Merge branch 'main' into repo-sync
This commit is contained in:
Octomerger Bot
@@ -1,6 +1,6 @@
|
||||
---
|
||||
title: SCIM
|
||||
intro: ''
|
||||
intro: 'You can automate user creation and team memberships using the SCIM API.'
|
||||
versions:
|
||||
ghes: '>=3.6'
|
||||
topics:
|
||||
@@ -8,3 +8,70 @@ topics:
|
||||
miniTocMaxHeadingLevel: 3
|
||||
---
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note:** The SCIM API for {% data variables.product.product_name %} is currently in private beta and subject to change. To access the private beta and test the API, contact your account manager on {% data variables.contact.contact_enterprise_sales %}.
|
||||
|
||||
{% endnote %}
|
||||
|
||||
## About the SCIM API
|
||||
|
||||
{% data variables.product.product_name %} provides a SCIM API for use by SCIM-enabled Identity Providers (IdPs). An integration on the IdP can use the API to automatically provision, manage, or deprovision user accounts on a {% data variables.product.product_name %} instance that uses SAML single sign-on (SSO) for authentication. For more information about SAML SSO, see "[About SAML for enterprise IAM](/admin/identity-and-access-management/using-saml-for-enterprise-iam/about-saml-for-enterprise-iam)."
|
||||
|
||||
The SCIM API is based on SCIM 2.0. For more information, see the [specification](https://www.simplecloud.info/#Specification).
|
||||
|
||||
### SCIM endpoint URLs
|
||||
|
||||
An IdP can use the following root URL to communicate with the SCIM API for a {% data variables.product.product_name %} instance.
|
||||
|
||||
```
|
||||
{% data variables.product.api_url_code %}/scim/v2/
|
||||
```
|
||||
|
||||
Endpoint URLs for the SCIM API are case-sensitive. For example, the first letter in the `Users` endpoint must be capitalized.
|
||||
|
||||
```shell
|
||||
GET /scim/v2/Users/{scim_user_id}
|
||||
```
|
||||
|
||||
### Authenticating calls to the SCIM API
|
||||
|
||||
The SCIM integration on the IdP performs actions on behalf of an enterprise owner for the {% data variables.product.product_name %} instance. For more information, see "[Roles in an enterprise](/admin/user-management/managing-users-in-your-enterprise/roles-in-an-enterprise#enterprise-owners)."
|
||||
|
||||
To authenticate requests to the API, the person who configures SCIM on the IdP must use a personal access token (classic) with `admin:enterprise` scope, which the IdP must provide in the request's `Authorization` header. For more information about personal access tokens (classic), see "[Creating a personal access token](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)".
|
||||
|
||||
{% note %}
|
||||
|
||||
**Note:** Enterprise owners must generate and use a personal access token (classic) for authentication of requests to the SCIM API. {% ifversion ghes > 3.8 %}Fine-grained personal access tokens and {% endif %}GitHub app callers are not supported at this time.
|
||||
|
||||
{% endnote %}
|
||||
|
||||
### About mapping of SAML and SCIM data
|
||||
|
||||
The {% data variables.product.product_name %} instance links each user who authenticates successfully with SAML SSO to a SCIM identity. To link the identities successfully, the SAML IdP and the SCIM integration must use matching SAML `NameID` and SCIM `userName` values for each user.
|
||||
|
||||
{% ifversion ghes > 3.7 %}
|
||||
{% note %}
|
||||
|
||||
**Note:** If the {% data variables.product.product_name %} uses Azure AD as a SAML IdP, {% data variables.product.product_name %} will also check the SCIM `externalId` claim and SAML `http://schemas.microsoft.com/identity/claims/objectidentifier` claim to match users first, instead of using `NameID` and `userName`.
|
||||
|
||||
{% endnote %}
|
||||
{% endif %}
|
||||
|
||||
### Supported SCIM user attributes
|
||||
|
||||
The SCIM API's `User` endpoints support the following attributes within a request's parameters.
|
||||
|
||||
| Name | Type | Description |
|
||||
| :- | :- | :- |
|
||||
| `displayName` | String | Human-readable name for a user. |
|
||||
| `name.formatted` | String | The user's full name, including all middle names, titles, and suffixes, formatted for display.
|
||||
| `name.givenName` | String | The first name of the user. |
|
||||
| `name.familyName` | String | The last name of the user. |
|
||||
| `userName` | String | The username for the user, generated by the IdP. Undergoes [normalization](/admin/identity-and-access-management/managing-iam-for-your-enterprise/username-considerations-for-external-authentication#about-username-normalization) before being used.
|
||||
| `emails` | Array | List of the user's emails. |
|
||||
| `roles` | Array | List of the user's roles. |
|
||||
| `externalId` | String | This identifier is generated by an IdP provider. You can find the `externalId` for a user either on the IdP, or by using the [List SCIM provisioned identities](#list-scim-provisioned-identities-for-an-enterprise) endpoint and filtering on other known attributes, such as a user's username or email address on the {% data variables.product.product_name %} instance. |
|
||||
| `id` | String | Identifier generated by the instance's SCIM endpoint. |
|
||||
| `active` | Boolean | Indicates whether the identity is active (`true`) or should be suspended (`false`). |
|
||||
|
||||
|
||||
@@ -20,3 +20,4 @@ sections:
|
||||
- Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.
|
||||
- '{% data variables.product.prodname_actions %} storage settings cannot be validated and saved in the {% data variables.enterprise.management_console %} when "Force Path Style" is selected, and must instead be configured with the `ghe-actions-precheck` command line utility.'
|
||||
- '{% data reusables.release-notes.ghas-3.4-secret-scanning-known-issue %}'
|
||||
- The [file finder](/search-github/searching-on-github/finding-files-on-github) does not return any results. To restore functionality, reinstall the 3.3.12 patch release using a full upgrade package. For more information, see "[Upgrading GitHub Enterprise Server](/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server#upgrading-with-an-upgrade-package)."
|
||||
@@ -956,8 +956,8 @@
|
||||
"/rest/teams#unlink-external-idp-group-team-connection": "/rest/teams/external-groups#unlink-external-idp-group-team-connection",
|
||||
"/rest/teams#list-idp-groups-for-a-team": "/rest/teams/team-sync#list-idp-groups-for-a-team",
|
||||
"/rest/teams#create-or-update-idp-group-connections": "/rest/teams/team-sync#create-or-update-idp-group-connections",
|
||||
"/rest/actions/oidc#get-the-opt-out-flag-of-an-oidc-subject-claim-customization-for-a-repository": "/rest/actions/oidc#get-the-opt-out-flag-of-an-oidc-subject-claim-customization-for-a-repository",
|
||||
"/rest/actions/oidc#set-the-opt-out-flag-of-an-oidc-subject-claim-customization-for-a-repository": "/rest/actions/oidc#set-the-opt-out-flag-of-an-oidc-subject-claim-customization-for-a-repository",
|
||||
"/rest/actions/oidc#get-the-customization-template-for-an-oidc-subject-claim-for-a-repository": "/rest/actions/oidc#get-the-customization-template-for-an-oidc-subject-claim-for-a-repository",
|
||||
"/rest/actions/oidc#set-the-customization-template-for-an-oidc-subject-claim-for-a-repository": "/rest/actions/oidc#set-the-customization-template-for-an-oidc-subject-claim-for-a-repository",
|
||||
"/rest/teams#list-idp-groups-for-a-team-legacy": "/rest/teams/team-sync#list-idp-groups-for-a-team-legacy",
|
||||
"/rest/teams#create-or-update-idp-group-connections-legacy": "/rest/teams/team-sync#create-or-update-idp-group-connections-legacy",
|
||||
"/rest/enterprise-admin#list-global-webhooks": "/rest/enterprise-admin/global-webhooks#list-global-webhooks",
|
||||
|
||||
@@ -4115,13 +4115,13 @@
|
||||
"requestPath": "/repos/{owner}/{repo}/actions/jobs/{job_id}/rerun"
|
||||
},
|
||||
{
|
||||
"slug": "get-the-opt-out-flag-of-an-oidc-subject-claim-customization-for-a-repository",
|
||||
"slug": "get-the-customization-template-for-an-oidc-subject-claim-for-a-repository",
|
||||
"subcategory": "oidc",
|
||||
"verb": "get",
|
||||
"requestPath": "/repos/{owner}/{repo}/actions/oidc/customization/sub"
|
||||
},
|
||||
{
|
||||
"slug": "set-the-opt-in-flag-of-an-oidc-subject-claim-customization-for-a-repository",
|
||||
"slug": "set-the-customization-template-for-an-oidc-subject-claim-for-a-repository",
|
||||
"subcategory": "oidc",
|
||||
"verb": "put",
|
||||
"requestPath": "/repos/{owner}/{repo}/actions/oidc/customization/sub"
|
||||
@@ -22133,7 +22133,7 @@
|
||||
"requestPath": "/scim/v2/enterprises/{enterprise}/Groups"
|
||||
},
|
||||
{
|
||||
"slug": "provision-a-scim-enterprise-group-and-invite-users",
|
||||
"slug": "provision-a-scim-enterprise-group",
|
||||
"subcategory": "scim",
|
||||
"verb": "post",
|
||||
"requestPath": "/scim/v2/enterprises/{enterprise}/Groups"
|
||||
@@ -22169,7 +22169,7 @@
|
||||
"requestPath": "/scim/v2/enterprises/{enterprise}/Users"
|
||||
},
|
||||
{
|
||||
"slug": "provision-and-invite-a-scim-enterprise-user",
|
||||
"slug": "provision-a-scim-enterprise-user",
|
||||
"subcategory": "scim",
|
||||
"verb": "post",
|
||||
"requestPath": "/scim/v2/enterprises/{enterprise}/Users"
|
||||
|
||||
@@ -88571,6 +88571,10 @@
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"subscribed": true,
|
||||
"ignored": false
|
||||
},
|
||||
"parameters": {
|
||||
"owner": "OWNER",
|
||||
"repo": "REPO"
|
||||
@@ -241395,6 +241399,10 @@
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"limit": "collaborators_only",
|
||||
"expiry": "one_month"
|
||||
},
|
||||
"parameters": {
|
||||
"org": "ORG"
|
||||
}
|
||||
@@ -383879,7 +383887,7 @@
|
||||
"type": "string",
|
||||
"name": "merge_method",
|
||||
"in": "body",
|
||||
"description": "<p>Merge method to use. Possible values are <code>merge</code>, <code>squash</code> or <code>rebase</code>. Default is <code>merge</code>.</p>",
|
||||
"description": "<p>The merge method to use.</p>",
|
||||
"enum": [
|
||||
"merge",
|
||||
"squash",
|
||||
@@ -383890,11 +383898,15 @@
|
||||
"enabledForGitHubApps": true,
|
||||
"codeExamples": [
|
||||
{
|
||||
"key": "default",
|
||||
"key": "response-if-merge-was-successful",
|
||||
"request": {
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"commit_title": "Expand enum",
|
||||
"commit_message": "Add a new value to the merge_method enum"
|
||||
},
|
||||
"parameters": {
|
||||
"owner": "OWNER",
|
||||
"repo": "REPO",
|
||||
@@ -441091,7 +441103,14 @@
|
||||
"request": {
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json"
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"name": "Hello-World",
|
||||
"description": "This is your first repo!",
|
||||
"homepage": "https://github.com",
|
||||
"private": false,
|
||||
"is_template": true
|
||||
}
|
||||
},
|
||||
"response": {
|
||||
"statusCode": "201",
|
||||
@@ -448469,6 +448488,11 @@
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"organization": "octocat",
|
||||
"name": "Hello-World",
|
||||
"default_branch_only": true
|
||||
},
|
||||
"parameters": {
|
||||
"owner": "OWNER",
|
||||
"repo": "REPO"
|
||||
|
||||
@@ -1757,6 +1757,7 @@
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"include_claim_keys": {
|
||||
"description": "Array of unique strings. Each claim key can only contain alphanumeric characters and underscores.",
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "string"
|
||||
@@ -1802,7 +1803,7 @@
|
||||
"type": "array of strings",
|
||||
"name": "include_claim_keys",
|
||||
"in": "body",
|
||||
"description": "",
|
||||
"description": "<p>Array of unique strings. Each claim key can only contain alphanumeric characters and underscores.</p>",
|
||||
"isRequired": true
|
||||
}
|
||||
],
|
||||
@@ -1860,7 +1861,7 @@
|
||||
"serverUrl": "https://api.github.com",
|
||||
"verb": "get",
|
||||
"requestPath": "/repos/{owner}/{repo}/actions/oidc/customization/sub",
|
||||
"title": "Get the opt-out flag of an OIDC subject claim customization for a repository",
|
||||
"title": "Get the customization template for an OIDC subject claim for a repository",
|
||||
"category": "actions",
|
||||
"subcategory": "oidc",
|
||||
"parameters": [
|
||||
@@ -1901,15 +1902,27 @@
|
||||
"contentType": "application/json",
|
||||
"description": "<p>Status response</p>",
|
||||
"example": {
|
||||
"use_default": false
|
||||
"use_default": false,
|
||||
"include_claim_keys": [
|
||||
"repo",
|
||||
"context"
|
||||
]
|
||||
},
|
||||
"schema": {
|
||||
"title": "The json payload enables/disables the use of sub claim customization",
|
||||
"description": "OIDC Customer Subject",
|
||||
"title": "Actions OIDC subject customization for a repository",
|
||||
"description": "Actions OIDC subject customization for a repository",
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"use_default": {
|
||||
"description": "Whether to use the default template or not. If `true`, the `include_claim_keys` field is ignored.",
|
||||
"type": "boolean"
|
||||
},
|
||||
"include_claim_keys": {
|
||||
"description": "Array of unique strings. Each claim key can only contain alphanumeric characters and underscores.",
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
},
|
||||
"required": [
|
||||
@@ -1920,7 +1933,7 @@
|
||||
}
|
||||
],
|
||||
"previews": [],
|
||||
"descriptionHTML": "<p>Gets the <code>opt-out</code> flag of a GitHub Actions OpenID Connect (OIDC) subject claim customization for a repository.\nYou must authenticate using an access token with the <code>repo</code> scope to use this\nendpoint. GitHub Apps must have the <code>organization_administration:read</code> permission to use this endpoint.</p>",
|
||||
"descriptionHTML": "<p>Gets the customization template for an OpenID Connect (OIDC) subject claim.\nYou must authenticate using an access token with the <code>repo</code> scope to use this\nendpoint. GitHub Apps must have the <code>organization_administration:read</code> permission to use this endpoint.</p>",
|
||||
"statusCodes": [
|
||||
{
|
||||
"httpStatusCode": "200",
|
||||
@@ -1940,7 +1953,7 @@
|
||||
"serverUrl": "https://api.github.com",
|
||||
"verb": "put",
|
||||
"requestPath": "/repos/{owner}/{repo}/actions/oidc/customization/sub",
|
||||
"title": "Set the opt-in flag of an OIDC subject claim customization for a repository",
|
||||
"title": "Set the customization template for an OIDC subject claim for a repository",
|
||||
"category": "actions",
|
||||
"subcategory": "oidc",
|
||||
"parameters": [
|
||||
@@ -1968,8 +1981,14 @@
|
||||
"type": "boolean",
|
||||
"name": "use_default",
|
||||
"in": "body",
|
||||
"description": "",
|
||||
"description": "<p>Whether to use the default template or not. If <code>true</code>, the <code>include_claim_keys</code> field is ignored.</p>",
|
||||
"isRequired": true
|
||||
},
|
||||
{
|
||||
"type": "array of strings",
|
||||
"name": "include_claim_keys",
|
||||
"in": "body",
|
||||
"description": "<p>Array of unique strings. Each claim key can only contain alphanumeric characters and underscores.</p>"
|
||||
}
|
||||
],
|
||||
"enabledForGitHubApps": true,
|
||||
@@ -1981,7 +2000,11 @@
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"use_default": false
|
||||
"use_default": false,
|
||||
"include_claim_keys": [
|
||||
"repo",
|
||||
"context"
|
||||
]
|
||||
},
|
||||
"parameters": {
|
||||
"owner": "OWNER",
|
||||
@@ -1995,7 +2018,7 @@
|
||||
}
|
||||
],
|
||||
"previews": [],
|
||||
"descriptionHTML": "<p>Sets the <code>opt-in</code> or <code>opt-out</code> flag of a GitHub Actions OpenID Connect (OIDC) subject claim customization for a repository.\nYou must authenticate using an access token with the <code>repo</code> scope to use this\nendpoint. GitHub Apps must have the <code>actions:write</code> permission to use this endpoint.</p>",
|
||||
"descriptionHTML": "<p>Sets the customization template and <code>opt-in</code> or <code>opt-out</code> flag for an OpenID Connect (OIDC) subject claim for a repository.\nYou must authenticate using an access token with the <code>repo</code> scope to use this\nendpoint. GitHub Apps must have the <code>actions:write</code> permission to use this endpoint.</p>",
|
||||
"statusCodes": [
|
||||
{
|
||||
"httpStatusCode": "201",
|
||||
@@ -88998,6 +89021,10 @@
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"subscribed": true,
|
||||
"ignored": false
|
||||
},
|
||||
"parameters": {
|
||||
"owner": "OWNER",
|
||||
"repo": "REPO"
|
||||
@@ -242757,6 +242784,10 @@
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"limit": "collaborators_only",
|
||||
"expiry": "one_month"
|
||||
},
|
||||
"parameters": {
|
||||
"org": "ORG"
|
||||
}
|
||||
@@ -385814,7 +385845,7 @@
|
||||
"type": "string",
|
||||
"name": "merge_method",
|
||||
"in": "body",
|
||||
"description": "<p>Merge method to use. Possible values are <code>merge</code>, <code>squash</code> or <code>rebase</code>. Default is <code>merge</code>.</p>",
|
||||
"description": "<p>The merge method to use.</p>",
|
||||
"enum": [
|
||||
"merge",
|
||||
"squash",
|
||||
@@ -385825,11 +385856,15 @@
|
||||
"enabledForGitHubApps": true,
|
||||
"codeExamples": [
|
||||
{
|
||||
"key": "default",
|
||||
"key": "response-if-merge-was-successful",
|
||||
"request": {
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"commit_title": "Expand enum",
|
||||
"commit_message": "Add a new value to the merge_method enum"
|
||||
},
|
||||
"parameters": {
|
||||
"owner": "OWNER",
|
||||
"repo": "REPO",
|
||||
@@ -443026,7 +443061,14 @@
|
||||
"request": {
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json"
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"name": "Hello-World",
|
||||
"description": "This is your first repo!",
|
||||
"homepage": "https://github.com",
|
||||
"private": false,
|
||||
"is_template": true
|
||||
}
|
||||
},
|
||||
"response": {
|
||||
"statusCode": "201",
|
||||
@@ -450404,6 +450446,11 @@
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"organization": "octocat",
|
||||
"name": "Hello-World",
|
||||
"default_branch_only": true
|
||||
},
|
||||
"parameters": {
|
||||
"owner": "OWNER",
|
||||
"repo": "REPO"
|
||||
@@ -457679,7 +457726,7 @@
|
||||
},
|
||||
{
|
||||
"httpStatusCode": "400",
|
||||
"description": "<p>Bad Request</p>"
|
||||
"description": "<p>Bad request</p>"
|
||||
},
|
||||
{
|
||||
"httpStatusCode": "403",
|
||||
@@ -457691,7 +457738,7 @@
|
||||
},
|
||||
{
|
||||
"httpStatusCode": "429",
|
||||
"description": "<p>Too Many Requests</p>"
|
||||
"description": "<p>Too many requests</p>"
|
||||
}
|
||||
],
|
||||
"subcategory": "scim"
|
||||
@@ -458081,7 +458128,7 @@
|
||||
}
|
||||
],
|
||||
"previews": [],
|
||||
"descriptionHTML": "<p>Provision organization membership for a user, and send an activation email to the email address.</p>",
|
||||
"descriptionHTML": "<p>Provisions organization membership for a user, and sends an activation email to the email address. If the user was previously a member of the organization, the invitation will reinstate any former privileges that the user had. For more information about reinstating former members, see \"<a href=\"https://docs.github.com/enterprise-cloud@latest//organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization\">Reinstating a former member of your organization</a>.\"</p>",
|
||||
"statusCodes": [
|
||||
{
|
||||
"httpStatusCode": "201",
|
||||
@@ -458093,7 +458140,7 @@
|
||||
},
|
||||
{
|
||||
"httpStatusCode": "400",
|
||||
"description": "<p>Bad Request</p>"
|
||||
"description": "<p>Bad request</p>"
|
||||
},
|
||||
{
|
||||
"httpStatusCode": "403",
|
||||
@@ -458109,7 +458156,7 @@
|
||||
},
|
||||
{
|
||||
"httpStatusCode": "500",
|
||||
"description": "<p>Internal Error</p>"
|
||||
"description": "<p>Internal server error</p>"
|
||||
}
|
||||
],
|
||||
"subcategory": "scim"
|
||||
@@ -459210,7 +459257,7 @@
|
||||
},
|
||||
{
|
||||
"httpStatusCode": "400",
|
||||
"description": "<p>Bad Request</p>"
|
||||
"description": "<p>Bad request</p>"
|
||||
},
|
||||
{
|
||||
"httpStatusCode": "403",
|
||||
|
||||
@@ -77648,6 +77648,10 @@
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"subscribed": true,
|
||||
"ignored": false
|
||||
},
|
||||
"parameters": {
|
||||
"owner": "OWNER",
|
||||
"repo": "REPO"
|
||||
@@ -308952,7 +308956,7 @@
|
||||
"type": "string",
|
||||
"name": "merge_method",
|
||||
"in": "body",
|
||||
"description": "<p>Merge method to use. Possible values are <code>merge</code>, <code>squash</code> or <code>rebase</code>. Default is <code>merge</code>.</p>",
|
||||
"description": "<p>The merge method to use.</p>",
|
||||
"enum": [
|
||||
"merge",
|
||||
"squash",
|
||||
@@ -308963,11 +308967,15 @@
|
||||
"enabledForGitHubApps": true,
|
||||
"codeExamples": [
|
||||
{
|
||||
"key": "default",
|
||||
"key": "response-if-merge-was-successful",
|
||||
"request": {
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"commit_title": "Expand enum",
|
||||
"commit_message": "Add a new value to the merge_method enum"
|
||||
},
|
||||
"parameters": {
|
||||
"owner": "OWNER",
|
||||
"repo": "REPO",
|
||||
@@ -370012,7 +370020,14 @@
|
||||
"request": {
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json"
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"name": "Hello-World",
|
||||
"description": "This is your first repo!",
|
||||
"homepage": "https://github.com",
|
||||
"private": false,
|
||||
"is_template": true
|
||||
}
|
||||
},
|
||||
"response": {
|
||||
"statusCode": "201",
|
||||
@@ -376822,6 +376837,11 @@
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"organization": "octocat",
|
||||
"name": "Hello-World",
|
||||
"default_branch_only": true
|
||||
},
|
||||
"parameters": {
|
||||
"owner": "OWNER",
|
||||
"repo": "REPO"
|
||||
|
||||
@@ -78007,6 +78007,10 @@
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"subscribed": true,
|
||||
"ignored": false
|
||||
},
|
||||
"parameters": {
|
||||
"owner": "OWNER",
|
||||
"repo": "REPO"
|
||||
@@ -310268,7 +310272,7 @@
|
||||
"type": "string",
|
||||
"name": "merge_method",
|
||||
"in": "body",
|
||||
"description": "<p>Merge method to use. Possible values are <code>merge</code>, <code>squash</code> or <code>rebase</code>. Default is <code>merge</code>.</p>",
|
||||
"description": "<p>The merge method to use.</p>",
|
||||
"enum": [
|
||||
"merge",
|
||||
"squash",
|
||||
@@ -310279,11 +310283,15 @@
|
||||
"enabledForGitHubApps": true,
|
||||
"codeExamples": [
|
||||
{
|
||||
"key": "default",
|
||||
"key": "response-if-merge-was-successful",
|
||||
"request": {
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"commit_title": "Expand enum",
|
||||
"commit_message": "Add a new value to the merge_method enum"
|
||||
},
|
||||
"parameters": {
|
||||
"owner": "OWNER",
|
||||
"repo": "REPO",
|
||||
@@ -365813,7 +365821,14 @@
|
||||
"request": {
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json"
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"name": "Hello-World",
|
||||
"description": "This is your first repo!",
|
||||
"homepage": "https://github.com",
|
||||
"private": false,
|
||||
"is_template": true
|
||||
}
|
||||
},
|
||||
"response": {
|
||||
"statusCode": "201",
|
||||
@@ -373046,6 +373061,11 @@
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"organization": "octocat",
|
||||
"name": "Hello-World",
|
||||
"default_branch_only": true
|
||||
},
|
||||
"parameters": {
|
||||
"owner": "OWNER",
|
||||
"repo": "REPO"
|
||||
|
||||
@@ -80092,6 +80092,10 @@
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"subscribed": true,
|
||||
"ignored": false
|
||||
},
|
||||
"parameters": {
|
||||
"owner": "OWNER",
|
||||
"repo": "REPO"
|
||||
@@ -328469,7 +328473,7 @@
|
||||
"type": "string",
|
||||
"name": "merge_method",
|
||||
"in": "body",
|
||||
"description": "<p>Merge method to use. Possible values are <code>merge</code>, <code>squash</code> or <code>rebase</code>. Default is <code>merge</code>.</p>",
|
||||
"description": "<p>The merge method to use.</p>",
|
||||
"enum": [
|
||||
"merge",
|
||||
"squash",
|
||||
@@ -328480,11 +328484,15 @@
|
||||
"enabledForGitHubApps": true,
|
||||
"codeExamples": [
|
||||
{
|
||||
"key": "default",
|
||||
"key": "response-if-merge-was-successful",
|
||||
"request": {
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"commit_title": "Expand enum",
|
||||
"commit_message": "Add a new value to the merge_method enum"
|
||||
},
|
||||
"parameters": {
|
||||
"owner": "OWNER",
|
||||
"repo": "REPO",
|
||||
@@ -384164,7 +384172,14 @@
|
||||
"request": {
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json"
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"name": "Hello-World",
|
||||
"description": "This is your first repo!",
|
||||
"homepage": "https://github.com",
|
||||
"private": false,
|
||||
"is_template": true
|
||||
}
|
||||
},
|
||||
"response": {
|
||||
"statusCode": "201",
|
||||
@@ -391397,6 +391412,11 @@
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"organization": "octocat",
|
||||
"name": "Hello-World",
|
||||
"default_branch_only": true
|
||||
},
|
||||
"parameters": {
|
||||
"owner": "OWNER",
|
||||
"repo": "REPO"
|
||||
|
||||
@@ -85748,6 +85748,10 @@
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"subscribed": true,
|
||||
"ignored": false
|
||||
},
|
||||
"parameters": {
|
||||
"owner": "OWNER",
|
||||
"repo": "REPO"
|
||||
@@ -335631,7 +335635,7 @@
|
||||
"type": "string",
|
||||
"name": "merge_method",
|
||||
"in": "body",
|
||||
"description": "<p>Merge method to use. Possible values are <code>merge</code>, <code>squash</code> or <code>rebase</code>. Default is <code>merge</code>.</p>",
|
||||
"description": "<p>The merge method to use.</p>",
|
||||
"enum": [
|
||||
"merge",
|
||||
"squash",
|
||||
@@ -335642,11 +335646,15 @@
|
||||
"enabledForGitHubApps": true,
|
||||
"codeExamples": [
|
||||
{
|
||||
"key": "default",
|
||||
"key": "response-if-merge-was-successful",
|
||||
"request": {
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"commit_title": "Expand enum",
|
||||
"commit_message": "Add a new value to the merge_method enum"
|
||||
},
|
||||
"parameters": {
|
||||
"owner": "OWNER",
|
||||
"repo": "REPO",
|
||||
@@ -391451,7 +391459,14 @@
|
||||
"request": {
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json"
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"name": "Hello-World",
|
||||
"description": "This is your first repo!",
|
||||
"homepage": "https://github.com",
|
||||
"private": false,
|
||||
"is_template": true
|
||||
}
|
||||
},
|
||||
"response": {
|
||||
"statusCode": "201",
|
||||
@@ -398696,6 +398711,11 @@
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"organization": "octocat",
|
||||
"name": "Hello-World",
|
||||
"default_branch_only": true
|
||||
},
|
||||
"parameters": {
|
||||
"owner": "OWNER",
|
||||
"repo": "REPO"
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -55033,6 +55033,10 @@
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"subscribed": true,
|
||||
"ignored": false
|
||||
},
|
||||
"parameters": {
|
||||
"owner": "OWNER",
|
||||
"repo": "REPO"
|
||||
@@ -286134,7 +286138,7 @@
|
||||
"type": "string",
|
||||
"name": "merge_method",
|
||||
"in": "body",
|
||||
"description": "<p>Merge method to use. Possible values are <code>merge</code>, <code>squash</code> or <code>rebase</code>. Default is <code>merge</code>.</p>",
|
||||
"description": "<p>The merge method to use.</p>",
|
||||
"enum": [
|
||||
"merge",
|
||||
"squash",
|
||||
@@ -286145,11 +286149,15 @@
|
||||
"enabledForGitHubApps": true,
|
||||
"codeExamples": [
|
||||
{
|
||||
"key": "default",
|
||||
"key": "response-if-merge-was-successful",
|
||||
"request": {
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"commit_title": "Expand enum",
|
||||
"commit_message": "Add a new value to the merge_method enum"
|
||||
},
|
||||
"parameters": {
|
||||
"owner": "OWNER",
|
||||
"repo": "REPO",
|
||||
@@ -339637,7 +339645,14 @@
|
||||
"request": {
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json"
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"name": "Hello-World",
|
||||
"description": "This is your first repo!",
|
||||
"homepage": "https://github.com",
|
||||
"private": false,
|
||||
"is_template": true
|
||||
}
|
||||
},
|
||||
"response": {
|
||||
"statusCode": "201",
|
||||
@@ -346899,6 +346914,11 @@
|
||||
"contentType": "application/json",
|
||||
"description": "Example",
|
||||
"acceptHeader": "application/vnd.github.v3+json",
|
||||
"bodyParameters": {
|
||||
"organization": "octocat",
|
||||
"name": "Hello-World",
|
||||
"default_branch_only": true
|
||||
},
|
||||
"parameters": {
|
||||
"owner": "OWNER",
|
||||
"repo": "REPO"
|
||||
|
||||
@@ -86436,6 +86436,14 @@
|
||||
"required": [
|
||||
"limit"
|
||||
]
|
||||
},
|
||||
"examples": {
|
||||
"default": {
|
||||
"value": {
|
||||
"limit": "collaborators_only",
|
||||
"expiry": "one_month"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -260806,6 +260814,15 @@
|
||||
"description": "When forking from an existing repository, fork with only the default branch."
