Project: Baseline Readability and Analytics Assessment for Driver Docs Articles (#57190)
Co-authored-by: Felicity Chapman <felicitymay@github.com> Co-authored-by: Laura Coursen <lecoursen@github.com>
This commit is contained in:
John Clement
@@ -2,7 +2,7 @@
|
||||
title: 'Planning a trial of {% data variables.product.prodname_GHAS %}'
|
||||
shortTitle: 'Plan GHAS trial'
|
||||
allowTitleToDifferFromFilename: true
|
||||
intro: 'Make the most of your trial so you can decide whether {% data variables.product.prodname_AS %} products meet your business needs.'
|
||||
intro: 'Learn how to prepare for a successful trial of {% data variables.product.prodname_AS %}.'
|
||||
type: overview
|
||||
topics:
|
||||
- Code Security
|
||||
@@ -13,19 +13,19 @@ versions:
|
||||
ghes: '> 3.15'
|
||||
---
|
||||
|
||||
## About trialing {% data variables.product.prodname_GHAS %}
|
||||
## Is a self-serve trial right for you?
|
||||
|
||||
You can trial {% data variables.product.prodname_GHAS %} independently, or working with an expert from {% data variables.product.github %} or a partner organization. The primary audience for these articles is people who will plan and run their trial independently, typically small and medium-sized organizations.
|
||||
This article is for organizations that want to begin a trial of {% data variables.product.prodname_GHAS %} independently, without the help of an expert or partner. Typically, that means you're a small or medium-sized organization.
|
||||
|
||||
* Existing {% data variables.product.prodname_ghe_cloud %} users can set up a trial if you pay for {% data variables.product.prodname_ghe_cloud %} by credit card or PayPal, or if you are already taking part in a free trial of {% data variables.product.prodname_ghe_cloud %}, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security#setting-up-your-trial-of-github-advanced-security).
|
||||
This article helps you plan for a **self-serve** trial of {% data variables.product.prodname_GHAS %}. A self-serve trial is right for you if both of the following are true:
|
||||
* You want to conduct your trial independently, without the help of an expert or partner. Typically, this works best for small or medium-sized organizations.
|
||||
* You're an existing {% data variables.product.prodname_ghe_cloud %} customer who pays by credit card or PayPal.
|
||||
|
||||
{% data reusables.advanced-security.ghas-trial-invoiced %}
|
||||
Otherwise, contact us for help with your trial.
|
||||
* If you want expert help: [Contact our team](https://github.com/enterprise/contact).
|
||||
* If you pay by invoice: Contact your sales representative.
|
||||
|
||||
* Users on other {% data variables.product.github %} plans can trial {% data variables.product.prodname_GHAS %} as part of a trial of {% data variables.product.prodname_ghe_cloud %}, see [AUTOTITLE](/enterprise-cloud@latest/admin/overview/setting-up-a-trial-of-github-enterprise-cloud).
|
||||
|
||||
> [!NOTE] Although {% data variables.product.prodname_GHAS %} is free of charge during trials, you will be charged for any actions minutes that you use. That is, actions minutes used by the {% data variables.product.prodname_code_scanning %} default setup or by any other workflows you run.
|
||||
|
||||
## Define your company goals
|
||||
## 1. Define your company goals
|
||||
|
||||
Before you start a trial, you should define the purpose of the trial and identify the key questions you need to answer. Maintaining a strong focus on these goals will enable you to plan a trial that maximizes discovery and ensures that you have the information needed to decide whether or not to upgrade.
