with-codespaces/developing-in-a-codespace.md
View File

@@ -11,36 +11,22 @@ topics:
- codespaces
---
### About development with {% data variables.product.prodname_codespaces %}
{% data reusables.codespaces.release-stage %}
{% data reusables.codespaces.use-visual-studio-features %}
{% data reusables.codespaces.about-port-forwarding %} For more information, see "[Forwarding ports in your codespace](/github/developing-online-with-codespaces/forwarding-ports-in-your-codespace)."
{% data reusables.codespaces.apply-devcontainer-changes %} For more information, see "[Configuring {% data variables.product.prodname_codespaces %} for your project](/github/developing-online-with-codespaces/configuring-codespaces-for-your-project#apply-changes-to-your-configuration)."
{% data reusables.codespaces.use-chrome %} For more information, see "[Troubleshooting your codespace](/github/developing-online-with-codespaces/troubleshooting-your-codespace)."
### Connecting to a codespace from {% data variables.product.prodname_vscode %}
{% data reusables.codespaces.connect-to-codespace-from-vscode %}
### Navigating to your codespace
{% data reusables.codespaces.navigate-to-codespaces %}
2. Click the name of the codespace you want to develop in.
![Name of codespace](/assets/images/help/codespaces/click-name-codespace.png)
### Forwarding ports
Port forwarding gives you access to TCP ports running within your codespace. For example, if you're running a web application on port 3000, you can access the application from your browser to test and debug it.
When an application running inside a codespace outputs a port to the console, {% data variables.product.prodname_codespaces %} detects the localhost URL pattern and automatically forwards those ports. You can click on the URL in the terminal to open it in a browser. For example, if an application outputs `http://127.0.0.1:3000` or `http://localhost:3000` to the console, the log would automatically convert the output to a clickable URL for port 3000.
![Automatic Port Forwarding](/assets/images/help/codespaces/automatic-port-forwarding.png)
Alternatively, you can also use any of the following ways to forward a port.
* You can forward a port on demand by triggering the command palette (`shift command P` / `shift control P`) and typing "Codespaces: Forward Port". You can then enter the number of the port you want to forward.
![Command Palette Port Forwarding](/assets/images/help/codespaces/command-palette-port-forwarding.png)
* You can automatically configure forwarded ports in a `.devcontainer.json` file using the `forwardPorts` property.
* You can add or remove forwarded ports within the Remote Explorer extension. From the Remote Explorer you can copy and paste the URLs for forwarded ports, allowing you to access them through your browser.
![Remote Explorer Port Forwarding](/assets/images/help/codespaces/remote-explorer-port-forwarding.png)
![Name of codespace](/assets/images/help/codespaces/click-name-codespace.png)

61
content/github/developing-online-with-codespaces/forwarding-ports-in-your-codespace.md Normal file
View File

@@ -0,0 +1,61 @@
---
title: Forwarding ports in your codespace
intro: '{% data reusables.codespaces.about-port-forwarding %}'
product: '{% data reusables.gated-features.codespaces %}'
versions:
free-pro-team: '*'
topics:
- codespaces
---
### About forwarded ports
Port forwarding gives you access to TCP ports running within your codespace. For example, if you're running a web application on port 4000, you can access the application from your browser to test and debug the application.
When an application running inside a codespace outputs a port to the console, {% data variables.product.prodname_codespaces %} detects the localhost URL pattern and automatically forwards the port. You can click on the URL in the terminal to open the port in a browser. For example, if an application outputs `http://127.0.0.1:4000` or `http://localhost:4000` to the console, the log would automatically convert the output to a clickable URL for port 4000.
![Automatic port forwarding](/assets/images/help/codespaces/automatic-port-forwarding.png)
You can also forward a port manually, label forwarded ports, share fowarded ports publicly, and add forwarded ports to the codespace configuration.
### Forwarding a port
You can manually forward a port that wasn't forwarded automatically.
{% data reusables.codespaces.navigate-to-ports-tab %}
1. Under the list of ports, click **Add port**.
![Add port button](/assets/images/help/codespaces/add-port-button.png)
1. Type the port number or address, then press enter.
![Text box to type port button](/assets/images/help/codespaces/port-number-text-box.png)
### Labeling a port
You can label a port to make the port more easily identifiable in a list.
{% data reusables.codespaces.navigate-to-ports-tab %}
1. Hover over the port you want to label, then click the label icon.
![Label icon for port](/assets/images/help/codespaces/label-icon.png)
{% data reusables.codespaces.type-port-label %}
### Sharing a port
If you want to share a forwarded port with others, you can make the port public. After you make a port public, anyone with the port's URL can view the running application without needing to authenticate.
{% data reusables.codespaces.navigate-to-ports-tab %}
1. Right click the port you want to share, then click **Make Public**.
![Option to make port public in right-click menu](/assets/images/help/codespaces/make-public-option.png)
1. To the right of the local address for the port, click the copy icon.
![Copy icon for port URL](/assets/images/help/codespaces/copy-icon-port-url.png)
1. Send the copied URL to the person you want to share the port with.
### Adding a port to the codespace configuration
You can add a forwarded port to the {% data variables.product.prodname_codespaces %} configuration for the repository, so the port will automatically be forwarded for all codespaces created from the repository. After you update the configuration, any previously created codespaces must be rebuilt for the change to apply. For more information, see "[Configuring {% data variables.product.prodname_codespaces %} for your project](/github/developing-online-with-codespaces#applying-changes-to-your-configuration)."
You can manually configure fowarded ports in a `.devcontainer.json` file using the `forwardPorts` property, or you can use the "Ports" panel in your codespace.
{% data reusables.codespaces.navigate-to-ports-tab %}
1. Right click the port you want to add to the codespace configuration, then click **Set Label and Update devcontainer.json**.
![Option to set label and add port to devcontainer.json in the right-click menu](/assets/images/help/codespaces/update-devcontainer-to-add-port-option.png)
{% data reusables.codespaces.type-port-label %}

4
content/github/developing-online-with-codespaces/index.md
View File

@@ -20,11 +20,11 @@ topics:
{% link_in_list /configuring-codespaces-for-your-project %}
{% link_in_list /creating-a-codespace %}
{% link_in_list /developing-in-a-codespace %}
{% link_in_list /forwarding-ports-in-your-codespace %}
{% link_in_list /personalizing-codespaces-for-your-account %}
{% link_in_list /managing-encrypted-secrets-for-codespaces %}
{% link_in_list /managing-access-and-security-for-codespaces %}
{% link_in_list /managing-gpg-verification-for-codespaces %}
{% link_in_list /deleting-a-codespace %}
{% link_in_list /troubleshooting-your-codespace %}
{% link_in_list /using-codespaces-in-visual-studio-code %}
{% link_in_list /using-codespaces-in-visual-studio %}
{% link_in_list /using-codespaces-in-visual-studio-code %}

12
content/github/developing-online-with-codespaces/managing-access-and-security-for-codespaces.md
View File

@@ -25,6 +25,12 @@ When you enable access and security for a repository owned by your user account,
1. If you chose "Selected repositories", select the drop-down menu, then click a repository to allow the repository's codespaces to access other repositories you own. Repeat for all repositories whose codespaces you want to access other repositories you own.
!["Selected repositories" drop-down menu](/assets/images/help/settings/codespaces-access-and-security-repository-drop-down.png)
### Reviewing your security log for {% data variables.product.prodname_codespaces %}
The security log is where you can review {% data variables.product.prodname_codespaces %} actions that you have performed. For information about accessing the log, see "[Reviewing your security log](/github/authenticating-to-github/reviewing-your-security-log#accessing-your-security-log)."
The security log includes details on what action occured and when you performed it. For information about {% data variables.product.prodname_codespaces %} actions, see "[{% data variables.product.prodname_codespaces %} category actions](/github/authenticating-to-github/reviewing-your-security-log#codespaces-category-actions)".
### Managing security and access for your organization
Organization owners can manage security and access for {% data variables.product.prodname_codespaces %}.
@@ -41,3 +47,9 @@ When you enable access and security for a repository owned by your organization,
![Radio buttons to manage trusted repositories](/assets/images/help/settings/codespaces-access-and-security-radio-buttons.png)
1. If you chose "Selected repositories", select the drop-down menu, then click a repository to allow the repository's codespaces to access other repositories owned by your organization. Repeat for all repositories whose codespaces you want to access other repositories.
!["Selected repositories" drop-down menu](/assets/images/help/settings/codespaces-access-and-security-repository-drop-down.png)
### Reviewing your organization's audit logs for {% data variables.product.prodname_codespaces %}
The audit log is where you can review actions related to {% data variables.product.prodname_codespaces %} that have been performed by members of your organization. For information about accessing the log, see "[Reviewing your security log](/organizations/keeping-your-organization-secure/reviewing-the-audit-log-for-your-organization#accessing-the-audit-log)."
The audit log includes details such as who performed the action, what the action was, and when the action was performed. For information on {% data variables.product.prodname_codespaces %} actions, see "[{% data variables.product.prodname_codespaces %} category actions](/organizations/keeping-your-organization-secure/reviewing-the-audit-log-for-your-organization#codespaces-category-actions)."

20
content/github/developing-online-with-codespaces/managing-encrypted-secrets-for-codespaces.md
View File

@@ -22,6 +22,7 @@ You can add encrypted secrets to your user account that you want to use in your
- Personal access tokens to cloud services
- Service principals
- Subscription identifiers
- [Credentials for a private image registry](#allowing-your-codespace-to-access-private-images)
You can choose which repositories should have access to each secret. Then, you can use the secret in any codespace you create for a repository that has access to the secret.
@@ -67,3 +68,22 @@ You can update the value of an existing secret, and you can change which reposit
!["Delete" button](/assets/images/help/settings/codespaces-secret-delete-button.png)
1. Read the warning, then click **OK**.
![Confirmation to delete secret](/assets/images/help/settings/codespaces-secret-delete-warning.png)
### Allowing your codespace to access private images
A registry is a secure space for storing and managing private container images, such as Azure Container Registry or DockerHub. By adding a secret, your codespace can access private images within the registry.
When a codespace launches, {% data variables.product.prodname_codespaces %} will check for the following three secrets, which define the server name, username, and personal access token (PAT) for the container registry. If those secrets are found, {% data variables.product.prodname_codespaces %} will make the registry available inside your codespace.
- `<*>_CONTAINER_REGISTRY_SERVER`
- `<*>_CONTAINER_REGISTRY_USER`
- `<*>_CONTAINER_REGISTRY_PASSWORD`
Use the steps in "[Adding a secret](#adding-a-secret)" to add a secret for each of these items. Replace the “<*>” in the name with a consistent identifier. For example, if you had a private image registry in Azure, it might look like the following:
```
ACR_CONTAINER_REGISTRY_SERVER = mycompany.azurecr.io
ACR_CONTAINER_REGISTRY_USER = acr-user-here
ACR_CONTAINER_REGISTRY_PASSWORD = <PAT>
```
![Image registry secret example](/assets/images/help/settings/codespaces-image-registry-secret-example.png)

8
content/github/developing-online-with-codespaces/troubleshooting-your-codespace.md
View File

@@ -16,6 +16,14 @@ topics:
{% data reusables.codespaces.unsupported-repos %}
{% data reusables.codespaces.recovery-mode %}
```
This codespace is currently running in recovery mode due to a container error.
```
Review the creation logs, update the configuration as needed, and run the "Rebuild Container" command to retry. For more information, see "[Configuring {% data variables.product.prodname_codespaces %} for your project](/github/developing-online-with-codespaces/configuring-codespaces-for-your-project#apply-changes-to-your-configuration)."
If you encounter issues while using a browser that is not Chromium-based, try switching to a Chromium-based browser, or check for known issues with your browser in the `microsoft/vscode` repository by searching for issues labeled with the name of your browser, such as[`firefox`](https://github.com/microsoft/vscode/issues?q=is%3Aissue+is%3Aopen+label%3Afirefox) or [`safari`](https://github.com/Microsoft/vscode/issues?q=is%3Aopen+is%3Aissue+label%3Asafari).
If you encounter issues while using a Chromium-based browser, you can check if you're experiencing another known issue with {% data variables.product.prodname_vscode %} in the [`microsoft/vscode`](https://github.com/microsoft/vscode/issues) repository.

27
content/github/developing-online-with-codespaces/using-codespaces-in-visual-studio-code.md
View File

@@ -4,6 +4,7 @@ intro: 'You can develop in your codespace directly in {% data variables.product.
product: '{% data reusables.gated-features.codespaces %}'
redirect_from:
- /github/developing-online-with-codespaces/connecting-to-your-codespace-from-visual-studio-code
- /github/developing-online-with-codespaces/using-codespaces-in-visual-studio
versions:
free-pro-team: '*'
topics:
@@ -27,7 +28,7 @@ To develop in a codespace directly in {% data variables.product.prodname_vscode
### Creating a codespace in {% data variables.product.prodname_vscode %}
After you connect your {% data variables.product.product_name %} account to the {% data variables.product.prodname_vs_codespaces %} extension, you can develop in a codespace that you created on {% data variables.product.product_name %} or in {% data variables.product.prodname_vscode %}.
After you connect your {% data variables.product.product_name %} account to the {% data variables.product.prodname_github_codespaces %} extension, you can develop in a codespace that you created on {% data variables.product.product_name %} or in {% data variables.product.prodname_vscode %}.
{% data reusables.codespaces.click-remote-explorer-icon-vscode %}
2. Click the Add icon, then click **Create New Codespace**.
@@ -45,6 +46,30 @@ After you connect your {% data variables.product.product_name %} account to the
3. Click the Connect to Codespace icon.
![The Connect to Codespace icon in {% data variables.product.prodname_vscode %}](/assets/images/help/codespaces/click-connect-to-codespace-icon-vscode.png)
### Changing the machine type in {% data variables.product.prodname_vscode %}
You can run your codespace on a choice of three types of machine: Basic, Standard, or Premium. Each of these has a different level of resources and a different billing tier.
{% note %}
**Note:** {% data reusables.codespaces.about-billing-for-codespaces %}
{% endnote %}
{% data reusables.codespaces.codespaces-machine-types %}
You can change the machine type of your codespace at any time.
1. In {% data variables.product.prodname_vscode %}, open the Command Palette (`shift command P` / `shift control P`).
2. Search for and select "Codespaces: Change Machine Type."
![Searching for a branch to create a new {% data variables.product.prodname_codespaces %}](/assets/images/help/codespaces/vscode-change-machine-type-option.png)
3. Click the codespace that you want to change.
![Searching for a branch to create a new {% data variables.product.prodname_codespaces %}](/assets/images/help/codespaces/vscode-change-machine-choose-repo.png)
4. Choose the machine type you want to use.
![Searching for a branch to create a new {% data variables.product.prodname_codespaces %}](/assets/images/help/codespaces/vscode-change-machine-choose-type.png)
If the codespace is currently running, a message is displayed asking if you would like to restart and reconnect to your codespace now. Click **Yes** if you want to change the machine type used for this codespace immediately. If you click **No**, or if the codespace is not currently running, the change will take effect the next time the codespace restarts.
### Deleting a codespace in {% data variables.product.prodname_vscode %}
1. Under "Codespaces", right-click the codespace you want to delete.

19
content/github/developing-online-with-codespaces/using-codespaces-in-visual-studio.md
View File

@@ -1,19 +0,0 @@
---
title: Using Codespaces in Visual Studio
intro: 'This preview has concluded and will no longer be accepting signups.'
product: '{% data reusables.gated-features.codespaces %}'
versions:
free-pro-team: '*'
topics:
- codespaces
---
{% note %}
**Note:** {% data variables.product.prodname_codespaces %} is currently in limited public beta and subject to change. During the beta period, {% data variables.product.prodname_dotcom %} does not make any guarantees about the availability of {% data variables.product.prodname_codespaces %}.
{% endnote %}
### About codespaces in {% data variables.product.prodname_vs %}
The private preview for GitHub Codespaces in Visual Studio 2019 has concluded. For more information, see the [Visual Studio 2019 documentation](https://docs.microsoft.com/visualstudio/ide/codespaces/codespaces-overview?view=vs-2019).