|
||||
}
|
||||
}
|
||||
},
|
||||
"examples": {
|
||||
"default": {
|
||||
"value": {
|
||||
"organization": "octocat",
|
||||
"name": "Hello-World",
|
||||
"default_branch_only": true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -382646,7 +382663,7 @@
|
||||
},
|
||||
"merge_method": {
|
||||
"type": "string",
|
||||
"description": "Merge method to use. Possible values are `merge`, `squash` or `rebase`. Default is `merge`.",
|
||||
"description": "The merge method to use.",
|
||||
"enum": [
|
||||
"merge",
|
||||
"squash",
|
||||
@@ -382654,6 +382671,14 @@
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
"examples": {
|
||||
"response-if-merge-was-successful": {
|
||||
"value": {
|
||||
"commit_title": "Expand enum",
|
||||
"commit_message": "Add a new value to the merge_method enum"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -411487,6 +411512,14 @@
|
||||
"description": "Determines if all notifications should be blocked from this repository."
|
||||
}
|
||||
}
|
||||
},
|
||||
"examples": {
|
||||
"default": {
|
||||
"value": {
|
||||
"subscribed": true,
|
||||
"ignored": false
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -484971,6 +485004,17 @@
|
||||
"name"
|
||||
],
|
||||
"type": "object"
|
||||
},
|
||||
"examples": {
|
||||
"default": {
|
||||
"value": {
|
||||
"name": "Hello-World",
|
||||
"description": "This is your first repo!",
|
||||
"homepage": "https://github.com",
|
||||
"private": false,
|
||||
"is_template": true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -58897,6 +58897,7 @@
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"include_claim_keys": {
|
||||
"description": "Array of unique strings. Each claim key can only contain alphanumeric characters and underscores.",
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "string"
|
||||
@@ -58960,6 +58961,7 @@
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"include_claim_keys": {
|
||||
"description": "Array of unique strings. Each claim key can only contain alphanumeric characters and underscores.",
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "string"
|
||||
@@ -88639,6 +88641,14 @@
|
||||
"required": [
|
||||
"limit"
|
||||
]
|
||||
},
|
||||
"examples": {
|
||||
"default": {
|
||||
"value": {
|
||||
"limit": "collaborators_only",
|
||||
"expiry": "one_month"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -153839,15 +153849,15 @@
|
||||
},
|
||||
"/repos/{owner}/{repo}/actions/oidc/customization/sub": {
|
||||
"get": {
|
||||
"summary": "Get the opt-out flag of an OIDC subject claim customization for a repository",
|
||||
"description": "Gets the `opt-out` flag of a GitHub Actions OpenID Connect (OIDC) subject claim customization for a repository.\nYou must authenticate using an access token with the `repo` scope to use this\nendpoint. GitHub Apps must have the `organization_administration:read` permission to use this endpoint.",
|
||||
"summary": "Get the customization template for an OIDC subject claim for a repository",
|
||||
"description": "Gets the customization template for an OpenID Connect (OIDC) subject claim.\nYou must authenticate using an access token with the `repo` scope to use this\nendpoint. GitHub Apps must have the `organization_administration:read` permission to use this endpoint.",
|
||||
"tags": [
|
||||
"actions"
|
||||
],
|
||||
"operationId": "actions/get-custom-oidc-sub-claim-for-repo",
|
||||
"externalDocs": {
|
||||
"description": "API method documentation",
|
||||
"url": "https://docs.github.com/enterprise-cloud@latest//rest/actions/oidc#get-the-opt-out-flag-of-an-oidc-subject-claim-customization-for-a-repository"
|
||||
"url": "https://docs.github.com/enterprise-cloud@latest//rest/actions/oidc#get-the-customization-template-for-an-oidc-subject-claim-for-a-repository"
|
||||
},
|
||||
"parameters": [
|
||||
{
|
||||
@@ -153875,12 +153885,20 @@
|
||||
"content": {
|
||||
"application/json": {
|
||||
"schema": {
|
||||
"title": "The json payload enables/disables the use of sub claim customization",
|
||||
"description": "OIDC Customer Subject",
|
||||
"title": "Actions OIDC subject customization for a repository",
|
||||
"description": "Actions OIDC subject customization for a repository",
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"use_default": {
|
||||
"description": "Whether to use the default template or not. If `true`, the `include_claim_keys` field is ignored.",
|
||||
"type": "boolean"
|
||||
},
|
||||
"include_claim_keys": {
|
||||
"description": "Array of unique strings. Each claim key can only contain alphanumeric characters and underscores.",
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
},
|
||||
"required": [
|
||||
@@ -153890,7 +153908,11 @@
|
||||
"examples": {
|
||||
"default": {
|
||||
"value": {
|
||||
"use_default": false
|
||||
"use_default": false,
|
||||
"include_claim_keys": [
|
||||
"repo",
|
||||
"context"
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -154003,15 +154025,15 @@
|
||||
}
|
||||
},
|
||||
"put": {
|
||||
"summary": "Set the opt-in flag of an OIDC subject claim customization for a repository",
|
||||
"description": "Sets the `opt-in` or `opt-out` flag of a GitHub Actions OpenID Connect (OIDC) subject claim customization for a repository.\nYou must authenticate using an access token with the `repo` scope to use this\nendpoint. GitHub Apps must have the `actions:write` permission to use this endpoint.",
|
||||
"summary": "Set the customization template for an OIDC subject claim for a repository",
|
||||
"description": "Sets the customization template and `opt-in` or `opt-out` flag for an OpenID Connect (OIDC) subject claim for a repository.\nYou must authenticate using an access token with the `repo` scope to use this\nendpoint. GitHub Apps must have the `actions:write` permission to use this endpoint.",
|
||||
"tags": [
|
||||
"actions"
|
||||
],
|
||||
"operationId": "actions/set-custom-oidc-sub-claim-for-repo",
|
||||
"externalDocs": {
|
||||
"description": "API method documentation",
|
||||
"url": "https://docs.github.com/enterprise-cloud@latest//rest/actions/oidc#set-the-opt-out-flag-of-an-oidc-subject-claim-customization-for-a-repository"
|
||||
"url": "https://docs.github.com/enterprise-cloud@latest//rest/actions/oidc#set-the-customization-template-for-an-oidc-subject-claim-for-a-repository"
|
||||
},
|
||||
"parameters": [
|
||||
{
|
||||
@@ -154038,12 +154060,20 @@
|
||||
"content": {
|
||||
"application/json": {
|
||||
"schema": {
|
||||
"title": "The json payload enables/disables the use of sub claim customization",
|
||||
"description": "OIDC Customer Subject",
|
||||
"title": "Actions OIDC subject customization for a repository",
|
||||
"description": "Actions OIDC subject customization for a repository",
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"use_default": {
|
||||
"description": "Whether to use the default template or not. If `true`, the `include_claim_keys` field is ignored.",
|
||||
"type": "boolean"
|
||||
},
|
||||
"include_claim_keys": {
|
||||
"description": "Array of unique strings. Each claim key can only contain alphanumeric characters and underscores.",
|
||||
"type": "array",
|
||||
"items": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
},
|
||||
"required": [
|
||||
@@ -154053,7 +154083,11 @@
|
||||
"examples": {
|
||||
"default": {
|
||||
"value": {
|
||||
"use_default": false
|
||||
"use_default": false,
|
||||
"include_claim_keys": [
|
||||
"repo",
|
||||
"context"
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -264265,6 +264299,15 @@
|
||||
"description": "When forking from an existing repository, fork with only the default branch."
|
||||
}
|
||||
}
|
||||
},
|
||||
"examples": {
|
||||
"default": {
|
||||
"value": {
|
||||
"organization": "octocat",
|
||||
"name": "Hello-World",
|
||||
"default_branch_only": true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -386105,7 +386148,7 @@
|
||||
},
|
||||
"merge_method": {
|
||||
"type": "string",
|
||||
"description": "Merge method to use. Possible values are `merge`, `squash` or `rebase`. Default is `merge`.",
|
||||
"description": "The merge method to use.",
|
||||
"enum": [
|
||||
"merge",
|
||||
"squash",
|
||||
@@ -386113,6 +386156,14 @@
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
"examples": {
|
||||
"response-if-merge-was-successful": {
|
||||
"value": {
|
||||
"commit_title": "Expand enum",
|
||||
"commit_message": "Add a new value to the merge_method enum"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -414946,6 +414997,14 @@
|
||||
"description": "Determines if all notifications should be blocked from this repository."
|
||||
}
|
||||
}
|
||||
},
|
||||
"examples": {
|
||||
"default": {
|
||||
"value": {
|
||||
"subscribed": true,
|
||||
"ignored": false
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -422062,7 +422121,7 @@
|
||||
}
|
||||
},
|
||||
"400": {
|
||||
"description": "Bad Request",
|
||||
"description": "Bad request",
|
||||
"content": {
|
||||
"application/json": {
|
||||
"schema": {
|
||||
@@ -422151,7 +422210,7 @@
|
||||
}
|
||||
},
|
||||
"429": {
|
||||
"description": "Too Many Requests",
|
||||
"description": "Too many requests",
|
||||
"content": {
|
||||
"application/json": {
|
||||
"schema": {
|
||||
@@ -422249,7 +422308,7 @@
|
||||
},
|
||||
"post": {
|
||||
"summary": "Provision and invite a SCIM user",
|
||||
"description": "Provision organization membership for a user, and send an activation email to the email address.",
|
||||
"description": "Provisions organization membership for a user, and sends an activation email to the email address. If the user was previously a member of the organization, the invitation will reinstate any former privileges that the user had. For more information about reinstating former members, see \"[Reinstating a former member of your organization](https://docs.github.com/enterprise-cloud@latest//organizations/managing-membership-in-your-organization/reinstating-a-former-member-of-your-organization).\"",
|
||||
"tags": [
|
||||
"scim"
|
||||
],
|
||||
@@ -422722,7 +422781,7 @@
|
||||
}
|
||||
},
|
||||
"500": {
|
||||
"description": "Internal Error",
|
||||
"description": "Internal server error",
|
||||
"content": {
|
||||
"application/json": {
|
||||
"schema": {
|
||||
@@ -422900,7 +422959,7 @@
|
||||
}
|
||||
},
|
||||
"400": {
|
||||
"description": "Bad Request",
|
||||
"description": "Bad request",
|
||||
"content": {
|
||||
"application/json": {
|
||||
"schema": {
|
||||
@@ -424670,7 +424729,7 @@
|
||||
}
|
||||
},
|
||||
"400": {
|
||||
"description": "Bad Request",
|
||||
"description": "Bad request",
|
||||
"content": {
|
||||
"application/json": {
|
||||
"schema": {
|
||||
@@ -492607,6 +492666,17 @@
|
||||
"name"
|
||||
],
|
||||
"type": "object"
|
||||
},
|
||||
"examples": {
|
||||
"default": {
|
||||
"value": {
|
||||
"name": "Hello-World",
|
||||
"description": "This is your first repo!",
|
||||
"homepage": "https://github.com",
|
||||
"private": false,
|
||||
"is_template": true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -214906,6 +214906,15 @@
|
||||
"description": "Optional parameter to specify the organization name if forking into an organization."
|
||||
}
|
||||
}
|
||||
},
|
||||
"examples": {
|
||||
"default": {
|
||||
"value": {
|
||||
"organization": "octocat",
|
||||
"name": "Hello-World",
|
||||
"default_branch_only": true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -329415,7 +329424,7 @@
|
||||
},
|
||||
"merge_method": {
|
||||
"type": "string",
|
||||
"description": "Merge method to use. Possible values are `merge`, `squash` or `rebase`. Default is `merge`.",
|
||||
"description": "The merge method to use.",
|
||||
"enum": [
|
||||
"merge",
|
||||
"squash",
|
||||
@@ -329423,6 +329432,14 @@
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
"examples": {
|
||||
"response-if-merge-was-successful": {
|
||||
"value": {
|
||||
"commit_title": "Expand enum",
|
||||
"commit_message": "Add a new value to the merge_method enum"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -356784,6 +356801,14 @@
|
||||
"description": "Determines if all notifications should be blocked from this repository."
|
||||
}
|
||||
}
|
||||
},
|
||||
"examples": {
|
||||
"default": {
|
||||
"value": {
|
||||
"subscribed": true,
|
||||
"ignored": false
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -401099,6 +401124,17 @@
|
||||
"name"
|
||||
],
|
||||
"type": "object"
|
||||
},
|
||||
"examples": {
|
||||
"default": {
|
||||
"value": {
|
||||
"name": "Hello-World",
|
||||
"description": "This is your first repo!",
|
||||
"homepage": "https://github.com",
|
||||
"private": false,
|
||||
"is_template": true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -216831,6 +216831,15 @@
|
||||
"description": "Optional parameter to specify the organization name if forking into an organization."
|
||||
}
|
||||
}
|
||||
},
|
||||
"examples": {
|
||||
"default": {
|
||||
"value": {
|
||||
"organization": "octocat",
|
||||
"name": "Hello-World",
|
||||
"default_branch_only": true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -331519,7 +331528,7 @@
|
||||
},
|
||||
"merge_method": {
|
||||
"type": "string",
|
||||
"description": "Merge method to use. Possible values are `merge`, `squash` or `rebase`. Default is `merge`.",
|
||||
"description": "The merge method to use.",
|
||||
"enum": [
|
||||
"merge",
|
||||
"squash",
|
||||
@@ -331527,6 +331536,14 @@
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
"examples": {
|
||||
"response-if-merge-was-successful": {
|
||||
"value": {
|
||||
"commit_title": "Expand enum",
|
||||
"commit_message": "Add a new value to the merge_method enum"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -359289,6 +359306,14 @@
|
||||
"description": "Determines if all notifications should be blocked from this repository."
|
||||
}
|
||||
}
|
||||
},
|
||||
"examples": {
|
||||
"default": {
|
||||
"value": {
|
||||
"subscribed": true,
|
||||
"ignored": false
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -403466,6 +403491,17 @@
|
||||
"name"
|
||||
],
|
||||
"type": "object"
|
||||
},
|
||||
"examples": {
|
||||
"default": {
|
||||
"value": {
|
||||
"name": "Hello-World",
|
||||
"description": "This is your first repo!",
|
||||
"homepage": "https://github.com",
|
||||
"private": false,
|
||||
"is_template": true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -232058,6 +232058,15 @@
|
||||
"description": "Optional parameter to specify the organization name if forking into an organization."
|
||||
}
|
||||
}
|
||||
},
|
||||
"examples": {
|
||||
"default": {
|
||||
"value": {
|
||||
"organization": "octocat",
|
||||
"name": "Hello-World",
|
||||
"default_branch_only": true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -346738,7 +346747,7 @@
|
||||
},
|
||||
"merge_method": {
|
||||
"type": "string",
|
||||
"description": "Merge method to use. Possible values are `merge`, `squash` or `rebase`. Default is `merge`.",
|
||||
"description": "The merge method to use.",
|
||||
"enum": [
|
||||
"merge",
|
||||
"squash",
|
||||
@@ -346746,6 +346755,14 @@
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
"examples": {
|
||||
"response-if-merge-was-successful": {
|
||||
"value": {
|
||||
"commit_title": "Expand enum",
|
||||
"commit_message": "Add a new value to the merge_method enum"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -374707,6 +374724,14 @@
|
||||
"description": "Determines if all notifications should be blocked from this repository."
|
||||
}
|
||||
}
|
||||
},
|
||||
"examples": {
|
||||
"default": {
|
||||
"value": {
|
||||
"subscribed": true,
|
||||
"ignored": false
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -423939,6 +423964,17 @@
|
||||
"name"
|
||||
],
|
||||
"type": "object"
|
||||
},
|
||||
"examples": {
|
||||
"default": {
|
||||
"value": {
|
||||
"name": "Hello-World",
|
||||
"description": "This is your first repo!",
|
||||
"homepage": "https://github.com",
|
||||
"private": false,
|
||||
"is_template": true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -239447,6 +239447,15 @@
|
||||
"description": "Optional parameter to specify the organization name if forking into an organization."
|
||||
}
|
||||
}
|
||||
},
|
||||
"examples": {
|
||||
"default": {
|
||||
"value": {
|
||||
"organization": "octocat",
|
||||
"name": "Hello-World",
|
||||
"default_branch_only": true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -354145,7 +354154,7 @@
|
||||
},
|
||||
"merge_method": {
|
||||
"type": "string",
|
||||
"description": "Merge method to use. Possible values are `merge`, `squash` or `rebase`. Default is `merge`.",
|
||||
"description": "The merge method to use.",
|
||||
"enum": [
|
||||
"merge",
|
||||
"squash",
|
||||
@@ -354153,6 +354162,14 @@
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
"examples": {
|
||||
"response-if-merge-was-successful": {
|
||||
"value": {
|
||||
"commit_title": "Expand enum",
|
||||
"commit_message": "Add a new value to the merge_method enum"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -382128,6 +382145,14 @@
|
||||
"description": "Determines if all notifications should be blocked from this repository."
|
||||
}
|
||||
}
|
||||
},
|
||||
"examples": {
|
||||
"default": {
|
||||
"value": {
|
||||
"subscribed": true,
|
||||
"ignored": false
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -431836,6 +431861,17 @@
|
||||
"name"
|
||||
],
|
||||
"type": "object"
|
||||
},
|
||||
"examples": {
|
||||
"default": {
|
||||
"value": {
|
||||
"name": "Hello-World",
|
||||
"description": "This is your first repo!",
|
||||
"homepage": "https://github.com",
|
||||
"private": false,
|
||||
"is_template": true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -200536,6 +200536,15 @@
|
||||
"description": "Optional parameter to specify the organization name if forking into an organization."
|
||||
}
|
||||
}
|
||||
},
|
||||
"examples": {
|
||||
"default": {
|
||||
"value": {
|
||||
"organization": "octocat",
|
||||
"name": "Hello-World",
|
||||
"default_branch_only": true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -314993,7 +315002,7 @@
|
||||
},
|
||||
"merge_method": {
|
||||
"type": "string",
|
||||
"description": "Merge method to use. Possible values are `merge`, `squash` or `rebase`. Default is `merge`.",
|
||||
"description": "The merge method to use.",
|
||||
"enum": [
|
||||
"merge",
|
||||
"squash",
|
||||
@@ -315001,6 +315010,14 @@
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
"examples": {
|
||||
"response-if-merge-was-successful": {
|
||||
"value": {
|
||||
"commit_title": "Expand enum",
|
||||
"commit_message": "Add a new value to the merge_method enum"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -342454,6 +342471,14 @@
|
||||
"description": "Determines if all notifications should be blocked from this repository."
