docs-bot
@@ -8,7 +8,6 @@ redirect_from:
|
||||
versions:
|
||||
fpt: '*'
|
||||
ghes: '*'
|
||||
ghae: '*'
|
||||
ghec: '*'
|
||||
topics:
|
||||
- Identity
|
||||
@@ -48,8 +47,8 @@ The events listed in your security log are triggered by your actions. Actions ar
|
||||
| `public_key` | Contains all activities related to [your public SSH keys](/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account).
|
||||
| `repo`| Contains all activities related to the repositories you own.{% ifversion fpt or ghec %}
|
||||
| `sponsors` | Contains all events related to {% data variables.product.prodname_sponsors %} and sponsor buttons (see "[AUTOTITLE](/sponsors/getting-started-with-github-sponsors/about-github-sponsors)" and "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository)"){% endif %}{% ifversion ghes %}
|
||||
| `team` | Contains all activities related to teams you are a part of.{% endif %}{% ifversion not ghae %}
|
||||
| `two_factor_authentication` | Contains all activities related to [two-factor authentication](/authentication/securing-your-account-with-two-factor-authentication-2fa).{% endif %}
|
||||
| `team` | Contains all activities related to teams you are a part of.{% endif %}
|
||||
| `two_factor_authentication` | Contains all activities related to [two-factor authentication](/authentication/securing-your-account-with-two-factor-authentication-2fa).
|
||||
| `user` | Contains all activities related to your account.
|
||||
|
||||
{% ifversion fpt or ghec %}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Updating your GitHub access credentials
|
||||
intro: '{% data variables.product.product_name %} credentials include{% ifversion not ghae %} not only your password, but also{% endif %} the access tokens, SSH keys, and application API tokens you use to communicate with {% data variables.product.product_name %}. Should you have the need, you can reset all of these access credentials yourself.'
|
||||
intro: '{% data variables.product.product_name %} credentials include not only your password, but also the access tokens, SSH keys, and application API tokens you use to communicate with {% data variables.product.product_name %}. Should you have the need, you can reset all of these access credentials yourself.'
|
||||
redirect_from:
|
||||
- /articles/rolling-your-credentials
|
||||
- /articles/how-can-i-reset-my-password
|
||||
@@ -10,15 +10,12 @@ redirect_from:
|
||||
versions:
|
||||
fpt: '*'
|
||||
ghes: '*'
|
||||
ghae: '*'
|
||||
ghec: '*'
|
||||
topics:
|
||||
- Identity
|
||||
- Access management
|
||||
shortTitle: Update access credentials
|
||||
---
|
||||
{% ifversion not ghae %}
|
||||
|
||||
## Requesting a new password
|
||||
|
||||
1. To request a new password, visit {% ifversion fpt or ghec %}https://{% data variables.product.product_url %}/password_reset{% else %}`https://{% data variables.product.product_url %}/password_reset`{% endif %}.
|
||||
@@ -61,18 +58,13 @@ To avoid losing your password in the future, we suggest using a secure password
|
||||
For greater security, enable two-factor authentication in addition to changing your password. See [About two-factor authentication](/authentication/securing-your-account-with-two-factor-authentication-2fa/about-two-factor-authentication) for more details.
|
||||
|
||||
{% endtip %}
|
||||
{% endif %}
|
||||
|
||||
## Updating your access tokens
|
||||
|
||||
See "[AUTOTITLE](/apps/using-github-apps/reviewing-your-authorized-integrations)" for instructions on reviewing and deleting access tokens. To generate new access tokens, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)."
|
||||
|
||||
{% ifversion not ghae %}
|
||||
|
||||
If you have reset your account password and would also like to trigger a sign-out from the {% data variables.product.prodname_mobile %} app, you can revoke your authorization of the "GitHub iOS" or "GitHub Android" {% data variables.product.prodname_oauth_app %}. This will sign out all instances of the {% data variables.product.prodname_mobile %} app associated with your account. For additional information, see "[AUTOTITLE](/apps/using-github-apps/reviewing-your-authorized-integrations)."
|
||||
|
||||
{% endif %}
|
||||
|
||||
## Updating your SSH keys
|
||||
|
||||
See "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-ssh-keys)" for instructions on reviewing and deleting SSH keys. To generate and add new SSH keys, see "[AUTOTITLE](/authentication/connecting-to-github-with-ssh)."
|
||||
@@ -81,9 +73,6 @@ See "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-
|
||||
|
||||
If you have any applications registered with {% data variables.product.product_name %}, you'll want to reset their OAuth tokens. For more information, see the "[AUTOTITLE](/rest/apps#reset-an-authorization)" endpoint.
