Hide old management article from GHEC and GHES 3.16+ users (#54352)
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
This commit is contained in:
Felicity Chapman
@@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Managing GitHub Advanced Security for your enterprise
|
||||
shortTitle: GitHub Advanced Security
|
||||
intro: 'You can configure {% data variables.product.prodname_advanced_security %} and manage use by your enterprise to suit your organization''s needs.'
|
||||
title: '{% ifversion ghes %}Setting up GitHub Advanced Security features on your appliance{% else %}Configuring infrastructure for GitHub Advanced Security features{% endif %}'
|
||||
shortTitle: '{% ifversion ghes %}Set up{% else %}Configure{% endif %} GitHub Advanced Security'
|
||||
intro: 'You can {% ifversion ghes %}set up{% else %}configure{% endif %} {% data variables.product.prodname_advanced_security %} to suit your organization''s needs.'
|
||||
product: '{% data reusables.gated-features.ghas %}'
|
||||
redirect_from:
|
||||
- /enterprise/admin/configuration/configuring-advanced-security-features
|
||||
@@ -20,4 +20,3 @@ children:
|
||||
- /configuring-dependency-review-for-your-appliance
|
||||
- /configuring-secret-scanning-for-your-appliance
|
||||
---
|
||||
|
||||
|
||||
@@ -3,8 +3,7 @@ title: Managing GitHub Advanced Security features for your enterprise
|
||||
intro: 'You can control {% data variables.product.prodname_GH_advanced_security %} features that secure and analyze code across all organizations owned by your enterprise.'
|
||||
permissions: 'Enterprise owners can manage {% data variables.product.prodname_advanced_security %} features for organizations in an enterprise.'
|
||||
versions:
|
||||
ghec: '*'
|
||||
ghes: '*'
|
||||
ghes: '<= 3.15'
|
||||
type: how_to
|
||||
topics:
|
||||
- Alerts
|
||||
@@ -32,17 +31,9 @@ To manage individual {% data variables.product.prodname_GH_advanced_security %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% ifversion ghec %}
|
||||
|
||||
{% data variables.product.prodname_security_configurations_caps %} simplify the rollout of {% data variables.product.company_short %} security products at scale by helping you define collections of security settings and apply them across your enterprise. For more information, see [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/about-security-configurations).
|
||||
|
||||
{% data reusables.security-configurations.overview %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% data reusables.secret-scanning.secret-scanning-enterprise-level-api %}
|
||||
|
||||
{% ifversion ghes %}For information about buying a license for {% data variables.product.prodname_GH_advanced_security %}, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).{% elsif ghec %}For information about buying a license for {% data variables.product.prodname_GH_advanced_security %}, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/signing-up-for-github-advanced-security).{% endif %}
|
||||
For information about buying a license for {% data variables.product.prodname_GH_advanced_security %}, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
|
||||
|
||||
If you have disallowed {% data variables.product.prodname_GH_advanced_security %} for an organization, that organization will not be affected by enabling a feature for all existing repositories or for all new repositories. For more information about disallowing {% data variables.product.prodname_GH_advanced_security %} for an organization, see [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise).
|
||||
|
||||
@@ -50,8 +41,6 @@ When you enable one or more security and analysis features for existing reposito
|
||||
|
||||
{% data reusables.security.security-and-analysis-features-enable-read-only %}
|
||||
|
||||
{% ifversion ghes %}
|
||||
|
||||
## Managing {% data variables.product.prodname_advanced_security %} features
|
||||
|
||||
{% data reusables.advanced-security.note-org-enable-uses-seats %}
|
||||
@@ -71,5 +60,3 @@ When you enable one or more security and analysis features for existing reposito
|
||||
> When a custom link is configured for an organization, the organization-level value overrides the custom link set for the enterprise. See [AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning).
|
||||
|
||||
|
||||
|
||||
{% endif %}
|
||||
|
||||
@@ -12,12 +12,14 @@ shortTitle: 6. Rollout secret scanning
|
||||
> [!NOTE]
|
||||
> This article is part of a series on adopting {% data variables.product.prodname_GH_advanced_security %} at scale. For the previous article in this series, see [AUTOTITLE](/code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning).
