Secret scanning is automatically enabled on all new public repositories - [GA] #13800 (#49492)

Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
Co-authored-by: Siara <108543037+SiaraMist@users.noreply.github.com>

content/code-security/getting-started/github-security-features.md

@@ -75,9 +75,9 @@ Security overview shows which security features are enabled for the repository,
 
 ## Available for free public repositories
 
-### {% data variables.secret-scanning.partner_alerts_caps %}
+### {% data variables.secret-scanning.user_alerts_caps %}
 
-Automatically detect leaked secrets across all public repositories, as well as public npm packages. {% data variables.product.company_short %} informs the relevant service provider that the secret may be compromised. For details of the supported secrets and service providers, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)."
+Automatically detect tokens or credentials that have been checked into a {% ifversion ghec %}user-owned {% endif %}public repository. You can view alerts for any secrets that {% data variables.product.company_short %} finds in your code, in the **Security** tab of the repository, so that you know which tokens or credentials to treat as compromised. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users)."
 
 {% ifversion secret-scanning-push-protection-for-users %}
 
@@ -87,6 +87,10 @@ Push protection for users automatically protects you from accidentally committin
 
 {% endif %}
 
+### {% data variables.secret-scanning.partner_alerts_caps %}
+
+Automatically detect leaked secrets across all public repositories, as well as public npm packages. {% data variables.product.company_short %} informs the relevant service provider that the secret may be compromised. For details of the supported secrets and service providers, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)."
+
 {% endif %}
 
 ## Available with {% data variables.product.prodname_GH_advanced_security %}

content/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories.md

@@ -99,20 +99,21 @@ For more information about non-provider patterns, see "{% ifversion fpt or ghec
 
 {% endif %}
 
-{% ifversion fpt %}
+{% ifversion secret-scanning-enable-by-default-for-public-repos %}
 
-## Enabling {% data variables.secret-scanning.user_alerts %} for all your public repositories
+## Enabling {% data variables.secret-scanning.user_alerts %} for all your {% ifversion ghec %}user-owned {% endif %}public repositories
 
-You can enable {% data variables.secret-scanning.user_alerts %} for all of your public repositories through your personal account settings.
+You can enable {% data variables.product.prodname_secret_scanning %} for all of your existing {% ifversion ghec %}user-owned {% endif %}public repositories through your personal account settings.
+{% note %}
+
+**Note**: As of March 11, 2024, {% data variables.product.prodname_secret_scanning %} and push protection will be enabled by default for all new {% ifversion ghec %}user-owned {% endif %}public repositories that you create. You can still choose to disable these features for an individual repository in the repository's "Code security and analysis" settings page. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#enabling-or-disabling-security-and-analysis-features-for-public-repositories)".
+
+{% endnote %}
 
 {% data reusables.user-settings.access_settings %}
 {% data reusables.user-settings.security-analysis %}
 1. Under "Code security and analysis", to the right of "{% data variables.product.prodname_secret_scanning_caps %}", click **Disable all** or **Enable all**.
-
-   ![Screenshot of the setting options for "{% data variables.product.prodname_secret_scanning_caps %}" on the personal account settings page. The options "Enable all" and "Disable all" are highlighted with an orange outline.](/assets/images/help/repository/secret-scanning-personal-account-settings-enable-all.png)
-1. Optionally, to automatically enable {% data variables.product.prodname_secret_scanning %} for any new public repositories that you create, below "{% data variables.product.prodname_secret_scanning_caps %}", select the checkbox for "Automatically enable for new public repositories."
-
-   ![Screenshot of the setting options for "{% data variables.product.prodname_secret_scanning_caps %}" on the personal account settings page. The option "Automatically enable for new public repositories" is highlighted with an orange outline.](/assets/images/help/repository/secret-scanning-personal-account-settings-auto-enable.png)
+{% data reusables.secret-scanning.push-protection-optional-enable %}
 
 {% endif %}
 

content/code-security/secret-scanning/push-protection-for-repositories-and-organizations.md

@@ -60,6 +60,12 @@ For you to use {% data variables.product.prodname_secret_scanning %} as a push p
 
 Organization owners, security managers, and repository administrators can also enable push protection for {% data variables.product.prodname_secret_scanning %} via the API. For more information, see "[AUTOTITLE](/rest/repos#update-a-repository)" and expand the "Properties of the `security_and_analysis` object" section.
 
+{% ifversion secret-scanning-enable-by-default-for-public-repos %}
+
+You can also enable push protection for all of your existing {% ifversion ghec %}user-owned {% endif %} public repositories through your personal account settings. For any new public repositories you create, push protection will be enabled by default. For more information, see "[AUTOTITLE](/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories#enabling-secret-scanning-alerts-for-users-for-all-your-public-repositories)."
+
+{% endif %}
+
 {% ifversion secret-scanning-enterprise-level-api %}
 Enterprise administrators can also enable or disable {% data variables.product.prodname_secret_scanning %} as a push protection for the enterprise via the API. For more information, see "[AUTOTITLE](/rest/enterprise-admin/code-security-and-analysis)."{% endif %}
 

content/get-started/learning-about-github/about-github-advanced-security.md

@@ -36,7 +36,7 @@ A {% data variables.product.prodname_GH_advanced_security %} license provides th
 
 - **{% data variables.product.prodname_code_scanning_caps %}** - Search for potential security vulnerabilities and coding errors in your code. For more information, see "[AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning)."
 