|
||||
}
|
||||
}
|
||||
},
|
||||
"examples": {
|
||||
"default": {
|
||||
"value": {
|
||||
"subscribed": true,
|
||||
"ignored": false
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -386544,6 +386569,17 @@
|
||||
"name"
|
||||
],
|
||||
"type": "object"
|
||||
},
|
||||
"examples": {
|
||||
"default": {
|
||||
"value": {
|
||||
"name": "Hello-World",
|
||||
"description": "This is your first repo!",
|
||||
"homepage": "https://github.com",
|
||||
"private": false,
|
||||
"is_template": true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -299,6 +299,7 @@ translations/zh-CN/content/admin/github-actions/getting-started-with-github-acti
|
||||
translations/zh-CN/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise.md,rendering error
|
||||
translations/zh-CN/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md,rendering error
|
||||
translations/zh-CN/content/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise.md,broken liquid tags
|
||||
translations/zh-CN/content/admin/identity-and-access-management/managing-iam-for-your-enterprise/username-considerations-for-external-authentication.md,broken liquid tags
|
||||
translations/zh-CN/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users.md,broken liquid tags
|
||||
translations/zh-CN/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-support-for-your-idps-conditional-access-policy.md,broken liquid tags
|
||||
translations/zh-CN/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/migrating-from-saml-to-oidc.md,broken liquid tags
|
||||
@@ -344,6 +345,7 @@ translations/zh-CN/content/billing/managing-billing-for-your-github-account/view
|
||||
translations/zh-CN/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts.md,rendering error
|
||||
translations/zh-CN/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql.md,rendering error
|
||||
translations/zh-CN/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning.md,rendering error
|
||||
translations/zh-CN/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages.md,broken liquid tags
|
||||
translations/zh-CN/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md,rendering error
|
||||
translations/zh-CN/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/running-codeql-code-scanning-in-a-container.md,broken liquid tags
|
||||
translations/zh-CN/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository.md,rendering error
|
||||
@@ -453,6 +455,7 @@ translations/zh-CN/content/developers/apps/guides/creating-ci-tests-with-the-che
|
||||
translations/zh-CN/content/developers/apps/guides/using-the-github-api-in-your-app.md,rendering error
|
||||
translations/zh-CN/content/developers/overview/about-githubs-apis.md,broken liquid tags
|
||||
translations/zh-CN/content/developers/overview/managing-deploy-keys.md,broken liquid tags
|
||||
translations/zh-CN/content/developers/overview/secret-scanning-partner-program.md,broken liquid tags
|
||||
translations/zh-CN/content/developers/webhooks-and-events/events/issue-event-types.md,broken liquid tags
|
||||
translations/zh-CN/content/developers/webhooks-and-events/webhooks/webhook-events-and-payloads.md,rendering error
|
||||
translations/zh-CN/content/discussions/collaborating-with-your-community-using-discussions/collaborating-with-maintainers-using-discussions.md,broken liquid tags
|
||||
@@ -612,6 +615,8 @@ translations/zh-CN/data/reusables/advanced-security/secret-scanning-push-protect
|
||||
translations/zh-CN/data/reusables/audit_log/audit-log-events-workflows.md,rendering error
|
||||
translations/zh-CN/data/reusables/audit_log/audit_log_sidebar_for_org_admins.md,rendering error
|
||||
translations/zh-CN/data/reusables/audit_log/audit_log_sidebar_for_site_admins.md,rendering error
|
||||
translations/zh-CN/data/reusables/code-scanning/analyze-go.md,broken liquid tags
|
||||
translations/zh-CN/data/reusables/code-scanning/autobuild-add-build-steps.md,broken liquid tags
|
||||
translations/zh-CN/data/reusables/code-scanning/codeql-languages-bullets.md,rendering error
|
||||
translations/zh-CN/data/reusables/code-scanning/codeql-languages-keywords.md,rendering error
|
||||
translations/zh-CN/data/reusables/code-scanning/enterprise-enable-code-scanning.md,broken liquid tags
|
||||
|
||||
|
@@ -302,6 +302,7 @@ translations/pt-BR/content/admin/github-actions/getting-started-with-github-acti
|
||||
translations/pt-BR/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise.md,rendering error
|
||||
translations/pt-BR/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md,rendering error
|
||||
translations/pt-BR/content/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise.md,broken liquid tags
|
||||
translations/pt-BR/content/admin/identity-and-access-management/managing-iam-for-your-enterprise/username-considerations-for-external-authentication.md,broken liquid tags
|
||||
translations/pt-BR/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users.md,broken liquid tags
|
||||
translations/pt-BR/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-support-for-your-idps-conditional-access-policy.md,broken liquid tags
|
||||
translations/pt-BR/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/migrating-from-saml-to-oidc.md,broken liquid tags
|
||||
@@ -341,6 +342,7 @@ translations/pt-BR/content/billing/managing-billing-for-your-github-account/conn
|
||||
translations/pt-BR/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-alerts.md,rendering error
|
||||
translations/pt-BR/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql.md,rendering error
|
||||
translations/pt-BR/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning.md,rendering error
|
||||
translations/pt-BR/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages.md,broken liquid tags
|
||||
translations/pt-BR/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md,rendering error
|
||||
translations/pt-BR/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/running-codeql-code-scanning-in-a-container.md,broken liquid tags
|
||||
translations/pt-BR/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository.md,rendering error
|
||||
@@ -365,7 +367,7 @@ translations/pt-BR/content/code-security/dependabot/working-with-dependabot/mana
|
||||
translations/pt-BR/content/code-security/getting-started/github-security-features.md,rendering error
|
||||
translations/pt-BR/content/code-security/getting-started/securing-your-repository.md,rendering error
|
||||
translations/pt-BR/content/code-security/secret-scanning/about-secret-scanning.md,rendering error
|
||||
translations/pt-BR/content/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories.md,broken liquid tags
|
||||
translations/pt-BR/content/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories.md,rendering error
|
||||
translations/pt-BR/content/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning.md,rendering error
|
||||
translations/pt-BR/content/code-security/secret-scanning/managing-alerts-from-secret-scanning.md,rendering error
|
||||
translations/pt-BR/content/code-security/secret-scanning/protecting-pushes-with-secret-scanning.md,rendering error
|
||||
@@ -442,11 +444,12 @@ translations/pt-BR/content/desktop/contributing-and-collaborating-using-github-d
|
||||
translations/pt-BR/content/developers/apps/building-github-apps/authenticating-with-github-apps.md,rendering error
|
||||
translations/pt-BR/content/developers/apps/building-github-apps/managing-allowed-ip-addresses-for-a-github-app.md,rendering error
|
||||
translations/pt-BR/content/developers/apps/getting-started-with-apps/differences-between-github-apps-and-oauth-apps.md,broken liquid tags
|
||||
translations/pt-BR/content/developers/apps/getting-started-with-apps/setting-up-your-development-environment-to-create-a-github-app.md,broken liquid tags
|
||||
translations/pt-BR/content/developers/apps/guides/creating-ci-tests-with-the-checks-api.md,broken liquid tags
|
||||
translations/pt-BR/content/developers/apps/guides/using-the-github-api-in-your-app.md,broken liquid tags
|
||||
translations/pt-BR/content/developers/apps/getting-started-with-apps/setting-up-your-development-environment-to-create-a-github-app.md,rendering error
|
||||
translations/pt-BR/content/developers/apps/guides/creating-ci-tests-with-the-checks-api.md,rendering error
|
||||
translations/pt-BR/content/developers/apps/guides/using-the-github-api-in-your-app.md,rendering error
|
||||
translations/pt-BR/content/developers/overview/about-githubs-apis.md,broken liquid tags
|
||||
translations/pt-BR/content/developers/overview/managing-deploy-keys.md,broken liquid tags
|
||||
translations/pt-BR/content/developers/overview/secret-scanning-partner-program.md,broken liquid tags
|
||||
translations/pt-BR/content/developers/webhooks-and-events/events/issue-event-types.md,broken liquid tags
|
||||
translations/pt-BR/content/developers/webhooks-and-events/webhooks/webhook-events-and-payloads.md,rendering error
|
||||
translations/pt-BR/content/discussions/collaborating-with-your-community-using-discussions/collaborating-with-maintainers-using-discussions.md,broken liquid tags
|
||||
@@ -616,6 +619,8 @@ translations/pt-BR/data/reusables/advanced-security/secret-scanning-push-protect
|
||||
translations/pt-BR/data/reusables/audit_log/audit-log-events-workflows.md,rendering error
|
||||
translations/pt-BR/data/reusables/audit_log/audit_log_sidebar_for_org_admins.md,rendering error
|
||||
translations/pt-BR/data/reusables/audit_log/audit_log_sidebar_for_site_admins.md,rendering error
|
||||
translations/pt-BR/data/reusables/code-scanning/analyze-go.md,broken liquid tags
|
||||
translations/pt-BR/data/reusables/code-scanning/autobuild-add-build-steps.md,broken liquid tags
|
||||
translations/pt-BR/data/reusables/code-scanning/codeql-languages-bullets.md,rendering error
|
||||
translations/pt-BR/data/reusables/code-scanning/codeql-languages-keywords.md,rendering error
|
||||
translations/pt-BR/data/reusables/code-scanning/enterprise-enable-code-scanning.md,broken liquid tags
|
||||
@@ -638,7 +643,7 @@ translations/pt-BR/data/reusables/codespaces/your-codespaces-procedure-step.md,b
|
||||
translations/pt-BR/data/reusables/dependabot/beta-security-and-version-updates.md,rendering error
|
||||
translations/pt-BR/data/reusables/dependabot/default-dependencies-allow-ignore.md,broken liquid tags
|
||||
translations/pt-BR/data/reusables/dependabot/enabling-disabling-dependency-graph-private-repo.md,rendering error
|
||||
translations/pt-BR/data/reusables/dependabot/enterprise-enable-dependabot.md,broken liquid tags
|
||||
translations/pt-BR/data/reusables/dependabot/enterprise-enable-dependabot.md,rendering error
|
||||
translations/pt-BR/data/reusables/dotcom_billing/actions-packages-report-download-org-account.md,broken liquid tags
|
||||
translations/pt-BR/data/reusables/enterprise-accounts/actions-packages-report-download-enterprise-accounts.md,broken liquid tags
|
||||
translations/pt-BR/data/reusables/enterprise-accounts/billing-microsoft-ea-overview.md,broken liquid tags
|
||||
@@ -678,7 +683,7 @@ translations/pt-BR/data/reusables/secret-scanning/partner-secret-list-private-re
|
||||
translations/pt-BR/data/reusables/secret-scanning/push-protection-web-ui-choice.md,broken liquid tags
|
||||
translations/pt-BR/data/reusables/secret-scanning/secret-list-private-push-protection.md,rendering error
|
||||
translations/pt-BR/data/reusables/security-overview/permissions.md,rendering error
|
||||
translations/pt-BR/data/reusables/support/help_resources.md,broken liquid tags
|
||||
translations/pt-BR/data/reusables/support/help_resources.md,rendering error
|
||||
translations/pt-BR/data/reusables/user-settings/access_applications.md,rendering error
|
||||
translations/pt-BR/data/reusables/user-settings/account_settings.md,rendering error
|
||||
translations/pt-BR/data/reusables/user-settings/appearance-settings.md,rendering error
|
||||
|
||||
|
@@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Considerações de nome de usuário para autenticação externa
|
||||
title: Username considerations for external authentication
|
||||
shortTitle: Username considerations
|
||||
intro: '{% ifversion ghes or ghec %}Quando você usa {% ifversion ghes %}CAS, LDAP ou SAML para autenticação{% elsif ghec %}{% data variables.product.prodname_emus %}{% endif %}, {% endif %}{% data variables.product.product_name %} segue certas regras para determinar o nome de usuário para cada conta de usuário {% ifversion ghec or ghae %}em sua empresa{% elsif ghes %}em sua instância{% endif %}.'
|
||||
intro: '{% ifversion ghes or ghec %}When you use {% ifversion ghes %}CAS, LDAP, or SAML for authentication{% elsif ghec %}{% data variables.product.prodname_emus %}{% endif %}, {% endif %}{% data variables.product.product_name %} follows certain rules to determine the username for each user account {% ifversion ghec or ghae %}in your enterprise{% elsif ghes %}on your instance{% endif %}.'
|
||||
miniTocMaxHeadingLevel: 3
|
||||
versions:
|
||||
ghec: '*'
|
||||
@@ -14,141 +14,144 @@ topics:
|
||||
- Enterprise
|
||||
- Identity
|
||||
- SSO
|
||||
ms.openlocfilehash: 72f83b870e2c0ea13d95511ce4fc000b3ccfcfc5
|
||||
ms.sourcegitcommit: 478f2931167988096ae6478a257f492ecaa11794
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: pt-BR
|
||||
ms.lasthandoff: 09/09/2022
|
||||
ms.locfileid: '147717993'
|
||||
---
|
||||
{% ifversion ghec %} {% note %}
|
||||
|
||||
**Observação:** este artigo se aplica somente ao {% data variables.product.prodname_emus %}. Se você usar {% data variables.product.prodname_ghe_cloud %} sem {% data variables.product.prodname_emus %}, os nomes de usuário serão criados pelos usuários, e não {% data variables.product.prodname_dotcom %}.
|
||||
{% ifversion ghec %}
|
||||
{% note %}
|
||||
|
||||
{% endnote %} {% endif %}
|
||||
**Note:** This article only applies to {% data variables.product.prodname_emus %}. If you use {% data variables.product.prodname_ghe_cloud %} without {% data variables.product.prodname_emus %}, usernames are created by users, not {% data variables.product.prodname_dotcom %}.
|
||||
|
||||
## Sobre nomes de usuário com autenticação externa
|
||||
{% endnote %}
|
||||
{% endif %}
|
||||
|
||||
## About usernames with external authentication
|
||||
|
||||
{% ifversion ghes %}
|
||||
|
||||
Você pode configurar a autenticação externa para {% data variables.product.product_name %} usando CAS, LDAP ou SAML. Para obter mais informações, confira "[Sobre a autenticação em sua empresa](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise#authentication-methods-for-github-enterprise-server)".
|
||||
You can configure external authentication for {% data variables.product.product_name %} using CAS, LDAP, or SAML. For more information, see "[About authentication for your enterprise](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise#authentication-methods-for-github-enterprise-server)."
|
||||
|
||||
Quando você usa a autenticação externa, o {% data variables.product.product_location %} cria automaticamente um nome de usuário para cada pessoa quando ela entra no {% data variables.product.product_location %} por meio do sistema de autenticação externa pela primeira vez.
|
||||
When you use external authentication, {% data variables.product.product_location %} automatically creates a username for each person when the person signs into {% data variables.product.product_location %} through your external authentication system for the first time.
|
||||
|
||||
{% elsif ghec %}
|
||||
|
||||
Se você usar uma empresa com {% data variables.product.prodname_emus %}, os membros da sua empresa se autenticarão para acessar dados do {% data variables.product.prodname_dotcom %} por meio de seu IdP (provedor de identidade) do SAML. Para obter mais informações, confira "[Sobre {% data variables.product.prodname_emus %}](/admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/about-enterprise-managed-users)" e "[Sobre a autenticação para sua empresa](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise#authentication-methods-for-github-enterprise-server)".
|
||||
If you use an enterprise with {% data variables.product.prodname_emus %}, members of your enterprise authenticate to access {% data variables.product.prodname_dotcom %} through your SAML identity provider (IdP). For more information, see "[About {% data variables.product.prodname_emus %}](/admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/about-enterprise-managed-users)" and "[About authentication for your enterprise](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise#authentication-methods-for-github-enterprise-server)."
|
||||
|
||||
O {% data variables.product.product_name %} cria automaticamente um nome de usuário para cada pessoa quando a conta de usuário é provisionada via SCIM, normalizando um identificador fornecido pelo IdP. Se vários identificadores forem normalizados no mesmo nome de usuário, ocorrerá um conflito de nomes de usuário e somente a primeira conta de usuário será criada. Resolva conflitos de nomes de usuário fazendo uma alteração no IdP para que os nomes de usuário normalizados sejam exclusivos.
|
||||
{% data variables.product.product_name %} automatically creates a username for each person when their user account is provisioned via SCIM, by normalizing an identifier provided by your IdP. If multiple identifiers are normalized into the same username, a username conflict occurs, and only the first user account is created. {% data reusables.enterprise-accounts.emu-only-emails-within-the-enterprise-can-conflict %} You can resolve username conflicts by making a change in your IdP so that the normalized usernames will be unique.
|
||||
|
||||
{% elsif ghae %}
|
||||
|
||||
O {% data variables.product.product_name %} usa o SSO do SAML para autenticação e cria automaticamente um nome de usuário para cada pessoa quando a ela entra por meio de seu IdP (provedor de identidade) pela primeira vez.
|
||||
{% data variables.product.product_name %} uses SAML SSO for authentication, and automatically creates a username for each person when the person signs in through your identity provider (IdP) for the first time.
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% ifversion ghec %}
|
||||
## Sobre nomes de usuário no {% data variables.product.prodname_managed_users %}
|
||||
## About usernames for {% data variables.product.prodname_managed_users %}
|
||||
|
||||
Quando o {% data variables.product.prodname_emu_enterprise %} for criado, você escolherá um código curto que será usado como sufixo para os nomes de usuários dos membros da sua empresa. {% data reusables.enterprise-accounts.emu-shortcode %} O usuário de instalação que configura o SSO do SAML tem um nome de usuário no formato **@<em>SHORT-CODE</em>_admin**.
|
||||
When your {% data variables.product.prodname_emu_enterprise %} is created, you will choose a short code that will be used as the suffix for your enterprise members' usernames. {% data reusables.enterprise-accounts.emu-shortcode %} The setup user who configures SAML SSO has a username in the format of **@<em>SHORT-CODE</em>_admin**.
|
||||
|
||||
Quando você provisiona um novo usuário do provedor de identidade, o novo {% data variables.product.prodname_managed_user %} terá um nome de usuário {% data variables.product.prodname_dotcom %} no formato **@<em>IDP-USERNAME</em>_ <em>SHORT-CODE</em>** . O componente <em>IDP-USERNAME</em> é formado pela normalização do valor do atributo `userName` do SCIM enviado pelo IdP.
|
||||
When you provision a new user from your identity provider, the new {% data variables.product.prodname_managed_user %} will have a {% data variables.product.prodname_dotcom %} username in the format of **@<em>IDP-USERNAME</em>_<em>SHORT-CODE</em>**. The <em>IDP-USERNAME</em> component is formed by normalizing the SCIM `userName` attribute value sent from the IdP.
|
||||
|
||||
| Provedor de identidade | Nome de usuário de {% data variables.product.prodname_dotcom %} |
|
||||
| Identity provider | {% data variables.product.prodname_dotcom %} username |
|
||||
|-----------------------------------|----------------------|
|
||||
| Active Directory do Azure (Azure AD) | O _IDP-USERNAME_ é formado pela normalização dos caracteres anteriores ao caractere `@` no UPN (nome UPN), que não inclui o `#EXT#` para contas de convidado. |
|
||||
| Okta | __IDP-USERNAME__ é o atributo de nome de usuário normalizado fornecido pelo IdP. |
|
||||
| Azure Active Directory (Azure AD) | _IDP-USERNAME_ is formed by normalizing the characters preceding the `@` character in the UPN (User Principal Name), which does not include the `#EXT#` for guest accounts. |
|
||||
| Okta | _IDP-USERNAME_ is the normalized username attribute provided by the IdP. |
|
||||
|
||||
Essas regras podem fazer com que seu IdP forneça o mesmo _IDP-USERNAME_ para vários usuários. Por exemplo, no Azure AD, os seguintes UPNs resultarão no mesmo nome de usuário:
|
||||
These rules may result in your IdP providing the same _IDP-USERNAME_ for multiple users. For example, for Azure AD, the following UPNs will result in the same username:
|
||||
|
||||
- `bob@contoso.com`
|
||||
- `bob@fabrikam.com`
|
||||
- `bob#EXT#fabrikamcom@contoso.com`
|
||||
|
||||
Isso causará um conflito de nome de usuário e somente o primeiro usuário será provisionado. Para obter mais informações, confira "[Resolvendo conflitos de nome de usuário](#resolving-username-conflicts)".
|
||||
This will cause a username conflict, and only the first user will be provisioned. For more information, see "[Resolving username conflicts](#resolving-username-conflicts)."
|
||||
{% endif %}
|
||||
|
||||
Nomes de usuário{% ifversion ghec %}, incluindo sublinhado e código curto,{% endif %} não devem exceder 39 caracteres.
|
||||
Usernames{% ifversion ghec %}, including underscore and short code,{% endif %} must not exceed 39 characters.
|
||||
|
||||
## Sobre a normalização de nome de usuário
|
||||
## About username normalization
|
||||
|
||||
Nomes de usuário de contas de usuário no {% ifversion ghes or ghae %}{% data variables.product.product_name %}{% elsif ghec %}{% data variables.product.prodname_dotcom_the_website %}{% endif %} só podem conter caracteres alfanuméricos e traços (`-`).
|
||||
|
||||
{% ifversion ghec %} Quando você configura a autenticação SAML, o {% data variables.product.product_name %} usa o valor do atributo `userName` do SCIM enviado do IdP para determinar o nome de usuário da conta de usuário correspondente no {% data variables.product.prodname_dotcom_the_website %}. Se esse valor incluir caracteres sem suporte, o {% data variables.product.product_name %} normalizará o nome de usuário de acordo com as regras a seguir.
|
||||
{% elsif ghes %} Quando você configura a autenticação por CAS, LDAP ou SAML, o {% data variables.product.product_name %} usa um identificador da conta de usuário em seu provedor de autenticação externo para determinar o nome de usuário da conta de usuário correspondente no {% data variables.product.product_name %}. Se o identificador incluir caracteres sem suporte, o {% data variables.product.product_name %} normalizará o nome de usuário de acordo com as regras a seguir.
|
||||
{% elsif ghae %} Quando você configura a autenticação por SAML, o {% data variables.product.product_name %} usa um identificador da conta de usuário em seu IdP para determinar o nome de usuário da conta de usuário correspondente no {% data variables.product.product_name %}. Se o identificador incluir caracteres sem suporte, o {% data variables.product.product_name %} normalizará o nome de usuário de acordo com as regras a seguir.
|
||||
{% endif %}
|
||||
|
||||
1. O {% data variables.product.product_name %} normalizará qualquer caractere não alfanumérico do nome de usuário da sua conta em um traço. Por exemplo, um nome de usuário `mona.the.octocat` será normalizado como `mona-the-octocat`. Observe que nomes de usuários normalizados também não podem iniciar ou terminar com um traço. Eles também não podem conter dois traços consecutivos.
|
||||
|
||||
1. Nomes de usuário criados com base em endereços de email são criados com caracteres normalizados que precedem o caractere `@`.
|
||||
|
||||
1. Se várias contas forem normalizadas no mesmo nome de usuário do {% data variables.product.product_name %} apenas a primeira conta de usuário será criada. Usuários subsequentes com o mesmo nome de usuário não serão capazes de fazer o login. {% ifversion ghec %}Para obter mais informações, confira "[Resolvendo conflitos de nome de usuário](#resolving-username-conflicts)". {% endif %}
|
||||
|
||||
### Exemplos de normalização de nome de usuário
|
||||
|
||||
| Identificador no provedor | Nome de usuário normalizado no {% data variables.product.prodname_dotcom %} | Result |
|
||||
| :- | :- | :- |
|
||||
| The.Octocat | `the-octocat{% ifversion ghec %}_SHORT-CODE{% endif %}` | Nome de usuário criado com sucesso. |
|
||||
| !The.Octocat | `-the-octocat{% ifversion ghec %}_SHORT-CODE{% endif %}` | Este nome de usuário não é criado, porque começa com um traço. |
|
||||
| The.Octocat! | `the-octocat-{% ifversion ghec %}_SHORT-CODE{% endif %}` | Este nome de usuário não é criado, porque termina com um traço. |
|
||||
| The!!Octocat | `the--octocat{% ifversion ghec %}_SHORT-CODE{% endif %}` | Este nome de usuário não é criado, porque contém dois traços consecutivos. |
|
||||
| The!Octocat | `the-octocat{% ifversion ghec %}_SHORT-CODE{% endif %}` | Este nome de usuário não é criado. Embora o nome de usuário normalizado seja válido, ele já existe. |
|
||||
| `The.Octocat@example.com` | `the-octocat{% ifversion ghec %}_SHORT-CODE{% endif %}` | Este nome de usuário não é criado. Embora o nome de usuário normalizado seja válido, ele já existe. |
|
||||
| `mona.lisa.the.octocat.from.github.united.states@example.com` | `mona-lisa-the-octocat-from-github-united-states{% ifversion ghec %}_SHORT-CODE{% endif %}` | Esse nome de usuário não é criado, pois excede o limite de 39 caracteres. |
|
||||
|
||||
{% ifversion not ghec %}
|
||||
### Sobre a normalização de nome de usuário com o SAML
|
||||
|
||||
{% ifversion ghes %}Se você configurar a autenticação do SAML para {% data variables.product.product_location %}, o {% endif %}{% data variables.product.product_name %} determinará o nome de usuário de cada pessoa por uma das seguintes declarações na resposta SAML, ordenada por prioridade decrescente.
|
||||
|
||||
1. O atributo personalizado `username`, se definido e estiver presente
|
||||
1. Uma declaração `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name`, se presente
|
||||
1. Uma declaração `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress`, se presente
|
||||
1. O elemento `NameID`
|
||||
|
||||
O {% data variables.product.product_name %} exige o elemento `NameID` mesmo se outros atributos estiverem presentes. Para obter mais informações, confira "[Referência de configuração do SAML](/admin/identity-and-access-management/using-saml-for-enterprise-iam/saml-configuration-reference#saml-attributes)".
|
||||
|
||||
O {% data variables.product.product_name %} cria um mapeamento entre o `NameID` do IdP e o nome de usuário {% ifversion ghae %}in{% else %}on{% endif %} {% data variables.product.product_location %}, portanto, a `NameID` devem ser persistente, exclusiva e não sujeita a alterações no ciclo de vida do usuário.
|
||||
|
||||
{% ifversion ghes %} {% note %}
|
||||
|
||||
**Observação**: se a `NameID` de um usuário mudar no IdP, a pessoa verá uma mensagem de erro ao entrar no {% data variables.product.product_location %}. Para restaurar o acesso da pessoa, atualize o mapeamento da `NameID` da conta do usuário. Para obter mais informações, confira "[Como atualizar a `NameID` do SAML de um usuário](/admin/identity-and-access-management/using-saml-for-enterprise-iam/updating-a-users-saml-nameid)".
|
||||
|
||||
{% endnote %} {% endif %} {% endif %}
|
||||
Usernames for user accounts on {% ifversion ghes or ghae %}{% data variables.product.product_name %}{% elsif ghec %}{% data variables.product.prodname_dotcom_the_website %}{% endif %} can only contain alphanumeric characters and dashes (`-`).
|
||||
|
||||
{% ifversion ghec %}
|
||||
## Resolvendo conflitos de nome de usuário
|
||||
When you configure SAML authentication, {% data variables.product.product_name %} uses the SCIM `userName` attribute value sent from the IdP to determine the username for the corresponding user account on {% data variables.product.prodname_dotcom_the_website %}. If this value includes unsupported characters, {% data variables.product.product_name %} will normalize the username per the following rules.
|
||||
{% elsif ghes %}
|
||||
When you configure CAS, LDAP, or SAML authentication, {% data variables.product.product_name %} uses an identifier from the user account on your external authentication provider to determine the username for the corresponding user account on {% data variables.product.product_name %}. If the identifier includes unsupported characters, {% data variables.product.product_name %} will normalize the username per the following rules.
|
||||
{% elsif ghae %}
|
||||
When you configure SAML authentication, {% data variables.product.product_name %} uses an identifier from the user account on your IdP to determine the username for the corresponding user account on {% data variables.product.product_name %}. If the identifier includes unsupported characters, {% data variables.product.product_name %} will normalize the username per the following rules.
|
||||
{% endif %}
|
||||
|
||||
Quando um novo usuário está sendo provisionado e o nome de usuário normalizado entrar em conflito com um usuário existente na empresa, a tentativa de provisionamento falhará com um erro `409`.
|
||||
1. {% data variables.product.product_name %} will normalize any non-alphanumeric character in your account's username into a dash. For example, a username of `mona.the.octocat` will be normalized to `mona-the-octocat`. Note that normalized usernames also can't start or end with a dash. They also can't contain two consecutive dashes.
|
||||
|
||||
Para resolver esse problema, você deve fazer uma alteração no IdP para que os nomes de usuário normalizados sejam exclusivos. Se você não puder alterar o identificador que está sendo normalizado, poderá alterar o mapeamento de atributo para o atributo `userName`. Se você alterar o mapeamento de atributo, os nomes de usuário dos {% data variables.product.prodname_managed_users %} serão atualizados, mas nada mais relativo às contas será alterado, incluindo o histórico de atividades.