|
||||
|
||||
You can enable secret scanning for individual repositories or for all repositories in an organization or enterprise. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository), [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization), or [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise).
|
||||
|
||||
{% ifversion security-configurations %}
|
||||
|
||||
{% data reusables.security-configurations.enable-security-features-with-gh-config %}
|
||||
|
||||
{% else %}
|
||||
|
||||
You can enable secret scanning for individual repositories or for all repositories in an organization or enterprise. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository), [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization), or [AUTOTITLE](/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise).
|
||||
|
||||
{% endif %}
|
||||
|
||||
This article explains a high-level process focusing on enabling {% data variables.product.prodname_secret_scanning %} for all repositories in an organization. The principles described in this article can still be applied even if you take a more staggered approach of enabling {% data variables.product.prodname_secret_scanning %} for individual repositories.
|
||||
|
||||
@@ -36,9 +36,13 @@ If you're an organization owner, you can enable push protection for multiple rep
|
||||
|
||||
Organization owners, security managers, and repository administrators can also enable push protection for {% data variables.product.prodname_secret_scanning %} via the API. For more information, see [AUTOTITLE](/rest/repos#update-a-repository) and expand the "Properties of the `security_and_analysis` object" section.
|
||||
|
||||
{% ifversion ghec or ghes %}
|
||||
{% ifversion security-configuration-enterprise-level %}
|
||||
|
||||
If your organization is owned by an enterprise account, an enterprise owner can also enable push protection at the enterprise level. For more information, see [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise).
|
||||
If your organization is owned by an enterprise account, an enterprise owner can also enable push protection at the enterprise level. For more information, see [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise).
|
||||
|
||||
{% elsif ghes < 3.16 %}
|
||||
|
||||
If your organization is owned by an enterprise account, an enterprise owner can also enable push protection at the enterprise level. For more information, see [AUTOTITLE](/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise).
|
||||
|
||||
{% endif %}
|
||||
|
||||
@@ -55,4 +59,3 @@ If your organization is owned by an enterprise account, an enterprise owner can
|
||||
* [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection)
|
||||
* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/excluding-folders-and-files-from-secret-scanning)
|
||||
* [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)
|
||||
* [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)
|
||||
|
||||
@@ -36,9 +36,13 @@ If you're an organization owner, you can enable {% data variables.product.prodna
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% ifversion secret-scanning-enterprise-level %}
|
||||
{% ifversion security-configuration-enterprise-level %}
|
||||
|
||||
If your organization is owned by an enterprise account, an enterprise owner can also enable {% data variables.product.prodname_secret_scanning %} at the enterprise level. For more information, see [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise).
|
||||
If your organization is owned by an enterprise account, an enterprise owner can also enable {% data variables.product.prodname_secret_scanning %} at the enterprise level. For more information, see [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise).
|
||||
|
||||
{% elsif ghes < 3.16 %}
|
||||
|
||||
If your organization is owned by an enterprise account, an enterprise owner can also enable {% data variables.product.prodname_secret_scanning %} at the enterprise level. For more information, see [AUTOTITLE](/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise).
|
||||
|
||||
{% endif %}
|
||||
|
||||
|
||||
@@ -18,14 +18,10 @@ You can enable validity checks for secrets identified as service provider tokens
|
||||
|
||||
{% data variables.product.company_short %} displays the validation status of the secret in the alert view, so you can see if the secret is `active`, `inactive`, or if the validation status is `unknown`. You can optionally perform an "on-demand" validity check for the secret in the alert view.
|
||||
|
||||
{% ifversion secret-scanning-validity-check-partner-patterns %}
|
||||
|
||||
You can additionally choose to enable validity checks for partner patterns. Once enabled, {% data variables.product.company_short %} will periodically check the validity of a detected credential by sending the secret directly to the provider, as part of {% data variables.product.company_short %}'s formal secret scanning partnership program. {% data variables.product.company_short %} typically makes GET requests to check the validity of the credential, picks the least intrusive endpoints, and selects endpoints that don't return any personal information.
