From 575a3d22e4f2a4a25535caa2bbc12c8ea9d87449 Mon Sep 17 00:00:00 2001 From: Ben Ahmady <32935794+subatoi@users.noreply.github.com> Date: Tue, 16 Apr 2024 17:15:43 +0100 Subject: [PATCH 1/2] New PR: Add content for enterprise-level overview dashboard (13512) (#50159) Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com> Co-authored-by: Felicity Chapman --- .../about-autofix-for-codeql-code-scanning.md | 2 +- ...ickstart-for-securing-your-organization.md | 2 +- .../about-security-overview.md | 6 ++- .../filtering-alerts-in-security-overview.md | 2 +- .../code-security/security-overview/index.md | 2 +- ...zation.md => viewing-security-insights.md} | 41 ++++++++++++------- ...security-overview-dashboard-enterprise.yml | 5 +++ .../beta-overview-dashboard.md | 4 ++ .../security-overview/filter-and-toggle.md | 7 ++++ 9 files changed, 51 insertions(+), 20 deletions(-) rename content/code-security/security-overview/{viewing-security-insights-for-your-organization.md => viewing-security-insights.md} (81%) create mode 100644 data/features/security-overview-dashboard-enterprise.yml create mode 100644 data/reusables/security-overview/filter-and-toggle.md diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning.md b/content/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning.md index 3f96b38171..2c31d6f6c1 100644 --- a/content/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning.md +++ b/content/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning.md @@ -31,7 +31,7 @@ topics: {% ifversion code-scanning-autofix %}While {% data variables.product.prodname_code_scanning %} autofix is allowed by default in an enterprise and enabled for every repository using {% data variables.product.prodname_codeql %}, you can choose to opt out and disable autofix. To learn how to disable autofix at the enterprise, organization and repository levels, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning)."{% endif %} -In an organization's security overview dashboard, you can view the total number of autofix suggestions generated on open and closed pull requests in the organization for a given time period. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/code-security/security-overview/viewing-security-insights-for-your-organization#autofix-suggestions)" in the {% data variables.product.prodname_ghe_cloud %} documentation. +In an organization's security overview dashboard, you can view the total number of autofix suggestions generated on open and closed pull requests in the organization for a given time period. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/code-security/security-overview/viewing-security-insights#autofix-suggestions)" in the {% data variables.product.prodname_ghe_cloud %} documentation. ## Developer experience diff --git a/content/code-security/getting-started/quickstart-for-securing-your-organization.md b/content/code-security/getting-started/quickstart-for-securing-your-organization.md index 20245a84e4..2f03442f11 100644 --- a/content/code-security/getting-started/quickstart-for-securing-your-organization.md +++ b/content/code-security/getting-started/quickstart-for-securing-your-organization.md @@ -136,7 +136,7 @@ When you have enabled a feature, you should communicate with repository administ {% ifversion ghes or ghec %}You{% elsif fpt %}Organizations that use {% data variables.product.prodname_ghe_cloud %}{% endif %} can use security overview to see which teams and repositories are affected by security alerts, with a breakdown of alerts by severity. For more information, see{% ifversion ghes or ghec %} "[AUTOTITLE](/code-security/security-overview/assessing-code-security-risk)."{% elsif fpt %} "[AUTOTITLE](/enterprise-cloud@latest/code-security/security-overview/assessing-code-security-risk)" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %} {% ifversion security-overview-dashboard %} -Security overview also has a dashboard (beta) where you can explore high-level trends and metrics to gain insight into your organization's security landscape. For more information, see "[AUTOTITLE](/code-security/security-overview/viewing-security-insights-for-your-organization)." +Security overview also has a dashboard (beta) where you can explore high-level trends and metrics to gain insight into your organization's security landscape. For more information, see "[AUTOTITLE](/code-security/security-overview/viewing-security-insights)." {% endif %} You can use various tools to monitor the actions that your organization's members are taking in response to security alerts. For more information, see "[AUTOTITLE](/code-security/getting-started/auditing-security-alerts)". diff --git a/content/code-security/security-overview/about-security-overview.md