Octomerger Bot
Binary file not shown.
|
After Width: | Height: | Size: 44 KiB |
@@ -45,4 +45,15 @@ When you enable one or more security and analysis features for existing reposito
|
||||
|
||||
1. Optionally, to enable or disable a feature automatically when new repositories are added, select the checkbox below the feature.
|
||||
|
||||
|
||||
{% ifversion secret-scanning-custom-link-on-block %}
|
||||
|
||||
1. Optionally, to include a resource link in the message that members will see when they attempt to push a secret, select **Add a resource link in the CLI and web UI when a commit is blocked**, then type a URL, and click **Save link**.
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note**: When a custom link is configured for an organization, the organization-level value overrides the custom link set for the enterprise. For more information, see "[Protecting pushes with secret scanning](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)".
|
||||
|
||||
{% endnote %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Protecting pushes with secret scanning
|
||||
intro: 'You can use {% data variables.product.prodname_secret_scanning %} to prevent supported secrets from being pushed into your organization or repository by enabling push protection.'
|
||||
intro: 'You can use {% data variables.product.prodname_secret_scanning %} to prevent supported secrets from being pushed into your {% ifversion secret-scanning-enterprise-level %}enterprise,{% endif %} organization{% ifversion secret-scanning-enterprise-level %},{% endif %} or repository by enabling push protection.'
|
||||
product: '{% data reusables.gated-features.secret-scanning %}'
|
||||
miniTocMaxHeadingLevel: 3
|
||||
versions:
|
||||
@@ -34,10 +34,18 @@ For information on the secrets and service providers supported for push protecti
|
||||
|
||||
## Enabling {% data variables.product.prodname_secret_scanning %} as a push protection
|
||||
|
||||
For you to use {% data variables.product.prodname_secret_scanning %} as a push protection, the organization or repository needs to have both {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_secret_scanning %} enabled. For more information, see "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)," "[Managing security and analysis settings for your repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)," and "[About {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)."
|
||||
For you to use {% data variables.product.prodname_secret_scanning %} as a push protection, the {% ifversion secret-scanning-enterprise-level %}enterprise,{% endif %} organization{% ifversion secret-scanning-enterprise-level %},{% endif %} or repository needs to have both {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_secret_scanning %} enabled. For more information, see {% ifversion secret-scanning-enterprise-level %}"[Managing security and analysis settings for your enterprise](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise),"{% endif %} "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)," "[Managing security and analysis settings for your repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)," and "[About {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)."
|
||||
|
||||
Organization owners, security managers, and repository administrators can enable push protection for {% data variables.product.prodname_secret_scanning %} via the UI and API. For more information, see "[Repositories](/rest/reference/repos#update-a-repository)" and expand the "Properties of the `security_and_analysis` object" section in the REST API documentation.
|
||||
|
||||
{% ifversion secret-scanning-enterprise-level %}
|
||||
### Enabling {% data variables.product.prodname_secret_scanning %} as a push protection for your enterprise
|
||||
{% data reusables.enterprise-accounts.access-enterprise %}
|
||||
{% data reusables.enterprise-accounts.settings-tab %}
|
||||
1. In the left sidebar, click **Code security and analysis**.
|
||||
{% data reusables.advanced-security.secret-scanning-push-protection-enterprise %}
|
||||
{% endif %}
|
||||
|
||||
### Enabling {% data variables.product.prodname_secret_scanning %} as a push protection for an organization
|
||||
|
||||
{% data reusables.organizations.navigate-to-org %}
|
||||
@@ -64,8 +72,6 @@ Up to five detected secrets will be displayed at a time on the command line. If
|
||||
|
||||
Organization admins can provide a custom link that will be displayed when a push is blocked. This custom link can contain organization-specific resources and advice, such as directions on using a recommended secrets vault or who to contact for questions relating to the blocked secret.
|
||||
|
||||
{% ifversion push-protection-custom-link-orgs-beta %}{% data reusables.advanced-security.custom-link-beta %}{% endif %}
|
||||
|
||||
|
||||
|
||||
{% else %}
|
||||
@@ -104,9 +110,6 @@ If {% data variables.product.prodname_dotcom %} blocks a secret that you believe
|
||||
{% ifversion push-protection-custom-link-orgs %}
|
||||
|
||||
Organization admins can provide a custom link that will be displayed when a push is blocked. This custom link can contain resources and advice specific to your organization. For example, the custom link can point to a README file with information about the organization's secret vault, which teams and individuals to escalate questions to, or the organization's approved policy for working with secrets and rewriting commit history.
|
||||
|
||||
{% ifversion push-protection-custom-link-orgs-beta %}{% data reusables.advanced-security.custom-link-beta %}{% endif %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
You can remove the secret from the file using the web UI. Once you remove the secret, the banner at the top of the page will change and tell you that you can now commit your changes.
|
||||
|
||||
@@ -30,9 +30,6 @@ If {% data variables.product.prodname_dotcom %} blocks a secret that you believe
|
||||
{% ifversion push-protection-custom-link-orgs %}
|
||||
|
||||
Organization admins can provide a custom link that will be included in the message from {% data variables.product.product_name %} when your push is blocked. This custom link can contain resources and advice specific to your organization and its policies.
|
||||
|
||||
{% ifversion push-protection-custom-link-orgs-beta %}{% data reusables.advanced-security.custom-link-beta %}{% endif %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
## Resolving a blocked push on the command line
|
||||
|
||||
6
data/features/secret-scanning-custom-link-on-block.yml
Normal file
6
data/features/secret-scanning-custom-link-on-block.yml
Normal file
@@ -0,0 +1,6 @@
|
||||
# Reference: #8384.
|
||||
# Documentation for secret scanning: custom link on block.
|
||||
versions:
|
||||
ghec: '*'
|
||||
ghes: '>=3.8'
|
||||
ghae: '>=3.8'
|
||||
@@ -0,0 +1,8 @@
|
||||
1. Under "{% data variables.product.prodname_secret_scanning_caps %}", under "Push protection", click **Enable all**.
|
||||
|
||||
|
||||
|
||||
2. Optionally, click "Automatically enable for repositories added to {% data variables.product.prodname_secret_scanning %}."{% ifversion secret-scanning-custom-link-on-block %}
|
||||
3. Optionally, to include a custom link in the message that members will see when they attempt to push a secret, click **Add a resource link in the CLI and web UI when a commit is blocked**, then type a URL, and click **Save link**.
|
||||
|
||||
{% endif %}
|
||||
@@ -2,6 +2,5 @@
|
||||
{% ifversion ghec %}{% elsif ghes > 3.4 or ghae > 3.4 %} {% endif %}
|
||||
1. Optionally, click "Automatically enable for repositories added to {% data variables.product.prodname_secret_scanning %}."{% ifversion push-protection-custom-link-orgs %}
|
||||
1. Optionally, to include a custom link in the message that members will see when they attempt to push a secret, select **Add a resource link in the CLI and web UI when a commit is blocked**, then type a URL, and click **Save link**.
|
||||
{% ifversion push-protection-custom-link-orgs-beta %}{% indented_data_reference reusables.advanced-security.custom-link-beta spaces=3 %}{% endif %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
Reference in New Issue
Block a user