|
||||
|
||||
@@ -35,45 +35,50 @@ If your company already uses {% data variables.product.github %}, consider what
|
||||
|
||||
| Example need | Features to explore during the trial |
|
||||
|--|--|
|
||||
| Enforce use of security features | Enterprise-level security configurations and policies, see [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/about-security-configurations) and [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/about-enterprise-policies) |
|
||||
| Protect custom access tokens | Custom patterns for {% data variables.product.prodname_secret_scanning %}, delegated bypass for push protection, and validity checks, see [AUTOTITLE](/code-security/trialing-github-advanced-security/explore-trial-secret-scanning) |
|
||||
| Define and enforce a development process | Dependency review, auto-triage rules, rulesets, and policies, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review), [AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules), [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets), and [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/about-enterprise-policies) |
|
||||
| Reduce technical debt at scale | {% data variables.product.prodname_code_scanning_caps %} and security campaigns, see [AUTOTITLE](/code-security/trialing-github-advanced-security/explore-trial-code-scanning) |
|
||||
| Monitor and track trends in security risks | Security overview, see [AUTOTITLE](/code-security/security-overview/viewing-security-insights) |
|
||||
| Enforce use of security features | Enterprise-level security configurations and policies. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/about-security-configurations) and [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/about-enterprise-policies) |
|
||||
| Protect custom access tokens | Custom patterns for {% data variables.product.prodname_secret_scanning %}, delegated bypass for push protection, and validity checks. See [AUTOTITLE](/code-security/trialing-github-advanced-security/explore-trial-secret-scanning) |
|
||||
| Define and enforce a development process | Dependency review, auto-triage rules, rulesets, and policies. See [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review), [AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules), [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets), and [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/about-enterprise-policies) |
|
||||
| Reduce technical debt at scale | {% data variables.product.prodname_code_scanning_caps %} and security campaigns. See [AUTOTITLE](/code-security/trialing-github-advanced-security/explore-trial-code-scanning) |
|
||||
| Monitor and track trends in security risks | Security overview. See [AUTOTITLE](/code-security/security-overview/viewing-security-insights) |
|
||||
|
||||
{% endrowheaders %}
|
||||
|
||||
If your company doesn't use {% data variables.product.github %} yet, you are likely to have additional questions including how the platform handles data residency, secure account management, and repository migration. For more information, see [AUTOTITLE](/enterprise-cloud@latest/get-started/onboarding/getting-started-with-github-enterprise-cloud).
|
||||
|
||||
## Identify the members of your trial team
|
||||
## 2. Identify the members of your trial team
|
||||
|
||||
{% data variables.product.prodname_GHAS %} enables you to integrate security measures throughout the software development life cycle, so it's important to ensure that you include representatives from all areas of your development cycle. Otherwise you risk making a decision without having all the data you need. A trial includes 50 licenses which provides scope for representation from a wide range of people.
|
||||
{% data variables.product.prodname_GHAS %} enables you to integrate security measures throughout the software development life cycle, so it's important to ensure that you include representatives from all areas of your development cycle. Otherwise, you risk making a decision without having all the data you need. A trial includes 50 licenses which provides scope for representation from a wide range of people.
|
||||
|
||||
You may also find it helpful to identify a champion for each company need that you want to investigate.
|
||||
|
||||
## Determine whether preliminary research is needed
|
||||
## 3. Determine whether preliminary research is needed
|
||||
|
||||
If members of your trial team have not yet used the core features of {% data variables.product.prodname_GHAS %}, it may be helpful to add an experimentation phase in public repositories before you start a trial. Many of the primary features of {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %} can be used on public repositories. Having a good understanding of the core features will allow you to focus your trial period on private repositories, and exploring the additional features and control available with {% data variables.product.prodname_cs_and_sp %}.
|
||||
Decide whether your team would benefit from hands-on experience with our free security features **before** you begin your trial. Testing code scanning and secret scanning on public repositories can help new users get familiar with the core features of {% data variables.product.prodname_GHAS %}. This will allow you to focus your trial period on private repositories and the advanced features and controls available in {% data variables.product.prodname_cs_and_sp %}.
|
||||
|
||||
For more information, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning), [AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning), and [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security).
|
||||
For more information, see:
|
||||
* [AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository)
|
||||
* [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)
|
||||
* [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph)
|
||||
|
||||
{% ifversion secret-risk-assessment %}
|
||||
|
||||
Organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %} can run a free report to scan the code in their organization for leaked secrets. This can help you understand the current exposure of the repositories in your organization to leaked secrets, as well as see how many existing secret leaks could have been prevented by {% data variables.product.prodname_secret_protection %}. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment).{% endif %}
|
||||
Organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %} can run a free report to scan their code for leaked secrets. This helps you assess your repositories' current exposure to leaked secrets and shows how many existing secret leaks could have been prevented by {% data variables.product.prodname_secret_protection %}. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment).{% endif %}
|
||||
|
||||
## Agree the organizations and repositories to test
|
||||
## 4. Decide which organizations and repositories to test
|
||||
|
||||
Generally it is best to use an existing organization for a trial. This ensures that you can trial the features in repositories you know well and that accurately represent your coding environment. Once you start the trial, you may want to create additional organizations with test code to expand your explorations.