b/content/code-security/security-overview/about-security-overview.md index 1f5ca5fdea..292d37ceb5 100644 --- a/content/code-security/security-overview/about-security-overview.md +++ b/content/code-security/security-overview/about-security-overview.md @@ -76,7 +76,7 @@ Security overview has multiple views that provide different ways to explore enab {% data reusables.security-overview.alert-differences %} -For more information about these views, see {% ifversion security-overview-dashboard %}"[AUTOTITLE](/code-security/security-overview/viewing-security-insights-for-your-organization),"{% endif %}"[AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security)" and "[AUTOTITLE](/code-security/security-overview/assessing-code-security-risk)." +For more information about these views, see {% ifversion security-overview-dashboard %}"[AUTOTITLE](/code-security/security-overview/viewing-security-insights),"{% endif %}"[AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security)" and "[AUTOTITLE](/code-security/security-overview/assessing-code-security-risk)." {% else %} @@ -104,10 +104,14 @@ You can find security overview on the **Code Security** tab for your enterprise. As with security overview for organizations, security overview for enterprises has multiple views that provide different ways to explore enablement and alert data. +{% ifversion security-overview-dashboard-enterprise %} +- Use the "Overview" view to see insights about your enterprise's security landscape and progress.{% endif %} - Use the "Coverage" view to assess the adoption of code security features across organizations in the enterprise. - Use the "Risk" view to assess the risk from security alerts of all types across organizations in the enterprise. - Use the individual security alert views to identify your risk from specific vulnerable dependencies, code weaknesses, or leaked secrets.{% else %}You can view repositories owned by your enterprise that have security alerts, view all security alerts, or view security feature-specific alerts from across your enterprise.{% endif %} +For more information about these views, see {% ifversion security-overview-dashboard-enterprise %}"[AUTOTITLE](/code-security/security-overview/viewing-security-insights)," {% endif %}"[AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security)" and "[AUTOTITLE](/code-security/security-overview/assessing-code-security-risk)." + For information about permissions, see "[Permission to view data in security overview](#permission-to-view-data-in-security-overview)." {% endif %} diff --git a/content/code-security/security-overview/filtering-alerts-in-security-overview.md b/content/code-security/security-overview/filtering-alerts-in-security-overview.md index 19413a0034..a8e746322c 100644 --- a/content/code-security/security-overview/filtering-alerts-in-security-overview.md +++ b/content/code-security/security-overview/filtering-alerts-in-security-overview.md @@ -147,7 +147,7 @@ These qualifiers are available in the main summary views{% ifversion security-ov ## Additional filters for security overview dashboard (beta) -You can filter the "Overview" dashboard (beta) to narrow the scope of the metrics shown, so that you can view trends for specific repository or alert types. For more information on the overview dashboard, see "[AUTOTITLE](/code-security/security-overview/viewing-security-insights-for-your-organization)." +You can filter the "Overview" dashboard (beta) to narrow the scope of the metrics shown, so that you can view trends for specific repository or alert types. For more information on the overview dashboard, see "[AUTOTITLE](/code-security/security-overview/viewing-security-insights)." | Qualifier | Description | | -------- | -------- | diff --git a/content/code-security/security-overview/index.md b/content/code-security/security-overview/index.md index a3f39a423d..687f7bb8e2 100644 --- a/content/code-security/security-overview/index.md +++ b/content/code-security/security-overview/index.md @@ -13,7 +13,7 @@ topics: - Advanced Security children: - /about-security-overview - - /viewing-security-insights-for-your-organization + - /viewing-security-insights - /assessing-adoption-code-security - /assessing-code-security-risk - /filtering-alerts-in-security-overview diff --git a/content/code-security/security-overview/viewing-security-insights-for-your-organization.md b/content/code-security/security-overview/viewing-security-insights.md similarity index 81% rename from content/code-security/security-overview/viewing-security-insights-for-your-organization.md rename to content/code-security/security-overview/viewing-security-insights.md index 