11
content/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning.md
View File

@@ -7,6 +7,7 @@ versions:
topics:
- security
---
<!--See /content/code-security/secure-coding for the latest version of this article -->
{% data reusables.code-scanning.beta %}
{% data reusables.code-scanning.enterprise-enable-code-scanning %}
@@ -36,14 +37,6 @@ You can use {% data variables.product.prodname_code_scanning %} with {% data var
You can view and contribute to the queries for {% data variables.product.prodname_code_scanning %} in the [`github/codeql`](https://github.com/github/codeql) repository. For more information, see [{% data variables.product.prodname_codeql %} queries](https://codeql.github.com/docs/writing-codeql-queries/codeql-queries/) in the {% data variables.product.prodname_codeql %} documentation.
{% if currentVersion == "free-pro-team@latest" %}
### About billing for {% data variables.product.prodname_code_scanning %}
{% data variables.product.prodname_code_scanning_capc %} uses {% data variables.product.prodname_actions %}, and each run of a {% data variables.product.prodname_code_scanning %} workflow consumes minutes for {% data variables.product.prodname_actions %}. For more information, see "[About billing for {% data variables.product.prodname_actions %}](/github/setting-up-and-managing-billing-and-payments-on-github/about-billing-for-github-actions)."
{% endif %}
### About third-party code scanning tools
{% data reusables.code-scanning.you-can-upload-third-party-analysis %}
@@ -54,7 +47,5 @@ You can view and contribute to the queries for {% data variables.product.prodnam
### Further reading
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
- "[About securing your repository](/github/administering-a-repository/about-securing-your-repository)"{% endif %}
- [{% data variables.product.prodname_security %}](https://securitylab.github.com/)
- [OASIS Static Analysis Results Interchange Format (SARIF) TC](https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=sarif) on the OASIS Committee website

1
content/github/finding-security-vulnerabilities-and-errors-in-your-code/about-integration-with-code-scanning.md
View File

@@ -8,6 +8,7 @@ versions:
topics:
- security
---
<!--See /content/code-security/secure-coding for the latest version of this article -->
{% data reusables.code-scanning.beta %}
{% data reusables.code-scanning.enterprise-enable-code-scanning %}

2
content/github/finding-security-vulnerabilities-and-errors-in-your-code/automatically-scanning-your-code-for-vulnerabilities-and-errors.md
View File

@@ -9,4 +9,4 @@ versions:
topics:
- security
---
<!--See /content/code-security/secure-coding for the latest version of this article -->

20
content/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning.md
View File

@@ -9,6 +9,7 @@ versions:
topics:
- security
---
<!--See /content/code-security/secure-coding for the latest version of this article -->
{% data reusables.code-scanning.beta %}
{% data reusables.code-scanning.enterprise-enable-code-scanning-actions %}
@@ -23,7 +24,7 @@ Before you can configure {% data variables.product.prodname_code_scanning %} for
{% data reusables.code-scanning.edit-workflow %}
{% data variables.product.prodname_codeql %} analysis is just one type of {% data variables.product.prodname_code_scanning %} you can do in {% data variables.product.prodname_dotcom %}. {% data variables.product.prodname_marketplace %}{% if currentVersion ver_gt "enterprise-server@2.21" %} on {% data variables.product.prodname_dotcom_the_website %}{% endif %} contains other {% data variables.product.prodname_code_scanning %} workflows you can use. {% if currentVersion == "free-pro-team@latest" %}You can find a selection of these on the "Get started with {% data variables.product.prodname_code_scanning %}" page, which you can access from the **{% octicon "shield" aria-label="The shield symbol" %} Security** tab.{% endif %} The specific examples given in this article relate to the {% data variables.product.prodname_codeql_workflow %} file.
{% data variables.product.prodname_codeql %} analysis is just one type of {% data variables.product.prodname_code_scanning %} you can do in {% data variables.product.prodname_dotcom %}. {% data variables.product.prodname_marketplace %} on {% data variables.product.prodname_dotcom_the_website %} contains other {% data variables.product.prodname_code_scanning %} workflows you can use. The specific examples given in this article relate to the {% data variables.product.prodname_codeql_workflow %} file.
### Editing a {% data variables.product.prodname_code_scanning %} workflow
@@ -49,7 +50,7 @@ By default, the {% data variables.product.prodname_codeql_workflow %} uses the `
#### Scanning pull requests
The default {% data variables.product.prodname_codeql_workflow %} uses the `pull_request` event to trigger a code scan on pull requests targeted against the default branch. {% if currentVersion ver_gt "enterprise-server@2.21" %}The `pull_request` event is not triggered if the pull request was opened from a private fork.{% else %}If a pull request is from a private fork, the `pull_request` event will only be triggered if you've selected the "Run workflows from fork pull requests" option in the repository settings. For more information, see "[Disabling or limiting {% data variables.product.prodname_actions %} for a repository](/github/administering-a-repository/disabling-or-limiting-github-actions-for-a-repository#enabling-workflows-for-private-repository-forks)."{% endif %}
The default {% data variables.product.prodname_codeql_workflow %} uses the `pull_request` event to trigger a code scan on pull requests targeted against the default branch. The `pull_request` event is not triggered if the pull request was opened from a private fork.
For more information about the `pull_request` event, see "[Workflow syntax for {% data variables.product.prodname_actions %}](/actions/reference/workflow-syntax-for-github-actions#onpushpull_requestbranchestags)."
@@ -110,9 +111,7 @@ This workflow scans:
### Specifying an operating system
If your code requires a specific operating system to compile, you can configure the operating system in your {% data variables.product.prodname_codeql_workflow %}. Edit the value of `jobs.analyze.runs-on` to specify the operating system for the machine that runs your {% data variables.product.prodname_code_scanning %} actions. {% if currentVersion ver_gt "enterprise-server@2.21" %}You specify the operating system by using an appropriate label as the second element in a two-element array, after `self-hosted`.{% else %}
If you choose to use a self-hosted runner for code scanning, you can specify an operating system by using an appropriate label as the second element in a two-element array, after `self-hosted`.{% endif %}
If your code requires a specific operating system to compile, you can configure the operating system in your {% data variables.product.prodname_codeql_workflow %}. Edit the value of `jobs.analyze.runs-on` to specify the operating system for the machine that runs your {% data variables.product.prodname_code_scanning %} actions. You specify the operating system by using an appropriate label as the second element in a two-element array, after `self-hosted`.
``` yaml
jobs:
@@ -121,11 +120,9 @@ jobs:
runs-on: [self-hosted, ubuntu-latest]
```
{% if currentVersion == "free-pro-team@latest" %}For more information, see "[About self-hosted runners](/actions/hosting-your-own-runners/about-self-hosted-runners)" and "[Adding self-hosted runners](/actions/hosting-your-own-runners/adding-self-hosted-runners)."{% endif %}
{% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} supports the latest versions of Ubuntu, Windows, and macOS. Typical values for this setting are therefore: `ubuntu-latest`, `windows-latest`, and `macos-latest`. For more information, see "[Workflow syntax for GitHub Actions](/actions/reference/workflow-syntax-for-github-actions#self-hosted-runners)" and "[Using labels with self-hosted runners](/actions/hosting-your-own-runners/using-labels-with-self-hosted-runners)."
{% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} supports the latest versions of Ubuntu, Windows, and macOS. Typical values for this setting are therefore: `ubuntu-latest`, `windows-latest`, and `macos-latest`. For more information, see {% if currentVersion ver_gt "enterprise-server@2.21" %}"[Workflow syntax for GitHub Actions](/actions/reference/workflow-syntax-for-github-actions#self-hosted-runners)" and "[Using labels with self-hosted runners](/actions/hosting-your-own-runners/using-labels-with-self-hosted-runners){% else %}"[Workflow syntax for GitHub Actions](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idruns-on){% endif %}."
{% if currentVersion ver_gt "enterprise-server@2.21" %}You must ensure that Git is in the PATH variable on your self-hosted runners.{% else %}If you use a self-hosted runner, you must ensure that Git is in the PATH variable.{% endif %}
You must ensure that Git is in the PATH variable on your self-hosted runners.
### Changing the languages that are analyzed
@@ -172,7 +169,10 @@ Alternatively, you can install Python dependencies manually on any operating sys
jobs:
CodeQL-Build:
runs-on: ubuntu-latest
runs-on: ubuntu-latest{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" or currentVersion == "github-ae@next" %}
permissions:
security-events: write
actions: read{% endif %}
steps:
- name: Checkout repository

1
content/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-codeql-code-scanning-in-your-ci-system.md
View File

@@ -9,6 +9,7 @@ versions:
topics:
- security
---
<!--See /content/code-security/secure-coding for the latest version of this article -->
{% data reusables.code-scanning.beta-codeql-runner %}
{% data reusables.code-scanning.beta %}

4
content/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-the-codeql-workflow-for-compiled-languages.md
View File

@@ -9,6 +9,7 @@ versions:
topics:
- security
---
<!--See /content/code-security/secure-coding for the latest version of this article -->
{% data reusables.code-scanning.beta %}
{% data reusables.code-scanning.enterprise-enable-code-scanning-actions %}
@@ -30,10 +31,7 @@ If your workflow uses a `language` matrix, `autobuild` attempts to build each of
{% note %}
{% if currentVersion == "github-ae@latest" %}**Note**: For instructions on how to make sure your {% data variables.actions.hosted_runner %} has the required software installed, see "[Creating custom images](/actions/using-github-hosted-runners/creating-custom-images)."
{% else %}
**Note**: If you use self-hosted runners for {% data variables.product.prodname_actions %}, you may need to install additional software to use the `autobuild` process. Additionally, if your repository requires a specific version of a build tool, you may need to install it manually. For more information, see "[Specifications for {% data variables.product.prodname_dotcom %}-hosted runners](/actions/reference/specifications-for-github-hosted-runners/#supported-software)".
{% endif %}
{% endnote %}

1
content/github/finding-security-vulnerabilities-and-errors-in-your-code/index.md
View File

@@ -7,6 +7,7 @@ versions:
topics:
- security
---
<!--See /content/code-security/secure-coding for the latest version of this article -->
### Table of Contents

2
content/github/finding-security-vulnerabilities-and-errors-in-your-code/integrating-with-code-scanning.md
View File

@@ -9,4 +9,4 @@ versions:
topics:
- security
---
<!--See /content/code-security/secure-coding for the latest version of this article -->

62
content/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository.md
View File

@@ -1,12 +1,13 @@
---
title: Managing code scanning alerts for your repository
shortTitle: Managing alerts
intro: 'From the security view, you can view, fix, {% if currentVersion == "enterprise-server@2.22" %}or close{% else %}dismiss, or delete{% endif %} alerts for potential vulnerabilities or errors in your project''s code.'
intro: 'From the security view, you can view, fix, or close alerts for potential vulnerabilities or errors in your project''s code.'
product: '{% data reusables.gated-features.code-scanning %}'
permissions: 'If you have write permission to a repository you can manage {% data variables.product.prodname_code_scanning %} alerts for that repository.'
versions:
enterprise-server: '2.22'
---
<!--See /content/code-security/secure-coding for the latest version of this article -->
{% data reusables.code-scanning.beta %}
@@ -48,82 +49,25 @@ You need write permission to view a summary of all the alerts for a repository o
Anyone with write permission for a repository can fix an alert by committing a correction to the code. If the repository has {% data variables.product.prodname_code_scanning %} scheduled to run on pull requests, it's best to raise a pull request with your correction. This will trigger {% data variables.product.prodname_code_scanning %} analysis of the changes and test that your fix doesn't introduce any new problems. For more information, see "[Configuring {% data variables.product.prodname_code_scanning %}](/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning)" and "[Triaging {% data variables.product.prodname_code_scanning %} alerts in pull requests](/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests)."
If you have write permission for a repository, you can view fixed alerts by viewing the summary of alerts and clicking **Closed**. For more information, see "[Viewing the alerts for a repository](#viewing-the-alerts-for-a-repository)." The "Closed" list shows fixed alerts and alerts that users have {% if currentVersion == "enterprise-server@2.22" %}closed{% else %}dismissed{% endif %}.
If you have write permission for a repository, you can view fixed alerts by viewing the summary of alerts and clicking **Closed**. For more information, see "[Viewing the alerts for a repository](#viewing-the-alerts-for-a-repository)." The "Closed" list shows fixed alerts and alerts that users have closed.
Alerts may be fixed in one branch but not in another. You can use the "Branch" drop-down menu, on the summary of alerts, to check whether an alert is fixed in a particular branch.
![Filtering alerts by branch](/assets/images/enterprise/3.1/help/repository/code-scanning-branch-filter.png)
{% if currentVersion == "enterprise-server@2.22" %}
### Closing an alert
Closing an alert is a way to resolve an alert that you don't think needs to be fixed. {% data reusables.code-scanning.close-alert-examples %}
{% else %}
### Dismissing or deleting alerts
There are two ways of closing an alert. You can fix the problem in the code, or you can dismiss the alert. Alternatively, if you have admin permissions for the repository, you can delete alerts. Deleting alerts is useful in situations where you have set up a {% data variables.product.prodname_code_scanning %} tool and then decided to remove it, or where you have configured {% data variables.product.prodname_codeql %} analysis with a larger set of queries than you want to continue using, and you've then removed some queries from the tool. In both cases, deleting alerts allows you to clean up your {% data variables.product.prodname_code_scanning %} results. You can delete alerts from the summary list within the **Security** tab.
Dismissing an alert is a way of closing an alert that you don't think needs to be fixed. {% data reusables.code-scanning.close-alert-examples %} You can dismiss alerts from {% data variables.product.prodname_code_scanning %} annotations in code, or from the summary list within the **Security** tab.
When you dismiss an alert:
- It's dismissed in all branches.
- The alert is removed from the number of current alerts for your project.
- The alert is moved to the "Closed" list in the summary of alerts, from where you can reopen it, if required.
- The reason why you closed the alert is recorded.
- Next time {% data variables.product.prodname_code_scanning %} runs, the same code won't generate an alert.
When you delete an alert:
- It's deleted in all branches.
- The alert is removed from the number of current alerts for your project.
- It is _not_ added to the "Closed" list in the summary of alerts.
- If the code that generated the alert stays the same, and the same {% data variables.product.prodname_code_scanning %} tool runs again without any configuration changes, the alert will be shown again in your analysis results.
To dismiss or delete alerts:
{% endif %}
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-security %}
{% data reusables.repositories.sidebar-code-scanning-alerts %}
{% if currentVersion == "enterprise-server@2.22" %}
{% data reusables.code-scanning.click-alert-in-list %}
1. Select the **Close** drop-down menu and click a reason for closing the alert.
![Choosing reason for closing the alert via the Close drop-down](/assets/images/help/repository/code-scanning-alert-close-drop-down.png)
{% data reusables.code-scanning.false-positive-fix-codeql %}
{% else %}
1. If you have admin permissions for the repository, and you want to delete alerts for this {% data variables.product.prodname_code_scanning %} tool, select some or all of the check boxes and click **Delete**.
![Deleting alerts](/assets/images/help/repository/code-scanning-delete-alerts.png)
Optionally, you can use the filters to display a subset of alerts and then delete all matching alerts at once. For example, if you have removed a query from {% data variables.product.prodname_codeql %} analysis, you can use the "Rule" filter to list just the alerts for that query and then select and delete all of those alerts.
![Filter alerts by rule](/assets/images/enterprise/3.1/help/repository/code-scanning-filter-by-rule.png)
1. If you want to dismiss an alert, it's important to explore the alert first, so that you can choose the correct dismissal reason. Click the alert you'd like to explore.
![Open an alert from the summary list](/assets/images/enterprise/3.1/help/repository/code-scanning-click-alert.png)
1. Review the alert, then click **Dismiss** and choose a reason for closing the alert.
![Choosing a reason for dismissing an alert](/assets/images/help/repository/code-scanning-alert-close-drop-down.png)
{% data reusables.code-scanning.choose-alert-dismissal-reason %}
{% data reusables.code-scanning.false-positive-fix-codeql %}
#### Dismissing multiple alerts at once
If a project has multiple alerts that you want to dismiss for the same reason, you can bulk dismiss them from the summary of alerts. Typically, you'll want to filter the list and then dismiss all of the matching alerts. For example, you might want to dismiss all of the current alerts in the project that have been tagged for a particular Common Weakness Enumeration (CWE) vulnerability.
{% endif %}
### Further reading
- "[Triaging {% data variables.product.prodname_code_scanning %} alerts in pull requests](/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests)"

6
content/github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-a-container.md
View File

@@ -8,6 +8,7 @@ versions:
topics:
- security
---
<!--See /content/code-security/secure-coding for the latest version of this article -->
{% data reusables.code-scanning.beta %}
@@ -43,7 +44,10 @@ on:
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
runs-on: ubuntu-latest{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" or currentVersion == "github-ae@next" %}
permissions:
security-events: write
actions: read{% endif %}
strategy:
fail-fast: false

14
content/github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-your-ci-system.md
View File