|
||||
|
||||
{% data variables.product.company_short %} displays the validation status of the secret in the alert view.
|
||||
|
||||
{% endif %}
|
||||
|
||||
You can filter by validation status on the alerts page, to help you prioritize which alerts you need to take action on.
|
||||
|
||||
> [!NOTE]
|
||||
@@ -42,7 +38,8 @@ For more information on using validity checks, see [AUTOTITLE](/code-security/se
|
||||
|
||||
You can also use the REST API to enable validity checks for partner patterns for your repository. For more information, see [AUTOTITLE](/rest/repos/repos#update-a-repository).
|
||||
|
||||
Alternatively, organization owners and enterprise administrators can enable the feature for all repositories in the organization or enterprise settings. For more information on enabling at the organization-level, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration). For more information on enabling at the enterprise-level, see [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise) and [AUTOTITLE](/rest/enterprise-admin/code-security-and-analysis#update-code-security-and-analysis-features-for-an-enterprise).
|
||||
Alternatively, organization owners and enterprise administrators can enable the feature for all repositories in the organization or enterprise. For more information on enabling at the organization-level, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration).
|
||||
For more information on enabling at the enterprise-level, see [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise).
|
||||
|
||||
## Further reading
|
||||
|
||||
|
||||
@@ -120,7 +120,7 @@ For more information about access to security alerts and related views, see [AUT
|
||||
> [!NOTE]
|
||||
> If you are an **enterprise owner**, you will need to join an organization as an organization owner to view data for the organization's repositories in both the organization-level and enterprise-level overview.{% ifversion secret-scanning-user-owned-repos %} {% data reusables.secret-scanning.secret-scanning-user-owned-repo-access %}{% endif %} For more information, see [AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise).
|
||||
|
||||
In the enterprise-level security overview, you can see data for all organizations where you are an **organization owner or security manager**. {% ifversion pre-security-configurations %}However, you cannot use the enterprise-level security overview to enable and disable security features. {% endif %}For more information, see [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise).
|
||||
In the enterprise-level security overview, you can see data for all organizations where you are an **organization owner or security manager**.
|
||||
|
||||
{% ifversion ghec %}
|
||||
If you're an owner of an {% data variables.enterprise.prodname_emu_enterprise %}, you can view data from user-owned repositories in security overview and filter by repository owner type. For more information on {% data variables.enterprise.prodname_managed_users %}, see [AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users).
|
||||
|
||||
@@ -126,7 +126,7 @@ You can view data to assess the enablement status and enablement status trends o
|
||||
|
||||
## Interpreting and acting on the enablement data
|
||||
|
||||
Some code security features can and should be enabled on all repositories. For example, {% data variables.secret-scanning.alerts %} and push protection reduce the risk of a security leak no matter what information is stored in the repository. If you see repositories that don't already use these features, you should either enable them or discuss an enablement plan with the team who owns the repository. For information on enabling features for a whole organization, see {% ifversion security-configurations %}[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization){% else %}[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization){% endif %}. For information on enabling features across your entire enterprise, see [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise).
|
||||
Some code security features can and should be enabled on all repositories. For example, {% data variables.secret-scanning.alerts %} and push protection reduce the risk of a security leak no matter what information is stored in the repository. If you see repositories that don't already use these features, you should either enable them or discuss an enablement plan with the team who owns the repository. For information on enabling features for a whole organization, see {% ifversion security-configurations %}[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization){% else %}[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization){% endif %}.
|
||||
|
||||
Other features are not available for use in all repositories. For example, there would be no point in enabling {% data variables.product.prodname_dependabot %}{% ifversion default-setup-pre-enablement %}{% else %} or {% data variables.product.prodname_code_scanning %}{% endif %} for repositories that only use ecosystems or languages that are unsupported. As such, it's normal to have some repositories where these features are not enabled.