7a1d0d5422..96911593fa 100644 --- a/content/code-security/security-overview/viewing-security-insights-for-your-organization.md +++ b/content/code-security/security-overview/viewing-security-insights.md @@ -1,7 +1,7 @@ --- -title: Viewing security insights for your organization -shortTitle: Viewing security insights -intro: 'You can use the overview dashboard in security overview to monitor the security landscape of the repositories in your organization.' +title: Viewing security insights +shortTitle: View security insights +intro: 'You can use the overview dashboard in security overview to monitor the security landscape of the repositories in your organization{% ifversion security-overview-dashboard-enterprise %} or enterprise{% endif %}.' permissions: '{% data reusables.security-overview.permissions %}' product: '{% data reusables.gated-features.security-overview %}' versions: @@ -12,19 +12,26 @@ topics: - Advanced Security - Alerts - Organizations +redirect_from: + - /code-security/security-overview/viewing-security-insights-for-your-organization +allowTitleToDifferFromFilename: true --- {% data reusables.security-overview.beta-overview-dashboard %} -## About organization-level security insights +## {% ifversion security-overview-dashboard-enterprise %}About security insights{% else %} About organization-level security insights{% endif %} -The overview page in security overview is a consolidated dashboard of insights about your organization's security landscape and progress. You can use the dashboard to monitor the health of your application security program, collaborate with engineering teams, and gather data for benchmarking purposes. +The overview page in security overview is a consolidated dashboard of insights about your organization{% ifversion security-overview-dashboard-enterprise %} or enterprise{% endif %}'s security landscape and progress. You can use the dashboard to monitor the health of your application security program, collaborate with engineering teams, and gather data for benchmarking purposes. -You can view a variety of metrics about the security alerts in your organization. The dashboard displays trending data that tracks alert counts and activity over time, as well as snapshot data that reflects the current state. +{% ifversion security-overview-dashboard-enterprise %} +Both the enterprise and organization-level security overviews have a dashboard. By default, the enterprise-level dashboard shows metrics for all the repositories in your enterprise. You can filter the data shown on the enterprise-level dashboard by owner (for example, by organization). By default, the organization-level dashboard shows metrics for all repositories owned by your organization. Both dashboards also allow you to filter by repository. +{% endif %} -- The top section of the dashboard shows information about the status and age of alerts in your organization, as well as data about secrets that have been blocked or bypassed. +You can view a variety of metrics about the security alerts in your organization{% ifversion security-overview-dashboard-enterprise %} or enterprise{% endif %}. The dashboard displays trending data that tracks alert counts and activity over time, as well as snapshot data that reflects the current state. + +- The top section of the dashboard shows information about the status and age of alerts in your organization{% ifversion security-overview-dashboard-enterprise %} or enterprise{% endif %}, as well as data about secrets that have been blocked or bypassed. - The "Remediation" section shows information about how alerts are resolved and alert activity over time. -- The "Impact analysis" section shows the repositories that pose the highest potential security risk in your organization. +- The "Impact analysis" section shows the repositories that pose the highest potential security risk in your organization{% ifversion security-overview-dashboard-enterprise %} or enterprise{% endif %}. You can filter the overview dashboard by selecting a specific time period, and apply additional filters to focus on narrower areas of interest. All data and metrics across the dashboard will change as you apply filters. {% ifversion security-overview-additional-tools %}By default, the dashboard displays all alerts from {% data variables.product.prodname_dotcom %} tools, but you can use the tool filter to show alerts from a specific tool ({% data variables.product.prodname_secret_scanning %}, {% data variables.product.prodname_dependabot %}, {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, a specific third-party tool) or all third-party {% data variables.product.prodname_code_scanning %} tools. This feature is in beta, and is subject to change.