@@ -8,6 +8,7 @@ versions:
topics:
- security
---
<!--See /content/code-security/secure-coding for the latest version of this article -->
<!--UI-LINK: When GitHub Enterprise Server doesn't have GitHub Actions set up, the Security > Code scanning alerts view links to this article.-->
{% data reusables.code-scanning.beta-codeql-runner %}
@@ -29,17 +30,13 @@ The {% data variables.product.prodname_codeql_runner %} is a command-line tool t
{% note %}
**Notes:**
{% if currentVersion == "free-pro-team@latest" %}
* The {% data variables.product.prodname_codeql_runner %} uses the {% data variables.product.prodname_codeql %} CLI to analyze code and therefore has the same license conditions. It's free to use on public repositories that are maintained on {% data variables.product.prodname_dotcom_the_website %}, and available to use on private repositories that are owned by customers with an {% data variables.product.prodname_advanced_security %} license. For information, see "[{% data variables.product.product_name %} {% data variables.product.prodname_codeql %} Terms and Conditions](https://securitylab.github.com/tools/codeql/license)" and "[{% data variables.product.prodname_codeql %} CLI](https://codeql.github.com/docs/codeql-cli/)."
{% else %}
* The {% data variables.product.prodname_codeql_runner %} is available to customers with an {% data variables.product.prodname_advanced_security %} license.
{% endif %}
* The {% data variables.product.prodname_codeql_runner %} shouldn't be confused with the {% data variables.product.prodname_codeql %} CLI. The {% data variables.product.prodname_codeql %} CLI is an interactive command-line interface that lets you create {% data variables.product.prodname_codeql %} databases for security research and run {% data variables.product.prodname_codeql %} queries. For more information, see "[{% data variables.product.prodname_codeql %} CLI](https://codeql.github.com/docs/codeql-cli/)."
{% endnote %}
### Downloading the {% data variables.product.prodname_codeql_runner %}
You can download the {% data variables.product.prodname_codeql_runner %} from https://{% if currentVersion == "enterprise-server@2.22" or currentVersion == "free-pro-team@latest" %}github.com{% else %}<em>HOSTNAME</em>{% endif %}/github/codeql-action/releases. On some operating systems, you may need to change permissions for the downloaded file before you can run it.
You can download the {% data variables.product.prodname_codeql_runner %} from https://github.com/github/codeql-action/releases. On some operating systems, you may need to change permissions for the downloaded file before you can run it.
On Linux:
@@ -61,7 +58,7 @@ On Windows, the `codeql-runner-win.exe` file usually requires no change to permi
Once you download the {% data variables.product.prodname_codeql_runner %} and verify that it can be executed, you should make the runner available to each CI server that you intend to use for {% data variables.product.prodname_code_scanning %}. For example, you might configure each server to copy the runner from a central, internal location. Alternatively, you could use the REST API to get the runner directly from {% data variables.product.prodname_dotcom %}, for example:
```shell
wget https://{% if currentVersion == "enterprise-server@2.22" or currentVersion == "free-pro-team@latest" %}github.com{% else %}<em>HOSTNAME</em>{% endif %}/github/codeql-action/releases/latest/download/codeql-runner-linux
wget https://github.com/github/codeql-action/releases/latest/download/codeql-runner-linux
chmod +x codeql-runner-linux
```
@@ -72,9 +69,8 @@ In addition to this, each CI server also needs:
The options for providing access to the {% data variables.product.prodname_codeql %} bundle are:
1. Allow the CI servers access to https://{% if currentVersion == "enterprise-server@2.22" or currentVersion == "free-pro-team@latest" %}github.com{% else %}<em>HOSTNAME</em>{% endif %}/github/codeql-action so that the {% data variables.product.prodname_codeql_runner %} can download the bundle automatically.
{% if currentVersion == "enterprise-server@2.22" %}
1. Mirror the `github/codeql-action` repository on {% data variables.product.product_name %}. Unless you specify the <nobr>`--codeql-path`</nobr> flag, the runner automatically checks for the bundle in this location and on {% data variables.product.prodname_dotcom_the_website %}.{% endif %}
1. Allow the CI servers access to https://github.com/github/codeql-action so that the {% data variables.product.prodname_codeql_runner %} can download the bundle automatically.
1. Mirror the `github/codeql-action` repository on {% data variables.product.product_name %}. Unless you specify the <nobr>`--codeql-path`</nobr> flag, the runner automatically checks for the bundle in this location and on {% data variables.product.prodname_dotcom_the_website %}.
1. Manually download/extract the bundle, store it with other central resources, and use the <nobr>`--codeql-path`</nobr> flag to specify the location of the bundle in calls to initialize the {% data variables.product.prodname_codeql_runner %}.
### Calling the {% data variables.product.prodname_codeql_runner %}

1
content/github/finding-security-vulnerabilities-and-errors-in-your-code/sarif-support-for-code-scanning.md
View File

@@ -8,6 +8,7 @@ versions:
topics:
- security
---
<!--See /content/code-security/secure-coding for the latest version of this article -->
{% data reusables.code-scanning.beta %}

7
content/github/finding-security-vulnerabilities-and-errors-in-your-code/setting-up-code-scanning-for-a-repository.md
View File

@@ -9,6 +9,7 @@ versions:
topics:
- security
---
<!--See /content/code-security/secure-coding for the latest version of this article -->
{% data reusables.code-scanning.beta %}
{% data reusables.code-scanning.enterprise-enable-code-scanning-actions %}
@@ -21,14 +22,12 @@ You decide how to generate {% data variables.product.prodname_code_scanning %} a
### Setting up {% data variables.product.prodname_code_scanning %} using actions
{% if currentVersion == "free-pro-team@latest" %}Using actions to run {% data variables.product.prodname_code_scanning %} will use minutes. For more information, see "[About billing for {% data variables.product.prodname_actions %}](/github/setting-up-and-managing-billing-and-payments-on-github/about-billing-for-github-actions)."{% endif %}
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-security %}
3. To the right of "{% data variables.product.prodname_code_scanning_capc %} alerts", click **Set up {% data variables.product.prodname_code_scanning %}**. {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}If {% data variables.product.prodname_code_scanning %} is missing, you need to ask an organization owner or repository administrator to enable {% data variables.product.prodname_GH_advanced_security %}. For more information, see "[Managing security and analysis settings for your organization](/organizations/collaborating-with-groups-in-organizations/managing-security-and-analysis-settings-for-your-organization)" or "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)."{% endif %}
3. To the right of "{% data variables.product.prodname_code_scanning_capc %} alerts", click **Set up {% data variables.product.prodname_code_scanning %}**.
!["Set up {% data variables.product.prodname_code_scanning %}" button to the right of "{% data variables.product.prodname_code_scanning_capc %}" in the Security Overview](/assets/images/help/security/overview-set-up-code-scanning.png)
4. Under "Get started with {% data variables.product.prodname_code_scanning %}", click **Set up this workflow** on the {% data variables.product.prodname_codeql_workflow %} or on a third-party workflow.
!["Set up this workflow" button under "Get started with {% data variables.product.prodname_code_scanning %}" heading](/assets/images/help/repository/code-scanning-set-up-this-workflow.png){% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}Workflows are only displayed if they are relevant for the programming languages detected in the repository. The {% data variables.product.prodname_codeql_workflow %} is always displayed, but the "Set up this workflow" button is only enabled if {% data variables.product.prodname_codeql %} analysis supports the languages present in the repository.{% endif %}
!["Set up this workflow" button under "Get started with {% data variables.product.prodname_code_scanning %}" heading](/assets/images/help/repository/code-scanning-set-up-this-workflow.png)
5. To customize how {% data variables.product.prodname_code_scanning %} scans your code, edit the workflow.
Generally you can commit the {% data variables.product.prodname_codeql_workflow %} without making any changes to it. However, many of the third-party workflows require additional configuration, so read the comments in the workflow before committing.

23
content/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests.md
View File

@@ -9,6 +9,7 @@ versions:
topics:
- security
---
<!--See /content/code-security/secure-coding for the latest version of this article -->
{% data reusables.code-scanning.beta %}
@@ -16,7 +17,7 @@ topics:
In repositories where {% data variables.product.prodname_code_scanning %} is configured as a pull request check, {% data variables.product.prodname_code_scanning %} checks the code in the pull request. By default, this is limited to pull requests that target the default branch, but you can change this configuration within {% data variables.product.prodname_actions %} or in a third-party CI/CD system. If merging the changes would introduce new {% data variables.product.prodname_code_scanning %} alerts to the target branch, these are reported as check results in the pull request. The alerts are also shown as annotations in the **Files changed** tab of the pull request. If you have write permission for the repository, you can see any existing {% data variables.product.prodname_code_scanning %} alerts on the **Security** tab. For information about repository alerts, see "[Managing {% data variables.product.prodname_code_scanning %} alerts for your repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository)."
If {% data variables.product.prodname_code_scanning %} has any results with a severity of `error`, the check fails and the error is reported in the check results. If all the results found by {% data variables.product.prodname_code_scanning %} have lower severities, the alerts are treated as warnings or notices and the check succeeds. If your pull request targets a protected branch that uses {% data variables.product.prodname_code_scanning %}, and the repository owner has configured required status checks, then you must either fix or {% if currentVersion == "enterprise-server@2.22" %}close{% else %}dismiss{% endif %} all error alerts before the pull request can be merged. For more information, see "[About protected branches](/github/administering-a-repository/about-protected-branches#require-status-checks-before-merging)."
If {% data variables.product.prodname_code_scanning %} has any results with a severity of `error`, the check fails and the error is reported in the check results. If all the results found by {% data variables.product.prodname_code_scanning %} have lower severities, the alerts are treated as warnings or notices and the check succeeds. If your pull request targets a protected branch that uses {% data variables.product.prodname_code_scanning %}, and the repository owner has configured required status checks, then you must either fix or close all error alerts before the pull request can be merged. For more information, see "[About protected branches](/github/administering-a-repository/about-protected-branches#require-status-checks-before-merging)."
![Failed {% data variables.product.prodname_code_scanning %} check on a pull request](/assets/images/help/repository/code-scanning-check-failure.png)
@@ -40,28 +41,10 @@ In the detailed view for an alert, some {% data variables.product.prodname_code_
![Alert description and link to show more information](/assets/images/help/repository/code-scanning-pr-alert.png)
### {% if currentVersion == "enterprise-server@2.22" %}Resolving{% else %}Fixing{% endif %} an alert on your pull request
### Resolving an alert on your pull request
Anyone with push access to a pull request can fix a {% data variables.product.prodname_code_scanning %} alert that's identified on that pull request. If you commit changes to the pull request this triggers a new run of the pull request checks. If your changes fix the problem, the alert is closed and the annotation removed.
{% if currentVersion == "enterprise-server@2.22" %}
If you don't think that an alert needs to be fixed, users with write permission can close the alert manually. {% data reusables.code-scanning.close-alert-examples %} The **Close** button is available in annotations and in the alerts view if you have write permission for the repository.
{% data reusables.code-scanning.false-positive-fix-codeql %}
{% else %}
### Dismissing an alert on your pull request
An alternative way of closing an alert is to dismiss it. You can dismiss an alert if you don't think it needs to be fixed. {% data reusables.code-scanning.close-alert-examples %} If you have write permission for the repository, the **Dismiss** button is available in code annotations and in the alerts summary. When you click **Dismiss** you will be prompted to choose a reason for closing the alert.
![Choosing a reason for dismissing an alert](/assets/images/help/repository/code-scanning-alert-close-drop-down.png)
{% data reusables.code-scanning.choose-alert-dismissal-reason %}
{% data reusables.code-scanning.false-positive-fix-codeql %}
For more information about dismissing alerts, see "[Managing {% data variables.product.prodname_code_scanning %} alerts for your repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository#dismissing-or-deleting-alerts)."
{% endif %}

1
content/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-codeql-code-scanning-in-your-ci-system.md
View File

@@ -8,6 +8,7 @@ versions:
topics:
- security
---
<!--See /content/code-security/secure-coding for the latest version of this article -->
{% data reusables.code-scanning.beta-codeql-runner %}
{% data reusables.code-scanning.beta %}

19
content/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-the-codeql-workflow.md
View File

