jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-30 03:01:36 -05:00
Code Issues Projects Releases Wiki Activity

New translation batch for ja (#32131)

Browse Source
This commit is contained in:
docubot
2022-10-27 10:40:43 -07:00
committed by GitHub
parent 6dc864432a
commit d41444941f
437 changed files with 2966 additions and 4083 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
translations/ja-JP/content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md
View File

@@ -161,7 +161,7 @@ For example, to see notifications from the octo-org organization, use `org:octo-
## {% data variables.product.prodname_dependabot %} custom filters
{% ifversion fpt or ghec or ghes > 3.2 %}
{% ifversion fpt or ghec or ghes %}
If you use {% data variables.product.prodname_dependabot %} to keep your dependencies up-to-date, you can use and save these custom filters:
- `is:repository_vulnerability_alert` to show notifications for {% data variables.product.prodname_dependabot_alerts %}.
- `reason:security_alert` to show notifications for {% data variables.product.prodname_dependabot_alerts %} and security update pull requests.
@@ -170,7 +170,7 @@ If you use {% data variables.product.prodname_dependabot %} to keep your depende
For more information about {% data variables.product.prodname_dependabot %}, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."
{% endif %}
{% ifversion ghes < 3.3 or ghae %}
{% ifversion ghae %}
If you use {% data variables.product.prodname_dependabot %} to tell you about insecure dependencies, you can use and save these custom filters to show notifications for {% data variables.product.prodname_dependabot_alerts %}:
- `is:repository_vulnerability_alert`

2
translations/ja-JP/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/about-your-organizations-profile.md
View File

@@ -24,7 +24,7 @@ Organizations that use {% data variables.product.prodname_ghe_cloud %} can confi
To confirm your organization's identity and display a "Verified" badge on your organization profile page, you can verify your organization's domains with {% data variables.product.prodname_dotcom %}. For more information, see "[Verifying or approving a domain for your organization](/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization)."
{% endif %}
{% ifversion fpt or ghes > 3.2 or ghec %}
{% ifversion fpt or ghes or ghec %}
![Sample organization profile page](/assets/images/help/organizations/org_profile_with_overview.png)
{% else %}
![Sample organization profile page](/assets/images/help/profile/org_profile.png)

56
translations/ja-JP/content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/setting-your-profile-to-private.md
View File

@@ -1,56 +1,62 @@
---
title: Setting your profile to private
intro: 'A private profile displays only limited information, and hides some activity.'
title: プロファイルをプライベートに設定する
intro: プライベート プロファイルには限られた情報のみが表示され、一部のアクティビティは表示されません。
versions:
fpt: '*'
topics:
- Profiles
shortTitle: Set profile to private
ms.openlocfilehash: c00718c84d99de95a9ca1352f32954279906451d
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 10/25/2022
ms.locfileid: '148008670'
---
## About private profiles
## プライベート プロファイルについて
To hide parts of your profile page, you can make your profile private. This also hides your activity in various social features on {% data variables.product.prodname_dotcom_the_website %}. A private profile hides information from all users, and there is currently no option to allow specified users to see your activity.
プロファイル ページの一部を非表示にするには、プロファイルをプライベートにします。 これにより、{% data variables.product.prodname_dotcom_the_website %} のさまざまなソーシャル機能のアクティビティも非表示になります。 プライベート プロファイルでは、すべてのユーザーに対し情報が非表示になります。現在、指定したユーザーにアクティビティを表示するオプションはありません。
After making your profile private, you can still view all your information when you visit your own profile.
プロファイルをプライベートにした後も、自分のプロファイルにアクセスした場合、すべての情報が表示されます。
Private profiles cannot receive sponsorships under [{% data variables.product.prodname_sponsors %}](/sponsors/getting-started-with-github-sponsors/about-github-sponsors). To be eligible for {% data variables.product.prodname_sponsors %}, your profile cannot be private.
プライベート プロファイルでは、[{% data variables.product.prodname_sponsors %}](/sponsors/getting-started-with-github-sponsors/about-github-sponsors) のスポンサーシップを受けることができません。 {% data variables.product.prodname_sponsors %} の対象になるには、プロファイルをプライベートにしないでください。
## Differences between private and public profiles
## プライベートおよびパブリック プロファイルの違い
When your profile is private, the following content is hidden from your profile page:
プロファイルがプライベートの場合、プロファイル ページで次のコンテンツが非表示になります。
- Achievements and highlights.
- Activity overview and activity feed.
- Contribution graph.
- Follower and following counts.
- Follow and Sponsor buttons.
- Organization memberships.
- Stars, projects, packages, and sponsoring tabs.
- 実績とハイライト。
- アクティビティの概要とアクティビティ フィード。
- コントリビューション グラフ。
- フォロワーと次の数。
- フォローとスポンサーのボタン。
- Organization メンバーシップ。
- スター、プロジェクト、パッケージ、スポンサー タブ。
{% note %}
**Note**: When your profile is private, some optional fields are still publicly visible, such as the README, biography, and profile photo.
**注**: プロファイルがプライベートの場合、README、経歴、プロフィール写真などの一部のオプション フィールドは引き続きパブリックに表示されます。
{% endnote %}
## Changes to reporting on your activities
## アクティビティに対する通知の変更
By making your profile private, you will not remove or hide past activity; this setting only applies to your activity while the private setting is enabled.
プロフィールをプライベートにしても、過去のアクティビティは削除または非表示になりません。この設定は、プライベート設定が有効になっている間のアクティビティにのみ適用されます。
When your profile is private, your {% data variables.product.prodname_dotcom_the_website %} activity will not appear in the following locations:
プロファイルがプライベートの場合、{% data variables.product.prodname_dotcom_the_website %} アクティビティは次の場所に表示されません。
- Activity feeds for other users.
- Discussions leaderboards.
- The [Trending](https://github.com/trending) page.
- 他のユーザーのアクティビティ フィード。
- ディスカッション ランキング。
- [[トレンド]](https://github.com/trending) ページ。
{% note %}
**Note**: Your activity on public repositories will still be publicly visible to anyone viewing those repositories, and some activity data may still be available through the {% data variables.product.prodname_dotcom %} API.
**注**: パブリック リポジトリ上のアクティビティは、それらのリポジトリを表示しているユーザーには引き続きパブリックに表示され、一部のアクティビティ データは {% data variables.product.prodname_dotcom %} API を通じて引き続き使用できます。
{% endnote %}
## Changing your profile's privacy settings
## プロファイルのプライバシー設定を変更する
{% data reusables.user-settings.access_settings %}
1. Under "Contributions & Activity", select the checkbox next to **Make profile private and hide activity**.
1. [コントリビューションとアクティビティ] で、 **[プロファイルを非公開にしてアクティビティを非表示にする]** の横にあるチェックボックスをオンにします。
{% data reusables.user-settings.update-preferences %}