{% endif %} For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)." @@ -38,18 +45,22 @@ Keep in mind that the overview page tracks changes over time for security alert {% data reusables.security-overview.alert-differences %} -## Viewing the security overview dashboard +## Viewing the security overview dashboard{% ifversion security-overview-dashboard-enterprise %} for your organization{% endif %} {% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.security-overview %} 1. The overview page is the primary view that you will see after clicking on the "Security" tab. To get to the dashboard from another security overview page, in the sidebar, click **{% octicon "graph" aria-hidden="true" %} Overview**. -1. Use the options at the top of the overview page to filter the group of alerts you want to see metrics for. All of the data and metrics on the page will change as you adjust the filters. - - Use the date picker to set the time range that you want to view alert activity and metrics for. - - Click in the search box to add further filters on the alerts and metrics displayed. +{% data reusables.security-overview.filter-and-toggle %} - ![Screenshot of the Overview dashboard for an organization. The filters are outlined in dark orange, including the date picker and search field.](/assets/images/help/security-overview/security-overview-dashboard-filters.png) +{% ifversion security-overview-dashboard-enterprise %} -1. For the alert trends graph at the top of the page, you can click **{% octicon "shield" aria-hidden="true" %} Open alerts** or **{% octicon "shield-x" aria-hidden="true" %} Closed alerts** to toggle between showing the trends for open or closed alerts. The toggle will only affect the alert trends graph. For more information, see "[Alert trends graph](#alert-trends-graph)." +## Viewing the security overview dashboard for your enterprise + +{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %} +{% data reusables.code-scanning.click-code-security-enterprise %} +{% data reusables.security-overview.filter-and-toggle %} + +{% endif %} ## Understanding the overview dashboard @@ -72,7 +83,7 @@ Some metrics in the security overview dashboard include a trend indicator, which ### Alert trends graph -The alert trends graph shows the change in the number of alerts in your organization over the time period you have chosen. Alerts are grouped by severity. You can toggle the graph between open and closed alerts. +The alert trends graph shows the change in the number of alerts in your organization{% ifversion security-overview-dashboard-enterprise %} or enterprise{% endif %} over the time period you have chosen. Alerts are grouped by severity. You can toggle the graph between open and closed alerts. Open alerts include both newly created and existing open security alerts. New alerts are represented on their creation date, while alerts that existed before the chosen time period are represented at the start of the period. Once an alert is remediated or dismissed, it is not included in the graph. Instead, the alert will move to the closed alerts graph. diff --git a/data/features/security-overview-dashboard-enterprise.yml b/data/features/security-overview-dashboard-enterprise.yml new file mode 100644 index 0000000000..b2e370ae2d --- /dev/null +++ b/data/features/security-overview-dashboard-enterprise.yml @@ -0,0 +1,5 @@ +# Reference: #11289 +# Documentation for the security overview dashboard, including for Enterprise-level +versions: + ghec: '*' + ghes: '>3.13' diff --git a/data/reusables/security-overview/beta-overview-dashboard.md b/data/reusables/security-overview/beta-overview-dashboard.md index a169ccd3f7..7d29a2dd10 100644 --- a/data/reusables/security-overview/beta-overview-dashboard.md +++ b/data/reusables/security-overview/beta-overview-dashboard.md @@ -1,5 +1,9 @@ {% note %} +{% ifversion security-overview-dashboard-enterprise %} +**Note:** The security overview dashboard is currently in beta and subject to change. +{% else %} **Note:** The security overview dashboard is available at the organization level. The dashboard is currently in beta and subject to change. +{% endif %} {% endnote %} diff --git a/data/reusables/security-overview/filter-and-toggle.md b/data/reusables/security-overview/filter-and-toggle.md new file mode 100644 index 0000000000..8b839eaf58 --- /dev/null +++ b/data/reusables/security-overview/filter-and-toggle.md @@ -0,0 +1,7 @@ +1. Use the options at the top of the overview page to filter the group of alerts you want to see metrics for. All of the data and metrics on the page will change as you adjust the filters. + - Use the date picker to set the time range that you want to view