@@ -8,6 +8,7 @@ versions:
topics:
- security
---
<!--See /content/code-security/secure-coding for the latest version of this article -->
{% data reusables.code-scanning.beta %}
{% data reusables.code-scanning.not-available %}
@@ -28,7 +29,10 @@ If an automatic build of code for a compiled language within your project fails,
```yaml
jobs:
analyze:
analyze:{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" or currentVersion == "github-ae@next" %}
permissions:
security-events: write
actions: read{% endif %}
...
strategy:
fail-fast: false
@@ -113,24 +117,13 @@ If you split your analysis into multiple workflows as described above, we still
If your analysis is still too slow to be run during `push` or `pull_request` events, then you may want to only trigger analysis on the `schedule` event. For more information, see "[Events](/actions/learn-github-actions/introduction-to-github-actions#events)."
{% if currentVersion == "free-pro-team@latest" %}
### Results differ between analysis platforms
If you are analyzing code written in Python, you may see different results depending on whether you run the {% data variables.product.prodname_codeql_workflow %} on Linux, macOS, or Windows.
On GitHub-hosted runners that use Linux, the {% data variables.product.prodname_codeql_workflow %} tries to install and analyze Python dependencies, which could lead to more results. To disable the auto-install, add `setup-python-dependencies: false` to the "Initialize CodeQL" step of the workflow. For more information about configuring the analysis of Python dependencies, see "[Analyzing Python dependencies](/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#analyzing-python-dependencies)."
{% endif %}
### Error: "Server error"
If the run of a workflow for {% data variables.product.prodname_code_scanning %} fails due to a server error, try running the workflow again. If the problem persists, contact {% data variables.contact.contact_support %}.
### Error: "Out of disk" or "Out of memory"
On very large projects, {% data variables.product.prodname_codeql %} may run out of disk or memory on the runner.
{% if currentVersion == "free-pro-team@latest" %}If you encounter this issue on a hosted {% data variables.product.prodname_actions %} runner, contact {% data variables.contact.contact_support %} so that we can investigate the problem.
{% else %}If you encounter this issue, try increasing the memory on the runner.{% endif %}
On very large projects, {% data variables.product.prodname_codeql %} may run out of disk or memory on the runner. If you encounter this issue, try increasing the memory on the runner.
### Warning: "git checkout HEAD^2 is no longer necessary"

10
content/github/finding-security-vulnerabilities-and-errors-in-your-code/uploading-a-sarif-file-to-github.md
View File

@@ -9,6 +9,7 @@ versions:
topics:
- security
---
<!--See /content/code-security/secure-coding for the latest version of this article -->
{% data reusables.code-scanning.beta %}
{% data reusables.code-scanning.enterprise-enable-code-scanning %}
@@ -19,7 +20,7 @@ topics:
You can generate SARIF files using many static analysis security testing tools, including {% data variables.product.prodname_codeql %}. The results must use SARIF version 2.1.0. For more information, see "[SARIF support for {% data variables.product.prodname_code_scanning %}](/github/finding-security-vulnerabilities-and-errors-in-your-code/sarif-support-for-code-scanning)."
You can upload the results using {% data variables.product.prodname_actions %}{% if currentVersion == "enterprise-server@2.22" %} (available if your organization is taking part in the beta program){% endif %}, the {% data variables.product.prodname_code_scanning %} API, or the {% data variables.product.prodname_codeql_runner %}. The best upload method will depend on how you generate the SARIF file, for example, if you use:
You can upload the results using {% data variables.product.prodname_actions %} (available if your organization is taking part in the beta program), the {% data variables.product.prodname_code_scanning %} API, or the {% data variables.product.prodname_codeql_runner %}. The best upload method will depend on how you generate the SARIF file, for example, if you use:
- {% data variables.product.prodname_actions %} to run the {% data variables.product.prodname_codeql %} action, there is no further action required. The {% data variables.product.prodname_codeql %} action uploads the SARIF file automatically when it completes analysis.
- {% data variables.product.prodname_actions %} to run a SARIF-compatible analysis tool, you could update the workflow to include a final step that uploads the results (see below).
@@ -62,7 +63,9 @@ on:
jobs:
build:
runs-on: ubuntu-latest
runs-on: ubuntu-latest{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" or currentVersion == "github-ae@next" %}
permissions:
security-events: write{% endif %}
steps:
# This step checks out a copy of your repository.
- name: Checkout repository
@@ -94,6 +97,9 @@ on:
jobs:
build:
runs-on: ubuntu-latest{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.1" or currentVersion == "github-ae@next" %}
permissions:
security-events: write{% endif %}
steps:
- uses: actions/checkout@v2
- name: Run npm install

2
content/github/finding-security-vulnerabilities-and-errors-in-your-code/using-codeql-code-scanning-with-your-existing-ci-system.md
View File

@@ -9,4 +9,4 @@ versions:
topics:
- security
---
<!--See /content/code-security/secure-coding for the latest version of this article -->

52
content/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies.md
View File

@@ -1,12 +1,13 @@
---
title: About alerts for vulnerable dependencies
intro: '{% data variables.product.product_name %} sends {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %} when we detect vulnerabilities affecting your repository.'
intro: '{% data variables.product.product_name %} sends {% if currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %} when we detect vulnerabilities affecting your repository.'
versions:
enterprise-server: '<=2.22'
topics:
- security
---
<!--See /content/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies for the current version of this article -->
### About vulnerable dependencies
{% data reusables.repositories.a-vulnerability-is %}
@@ -15,12 +16,10 @@ When your code depends on a package that has a security vulnerability, this vuln
### Detection of vulnerable dependencies
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot %} detects vulnerable dependencies and sends {% data variables.product.prodname_dependabot_alerts %}{% else %}{% data variables.product.product_name %} detects vulnerable dependencies and sends security alerts{% endif %} when:
{% if currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot %} detects vulnerable dependencies and sends {% data variables.product.prodname_dependabot_alerts %}{% else %}{% data variables.product.product_name %} detects vulnerable dependencies and sends security alerts{% endif %} when:
{% if currentVersion == "free-pro-team@latest" %}
- A new vulnerability is added to the {% data variables.product.prodname_advisory_database %}. For more information, see "[Browsing security vulnerabilities in the {% data variables.product.prodname_advisory_database %}](/github/managing-security-vulnerabilities/browsing-security-vulnerabilities-in-the-github-advisory-database)."{% else %}
- New advisory data is synchronized to {% data variables.product.prodname_ghe_server %} each hour from {% data variables.product.prodname_dotcom_the_website %}. {% data reusables.security-advisory.link-browsing-advisory-db %}{% endif %}
- The dependency graph for a repository changes. For example, when a contributor pushes a commit to change the packages or versions it depends on{% if currentVersion == "free-pro-team@latest" %}, or when the code of one of the dependencies changes{% endif %}. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)."
- New advisory data is synchronized to {% data variables.product.prodname_ghe_server %} each hour from {% data variables.product.prodname_dotcom_the_website %}. {% data reusables.security-advisory.link-browsing-advisory-db %}
- The dependency graph for a repository changes. For example, when a contributor pushes a commit to change the packages or versions it depends on. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)."
{% data reusables.repositories.dependency-review %}
@@ -32,7 +31,7 @@ For a list of the ecosystems that {% data variables.product.product_name %} can
{% endnote %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" % %}
{% if currentVersion ver_gt "enterprise-server@2.21" % %}
### {% data variables.product.prodname_dependabot %} alerts for vulnerable dependencies
{% else %}
### Security alerts for vulnerable dependencies
@@ -40,23 +39,10 @@ For a list of the ecosystems that {% data variables.product.product_name %} can
{% data reusables.repositories.enable-security-alerts %}
{% if currentVersion == "free-pro-team@latest" %}{% data variables.product.prodname_dotcom %} detects vulnerable dependencies in _public_ repositories and generates {% data variables.product.prodname_dependabot_alerts %} by default. Owners of private repositories, or people with admin access, can enable {% data variables.product.prodname_dependabot_alerts %} by enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} for their repositories.
You can also enable or disable {% data variables.product.prodname_dependabot_alerts %} for all repositories owned by your user account or organization. For more information, see "[Managing security and analysis settings for your user account](/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account)" or "[Managing security and analysis settings for your organization](/organizations/collaborating-with-groups-in-organizations/managing-security-and-analysis-settings-for-your-organization)."
For information about permission requirements for actions related to {% data variables.product.prodname_dependabot_alerts %}, see "[Repository permission levels for an organization](/organizations/collaborating-with-groups-in-organizations/repository-permission-levels-for-an-organization#permission-requirements-for-security-features)."
{% data variables.product.product_name %} starts generating the dependency graph immediately and generates alerts for any vulnerable dependencies as soon as they are identified. The graph is usually populated within minutes but this may take longer for repositories with many dependencies. For more information, see "[Managing data use settings for your private repository](/github/understanding-how-github-uses-and-protects-your-data/managing-data-use-settings-for-your-private-repository)."
{% endif %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}
{% if currentVersion ver_gt "enterprise-server@2.21" %}
When {% data variables.product.product_name %} identifies a vulnerable dependency, we generate a {% data variables.product.prodname_dependabot %} alert and display it on the Security tab for the repository. The alert includes a link to the affected file in the project, and information about a fixed version. {% data variables.product.product_name %} also notifies the maintainers of affected repositories about the new alert according to their notification preferences. For more information, see "[Configuring notifications for vulnerable dependencies](/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies)."
{% endif %}
{% if currentVersion == "free-pro-team@latest" %}
For repositories where {% data variables.product.prodname_dependabot_security_updates %} are enabled, the alert may also contain a link to a pull request to update the manifest or lock file to the minimum version that resolves the vulnerability. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)."
{% endif %}
{% if enterpriseServerVersions contains currentVersion and currentVersion ver_lt "enterprise-server@2.22" %}
When {% data variables.product.product_name %} identifies a vulnerable dependency, we send a security alert to the maintainers of affected repositories with details of the vulnerability, a link to the affected file in the project, and information about a fixed version.
{% endif %}
@@ -67,27 +53,15 @@ When {% data variables.product.product_name %} identifies a vulnerable dependenc
{% endwarning %}
### Access to {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot %}{% else %}security{% endif %} alerts
### Access to {% if currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot %}{% else %}security{% endif %} alerts
You can see all of the alerts that affect a particular project{% if currentVersion == "free-pro-team@latest" %} on the repository's Security tab or{% endif %} in the repository's dependency graph.{% if currentVersion == "free-pro-team@latest" %} For more information, see "[Viewing and updating vulnerable dependencies in your repository](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)."{% endif %}
You can see all of the alerts that affect a particular project in the repository's dependency graph.
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}
By default, we notify people with admin permissions in the affected repositories about new {% data variables.product.prodname_dependabot_alerts %}.{% endif %} {% if currentVersion == "free-pro-team@latest" %}{% data variables.product.product_name %} never publicly discloses identified vulnerabilities for any repository. You can also make {% data variables.product.prodname_dependabot_alerts %} visible to additional people or teams working repositories that you own or have admin permissions for. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)."
{% endif %}
{% if currentVersion ver_gt "enterprise-server@2.21" %}
By default, we notify people with admin permissions in the affected repositories about new {% data variables.product.prodname_dependabot_alerts %}.{% endif %}
{% if enterpriseServerVersions contains currentVersion and currentVersion ver_lt "enterprise-server@2.22" %}
We send security alerts to people with admin permissions in the affected repositories by default. {% data variables.product.product_name %} never publicly discloses identified vulnerabilities for any repository.
{% endif %}
{% data reusables.notifications.vulnerable-dependency-notification-delivery-method-customization %}{% if enterpriseServerVersions contains currentVersion and currentVersion ver_lt "enterprise-server@2.21" %} For more information, see "[Choosing the delivery method for your notifications](/github/receiving-notifications-about-activity-on-github/choosing-the-delivery-method-for-your-notifications)."{% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.20" %} For more information, see "[Configuring notifications for vulnerable dependencies](/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies)."{% endif %}
{% if currentVersion == "free-pro-team@latest" %}
You can also see all the {% data variables.product.prodname_dependabot_alerts %} that correspond to a particular vulnerability in the {% data variables.product.prodname_advisory_database %}. For more information, see "[Browsing security vulnerabilities in the {% data variables.product.prodname_advisory_database %}](/github/managing-security-vulnerabilities/browsing-security-vulnerabilities-in-the-github-advisory-database#viewing-your-vulnerable-repositories)."
{% endif %}
{% if currentVersion == "free-pro-team@latest" %}
### Further reading
- "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)"
- "[Viewing and updating vulnerable dependencies in your repository](/articles/viewing-and-updating-vulnerable-dependencies-in-your-repository)"
- "[Understanding how {% data variables.product.product_name %} uses and protects your data](/categories/understanding-how-github-uses-and-protects-your-data)"{% endif %}
{% data reusables.notifications.vulnerable-dependency-notification-delivery-method-customization %}{% if enterpriseServerVersions contains currentVersion and currentVersion ver_lt "enterprise-server@2.21" %} For more information, see "[Choosing the delivery method for your notifications](/github/receiving-notifications-about-activity-on-github/choosing-the-delivery-method-for-your-notifications)."{% endif %}{% if currentVersion ver_gt "enterprise-server@2.20" %} For more information, see "[Configuring notifications for vulnerable dependencies](/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies)."{% endif %}

17
content/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies.md
View File

@@ -1,20 +1,17 @@
---
title: Configuring notifications for vulnerable dependencies
shortTitle: Configuring notifications
intro: 'Optimize how you receive notifications about {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot %}{% else %}security{% endif %} alerts.'
intro: 'Optimize how you receive notifications about {% if currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot %}{% else %}security{% endif %} alerts.'
versions:
enterprise-server: '>=2.21 <=2.22'
topics:
- security
---
<!--See /content/code-security/supply-chain-security/configuring-notifications-for-vulnerable-dependencies for the current version of this article -->
### About notifications for vulnerable dependencies
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}When {% data variables.product.prodname_dependabot %} detects vulnerable dependencies in your repositories, we generate a {% data variables.product.prodname_dependabot %} alert and display it on the Security tab for the repository. {% data variables.product.product_name %} notifies the maintainers of affected repositories about the new alert according to their notification preferences.{% else %}When {% data variables.product.product_name %} detects vulnerable dependencies in your repositories, it sends security alerts.{% endif %}{% if currentVersion == "free-pro-team@latest" %} {% data variables.product.prodname_dependabot %} is enabled by default on all public repositories. For {% data variables.product.prodname_dependabot_alerts %}, by default, you will receive {% data variables.product.prodname_dependabot_alerts %} by email, grouped by the specific vulnerability.
{% endif %}
{% if currentVersion == "free-pro-team@latest" %}If you're an organization owner, you can enable or disable {% data variables.product.prodname_dependabot_alerts %} for all repositories in your organization with one click. You can also set whether the detection of vulnerable dependencies will be enabled or disabled for newly-created repositories. For more information, see "[Managing security and analysis settings for your organization](/organizations/collaborating-with-groups-in-organizations/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-new-repositories-when-they-are-added)."
{% endif %}
{% if currentVersion ver_gt "enterprise-server@2.21" %}When {% data variables.product.prodname_dependabot %} detects vulnerable dependencies in your repositories, we generate a {% data variables.product.prodname_dependabot %} alert and display it on the Security tab for the repository. {% data variables.product.product_name %} notifies the maintainers of affected repositories about the new alert according to their notification preferences.{% else %}When {% data variables.product.product_name %} detects vulnerable dependencies in your repositories, it sends security alerts.{% endif %}
{% if enterpriseServerVersions contains currentVersion and currentVersion == "enterprise-server@2.21" %}
Your site administrator needs to enable security alerts for vulnerable dependencies for {% data variables.product.product_location %} before you can use the feature. For more information, see "[Enabling alerts for vulnerable dependencies on {% data variables.product.prodname_ghe_server %}](/admin/configuration/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server)."{% endif %}
@@ -26,14 +23,14 @@ By default, if your site administrator has configured email for notifications on
{% if currentVersion ver_lt "enterprise-server@2.22" %}Site administrators can also enable security alerts without notifications. For more information, see "[Enabling security alerts for vulnerable dependencies on {% data variables.product.prodname_ghe_server %}](/enterprise/{{ currentVersion }}/admin/configuration/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server)."{% endif %}
### Configuring notifications for {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %}
### Configuring notifications for {% if currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %}
You can configure notification settings for yourself or your organization from the Manage notifications drop-down {% octicon "bell" aria-label="The notifications bell" %} shown at the top of each page. For more information, see "[Configuring notifications](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#choosing-your-notification-settings)."
{% data reusables.notifications.vulnerable-dependency-notification-delivery-method-customization %}
{% data reusables.notifications.vulnerable-dependency-notification-options %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}
{% if currentVersion ver_gt "enterprise-server@2.21" %}
![{% data variables.product.prodname_dependabot_alerts %} options](/assets/images/help/notifications-v2/dependabot-alerts-options.png)
{% else %}
![Security alerts options](/assets/images/help/notifications-v2/security-alerts-options.png)
@@ -45,11 +42,11 @@ You can configure notification settings for yourself or your organization from t
{% endnote %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.19" % %}{% data reusables.repositories.security-alerts-x-github-severity %} For more information, see {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.20" %}"[Configuring notifications](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#filtering-email-notifications){% else %}"[About email notifications](/github/receiving-notifications-about-activity-on-github/about-email-notifications){% endif %}."{% endif %}
{% data reusables.repositories.security-alerts-x-github-severity %} For more information, see "[Configuring notifications](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#filtering-email-notifications)."