|
||||
1. Usernames created from email addresses are created from the normalized characters that precede the `@` character.
|
||||
|
||||
1. If multiple accounts are normalized into the same {% data variables.product.product_name %} username, only the first user account is created. Subsequent users with the same username won't be able to sign in. {% ifversion ghec %}For more information, see "[Resolving username conflicts](#resolving-username-conflicts)."{% endif %}
|
||||
|
||||
### Examples of username normalization
|
||||
|
||||
| Identifier on provider | Normalized username on {% data variables.product.prodname_dotcom %} | Result |
|
||||
| :- | :- | :- |
|
||||
| The.Octocat | `the-octocat{% ifversion ghec %}_SHORT-CODE{% endif %}` | This username is created successfully. |
|
||||
| !The.Octocat | `-the-octocat{% ifversion ghec %}_SHORT-CODE{% endif %}` | This username is not created, because it starts with a dash. |
|
||||
| The.Octocat! | `the-octocat-{% ifversion ghec %}_SHORT-CODE{% endif %}` | This username is not created, because it ends with a dash. |
|
||||
| The!!Octocat | `the--octocat{% ifversion ghec %}_SHORT-CODE{% endif %}` | This username is not created, because it contains two consecutive dashes. |
|
||||
| The!Octocat | `the-octocat{% ifversion ghec %}_SHORT-CODE{% endif %}` | This username is not created. Although the normalized username is valid, it already exists. |
|
||||
| `The.Octocat@example.com` | `the-octocat{% ifversion ghec %}_SHORT-CODE{% endif %}` | This username is not created. Although the normalized username is valid, it already exists. |
|
||||
| `mona.lisa.the.octocat.from.github.united.states@example.com` | `mona-lisa-the-octocat-from-github-united-states{% ifversion ghec %}_SHORT-CODE{% endif %}` | This username is not created, because it exceeds the 39-character limit. |
|
||||
|
||||
{% ifversion not ghec %}
|
||||
### About username normalization with SAML
|
||||
|
||||
{% ifversion ghes %}If you configure SAML authentication for {% data variables.product.product_location %}, {% endif %}{% data variables.product.product_name %} determines each person's username by one of the following assertions in the SAML response, ordered by descending priority.
|
||||
|
||||
1. The custom `username` attribute, if defined and present
|
||||
1. An `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name` assertion, if present
|
||||
1. An `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress` assertion, if present
|
||||
1. The `NameID` element
|
||||
|
||||
{% data variables.product.product_name %} requires the `NameID` element even if other attributes are present. For more information, see "[SAML configuration reference](/admin/identity-and-access-management/using-saml-for-enterprise-iam/saml-configuration-reference#saml-attributes)."
|
||||
|
||||
{% data variables.product.product_name %} creates a mapping between the `NameID` from the IdP and the username {% ifversion ghae %}in{% else %}on{% endif %} {% data variables.product.product_location %}, so the `NameID` should be persistent, unique, and not subject to change for the lifecycle of the user.
|
||||
|
||||
{% ifversion ghes %}
|
||||
{% note %}
|
||||
|
||||
**Note**: If the `NameID` for a user does change on the IdP, the person will see an error message when signing into {% data variables.product.product_location %}. To restore the person's access, you'll need to update the user account's `NameID` mapping. For more information, see "[Updating a user's SAML `NameID`](/admin/identity-and-access-management/using-saml-for-enterprise-iam/updating-a-users-saml-nameid)."
|
||||
|
||||
{% endnote %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% ifversion ghec %}
|
||||
## Resolving username conflicts
|
||||
|
||||
When a new user is being provisioned, if the user's normalized username conflicts with an existing user in the enterprise, the provisioning attempt will fail with a `409` error.
|
||||
|
||||
To resolve this problem, you must make a change in your IdP so that the normalized usernames will be unique. If you cannot change the identifier that's being normalized, you can change the attribute mapping for the `userName` attribute. If you change the attribute mapping, usernames of existing {% data variables.product.prodname_managed_users %} will be updated, but nothing else about the accounts will change, including activity history.
|
||||
|
||||
{% note %}
|
||||
|
||||
**Observação:** {% data variables.contact.github_support %} não pode fornecer assistência para personalizar mapeamentos de atributo nem configurar expressões personalizadas. Entre em contato com seu IdP com qualquer pergunta.
|
||||
**Note:** {% data variables.contact.github_support %} cannot provide assistance with customizing attribute mappings or configuring custom expressions. You can contact your IdP with any questions.
|
||||
|
||||
{% endnote %}
|
||||
|
||||
### Resolvendo conflitos de nome de usuário com o Azure AD
|
||||
### Resolving username conflicts with Azure AD
|
||||
|
||||
Para resolver conflitos de nome de usuário no Azure AD, modifique o valor do nome UPN do usuário conflitante ou modifique o mapeamento de atributo para o atributo `userName`. Se você modificar o mapeamento de atributo, poderá escolher um atributo existente ou usar uma expressão para garantir que todos os usuários provisionados tenham um alias normalizado exclusivo.
|
||||
To resolve username conflicts in Azure AD, either modify the User Principal Name value for the conflicting user or modify the attribute mapping for the `userName` attribute. If you modify the attribute mapping, you can choose an existing attribute or use an expression to ensure that all provisioned users have a unique normalized alias.
|
||||
|
||||
1. No Azure AD, abra o aplicativo {% data variables.product.prodname_emu_idp_application %}.
|
||||
1. Na barra lateral esquerda, clique em **Provisionamento**.
|
||||
1. Clique em **Editar Provisionamento**.
|
||||
1. Expanda **Mapeamentos** e clique em **Provisionar Usuários do Azure Active Directory**.
|
||||
1. Clique no mapeamento do atributo `userName` {% data variables.product.prodname_dotcom %}.
|
||||
1. Altere o mapeamento de atributos.
|
||||
- Para mapear um atributo existente no Azure AD para o atributo `userName` no {% data variables.product.prodname_dotcom %}, clique no campo de atributo desejado. Em seguida, salve e aguarde um ciclo de provisionamento que vai ocorrer em cerca de 40 minutos.
|
||||
- Para usar uma expressão em vez de um atributo existente, altere o tipo de mapeamento para "Expressão" e adicione uma expressão personalizada que tornará esse valor exclusivo para todos os usuários. Por exemplo, você pode usar `[FIRST NAME]-[LAST NAME]-[EMPLOYEE ID]`. Para saber mais, confira [Referência para escrever expressões para mapeamentos de atributo no Azure Active Directory](https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/functions-for-customizing-application-data) no Microsoft Docs.
|
||||
1. In Azure AD, open the {% data variables.product.prodname_emu_idp_application %} application.
|
||||
1. In the left sidebar, click **Provisioning**.
|
||||
1. Click **Edit Provisioning**.
|
||||
1. Expand **Mappings**, then click **Provision Azure Active Directory Users**.
|
||||
1. Click the {% data variables.product.prodname_dotcom %} `userName` attribute mapping.
|
||||
1. Change the attribute mapping.
|
||||
- To map an existing attribute in Azure AD to the `userName` attribute in {% data variables.product.prodname_dotcom %}, click your desired attribute field. Then, save and wait for a provisioning cycle to occur within about 40 minutes.
|
||||
- To use an expression instead of an existing attribute, change the Mapping type to "Expression", then add a custom expression that will make this value unique for all users. For example, you could use `[FIRST NAME]-[LAST NAME]-[EMPLOYEE ID]`. For more information, see [Reference for writing expressions for attribute mappings in Azure Active Directory](https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/functions-for-customizing-application-data) in Microsoft Docs.
|
||||
|
||||
### Resolvendo conflitos de nome de usuário com o Okta
|
||||
### Resolving username conflicts with Okta
|
||||
|
||||
Para resolver conflitos de nome de usuário no Okta, atualize as configurações de mapeamento de atributo para o aplicativo {% data variables.product.prodname_emu_idp_application %}.
|
||||
To resolve username conflicts in Okta, update the attribute mapping settings for the {% data variables.product.prodname_emu_idp_application %} application.
|
||||
|
||||
1. No Okta, abra o aplicativo {% data variables.product.prodname_emu_idp_application %}.
|
||||
1. Clique em **Entrar**.
|
||||
1. Na seção "Configurações", clique em **Editar**.
|
||||
1. Atualize o "Formato de nome de usuário do aplicativo".
|
||||
1. In Okta, open the {% data variables.product.prodname_emu_idp_application %} application.
|
||||
1. Click **Sign On**.
|
||||
1. In the "Settings" section, click **Edit**.
|
||||
1. Update the "Application username format."
|
||||
{% endif %}
|
||||
|
||||
@@ -135,7 +135,7 @@ By default, when an unauthenticated user attempts to access an enterprise that u
|
||||
|
||||
{% data variables.product.product_name %} automatically creates a username for each person by normalizing an identifier provided by your IdP. For more information, see "[Username considerations for external authentication](/admin/identity-and-access-management/managing-iam-for-your-enterprise/username-considerations-for-external-authentication)."
|
||||
|
||||
A conflict may occur when provisioning users if the unique parts of the identifier provided by your IdP are removed during normalization. If you're unable to provision a user due to a username conflict, you should modify the username provided by your IdP. For more information, see "[Resolving username conflicts](/admin/identity-and-access-management/managing-iam-for-your-enterprise/username-considerations-for-external-authentication#resolving-username-conflicts)."
|
||||
A conflict may occur when provisioning users if the unique parts of the identifier provided by your IdP are removed during normalization. {% data reusables.enterprise-accounts.emu-only-emails-within-the-enterprise-can-conflict %} If you're unable to provision a user due to a username conflict, you should modify the username provided by your IdP. For more information, see "[Resolving username conflicts](/admin/identity-and-access-management/managing-iam-for-your-enterprise/username-considerations-for-external-authentication#resolving-username-conflicts)."
|
||||
|
||||
The profile name and email address of a {% data variables.product.prodname_managed_user %} is also provided by the IdP. {% data variables.product.prodname_managed_users_caps %} cannot change their profile name or email address on {% data variables.product.prodname_dotcom %}, and the IdP can only provide a single email address.
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Configuração do fluxo de trabalho do CodeQL para linguagens compiladas
|
||||
title: Configuring the CodeQL workflow for compiled languages
|
||||
shortTitle: Configure compiled languages
|
||||
intro: 'Você pode configurar como o {% data variables.product.prodname_dotcom %} usa o {% data variables.product.prodname_codeql_workflow %} para varrer o código escrito em linguagens compiladas para obter vulnerabilidades e erros.'
|
||||
intro: 'You can configure how {% data variables.product.prodname_dotcom %} uses the {% data variables.product.prodname_codeql_workflow %} to scan code written in compiled languages for vulnerabilities and errors.'
|
||||
product: '{% data reusables.gated-features.code-scanning %}'
|
||||
permissions: 'If you have write permissions to a repository, you can configure {% data variables.product.prodname_code_scanning %} for that repository.'
|
||||
redirect_from:
|
||||
@@ -25,87 +25,89 @@ topics:
|
||||
- C/C++
|
||||
- C#
|
||||
- Java
|
||||
ms.openlocfilehash: c8256eea83b6a30879effc4d7797f2afcbc82e15
|
||||
ms.sourcegitcommit: fcf3546b7cc208155fb8acdf68b81be28afc3d2d
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: pt-BR
|
||||
ms.lasthandoff: 09/10/2022
|
||||
ms.locfileid: '147875685'
|
||||
---
|
||||
{% data reusables.code-scanning.beta %} {% data reusables.code-scanning.enterprise-enable-code-scanning-actions %}
|
||||
|
||||
## Sobre o {% data variables.product.prodname_codeql_workflow %} e linguagens compiladas
|
||||
|
||||
Você configurou {% data variables.product.prodname_dotcom %} para executar {% data variables.product.prodname_code_scanning %} para o seu repositório, adicionando um fluxo de trabalho de {% data variables.product.prodname_actions %} ao repositório. Para {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}, você adiciona o {% data variables.product.prodname_codeql_workflow %}. Para obter mais informações, confira "[Como configurar a {% data variables.product.prodname_code_scanning %} para um repositório](/code-security/secure-coding/setting-up-code-scanning-for-a-repository)".
|
||||
{% data reusables.code-scanning.beta %}
|
||||
{% data reusables.code-scanning.enterprise-enable-code-scanning-actions %}
|
||||
|
||||
{% data reusables.code-scanning.edit-workflow %} Para obter informações gerais sobre como configurar a {% data variables.product.prodname_code_scanning %} e editar arquivos de fluxo de trabalho, confira "[Como configurar a {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/configuring-code-scanning)" e "[Aprenda a usar o {% data variables.product.prodname_actions %}](/actions/learn-github-actions)".
|
||||
## About the {% data variables.product.prodname_codeql_workflow %} and compiled languages
|
||||
|
||||
## Sobre a autobuild para {% data variables.product.prodname_codeql %}
|
||||
You set up {% data variables.product.prodname_dotcom %} to run {% data variables.product.prodname_code_scanning %} for your repository by adding a {% data variables.product.prodname_actions %} workflow to the repository. For {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}, you add the {% data variables.product.prodname_codeql_workflow %}. For more information, see "[Setting up {% data variables.product.prodname_code_scanning %} for a repository](/code-security/secure-coding/setting-up-code-scanning-for-a-repository)."
|
||||
|
||||
A varredura de código funciona executando consultas contra um ou mais bancos de dados. Cada banco de dados contém uma representação de todo o código em uma linguagem única no seu repositório. Para as linguagens compiladas de C/C++, C#, e Java, o processo de preenchimento deste banco de dados envolve a construção do código e extração de dados. {% data reusables.code-scanning.analyze-go %}
|
||||
{% data reusables.code-scanning.edit-workflow %}
|
||||
For general information about configuring {% data variables.product.prodname_code_scanning %} and editing workflow files, see "[Configuring {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/configuring-code-scanning)" and "[Learn {% data variables.product.prodname_actions %}](/actions/learn-github-actions)."
|
||||
|
||||
## About autobuild for {% data variables.product.prodname_codeql %}
|
||||
|
||||
{% data variables.product.prodname_code_scanning_capc %} works by running queries against one or more databases. Each database contains a representation of all of the code in a single language in your repository.
|
||||
For the compiled languages C/C++, C#, and Java, the process of populating this database involves building the code and extracting data. {% data reusables.code-scanning.analyze-go %}
|
||||
|
||||
{% data reusables.code-scanning.autobuild-compiled-languages %}
|
||||
|
||||
Se o fluxo de trabalho usar uma matriz `language`, `autobuild` tentará criar cada uma das linguagens compiladas listadas na matriz. Sem uma matriz, `autobuild` tentará criar a linguagem compilada compatível que tem mais arquivos de origem no repositório. Com exceção de Go, a análise de outras linguagens compatíveis no repositório irá falhar, a menos que você forneça comandos de criação explícitos.
|
||||
If your workflow uses a `language` matrix, `autobuild` attempts to build each of the compiled languages listed in the matrix. Without a matrix `autobuild` attempts to build the supported compiled language that has the most source files in the repository. With the exception of Go, analysis of other compiled languages in your repository will fail unless you supply explicit build commands.
|
||||
|
||||
{% note %}
|
||||
|
||||
{% ifversion ghae %} **Observação**: {% data reusables.actions.self-hosted-runners-software %} {% else %} **Observação**: caso você use executores auto-hospedados para o {% data variables.product.prodname_actions %}, talvez seja necessário instalar um software adicional para usar o processo `autobuild`. Além disso, se seu repositório precisar de uma versão específica de uma ferramenta de criação, talvez seja necessário instalá-lo manualmente. Para obter mais informações, confira "[Especificações para os executores hospedados no {% data variables.product.prodname_dotcom %}](/actions/reference/specifications-for-github-hosted-runners/#supported-software)".
|
||||
{% ifversion ghae %}
|
||||
**Note**: {% data reusables.actions.self-hosted-runners-software %}
|
||||
{% else %}
|
||||
**Note**: If you use self-hosted runners for {% data variables.product.prodname_actions %}, you may need to install additional software to use the `autobuild` process. Additionally, if your repository requires a specific version of a build tool, you may need to install it manually. For more information, see "[Specifications for {% data variables.product.prodname_dotcom %}-hosted runners](/actions/reference/specifications-for-github-hosted-runners/#supported-software)".
|
||||
{% endif %}
|
||||
|
||||
{% endnote %}
|
||||
|
||||
### C/C++
|
||||
|
||||
| Tipo de sistema compatível | Nome do sistema |
|
||||
| Supported system type | System name |
|
||||
|----|----|
|
||||
| Sistema operacional | Windows, macOS e Linux |
|
||||
| Sistema de criação | Windows: MSbuild e scripts de build<br/>Linux e macOS: Autoconf, Make, CMake, qmake, Meson, Waf, SCons, Linux Kbuild e scripts de build |
|
||||
| Operating system | Windows, macOS, and Linux |
|
||||
| Build system | Windows: MSbuild and build scripts<br/>Linux and macOS: Autoconf, Make, CMake, qmake, Meson, Waf, SCons, Linux Kbuild, and build scripts |
|
||||
|
||||
O comportamento da etapa `autobuild` varia de acordo com o sistema operacional em que a extração é executada. No Windows, a etapa `autobuild` tenta fazer a detecção automática de um método de build adequado para C/C++ usando a seguinte abordagem:
|
||||
The behavior of the `autobuild` step varies according to the operating system that the extraction runs on. On Windows, the `autobuild` step attempts to autodetect a suitable build method for C/C++ using the following approach:
|
||||
|
||||
1. Invocar `MSBuild.exe` no arquivo de solução (`.sln`) ou de projeto (`.vcxproj`) mais próximo da raiz.
|
||||
Se `autobuild` detectar vários arquivos de solução ou de projeto na mesma profundidade (mais curta) do diretório de nível superior, ele tentará compilar todos eles.
|
||||
2. Invocar um script parecido com um script de build: _build.bat_, _build.cmd_ e _build.exe_ (nessa ordem).
|
||||
1. Invoke `MSBuild.exe` on the solution (`.sln`) or project (`.vcxproj`) file closest to the root.
|
||||
If `autobuild` detects multiple solution or project files at the same (shortest) depth from the top level directory, it will attempt to build all of them.
|
||||
2. Invoke a script that looks like a build script—_build.bat_, _build.cmd_, _and build.exe_ (in that order).
|
||||
|
||||
No Linux e no macOS, a etapa `autobuild` revisa os arquivos presentes no repositório para determinar o sistema de build usado:
|
||||
On Linux and macOS, the `autobuild` step reviews the files present in the repository to determine the build system used:
|
||||
|
||||
1. Procure um sistema de criação no diretório-raiz.
|
||||
2. Se nenhum for encontrado, procure um diretório único nos subdiretórios com um sistema de criação para C/C++.
|
||||
3. Execute um comando apropriado para configurar o sistema.
|
||||
1. Look for a build system in the root directory.
|
||||
2. If none are found, search subdirectories for a unique directory with a build system for C/C++.
|
||||
3. Run an appropriate command to configure the system.
|
||||
|
||||
### C#
|
||||
|
||||
| Tipo de sistema compatível | Nome do sistema |
|
||||
| Supported system type | System name |
|
||||
|----|----|
|
||||
| Sistema operacional | Windows e Linux |
|
||||
| Sistema de criação | .NET, MSbuild e scripts de criação |
|
||||
| Operating system | Windows and Linux |
|
||||
| Build system | .NET and MSbuild, as well as build scripts |
|
||||
|
||||
O processo `autobuild` tenta fazer a detecção automática de um método de build adequado para C# usando a seguinte abordagem:
|
||||
The `autobuild` process attempts to autodetect a suitable build method for C# using the following approach:
|
||||
|
||||
1. Invocar `dotnet build` no arquivo de solução (`.sln`) ou de projeto (`.csproj`) mais próximo da raiz.
|
||||
2. Invocar `MSbuild` (Linux) ou `MSBuild.exe` (Windows) no arquivo de solução ou de projeto mais próximo da raiz.
|
||||
Se `autobuild` detectar vários arquivos de solução ou de projeto na mesma profundidade (mais curta) do diretório de nível superior, ele tentará compilar todos eles.
|
||||
3. Invocar um script parecido com um script de build: _build_ e _build.sh_ (nessa ordem, para o Linux) ou _build.bat_, _build.cmd_ e _build.exe_ (nessa ordem, para o Windows).
|
||||
1. Invoke `dotnet build` on the solution (`.sln`) or project (`.csproj`) file closest to the root.
|
||||
2. Invoke `MSbuild` (Linux) or `MSBuild.exe` (Windows) on the solution or project file closest to the root.
|
||||
If `autobuild` detects multiple solution or project files at the same (shortest) depth from the top level directory, it will attempt to build all of them.
|
||||
3. Invoke a script that looks like a build script—_build_ and _build.sh_ (in that order, for Linux) or _build.bat_, _build.cmd_, _and build.exe_ (in that order, for Windows).
|
||||
|
||||
### Java
|
||||
|
||||
| Tipo de sistema compatível | Nome do sistema |
|
||||
| Supported system type | System name |
|
||||
|----|----|
|
||||
| Sistema operacional | Windows, macOS e Linux (sem restrição) |
|
||||
| Sistema de criação | Gradle, Maven e Ant |
|
||||
| Operating system | Windows, macOS, and Linux (no restriction) |
|
||||
| Build system | Gradle, Maven and Ant |
|
||||
|
||||
O processo `autobuild` tenta determinar o sistema de build para bases de código Java aplicando esta estratégia:
|
||||
The `autobuild` process tries to determine the build system for Java codebases by applying this strategy:
|
||||
|
||||
1. Procurar um arquivo de criação no diretório-raiz. Verifique o arquivos do Gradle, do Maven e, em seguida, do Ant.
|
||||
2. Execute o primeiro arquivo de criação encontrado. Se os arquivos do Gradle e do Maven estiverem presentes, será usado o arquivo do Gradle.
|
||||
3. Caso contrário, procure arquivos de criação nos subdiretórios diretos do diretório-raiz. Se apenas um subdiretório contiver arquivos de criação, execute o primeiro arquivo identificado nesse subdiretório (usando a mesma preferência de 1). Se mais de um subdiretório conter arquivos de criação, relate um erro.
|
||||
1. Search for a build file in the root directory. Check for Gradle then Maven then Ant build files.
|
||||
2. Run the first build file found. If both Gradle and Maven files are present, the Gradle file is used.
|
||||
3. Otherwise, search for build files in direct subdirectories of the root directory. If only one subdirectory contains build files, run the first file identified in that subdirectory (using the same preference as for 1). If more than one subdirectory contains build files, report an error.
|
||||
|
||||
## Adicionar passos de criação a uma linguagem compilada
|
||||
## Adding build steps for a compiled language
|
||||
|
||||
{% data reusables.code-scanning.autobuild-add-build-steps %} Para obter informações sobre como editar o arquivo de fluxo de trabalho, confira "[Como configurar a {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/configuring-code-scanning#editing-a-code-scanning-workflow)".
|
||||
{% data reusables.code-scanning.autobuild-add-build-steps %} For information on how to edit the workflow file, see "[Configuring {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/configuring-code-scanning#editing-a-code-scanning-workflow)."
|
||||
|
||||
Depois de remover a etapa `autobuild`, remova o comentário da etapa `run` e adicione comandos de build adequados ao seu repositório. A etapa `run` do fluxo de trabalho executa programas de linha de comando usando o shell do sistema operacional. Você pode modificar esses comandos e adicionar mais comandos para personalizar o processo de compilação.
|
||||
After removing the `autobuild` step, uncomment the `run` step and add build commands that are suitable for your repository. The workflow `run` step runs command-line programs using the operating system's shell. You can modify these commands and add more commands to customize the build process.
|
||||
|
||||
``` yaml
|
||||
- run: |
|
||||
@@ -113,9 +115,9 @@ Depois de remover a etapa `autobuild`, remova o comentário da etapa `run` e adi
|
||||
make release
|
||||
```
|
||||
|
||||
Para obter mais informações sobre a palavra-chave `run`, confira "[Sintaxe de fluxo de trabalho do {% data variables.product.prodname_actions %}](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsrun)".
|
||||
For more information about the `run` keyword, see "[Workflow syntax for {% data variables.product.prodname_actions %}](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsrun)."
|
||||
|
||||
Se o repositório contiver várias linguagens compiladas, você poderá especificar comandos de compilação específicos da linguagem. Por exemplo, se o repositório contiver C/C++, C# e Java e `autobuild` compilar corretamente C/C++ e C#, mas não compila Java, você poderá usar a configuração a seguir no seu fluxo de trabalho, após a etapa `init`. Isso especifica as etapas de compilação para Java enquanto ainda usa `autobuild` para C/C++ e C#:
|
||||
If your repository contains multiple compiled languages, you can specify language-specific build commands. For example, if your repository contains C/C++, C# and Java, and `autobuild` correctly builds C/C++ and C# but fails to build Java, you could use the following configuration in your workflow, after the `init` step. This specifies build steps for Java while still using `autobuild` for C/C++ and C#:
|
||||
|
||||
```yaml
|
||||
- if: matrix.language == 'cpp' || matrix.language == 'csharp'
|
||||
@@ -129,8 +131,8 @@ Se o repositório contiver várias linguagens compiladas, você poderá especifi
|
||||
make release
|
||||
```
|
||||
|
||||
Para obter mais informações sobre o condicional `if`, confira "[Sintaxe de fluxo de trabalho do GitHub Actions](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsif)".
|
||||
For more information about the `if` conditional, see "[Workflow syntax for GitHub Actions](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsif)."
|
||||
|
||||
Para obter mais dicas e truques sobre por que o `autobuild` não compilará seu código, confira "[Solução de problemas de fluxo de trabalho do {% data variables.product.prodname_codeql %}](/code-security/secure-coding/troubleshooting-the-codeql-workflow)".
|
||||
For more tips and tricks about why `autobuild` won't build your code, see "[Troubleshooting the {% data variables.product.prodname_codeql %} workflow](/code-security/secure-coding/troubleshooting-the-codeql-workflow)."
|
||||
|
||||
Se você adicionou etapas de criação manual para linguagens compiladas, mas o {% data variables.product.prodname_code_scanning %} ainda não está funcionando no seu repositório, entre em contato com {% data variables.contact.contact_support %}.
|
||||
If you added manual build steps for compiled languages and {% data variables.product.prodname_code_scanning %} is still not working on your repository, contact {% data variables.contact.contact_support %}.
|
||||
|
||||
@@ -57,7 +57,8 @@ Generally, we name our supported ecosystems after the software programming langu
|
||||
- Maven (registry: https://repo.maven.apache.org/maven2)
|
||||
- npm (registry: https://www.npmjs.com/)
|
||||
- NuGet (registry: https://www.nuget.org/)
|
||||
- pip (registry: https://pypi.org/)
|
||||
- pip (registry: https://pypi.org/){% ifversion dependency-graph-dart-support %}
|
||||
- pub (registry: https://pub.dev/packages/registry){% endif %}
|
||||
- RubyGems (registry: https://rubygems.org/)
|
||||
- Rust (registry: https://crates.io/)
|
||||
|
||||
|
||||
@@ -784,15 +784,7 @@ registries:
|
||||
|
||||
### `docker-registry`
|
||||
|
||||
{% data variables.product.prodname_dependabot %} works with container registries that implement the OCI container registry. For more information, see [https://github.com/opencontainers/distribution-spec/blob/main/spec.md](https://github.com/opencontainers/distribution-spec/blob/main/spec.md). {% data variables.product.prodname_dependabot %} supports authentication to private registries via a central service. For further details, see [Token Authentication Specification](https://docs.docker.com/registry/spec/auth/token/) in the Docker documentation.
|
||||
|
||||
We currently support the container registries listed here:
|
||||
|
||||
* Docker Hub
|
||||
* {% data variables.product.company_short %} {% data variables.product.prodname_container_registry %}
|
||||
* GCR (Google Cloud)
|
||||
* Private ECR (AWS) - public ECR support is tracked in [https://github.com/dependabot/dependabot-core/issues/4212](https://github.com/dependabot/dependabot-core/issues/4212).
|
||||
|
||||
{% data variables.product.prodname_dependabot %} works with any container registries that implement the OCI container registry spec. For more information, see [https://github.com/opencontainers/distribution-spec/blob/main/spec.md](https://github.com/opencontainers/distribution-spec/blob/main/spec.md). {% data variables.product.prodname_dependabot %} supports authentication to private registries via a central token service or HTTP Basic Auth. For further details, see [Token Authentication Specification](https://docs.docker.com/registry/spec/auth/token/) in the Docker documentation and [Basic access authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) on Wikipedia.
|
||||
|
||||
The `docker-registry` type supports username and password.