|
||||
|
||||
{% ifversion not ghae %}
|
||||
|
||||
## Preventing unauthorized access
|
||||
|
||||
For more tips on securing your account and preventing unauthorized access, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/preventing-unauthorized-access)."
|
||||
{% endif %}
|
||||
|
||||
@@ -76,8 +76,8 @@ Once you have decided on the secret types, you can do the following:
|
||||
{% endnote %}
|
||||
|
||||
1. When you have created the process that teams will follow for revoking credentials, you can collate information about the types of secrets and other metadata associated with the leaked secrets so you can discern who to communicate the new process to.
|
||||
{% ifversion not ghae %}
|
||||
You can use security overview to collect this information. For more information about using security overview, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."{% endif %}
|
||||
|
||||
You can use security overview to collect this information. For more information about using security overview, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
|
||||
|
||||
Some information you may want to collect includes:
|
||||
|
||||
|
||||
@@ -22,10 +22,8 @@ shortTitle: Add a security policy
|
||||
|
||||
To give people instructions for reporting security vulnerabilities in your project,{% ifversion fpt or ghes or ghec %} you can add a `SECURITY.md` file to your repository's root, `docs`, or `.github` folder.{% else %} you can add a `SECURITY.md` file to your repository's root, or `docs` folder.{% endif %} When someone creates an issue in your repository, they will see a link to your project's security policy.
|
||||
|
||||
{% ifversion not ghae %}
|
||||
<!-- no public repositories in GHAE -->
|
||||
You can create a default security policy for your organization or personal account. For more information, see "[AUTOTITLE](/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file)."
|
||||
{% endif %}
|
||||
|
||||
{% tip %}
|
||||
|
||||
@@ -59,6 +57,6 @@ For an example of a real `SECURITY.md` file, see [https://github.com/electron/el
|
||||
|
||||
## Further reading
|
||||
|
||||
- "[AUTOTITLE](/code-security/getting-started/securing-your-repository)"{% ifversion not ghae %}
|
||||
- "[AUTOTITLE](/communities/setting-up-your-project-for-healthy-contributions)"{% endif %}{% ifversion fpt or ghec %}
|
||||
- "[AUTOTITLE](/code-security/getting-started/securing-your-repository)"
|
||||
- "[AUTOTITLE](/communities/setting-up-your-project-for-healthy-contributions)"{% ifversion fpt or ghec %}
|
||||
- [{% data variables.product.prodname_security %}]({% data variables.product.prodname_security_link %}){% endif %}
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Code security documentation
|
||||
shortTitle: Code security
|
||||
intro: 'Build security into your {% data variables.product.prodname_dotcom %} workflow with features to keep secrets and vulnerabilities out of your codebase{% ifversion not ghae %}, and to maintain your software supply chain{% endif %}.'
|
||||
intro: 'Build security into your {% data variables.product.prodname_dotcom %} workflow with features to keep secrets and vulnerabilities out of your codebase, and to maintain your software supply chain.'
|
||||
redirect_from:
|
||||
- /code-security/guides
|
||||
introLinks:
|
||||
|
||||
@@ -53,7 +53,7 @@ For more information about the authentication methods available for {% data vari
|
||||
{% data reusables.two_fa.mandatory-2fa-contributors-2023 %}
|
||||
{% endif %}
|
||||
|
||||
The best way to improve the security of {% ifversion fpt %}your personal account{% elsif ghes %}your personal account or {% data variables.location.product_location %}{% elsif ghec %}your accounts{% elsif ghae %}your enterprise on {% data variables.product.product_name %}{% endif %} is to configure two-factor authentication (2FA){% ifversion ghae %} on your SAML identity provider (IdP){% endif %}. Passwords by themselves can be compromised by being guessable, by being reused on another site that's been compromised, or by social engineering, like phishing. 2FA makes it much more difficult for your accounts to be compromised, even if an attacker has your password.
|
||||
The best way to improve the security of {% ifversion fpt %}your personal account{% elsif ghes %}your personal account or {% data variables.location.product_location %}{% elsif ghec %}your accounts{% endif %} is to configure two-factor authentication (2FA). Passwords by themselves can be compromised by being guessable, by being reused on another site that's been compromised, or by social engineering, like phishing. 2FA makes it much more difficult for your accounts to be compromised, even if an attacker has your password.