-- **{% data variables.product.prodname_secret_scanning_caps %}** - Detect secrets, for example keys and tokens, that have been checked into {% ifversion fpt %} private repositories{% else %} the repository{% endif %}. {% ifversion fpt%}{% data variables.secret-scanning.user_alerts_caps %} and {% data variables.secret-scanning.partner_alerts %} are available and free of charge for public repositories on {% data variables.product.prodname_dotcom_the_website %}.{% endif %}{% ifversion secret-scanning-push-protection %} If push protection is enabled, also detects secrets when they are pushed to your repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)" and "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations)."{% else %} For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)."{% endif %}
+- **{% data variables.product.prodname_secret_scanning_caps %}** - Detect secrets, for example keys and tokens, that have been checked into {% ifversion fpt %}private repositories{% else %} the repository{% endif %}.{% ifversion secret-scanning-push-protection %} If push protection is enabled, {% data variables.product.prodname_dotcom %} also detects secrets when they are pushed to your repository. {% ifversion secret-scanning-enable-by-default-for-public-repos %}{% data variables.secret-scanning.user_alerts_caps %} and push protection are available and free of charge for all {% ifversion ghec %}user-owned {% endif %}public repositories on {% data variables.product.prodname_dotcom_the_website %}.{% endif %} For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)" and "[AUTOTITLE](/code-security/secret-scanning/push-protection-for-repositories-and-organizations)."{% else %} For more information, see "[AUTOTITLE](/code-security/secret-scanning/about-secret-scanning)."{% endif %}
 
 {% ifversion dependabot-auto-triage-rules %}
 

data/features/secret-scanning-enable-by-default-for-public-repos.yml

@@ -0,0 +1,5 @@
+# Reference: #13800.
+# Secret scanning is automatically enabled on all new public repositories - [GA]
+versions:
+  fpt: '*'
+  ghec: '*'

data/reusables/gated-features/push-protection-for-repos.md

@@ -1,6 +1,6 @@
 {%- ifversion fpt or ghec %}
 
-Push protection for repositories and organizations is available for free on all public repositories. Organizations using {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_advanced_security %} can also enable push protection on their private and internal repositories.
+Push protection for repositories and organizations is available for {% ifversion ghec %}user-owned {% endif %}public repositories for free. Organizations using {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_advanced_security %} can also enable push protection on their private and internal repositories.
 
 {%- elsif ghes %}
 Push protection is available for organization-owned repositories in {% data variables.product.product_name %} if your enterprise has a license for {% data variables.product.prodname_GH_advanced_security %}.{% endif %}

data/reusables/gated-features/push-protection-users-and-repos.md

@@ -5,7 +5,7 @@ Push protection for users is on by default and can be disabled in your personal
 
 {%- endif %}
 
-Push protection for repositories and organizations is available for free on all public repositories. Organizations using {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_advanced_security %} can also enable push protection on their private and internal repositories.
+Push protection for repositories and organizations is available for {% ifversion ghec %}user-owned {% endif %}public repositories for free. Organizations using {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_advanced_security %} can also enable push protection on their private and internal repositories.
 
 {%- elsif ghes %}
 Push protection is available for organization-owned repositories in {% data variables.product.product_name %} if your enterprise has a license for {% data variables.product.prodname_GH_advanced_security %}.{% endif %}

data/reusables/gated-features/secret-scanning.md

@@ -1,7 +1,7 @@
 {%- ifversion fpt or ghec %}
 {% data variables.secret-scanning.partner_alerts_caps %} runs automatically on public repositories and public npm packages to notify service providers about leaked secrets on {% data variables.product.prodname_dotcom_the_website %}.
 
-{% data variables.secret-scanning.user_alerts_caps %} are available for free on all public repositories. Organizations using {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_advanced_security %} can also enable {% data variables.secret-scanning.user_alerts %} on their private and internal repositories. {% data reusables.secret-scanning.secret-scanning-user-owned-repos-beta %}
+{% data variables.secret-scanning.user_alerts_caps %} are available for {% ifversion ghec %}user-owned {% endif %}public repositories for free. Organizations using {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_advanced_security %} can also enable {% data variables.secret-scanning.user_alerts %} on their private and internal repositories. {% data reusables.secret-scanning.secret-scanning-user-owned-repos-beta %}
 
 {%- elsif ghes %}
 {% data variables.product.prodname_secret_scanning_caps %} is available for organization-owned repositories{% ifversion secret-scanning-user-owned-repos %}, and in beta for user-owned repositories{% endif %} in {% data variables.product.product_name %} if your enterprise has a license for {% data variables.product.prodname_GH_advanced_security %}.

data/reusables/secret-scanning/push-protection-optional-enable.md

@@ -0,0 +1,7 @@
+{% ifversion secret-scanning-push-protection %}
+
+1. Optionally, if you want to enable push protection, click **Enable** to the right of "Push protection." {% data reusables.secret-scanning.push-protection-overview %} For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)."
+
+   ![Screenshot of the "{% data variables.product.prodname_secret_scanning_caps %}" section. The "Enable" button is highlighted in a dark orange outline in the "Push protection" section.](/assets/images/help/repository/secret-scanning-enable-push-protection.png)
+
+{% endif %}