alert activity and metrics for. + - Click in the search box to add further filters on the alerts and metrics displayed. + + ![Screenshot of the overview page in security overview. Filtering options are outlined in dark orange, including the date picker and search field.](/assets/images/help/security-overview/security-overview-dashboard-filters.png) + +1. For the alert trends graph at the top of the page, you can click **{% octicon "shield" aria-hidden="true" %} Open alerts** or **{% octicon "shield-x" aria-hidden="true" %} Closed alerts** to toggle between showing the trends for open or closed alerts. The toggle will only affect the alert trends graph. For more information, see "[Alert trends graph](#alert-trends-graph)." From e9511cbdf25447d79299c006c7fb91626565a8d3 Mon Sep 17 00:00:00 2001 From: Steve-Glass <84886334+Steve-Glass@users.noreply.github.com> Date: Tue, 16 Apr 2024 12:20:47 -0400 Subject: [PATCH 2/2] Update about-larger-runners.md (#50119) Co-authored-by: SiaraMist Co-authored-by: Shawn Napora <17864647+shawnnapora@users.noreply.github.com> Co-authored-by: Siara <108543037+SiaraMist@users.noreply.github.com> --- .../about-github-hosted-runners.md | 4 ++++ .../about-larger-runners/about-larger-runners.md | 3 +-- data/reusables/actions/macos-runner-limitations.md | 3 +++ 3 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 data/reusables/actions/macos-runner-limitations.md diff --git a/content/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners.md b/content/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners.md index 22794c2ef3..f7445b9f6c 100644 --- a/content/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners.md +++ b/content/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners.md @@ -140,6 +140,10 @@ While the job runs, the logs and output can be viewed in the {% data variables.p Workflow logs list the runner used to run a job. For more information, see "[AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history)." +### Limitations for arm64 macOS runners + +{% data reusables.actions.macos-runner-limitations %} + ### {% data variables.actions.hosted_runner_caps %}s {% data reusables.actions.about-larger-runners %} diff --git a/content/actions/using-github-hosted-runners/about-larger-runners/about-larger-runners.md b/content/actions/using-github-hosted-runners/about-larger-runners/about-larger-runners.md index 974d7fb601..f3123ea454 100644 --- a/content/actions/using-github-hosted-runners/about-larger-runners/about-larger-runners.md +++ b/content/actions/using-github-hosted-runners/about-larger-runners/about-larger-runners.md @@ -34,8 +34,7 @@ The following machines sizes are available for macOS {% data variables.actions.h #### Limitations for macOS {% data variables.actions.hosted_runners %} -- All actions provided by {% data variables.product.prodname_dotcom %} are compatible with arm64 {% data variables.product.prodname_dotcom %}-hosted runners. However, community actions may not be compatible with arm64 and need to be manually installed at runtime. For more information, see "[AUTOTITLE](/actions/using-github-hosted-runners/running-jobs-on-larger-runners?platform=mac#troubleshooting-larger-runners)." -- Due to a limitation of Apple's Virtualization Framework, which our hypervisor uses, nested-virtualization is not supported by arm64 runners. +{% data reusables.actions.macos-runner-limitations %} ### Additional features for {% data variables.actions.hosted_runners %} diff --git a/data/reusables/actions/macos-runner-limitations.md b/data/reusables/actions/macos-runner-limitations.md new file mode 100644 index 0000000000..655eb5f254 --- /dev/null +++ b/data/reusables/actions/macos-runner-limitations.md @@ -0,0 +1,3 @@ +- All actions provided by {% data variables.product.prodname_dotcom %} are compatible with arm64 {% data variables.product.prodname_dotcom %}-hosted runners. However, community actions may not be compatible with arm64 and need to be manually installed at runtime. +- Nested-virtualization is not supported by arm64 runners, due to a limitation of Apple's Virtualization Framework that our hypervisor uses. +- The arm64 macOS runners do not have a static UUID/UDID assigned to them because Apple does not support this feature. However, Intel MacOS runners are assigned a static UDID, specifically `4203018E-580F-C1B5-9525-B745CECA79EB`. If you are building and signing on the same host you plan to test the build on, you can sign with a [development provisioning profile](https://developer.apple.com/help/account/manage-profiles/create-a-development-provisioning-profile/). If you do require a static UDID, you can use Intel runners and add their UDID to your Apple Developer account.