|
||||
It is generally best to start your trial with an **existing** organization. This ensures that you can experience the features in repositories you know well and within a familiar coding environment.
|
||||
|
||||
Be aware that deliberately insecure applications, such as WebGoat, may contain coding patterns that appear to be insecure, but which {% data variables.product.prodname_code_scanning %} determines cannot be exploited. {% data variables.product.prodname_code_scanning_caps %} typically generates fewer results for artificially insecure codebases than other static application security scanners.
|
||||
If you want, you can add test organizations or code later. However, be aware that deliberately insecure applications, such as WebGoat, are not the best test. They may contain coding patterns that appear to be insecure but which {% data variables.product.prodname_code_scanning %} determines cannot be exploited. As a result, {% data variables.product.prodname_code_scanning %} may report fewer issues in these artificial codebases than other security scanners.
|
||||
|
||||
## Define the assessment criteria for the trial
|
||||
## 5. Define the assessment criteria for the trial
|
||||
|
||||
For each company need or goal that you identify, determine what criteria you will measure to determine whether it is successfully met or not. For example, if one need is to enforce the use of security features, you might define a range of test cases for security configurations and policies to give you confidence that they enforce processes as you expect.
|
||||
For each company need or goal you set for the trial, decide how you will measure success. For example, if you want to enforce the use of security features, create test cases for security configurations and policies to confirm they work as expected.
|
||||
|
||||
## Next steps
|
||||
## 6. Start your trial
|
||||
|
||||
1. [AUTOTITLE](/code-security/trialing-github-advanced-security/trial-advanced-security) or [AUTOTITLE](/admin/overview/setting-up-a-trial-of-github-enterprise-cloud) with {% data variables.product.prodname_AS %}
|
||||
1. [AUTOTITLE](/code-security/trialing-github-advanced-security/enable-security-features-trial)
|
||||
1. [AUTOTITLE](/code-security/trialing-github-advanced-security/explore-trial-secret-scanning)
|
||||
1. [AUTOTITLE](/code-security/trialing-github-advanced-security/explore-trial-code-scanning)
|
||||
If you already use {% data variables.product.prodname_ghe_cloud %} (as a paying customer or as part of a free trial), see [AUTOTITLE](/code-security/trialing-github-advanced-security/trial-advanced-security).
|
||||
|
||||
Otherwise, you can trial {% data variables.product.prodname_GHAS %} as part of a trial of {% data variables.product.prodname_ghe_cloud %}. See [AUTOTITLE](/enterprise-cloud@latest/admin/overview/setting-up-a-trial-of-github-enterprise-cloud){% ifversion fpt %} in the {% data variables.product.prodname_ghe_cloud %} documentation{% endif %}.
|
||||
|
||||
> [!NOTE]
|
||||
> {% data variables.product.prodname_GHAS %} is free of charge during trials, but you will be charged for any Actions minutes used by code scanning or any other workflows.
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
title: Enabling or disabling GitHub Codespaces for your organization
|
||||
shortTitle: 'Enable or disable Codespaces'
|
||||
intro: 'You can control which users can use {% data variables.product.prodname_github_codespaces %} in your organization''s private {% ifversion ghec %}and internal {% endif %}repositories.'
|
||||
permissions: 'Organization owners can control which users can use {% data variables.product.prodname_github_codespaces %}.'
|
||||
permissions: 'Organization owners'
|
||||
redirect_from:
|
||||
- /codespaces/managing-codespaces-for-your-organization/managing-user-permissions-for-your-organization
|
||||
- /codespaces/managing-codespaces-for-your-organization/enabling-codespaces-for-your-organization
|
||||
@@ -15,31 +15,42 @@ topics:
|
||||
- Codespaces
|
||||
- Billing
|
||||
- Administrator
|
||||
product: 'Organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %} plans can choose to disable {% data variables.product.prodname_github_codespaces %} in private {% ifversion ghec %}and internal {% endif %}repositories. For more information, see [AUTOTITLE](/get-started/learning-about-github/githubs-products).'