### How to reduce the noise from notifications for vulnerable dependencies
If you are concerned about receiving too many notifications for {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %}, we recommend you opt into the weekly email digest, or turn off notifications while keeping {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %} enabled. You can still navigate to see your {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %} in your repository's Security tab.{% if currentVersion == "free-pro-team@latest" %} For more information, see "[Viewing and updating vulnerable dependencies in your repository](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)."{% endif %}
If you are concerned about receiving too many notifications for {% if currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %}, we recommend you opt into the weekly email digest, or turn off notifications while keeping {% if currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %} enabled. You can still navigate to see your {% if currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %} in your repository's Security tab.
### Further reading

2
content/github/managing-security-vulnerabilities/index.md
View File

@@ -5,7 +5,7 @@ versions:
topics:
- security
---
<!--See /content/code-security/supply-chain-security for the current version of this article -->
### Table of Contents
{% topic_link_in_list /managing-vulnerabilities-in-your-projects-dependencies %}

2
content/github/managing-security-vulnerabilities/managing-vulnerabilities-in-your-projects-dependencies.md
View File

@@ -7,4 +7,4 @@ versions:
topics:
- security
---
<!--See content/code-security/supply-chain-security for the current version of this article -->

4
content/github/setting-up-and-managing-billing-and-payments-on-github/about-billing-for-github-sponsors.md
View File

@@ -17,5 +17,5 @@ topics:
### Further reading
- "[About {% data variables.product.prodname_sponsors %}](/articles/about-github-sponsors)"
- "[Sponsoring open source contributors](/github/supporting-the-open-source-community-with-github-sponsors/sponsoring-open-source-contributors)"
- "[About {% data variables.product.prodname_sponsors %}](/sponsors/getting-started-with-github-sponsors/about-github-sponsors)"
- "[Sponsoring open source contributors](/sponsors/sponsoring-open-source-contributors)"

17
content/github/setting-up-and-managing-your-enterprise/enforcing-github-actions-policies-in-your-enterprise-account.md
View File

@@ -49,3 +49,20 @@ You can disable all workflows for an enterprise or set a policy that configures
{% data reusables.enterprise-accounts.policies-tab %}
{% data reusables.enterprise-accounts.actions-tab %}
{% data reusables.github-actions.private-repository-forks-configure %}
### Setting the permissions of the `GITHUB_TOKEN` for your enterprise
{% data reusables.github-actions.workflow-permissions-intro %}
You can set the default permissions for the `GITHUB_TOKEN` in the settings for your enterprise, organizations, or repositories. If you choose the restricted option as the default in your enterprise settings, this prevents the more permissive setting being chosen in the organization or repository settings.
{% data reusables.github-actions.workflow-permissions-modifying %}
#### Configuring the default `GITHUB_TOKEN` permissions
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.policies-tab %}
{% data reusables.enterprise-accounts.actions-tab %}
1. Under **Workflow permissions**, choose whether you want the `GITHUB_TOKEN` to have read and write access for all scopes, or just read access for the `contents` scope.
![Set GITHUB_TOKEN permissions for this enterprise](/assets/images/help/settings/actions-workflow-permissions-enterprise.png)
1. Click **Save** to apply the settings.

79
content/github/setting-up-and-managing-your-github-profile/personalizing-your-profile.md
View File

@@ -56,7 +56,7 @@ You can change the name that is displayed on your profile. This name may also be
### Adding a bio to your profile
Add a bio to your profile to share information about yourself with other {% data variables.product.product_name %} users. With the help of [@mentions](/articles/basic-writing-and-formatting-syntax) and emoji, you can include information about where you currently or have previously worked, what type of work you do, or even what kind of coffee you drink.
Add a bio to your profile to share information about yourself with other {% data variables.product.product_name %} users. With the help of [@mentions](/articles/basic-writing-and-formatting-syntax) and emoji, you can include information about where you currently or have previously worked, what type of work you do, or even what kind of coffee you drink.
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}
@@ -122,22 +122,89 @@ When you participate in certain programs, {% data variables.product.prodname_dot
| Badge | Program | Description |
| --- | --- | --- |
| {% octicon "north-star" aria-label="The North Star icon" %} | **{% data variables.product.prodname_arctic_vault %} Contributor** | If you authored any commit(s) on the default branch of a repository that was archived in the 2020 Arctic Vault program, you'll get an {% data variables.product.prodname_arctic_vault %} Contributor badge on your profile. For more information on the program, see [{% data variables.product.prodname_archive %}](https://archiveprogram.github.com). |
| {% octicon "cpu" aria-label="The Developer Program icon" %} | **Developer Program Member** | If you're a registered member of the GitHub Developer Program, building an app with the GitHub API, you'll get a Developer Program Member badge on your profile. For more information on the GitHub Developer Program, see [GitHub Developer](/program/). |
| {% octicon "heart-fill" aria-label="The GitHub Sponsor icon" %} | **GitHub Sponsor** | If you sponsored an open source contributor through {% data variables.product.prodname_sponsors %} you'll get a GitHub Sponsor badge on your profile. For more information, see "[Sponsoring open source contributors](/github/supporting-the-open-source-community-with-github-sponsors/sponsoring-open-source-contributors)." |
| ![Mars 2020 Helicopter Contributor badge icon](/assets/images/help/profile/badge-mars-2020-small.png) | **Mars 2020 Helicopter Contributor** | If you authored any commit(s) on the default branch up to the relevant version of an open source library used in the Mars 2020 Helicopter Mission, you'll get a Mars 2020 Helicopter Contributor badge on your profile. Hovering over the badge shows you several of the repositories you contributed to that were used in the mission. For the full list of repositories that will qualify you for the badge, see "[List of qualifying repositories for Mars 2020 Helicopter Contributor badge](/github/setting-up-and-managing-your-github-profile/personalizing-your-profile#list-of-qualifying-repositories-for-mars-2020-helicopter-contributor-badge)." |
| ![Arctic Code Vault Contributor badge icon](/assets/images/help/profile/badge-arctic-code-vault-small.png) | **{% data variables.product.prodname_arctic_vault %} Contributor** | If you authored any commit(s) on the default branch of a repository that was archived in the 2020 Arctic Vault program, you'll get an {% data variables.product.prodname_arctic_vault %} Contributor badge on your profile. Hovering over the badge shows you several of the repositories you contributed to that were part of the program. For more information on the program, see [{% data variables.product.prodname_archive %}](https://archiveprogram.github.com). |
| ![{% data variables.product.prodname_dotcom %} Sponsor badge icon](/assets/images/help/profile/badge-sponsors-small.png) | **{% data variables.product.prodname_dotcom %} Sponsor** | If you sponsored an open source contributor through {% data variables.product.prodname_sponsors %} you'll get a {% data variables.product.prodname_dotcom %} Sponsor badge on your profile. Clicking the badge takes you to the **Sponsoring** tab of your profile. For more information, see "[Sponsoring open source contributors](/github/supporting-the-open-source-community-with-github-sponsors/sponsoring-open-source-contributors)." |
| {% octicon "cpu" aria-label="The Developer Program icon" %} | **Developer Program Member** | If you're a registered member of the {% data variables.product.prodname_dotcom %} Developer Program, building an app with the {% data variables.product.prodname_dotcom %} API, you'll get a Developer Program Member badge on your profile. For more information on the {% data variables.product.prodname_dotcom %} Developer Program, see [GitHub Developer](/program/). |
| {% octicon "star-fill" aria-label="The star icon" %} | **Pro** | If you use {% data variables.product.prodname_pro %} you'll get a PRO badge on your profile. For more information about {% data variables.product.prodname_pro %}, see "[{% data variables.product.prodname_dotcom %}'s products](/github/getting-started-with-github/githubs-products#github-pro)." |
### Disabling badges on your profile
You can disable some of the badges for {% data variables.product.prodname_dotcom %} programs you're participating in, including the PRO and {% data variables.product.prodname_arctic_vault %} badges.
You can disable some of the badges for {% data variables.product.prodname_dotcom %} programs you're participating in, including the PRO, {% data variables.product.prodname_arctic_vault %} and Mars 2020 Helicopter Contributor badges.
{% data reusables.user_settings.access_settings %}
2. Under "Profile settings", deselect the badge you want you disable.
![Checkbox to no longer display a badge on your profile](/assets/images/help/profile/display-pro-badge-checkbox.png)
![Checkbox to no longer display a badge on your profile](/assets/images/help/profile/profile-badge-settings.png)
3. Click **Update preferences**.
{% endif %}
### List of qualifying repositories for Mars 2020 Helicopter Contributor badge
If you authored any commit(s) on the default branch of one or more of the repositories below, up to the specified version, you'll receive the Mars 2020 Helicopter Contributor badge on your profile. The list was built based on the information received from NASA's Jet Propulsion Laboratory.
| {% data variables.product.prodname_dotcom %} Repository | Version |
|---|---|
| [torvalds/linux](https://github.com/torvalds/linux) | 3.4 |
| [nasa/fprime](https://github.com/nasa/fprime) | 1.3 |
| [python/cpython](https://github.com/python/cpython) | 3.9.2 |
| [boto/boto3](https://github.com/boto/boto3) | 1.17.17 |
| [boto/botocore](https://github.com/boto/botocore) | 1.20.11 |
| [certifi/python-certifi](https://github.com/certifi/python-certifi) | 2020.12.5 |
| [chardet/chardet](https://github.com/chardet/chardet) | 4.0.0 |
| [matplotlib/cycler](https://github.com/matplotlib/cycler) | 0.10.0 |
| [elastic/elasticsearch-py](https://github.com/elastic/elasticsearch-py) | 6.8.1 |
| [ianare/exif-py](https://github.com/ianare/exif-py) | 2.3.2 |
| [kjd/idna](https://github.com/kjd/idna) | 2.10 |
| [jmespath/jmespath.py](https://github.com/jmespath/jmespath.py) | 0.10.0 |
| [nucleic/kiwi](https://github.com/nucleic/kiwi) | 1.3.1 |
| [matplotlib/matplotlib](https://github.com/matplotlib/matplotlib) | 3.3.4 |
| [numpy/numpy](https://github.com/numpy/numpy) | 1.20.1 |
| [opencv/opencv-python](https://github.com/opencv/opencv-python) | 4.5.1.48 |
| [python-pillow/Pillow](https://github.com/python-pillow/Pillow) | 8.1.0 |
| [pycurl/pycurl](https://github.com/pycurl/pycurl) | 7.43.0.6 |
| [pyparsing/pyparsing](https://github.com/pyparsing/pyparsing) | 2.4.7 |
| [pyserial/pyserial](https://github.com/pyserial/pyserial) | 3.5 |
| [dateutil/dateutil](https://github.com/dateutil/dateutil) | 2.8.1 |
| [yaml/pyyaml](https://github.com/yaml/pyyaml) | 5.4.1 |
| [psf/requests](https://github.com/psf/requests) | 2.25.1 |
| [boto/s3transfer](https://github.com/boto/s3transfer) | 0.3.4 |
| [enthought/scimath](https://github.com/enthought/scimath) | 4.2.0 |
| [scipy/scipy](https://github.com/scipy/scipy) | 1.6.1 |
| [benjaminp/six](https://github.com/benjaminp/six) | 1.15.0 |
| [enthought/traits](https://github.com/enthought/traits) | 6.2.0 |
| [urllib3/urllib3](https://github.com/urllib3/urllib3) | 1.26.3 |
| [python-attrs/attrs](https://github.com/python-attrs/attrs) | 19.3.0 |
| [CheetahTemplate3/cheetah3](https://github.com/CheetahTemplate3/cheetah3/) | 3.2.4 |
| [pallets/click](https://github.com/pallets/click) | 7.0 |
| [pallets/flask](https://github.com/pallets/flask) | 1.1.1 |
| [flask-restful/flask-restful](https://github.com/flask-restful/flask-restful) | 0.3.7 |
| [pytest-dev/iniconfig](https://github.com/pytest-dev/iniconfig) | 1.0.0 |
| [pallets/itsdangerous](https://github.com/pallets/itsdangerous) | 1.1.0 |
| [pallets/jinja](https://github.com/pallets/jinja) | 2.10.3 |
| [lxml/lxml](https://github.com/lxml/lxml) | 4.4.1 |
| [Python-Markdown/markdown](https://github.com/Python-Markdown/markdown) | 3.1.1 |
| [pallets/markupsafe](https://github.com/pallets/markupsafe) | 1.1.1 |
| [pypa/packaging](https://github.com/pypa/packaging) | 19.2 |
| [pexpect/pexpect](https://github.com/pexpect/pexpect) | 4.7.0 |
| [pytest-dev/pluggy](https://github.com/pytest-dev/pluggy) | 0.13.0 |
| [pexpect/ptyprocess](https://github.com/pexpect/ptyprocess) | 0.6.0 |
| [pytest-dev/py](https://github.com/pytest-dev/py) | 1.8.0 |
| [pyparsing/pyparsing](https://github.com/pyparsing/pyparsing) | 2.4.5 |
| [pytest-dev/pytest](https://github.com/pytest-dev/pytest) | 5.3.0 |
| [stub42/pytz](https://github.com/stub42/pytz) | 2019.3 |
| [uiri/toml](https://github.com/uiri/toml) | 0.10.0 |
| [pallets/werkzeug](https://github.com/pallets/werkzeug) | 0.16.0 |
| [dmnfarrell/tkintertable](https://github.com/dmnfarrell/tkintertable) | 1.2 |
| [wxWidgets/wxPython-Classic](https://github.com/wxWidgets/wxPython-Classic) | 2.9.1.1 |
| [opencv/opencv](https://github.com/opencv/opencv) | 4.5.1 |
| [curl/curl](https://github.com/curl/curl) | 7.19.0 |
| [madler/zlib](https://github.com/madler/zlib) | 1.2.11 |
| [apache/lucene](https://github.com/apache/lucene) | 7.7.3 |
| [yaml/libyaml](https://github.com/yaml/libyaml) | 0.2.5 |
| [elastic/elasticsearch](https://github.com/elastic/elasticsearch) | 6.8.1 |
| [nucleic/cppy](https://github.com/nucleic/cppy) | 1.1.0 |
### Further reading
- "[About your profile](/articles/about-your-profile)"

19
content/github/setting-up-and-managing-your-github-user-account/managing-your-theme-settings.md
View File

@@ -1,25 +1,24 @@
---
title: Managing your theme settings
intro: 'You can manage how {% data variables.product.product_name %} looks to you by setting a theme preference that either follows your system settings or always uses light mode or dark mode.'
intro: 'You can manage how {% data variables.product.product_name %} looks to you by setting a theme preference that either follows your system settings or always uses a light or dark mode.'
versions:
free-pro-team: '*'
topics:
- accounts
---
{% note %}
**Note:** Theme settings is currently in beta and subject to change.
{% endnote %}
For choice and flexibility in how and when you use {% data variables.product.product_name %}, you can configure theme settings to change how {% data variables.product.product_name %} looks to you. You can choose from two themes, light and dark, or you can configure {% data variables.product.product_name %} to follow your system settings. Some developers use dark theme for personal preference, to reduce power consumption on certain devices, or to reduce eye strain in low-light conditions.
For choice and flexibility in how and when you use {% data variables.product.product_name %}, you can configure theme settings to change how {% data variables.product.product_name %} looks to you. You can choose from themes that are light or dark, or you can configure {% data variables.product.product_name %} to follow your system settings. You may want to use a dark theme to reduce power consumption on certain devices, to reduce eye strain in low-light conditions, or because you prefer how the theme looks.
{% data reusables.user_settings.access_settings %}
1. In the user settings sidebar, click **Appearance**.
!["Appearance" tab in user settings sidebar](/assets/images/help/settings/appearance-tab.png)
1. Under "Theme", select a theme preference.
![Radio buttons for theme settings](/assets/images/help/settings/theme-settings-radio-buttons.png)
1. Under "Theme mode", select the drop-down menu, then click a theme preference.
![Drop-down menu under "Theme mode" for selection of theme preference](/assets/images/help/settings/theme-mode-drop-down-menu.png)
1. Click the theme you'd like to use.
- If you chose a single theme, click a theme.
![Radio buttons for the choice of a single theme](/assets/images/help/settings/theme-choose-a-single-theme.png)
- If you chose to follow your system settings, click a day theme and a night theme.
![Buttons for the choice of a theme to sync with the system setting](/assets/images/help/settings/theme-choose-a-day-and-night-theme-to-sync.png)
### Further reading

4
content/github/site-policy-deprecated/github-enterprise-subscription-agreement.md
View File

@@ -15,7 +15,7 @@ BY CLICKING THE "I AGREE" OR SIMILAR BUTTON OR BY USING ANY OF THE PRODUCTS (DEF
This Agreement applies to the following GitHub offerings, as further defined below (collectively, the **"Products"**):
- GitHub Enterprise (comprised of GitHub Enterprise Server, which may include Add-On Software, and GitHub Enterprise Cloud) and GitHub One;
- GitHub Enterprise (comprised of GitHub Enterprise Server, which may include Add-On Software, and GitHub Enterprise Cloud);
- Any Beta Previews;
@@ -406,8 +406,6 @@ Some Service features may be subject to additional terms as set forth in the [Gi
**"GitHub Insights"** or **“Insights”** means the Software feature which provides Customer with metrics, analytics, and recommendations relating to their use of the Software. GitHub Insights does not include legacy features of GitHub including Organization insights and repository insights.
**“GitHub One”** means the Product bundle which includes GitHub Enterprise, Advanced Security, Insights, Learning Lab for Enterprise Server, and Premium Plus or Engineering Direct Support.
**"Learning Lab for Enterprise Server"** means the Software feature that enables Users to learn about GitHub functionality, including associated Documentation.
**"License Key"** means the data file used by the Software's access control mechanism that allows Customer to install, operate, and use the Software.

4
content/github/site-policy-deprecated/github-supplemental-terms-for-microsoft-volume-licensing.md
View File

@@ -15,7 +15,7 @@ The following GitHub Supplemental Terms (including any applicable Order Forms) s
These Supplemental Terms apply to the following GitHub Offerings, as further defined below (collectively, the "**Products**"):
- GitHub Enterprise (comprised of GitHub Enterprise Server, which may include Add-on Software, and GitHub Enterprise Cloud) and GitHub One;
- GitHub Enterprise (comprised of GitHub Enterprise Server, which may include Add-on Software, and GitHub Enterprise Cloud);
- Any related Support; and
@@ -274,8 +274,6 @@ In the event of a conflict between the Supplemental Terms, on one hand, and an O
**"GitHub Insights"** or **“Insights”** means the Software feature which provides Customer with metrics, analytics, and recommendations relating to their use of the Software. GitHub Insights does not include legacy features of GitHub including organization insights and repository insights.
**“GitHub One”** means the Product bundle which includes GitHub Enterprise, Advanced Security, Insights, Learning Lab for Enterprise Server, and Premium Plus or Engineering Direct Support.
**"Learning Lab for Enterprise Server"** means the Software feature that enables Users to learn about GitHub functionality, including associated Documentation.
**"License Key"** means the data file used by the Software's access control mechanism that allows Customer to install, operate, and use the Software.

2
content/github/site-policy/github-corporate-terms-of-service.md
View File

@@ -9,6 +9,8 @@ topics:
- legal
---
_These terms apply to 1) GitHub.com (non-Enterprise) customers who have accepted the Corporate Terms of Service, and 2) Enterprise customers who licensed the Service prior to January 4, 2021. Enterprise customers who purchase Products or Services after that date are directed to https://github.com/enterprise-legal for current terms._
THANK YOU FOR CHOOSING GITHUB FOR YOUR COMPANYS BUSINESS NEEDS. PLEASE READ THIS AGREEMENT CAREFULLY AS IT GOVERNS USE OF THE PRODUCTS (AS DEFINED BELOW), UNLESS GITHUB HAS EXECUTED A SEPARATE WRITTEN AGREEMENT WITH CUSTOMER FOR THAT PURPOSE.
BY CLICKING ON THE "I AGREE" OR SIMILAR BUTTON OR BY ACCESSING THE PRODUCTS, CUSTOMER ACCEPTS ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF CUSTOMER IS ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, CUSTOMER REPRESENTS THAT IT HAS THE LEGAL AUTHORITY TO BIND THE COMPANY OR OTHER LEGAL ENTITY TO THIS AGREEMENT.

3
content/github/site-policy/github-insights-and-data-protection-for-your-organization.md
View File

@@ -1,7 +1,6 @@
---
title: GitHub Insights and data protection for your organization
intro: '{% data variables.product.prodname_insights %} analyzes your {% data variables.product.prodname_ghe_server %} data. This data could include personal data of individuals in your organization who may have the right to understand how such personal data is being used.'
product: '{% data reusables.gated-features.github-insights %}'
redirect_from:
- /github/installing-and-configuring-github-insights/github-insights-and-data-protection-for-your-organization
- /enterprise-server@2.22/github/site-policy/github-insights-and-data-protection-for-your-organization
@@ -14,8 +13,6 @@ topics:
- legal
---
For more information about the terms that govern {% data variables.product.prodname_insights %}, see your {% data variables.product.prodname_ghe_one %} subscription agreement.
For the avoidance of doubt, none of the foregoing information should be considered legal advice provided by {% data variables.product.prodname_dotcom %}. You are responsible for securing your own legal analysis of the information provided herein and for your compliance with privacy and data protection laws. It is up to you whether to use {% data variables.product.prodname_insights %} to process your employees and users data, and if you do so, you are solely responsible for conducting such processing in compliance with applicable law.