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Programa de verificação de segredo de parceiros
|
||||
intro: 'Como um provedor de serviço, você pode associar-se ao {% data variables.product.prodname_dotcom %} para proteger os seus formatos de token secretos por varredura de segredos, que pesquisa commits acidentais no seu formato secreto e que pode ser enviado para o ponto de extremidade de verificação de um provedor de serviços.'
|
||||
title: Secret scanning partner program
|
||||
intro: 'As a service provider, you can partner with {% data variables.product.prodname_dotcom %} to have your secret token formats secured through secret scanning, which searches for accidental commits of your secret format and can be sent to a service provider''s verify endpoint.'
|
||||
miniTocMaxHeadingLevel: 3
|
||||
redirect_from:
|
||||
- /partnerships/token-scanning
|
||||
@@ -12,113 +12,146 @@ versions:
|
||||
topics:
|
||||
- API
|
||||
shortTitle: Secret scanning
|
||||
ms.openlocfilehash: f935b849bb43e99fd3959db3920fd4d632bf54f7
|
||||
ms.sourcegitcommit: fb047f9450b41b24afc43d9512a5db2a2b750a2a
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: pt-BR
|
||||
ms.lasthandoff: 09/11/2022
|
||||
ms.locfileid: '145093903'
|
||||
---
|
||||
O {% data variables.product.prodname_dotcom %} faz a varredura de repositórios de formatos secretos conhecidos para evitar uso fraudulento de credenciais confirmadas acidentalmente. {% data variables.product.prodname_secret_scanning_caps %} acontece por padrão em repositórios públicos e pode ser habilitado em repositórios privados por administradores de repositório ou proprietários da organização. Como provedor de serviço, você pode fazer parcerias com {% data variables.product.prodname_dotcom %} para que seus formatos de segredo estejam incluídos em nosso {% data variables.product.prodname_secret_scanning %}.
|
||||
|
||||
Quando uma correspondência do seu formato secreto é encontrada em um repositório público, uma carga é enviada para um ponto de extremidade HTTP de sua escolha.
|
||||
{% data variables.product.prodname_dotcom %} scans repositories for known secret formats to prevent fraudulent use of credentials that were committed accidentally. {% data variables.product.prodname_secret_scanning_caps %} happens by default on public repositories, and can be enabled on private repositories by repository administrators or organization owners. As a service provider, you can partner with {% data variables.product.prodname_dotcom %} so that your secret formats are included in our {% data variables.product.prodname_secret_scanning %}.
|
||||
|
||||
Quando uma correspondência do formato secreto é encontrada em um repositório privado configurado para {% data variables.product.prodname_secret_scanning %}, os administradores do repositório e o committer são alertados e podem visualizar e gerenciar o resultado {% data variables.product.prodname_secret_scanning %} em {% data variables.product.prodname_dotcom %}. Para obter mais informações, confira "[Como gerenciar alertas da {% data variables.product.prodname_secret_scanning %}](/github/administering-a-repository/managing-alerts-from-secret-scanning)".
|
||||
When a match of your secret format is found in a public repository, a payload is sent to an HTTP endpoint of your choice.
|
||||
|
||||
Este artigo descreve como você pode fazer parceria com {% data variables.product.prodname_dotcom %} como um provedor de serviço e juntar-se ao programa de parceiro de {% data variables.product.prodname_secret_scanning %}.
|
||||
When a match of your secret format is found in a private repository configured for {% data variables.product.prodname_secret_scanning %}, then repository admins and the committer are alerted and can view and manage the {% data variables.product.prodname_secret_scanning %} result on {% data variables.product.prodname_dotcom %}. For more information, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/github/administering-a-repository/managing-alerts-from-secret-scanning)."
|
||||
|
||||
## O processo de {% data variables.product.prodname_secret_scanning %}
|
||||
This article describes how you can partner with {% data variables.product.prodname_dotcom %} as a service provider and join the {% data variables.product.prodname_secret_scanning %} partner program.
|
||||
|
||||
#### Como {% data variables.product.prodname_secret_scanning %} funciona em um repositório público
|
||||
## The {% data variables.product.prodname_secret_scanning %} process
|
||||
|
||||
O diagrama a seguir resume o processo de {% data variables.product.prodname_secret_scanning %} para repositórios públicos, com qualquer correspondência enviada para o ponto de extremidade de verificação de um provedor de serviços.
|
||||
#### How {% data variables.product.prodname_secret_scanning %} works in a public repository
|
||||
|
||||
|
||||
The following diagram summarizes the {% data variables.product.prodname_secret_scanning %} process for public repositories, with any matches sent to a service provider's verify endpoint.
|
||||
|
||||
## Juntando-se ao programa de {% data variables.product.prodname_secret_scanning %} em {% data variables.product.prodname_dotcom %}
|
||||
|
||||
|
||||
1. Entre em contato com {% data variables.product.prodname_dotcom %} para dar início ao processo.
|
||||
1. Identifique os segredos relevantes cuja varredura você deseja realizar e crie expressões regulares para capturá-los.
|
||||
1. Para correspondências de segredos encontradas em repositórios públicos, crie um serviço de alerta de segredo que aceite webhooks de {% data variables.product.prodname_dotcom %} que contenham a carga da mensagem de {% data variables.product.prodname_secret_scanning %}.
|
||||
1. Implemente a verificação de assinatura em seu serviço de alerta secreto.
|
||||
1. Implemente revogação do segredo e notificação do usuário no seu serviço de alerta secreto.
|
||||
1. Fornece feedback sobre falsos positivos (opcional).
|
||||
## Joining the {% data variables.product.prodname_secret_scanning %} program on {% data variables.product.prodname_dotcom %}
|
||||
|
||||
### Entre em contato com {% data variables.product.prodname_dotcom %} para dar início ao processo
|
||||
1. Contact {% data variables.product.prodname_dotcom %} to get the process started.
|
||||
1. Identify the relevant secrets you want to scan for and create regular expressions to capture them.
|
||||
1. For secret matches found in public repositories, create a secret alert service which accepts webhooks from {% data variables.product.prodname_dotcom %} that contain the {% data variables.product.prodname_secret_scanning %} message payload.
|
||||
1. Implement signature verification in your secret alert service.
|
||||
1. Implement secret revocation and user notification in your secret alert service.
|
||||
1. Provide feedback for false positives (optional).
|
||||
|
||||
Para iniciar o processo de registro, envie um email para <a href="mailto:secret-scanning@github.com">secret-scanning@github.com</a>.
|
||||
### Contact {% data variables.product.prodname_dotcom %} to get the process started
|
||||
|
||||
Você receberá detalhes do programa de {% data variables.product.prodname_secret_scanning %} e você precisará aceitar os termos de participação de {% data variables.product.prodname_dotcom %} antes de prosseguir.
|
||||
To get the enrollment process started, email <a href="mailto:secret-scanning@github.com">secret-scanning@github.com</a>.
|
||||
|
||||
### Identifique seus segredos e crie expressões regulares
|
||||
You will receive details on the {% data variables.product.prodname_secret_scanning %} program, and you will need to agree to {% data variables.product.prodname_dotcom %}'s terms of participation before proceeding.
|
||||
|
||||
Para fazer a varredura dos seus segredos, {% data variables.product.prodname_dotcom %} precisa das informações a seguir para cada segredo que você deseja que seja incluído no programa {% data variables.product.prodname_secret_scanning %}:
|
||||
### Identify your secrets and create regular expressions
|
||||
|
||||
* Um nome único e legível para o tipo do segredo. Usaremos isso para gerar o valor `Type` no conteúdo da mensagem posteriormente.
|
||||
* Uma expressão regular que encontra o tipo do segredo. Seja o mais preciso possível, pois isso reduzirá o número de falsos positivos.
|
||||
* A URL do ponto de extremidade que recebe mensagens de {% data variables.product.prodname_dotcom %}. Isso não precisa ser único para cada tipo de segredo.
|
||||
To scan for your secrets, {% data variables.product.prodname_dotcom %} needs the following pieces of information for each secret that you want included in the {% data variables.product.prodname_secret_scanning %} program:
|
||||
|
||||
Envie essas informações para <a href="mailto:secret-scanning@github.com">secret-scanning@github.com</a>.
|
||||
* A unique, human readable name for the secret type. We'll use this to generate the `Type` value in the message payload later.
|
||||
* A regular expression which finds the secret type. Be as precise as possible, because this will reduce the number of false positives.
|
||||
* The URL of the endpoint that receives messages from {% data variables.product.prodname_dotcom %}. This does not have to be unique for each secret type.
|
||||
|
||||
### Crie um serviço de alerta secreto
|
||||
Send this information to <a href="mailto:secret-scanning@github.com">secret-scanning@github.com</a>.
|
||||
|
||||
Crie um ponto de extremidade HTTP público e acessível à internet na URL que você nos forneceu. Quando uma correspondência da expressão regular for encontrada em um repositório público, o {% data variables.product.prodname_dotcom %} enviará uma mensagem HTTP `POST` ao seu ponto de extremidade.
|
||||
### Create a secret alert service
|
||||
|
||||
#### Exemplo de POST enviado para seu ponto de extremidade
|
||||
Create a public, internet accessible HTTP endpoint at the URL you provided to us. When a match of your regular expression is found in a public repository, {% data variables.product.prodname_dotcom %} will send an HTTP `POST` message to your endpoint.
|
||||
|
||||
```http
|
||||
POST / HTTP/2
|
||||
Host: HOST
|
||||
Accept: */*
|
||||
Content-Type: application/json
|
||||
GITHUB-PUBLIC-KEY-IDENTIFIER: 90a421169f0a406205f1563a953312f0be898d3c7b6c06b681aa86a874555f4a
|
||||
GITHUB-PUBLIC-KEY-SIGNATURE: MEQCIA6C6L8ZYvZnqgV0zwrrmRab10QmIFV396gsba/WYm9oAiAI6Q+/jNaWqkgG5YhaWshTXbRwIgqIK6Ru7LxVYDbV5Q==
|
||||
Content-Length: 0123
|
||||
#### Example request body
|
||||
|
||||
[{"token":"NMIfyYncKcRALEXAMPLE","type":"mycompany_api_token","url":"https://github.com/octocat/Hello-World/blob/12345600b9cbe38a219f39a9941c9319b600c002/foo/bar.txt"}]
|
||||
```json
|
||||
[
|
||||
{
|
||||
"token":"NMIfyYncKcRALEXAMPLE",
|
||||
"type":"mycompany_api_token",
|
||||
"url":"https://github.com/octocat/Hello-World/blob/12345600b9cbe38a219f39a9941c9319b600c002/foo/bar.txt",
|
||||
"source":"content"
|
||||
}
|
||||
]
|
||||
```
|
||||
|
||||
O corpo da mensagem é um array do JSON que contém um ou mais objetos com o seguinte conteúdo. Quando várias correspondências forem encontradas, o {% data variables.product.prodname_dotcom %} pode enviar uma única mensagem com mais de uma correspondência secreta. Seu ponto de extremidade deve ser capaz de lidar com solicitações com um grande número de correspondências sem exceder o tempo.
|
||||
The message body is a JSON array that contains one or more objects, with each object representing a single secret match. Your endpoint should be able to handle requests with a large number of matches without timing out. The keys for each secret match are:
|
||||
|
||||
* **Token**: o valor da correspondência de segredos.
|
||||
* **Tipo**: o nome exclusivo que você forneceu para identificar a expressão regular.
|
||||
* **URL**: a URL de commit pública em que a correspondência foi encontrada.
|
||||
* **token**: The value of the secret match.
|
||||
* **type**: The unique name you provided to identify your regular expression.
|
||||
* **url**: The public URL where the match was found (may be empty)
|
||||
* **source**: Where the token was found on {% data variables.product.prodname_dotcom %}.
|
||||
|
||||
### Implemente a verificação de assinatura em seu serviço de alerta secreto
|
||||
The list of valid values for `source` are:
|
||||
|
||||
É altamente recomendável que você implemente a validação da assinatura no seu serviço de alerta de segredo para garantir que as mensagens que você recebe sejam genuinamente de {% data variables.product.prodname_dotcom %} e não sejam maliciosas.
|
||||
* content
|
||||
* commit
|
||||
* pull_request_description
|
||||
* pull_request_comment
|
||||
* issue_description
|
||||
* issue_comment
|
||||
* discussion_body
|
||||
* discussion_comment
|
||||
* commit_comment
|
||||
* gist_content
|
||||
* gist_comment
|
||||
* unknown
|
||||
|
||||
Recupere a chave pública da verificação de segredos do {% data variables.product.prodname_dotcom %} de https://api.github.com/meta/public_keys/secret_scanning e valide a mensagem usando o algoritmo `ECDSA-NIST-P256V1-SHA256`.
|
||||
### Implement signature verification in your secret alert service
|
||||
|
||||
The HTTP request to your service will also contain headers that we strongly recommend using
|
||||
to validate the messages you receive are genuinely from {% data variables.product.prodname_dotcom %}, and are not malicious.
|
||||
|
||||
The two HTTP headers to look for are:
|
||||
|
||||
* `GITHUB-PUBLIC-KEY-IDENTIFIER`: Which `key_identifier` to use from our API
|
||||
* `GITHUB-PUBLIC-KEY-SIGNATURE`: Signature of the payload
|
||||
|
||||
You can retrieve the {% data variables.product.prodname_dotcom %} secret scanning public key from https://api.github.com/meta/public_keys/secret_scanning and validate the message using the `ECDSA-NIST-P256V1-SHA256` algorithm. The endpoint
|
||||
will provide several `key_identifier` and public keys. You can determine which public
|
||||
key to use based on the value of `GITHUB-PUBLIC-KEY-IDENTIFIER`.
|
||||
|
||||
{% note %}
|
||||
|
||||
**Observação**: quando você enviar uma solicitação ao ponto de extremidade da chave pública acima, poderá atingir limites de taxa. Para evitar atingir os limites de velocidade, você pode usar um token de acesso pessoal (sem escopos obrigatórios) como sugerido nas amostras abaixo, ou usar uma solicitação condicional. Para obter mais informações, confira "[Introdução à API REST](/rest/guides/getting-started-with-the-rest-api#conditional-requests)".
|
||||
**Note**: When you send a request to the public key endpoint above, you may hit rate limits. To avoid hitting rate limits, you can use a personal access token (no scopes required) as suggested in the samples below, or use a conditional request. For more information, see "[Getting started with the REST API](/rest/guides/getting-started-with-the-rest-api#conditional-requests)."
|
||||
|
||||
{% endnote %}
|
||||
|
||||
Supondo que você receba a mensagem a seguir, os trechos de código abaixo demonstram como você poderia efetuar a validação da assinatura.
|
||||
Os snippets de código pressupõem que você tenha definido uma variável de ambiente chamada `GITHUB_PRODUCTION_TOKEN` com um PAT gerado (https://github.com/settings/tokens) para evitar atingir os limites de taxa). O PAT não precisa de escopos/permissões.
|
||||
|
||||
{% note %}
|
||||
|
||||
**Observação**: a assinatura foi gerada usando o corpo da mensagem bruta. Portanto, é importante que você também use o texto da mensagem não processada para validação da assinatura, em vez de analisar e criar strings do JSON a fim de evitar reorganizar a mensagem ou mudar de espaçamento.
|
||||
**Note**: The signature was generated using the raw message body. So it's important you also use the raw message body for signature validation, instead of parsing and stringifying the JSON, to avoid rearranging the message or changing spacing.
|
||||
|
||||
{% endnote %}
|
||||
|
||||
**Mensagem de exemplo enviada para verificar o ponto de extremidade**
|
||||
**Sample HTTP POST sent to verify endpoint**
|
||||
|
||||
```http
|
||||
POST / HTTP/2
|
||||
Host: HOST
|
||||
Accept: */*
|
||||
content-type: application/json
|
||||
GITHUB-PUBLIC-KEY-IDENTIFIER: 90a421169f0a406205f1563a953312f0be898d3c7b6c06b681aa86a874555f4a
|
||||
GITHUB-PUBLIC-KEY-SIGNATURE: MEUCIQDKZokqnCjrRtw0tni+2Ltvl/uiMJ1EGumEsp1BsNr32AIgQY1YXD2nlj+XNfGK4rBfkMJ1JDOQcYXxa2sY8FNkrKc=
|
||||
Content-Length: 0000
|
||||
GITHUB-PUBLIC-KEY-IDENTIFIER: f9525bf080f75b3506ca1ead061add62b8633a346606dc5fe544e29231c6ee0d
|
||||
GITHUB-PUBLIC-KEY-SIGNATURE: MEUCIFLZzeK++IhS+y276SRk2Pe5LfDrfvTXu6iwKKcFGCrvAiEAhHN2kDOhy2I6eGkOFmxNkOJ+L2y8oQ9A2T9GGJo6WJY=
|
||||
Content-Length: 83
|
||||
|
||||
[{"token":"some_token","type":"some_type","url":"some_url"}]
|
||||
[{"token":"some_token","type":"some_type","url":"some_url","source":"some_source"}]
|
||||
```
|
||||
|
||||
**Exemplo de validação no Go**
|
||||
{% note %}
|
||||
|
||||
**Note**: The key id and signature from the example payload is derived from a test key.
|
||||
The public key for them is:
|
||||
|
||||
```
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsz9ugWDj5jK5ELBK42ynytbo38gP
|
||||
HzZFI03Exwz8Lh/tCfL3YxwMdLjB+bMznsanlhK0RwcGP3IDb34kQDIo3Q==
|
||||
-----END PUBLIC KEY-----
|
||||
```
|
||||
|
||||
{% endnote %}
|
||||
|
||||
The following code snippets demonstrate how you could perform signature validation.
|
||||
The code examples assume you've set an environment variable called `GITHUB_PRODUCTION_TOKEN` with a generated [personal access token](https://github.com/settings/tokens) (PAT) to avoid hitting rate limits. The PAT does not need any scopes/permissions.
|
||||
|
||||
**Validation sample in Go**
|
||||
```golang
|
||||
package main
|
||||
|
||||
@@ -138,11 +171,11 @@ import (
|
||||
)
|
||||
|
||||
func main() {
|
||||
payload := `[{"token":"some_token","type":"some_type","url":"some_url"}]`
|
||||
payload := `[{"token":"some_token","type":"some_type","url":"some_url","source":"some_source"}]`
|
||||
|
||||
kID := "90a421169f0a406205f1563a953312f0be898d3c7b6c06b681aa86a874555f4a"
|
||||
kID := "f9525bf080f75b3506ca1ead061add62b8633a346606dc5fe544e29231c6ee0d"
|
||||
|
||||
kSig := "MEUCIQDKZokqnCjrRtw0tni+2Ltvl/uiMJ1EGumEsp1BsNr32AIgQY1YXD2nlj+XNfGK4rBfkMJ1JDOQcYXxa2sY8FNkrKc="
|
||||
kSig := "MEUCIFLZzeK++IhS+y276SRk2Pe5LfDrfvTXu6iwKKcFGCrvAiEAhHN2kDOhy2I6eGkOFmxNkOJ+L2y8oQ9A2T9GGJo6WJY="
|
||||
|
||||
// Fetch the list of GitHub Public Keys
|
||||
req, err := http.NewRequest("GET", "https://api.github.com/meta/public_keys/secret_scanning", nil)
|
||||
@@ -248,7 +281,7 @@ type asn1Signature struct {
|
||||
}
|
||||
```
|
||||
|
||||
**Exemplo de validação no Ruby**
|
||||
**Validation sample in Ruby**
|
||||
```ruby
|
||||
require 'openssl'
|
||||
require 'net/http'
|
||||
@@ -257,14 +290,14 @@ require 'json'
|
||||
require 'base64'
|
||||
|
||||
payload = <<-EOL
|
||||
[{"token":"some_token","type":"some_type","url":"some_url"}]
|
||||
[{"token":"some_token","type":"some_type","url":"some_url","source":"some_source"}]
|
||||
EOL
|
||||
|
||||
payload = payload
|
||||
|
||||
signature = "MEUCIQDKZokqnCjrRtw0tni+2Ltvl/uiMJ1EGumEsp1BsNr32AIgQY1YXD2nlj+XNfGK4rBfkMJ1JDOQcYXxa2sY8FNkrKc="
|
||||
signature = "MEUCIFLZzeK++IhS+y276SRk2Pe5LfDrfvTXu6iwKKcFGCrvAiEAhHN2kDOhy2I6eGkOFmxNkOJ+L2y8oQ9A2T9GGJo6WJY="
|
||||
|
||||
key_id = "90a421169f0a406205f1563a953312f0be898d3c7b6c06b681aa86a874555f4a"
|
||||
key_id = "f9525bf080f75b3506ca1ead061add62b8633a346606dc5fe544e29231c6ee0d"
|
||||
|
||||
url = URI.parse('https://api.github.com/meta/public_keys/secret_scanning')
|
||||
|
||||
@@ -288,7 +321,7 @@ openssl_key = OpenSSL::PKey::EC.new(current_key)
|
||||
puts openssl_key.verify(OpenSSL::Digest::SHA256.new, Base64.decode64(signature), payload.chomp)
|
||||
```
|
||||
|
||||
**Exemplo de validação no JavaScript**
|
||||
**Validation sample in JavaScript**
|
||||
```js
|
||||
const crypto = require("crypto");
|
||||
const axios = require("axios");
|
||||
@@ -330,17 +363,17 @@ const verify_signature = async (payload, signature, keyID) => {
|
||||
};
|
||||
```
|
||||
|
||||
### Implemente revogação do segredo e notificação do usuário no seu serviço de alerta secreto
|
||||
### Implement secret revocation and user notification in your secret alert service
|
||||
|
||||
Para {% data variables.product.prodname_secret_scanning %} em repositórios públicos, você pode melhorar o seu serviço de alerta de segredo para revogar os segredos expostos e notificar os usuários afetados. Você define como implementa isso no seu serviço de alerta de segredo, mas recomendamos considerar qualquer segredo que {% data variables.product.prodname_dotcom %} envie mensagens de que é público e que está comprometido.
|
||||
For {% data variables.product.prodname_secret_scanning %} in public repositories, you can enhance your secret alert service to revoke the exposed secrets and notify the affected users. How you implement this in your secret alert service is up to you, but we recommend considering any secrets that {% data variables.product.prodname_dotcom %} sends you messages about as public and compromised.
|
||||
|
||||
### Fornece feedback sobre falsos positivos
|
||||
### Provide feedback for false positives
|
||||
|
||||
Coletamos feedback sobre a validade dos segredos individuais detectados nas respostas do parceiro. Caso deseje participar, envie-nos um email para <a href="mailto:secret-scanning@github.com">secret-scanning@github.com</a>.
|
||||
We collect feedback on the validity of the detected individual secrets in partner responses. If you wish to take part, email us at <a href="mailto:secret-scanning@github.com">secret-scanning@github.com</a>.
|
||||
|
||||
Quando relatamos segredos para você, enviamos uma matriz JSON com cada elemento que contém o token, o identificador de tipo e a URL dp commit. Quando você nos envia feedback, você nos envia informações sobre se o token detectado era uma credencial real ou falsa. Aceitamos comentários nos seguintes formatos.
|
||||
When we report secrets to you, we send a JSON array with each element containing the token, type identifier, and commit URL. When you send us feedback, you send us information about whether the detected token was a real or false credential. We accept feedback in the following formats.
|
||||
|
||||
Você pode nos enviar o token não processado:
|
||||
You can send us the raw token:
|
||||
|
||||
```
|
||||
[
|
||||
@@ -351,7 +384,7 @@ Você pode nos enviar o token não processado:
|
||||
}
|
||||
]
|
||||
```
|
||||
Você também pode fornecer o token em forma de hash após executar uma única forma de hash criptográfico do token não processado usando SHA-256:
|
||||
You may also provide the token in hashed form after performing a one way cryptographic hash of the raw token using SHA-256:
|
||||
|
||||
```
|
||||
[
|
||||
@@ -362,13 +395,13 @@ Você também pode fornecer o token em forma de hash após executar uma única f
|
||||
}
|
||||
]
|
||||
```
|
||||
Alguns pontos importantes:
|
||||
- Você deve enviar-nos apenas a forma não processada do token ("token_raw"), ou a forma em hash ("token_hash"), mas não ambos.
|
||||
- Para a forma de hash do token não processado, você só pode usar SHA-256 para armazenar o token, e não qualquer outro algoritmo de hashing.
|
||||
- A etiqueta indica se o token é verdadeiro ("true_positive") ou um falso positivo ("false_positive"). São permitidas apenas essas duas strings literais minúsculas.
|
||||
A few important points:
|
||||
- You should only send us either the raw form of the token ("token_raw"), or the hashed form ("token_hash"), but not both.
|
||||
- For the hashed form of the raw token, you can only use SHA-256 to hash the token, not any other hashing algorithm.
|
||||
- The label indicates whether the token is a true ("true_positive") or a false positive ("false_positive"). Only these two lowercased literal strings are allowed.
|
||||
|
||||
{% note %}
|
||||
|
||||
**Observação:** nosso tempo limite de solicitação está definido para ser maior (ou seja, 30 segundos) para os parceiros que fornecem dados sobre falsos positivos. Caso você precise de um tempo limite superior a 30 segundos, envie-nos um email para <a href="mailto:secret-scanning@github.com">secret-scanning@github.com</a>.