|
||||
product: '{% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %}'
|
||||
---
|
||||
|
||||
## About enabling and disabling {% data variables.product.prodname_github_codespaces %}
|
||||
|
||||
{% data variables.product.prodname_github_codespaces %} is always available in an organization's public repositories, and any user can create a codespace from these repositories. If your organization is on a {% data variables.product.prodname_free_team %} plan, {% data variables.product.prodname_github_codespaces %} is always available in your organization's private repositories too, and any users with access to these repositories can create a codespace at their own expense.
|
||||
{% data variables.product.prodname_github_codespaces %} is always available in an organization's public repositories. Any user can create a codespace from these repositories.
|
||||
|
||||
If you're the owner of an organization on a {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %} plan, you can choose whether to enable or disable {% data variables.product.prodname_github_codespaces %} in your organization's private {% ifversion ghec %}and internal {% endif %}repositories. If you enable {% data variables.product.prodname_github_codespaces %} in these repositories, you can choose whether to enable for all users or for a selection of members and collaborators.
|
||||
If your organization is on a {% data variables.product.prodname_free_team %} plan, {% data variables.product.prodname_github_codespaces %} is always available in your organization's private repositories. Any user with access to these repositories can create a codespace at their own expense.
|
||||
|
||||
By enabling {% data variables.product.prodname_github_codespaces %}, you can help your members and collaborators get started with projects quickly, without needing to install lots of tools and dependencies locally to start contributing. However, you might want to roll out {% data variables.product.prodname_github_codespaces %} gradually across your organization by enabling it for groups of users at a time. Alternatively, if you need to comply with security regulations that require increased control over the private code in your organization, you might want to disable {% data variables.product.prodname_github_codespaces %} for all your members.
|
||||
If you're an organization owner on a paid {% data variables.product.github %} plan, you can enable or disable {% data variables.product.prodname_github_codespaces %} for your organization's private {% ifversion ghec %}and internal {% endif %}repositories. You can enable {% data variables.product.prodname_github_codespaces %} for all users or only for selected members and collaborators.
|
||||
|
||||
If you have enabled {% data variables.product.prodname_github_codespaces %} in private {% ifversion ghec %}and internal {% endif %}repositories for at least some users, you can choose to pay for these users' usage of {% data variables.product.prodname_github_codespaces %} across all repositories in your organization. For more information, see [AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization).
|
||||
## Enabling or disabling {% data variables.product.prodname_github_codespaces %}
|
||||
|
||||
If you cannot access the settings to enable {% data variables.product.prodname_github_codespaces %} in your organization, this may be because an enterprise owner has disabled {% data variables.product.prodname_github_codespaces %} for your organization. For more information, see {% ifversion ghec %}[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-codespaces-in-your-enterprise).{% elsif fpt %}[AUTOTITLE](/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-codespaces-in-your-enterprise) in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}
|
||||
> [!NOTE]
|
||||
> Removing a user's access to {% data variables.product.prodname_github_codespaces %} will prevent them from opening any of their existing codespaces in your organization's private {% ifversion ghec %}and internal {% endif %}repositories. For more details, see [What happens when I remove a user's access to {% data variables.product.prodname_github_codespaces %}?](#what-happens-when-i-remove-a-users-access-to-github-codespaces)
|
||||
|
||||
## Prerequisites for enabling {% data variables.product.prodname_github_codespaces %}
|
||||
{% data reusables.profile.access_org %}
|
||||
{% data reusables.profile.org_settings %}
|
||||
{% data reusables.organizations.click-codespaces %}
|
||||
{% data reusables.organizations.click-general %}
|
||||
1. On the {% data variables.product.prodname_codespaces %} settings page, under "Codespaces access," select your preferred setting for {% data variables.product.prodname_github_codespaces %} in your organization's private {% ifversion ghec %}and internal {% endif %}repositories.
|
||||
|
||||
Only people who can either push changes to a repository, or fork the repository, can create a codespace for that repository. To allow a user to create codespaces for a repository owned by your organization, you must do one of the following things.
|
||||
## Ensuring your users can create codespaces
|
||||
|
||||
* Ensure that the user has read access to the repository, and the repository permits forking, so that the user can create a codespace from the repository, push their changes to a fork, and create a pull request for any changes they want to make. For more information, see [AUTOTITLE](/organizations/managing-organization-settings/managing-the-forking-policy-for-your-organization).
|
||||
* Ensure that the user has write access to the repository, so that they can push changes directly to the repository without forking.