### The organizations roles and responsibilities

20
content/github/site-policy/github-privacy-statement.md
View File

@@ -64,7 +64,7 @@ We require some basic information at the time of account creation. When you crea
##### Payment information
If you sign on to a paid Account with us, send funds through the GitHub Sponsors Program, or buy an application on GitHub Marketplace, we collect your full name, address, and credit card information or PayPal information. Please note, GitHub does not process or store your credit card information or PayPal information, but our third-party payment processor does.
If you list and sell an application on [GitHub Marketplace](https://github.com/marketplace), we require your banking information. If you raise funds through the [GitHub Sponsors Program](https://github.com/sponsors), we require some [additional information](/github/supporting-the-open-source-community-with-github-sponsors/becoming-a-sponsored-developer#submitting-your-bank-information) through the registration process for you to participate in and receive funds through those services and for compliance purposes.
If you list and sell an application on [GitHub Marketplace](https://github.com/marketplace), we require your banking information. If you raise funds through the [GitHub Sponsors Program](https://github.com/sponsors), we require some [additional information](/sponsors/receiving-sponsorships-through-github-sponsors/setting-up-github-sponsors-for-your-user-account#submitting-your-bank-information) through the registration process for you to participate in and receive funds through those services and for compliance purposes.
##### Profile information
You may choose to give us more information for your Account profile, such as your full name, an avatar which may include a photograph, your biography, your location, your company, and a URL to a third-party website. This information may include User Personal Information. Please note that your profile information may be visible to other Users of our Service.
@@ -77,7 +77,7 @@ If you have a paid Account with us, sell an application listed on [GitHub Market
##### Usage information
If you're accessing our Service or Website, we automatically collect the same basic information that most services collect, subject, where necessary, to your consent. This includes information about how you use the Service, such as the pages you view, the referring site, your IP address and session information, and the date and time of each request. This is information we collect from every visitor to the Website, whether they have an Account or not. This information may include User Personal information.
##### Cookies
##### Cookies
As further described below, we automatically collect information from cookies (such as cookie ID and settings) to keep you logged in, to remember your preferences, to identify you and your device and to analyze your use of our service.
##### Device information
@@ -147,7 +147,7 @@ For more information about our disclosure in response to legal requests, see our
We may share User Personal Information if we are involved in a merger, sale, or acquisition of corporate entities or business units. If any such change of ownership happens, we will ensure that it is under terms that preserve the confidentiality of User Personal Information, and we will notify you on our Website or by email before any transfer of your User Personal Information. The organization receiving any User Personal Information will have to honor any promises we made in our Privacy Statement or Terms of Service.
#### Aggregate, non-personally identifying information
We share certain aggregated, non-personally identifying information with others about how our users, collectively, use GitHub, or how our users respond to our other offerings, such as our conferences or events.
We share certain aggregated, non-personally identifying information with others about how our users, collectively, use GitHub, or how our users respond to our other offerings, such as our conferences or events.
We **do not** sell your User Personal Information for monetary or other consideration.
@@ -157,13 +157,13 @@ Please note: The California Consumer Privacy Act of 2018 (“CCPA”) requires b
#### Access to private repositories
If your repository is private, you control the access to your Content. If you include User Personal Information or Sensitive Personal Information, that information may only be accessible to GitHub in accordance with this Privacy Statement. GitHub personnel [do not access private repository content](/github/site-policy/github-terms-of-service#e-private-repositories) except for
If your repository is private, you control the access to your Content. If you include User Personal Information or Sensitive Personal Information, that information may only be accessible to GitHub in accordance with this Privacy Statement. GitHub personnel [do not access private repository content](/github/site-policy/github-terms-of-service#e-private-repositories) except for
- security purposes
- to assist the repository owner with a support matter
- to maintain the integrity of the Service
- to comply with our legal obligations
- if we have reason to believe the contents are in violation of the law, or
- with your consent.
- if we have reason to believe the contents are in violation of the law, or
- with your consent.
However, while we do not generally search for content in your repositories, we may scan our servers and content to detect certain tokens or security signatures, known active malware, known vulnerabilities in dependencies, or other content known to violate our Terms of Service, such as violent extremist or terrorist content or child exploitation imagery, based on algorithmic fingerprinting techniques (collectively, "automated scanning"). Our Terms of Service provides more details on [private repositories](/github/site-policy/github-terms-of-service#e-private-repositories).
@@ -238,13 +238,13 @@ That said, the email address you have supplied [via your Git commit settings](/g
#### Cookies
GitHub only uses strictly necessary cookies. Cookies are small text files that websites often store on computer hard drives or mobile devices of visitors.
GitHub only uses strictly necessary cookies. Cookies are small text files that websites often store on computer hard drives or mobile devices of visitors.
We use cookies solely to provide, secure, and improve our service. For example, we use them to keep you logged in, remember your preferences, identify your device for security purposes, analyze your use of our service, compile statistical reports, and provide information for future development of GitHub. We use our own cookies for analytics purposes, but do not use any third-party analytics service providers.
We use cookies solely to provide, secure, and improve our service. For example, we use them to keep you logged in, remember your preferences, identify your device for security purposes, analyze your use of our service, compile statistical reports, and provide information for future development of GitHub. We use our own cookies for analytics purposes, but do not use any third-party analytics service providers.
By using our service, you agree that we can place these types of cookies on your computer or device. If you disable your browser or devices ability to accept these cookies, you will not be able to log in or use our service.
We provide more information about [cookies on GitHub](/github/site-policy/github-subprocessors-and-cookies#cookies-on-github) on our [GitHub Subprocessors and Cookies](/github/site-policy/github-subprocessors-and-cookies) page that describes the cookies we set, the needs we have for those cookies, and the expiration of such cookies.
We provide more information about [cookies on GitHub](/github/site-policy/github-subprocessors-and-cookies#cookies-on-github) on our [GitHub Subprocessors and Cookies](/github/site-policy/github-subprocessors-and-cookies) page that describes the cookies we set, the needs we have for those cookies, and the expiration of such cookies.
#### DNT
@@ -321,7 +321,7 @@ In the unlikely event that a dispute arises between you and GitHub regarding our
### Changes to our Privacy Statement
Although most changes are likely to be minor, GitHub may change our Privacy Statement from time to time. We will provide notification to Users of material changes to this Privacy Statement through our Website at least 30 days prior to the change taking effect by posting a notice on our home page or sending email to the primary email address specified in your GitHub account. We will also update our [Site Policy repository](https://github.com/github/site-policy/), which tracks all changes to this policy. For other changes to this Privacy Statement, we encourage Users to [watch](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#configuring-your-watch-settings-for-an-individual-repository) or to check our Site Policy repository frequently.
Although most changes are likely to be minor, GitHub may change our Privacy Statement from time to time. We will provide notification to Users of material changes to this Privacy Statement through our Website at least 30 days prior to the change taking effect by posting a notice on our home page or sending email to the primary email address specified in your GitHub account. We will also update our [Site Policy repository](https://github.com/github/site-policy/), which tracks all changes to this policy. For other changes to this Privacy Statement, we encourage Users to [watch](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#configuring-your-watch-settings-for-an-individual-repository) or to check our Site Policy repository frequently.
### License

44
content/github/supporting-the-open-source-community-with-github-sponsors/about-github-sponsors-for-open-source-contributors.md
View File

@@ -1,44 +0,0 @@
---
title: About GitHub Sponsors for open source contributors
intro: 'If you provide value to an open source project, you can become a sponsored contributor to receive payments for your work.'
redirect_from:
- /articles/about-github-sponsors-for-sponsored-developers
- /github/supporting-the-open-source-community-with-github-sponsors/about-github-sponsors-for-sponsored-developers
versions:
free-pro-team: '*'
topics:
- sponsors
---
### Joining {% data variables.product.prodname_sponsors %}
{% data reusables.sponsors.you-can-be-a-sponsored-developer %} For more information, see "[Setting up {% data variables.product.prodname_sponsors %} for your user account](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account)."
{% data reusables.sponsors.you-can-be-a-sponsored-organization %} For more information, see "[Setting up {% data variables.product.prodname_sponsors %} for your organization](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-organization)."
After you join {% data variables.product.prodname_sponsors %}, you can add a sponsor button to the open source repository you contribute to, to increase the visibility of your {% data variables.product.prodname_sponsors %} profile and other funding platforms. For more information, see "[Displaying a sponsor button in your repository](/articles/displaying-a-sponsor-button-in-your-repository)."
You can set a goal for your sponsorships. For more information, see "[Managing your sponsorship goal](/github/supporting-the-open-source-community-with-github-sponsors/managing-your-sponsorship-goal)."
{% data reusables.sponsors.github-contact-applicants %}
### Sponsorship tiers
{% data reusables.sponsors.tier-details %} For more information, see "[Setting up {% data variables.product.prodname_sponsors %} for your user account](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account)," "[Setting up {% data variables.product.prodname_sponsors %} for your organization](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-organization), and "[Managing your sponsorship tiers](/github/supporting-the-open-source-community-with-github-sponsors/managing-your-sponsorship-tiers)."
It's best to set up a range of different sponsorship options, including monthly and one-time tiers, to make it easy for anyone to support your work. In particular, one-time payments allow people to reward your efforts without worrying about whether their finances will support a regular payment schedule.
### Sponsorship payouts
{% data reusables.sponsors.no-fees %}
{% data reusables.sponsors.payout-info %}
For more information, see "[Managing your payouts from {% data variables.product.prodname_sponsors %}](/github/supporting-the-open-source-community-with-github-sponsors/managing-your-payouts-from-github-sponsors)."
### Sharing feedback about {% data variables.product.prodname_sponsors %}
{% data reusables.sponsors.feedback %}
### Further reading
- "[FAQ with the {% data variables.product.prodname_sponsors %} team](https://github.blog/2019-06-12-faq-with-the-github-sponsors-team/)" on {% data variables.product.prodname_blog %}

45
content/github/supporting-the-open-source-community-with-github-sponsors/about-github-sponsors.md
View File

@@ -1,45 +0,0 @@
---
title: About GitHub Sponsors
intro: '{% data variables.product.prodname_sponsors %} allows the developer community to financially support the people and organizations who design, build, and maintain the open source projects they depend on, directly on {% data variables.product.product_name %}.'
redirect_from:
- /articles/about-github-sponsors
versions:
free-pro-team: '*'
topics:
- sponsors
---
### About {% data variables.product.prodname_sponsors %}
{% data reusables.sponsors.sponsorship-details %}
{% data reusables.sponsors.no-fees %} For more information, see "[About billing for {% data variables.product.prodname_sponsors %}](/articles/about-billing-for-github-sponsors)."
{% data reusables.sponsors.you-can-be-a-sponsored-developer %} For more information, see "[About {% data variables.product.prodname_sponsors %} for open source contributors](/github/supporting-the-open-source-community-with-github-sponsors/about-github-sponsors-for-open-source-contributors)" and "[Setting up {% data variables.product.prodname_sponsors %} for your user account](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account)."
{% data reusables.sponsors.you-can-be-a-sponsored-organization %} For more information, see "[Setting up {% data variables.product.prodname_sponsors %} for your organization](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-organization)."
When you become a sponsored developer or sponsored organization, additional terms for {% data variables.product.prodname_sponsors %} apply. For more information, see "[GitHub Sponsors Additional Terms](/github/site-policy/github-sponsors-additional-terms)."
### About the {% data variables.product.prodname_matching_fund %}
{% note %}
**Note:** {% data reusables.sponsors.matching-fund-eligible %}
{% endnote %}
The {% data variables.product.prodname_matching_fund %} aims to benefit members of the {% data variables.product.prodname_dotcom %} community who develop open source software that promotes the [{% data variables.product.prodname_dotcom %} Community Guidelines](/github/site-policy/github-community-guidelines). Payments to sponsored organizations and payments from organizations are not eligible for {% data variables.product.prodname_matching_fund %}.
To be eligible for the {% data variables.product.prodname_matching_fund %}, you must create a profile that will attract a community that will sustain you for the long term. For more information about creating a strong profile, see "[Editing your profile details for {% data variables.product.prodname_sponsors %}](/github/supporting-the-open-source-community-with-github-sponsors/editing-your-profile-details-for-github-sponsors)."
{% data reusables.sponsors.legal-additional-terms %}
### Sharing feedback about {% data variables.product.prodname_sponsors %}
{% data reusables.sponsors.feedback %}
### Further reading
- "[Sponsoring open source contributors](/github/supporting-the-open-source-community-with-github-sponsors/sponsoring-open-source-contributors)"
- "[Receiving sponsorships through {% data variables.product.prodname_sponsors %}](/github/supporting-the-open-source-community-with-github-sponsors/receiving-sponsorships-through-github-sponsors)"
- "[FAQ with the {% data variables.product.prodname_sponsors %} team](https://github.blog/2019-06-12-faq-with-the-github-sponsors-team/)" on {% data variables.product.prodname_blog %}

19
content/github/supporting-the-open-source-community-with-github-sponsors/attributing-sponsorships-to-your-organization.md
View File

@@ -1,19 +0,0 @@
---
title: Attributing sponsorships to your organization
intro: You can attribute the sponsorships paid by one of your organizations to another organization.
versions:
free-pro-team: '*'
permissions: People who are organization owners of both organizations can attribute one organization's sponsorships to another organization.
topics:
- sponsors
---
1. Navigate to the organization whose sponsorships you want to attribute to another organization.
1. Under your organization name, click {% octicon "heart" aria-label="The heart icon" %} **Sponsoring**.
!["Sponsoring" tab](/assets/images/help/sponsors/sponsoring-tab.png)
1. In the upper-right corner, click {% octicon "gear" aria-label="The gear icon" %} **Settings**.
!["Settings" button](/assets/images/help/sponsors/sponsoring-settings-button.png)
1. Under "Link sponsorships to another account", use the drop-down menu, then click the organization you want this organization's sponsorships to be attributed to.
![Drop-down menu to select account](/assets/images/help/sponsors/select-an-account-drop-down.png)
1. Click **Link account**.
!["Link account" button](/assets/images/help/sponsors/link-account-button.png)

24
content/github/supporting-the-open-source-community-with-github-sponsors/configuring-webhooks-for-events-in-your-sponsored-account.md
View File

@@ -1,24 +0,0 @@
---
title: Configuring webhooks for events in your sponsored account
intro: You can configure webhooks to alert you when you receive new sponsorships or existing sponsors make changes to their sponsorships.
versions:
free-pro-team: '*'
topics:
- sponsors
---
### About webhooks for events in your sponsored account
To monitor changes to your sponsorships, such as cancellations at the end of a pay period, you can create webhooks for your sponsored user or organization account. When you set up a webhook for your sponsored account, you'll receive updates when sponsorships are created, edited, or deleted. For more information, see the [`sponsorship` webhook event](/webhooks/event-payloads/#sponsorship).
### Managing webhooks for events in your sponsored account
{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
{% data reusables.sponsors.navigate-to-webhooks-tab %}
{% data reusables.sponsors.add-webhook %}
{% data reusables.sponsors.add-payload-url %}
{% data reusables.sponsors.webhook-content-formatting %}
{% data reusables.sponsors.webhook-secret-token %}
{% data reusables.sponsors.add-active-triggers %}
{% data reusables.sponsors.confirm-add-webhook %}
{% data reusables.sponsors.manage-existing-webhooks %}

27
content/github/supporting-the-open-source-community-with-github-sponsors/contacting-your-sponsors.md
View File

@@ -1,27 +0,0 @@
---
title: Contacting your sponsors
intro: You can send an email to your sponsors who have opted in to receive updates about your work.
redirect_from:
- /articles/contacting-your-sponsors
versions:
free-pro-team: '*'
topics:
- sponsors
---
### About sponsorship updates
Your sponsors can choose whether they receive email updates about your work. For more information, see "[Managing your sponsorship](/articles/managing-your-sponsorship)."
For sponsored developer accounts, the update will come from your user account's primary email address. If you've enabled email address privacy on your user account, the update will come from `noreply@github.com` instead. For sponsored organizations, the update will come from the organization's `noreply@github.com` email address. For more information, see "[Setting your commit email address](/articles/setting-your-commit-email-address)."
You can also contact any one-time sponsors who contributed within the last 30 days and enabled updates.
### Contacting your sponsors
{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
{% data reusables.sponsors.sponsors-updates-tab %}
{% data reusables.sponsors.draft-new-update %}
{% data reusables.sponsors.send-update-to-sponsors %}
{% data reusables.sponsors.write-sponsor-update %}
{% data reusables.sponsors.publish-sponsor-update %}

28
content/github/supporting-the-open-source-community-with-github-sponsors/editing-your-profile-details-for-github-sponsors.md
View File

@@ -1,28 +0,0 @@
---
title: Editing your profile details for GitHub Sponsors
intro: You can update the information that potential sponsors see about your work.
redirect_from:
- /articles/editing-your-sponsored-developer-profile
- /github/supporting-the-open-source-community-with-github-sponsors/editing-your-sponsored-developer-profile
versions:
free-pro-team: '*'
topics:
- sponsors
---
### About sponsor profiles
Your {% data variables.product.prodname_sponsors %} profile tells potential sponsors why they should support you. People see your sponsor profile when they click the **Sponsor** button on your profile. We recommend including the following information.
- Open source work that you contribute to
- Why you are committed to open source development
### Editing your profile details
{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
{% data reusables.sponsors.navigate-to-profile-tab %}
{% data reusables.sponsors.short-bio %}
{% data reusables.sponsors.add-introduction %}
{% data reusables.sponsors.edit-featured-work %}
{% data reusables.sponsors.opt-in-to-being-featured %}
{% data reusables.sponsors.save-profile %}

33
content/github/supporting-the-open-source-community-with-github-sponsors/index.md
View File

@@ -1,33 +0,0 @@
---
title: Supporting the open source community with GitHub Sponsors
shortTitle: GitHub Sponsors
intro: 'You can support the people and organizations who design, build, and maintain the open source projects you depend on by compensating them via {% data variables.product.prodname_dotcom %}.'
redirect_from:
- /categories/supporting-the-open-source-community-with-github-sponsors
versions:
free-pro-team: '*'
topics:
- sponsors
---
### Table of Contents
{% topic_link_in_list /overview %}
{% link_in_list /about-github-sponsors %}
{% topic_link_in_list /sponsoring-open-source-contributors %}
{% link_in_list /sponsoring-an-open-source-contributor %}
{% link_in_list /managing-your-sponsorship %}
{% link_in_list /attributing-sponsorships-to-your-organization %}
{% topic_link_in_list /receiving-sponsorships-through-github-sponsors %}
{% link_in_list /about-github-sponsors-for-open-source-contributors %}
{% link_in_list /setting-up-github-sponsors-for-your-user-account %}
{% link_in_list /setting-up-github-sponsors-for-your-organization %}
{% link_in_list /editing-your-profile-details-for-github-sponsors %}
{% link_in_list /managing-your-sponsorship-goal %}
{% link_in_list /managing-your-sponsorship-tiers %}
{% link_in_list /viewing-your-sponsors-and-sponsorships %}
{% link_in_list /managing-your-payouts-from-github-sponsors %}
{% link_in_list /configuring-webhooks-for-events-in-your-sponsored-account %}
{% link_in_list /contacting-your-sponsors %}
{% link_in_list /tax-information-for-github-sponsors %}

22
content/github/supporting-the-open-source-community-with-github-sponsors/managing-your-payouts-from-github-sponsors.md
View File

@@ -1,22 +0,0 @@
---
title: Managing your payouts from GitHub Sponsors
intro: 'You can view information about past and future payouts from {% data variables.product.prodname_sponsors %} and edit your bank information.'
redirect_from:
- /articles/managing-your-payouts-from-github-sponsors
versions:
free-pro-team: '*'
topics:
- sponsors
---
### About payouts from {% data variables.product.prodname_sponsors %}
You can only manage your payouts from {% data variables.product.prodname_sponsors %} if you are paid through Stripe Connect. If you are paid through ACH transfer or wire transfer for your sponsored user account, you will not see the **Payouts** tab on your sponsored open source contributor dashboard. Sponsored organizations can only use Stripe Connect for payouts. For more information, see "[About {% data variables.product.prodname_sponsors %} for open source contributors](/github/supporting-the-open-source-community-with-github-sponsors/about-github-sponsors-for-open-source-contributors#sponsorship-payouts)."
{% data reusables.sponsors.payout-info %}
### Viewing and editing payout information
{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
{% data reusables.sponsors.navigate-to-payouts-tab %}
{% data reusables.sponsors.edit-bank-information %}

47
content/github/supporting-the-open-source-community-with-github-sponsors/managing-your-sponsorship-goal.md
View File

@@ -1,47 +0,0 @@
---
title: Managing your sponsorship goal
intro: You can set a goal for your sponsored developer or sponsored organization account to help the community understand the impact of sponsoring you.
versions:
free-pro-team: '*'
topics:
- sponsors
---
### About sponsorship goals
You can set a funding goal for your sponsored account and share the goal with your community. Goals help you understand the impact you have in the open source community and build up your presence in the {% data variables.product.prodname_sponsors %} program.
Your goal can set a target for the number of sponsors you want to have or the amount of money you want to earn each month. You can only set one goal up at a time. After you reach a goal, you can set another goal.
{% note %}
**Note:** Goals are intended to help people track momentum so only monthly sponsors contribute toward your goal.
{% endnote %}
### Setting a goal
{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
{% data reusables.sponsors.navigate-to-your-goals-tab %}
{% data reusables.sponsors.set-a-goal %}
{% data reusables.sponsors.select-goal-type %}
{% data reusables.sponsors.publish-goal %}
### Editing a goal
When you edit a goal, you can't choose a goal you've already achieved. For example, if you already have 5 sponsors, you can't edit your goal so that you're aiming for 4 sponsors.
{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
{% data reusables.sponsors.navigate-to-your-goals-tab %}
{% data reusables.sponsors.edit-goal %}
{% data reusables.sponsors.select-goal-type %}
{% data reusables.sponsors.publish-goal %}
### Retiring a goal
After you retire a goal, you won't be able to reactivate the goal. You must create a new goal instead.
{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
{% data reusables.sponsors.navigate-to-your-goals-tab %}
{% data reusables.sponsors.edit-goal %}
{% data reusables.sponsors.retire-goal %}

45
content/github/supporting-the-open-source-community-with-github-sponsors/managing-your-sponsorship-tiers.md
View File

@@ -1,45 +0,0 @@
---
title: Managing your sponsorship tiers
intro: 'You can add a new sponsorship tier, or edit or retire an existing tier.'
redirect_from:
- /articles/changing-your-sponsorship-tiers
- /github/supporting-the-open-source-community-with-github-sponsors/changing-your-sponsorship-tiers
versions:
free-pro-team: '*'
topics:
- sponsors
---
### About sponsorship tiers
{% data reusables.sponsors.tier-details %}
{% data reusables.sponsors.maximum-tier %}
### Adding a tier
{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
{% data reusables.sponsors.navigate-to-sponsor-tiers-tab %}
{% data reusables.sponsors.click-add-tier %}
{% data reusables.sponsors.tier-price-description %}
{% data reusables.sponsors.save-tier-draft %}
{% data reusables.sponsors.review-and-publish-tier %}
### Editing or retiring a tier
{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
{% data reusables.sponsors.navigate-to-sponsor-tiers-tab %}
{% data reusables.sponsors.edit-tier %}
{% data reusables.sponsors.tier-price-description %}
{% data reusables.sponsors.tier-update %}
{% data reusables.sponsors.retire-tier %}
### Enabling tiers with custom amounts
{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
{% data reusables.sponsors.navigate-to-sponsor-tiers-tab %}
{% data reusables.sponsors.enable-custom-amounts %}
### Disabling tiers with custom amounts
You can disable tiers with custom amounts by deselecting the **Enable custom amounts** option on the **Sponsor tiers** tab. If you disable custom amounts, all custom tiers are retired.

37
content/github/supporting-the-open-source-community-with-github-sponsors/managing-your-sponsorship.md
View File

@@ -1,37 +0,0 @@
---
title: Managing your sponsorship
intro: You can manage who can see your sponsorship and whether you receive email updates from the sponsored account.
redirect_from:
- /articles/managing-your-sponsorship
versions:
free-pro-team: '*'
topics:
- sponsors
---
{% data reusables.sponsors.org-sponsors-release-phase %}
### Managing the privacy setting for your sponsorship
{% data reusables.sponsors.navigate-to-sponsored-account %}
{% data reusables.sponsors.sponsorship-dashboard %}
{% data reusables.sponsors.manage-sponsorship %}
{% data reusables.sponsors.who-can-see-your-sponsorship %}
{% data reusables.sponsors.update-sponsorship %}
### Managing email updates for your sponsorship
You can choose whether an account you sponsor can send you email updates about their work. The sponsored account will not have access to your email address.
{% data reusables.sponsors.manage-updates-for-orgs %}
{% data reusables.sponsors.navigate-to-sponsored-account %}
{% data reusables.sponsors.sponsorship-dashboard %}
{% data reusables.sponsors.manage-sponsorship %}
{% data reusables.sponsors.choose-updates %}
{% data reusables.sponsors.update-sponsorship %}
### Further reading
- "[Upgrading a sponsorship](/articles/upgrading-a-sponsorship)"
- "[Downgrading a sponsorship](/articles/downgrading-a-sponsorship)"

10
content/github/supporting-the-open-source-community-with-github-sponsors/overview.md
View File

@@ -1,10 +0,0 @@
---
title: Overview
intro: 'Learn about {% data variables.product.prodname_sponsors %} and how you can get involved as a sponsor or open source contributor.'
mapTopic: true
versions:
free-pro-team: '*'
topics:
- sponsors
---

14
content/github/supporting-the-open-source-community-with-github-sponsors/receiving-sponsorships-through-github-sponsors.md
View File

@@ -1,14 +0,0 @@
---
title: Receiving sponsorships through GitHub Sponsors
shortTitle: Receiving sponsorships
intro: 'You or your organization can become a sponsored open source contributor to receive payments for your work, update your sponsorship details, and view and contact your sponsors.'
mapTopic: true
redirect_from:
- /articles/receiving-sponsorships-as-a-sponsored-developer
- /github/supporting-the-open-source-community-with-github-sponsors/receiving-sponsorships-as-a-sponsored-developer
versions:
free-pro-team: '*'
topics:
- sponsors
---

88
content/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-organization.md
View File

@@ -1,88 +0,0 @@
---
title: Setting up GitHub Sponsors for your organization
intro: 'Your organization can join {% data variables.product.prodname_sponsors %} to receive payments for your work.'
redirect_from:
- /articles/setting-up-github-sponsorship-for-your-organization
- /articles/receiving-sponsorships-as-a-sponsored-organization
permissions: 'Organization owners can set up {% data variables.product.prodname_sponsors %} for an organization.'
versions:
free-pro-team: '*'
topics:
- sponsors
---
### Joining {% data variables.product.prodname_sponsors %}
{% data reusables.sponsors.you-can-be-a-sponsored-organization %} {% data reusables.sponsors.stripe-supported-regions %}
After you receive an invitation for your organization to join {% data variables.product.prodname_sponsors %}, you can complete the steps below to become a sponsored organization.
To join {% data variables.product.prodname_sponsors %} as an individual contributor outside an organization, see "[Setting up {% data variables.product.prodname_sponsors %} for your user account](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account)."
{% data reusables.sponsors.navigate-to-github-sponsors %}
{% data reusables.sponsors.view-eligible-accounts %}
3. To the right of your organization, click **Join the waitlist**.
{% data reusables.sponsors.contact-info %}
{% data reusables.sponsors.accept-legal-terms %}
### Completing your sponsored organization profile
{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
{% data reusables.sponsors.navigate-to-profile-tab %}
{% data reusables.sponsors.short-bio %}
{% data reusables.sponsors.add-introduction %}
{% data reusables.sponsors.meet-the-team %}
{% data reusables.sponsors.edit-featured-work %}
{% data reusables.sponsors.opt-in-to-being-featured %}
{% data reusables.sponsors.save-profile %}
### Creating sponsorship tiers
{% data reusables.sponsors.tier-details %}
{% data reusables.sponsors.maximum-tier %}
{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
{% data reusables.sponsors.navigate-to-sponsor-tiers-tab %}
{% data reusables.sponsors.click-add-tier %}
{% data reusables.sponsors.tier-price-description %}
{% data reusables.sponsors.save-tier-draft %}
{% data reusables.sponsors.review-and-publish-tier %}
{% data reusables.sponsors.enable-custom-amounts %}
{% data reusables.sponsors.add-more-tiers %}
### Submitting your bank information
As a sponsored organization, you must receive payouts to a dedicated bank account for your organization in a supported region. You can get a business bank account through services like [Open Collective](https://opencollective.com/) and [Stripe Atlas](https://stripe.com/atlas). The region your organization legally operates in and the region of your bank account must match. The person setting up {% data variables.product.prodname_sponsors %} for the organization must live in the same supported region, too. {% data reusables.sponsors.stripe-supported-regions %}
{% data reusables.sponsors.double-check-stripe-info %}
{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
{% data reusables.sponsors.create-stripe-account %}
For more information about setting up Stripe Connect using Open Collective, see [Setting up {% data variables.product.prodname_sponsors %}](https://docs.opencollective.com/help/collectives/github-sponsors) in the Open Collective Docs.
### Submitting your tax information
{% data reusables.sponsors.tax-form-information-org %}
{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
{% data reusables.sponsors.settings-tab %}
{% data reusables.sponsors.country-of-residence %}
{% data reusables.sponsors.overview-tab %}
{% data reusables.sponsors.tax-form-link %}
### Enabling two-factor authentication (2FA) on your {% data variables.product.prodname_dotcom %} account
Before your organization can become a sponsored organization, you must enable 2FA on your {% data variables.product.product_name %} account. For more information, see "[Configuring two-factor authentication](/articles/configuring-two-factor-authentication)."
### Submitting your application to {% data variables.product.prodname_dotcom %} for approval
{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
{% data reusables.sponsors.request-approval %}
{% data reusables.sponsors.github-review-app %}
### Further reading
- "[About {% data variables.product.prodname_sponsors %}](/articles/about-github-sponsors)"
- "[Receiving sponsorships through {% data variables.product.prodname_sponsors %}](/github/supporting-the-open-source-community-with-github-sponsors/receiving-sponsorships-through-github-sponsors)"

83
content/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account.md
View File

@@ -1,83 +0,0 @@
---
title: Setting up GitHub Sponsors for your user account
intro: 'You can become a sponsored developer by joining {% data variables.product.prodname_sponsors %}, completing your sponsored developer profile, creating sponsorship tiers, submitting your bank and tax information, and enabling two-factor authentication on your {% data variables.product.prodname_dotcom %} account.'
redirect_from:
- /articles/becoming-a-sponsored-developer
- /github/supporting-the-open-source-community-with-github-sponsors/becoming-a-sponsored-developer
versions:
free-pro-team: '*'
topics:
- sponsors
---
### Joining {% data variables.product.prodname_sponsors %}
{% data reusables.sponsors.you-can-be-a-sponsored-developer %} {% data reusables.sponsors.stripe-supported-regions %}
To join {% data variables.product.prodname_sponsors %} as an organization, see "[Setting up {% data variables.product.prodname_sponsors %} for your organization](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-organization)."
{% data reusables.sponsors.navigate-to-github-sponsors %}
2. If you are an organization owner, you have more than one eligible account. Click **View your eligible accounts**, then in the list of accounts, find your user account.
3. Click **Join the waitlist**.
{% data reusables.sponsors.contact-info %}
{% data reusables.sponsors.accept-legal-terms %}
If you have a bank account in a supported region, {% data variables.product.prodname_dotcom %} will review your application within two weeks.
### Completing your sponsored developer profile
After {% data variables.product.prodname_dotcom %} reviews your application, you can set up your sponsored developer profile so that people can start sponsoring you.
{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
{% data reusables.sponsors.navigate-to-profile-tab %}
{% data reusables.sponsors.short-bio %}
{% data reusables.sponsors.add-introduction %}
{% data reusables.sponsors.edit-featured-work %}
{% data reusables.sponsors.opt-in-to-being-featured %}
{% data reusables.sponsors.save-profile %}
### Creating sponsorship tiers
{% data reusables.sponsors.tier-details %}
{% data reusables.sponsors.maximum-tier %}
{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
{% data reusables.sponsors.navigate-to-sponsor-tiers-tab %}
{% data reusables.sponsors.click-add-tier %}
{% data reusables.sponsors.tier-price-description %}
{% data reusables.sponsors.save-tier-draft %}
{% data reusables.sponsors.review-and-publish-tier %}
{% data reusables.sponsors.enable-custom-amounts %}
{% data reusables.sponsors.add-more-tiers %}
### Submitting your bank information
If you live in a supported region, you can follow these instructions to submit your bank information by creating a Stripe Connect account. Your region of residence and the region of your bank account must match. {% data reusables.sponsors.stripe-supported-regions %}
{% data reusables.sponsors.double-check-stripe-info %}
{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
{% data reusables.sponsors.create-stripe-account %}
### Submitting your tax information
{% data reusables.sponsors.tax-form-information-dev %}
{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
{% data reusables.sponsors.settings-tab %}
{% data reusables.sponsors.country-of-residence %}
{% data reusables.sponsors.overview-tab %}
{% data reusables.sponsors.tax-form-link %}
### Enabling two-factor authentication (2FA) on your {% data variables.product.prodname_dotcom %} account
Before you can become a sponsored developer, you must enable 2FA on your {% data variables.product.product_name %} account. For more information, see "[Configuring two-factor authentication](/articles/configuring-two-factor-authentication)."
### Submitting your application to {% data variables.product.prodname_dotcom %} for approval
{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
4. Click **Request approval**.
![Request approval button](/assets/images/help/sponsors/request-approval-button.png)
{% data reusables.sponsors.github-review-app %}

67
content/github/supporting-the-open-source-community-with-github-sponsors/sponsoring-an-open-source-contributor.md
View File

@@ -1,67 +0,0 @@
---
title: Sponsoring an open source contributor
intro: 'You can make a one-time or monthly recurring payment to a developer or organization who designs, creates, or maintains open source projects you depend on.'
redirect_from:
- /articles/sponsoring-a-developer
- /articles/sponsoring-an-open-source-contributor
- /github/supporting-the-open-source-community-with-github-sponsors/sponsoring-a-developer
versions:
free-pro-team: '*'
permissions: Anyone can sponsor accounts on behalf of their own user account. Organization owners and billing managers can sponsor accounts on behalf of their organization.
topics:
- sponsors
---
{% data reusables.sponsors.org-sponsors-release-phase %}
### About sponsorships
{% data reusables.sponsors.sponsorship-details %}
You can sponsor an account on behalf of your user account to invest in projects that you personally benefit from. You can sponsor an account on behalf of your organization for many reasons.
- Sustaining specific libraries that your organization's work depends on
- Investing in the ecosystem you rely on as a organization (such as blockchain)
- Developing brand awareness as an organization that values open source
- Thanking open source developers for building libraries that complement the product your organization offers
You use your normal payment method to sponsor an account on {% data variables.product.product_name %}. If your organization wants to pay by invoice, [contact us](https://support.github.com/contact/org-sponsors-waitlist).
{% data reusables.sponsors.no-fees %} For more information, see "[About billing for {% data variables.product.prodname_sponsors %}](/articles/about-billing-for-github-sponsors)."
When you sponsor an account the change is effective immediately, unless you are sponsoring on behalf of an organization that pays by invoice. {% data reusables.sponsors.prorated-sponsorship %} Your sponsorship is included in the next scheduled payment to the sponsored account.
{% data reusables.sponsors.manage-updates-for-orgs %}
If the sponsored account retires your tier, the tier will remain in place for you until you choose a different tier or cancel your subscription. For more information, see "[Upgrading a sponsorship](/articles/upgrading-a-sponsorship)" and "[Downgrading a sponsorship](/articles/downgrading-a-sponsorship)."
If the account you want to sponsor does not have a profile on {% data variables.product.prodname_sponsors %}, you can encourage the account to join. For more information, see "[Setting up {% data variables.product.prodname_sponsors %} for your user account](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account)" and "[Setting up {% data variables.product.prodname_sponsors %} for your organization](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-organization)."
{% data reusables.sponsors.sponsorships-not-tax-deductible %}
{% note %}
**Note:** {% data variables.product.prodname_dotcom %} is not responsible for how developers represent themselves nor does {% data variables.product.prodname_dotcom %} endorse any sponsored open source projects. The claims are solely the responsibility of the developer receiving the funds. Make sure you trust a person before offering a sponsorship. For more information, see the [{% data variables.product.prodname_sponsors %} Additional Terms](/github/site-policy/github-sponsors-additional-terms).
{% endnote %}
### Sponsoring an account
Before you can sponsor an account, you must have a verified email address. For more information, see "[Verifying your email address](/github/getting-started-with-github/verifying-your-email-address)."
1. On {% data variables.product.product_name %}, navigate to the profile of the user or organization you want to sponsor.
1. Navigate to your sponsorship dashboard for the account.
- To sponsor a developer, under the developer's name, click **Sponsor**.
![Sponsor button](/assets/images/help/profile/sponsor-button.png)
- To sponsor an organization, to the right of the organization's name, click **Sponsor**.
![Sponsor button](/assets/images/help/sponsors/sponsor-org-button.png)
1. Optionally, on the right side of the page, to sponsor the account on behalf of your organization, use the **Sponsor as** drop-down menu, and click the organization.
![Drop-down menu to choose the account you'll sponsor as](/assets/images/help/sponsors/sponsor-as-drop-down-menu.png)
{% data reusables.sponsors.review-tiers-to-select %}
{% data reusables.sponsors.select-a-tier %}
{% data reusables.sponsors.pay-prorated-amount %}
{% data reusables.sponsors.select-sponsorship-billing %}
![Edit payment button](/assets/images/help/sponsors/edit-sponsorship-payment-button.png)
{% data reusables.sponsors.who-can-see-your-sponsorship %}