|
||||
**Note:** Our request timeout is set to be higher (that is, 30 seconds) for partners who provide data about false positives. If you require a timeout higher than 30 seconds, email us at <a href="mailto:secret-scanning@github.com">secret-scanning@github.com</a>.
|
||||
|
||||
{% endnote %}
|
||||
|
||||
@@ -95,7 +95,7 @@ You can also find the node ID of all projects in your organization. The followin
|
||||
curl --request POST \
|
||||
--url https://api.github.com/graphql \
|
||||
--header 'Authorization: Bearer TOKEN' \
|
||||
--data '{"query":"{organization(login: \"ORGANIZATION") {projectsV2(first: 20) {nodes {id title}}}}"}'
|
||||
--data '{"query":"{organization(login: \"ORGANIZATION\") {projectsV2(first: 20) {nodes {id title}}}}"}'
|
||||
```
|
||||
{% endcurl %}
|
||||
|
||||
@@ -566,7 +566,7 @@ The following example will update the value of a text field for an item. Replace
|
||||
curl --request POST \
|
||||
--url https://api.github.com/graphql \
|
||||
--header 'Authorization: Bearer TOKEN' \
|
||||
--data '{"query":"mutation {updateProjectV2ItemFieldValue( input: { projectId: "PROJECT_ID" itemId: "ITEM_ID" fieldId: "FIELD_ID" value: { text: "Updated text" }}) { projectV2Item { id }}}"}'
|
||||
--data '{"query":"mutation {updateProjectV2ItemFieldValue( input: { projectId: \"PROJECT_ID\" itemId: \"ITEM_ID\" fieldId: \"FIELD_ID\" value: { text: \"Updated text\" }}) { projectV2Item { id }}}"}'
|
||||
```
|
||||
{% endcurl %}
|
||||
|
||||
@@ -620,7 +620,7 @@ The following example will update the value of a single select field for an item
|
||||
curl --request POST \
|
||||
--url https://api.github.com/graphql \
|
||||
--header 'Authorization: Bearer TOKEN' \
|
||||
--data '{"query":"mutation {updateProjectV2ItemFieldValue( input: { projectId: "PROJECT_ID" itemId: "ITEM_ID" fieldId: "FIELD_ID" value: { singleSelectOptionId: "OPTION_ID" }}) { projectV2Item { id }}}"}'
|
||||
--data '{"query":"mutation {updateProjectV2ItemFieldValue( input: { projectId: \"PROJECT_ID\" itemId: \"ITEM_ID\" fieldId: \"FIELD_ID\" value: { singleSelectOptionId: \"OPTION_ID\" }}) { projectV2Item { id }}}"}'
|
||||
```
|
||||
{% endcurl %}
|
||||
|
||||
@@ -660,7 +660,7 @@ The following example will update the value of an iteration field for an item.
|
||||
curl --request POST \
|
||||
--url https://api.github.com/graphql \
|
||||
--header 'Authorization: Bearer TOKEN' \
|
||||
--data '{"query":"mutation {updateProjectV2ItemFieldValue( input: { projectId: "PROJECT_ID" itemId: "ITEM_ID" fieldId: "FIELD_ID" value: { singleSelectOptionId: "OPTION_ID" }}) { projectV2Item { id }}}"}'
|
||||
--data '{"query":"mutation {updateProjectV2ItemFieldValue( input: { projectId: \"PROJECT_ID\" itemId: \"ITEM_ID\" fieldId: \"FIELD_ID\" value: { singleSelectOptionId: \"OPTION_ID\" }}) { projectV2Item { id }}}"}'
|
||||
```
|
||||
{% endcurl %}
|
||||
|
||||
|
||||
@@ -1,9 +1 @@
|
||||
---
|
||||
ms.openlocfilehash: e9f2162fa5c65d4a59b2bd350aea2b131205f9a6
|
||||
ms.sourcegitcommit: fb047f9450b41b24afc43d9512a5db2a2b750a2a
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: pt-BR
|
||||
ms.lasthandoff: 09/10/2022
|
||||
ms.locfileid: "145094142"
|
||||
---
|
||||
{% data variables.product.prodname_codeql %} também executa uma criação para projetos Go para configurar o projeto. No entanto, em contraste com as outras linguagens compiladas, todos os arquivos Go no repositório são extraídos, não apenas aqueles que são compilados. Você pode usar comandos de compilação personalizados para pular a extração de arquivos Go que não são tocados pela compilação.
|
||||
For these three languages, {% data variables.product.prodname_codeql %} analyzes the source files in your repository that are built. {% data variables.product.prodname_codeql %} also runs a build for Go projects to set up the project, but then analyzes _all_ Go files in the repository, not just the files that are built. For any of these languages, including Go, you can disable `autobuild` and instead use custom build commands in order to analyze only the files that are built by these custom commands.
|
||||
@@ -1,9 +1,2 @@
|
||||
---
|
||||
ms.openlocfilehash: 05d61d8f49c6b53d318abbdceba89223404a7509
|
||||
ms.sourcegitcommit: fcf3546b7cc208155fb8acdf68b81be28afc3d2d
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: pt-BR
|
||||
ms.lasthandoff: 09/10/2022
|
||||
ms.locfileid: "145094709"
|
||||
---
|
||||
Se o código C/C++, C# ou Java em seu repositório tiver um processo de compilação não padrão, `autobuild` poderá falhar. Você precisará remover a etapa `autobuild` do fluxo de trabalho e adicionar manualmente as etapas de compilação. Se você quiser especificar quais arquivos de Go no seu repositório devem ser extraídos, você deverá adicionar as etapas de criação.
|
||||
If `autobuild` fails, or you want to analyze a different set of source files from those built by the `autobuild` process, you'll need to remove the `autobuild` step from the workflow, and manually add build steps. For C/C++, C#, Go, and Java projects, {% data variables.product.prodname_codeql %} will analyze whatever source code is built by your specified build steps.
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
---
|
||||
title: 外部身份验证的用户名注意事项
|
||||
title: Username considerations for external authentication
|
||||
shortTitle: Username considerations
|
||||
intro: '{% ifversion ghes or ghec %}当你使用 {% ifversion ghes %}CAS、LDAP 或 SAML 进行身份验证时{% elsif ghec %}{% data variables.product.prodname_emus %}{% endif %},{% endif %}{% data variables.product.product_name %} 遵循某些规则来确定{% ifversion ghec or ghae %}企业中{% elsif ghes %}实例上每个用户帐户的用户名{% endif %}。'
|
||||
intro: '{% ifversion ghes or ghec %}When you use {% ifversion ghes %}CAS, LDAP, or SAML for authentication{% elsif ghec %}{% data variables.product.prodname_emus %}{% endif %}, {% endif %}{% data variables.product.product_name %} follows certain rules to determine the username for each user account {% ifversion ghec or ghae %}in your enterprise{% elsif ghes %}on your instance{% endif %}.'
|
||||
miniTocMaxHeadingLevel: 3
|
||||
versions:
|
||||
ghec: '*'
|
||||
@@ -14,141 +14,144 @@ topics:
|
||||
- Enterprise
|
||||
- Identity
|
||||
- SSO
|
||||
ms.openlocfilehash: 72f83b870e2c0ea13d95511ce4fc000b3ccfcfc5
|
||||
ms.sourcegitcommit: 478f2931167988096ae6478a257f492ecaa11794
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: zh-CN
|
||||
ms.lasthandoff: 09/09/2022
|
||||
ms.locfileid: '147717995'
|
||||
---
|
||||
{% ifversion ghec %} {% note %}
|
||||
|
||||
注意:本文仅适用于 {% data variables.product.prodname_emus %}。 如果使用 {% data variables.product.prodname_ghe_cloud %} 而不使用 {% data variables.product.prodname_emus %},则用户名由用户创建,而不是由 {% data variables.product.prodname_dotcom %} 创建。
|
||||
{% ifversion ghec %}
|
||||
{% note %}
|
||||
|
||||
{% endnote %} {% endif %}
|
||||
**Note:** This article only applies to {% data variables.product.prodname_emus %}. If you use {% data variables.product.prodname_ghe_cloud %} without {% data variables.product.prodname_emus %}, usernames are created by users, not {% data variables.product.prodname_dotcom %}.
|
||||
|
||||
## 关于使用外部身份验证的用户名
|
||||
{% endnote %}
|
||||
{% endif %}
|
||||
|
||||
## About usernames with external authentication
|
||||
|
||||
{% ifversion ghes %}
|
||||
|
||||
可以使用 CAS、LDAP 或 SAML 为 {% data variables.product.product_name %} 配置外部身份验证。 有关详细信息,请参阅“[关于企业身份验证](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise#authentication-methods-for-github-enterprise-server)”。
|
||||
You can configure external authentication for {% data variables.product.product_name %} using CAS, LDAP, or SAML. For more information, see "[About authentication for your enterprise](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise#authentication-methods-for-github-enterprise-server)."
|
||||
|
||||
如果使用外部身份验证,当用户首次通过外部身份验证系统登录 {% data variables.product.product_location %} 时,{% data variables.product.product_location %} 会自动为每个用户创建一个用户名。
|
||||
When you use external authentication, {% data variables.product.product_location %} automatically creates a username for each person when the person signs into {% data variables.product.product_location %} through your external authentication system for the first time.
|
||||
|
||||
{% elsif ghec %}
|
||||
|
||||
如果使用具有 {% data variables.product.prodname_emus %} 的企业,则企业成员将通过 SAML 标识提供者 (IdP) 进行身份验证以访问 {% data variables.product.prodname_dotcom %}。 有关详细信息,请参阅“[关于 {% data variables.product.prodname_emus %}](/admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/about-enterprise-managed-users)”和“[关于企业身份验证](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise#authentication-methods-for-github-enterprise-server)”。
|
||||
If you use an enterprise with {% data variables.product.prodname_emus %}, members of your enterprise authenticate to access {% data variables.product.prodname_dotcom %} through your SAML identity provider (IdP). For more information, see "[About {% data variables.product.prodname_emus %}](/admin/identity-and-access-management/using-enterprise-managed-users-and-saml-for-iam/about-enterprise-managed-users)" and "[About authentication for your enterprise](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-authentication-for-your-enterprise#authentication-methods-for-github-enterprise-server)."
|
||||
|
||||
{% data variables.product.product_name %} 通过规范 IdP 提供的标识符,在通过 SCIM 预配用户帐户时自动为每个用户创建用户名。 如果将多个标识符规范化为相同的用户名,则会发生用户名冲突,并且将仅创建第一个用户帐户。 可以通过更改 IdP 来解决用户名冲突,以便规范化的用户名是唯一的。
|
||||
{% data variables.product.product_name %} automatically creates a username for each person when their user account is provisioned via SCIM, by normalizing an identifier provided by your IdP. If multiple identifiers are normalized into the same username, a username conflict occurs, and only the first user account is created. {% data reusables.enterprise-accounts.emu-only-emails-within-the-enterprise-can-conflict %} You can resolve username conflicts by making a change in your IdP so that the normalized usernames will be unique.
|
||||
|
||||
{% elsif ghae %}
|
||||
|
||||
{% data variables.product.product_name %} 使用 SAML SSO 进行身份验证,并在用户首次通过标识提供者 (IdP) 登录时自动为其创建一个用户名。
|
||||
{% data variables.product.product_name %} uses SAML SSO for authentication, and automatically creates a username for each person when the person signs in through your identity provider (IdP) for the first time.
|
||||
|
||||
{% endif %}
|
||||
|
||||
{% ifversion ghec %}
|
||||
## 关于 {% data variables.product.prodname_managed_users %} 的用户名
|
||||
## About usernames for {% data variables.product.prodname_managed_users %}
|
||||
|
||||
创建 {% data variables.product.prodname_emu_enterprise %} 后,需要选择一个短代码作为企业成员用户名的后缀。 {% data reusables.enterprise-accounts.emu-shortcode %} 配置 SAML SSO 的设置用户的用户名格式为 @SHORT-CODE_admin 。
|
||||
When your {% data variables.product.prodname_emu_enterprise %} is created, you will choose a short code that will be used as the suffix for your enterprise members' usernames. {% data reusables.enterprise-accounts.emu-shortcode %} The setup user who configures SAML SSO has a username in the format of **@<em>SHORT-CODE</em>_admin**.
|
||||
|
||||
通过标识提供者预配新用户时,新的 {% data variables.product.prodname_managed_user %} 将有一个 {% data variables.product.prodname_dotcom %} 用户名,格式为 @IDP-USERNAME_SHORT-CODE 。 IDP-USERNAME 组件是通过规范从 IdP 发送的 SCIM `userName` 特性值而形成的。
|
||||
When you provision a new user from your identity provider, the new {% data variables.product.prodname_managed_user %} will have a {% data variables.product.prodname_dotcom %} username in the format of **@<em>IDP-USERNAME</em>_<em>SHORT-CODE</em>**. The <em>IDP-USERNAME</em> component is formed by normalizing the SCIM `userName` attribute value sent from the IdP.
|
||||
|
||||
| 标识提供者 | {% data variables.product.prodname_dotcom %} 用户名 |
|
||||
| Identity provider | {% data variables.product.prodname_dotcom %} username |
|
||||
|-----------------------------------|----------------------|
|
||||
| Azure Active Directory (Azure AD)租户 | IDP-USERNAME 是通过规范 UPN(用户主体名称)中 `@` 字符之前的字符而形成的,不包括来宾帐户的 `#EXT#`。 |
|
||||
| Okta | IDP-USERNAME 是 IdP 提供的规范化用户名属性。 |
|
||||
| Azure Active Directory (Azure AD) | _IDP-USERNAME_ is formed by normalizing the characters preceding the `@` character in the UPN (User Principal Name), which does not include the `#EXT#` for guest accounts. |
|
||||
| Okta | _IDP-USERNAME_ is the normalized username attribute provided by the IdP. |
|
||||
|
||||
这些规则可能会导致 IdP 为多个用户提供相同的 IDP-USERNAME。 例如,对于 Azure AD,以下 UPN 将产生相同的用户名:
|
||||
These rules may result in your IdP providing the same _IDP-USERNAME_ for multiple users. For example, for Azure AD, the following UPNs will result in the same username:
|
||||
|
||||
- `bob@contoso.com`
|
||||
- `bob@fabrikam.com`
|
||||
- `bob#EXT#fabrikamcom@contoso.com`
|
||||
|
||||
这将导致用户名冲突,并且只会预配第一个用户。 有关详细信息,请参阅“[解决用户名冲突](#resolving-username-conflicts)”。
|
||||
This will cause a username conflict, and only the first user will be provisioned. For more information, see "[Resolving username conflicts](#resolving-username-conflicts)."
|
||||
{% endif %}
|
||||
|
||||
用户名{% ifversion ghec %},包括下划线和短代码,{% endif %}不得超过 39 个字符。
|
||||
Usernames{% ifversion ghec %}, including underscore and short code,{% endif %} must not exceed 39 characters.
|
||||
|
||||
## 关于用户名规范化
|
||||
## About username normalization
|
||||
|
||||
{% ifversion ghes or ghae %}{% data variables.product.product_name %}{% elsif ghec %}{% data variables.product.prodname_dotcom_the_website %}{% endif %} 上的用户帐户的用户名只能包含字母数字字符和短划线 (`-`)。
|
||||
|
||||
{% ifversion ghec %} 配置 SAML 身份验证时,{% data variables.product.product_name %} 使用从 IdP 发送的 SCIM `userName` 特性值来确定 {% data variables.product.prodname_dotcom_the_website %} 上相应用户帐户的用户名。 如果此值包含不受支持的字符,{% data variables.product.product_name %} 将按照以下规则规范化用户名。
|
||||
{% elsif ghes %} 配置 CAS、LDAP 或 SAML 身份验证时,{% data variables.product.product_name %} 使用外部身份验证提供程序上用户帐户的标识符来确定 {% data variables.product.product_name %} 上相应用户帐户的用户名。 如果此标识符包含不受支持的字符,{% data variables.product.product_name %} 将按照以下规则规范化用户名。
|
||||
{% elsif ghae %} 配置 SAML 身份验证时,{% data variables.product.product_name %} 使用 IdP 上用户帐户的标识符来确定 {% data variables.product.product_name %} 上相应用户帐户的用户名。 如果此标识符包含不受支持的字符,{% data variables.product.product_name %} 将按照以下规则规范化用户名。
|
||||
{% endif %}
|
||||
|
||||
1. {% data variables.product.product_name %} 会将帐户用户名中的所有非字母数字字符规范化为短划线。 例如,用户名 `mona.the.octocat` 将规范化为 `mona-the-octocat`。 请注意,标准化的用户名也不能以短划线开头或结尾。 它们还不能包含两个连续的短划线。
|
||||
|
||||
1. 创建自电子邮件地址的用户名使用 `@` 字符前面的规范化字符创建。
|
||||
|
||||
1. 如果将多个帐户规范化为相同的 {% data variables.product.product_name %} 用户名,则将仅创建第一个用户帐户。 使用相同用户名的后续用户无法登录。 {% ifversion ghec %}有关详细信息,请参阅“[解决用户名冲突](#resolving-username-conflicts)”。{% endif %}
|
||||
|
||||
### 用户名规范化示例
|
||||
|
||||
| 提供程序上的标识符 | {% data variables.product.prodname_dotcom %} 上的规范化用户名 | 结果 |
|
||||
| :- | :- | :- |
|
||||
| The.Octocat | `the-octocat{% ifversion ghec %}_SHORT-CODE{% endif %}` | 此用户名已成功创建。 |
|
||||
| !The.Octocat | `-the-octocat{% ifversion ghec %}_SHORT-CODE{% endif %}` | 此用户名无法创建,因其以短划线开头。 |
|
||||
| The.Octocat! | `the-octocat-{% ifversion ghec %}_SHORT-CODE{% endif %}` | 此用户名无法创建,因其以短划线结尾。 |
|
||||
| The!!Octocat | `the--octocat{% ifversion ghec %}_SHORT-CODE{% endif %}` | 此用户名无法创建,因其包含两个连续的短划线。 |
|
||||
| The!Octocat | `the-octocat{% ifversion ghec %}_SHORT-CODE{% endif %}` | 此用户名无法创建。 虽然标准化的用户名有效,但它已经存在。 |
|
||||
| `The.Octocat@example.com` | `the-octocat{% ifversion ghec %}_SHORT-CODE{% endif %}` | 此用户名无法创建。 虽然标准化的用户名有效,但它已经存在。 |
|
||||
| `mona.lisa.the.octocat.from.github.united.states@example.com` | `mona-lisa-the-octocat-from-github-united-states{% ifversion ghec %}_SHORT-CODE{% endif %}` | 不会创建此用户名,因为它超出了 39 个字符的限制。 |
|
||||
|
||||
{% ifversion not ghec %}
|
||||
### 关于使用 SAML 的用户名规范化
|
||||
|
||||
{% ifversion ghes %}如果为 {% data variables.product.product_location %} 配置 SAML 身份验证,则 {% endif %}{% data variables.product.product_name %} 通过 SAML 响应中的以下断言之一确定每个人的用户名,这些断言按优先级降序排列。
|
||||
|
||||
1. 自定义 `username` 特性(如果定义且存在)
|
||||
1. `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name` 断言(如果存在)
|
||||
1. `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress` 断言(如果存在)
|
||||
1. `NameID` 元素
|
||||
|
||||
{% data variables.product.product_name %} 需要 `NameID` 元素,即使存在其他特性也是如此。 有关详细信息,请参阅“[SAML 配置参考](/admin/identity-and-access-management/using-saml-for-enterprise-iam/saml-configuration-reference#saml-attributes)”。
|
||||
|
||||
{% data variables.product.product_name %} 在来自 IdP 的 `NameID` 和 {% data variables.product.product_location %} {% ifversion ghae %}中{% else %}上{% endif %}的用户名间创建一个映射,因此 `NameID` 应是持久、唯一的,并且在用户生命周期内不会发生变化。
|
||||
|
||||
{% ifversion ghes %} {% note %}
|
||||
|
||||
注意:如果用户的 `NameID` 确实在 IdP 上发生了更改,则该用户在登录 {% data variables.product.product_location %} 时会看到一条错误消息。 若要恢复用户的访问权限,需要更新用户帐户的 `NameID` 映射。 有关详细信息,请参阅“[更新用户的 SAML `NameID`](/admin/identity-and-access-management/using-saml-for-enterprise-iam/updating-a-users-saml-nameid)”。
|
||||
|
||||
{% endnote %} {% endif %} {% endif %}
|
||||
Usernames for user accounts on {% ifversion ghes or ghae %}{% data variables.product.product_name %}{% elsif ghec %}{% data variables.product.prodname_dotcom_the_website %}{% endif %} can only contain alphanumeric characters and dashes (`-`).
|
||||
|
||||
{% ifversion ghec %}
|
||||
## 解决用户名冲突
|
||||
When you configure SAML authentication, {% data variables.product.product_name %} uses the SCIM `userName` attribute value sent from the IdP to determine the username for the corresponding user account on {% data variables.product.prodname_dotcom_the_website %}. If this value includes unsupported characters, {% data variables.product.product_name %} will normalize the username per the following rules.
|
||||
{% elsif ghes %}
|
||||
When you configure CAS, LDAP, or SAML authentication, {% data variables.product.product_name %} uses an identifier from the user account on your external authentication provider to determine the username for the corresponding user account on {% data variables.product.product_name %}. If the identifier includes unsupported characters, {% data variables.product.product_name %} will normalize the username per the following rules.
|
||||
{% elsif ghae %}
|
||||
When you configure SAML authentication, {% data variables.product.product_name %} uses an identifier from the user account on your IdP to determine the username for the corresponding user account on {% data variables.product.product_name %}. If the identifier includes unsupported characters, {% data variables.product.product_name %} will normalize the username per the following rules.
|
||||
{% endif %}
|
||||
|
||||
预配新用户时,如果用户的规范化用户名与企业中的现有用户冲突,则预配尝试将失败并出现 `409` 错误。
|
||||
1. {% data variables.product.product_name %} will normalize any non-alphanumeric character in your account's username into a dash. For example, a username of `mona.the.octocat` will be normalized to `mona-the-octocat`. Note that normalized usernames also can't start or end with a dash. They also can't contain two consecutive dashes.
|
||||
|
||||
若要解决此问题,必须在 IdP 中进行更改,以便规范化的用户名是唯一的。 如果无法更改要规范化的标识符,可以更改 `userName` 特性的特性映射。 如果更改特性映射,现有 {% data variables.product.prodname_managed_users %} 的用户名将更新,但有关帐户的其他任何内容都不会更改,包括活动历史记录。
|
||||
1. Usernames created from email addresses are created from the normalized characters that precede the `@` character.
|
||||
|
||||
1. If multiple accounts are normalized into the same {% data variables.product.product_name %} username, only the first user account is created. Subsequent users with the same username won't be able to sign in. {% ifversion ghec %}For more information, see "[Resolving username conflicts](#resolving-username-conflicts)."{% endif %}
|
||||
|
||||
### Examples of username normalization
|
||||
|
||||
| Identifier on provider | Normalized username on {% data variables.product.prodname_dotcom %} | Result |
|
||||
| :- | :- | :- |
|
||||
| The.Octocat | `the-octocat{% ifversion ghec %}_SHORT-CODE{% endif %}` | This username is created successfully. |
|
||||
| !The.Octocat | `-the-octocat{% ifversion ghec %}_SHORT-CODE{% endif %}` | This username is not created, because it starts with a dash. |
|
||||
| The.Octocat! | `the-octocat-{% ifversion ghec %}_SHORT-CODE{% endif %}` | This username is not created, because it ends with a dash. |
|
||||
| The!!Octocat | `the--octocat{% ifversion ghec %}_SHORT-CODE{% endif %}` | This username is not created, because it contains two consecutive dashes. |
|
||||
| The!Octocat | `the-octocat{% ifversion ghec %}_SHORT-CODE{% endif %}` | This username is not created. Although the normalized username is valid, it already exists. |
|
||||
| `The.Octocat@example.com` | `the-octocat{% ifversion ghec %}_SHORT-CODE{% endif %}` | This username is not created. Although the normalized username is valid, it already exists. |
|
||||
| `mona.lisa.the.octocat.from.github.united.states@example.com` | `mona-lisa-the-octocat-from-github-united-states{% ifversion ghec %}_SHORT-CODE{% endif %}` | This username is not created, because it exceeds the 39-character limit. |
|
||||
|
||||
{% ifversion not ghec %}
|
||||
### About username normalization with SAML
|
||||
|
||||
{% ifversion ghes %}If you configure SAML authentication for {% data variables.product.product_location %}, {% endif %}{% data variables.product.product_name %} determines each person's username by one of the following assertions in the SAML response, ordered by descending priority.
|
||||
|
||||
1. The custom `username` attribute, if defined and present
|
||||
1. An `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name` assertion, if present
|
||||
1. An `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress` assertion, if present
|
||||
1. The `NameID` element
|
||||
|
||||
{% data variables.product.product_name %} requires the `NameID` element even if other attributes are present. For more information, see "[SAML configuration reference](/admin/identity-and-access-management/using-saml-for-enterprise-iam/saml-configuration-reference#saml-attributes)."
|
||||
|
||||
{% data variables.product.product_name %} creates a mapping between the `NameID` from the IdP and the username {% ifversion ghae %}in{% else %}on{% endif %} {% data variables.product.product_location %}, so the `NameID` should be persistent, unique, and not subject to change for the lifecycle of the user.
|
||||
|
||||
{% ifversion ghes %}
|
||||
{% note %}
|
||||
|
||||
**Note**: If the `NameID` for a user does change on the IdP, the person will see an error message when signing into {% data variables.product.product_location %}. To restore the person's access, you'll need to update the user account's `NameID` mapping. For more information, see "[Updating a user's SAML `NameID`](/admin/identity-and-access-management/using-saml-for-enterprise-iam/updating-a-users-saml-nameid)."
|
||||
|
||||
{% endnote %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% ifversion ghec %}
|
||||
## Resolving username conflicts
|
||||
|
||||
When a new user is being provisioned, if the user's normalized username conflicts with an existing user in the enterprise, the provisioning attempt will fail with a `409` error.
|
||||
|
||||
To resolve this problem, you must make a change in your IdP so that the normalized usernames will be unique. If you cannot change the identifier that's being normalized, you can change the attribute mapping for the `userName` attribute. If you change the attribute mapping, usernames of existing {% data variables.product.prodname_managed_users %} will be updated, but nothing else about the accounts will change, including activity history.