|
||||
|
||||
As a best practice, to ensure both security and reliable access to your account, you should always have at least two second-factor credentials registered on your account. Extra credentials ensures that even if you lose access to one credential, you won't be locked out of your account.{% ifversion fpt or ghec %}
|
||||
|
||||
@@ -63,8 +63,6 @@ Additionally, you should prefer{% ifversion passkeys %} passkeys and{% endif %}
|
||||
If service accounts in your organization have been selected for 2FA enrollment by {% data variables.product.prodname_dotcom %}, their tokens and keys will continue to work after the deadline without interruption. Only access to {% data variables.product.prodname_dotcom %} through the website UI will be blocked until the account has enabled 2FA. We recommend setting up TOTP as the second factor for service accounts, and storing the TOTP secret exposed during setup in your company's shared password manager, with access to the secrets controlled through SSO.
|
||||
{% endif %}{% endif %}
|
||||
|
||||
{% ifversion not ghae %}
|
||||
|
||||
{% ifversion ghec %}
|
||||
If you're an enterprise owner, you may be able to configure a policy to require 2FA for all organizations owned by your enterprise.
|
||||
{% endif %}
|
||||
@@ -129,13 +127,11 @@ If you're an organization owner, you can see which users don't have 2FA enabled,
|
||||
1. "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/preparing-to-require-two-factor-authentication-in-your-organization)"
|
||||
1. "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization)"
|
||||
|
||||
{% endif %}
|
||||
|
||||
## Connect to {% data variables.product.product_name %} using SSH keys
|
||||
|
||||
There are other ways to interact with {% data variables.product.product_name %} beyond signing into the website{% ifversion ghae %} via your IdP{% endif %}. Many people authorize the code they push to {% data variables.product.prodname_dotcom %} with an SSH private key. For more information, see "[AUTOTITLE](/authentication/connecting-to-github-with-ssh/about-ssh)."
|
||||
There are other ways to interact with {% data variables.product.product_name %} beyond signing into the website. Many people authorize the code they push to {% data variables.product.prodname_dotcom %} with an SSH private key. For more information, see "[AUTOTITLE](/authentication/connecting-to-github-with-ssh/about-ssh)."
|
||||
|
||||
Just like {% ifversion ghae %}the password for your IdP account{% else %}your account password{% endif %}, if an attacker were able to get your SSH private key, they could impersonate you and push malicious code to any repository you have write access for. If you store your SSH private key on a disk drive, it's a good idea to protect it with a passphrase. For more information, see "[AUTOTITLE](/authentication/connecting-to-github-with-ssh/working-with-ssh-key-passphrases)."
|
||||
Just like your account password, if an attacker were able to get your SSH private key, they could impersonate you and push malicious code to any repository you have write access for. If you store your SSH private key on a disk drive, it's a good idea to protect it with a passphrase. For more information, see "[AUTOTITLE](/authentication/connecting-to-github-with-ssh/working-with-ssh-key-passphrases)."
|
||||
|
||||
Another option is to generate SSH keys on a hardware security key. You could use the same key you're using for 2FA. Hardware security keys are very difficult to compromise remotely, because the private SSH key remains on the hardware, and is not directly accessible from software. For more information, see "[AUTOTITLE](/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#generating-a-new-ssh-key-for-a-hardware-security-key)."
|
||||
|
||||
|
||||
@@ -62,7 +62,7 @@ To assess the impact of a vulnerability on your code, you also need to consider
|
||||
|
||||
## Secure your communication tokens
|
||||
|
||||
Code often needs to communicate with other systems over a network, and requires secrets (like a password, or an API key) to authenticate. Your system needs access to those secrets to run, but it's best practice to not include them in your source code. This is especially important for repositories to which many people might have access{% ifversion not ghae %} and critical for public repositories{% endif %}.
|
||||
Code often needs to communicate with other systems over a network, and requires secrets (like a password, or an API key) to authenticate. Your system needs access to those secrets to run, but it's best practice to not include them in your source code. This is especially important for repositories to which many people might have access and critical for public repositories.
|
||||
|
||||
### Automatic detection of secrets committed to a repository
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Updating credentials from the macOS Keychain
|
||||
intro: 'You''ll need to update your saved credentials in the `git-credential-osxkeychain` helper if you change your{% ifversion not ghae %} username, password, or{% endif %} {% data variables.product.pat_generic %} on {% data variables.product.product_name %}.'
|
||||
intro: 'You''ll need to update your saved credentials in the `git-credential-osxkeychain` helper if you change your username, password, or {% data variables.product.pat_generic %} on {% data variables.product.product_name %}.'