|
||||
|
||||
|
||||
@@ -20,8 +20,6 @@ shortTitle: Manage security & analysis
|
||||
|
||||
{% data variables.product.prodname_dotcom %} can help you to secure the repositories in your organization. You can manage the security and analysis features for all existing or new repositories that members create in your organization. {% ifversion ghec %}If you have a license for {% data variables.product.prodname_GH_advanced_security %} then you can also manage access to these features. {% data reusables.advanced-security.more-info-ghas %}{% endif %}{% ifversion fpt %}Organizations that use {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_advanced_security %} can also manage access to these features. For more information, see [the {% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization).{% endif %}
|
||||
|
||||
{% ifversion ghec or ghes %}If your organization is owned by an enterprise with a license for {% data variables.product.prodname_GH_advanced_security %}, then extra options for managing security and analysis settings may be available. For more information, see [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise).{% endif %}
|
||||
|
||||
{% data reusables.security.some-security-and-analysis-features-are-enabled-by-default %}
|
||||
{% ifversion security-configurations %}
|
||||
{% data reusables.security-configurations.enable-security-features-with-gh-config %}
|
||||
|
||||
@@ -12,10 +12,10 @@
|
||||
| {% ifversion ghec or ghes %} |
|
||||
| `business` | Contains activities related to business settings for an enterprise. |
|
||||
| {% endif %} |
|
||||
| `business_advanced_security` | Contains activities related to {% data variables.product.prodname_GH_advanced_security %} in an enterprise. For more information, see [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise). |
|
||||
| `business_secret_scanning` | Contains activities related to {% data variables.product.prodname_secret_scanning %} in an enterprise. For more information, see [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise). |
|
||||
| `business_advanced_security` | Contains activities related to {% data variables.product.prodname_GH_advanced_security %} in an enterprise. |
|
||||
| `business_secret_scanning` | Contains activities related to {% data variables.product.prodname_secret_scanning %} in an enterprise. |
|
||||
| {% ifversion secret-scanning-validity-check-audit-log %} |
|
||||
| `business_secret_scanning_automatic_validity_checks` | Contains activities related to enabling or disabling automatic validity checks for {% data variables.product.prodname_secret_scanning %} in an enterprise. For more information, see [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise#managing-advanced-security-features). |
|
||||
| `business_secret_scanning_automatic_validity_checks` | Contains activities related to enabling or disabling automatic validity checks for {% data variables.product.prodname_secret_scanning %} in an enterprise. |
|
||||
| {% endif %} |
|
||||
| {% ifversion secret-scanning-audit-log-custom-patterns %} |
|
||||
| `business_secret_scanning_custom_pattern` | Contains activities related to custom patterns for {% data variables.product.prodname_secret_scanning %} in an enterprise. |
|
||||
@@ -23,8 +23,8 @@
|
||||
| {% ifversion secret-scanning-custom-pattern-push-protection-audit %} |
|
||||
| `business_secret_scanning_custom_pattern_push_protection` | Contains activities related to push protection of a custom pattern for {% data variables.product.prodname_secret_scanning %} in an enterprise. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account). |
|
||||
| {% endif %} |
|
||||
| `business_secret_scanning_push_protection` | Contains activities related to the push protection feature of {% data variables.product.prodname_secret_scanning %} in an enterprise. For more information, see [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise). |
|
||||
| `business_secret_scanning_push_protection_custom_message` | Contains activities related to the custom message displayed when push protection is triggered in an enterprise. For more information, see [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise). |
|
||||
| `business_secret_scanning_push_protection` | Contains activities related to the push protection feature of {% data variables.product.prodname_secret_scanning %} in an enterprise. |
|
||||
| `business_secret_scanning_push_protection_custom_message` | Contains activities related to the custom message displayed when push protection is triggered in an enterprise. |
|
||||
| `checks` | Contains activities related to check suites and runs. |
|
||||
| {% ifversion fpt or ghec %} |
|
||||
| `codespaces` | Contains activities related to an organization's codespaces. |
|
||||
|
||||
Reference in New Issue
Block a user