|
||||
|
||||
{% note %}
|
||||
|
||||
注意:{% data variables.contact.github_support %} 无法为自定义特性映射或配置自定义表达式提供帮助。 如有任何问题,可以联系 IdP。
|
||||
**Note:** {% data variables.contact.github_support %} cannot provide assistance with customizing attribute mappings or configuring custom expressions. You can contact your IdP with any questions.
|
||||
|
||||
{% endnote %}
|
||||
|
||||
### 解决与 Azure AD 的用户名冲突
|
||||
### Resolving username conflicts with Azure AD
|
||||
|
||||
若要解决 Azure AD 中的用户名冲突,请修改冲突用户的用户主体名称值或修改 `userName` 特性的特性映射。 如果修改特性映射,可以选择现有特性或使用表达式来确保所有预配的用户都具有唯一的规范化别名。
|
||||
To resolve username conflicts in Azure AD, either modify the User Principal Name value for the conflicting user or modify the attribute mapping for the `userName` attribute. If you modify the attribute mapping, you can choose an existing attribute or use an expression to ensure that all provisioned users have a unique normalized alias.
|
||||
|
||||
1. 在 Azure AD 中,打开 {% data variables.product.prodname_emu_idp_application %} 应用程序。
|
||||
1. 在左侧边栏中,单击“预配”。
|
||||
1. 单击“编辑预配”。
|
||||
1. 展开“映射”,然后单击“预配 Azure Active Directory 用户” 。
|
||||
1. 单击 {% data variables.product.prodname_dotcom %} `userName` 特性映射。
|
||||
1. 更改特性映射。
|
||||
- 若要将 Azure AD 中的现有特性映射到 {% data variables.product.prodname_dotcom %} 中的 `userName` 特性,请单击所需的特性字段。 然后,保存并等待,预配周期将在大约 40 分钟内发生。
|
||||
- 若要使用表达式而不是现有特性,请将映射类型更改为“表达式”,然后添加自定义表达式,使该值对所有用户都是唯一的。 例如,可以使用 `[FIRST NAME]-[LAST NAME]-[EMPLOYEE ID]`。 有关详细信息,请参阅 Microsoft Docs 中的[有关在 Azure Active Directory 中编写特性映射表达式的参考](https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/functions-for-customizing-application-data)。
|
||||
1. In Azure AD, open the {% data variables.product.prodname_emu_idp_application %} application.
|
||||
1. In the left sidebar, click **Provisioning**.
|
||||
1. Click **Edit Provisioning**.
|
||||
1. Expand **Mappings**, then click **Provision Azure Active Directory Users**.
|
||||
1. Click the {% data variables.product.prodname_dotcom %} `userName` attribute mapping.
|
||||
1. Change the attribute mapping.
|
||||
- To map an existing attribute in Azure AD to the `userName` attribute in {% data variables.product.prodname_dotcom %}, click your desired attribute field. Then, save and wait for a provisioning cycle to occur within about 40 minutes.
|
||||
- To use an expression instead of an existing attribute, change the Mapping type to "Expression", then add a custom expression that will make this value unique for all users. For example, you could use `[FIRST NAME]-[LAST NAME]-[EMPLOYEE ID]`. For more information, see [Reference for writing expressions for attribute mappings in Azure Active Directory](https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/functions-for-customizing-application-data) in Microsoft Docs.
|
||||
|
||||
### 解决与 Okta 的用户名冲突
|
||||
### Resolving username conflicts with Okta
|
||||
|
||||
若要解决 Okta 中的用户名冲突,请更新 {% data variables.product.prodname_emu_idp_application %} 应用程序的特性映射设置。
|
||||
To resolve username conflicts in Okta, update the attribute mapping settings for the {% data variables.product.prodname_emu_idp_application %} application.
|
||||
|
||||
1. 在 Okta 中,打开 {% data variables.product.prodname_emu_idp_application %} 应用程序。
|
||||
1. 单击“登录”。
|
||||
1. 在“设置”部分,单击“编辑”。
|
||||
1. 更新“应用程序用户名格式”。
|
||||
1. In Okta, open the {% data variables.product.prodname_emu_idp_application %} application.
|
||||
1. Click **Sign On**.
|
||||
1. In the "Settings" section, click **Edit**.
|
||||
1. Update the "Application username format."
|
||||
{% endif %}
|
||||
|
||||
@@ -135,7 +135,7 @@ By default, when an unauthenticated user attempts to access an enterprise that u
|
||||
|
||||
{% data variables.product.product_name %} automatically creates a username for each person by normalizing an identifier provided by your IdP. For more information, see "[Username considerations for external authentication](/admin/identity-and-access-management/managing-iam-for-your-enterprise/username-considerations-for-external-authentication)."
|
||||
|
||||
A conflict may occur when provisioning users if the unique parts of the identifier provided by your IdP are removed during normalization. If you're unable to provision a user due to a username conflict, you should modify the username provided by your IdP. For more information, see "[Resolving username conflicts](/admin/identity-and-access-management/managing-iam-for-your-enterprise/username-considerations-for-external-authentication#resolving-username-conflicts)."
|
||||
A conflict may occur when provisioning users if the unique parts of the identifier provided by your IdP are removed during normalization. {% data reusables.enterprise-accounts.emu-only-emails-within-the-enterprise-can-conflict %} If you're unable to provision a user due to a username conflict, you should modify the username provided by your IdP. For more information, see "[Resolving username conflicts](/admin/identity-and-access-management/managing-iam-for-your-enterprise/username-considerations-for-external-authentication#resolving-username-conflicts)."
|
||||
|
||||
The profile name and email address of a {% data variables.product.prodname_managed_user %} is also provided by the IdP. {% data variables.product.prodname_managed_users_caps %} cannot change their profile name or email address on {% data variables.product.prodname_dotcom %}, and the IdP can only provide a single email address.
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
---
|
||||
title: 为编译的语言配置 CodeQL 工作流
|
||||
title: Configuring the CodeQL workflow for compiled languages
|
||||
shortTitle: Configure compiled languages
|
||||
intro: '您可以配置 {% data variables.product.prodname_dotcom %} 如何使用 {% data variables.product.prodname_codeql_workflow %} 扫描用编译语言编写的代码以查找漏洞和错误。'
|
||||
intro: 'You can configure how {% data variables.product.prodname_dotcom %} uses the {% data variables.product.prodname_codeql_workflow %} to scan code written in compiled languages for vulnerabilities and errors.'
|
||||
product: '{% data reusables.gated-features.code-scanning %}'
|
||||
permissions: 'If you have write permissions to a repository, you can configure {% data variables.product.prodname_code_scanning %} for that repository.'
|
||||
redirect_from:
|
||||
@@ -25,87 +25,89 @@ topics:
|
||||
- C/C++
|
||||
- C#
|
||||
- Java
|
||||
ms.openlocfilehash: c8256eea83b6a30879effc4d7797f2afcbc82e15
|
||||
ms.sourcegitcommit: fcf3546b7cc208155fb8acdf68b81be28afc3d2d
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: zh-CN
|
||||
ms.lasthandoff: 09/10/2022
|
||||
ms.locfileid: '147877154'
|
||||
---
|
||||
{% data reusables.code-scanning.beta %} {% data reusables.code-scanning.enterprise-enable-code-scanning-actions %}
|
||||
|
||||
## 关于 {% data variables.product.prodname_codeql_workflow %} 和编译语言
|
||||
|
||||
通过添加 {% data variables.product.prodname_actions %} 工作流程到仓库,设置 {% data variables.product.prodname_dotcom %} 对仓库运行 {% data variables.product.prodname_code_scanning %}。 对于 {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %},您可以添加 {% data variables.product.prodname_codeql_workflow %}。 有关详细信息,请参阅“[为存储库设置 {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/setting-up-code-scanning-for-a-repository)”。
|
||||
{% data reusables.code-scanning.beta %}
|
||||
{% data reusables.code-scanning.enterprise-enable-code-scanning-actions %}
|
||||
|
||||
{% data reusables.code-scanning.edit-workflow %} 有关配置 {% data variables.product.prodname_code_scanning %} 和编辑工作流文件的一般信息,请参阅“[配置 {% data variables.product.prodname_code_scanning %} ](/code-security/secure-coding/configuring-code-scanning)”和“[了解 {% data variables.product.prodname_actions %}](/actions/learn-github-actions)”。
|
||||
## About the {% data variables.product.prodname_codeql_workflow %} and compiled languages
|
||||
|
||||
## 关于 {% data variables.product.prodname_codeql %} 的自动构建
|
||||
You set up {% data variables.product.prodname_dotcom %} to run {% data variables.product.prodname_code_scanning %} for your repository by adding a {% data variables.product.prodname_actions %} workflow to the repository. For {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}, you add the {% data variables.product.prodname_codeql_workflow %}. For more information, see "[Setting up {% data variables.product.prodname_code_scanning %} for a repository](/code-security/secure-coding/setting-up-code-scanning-for-a-repository)."
|
||||
|
||||
代码扫描的工作方式是对一个或多个数据库运行查询。 每个数据库都包含仓库中所有代码的单一语言表示形式。 对于编译语言 C/C++、C# 和 Java,填充此数据库的过程涉及构建代码和提取数据。 {% data reusables.code-scanning.analyze-go %}
|
||||
{% data reusables.code-scanning.edit-workflow %}
|
||||
For general information about configuring {% data variables.product.prodname_code_scanning %} and editing workflow files, see "[Configuring {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/configuring-code-scanning)" and "[Learn {% data variables.product.prodname_actions %}](/actions/learn-github-actions)."
|
||||
|
||||
## About autobuild for {% data variables.product.prodname_codeql %}
|
||||
|
||||
{% data variables.product.prodname_code_scanning_capc %} works by running queries against one or more databases. Each database contains a representation of all of the code in a single language in your repository.
|
||||
For the compiled languages C/C++, C#, and Java, the process of populating this database involves building the code and extracting data. {% data reusables.code-scanning.analyze-go %}
|
||||
|
||||
{% data reusables.code-scanning.autobuild-compiled-languages %}
|
||||
|
||||
如果你的工作流使用 `language` 矩阵,`autobuild` 会尝试生成矩阵中列出的每种编译语言。 如果不使用矩阵,则 `autobuild` 会尝试生成在存储库中具有最多源文件的受支持编译语言。 除 Go 以外,除非您提供明确的构建命令,否则您仓库中其他编译语言的分析将失败。
|
||||
If your workflow uses a `language` matrix, `autobuild` attempts to build each of the compiled languages listed in the matrix. Without a matrix `autobuild` attempts to build the supported compiled language that has the most source files in the repository. With the exception of Go, analysis of other compiled languages in your repository will fail unless you supply explicit build commands.
|
||||
|
||||
{% note %}
|
||||
|
||||
{% ifversion ghae %} **注意**:{% data reusables.actions.self-hosted-runners-software %} {% else %} **注意**:如果使用 {% data variables.product.prodname_actions %} 的自承载运行器,则可能需要安装其他软件才能使用 `autobuild` 进程。 此外,如果您的仓库需要特定版本的构建工具,您可能需要手动安装它。 有关详细信息,请参阅“[{% data variables.product.prodname_dotcom %} 托管的运行器的规范](/actions/reference/specifications-for-github-hosted-runners/#supported-software)”。
|
||||
{% ifversion ghae %}
|
||||
**Note**: {% data reusables.actions.self-hosted-runners-software %}
|
||||
{% else %}
|
||||
**Note**: If you use self-hosted runners for {% data variables.product.prodname_actions %}, you may need to install additional software to use the `autobuild` process. Additionally, if your repository requires a specific version of a build tool, you may need to install it manually. For more information, see "[Specifications for {% data variables.product.prodname_dotcom %}-hosted runners](/actions/reference/specifications-for-github-hosted-runners/#supported-software)".
|
||||
{% endif %}
|
||||
|
||||
{% endnote %}
|
||||
|
||||
### C/C++
|
||||
|
||||
| 支持的系统类型 | 系统名称 |
|
||||
| Supported system type | System name |
|
||||
|----|----|
|
||||
| 操作系统 | Windows、macOS 和 Linux |
|
||||
| 构建系统 | Windows:MSbuild 和生成脚本<br/>Linux 和 macOS:Autoconf、Make、CMake、qmake、Meson、Waf、SCons、Linux Kbuild 和生成脚本 |
|
||||
| Operating system | Windows, macOS, and Linux |
|
||||
| Build system | Windows: MSbuild and build scripts<br/>Linux and macOS: Autoconf, Make, CMake, qmake, Meson, Waf, SCons, Linux Kbuild, and build scripts |
|
||||
|
||||
`autobuild` 步骤的行为因运行提取的操作系统而异。 在 Windows 上,`autobuild` 步骤尝试使用以下方法自动检测适合 C/C++ 的生成方法:
|
||||
The behavior of the `autobuild` step varies according to the operating system that the extraction runs on. On Windows, the `autobuild` step attempts to autodetect a suitable build method for C/C++ using the following approach:
|
||||
|
||||
1. 对离根最近的解决方案 (`.sln`) 或项目 (`.vcxproj`) 文件调用 `MSBuild.exe`。
|
||||
如果 `autobuild` 在顶层目录下的相同(最短)深度检测到多个解决方案或项目文件,它将尝试生成所有这些文件。
|
||||
2. 调用看起来像生成脚本的脚本:build.bat、build.cmd 和 build.exe(按此顺序) 。
|
||||
1. Invoke `MSBuild.exe` on the solution (`.sln`) or project (`.vcxproj`) file closest to the root.
|
||||
If `autobuild` detects multiple solution or project files at the same (shortest) depth from the top level directory, it will attempt to build all of them.
|
||||
2. Invoke a script that looks like a build script—_build.bat_, _build.cmd_, _and build.exe_ (in that order).
|
||||
|
||||
在 Linux 和 macOS 上,`autobuild` 步骤检查存储库中存在的文件,以确定使用的生成系统:
|
||||
On Linux and macOS, the `autobuild` step reviews the files present in the repository to determine the build system used:
|
||||
|
||||
1. 在根目录中查找构建系统。
|
||||
2. 如果未找到,则搜索子目录以查找含有 C/C++ 构建系统的唯一目录。
|
||||
3. 运行适当的命令来配置系统。
|
||||
1. Look for a build system in the root directory.
|
||||
2. If none are found, search subdirectories for a unique directory with a build system for C/C++.
|
||||
3. Run an appropriate command to configure the system.
|
||||
|
||||
### C#
|
||||
|
||||
| 支持的系统类型 | 系统名称 |
|
||||
| Supported system type | System name |
|
||||
|----|----|
|
||||
| 操作系统 | Windows 和 Linux |
|
||||
| 构建系统 | .NET 和 MSbuild,以及构建脚本 |
|
||||
| Operating system | Windows and Linux |
|
||||
| Build system | .NET and MSbuild, as well as build scripts |
|
||||
|
||||
`autobuild` 进程尝试使用以下方法自动检测适合 C# 的构建方法:
|
||||
The `autobuild` process attempts to autodetect a suitable build method for C# using the following approach:
|
||||
|
||||
1. 对离根最近的解决方案 (`.sln`) 或项目 (`.csproj`) 文件调用 `dotnet build`。
|
||||
2. 对离根最近的解决方案或项目文件调用 `MSbuild` (Linux) 或 `MSBuild.exe` (Windows)。
|
||||
如果 `autobuild` 在顶层目录下的相同(最短)深度检测到多个解决方案或项目文件,它将尝试生成所有这些文件。
|
||||
3. 调用看起来像生成脚本的脚本:build 和 build.sh(对于 Linux,按此顺序)或 build.bat、build.cmd 和 build.exe(对于 Windows,按此顺序) 。
|
||||
1. Invoke `dotnet build` on the solution (`.sln`) or project (`.csproj`) file closest to the root.
|
||||
2. Invoke `MSbuild` (Linux) or `MSBuild.exe` (Windows) on the solution or project file closest to the root.
|
||||
If `autobuild` detects multiple solution or project files at the same (shortest) depth from the top level directory, it will attempt to build all of them.
|
||||
3. Invoke a script that looks like a build script—_build_ and _build.sh_ (in that order, for Linux) or _build.bat_, _build.cmd_, _and build.exe_ (in that order, for Windows).
|
||||
|
||||
### Java
|
||||
|
||||
| 支持的系统类型 | 系统名称 |
|
||||
| Supported system type | System name |
|
||||
|----|----|
|
||||
| 操作系统 | Windows、macOS 和 Linux(无限制) |
|
||||
| 构建系统 | Gradle、Maven 和 Ant |
|
||||
| Operating system | Windows, macOS, and Linux (no restriction) |
|
||||
| Build system | Gradle, Maven and Ant |
|
||||
|
||||
`autobuild` 进程尝试通过应用此策略来确定 Java 代码库的生成系统:
|
||||
The `autobuild` process tries to determine the build system for Java codebases by applying this strategy:
|
||||
|
||||
1. 在根目录中搜索构建文件。 先后检查 Gradle、Maven 和 Ant 构建文件。
|
||||
2. 运行找到的第一个构建文件。 如果 Gradle 和 Maven 文件都存在,则使用 Gradle 文件。
|
||||
3. 否则,在根目录的直接子目录中搜索构建文件。 如果只有一个子目录包含构建文件,则运行该子目录中标识的第一个文件(使用与 1 相同的首选项)。 如果多个子目录包含构建文件,则报告错误。
|
||||
1. Search for a build file in the root directory. Check for Gradle then Maven then Ant build files.
|
||||
2. Run the first build file found. If both Gradle and Maven files are present, the Gradle file is used.
|
||||
3. Otherwise, search for build files in direct subdirectories of the root directory. If only one subdirectory contains build files, run the first file identified in that subdirectory (using the same preference as for 1). If more than one subdirectory contains build files, report an error.
|
||||
|
||||
## 添加编译语言的构建步骤
|
||||
## Adding build steps for a compiled language
|
||||
|
||||
{% data reusables.code-scanning.autobuild-add-build-steps %} 有关如何编辑工作流文件的信息,请参阅“[配置 {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/configuring-code-scanning#editing-a-code-scanning-workflow)”。
|
||||
{% data reusables.code-scanning.autobuild-add-build-steps %} For information on how to edit the workflow file, see "[Configuring {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/configuring-code-scanning#editing-a-code-scanning-workflow)."
|
||||
|
||||
删除 `autobuild` 步骤后,取消注释 `run` 步骤并添加适合存储库的生成命令。 工作流 `run` 步骤会使用操作系统的 shell 来运行命令行程序。 可以修改这些命令并添加更多命令以自定义生成过程。
|
||||
After removing the `autobuild` step, uncomment the `run` step and add build commands that are suitable for your repository. The workflow `run` step runs command-line programs using the operating system's shell. You can modify these commands and add more commands to customize the build process.
|
||||
|
||||
``` yaml
|
||||
- run: |
|
||||
@@ -113,9 +115,9 @@ ms.locfileid: '147877154'
|
||||
make release
|
||||
```
|
||||
|
||||
有关 `run` 关键字的详细信息,请参阅“[{% data variables.product.prodname_actions %} 的工作流语法](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsrun)”。
|
||||
For more information about the `run` keyword, see "[Workflow syntax for {% data variables.product.prodname_actions %}](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsrun)."
|
||||
|
||||
如果存储库包含多个编译语言,可以指定特定于语言的生成命令。 例如,如果存储库包含 C/C++、C# 和 Java,而 `autobuild` 正确生成了 C/C++ 和 C#,但未能生成 Java,那么在 `init` 步骤之后,可以在工作流中使用以下配置。 这指定了 Java 的生成步骤,同时仍然为 C/C++ 和 C# 使用 `autobuild`:
|
||||
If your repository contains multiple compiled languages, you can specify language-specific build commands. For example, if your repository contains C/C++, C# and Java, and `autobuild` correctly builds C/C++ and C# but fails to build Java, you could use the following configuration in your workflow, after the `init` step. This specifies build steps for Java while still using `autobuild` for C/C++ and C#:
|
||||
|
||||
```yaml
|
||||
- if: matrix.language == 'cpp' || matrix.language == 'csharp'
|
||||
@@ -129,8 +131,8 @@ ms.locfileid: '147877154'
|
||||
make release
|
||||
```
|
||||
|
||||
有关 `if` 条件的详细信息,请参阅“[GitHub Actions 的工作流语法](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsif)”。
|
||||
For more information about the `if` conditional, see "[Workflow syntax for GitHub Actions](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsif)."
|
||||
|
||||
有关为什么 `autobuild` 无法生成代码的更多提示和技巧,请参阅“[{% data variables.product.prodname_codeql %} 工作流故障排除](/code-security/secure-coding/troubleshooting-the-codeql-workflow)”。
|
||||
For more tips and tricks about why `autobuild` won't build your code, see "[Troubleshooting the {% data variables.product.prodname_codeql %} workflow](/code-security/secure-coding/troubleshooting-the-codeql-workflow)."
|
||||
|
||||
如果您为编译语言添加了手动构建步骤,但 {% data variables.product.prodname_code_scanning %} 仍然无法处理您的仓库,请联系 {% data variables.contact.contact_support %}。
|
||||
If you added manual build steps for compiled languages and {% data variables.product.prodname_code_scanning %} is still not working on your repository, contact {% data variables.contact.contact_support %}.
|
||||
|
||||
@@ -57,7 +57,8 @@ Generally, we name our supported ecosystems after the software programming langu
|
||||
- Maven (registry: https://repo.maven.apache.org/maven2)
|
||||
- npm (registry: https://www.npmjs.com/)
|
||||
- NuGet (registry: https://www.nuget.org/)
|
||||
- pip (registry: https://pypi.org/)
|
||||
- pip (registry: https://pypi.org/){% ifversion dependency-graph-dart-support %}
|
||||
- pub (registry: https://pub.dev/packages/registry){% endif %}
|
||||
- RubyGems (registry: https://rubygems.org/)
|
||||
- Rust (registry: https://crates.io/)
|
||||
|
||||
|
||||
@@ -784,15 +784,7 @@ registries:
|
||||
|
||||
### `docker-registry`
|
||||
|
||||
{% data variables.product.prodname_dependabot %} works with container registries that implement the OCI container registry. For more information, see [https://github.com/opencontainers/distribution-spec/blob/main/spec.md](https://github.com/opencontainers/distribution-spec/blob/main/spec.md). {% data variables.product.prodname_dependabot %} supports authentication to private registries via a central service. For further details, see [Token Authentication Specification](https://docs.docker.com/registry/spec/auth/token/) in the Docker documentation.
|
||||
|
||||
We currently support the container registries listed here:
|
||||
|
||||
* Docker Hub
|
||||
* {% data variables.product.company_short %} {% data variables.product.prodname_container_registry %}
|
||||
* GCR (Google Cloud)
|
||||
* Private ECR (AWS) - public ECR support is tracked in [https://github.com/dependabot/dependabot-core/issues/4212](https://github.com/dependabot/dependabot-core/issues/4212).
|
||||
|
||||
{% data variables.product.prodname_dependabot %} works with any container registries that implement the OCI container registry spec. For more information, see [https://github.com/opencontainers/distribution-spec/blob/main/spec.md](https://github.com/opencontainers/distribution-spec/blob/main/spec.md). {% data variables.product.prodname_dependabot %} supports authentication to private registries via a central token service or HTTP Basic Auth. For further details, see [Token Authentication Specification](https://docs.docker.com/registry/spec/auth/token/) in the Docker documentation and [Basic access authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) on Wikipedia.
|
||||
|
||||
The `docker-registry` type supports username and password.