|
||||
redirect_from:
|
||||
- /articles/updating-credentials-from-the-osx-keychain
|
||||
- /github/using-git/updating-credentials-from-the-osx-keychain
|
||||
@@ -10,7 +10,6 @@ redirect_from:
|
||||
versions:
|
||||
fpt: '*'
|
||||
ghes: '*'
|
||||
ghae: '*'
|
||||
ghec: '*'
|
||||
shortTitle: macOS Keychain credentials
|
||||
---
|
||||
|
||||
@@ -16,9 +16,9 @@ shortTitle: GitHub Advanced Security
|
||||
|
||||
## About {% data variables.product.prodname_GH_advanced_security %}
|
||||
|
||||
{% data variables.product.prodname_dotcom %} has many features that help you improve and maintain the quality of your code. Some of these are included in all plans{% ifversion not ghae %}, such as dependency graph and {% data variables.product.prodname_dependabot_alerts %}{% endif %}. Other security features require a {% data variables.product.prodname_GH_advanced_security %} (GHAS){% ifversion fpt or ghec %} license to run on repositories apart from public repositories on {% data variables.product.prodname_dotcom_the_website %}{% endif %}.
|
||||
{% data variables.product.prodname_dotcom %} has many features that help you improve and maintain the quality of your code. Some of these are included in all plans, such as dependency graph and {% data variables.product.prodname_dependabot_alerts %}. Other security features require a {% data variables.product.prodname_GH_advanced_security %} (GHAS){% ifversion fpt or ghec %} license to run on repositories apart from public repositories on {% data variables.product.prodname_dotcom_the_website %}{% endif %}.
|
||||
|
||||
{% ifversion ghes %}For information about buying a license for {% data variables.product.prodname_GH_advanced_security %}, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)."{% elsif ghec %}For information about buying a license for {% data variables.product.prodname_GH_advanced_security %}, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/signing-up-for-github-advanced-security)."{% elsif ghae %}There is no charge for {% data variables.product.prodname_GH_advanced_security %} on {% data variables.product.prodname_ghe_managed %} during the beta release.{% elsif fpt %}To purchase a {% data variables.product.prodname_GH_advanced_security %} license, you must be using {% data variables.product.prodname_enterprise %}. For information about upgrading to {% data variables.product.prodname_enterprise %} with {% data variables.product.prodname_GH_advanced_security %}, see "[AUTOTITLE](/get-started/learning-about-github/githubs-plans)" and "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)."{% endif %}
|
||||
{% ifversion ghes %}For information about buying a license for {% data variables.product.prodname_GH_advanced_security %}, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)."{% elsif ghec %}For information about buying a license for {% data variables.product.prodname_GH_advanced_security %}, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/signing-up-for-github-advanced-security)."{% elsif fpt %}To purchase a {% data variables.product.prodname_GH_advanced_security %} license, you must be using {% data variables.product.prodname_enterprise %}. For information about upgrading to {% data variables.product.prodname_enterprise %} with {% data variables.product.prodname_GH_advanced_security %}, see "[AUTOTITLE](/get-started/learning-about-github/githubs-plans)" and "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)."{% endif %}
|
||||
|
||||
{% ifversion ghec %}{% data reusables.advanced-security.ghas-trial %}{% endif %}
|
||||
|
||||
@@ -40,11 +40,6 @@ A {% data variables.product.prodname_GH_advanced_security %} license provides th
|
||||
|
||||
- **Dependency review** - Show the full impact of changes to dependencies and see details of any vulnerable versions before you merge a pull request. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)."
|
||||
|
||||
{% ifversion ghae %}
|
||||
<!-- Ref: ghae > 3.6 remove GHAE versioning from this section when the `security-overview-displayed-alerts` flag is toggled for GHAE -->
|
||||
- **Security overview** - Review the security configuration and alerts for an organization and identify the repositories at greatest risk. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview)."
|
||||
{% endif %}
|
||||
|
||||
{% ifversion fpt or ghec %}
|
||||
The table below summarizes the availability of {% data variables.product.prodname_GH_advanced_security %} features for public and private repositories.
|
||||
|
||||
@@ -88,8 +83,6 @@ For public repositories these features are permanently on and can only be disabl
|
||||
|
||||
For other repositories, once you have a license for your enterprise account, you can enable and disable these features at the organization or repository level.
|
||||
|
||||
{%- elsif ghae %}
|
||||
You can enable and disable these features at the organization or repository level.
|
||||
{%- endif %}
|
||||
For more information, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)" and "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)."
|
||||
|
||||
|
||||
Reference in New Issue
Block a user