![Radio buttons to choose who can see your sponsorship](/assets/images/help/sponsors/who-can-see-sponsorship.png)
{% data reusables.sponsors.choose-updates %}
{% data reusables.sponsors.sponsor-account %}

13
content/github/supporting-the-open-source-community-with-github-sponsors/sponsoring-open-source-contributors.md
View File

@@ -1,13 +0,0 @@
---
title: Sponsoring open source contributors
intro: 'You can sponsor contributors, receive updates on developers and organizations you sponsor, and display a sponsor badge throughout {% data variables.product.product_name %}.'
mapTopic: true
redirect_from:
- /articles/sponsoring-open-source-developers
- /github/supporting-the-open-source-community-with-github-sponsors/sponsoring-open-source-developers
versions:
free-pro-team: '*'
topics:
- sponsors
---

23
content/github/supporting-the-open-source-community-with-github-sponsors/tax-information-for-github-sponsors.md
View File

@@ -1,23 +0,0 @@
---
title: Tax information for GitHub Sponsors
intro: 'Sponsored developers and organizations must submit tax information to {% data variables.product.prodname_dotcom %} and are responsible for evaluating and paying their own taxes.'
redirect_from:
- /articles/tax-information-for-sponsored-developers
- /github/supporting-the-open-source-community-with-github-sponsors/tax-information-for-sponsored-developers
versions:
free-pro-team: '*'
topics:
- sponsors
---
If you are a taxpayer in the United States, you must submit a W-9 before you can receive payments. If you are a taxpayer in any other region besides the United States, you must submit a W-8BEN before you can receive payments. For more information, see "[Setting up {% data variables.product.prodname_sponsors %} for your user account](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-user-account#submitting-your-tax-information)" and "[Setting up {% data variables.product.prodname_sponsors %} for your organization](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-organization#submitting-your-tax-information)." {% data variables.product.prodname_dotcom %} will send you the appropriate forms, notify you when they are due, and give you a reasonable amount of time to complete and send in the forms.
If you are a taxpayer in the United States and earn more than $600 in a tax year, {% data variables.product.prodname_dotcom %} will send you a 1099 before January 31 of the next calendar year. We do not provide tax forms for international taxpayers.
{% data variables.product.prodname_dotcom %} does not withhold tax from {% data variables.product.prodname_sponsors %} payments. Sponsored developers are responsible for evaluating and paying their own taxes.
{% data reusables.sponsors.sponsorships-not-tax-deductible %}
### Further reading
- [Viewing your sponsors and sponsorships](/github/supporting-the-open-source-community-with-github-sponsors/viewing-your-sponsors-and-sponsorships)

36
content/github/supporting-the-open-source-community-with-github-sponsors/viewing-your-sponsors-and-sponsorships.md
View File

@@ -1,36 +0,0 @@
---
title: Viewing your sponsors and sponsorships
intro: You can view and export detailed information and analytics about your sponsors and sponsorships.
redirect_from:
- /articles/viewing-your-sponsors-and-sponsorships
versions:
free-pro-team: '*'
topics:
- sponsors
---
### About sponsors and sponsorships
You can view analytics on your current and past sponsorships, the payments you've received from sponsors, and events, such as cancellations and sponsor tier changes for your sponsorships. You can also view activity such as new sponsorships, changes to sponsorships, and canceled sponsorships. You can filter the list of activities by date. You can also export sponsorship data for the account you're viewing in CSV or JSON format.
### Viewing your sponsors and sponsorships
{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
1. Optionally, to filter your sponsors by tier, use the **Filter** drop-down menu, click **Active tiers** or **Retired tiers**, and select a tier.
![Drop-down menu to filter by tier](/assets/images/help/sponsors/filter-drop-down.png)
### Viewing recent sponsorship activity
{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
{% data reusables.sponsors.activity-tab %}
### Exporting your sponsorship data
You can export your sponsorship transactions by month. {% data variables.product.company_short %} will send you an email with transaction data for all of your sponsors for the month you select. After the export is complete, you can export another month of data. You can export up to 10 sets of data per hour for any of your sponsored accounts.
{% data reusables.sponsors.navigate-to-sponsors-dashboard %}
{% data reusables.sponsors.activity-tab %}
1. Click {% octicon "download" aria-label="The download icon" %} **Export**.
![Export button](/assets/images/help/sponsors/export-all.png)
1. Choose a time frame and a format for the data you'd like to export, then click **Start export**.
![Options for data export](/assets/images/help/sponsors/export-your-sponsors.png)

41
content/github/visualizing-repository-data-with-graphs/about-the-dependency-graph.md
View File

@@ -6,25 +6,19 @@ versions:
topics:
- repositories
---
<!--See /content/code-security/supply-chain-security/about-the-dependency-graph for the latest version of this article -->
### Dependency graph availability
The dependency graph is available for every{% if currentVersion == "free-pro-team@latest" %} public{% endif %} repository that defines dependencies in a supported package ecosystem using a supported file format.{% if currentVersion == "free-pro-team@latest" %} Repository administrators can also set up the dependency graph for private repositories.{% endif %}
The dependency graph is available for every repository that defines dependencies in a supported package ecosystem using a supported file format.
{% data reusables.repositories.enable-security-alerts %}
### About the dependency graph
The dependency graph is a summary of the manifest and lock files stored in a repository. For each repository, it shows{% if currentVersion == "free-pro-team@latest" %}:
The dependency graph is a summary of the manifest and lock files stored in a repository. For each repository, it shows dependencies, that is, the ecosystems and packages it depends on. {% data variables.product.prodname_ghe_server %} does not calculate information about dependents, the repositories and packages that depend on a repository.
- Dependencies, the ecosystems and packages it depends on
- Dependents, the repositories and packages that depend on it{% else %} dependencies, that is, the ecosystems and packages it depends on. {% data variables.product.prodname_ghe_server %} does not calculate information about dependents, the repositories and packages that depend on a repository.{% endif %}
When you push a commit to {% data variables.product.product_name %} that changes or adds a supported manifest or lock file to the default branch, the dependency graph is automatically updated.{% if currentVersion == "free-pro-team@latest" %} In addition, the graph is updated when anyone pushes a change to the repository of one of your dependencies.{% endif %} For information on the supported ecosystems and manifest files, see "[Supported package ecosystems](#supported-package-ecosystems)" below.
{% if currentVersion == "free-pro-team@latest" %}
When you create a pull request containing changes to dependencies that targets the default branch, {% data variables.product.prodname_dotcom %} uses the dependency graph to add dependency reviews to the pull request. These indicate whether the dependencies contain vulnerabilities and, if so, the version of the dependency in which the vulnerability was fixed. For more information, see "[Reviewing dependency changes in a pull request](/github/collaborating-with-issues-and-pull-requests/reviewing-dependency-changes-in-a-pull-request)."
{% endif %}
When you push a commit to {% data variables.product.product_name %} that changes or adds a supported manifest or lock file to the default branch, the dependency graph is automatically updated. For information on the supported ecosystems and manifest files, see "[Supported package ecosystems](#supported-package-ecosystems)" below.
### Dependencies included
@@ -33,40 +27,30 @@ The dependency graph includes all the dependencies of a repository that are deta
- Direct dependencies, that are explicitly defined in a manifest or lock file
- Indirect dependencies of these direct dependencies, also known as transitive dependencies or sub-dependencies
The dependency graph identifies indirect dependencies{% if currentVersion == "free-pro-team@latest" %} either explicitly from a lock file or by checking the dependencies of your direct dependencies. For the most reliable graph, you should use lock files (or their equivalent) because they define exactly which versions of the direct and indirect dependencies you currently use. If you use lock files, you also ensure that all contributors to the repository are using the same versions, which will make it easier for you to test and debug code{% else %} from the lock files{% endif %}.
{% if currentVersion == "free-pro-team@latest" %}
### Dependents included
For public repositories, only public repositories that depend on it or on packages that it publishes are reported. This information is not reported for private repositories.{% endif %}
The dependency graph identifies indirect dependencies.
### Using the dependency graph
You can use the dependency graph to:
- Explore the repositories your code depends on{% if currentVersion == "free-pro-team@latest" %}, and those that depend on it{% endif %}. For more information, see "[Exploring the dependencies of a repository](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-of-a-repository)." {% if currentVersion == "free-pro-team@latest" %}
- View a summary of the dependencies used in your organization's repositories in a single dashboard. For more information, see "[Viewing insights for your organization](/articles/viewing-insights-for-your-organization#viewing-organization-dependency-insights)."{% endif %}
- View and update vulnerable dependencies for your repository. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)."{% if currentVersion == "free-pro-team@latest" %}
- See information about vulnerable dependencies in pull requests. For more information, see "[Reviewing dependency changes in a pull request](/github/collaborating-with-issues-and-pull-requests/reviewing-dependency-changes-in-a-pull-request)."{% endif %}
- Explore the repositories your code depends on. For more information, see "[Exploring the dependencies of a repository](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-of-a-repository)."
- View and update vulnerable dependencies for your repository. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)."
### Enabling the dependency graph
{% if currentVersion == "free-pro-team@latest" %}To generate a dependency graph, {% data variables.product.product_name %} needs read-only access to the dependency manifest and lock files for a repository. The dependency graph is automatically generated for all public repositories and you can choose to enable it for private repositories. For information about enabling or disabling it for private repositories, see "[Exploring the dependencies of a repository](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-of-a-repository)."{% endif %}
{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21" %}If the dependency graph is not available in your system, your site administrator can enable the dependency graph and {% data variables.product.prodname_dependabot_alerts %}. For more information, see "[Enabling alerts for vulnerable dependencies on {% data variables.product.prodname_ghe_server %}](/enterprise/{{ currentVersion }}/admin/configuration/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server)."{% endif %}
{% if enterpriseServerVersions contains currentVersion and currentVersion ver_lt "enterprise-server@2.22" %} If the dependency graph is not available in your system, your site administrator can enable the dependency graph and security alerts. For more information, see "[Enabling alerts for vulnerable dependencies on {% data variables.product.prodname_ghe_server %}](/enterprise/{{ currentVersion }}/admin/configuration/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server)."
{% endif %}
When the dependency graph is first enabled, any manifest and lock files for supported ecosystems are parsed immediately. The graph is usually populated within minutes but this may take longer for repositories with many dependencies. Once enabled, the graph is automatically updated with every push to the repository{% if currentVersion == "free-pro-team@latest" %} and every push to other repositories in the graph{% endif %}.
When the dependency graph is first enabled, any manifest and lock files for supported ecosystems are parsed immediately. The graph is usually populated within minutes but this may take longer for repositories with many dependencies. Once enabled, the graph is automatically updated with every push to the repository.
### Supported package ecosystems
The recommended formats explicitly define which versions are used for all direct and all indirect dependencies. If you use these formats, your dependency graph is more accurate. It also reflects the current build set up and enables the dependency graph to report vulnerabilities in both direct and indirect dependencies.{% if currentVersion == "free-pro-team@latest" %} Indirect dependencies that are inferred from a manifest file (or equivalent) are excluded from the checks for vulnerable dependencies.{% endif %}
The recommended formats explicitly define which versions are used for all direct and all indirect dependencies. If you use these formats, your dependency graph is more accurate. It also reflects the current build set up and enables the dependency graph to report vulnerabilities in both direct and indirect dependencies.
{% if currentVersion == "free-pro-team@latest" %}The ecosystems listed below are supported for the dependency graph, {% data variables.product.prodname_dependabot_alerts %}, and {% data variables.product.prodname_dependabot_security_updates %}.{% endif %}
{% if currentVersion ver_gt "enterprise-server@2.21" %}The ecosystems listed below are supported for the dependency graph and {% data variables.product.prodname_dependabot_alerts %}.{% endif %}
The ecosystems listed below are supported for the dependency graph and {% if currentVersion == "enterprise-server@2.22" %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %}.
| Package manager | Languages | Recommended formats | All supported formats |
| --- | --- | --- | ---|
@@ -87,7 +71,4 @@ The recommended formats explicitly define which versions are used for all direct
### Further reading
- "[Dependency graph](https://en.wikipedia.org/wiki/Dependency_graph)" on Wikipedia
- "[Exploring the dependencies of a repository](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-of-a-repository)"{% if currentVersion == "free-pro-team@latest" %}
- "[Viewing insights for your organization](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-your-organization)"
- "[Viewing and updating vulnerable dependencies in your repository](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)"
- "[Troubleshooting the detection of vulnerable dependencies](/github/managing-security-vulnerabilities/troubleshooting-the-detection-of-vulnerable-dependencies)"{% endif %}
- "[Exploring the dependencies of a repository](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-of-a-repository)"

68
content/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-of-a-repository.md
View File

@@ -6,30 +6,20 @@ versions:
topics:
- repositories
---
<!--See /content/code-security/supply-chain-security/exploring-the-dependencies-of-a-repository for the latest version of this article -->
### Viewing the dependency graph
{% data reusables.repositories.enable-security-alerts %}
The dependency graph shows the dependencies{% if currentVersion == "free-pro-team@latest" %} and dependents{% endif %} of your repository. For information about the detection of dependencies and which ecosystems are supported, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)."
The dependency graph shows the dependencies of your repository. For information about the detection of dependencies and which ecosystems are supported, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)."
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.accessing-repository-graphs %}
{% data reusables.repositories.click-dependency-graph %}{% if currentVersion == "free-pro-team@latest" %}
4. Optionally, under "Dependency graph", click **Dependents**.
![Dependents tab on the dependency graph page](/assets/images/help/graphs/dependency-graph-dependents-tab.png){% endif %}
{% data reusables.repositories.click-dependency-graph %}
#### Dependencies view
{% if currentVersion == "free-pro-team@latest" %}
Dependencies are grouped by ecosystem. You can expand a dependency to view its dependencies. For dependencies on public repositories hosted on {% data variables.product.product_name %}, you can also click a dependency to view the repository. Dependencies on private repositories, private packages, or unrecognized files are shown in plain text.
If vulnerabilities have been detected in the repository, these are shown at the top of the view for users with access to {% data variables.product.prodname_dependabot_alerts %}.
![Dependencies graph](/assets/images/help/graphs/dependencies_graph.png)
{% endif %}
{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21" %}
Any direct and indirect dependencies that are specified in the repository's manifest or lock files are listed, grouped by ecosystem. If vulnerabilities have been detected in the repository, these are shown at the top of the view for users with access to {% data variables.product.prodname_dependabot_alerts %}.
@@ -56,60 +46,8 @@ Any direct and indirect dependencies that are specified in the repository's mani
{% endif %}
{% if currentVersion == "free-pro-team@latest" %}
#### Dependents view
For public repositories, the dependents view shows how the repository is used by other repositories. To show only the repositories that contain a library in a package manager, click **NUMBER Packages** immediately above the list of dependent repositories. The dependent counts are approximate and may not always match the dependents listed.
![Dependents graph](/assets/images/help/graphs/dependents_graph.png)
### Enabling and disabling the dependency graph for a private repository
Repository administrators can enable or disable the dependency graph for private repositories.
You can also enable or disable the dependency graph for all repositories owned by your user account or organization. For more information, see "[Managing security and analysis settings for your user account](/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account)" or "[Managing security and analysis settings for your organization](//organizations/collaborating-with-groups-in-organizations/managing-security-and-analysis-settings-for-your-organization)."
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.repositories.navigate-to-security-and-analysis %}
4. Read the message about granting {% data variables.product.product_name %} read-only access to the repository data to enable the dependency graph, then next to "Dependency Graph", click **Enable**.
!["Enable" button for the dependency graph](/assets/images/help/repository/dependency-graph-enable-button.png)
You can disable the dependency graph at any time by clicking **Disable** next to "Dependency Graph" on the Security & analysis tab.
### Changing the "Used by" package
If the dependency graph is enabled, and your repository contains a package that's published on a supported package ecosystem, {% data variables.product.prodname_dotcom %} displays a "Used by" section in the sidebar of the **Code** tab of your repository. For more information about the supported package ecosystems, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph#supported-package-ecosystems)."
The "Used by" section shows the number of public references to the package that were found, and displays the avatars of some of the owners of the dependent projects.
!["Used by" sidebar section](/assets/images/help/repository/used-by-section.png)
Clicking any item in this section takes you to the **Dependents** tab of the dependency graph.
The "Used by" section represents a single package from the repository. If you have admin permissions to a repository that contains multiple packages, you can choose which package the "Used by" section represents.
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.repositories.navigate-to-security-and-analysis %}
4. Under "Configure security and analysis features", click the drop-down menu in the "Used by counter" section and choose a package.
![Choose a "Used by" package](/assets/images/help/repository/choose-used-by-package.png)
{% endif %}
### Troubleshooting the dependency graph
If your dependency graph is empty, there may be a problem with the file containing your dependencies. Check the file to ensure that it's correctly formatted for the file type.
{% if currentVersion == "free-pro-team@latest" %}
If the file is correctly formatted, then check its size. The dependency graph ignores individual manifest and lock files that are over 0.5 Mb, unless you are a {% data variables.product.prodname_enterprise %} user. It processes up to 20 manifest or lock files per repository by default, so you can split dependencies into smaller files in subdirectories of the repository.{% endif %}
If a manifest or lock file is not processed, its dependencies are omitted from the dependency graph and they can't be checked for vulnerable dependencies.
### Further reading
- "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)"{% if currentVersion == "free-pro-team@latest" %}
- "[Viewing insights for your organization](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-your-organization)"
- "[Viewing and updating vulnerable dependencies in your repository](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository)"
- "[Understanding how {% data variables.product.product_name %} uses and protects your data](/github/understanding-how-github-uses-and-protects-your-data)"
{% endif %}