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
title: 密码扫描合作伙伴计划
|
||||
intro: '作为服务提供者,您可以与 {% data variables.product.prodname_dotcom %} 合作,通过密码扫描保护您的密码令牌格式,该扫描将搜索意外提交的密码格式,并且可以发送到服务提供者的验证端点。'
|
||||
title: Secret scanning partner program
|
||||
intro: 'As a service provider, you can partner with {% data variables.product.prodname_dotcom %} to have your secret token formats secured through secret scanning, which searches for accidental commits of your secret format and can be sent to a service provider''s verify endpoint.'
|
||||
miniTocMaxHeadingLevel: 3
|
||||
redirect_from:
|
||||
- /partnerships/token-scanning
|
||||
@@ -12,113 +12,146 @@ versions:
|
||||
topics:
|
||||
- API
|
||||
shortTitle: Secret scanning
|
||||
ms.openlocfilehash: f935b849bb43e99fd3959db3920fd4d632bf54f7
|
||||
ms.sourcegitcommit: fcf3546b7cc208155fb8acdf68b81be28afc3d2d
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: zh-CN
|
||||
ms.lasthandoff: 09/10/2022
|
||||
ms.locfileid: '145097997'
|
||||
---
|
||||
{% data variables.product.prodname_dotcom %} 扫描仓库查找已知的密码格式,以防止欺诈性使用意外提交的凭据。 {% data variables.product.prodname_secret_scanning_caps %} 默认情况下发生在公共仓库上,但仓库管理员或组织所有者可以在私有仓库上启用它。 作为服务提供者,您可以与 {% data variables.product.prodname_dotcom %} 合作,让您的密码格式包含在我们的 {% data variables.product.prodname_secret_scanning %} 中。
|
||||
|
||||
在公共仓库中找到密码格式的匹配项时,将发送有效负载到您选择的 HTTP 端点。
|
||||
{% data variables.product.prodname_dotcom %} scans repositories for known secret formats to prevent fraudulent use of credentials that were committed accidentally. {% data variables.product.prodname_secret_scanning_caps %} happens by default on public repositories, and can be enabled on private repositories by repository administrators or organization owners. As a service provider, you can partner with {% data variables.product.prodname_dotcom %} so that your secret formats are included in our {% data variables.product.prodname_secret_scanning %}.
|
||||
|
||||
在为 {% data variables.product.prodname_secret_scanning %} 配置的私有仓库中找到密码格式的匹配项时,仓库管理员和提交者将收到警报,并且可以查看和管理 {% data variables.product.prodname_dotcom %} 上的 {% data variables.product.prodname_secret_scanning %} 结果。 有关详细信息,请参阅“[管理来自 {% data variables.product.prodname_secret_scanning %} 的警报](/github/administering-a-repository/managing-alerts-from-secret-scanning)。”
|
||||
When a match of your secret format is found in a public repository, a payload is sent to an HTTP endpoint of your choice.
|
||||
|
||||
本文介绍作为服务提供者如何与 {% data variables.product.prodname_dotcom %} 合作并加入 {% data variables.product.prodname_secret_scanning %} 合作伙伴计划。
|
||||
When a match of your secret format is found in a private repository configured for {% data variables.product.prodname_secret_scanning %}, then repository admins and the committer are alerted and can view and manage the {% data variables.product.prodname_secret_scanning %} result on {% data variables.product.prodname_dotcom %}. For more information, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/github/administering-a-repository/managing-alerts-from-secret-scanning)."
|
||||
|
||||
## {% data variables.product.prodname_secret_scanning %} 流程
|
||||
This article describes how you can partner with {% data variables.product.prodname_dotcom %} as a service provider and join the {% data variables.product.prodname_secret_scanning %} partner program.
|
||||
|
||||
#### {% data variables.product.prodname_secret_scanning %} 如何在公共仓库中工作
|
||||
## The {% data variables.product.prodname_secret_scanning %} process
|
||||
|
||||
下图总结了在公共仓库中进行 {% data variables.product.prodname_secret_scanning %} 并将任何匹配项发送到服务提供者的验证端点的流程。
|
||||
#### How {% data variables.product.prodname_secret_scanning %} works in a public repository
|
||||
|
||||
|
||||
The following diagram summarizes the {% data variables.product.prodname_secret_scanning %} process for public repositories, with any matches sent to a service provider's verify endpoint.
|
||||
|
||||
## 在 {% data variables.product.prodname_dotcom %} 上加入 {% data variables.product.prodname_secret_scanning %} 计划
|
||||
|
||||
|
||||
1. 联系 {% data variables.product.prodname_dotcom %} 以启动流程。
|
||||
1. 识别要扫描的相关密码,并创建正则表达式来捕获它们。
|
||||
1. 针对在公共仓库中发现的密码匹配项,创建一个密码警报服务,以便从 {% data variables.product.prodname_dotcom %} 接受包含 {% data variables.product.prodname_secret_scanning %} 消息有效负载的 web 挂钩。
|
||||
1. 在密码警报服务中实施签名验证。
|
||||
1. 在密码警报服务中实施密码撤销和用户通知。
|
||||
1. 提供误报的反馈(可选)。
|
||||
## Joining the {% data variables.product.prodname_secret_scanning %} program on {% data variables.product.prodname_dotcom %}
|
||||
|
||||
### 联系 {% data variables.product.prodname_dotcom %} 以启动流程
|
||||
1. Contact {% data variables.product.prodname_dotcom %} to get the process started.
|
||||
1. Identify the relevant secrets you want to scan for and create regular expressions to capture them.
|
||||
1. For secret matches found in public repositories, create a secret alert service which accepts webhooks from {% data variables.product.prodname_dotcom %} that contain the {% data variables.product.prodname_secret_scanning %} message payload.
|
||||
1. Implement signature verification in your secret alert service.
|
||||
1. Implement secret revocation and user notification in your secret alert service.
|
||||
1. Provide feedback for false positives (optional).
|
||||
|
||||
若要开始注册过程,请发送电子邮件到 <a href="mailto:secret-scanning@github.com">secret-scanning@github.com</a>。
|
||||
### Contact {% data variables.product.prodname_dotcom %} to get the process started
|
||||
|
||||
您将收到有关 {% data variables.product.prodname_secret_scanning %} 计划的详细信息,您需要同意 {% data variables.product.prodname_dotcom %} 的参与条款才能继续。
|
||||
To get the enrollment process started, email <a href="mailto:secret-scanning@github.com">secret-scanning@github.com</a>.
|
||||
|
||||
### 识别您的密码并创建正则表达式
|
||||
You will receive details on the {% data variables.product.prodname_secret_scanning %} program, and you will need to agree to {% data variables.product.prodname_dotcom %}'s terms of participation before proceeding.
|
||||
|
||||
要扫描您的密码,{% data variables.product.prodname_dotcom %} 需要您要包含在 {% data variables.product.prodname_secret_scanning %} 计划中的每个密码的以下信息:
|
||||
### Identify your secrets and create regular expressions
|
||||
|
||||
* 密码类型的唯一、人类可读的名称。 稍后我们将使用它在消息有效负载中生成 `Type` 值。
|
||||
* 查找密码类型的正则表达式。 尽可能精确,因为这样可以减少误报的数量。
|
||||
* 从 {% data variables.product.prodname_dotcom %} 接收消息的端点的 URL。 对于每个密码类型,这不必是唯一的。
|
||||
To scan for your secrets, {% data variables.product.prodname_dotcom %} needs the following pieces of information for each secret that you want included in the {% data variables.product.prodname_secret_scanning %} program:
|
||||
|
||||
将此信息发送到 <a href="mailto:secret-scanning@github.com">secret-scanning@github.com</a>。
|
||||
* A unique, human readable name for the secret type. We'll use this to generate the `Type` value in the message payload later.
|
||||
* A regular expression which finds the secret type. Be as precise as possible, because this will reduce the number of false positives.
|
||||
* The URL of the endpoint that receives messages from {% data variables.product.prodname_dotcom %}. This does not have to be unique for each secret type.
|
||||
|
||||
### 创建密码警报服务
|
||||
Send this information to <a href="mailto:secret-scanning@github.com">secret-scanning@github.com</a>.
|
||||
|
||||
在您提供给我们的 URL 上创建一个可访问互联网的公共 HTTP 端点。 在公共存储库中找到正则表达式的匹配项时,{% data variables.product.prodname_dotcom %} 将发送 HTTP `POST` 消息到你的终结点。
|
||||
### Create a secret alert service
|
||||
|
||||
#### 发送到端点的 POST 示例
|
||||
Create a public, internet accessible HTTP endpoint at the URL you provided to us. When a match of your regular expression is found in a public repository, {% data variables.product.prodname_dotcom %} will send an HTTP `POST` message to your endpoint.
|
||||
|
||||
```http
|
||||
POST / HTTP/2
|
||||
Host: HOST
|
||||
Accept: */*
|
||||
Content-Type: application/json
|
||||
GITHUB-PUBLIC-KEY-IDENTIFIER: 90a421169f0a406205f1563a953312f0be898d3c7b6c06b681aa86a874555f4a
|
||||
GITHUB-PUBLIC-KEY-SIGNATURE: MEQCIA6C6L8ZYvZnqgV0zwrrmRab10QmIFV396gsba/WYm9oAiAI6Q+/jNaWqkgG5YhaWshTXbRwIgqIK6Ru7LxVYDbV5Q==
|
||||
Content-Length: 0123
|
||||
#### Example request body
|
||||
|
||||
[{"token":"NMIfyYncKcRALEXAMPLE","type":"mycompany_api_token","url":"https://github.com/octocat/Hello-World/blob/12345600b9cbe38a219f39a9941c9319b600c002/foo/bar.txt"}]
|
||||
```json
|
||||
[
|
||||
{
|
||||
"token":"NMIfyYncKcRALEXAMPLE",
|
||||
"type":"mycompany_api_token",
|
||||
"url":"https://github.com/octocat/Hello-World/blob/12345600b9cbe38a219f39a9941c9319b600c002/foo/bar.txt",
|
||||
"source":"content"
|
||||
}
|
||||
]
|
||||
```
|
||||
|
||||
消息正文是一个 JSON 数组,其中包含一个或多个具有以下内容的对象。 找到多个匹配项时,{% data variables.product.prodname_dotcom %} 可能发送一条包含多个密码匹配项的消息。 您的端点应该能够在不超时的情况下处理包含大量匹配项的请求。
|
||||
The message body is a JSON array that contains one or more objects, with each object representing a single secret match. Your endpoint should be able to handle requests with a large number of matches without timing out. The keys for each secret match are:
|
||||
|
||||
* 令牌:机密匹配的值。
|
||||
* 类型:提供用于标识正则表达式的唯一名称。
|
||||
* URL:匹配项所处的公共提交 URL。
|
||||
* **token**: The value of the secret match.
|
||||
* **type**: The unique name you provided to identify your regular expression.
|
||||
* **url**: The public URL where the match was found (may be empty)
|
||||
* **source**: Where the token was found on {% data variables.product.prodname_dotcom %}.
|
||||
|
||||
### 在密码警报服务中实施签名验证
|
||||
The list of valid values for `source` are:
|
||||
|
||||
我们强烈建议您在密码警报服务中实施签名验证,以确保您收到的消息确实来自 {% data variables.product.prodname_dotcom %},而不是恶意消息。
|
||||
* content
|
||||
* commit
|
||||
* pull_request_description
|
||||
* pull_request_comment
|
||||
* issue_description
|
||||
* issue_comment
|
||||
* discussion_body
|
||||
* discussion_comment
|
||||
* commit_comment
|
||||
* gist_content
|
||||
* gist_comment
|
||||
* unknown
|
||||
|
||||
可以从 https://api.github.com/meta/public_keys/secret_scanning 检索 {% data variables.product.prodname_dotcom %} 机密扫描公钥并使用 `ECDSA-NIST-P256V1-SHA256` 算法验证消息。
|
||||
### Implement signature verification in your secret alert service
|
||||
|
||||
The HTTP request to your service will also contain headers that we strongly recommend using
|
||||
to validate the messages you receive are genuinely from {% data variables.product.prodname_dotcom %}, and are not malicious.
|
||||
|
||||
The two HTTP headers to look for are:
|
||||
|
||||
* `GITHUB-PUBLIC-KEY-IDENTIFIER`: Which `key_identifier` to use from our API
|
||||
* `GITHUB-PUBLIC-KEY-SIGNATURE`: Signature of the payload
|
||||
|
||||
You can retrieve the {% data variables.product.prodname_dotcom %} secret scanning public key from https://api.github.com/meta/public_keys/secret_scanning and validate the message using the `ECDSA-NIST-P256V1-SHA256` algorithm. The endpoint
|
||||
will provide several `key_identifier` and public keys. You can determine which public
|
||||
key to use based on the value of `GITHUB-PUBLIC-KEY-IDENTIFIER`.
|
||||
|
||||
{% note %}
|
||||
|
||||
注意:向上述公钥终结点发送请求时,可能会达到速率限制。 为了避免达到速率限制,您可以使用下面示例建议的个人访问令牌(无需范围),或使用条件请求。 有关详细信息,请参阅“[REST API 入门](/rest/guides/getting-started-with-the-rest-api#conditional-requests)”。
|
||||
**Note**: When you send a request to the public key endpoint above, you may hit rate limits. To avoid hitting rate limits, you can use a personal access token (no scopes required) as suggested in the samples below, or use a conditional request. For more information, see "[Getting started with the REST API](/rest/guides/getting-started-with-the-rest-api#conditional-requests)."
|
||||
|
||||
{% endnote %}
|
||||
|
||||
假设您收到以下消息,下面的代码段演示如何执行签名验证。
|
||||
代码片段假定已使用生成的 PAT (https://github.com/settings/tokens) 设置名为 `GITHUB_PRODUCTION_TOKEN` 的环境变量以避免达到速率限制。 PAT 不需要任何范围/权限。
|
||||
|
||||
{% note %}
|
||||
|
||||
注意:签名是使用原始消息正文生成的。 因此,您也必须使用原始消息正文进行签名验证,而不是解析和串联 JSON,以避免重新排列消息或更改间距,这一点很重要。
|
||||
**Note**: The signature was generated using the raw message body. So it's important you also use the raw message body for signature validation, instead of parsing and stringifying the JSON, to avoid rearranging the message or changing spacing.
|
||||
|
||||
{% endnote %}
|
||||
|
||||
发送的用于验证终结点的消息示例
|
||||
**Sample HTTP POST sent to verify endpoint**
|
||||
|
||||
```http
|
||||
POST / HTTP/2
|
||||
Host: HOST
|
||||
Accept: */*
|
||||
content-type: application/json
|
||||
GITHUB-PUBLIC-KEY-IDENTIFIER: 90a421169f0a406205f1563a953312f0be898d3c7b6c06b681aa86a874555f4a
|
||||
GITHUB-PUBLIC-KEY-SIGNATURE: MEUCIQDKZokqnCjrRtw0tni+2Ltvl/uiMJ1EGumEsp1BsNr32AIgQY1YXD2nlj+XNfGK4rBfkMJ1JDOQcYXxa2sY8FNkrKc=
|
||||
Content-Length: 0000
|
||||
GITHUB-PUBLIC-KEY-IDENTIFIER: f9525bf080f75b3506ca1ead061add62b8633a346606dc5fe544e29231c6ee0d
|
||||
GITHUB-PUBLIC-KEY-SIGNATURE: MEUCIFLZzeK++IhS+y276SRk2Pe5LfDrfvTXu6iwKKcFGCrvAiEAhHN2kDOhy2I6eGkOFmxNkOJ+L2y8oQ9A2T9GGJo6WJY=
|
||||
Content-Length: 83
|
||||
|
||||
[{"token":"some_token","type":"some_type","url":"some_url"}]
|
||||
[{"token":"some_token","type":"some_type","url":"some_url","source":"some_source"}]
|
||||
```
|
||||
|
||||
Go 中的验证示例
|
||||
{% note %}
|
||||
|
||||
**Note**: The key id and signature from the example payload is derived from a test key.
|
||||
The public key for them is:
|
||||
|
||||
```
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsz9ugWDj5jK5ELBK42ynytbo38gP
|
||||
HzZFI03Exwz8Lh/tCfL3YxwMdLjB+bMznsanlhK0RwcGP3IDb34kQDIo3Q==
|
||||
-----END PUBLIC KEY-----
|
||||
```
|
||||
|
||||
{% endnote %}
|
||||
|
||||
The following code snippets demonstrate how you could perform signature validation.
|
||||
The code examples assume you've set an environment variable called `GITHUB_PRODUCTION_TOKEN` with a generated [personal access token](https://github.com/settings/tokens) (PAT) to avoid hitting rate limits. The PAT does not need any scopes/permissions.
|
||||
|
||||
**Validation sample in Go**
|
||||
```golang
|
||||
package main
|
||||
|
||||
@@ -138,11 +171,11 @@ import (
|
||||
)
|
||||
|
||||
func main() {
|
||||
payload := `[{"token":"some_token","type":"some_type","url":"some_url"}]`
|
||||
payload := `[{"token":"some_token","type":"some_type","url":"some_url","source":"some_source"}]`
|
||||
|
||||
kID := "90a421169f0a406205f1563a953312f0be898d3c7b6c06b681aa86a874555f4a"
|
||||
kID := "f9525bf080f75b3506ca1ead061add62b8633a346606dc5fe544e29231c6ee0d"
|
||||
|
||||
kSig := "MEUCIQDKZokqnCjrRtw0tni+2Ltvl/uiMJ1EGumEsp1BsNr32AIgQY1YXD2nlj+XNfGK4rBfkMJ1JDOQcYXxa2sY8FNkrKc="
|
||||
kSig := "MEUCIFLZzeK++IhS+y276SRk2Pe5LfDrfvTXu6iwKKcFGCrvAiEAhHN2kDOhy2I6eGkOFmxNkOJ+L2y8oQ9A2T9GGJo6WJY="
|
||||
|
||||
// Fetch the list of GitHub Public Keys
|
||||
req, err := http.NewRequest("GET", "https://api.github.com/meta/public_keys/secret_scanning", nil)
|
||||
@@ -248,7 +281,7 @@ type asn1Signature struct {
|
||||
}
|
||||
```
|
||||
|
||||
Ruby 中的验证示例
|
||||
**Validation sample in Ruby**
|
||||
```ruby
|
||||
require 'openssl'
|
||||
require 'net/http'
|
||||
@@ -257,14 +290,14 @@ require 'json'
|
||||
require 'base64'
|
||||
|
||||
payload = <<-EOL
|
||||
[{"token":"some_token","type":"some_type","url":"some_url"}]
|
||||
[{"token":"some_token","type":"some_type","url":"some_url","source":"some_source"}]
|
||||
EOL
|
||||
|
||||
payload = payload
|
||||
|
||||
signature = "MEUCIQDKZokqnCjrRtw0tni+2Ltvl/uiMJ1EGumEsp1BsNr32AIgQY1YXD2nlj+XNfGK4rBfkMJ1JDOQcYXxa2sY8FNkrKc="
|
||||
signature = "MEUCIFLZzeK++IhS+y276SRk2Pe5LfDrfvTXu6iwKKcFGCrvAiEAhHN2kDOhy2I6eGkOFmxNkOJ+L2y8oQ9A2T9GGJo6WJY="
|
||||
|
||||
key_id = "90a421169f0a406205f1563a953312f0be898d3c7b6c06b681aa86a874555f4a"
|
||||
key_id = "f9525bf080f75b3506ca1ead061add62b8633a346606dc5fe544e29231c6ee0d"
|
||||
|
||||
url = URI.parse('https://api.github.com/meta/public_keys/secret_scanning')
|
||||
|
||||
@@ -288,7 +321,7 @@ openssl_key = OpenSSL::PKey::EC.new(current_key)
|
||||
puts openssl_key.verify(OpenSSL::Digest::SHA256.new, Base64.decode64(signature), payload.chomp)
|
||||
```
|
||||
|
||||
JavaScript 中的验证示例
|
||||
**Validation sample in JavaScript**
|
||||
```js
|
||||
const crypto = require("crypto");
|
||||
const axios = require("axios");
|
||||
@@ -330,17 +363,17 @@ const verify_signature = async (payload, signature, keyID) => {
|
||||
};
|
||||
```
|
||||
|
||||
### 在密码警报服务中实施密码撤销和用户通知
|
||||
### Implement secret revocation and user notification in your secret alert service
|
||||
|
||||
对于公共仓库中的 {% data variables.product.prodname_secret_scanning %},您可以增强密码警报服务,以撤销泄露的密码并通知受影响的用户。 如何在密码警报服务中实现此功能取决于您,但我们建议您考虑 {% data variables.product.prodname_dotcom %}向您发送的公开和泄露示警消息所涉及的任何密码。
|
||||
For {% data variables.product.prodname_secret_scanning %} in public repositories, you can enhance your secret alert service to revoke the exposed secrets and notify the affected users. How you implement this in your secret alert service is up to you, but we recommend considering any secrets that {% data variables.product.prodname_dotcom %} sends you messages about as public and compromised.
|
||||
|
||||
### 提供误报的反馈
|
||||
### Provide feedback for false positives
|
||||
|
||||
我们在合作伙伴响应中收集有关检测到的各个密码有效性的反馈。 如果你想参加,请发送电子邮件至 <a href="mailto:secret-scanning@github.com">secret-scanning@github.com</a>。
|
||||
We collect feedback on the validity of the detected individual secrets in partner responses. If you wish to take part, email us at <a href="mailto:secret-scanning@github.com">secret-scanning@github.com</a>.
|
||||
|
||||
向您报告密码时,我们会发送一个 JSON 数组,其中有包含令牌、类型标识符和提交 URL 的每个元素。 当您向我们发送反馈时,您将向我们发送有关检测到的令牌是真凭据还是假凭据的信息。 我们接受以下格式的反馈。
|
||||
When we report secrets to you, we send a JSON array with each element containing the token, type identifier, and commit URL. When you send us feedback, you send us information about whether the detected token was a real or false credential. We accept feedback in the following formats.
|
||||
|
||||
您可以向我们发送原始令牌:
|
||||
You can send us the raw token:
|
||||
|
||||
```
|
||||
[
|
||||
@@ -351,7 +384,7 @@ const verify_signature = async (payload, signature, keyID) => {
|
||||
}
|
||||
]
|
||||
```
|
||||
您还可以使用 SHA-256 对原始令牌执行单向加密哈希后,以哈希形式提供令牌:
|
||||
You may also provide the token in hashed form after performing a one way cryptographic hash of the raw token using SHA-256:
|
||||
|
||||
```
|
||||
[
|
||||
@@ -362,13 +395,13 @@ const verify_signature = async (payload, signature, keyID) => {
|
||||
}
|
||||
]
|
||||
```
|
||||
重要事项:
|
||||
- 您应该只向我们发送令牌的原始形式 ("token_raw") 或哈希形式,而不要同时发送这两种形式。
|
||||
- 对于原始令牌的哈希形式,您只能使用 SHA-256 对令牌进行哈希处理,而不能使用任何其他哈希算法。
|
||||
- 用标签指示令牌为实报 ("true_positive") 还是误报 ("false_positive")。 只允许使用这两个小写的文字字符串。
|
||||
A few important points:
|
||||
- You should only send us either the raw form of the token ("token_raw"), or the hashed form ("token_hash"), but not both.
|
||||
- For the hashed form of the raw token, you can only use SHA-256 to hash the token, not any other hashing algorithm.
|
||||
- The label indicates whether the token is a true ("true_positive") or a false positive ("false_positive"). Only these two lowercased literal strings are allowed.
|
||||
|
||||
{% note %}
|
||||
|
||||
注意:对于提供误报数据的合作伙伴,我们的请求超时设置得更高(即 30 秒)。 如果需要超过 30 秒的超时时间,请发送电子邮件至 <a href="mailto:secret-scanning@github.com">secret-scanning@github.com</a>。
|
||||
**Note:** Our request timeout is set to be higher (that is, 30 seconds) for partners who provide data about false positives. If you require a timeout higher than 30 seconds, email us at <a href="mailto:secret-scanning@github.com">secret-scanning@github.com</a>.
|
||||
|
||||
{% endnote %}
|
||||
|
||||
@@ -95,7 +95,7 @@ You can also find the node ID of all projects in your organization. The followin
|
||||
curl --request POST \
|
||||
--url https://api.github.com/graphql \
|
||||
--header 'Authorization: Bearer TOKEN' \
|
||||
--data '{"query":"{organization(login: \"ORGANIZATION") {projectsV2(first: 20) {nodes {id title}}}}"}'
|
||||
--data '{"query":"{organization(login: \"ORGANIZATION\") {projectsV2(first: 20) {nodes {id title}}}}"}'
|
||||
```
|
||||
{% endcurl %}
|
||||
|
||||
@@ -566,7 +566,7 @@ The following example will update the value of a text field for an item. Replace
|
||||
curl --request POST \
|
||||
--url https://api.github.com/graphql \
|
||||
--header 'Authorization: Bearer TOKEN' \
|
||||
--data '{"query":"mutation {updateProjectV2ItemFieldValue( input: { projectId: "PROJECT_ID" itemId: "ITEM_ID" fieldId: "FIELD_ID" value: { text: "Updated text" }}) { projectV2Item { id }}}"}'
|
||||
--data '{"query":"mutation {updateProjectV2ItemFieldValue( input: { projectId: \"PROJECT_ID\" itemId: \"ITEM_ID\" fieldId: \"FIELD_ID\" value: { text: \"Updated text\" }}) { projectV2Item { id }}}"}'
|
||||
```
|
||||
{% endcurl %}
|
||||
|
||||
@@ -620,7 +620,7 @@ The following example will update the value of a single select field for an item
|
||||
curl --request POST \
|
||||
--url https://api.github.com/graphql \
|
||||
--header 'Authorization: Bearer TOKEN' \
|
||||
--data '{"query":"mutation {updateProjectV2ItemFieldValue( input: { projectId: "PROJECT_ID" itemId: "ITEM_ID" fieldId: "FIELD_ID" value: { singleSelectOptionId: "OPTION_ID" }}) { projectV2Item { id }}}"}'
|
||||
--data '{"query":"mutation {updateProjectV2ItemFieldValue( input: { projectId: \"PROJECT_ID\" itemId: \"ITEM_ID\" fieldId: \"FIELD_ID\" value: { singleSelectOptionId: \"OPTION_ID\" }}) { projectV2Item { id }}}"}'
|
||||
```
|
||||
{% endcurl %}
|
||||
|
||||
@@ -660,7 +660,7 @@ The following example will update the value of an iteration field for an item.
|
||||
curl --request POST \
|
||||
--url https://api.github.com/graphql \
|
||||
--header 'Authorization: Bearer TOKEN' \
|
||||
--data '{"query":"mutation {updateProjectV2ItemFieldValue( input: { projectId: "PROJECT_ID" itemId: "ITEM_ID" fieldId: "FIELD_ID" value: { singleSelectOptionId: "OPTION_ID" }}) { projectV2Item { id }}}"}'
|
||||
--data '{"query":"mutation {updateProjectV2ItemFieldValue( input: { projectId: \"PROJECT_ID\" itemId: \"ITEM_ID\" fieldId: \"FIELD_ID\" value: { singleSelectOptionId: \"OPTION_ID\" }}) { projectV2Item { id }}}"}'
|
||||
```
|
||||
{% endcurl %}
|
||||
|
||||
|
||||
@@ -1,9 +1 @@
|
||||
---
|
||||
ms.openlocfilehash: e9f2162fa5c65d4a59b2bd350aea2b131205f9a6
|
||||
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: zh-CN
|
||||
ms.lasthandoff: 09/05/2022
|
||||
ms.locfileid: "145098236"
|
||||
---
|
||||
{% data variables.product.prodname_codeql %} 也运行 Go 项目的构建来设置项目。 但与其他编译的语言不同,存储库中的所有文件都将被提取,而不只是生成的文件。 可以使用自定义生成命令跳过提取生成时不会接触到的 Go 文件。
|
||||
For these three languages, {% data variables.product.prodname_codeql %} analyzes the source files in your repository that are built. {% data variables.product.prodname_codeql %} also runs a build for Go projects to set up the project, but then analyzes _all_ Go files in the repository, not just the files that are built. For any of these languages, including Go, you can disable `autobuild` and instead use custom build commands in order to analyze only the files that are built by these custom commands.
|
||||
@@ -1,9 +1,2 @@
|
||||
---
|
||||
ms.openlocfilehash: 05d61d8f49c6b53d318abbdceba89223404a7509
|
||||
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
|
||||
ms.translationtype: HT
|
||||
ms.contentlocale: zh-CN
|
||||
ms.lasthandoff: 09/05/2022
|
||||
ms.locfileid: "145098803"
|
||||
---
|
||||
如果存储库中的 C/C++、C# 或 Java 代码有非标准生成过程,`autobuild` 可能会失败。 这种情况需要从工作流中删除 `autobuild` 步骤,并手动添加生成步骤。 如果您要指定仓库中的哪个 Go 文件要提取,则需要添加生成步骤。
|
||||
If `autobuild` fails, or you want to analyze a different set of source files from those built by the `autobuild` process, you'll need to remove the `autobuild` step from the workflow, and manually add build steps. For C/C++, C#, Go, and Java projects, {% data variables.product.prodname_codeql %} will analyze whatever source code is built by your specified build steps.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user