Merge branch 'main' into repo-sync
This commit is contained in:
Octomerger Bot
@@ -13,11 +13,13 @@ topics:
|
||||
- Repositories
|
||||
---
|
||||
|
||||
{% ifversion ghes < 3.3 or ghae %}
|
||||
{% note %}
|
||||
|
||||
**Note:** Custom patterns for {% data variables.product.prodname_secret_scanning %} is currently in beta and is subject to change.
|
||||
|
||||
{% endnote %}
|
||||
{% endif %}
|
||||
|
||||
## About custom patterns for {% data variables.product.prodname_secret_scanning %}
|
||||
|
||||
@@ -25,6 +27,7 @@ topics:
|
||||
|
||||
However, there can be situations where you want to scan for other secret patterns in your {% ifversion fpt %}private{% endif %} repositories. For example, you might have a secret pattern that is internal to your organization. For these situations, you can define custom {% data variables.product.prodname_secret_scanning %} patterns in your enterprise, organization, or {% ifversion fpt %}private{% endif %} repository on {% data variables.product.product_name %}. You can define up to 20 custom patterns for each {% ifversion fpt %}private{% endif %} repository, organization, or enterprise account.
|
||||
|
||||
{% ifversion ghes < 3.3 or ghae %}
|
||||
{% note %}
|
||||
|
||||
**Note:** During the beta, there are some limitations when using custom patterns for {% data variables.product.prodname_secret_scanning %}:
|
||||
@@ -34,6 +37,7 @@ However, there can be situations where you want to scan for other secret pattern
|
||||
* There is no API for creating, editing, or deleting custom patterns. However, results for custom patterns are returned in the [secret scanning alerts API](/rest/reference/secret-scanning).
|
||||
|
||||
{% endnote %}
|
||||
{% endif %}
|
||||
|
||||
## Regular expression syntax for custom patterns
|
||||
|
||||
@@ -58,7 +62,7 @@ Before defining a custom pattern, you must ensure that you enable {% data variab
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note:** There is no dry-run functionality during the custom patterns beta. To avoid excess false-positive {% data variables.product.prodname_secret_scanning %} alerts, we recommend that you test your custom patterns in a repository before defining them for your entire organization.
|
||||
**Note:** As there is no dry-run functionality, we recommend that you test your custom patterns in a repository before defining them for your entire organization. That way, you can avoid creating excess false-positive {% data variables.product.prodname_secret_scanning %} alerts.
|
||||
|
||||
{% endnote %}
|
||||
|
||||
@@ -77,7 +81,7 @@ Before defining a custom pattern, you must ensure that you enable secret scannin
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note:** There is no dry-run functionality during the custom patterns beta. To avoid excess false-positive {% data variables.product.prodname_secret_scanning %} alerts, we recommend that you test your custom patterns in a repository before defining them for your entire enterprise.
|
||||
**Note:** As there is no dry-run functionality, we recommend that you test your custom patterns in a repository before defining them for your entire enterprise. That way, you can avoid creating excess false-positive {% data variables.product.prodname_secret_scanning %} alerts.
|
||||
|
||||
{% endnote %}
|
||||
|
||||
@@ -90,12 +94,23 @@ Before defining a custom pattern, you must ensure that you enable secret scannin
|
||||
|
||||
After your pattern is created, {% data variables.product.prodname_secret_scanning %} scans for any secrets in {% ifversion fpt %}private{% endif %} repositories within your enterprise's organizations with {% data variables.product.prodname_GH_advanced_security %} enabled, including their entire Git history on all branches. Organization owners and repository administrators will be alerted to any secrets found, and can review the alert in the repository where the secret is found. For more information on viewing {% data variables.product.prodname_secret_scanning %} alerts, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."
|
||||
|
||||
{% ifversion fpt or ghes > 3.2 %}
|
||||
## Editing a custom pattern
|
||||
|
||||
When you save a change to a custom pattern, this closes all the {% data variables.product.prodname_secret_scanning %} alerts that were created using the previous version of the pattern.
|
||||
1. Navigate to where the custom pattern was created. A custom pattern can be created in a repository, organization, or enterprise account.
|
||||
* For a repository or organization, display the "Security & analysis" settings for the repository or organization where the custom pattern was created. For more information, see "[Defining a custom pattern for a repository](#defining-a-custom-pattern-for-a-repository)" or "[Defining a custom pattern for an organization](#defining-a-custom-pattern-for-an-organization)" above.
|
||||
* For an enterprise, under "Policies" display the "Advanced Security" area, and then click **Security features**. For more information, see "[Defining a custom pattern for an enterprise account](#defining-a-custom-pattern-for-an-enterprise-account)" above.
|
||||
2. Under "{% data variables.product.prodname_secret_scanning_caps %}", to the right of the custom pattern you want to edit, click {% octicon "pencil" aria-label="The edit icon" %}.
|
||||
3. When you have reviewed and tested your changes, click **Save changes**.
|
||||
{% endif %}
|
||||
|
||||
## Removing a custom pattern
|
||||
|
||||
1. Navigate to where the custom pattern was created. A custom pattern can be created in a repository, organization, or enterprise account.
|
||||
|
||||
* For a repository or organization, it is the the **Security & analysis** settings for the repository or organization where the custom pattern was created. For more information, see "[Defining a custom pattern for a repository](#defining-a-custom-pattern-for-a-repository)" or "[Defining a custom pattern for an organization](#defining-a-custom-pattern-for-an-organization)" above.
|
||||
* For an enterprise, it is the **GitHub Advanced Security** settings for the enterprise where the custom pattern was created. For more information, see "[Defining a custom pattern for an enterprise account](#defining-a-custom-pattern-for-an-enterprise-account)" above.
|
||||
* For a repository or organization, display the "Security & analysis" settings for the repository or organization where the custom pattern was created. For more information, see "[Defining a custom pattern for a repository](#defining-a-custom-pattern-for-a-repository)" or "[Defining a custom pattern for an organization](#defining-a-custom-pattern-for-an-organization)" above.
|
||||
* For an enterprise, under "Policies" display the "Advanced Security" area, and then click **Security features**. For more information, see "[Defining a custom pattern for an enterprise account](#defining-a-custom-pattern-for-an-enterprise-account)" above.
|
||||
{%- ifversion fpt or ghes > 3.2 or ghae-next %}
|
||||
1. To the right of the custom pattern you want to remove, click {% octicon "trash" aria-label="The trash icon" %}.
|
||||
1. Review the confirmation, and select a method for dealing with any open alerts relating to the custom pattern.
|
||||
@@ -105,4 +120,4 @@ After your pattern is created, {% data variables.product.prodname_secret_scannin
|
||||
{%- elsif ghes = 3.2 %}
|
||||
1. To the right of the custom pattern you want to remove, click **Remove**.
|
||||
1. Review the confirmation, and click **Remove custom pattern**.
|
||||
{%- endif %}
|
||||
{%- endif %}
|
||||
|
||||
Reference in New Issue
Block a user