|
||||
To allow a user to create codespaces for a repository owned by your organization, you must do one of the following:
|
||||
|
||||
In addition, to allow users to create codespaces, you must ensure that{% ifversion ghec %}:
|
||||
* Give the user **read access** to the repository and permit forking. This allows the user to create a codespace, push changes to a fork, and open a pull request. For more information, see [AUTOTITLE](/organizations/managing-organization-settings/managing-the-forking-policy-for-your-organization).
|
||||
* Give the user **write access** to the repository so that they can push changes directly to the repository without forking.
|
||||
|
||||
{% ifversion ghec %}
|
||||
|
||||
Additionally, ensure that:
|
||||
* Your enterprise does not use OIDC with CAP. For more information, see [AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-support-for-your-idps-conditional-access-policy).
|
||||
* Your{% else %} your{% endif %} organization does not have an IP address allow list enabled. For more information, see [Managing allowed IP addresses for your organization](/{% ifversion fpt %}enterprise-cloud@latest/{% endif %}organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization){% ifversion fpt %} in the {% data variables.product.prodname_ghe_cloud %} documentation.{% else %}.{% endif %}
|
||||
* Your organization does not have an IP address allow list enabled. For more information, see [Managing allowed IP addresses for your organization](/organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization).
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% ifversion fpt %}
|
||||
|
||||
@@ -48,23 +59,17 @@ In addition, to allow users to create codespaces, you must ensure that{% ifversi
|
||||
|
||||
{% endif %}
|
||||
|
||||
## About changing your settings
|
||||
## What happens when I remove a user's access to {% data variables.product.prodname_github_codespaces %}?
|
||||
|
||||
If you remove a user's access to {% data variables.product.prodname_github_codespaces %}, the user will immediately be unable to open existing codespaces they have created from your organization's private {% ifversion ghec %}and internal {% endif %}repositories. If you were previously paying for codespaces the user had created from your organization's public repositories, ownership of these codespaces will transfer the user.
|
||||
Before removing users' access to {% data variables.product.prodname_github_codespaces %}, you should **alert the affected users.**
|
||||
|
||||
Before removing users' access, you should alert the affected users. If they have unpublished work in a codespace, they can make sure the work is pushed to a branch in the repository before they lose access.
|
||||
When you remove a user's access, the user will immediately be unable to open existing codespaces they have created from your organization's private {% ifversion ghec %}and internal {% endif %}repositories.
|
||||
|
||||
Once a user loses access to a codespace, the codespace is retained for a period of 7 days, then it is permanently deleted. During this 7-day period, to recover unpublished work from the codespace, the user must contact {% data variables.contact.contact_support %}.
|
||||
* If you alert them first, they can push any unpublished work to a branch in the repository before they lose access.
|
||||
* Once a user loses access to a codespace, the codespace is retained for a period of 7 days, then it is permanently deleted. During this 7-day period, to recover unpublished work from the codespace, the user must contact {% data variables.contact.contact_support %}.
|
||||
|
||||
## Enabling or disabling {% data variables.product.prodname_github_codespaces %}
|
||||
If you were previously paying for codespaces the user had created from your organization's public repositories, ownership of these codespaces will transfer to the user.
|
||||
|
||||
> [!NOTE]
|
||||
> If you remove a user's access to {% data variables.product.prodname_github_codespaces %}, the user will immediately be unable to open existing codespaces they have created from your organization's private {% ifversion ghec %}and internal {% endif %}repositories. For more information, see [About changing your settings](#about-changing-your-settings).
|
||||
## Further reading
|
||||
|
||||
{% data reusables.profile.access_org %}
|
||||
{% data reusables.profile.org_settings %}
|
||||
{% data reusables.organizations.click-codespaces %}
|
||||
{% data reusables.organizations.click-general %}
|
||||
1. On the {% data variables.product.prodname_codespaces %} settings page, under "Codespaces access," select your preferred setting for {% data variables.product.prodname_github_codespaces %} in your organization's private {% ifversion ghec %}and internal {% endif %}repositories.
|
||||
|
||||
You can disable {% data variables.product.prodname_codespaces %}, enable for specific members or teams, enable for all members, or enable for all members and collaborators.
|
||||
* [AUTOTITLE](/codespaces/managing-codespaces-for-your-organization/choosing-who-owns-and-pays-for-codespaces-in-your-organization)
|
||||
|
||||
Reference in New Issue
Block a user