10
translations/ja-JP/content/account-and-profile/setting-up-and-managing-your-github-profile/managing-contribution-settings-on-your-profile/why-are-my-contributions-not-showing-up-on-my-profile.md
View File

@@ -69,11 +69,15 @@ The email address in the `From:` field is the address that was set in the [local
If the email address used for the commit is not connected to your account on {% data variables.location.product_location %}, {% ifversion ghae %}change the email address used to author commits in Git. For more information, see "[Setting your commit email address](/github/setting-up-and-managing-your-github-user-account/setting-your-commit-email-address#setting-your-commit-email-address-in-git)."{% else %}you must [add the email address](/articles/adding-an-email-address-to-your-github-account) to your account on {% data variables.location.product_location %}. Your contributions graph will be rebuilt automatically when you add the new address.{% endif %}
{% warning %}
{% ifversion fpt or ghec %}
{% note %}
**Warning**: Generic email addresses, such as `jane@computer.local`, cannot be added to {% data variables.product.prodname_dotcom %} accounts. If you use such an email for your commits, the commits will not be linked to your {% data variables.product.prodname_dotcom %} profile and will not show up in your contribution graph.
**Note**: If you use a {% data variables.enterprise.prodname_managed_user %}, you cannot add additional email addresses to the account, even if multiple email addresses are registered with your identity provider (IdP). Therefore, only commits that are authored by the primary email address registered with your IdP can be associated with your {% data variables.enterprise.prodname_managed_user %}.
{% endwarning %}
{% endnote %}
{% endif %}
Generic email addresses, such as `jane@computer.local`, cannot be added to {% data variables.product.prodname_dotcom %} accounts and linked to commits. If you've authored any commits using a generic email address, the commits will not be linked to your {% data variables.product.prodname_dotcom %} profile and will not show up in your contribution graph.
### Commit was not made in the default or `gh-pages` branch

2
translations/ja-JP/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/index.md
View File

@@ -1,6 +1,6 @@
---
title: Setting up and managing your personal account on GitHub
intro: You can manage settings for your personal account on {% ifversion fpt or ghec or ghes %}{% data variables.location.product_location %}{% elsif ghae %}{% data variables.product.product_name %}{% endif %}, including email preferences, access to personal repositories, and organization memberships. You can also manage the account itself.
intro: 'You can manage settings for your personal account on {% ifversion fpt or ghec or ghes %}{% data variables.location.product_location %}{% elsif ghae %}{% data variables.product.product_name %}{% endif %}, including email preferences, access to personal repositories, and organization memberships. You can also manage the account itself.'
shortTitle: Personal accounts
redirect_from:
- /categories/setting-up-and-managing-your-github-user-account

2
translations/ja-JP/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-accessibility-settings.md
View File

@@ -1,7 +1,7 @@
---
title: Managing accessibility settings
shortTitle: Manage accessibility settings
intro: "{% data variables.product.product_name %}'s user interface can adapt to your vision, hearing, motor, cognitive, or learning needs."
intro: '{% data variables.product.product_name %}''s user interface can adapt to your vision, hearing, motor, cognitive, or learning needs.'
versions:
feature: keyboard-shortcut-accessibility-setting
redirect_from:

56
translations/ja-JP/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-security-and-analysis-settings-for-your-personal-account.md
View File

@@ -1,10 +1,10 @@
---
title: 個人アカウントのセキュリティと分析設定を管理する
intro: '{% data variables.product.prodname_dotcom %} 上のプロジェクトのコードをセキュリティ保護し分析する機能を管理できます。'
title: Managing security and analysis settings for your personal account
intro: 'You can control features that secure and analyze the code in your projects on {% data variables.product.prodname_dotcom %}.'
versions:
fpt: '*'
ghec: '*'
ghes: '>3.2'
ghes: '*'
topics:
- Accounts
redirect_from:
@@ -12,47 +12,43 @@ redirect_from:
- /github/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account
- /account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-security-and-analysis-settings-for-your-user-account
shortTitle: Manage security & analysis
ms.openlocfilehash: 61d1944219fd1b75f476c7aef8305018c85735c5
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/05/2022
ms.locfileid: '145165351'
---
## セキュリティおよび分析設定の管理について
## About management of security and analysis settings
{% data variables.product.prodname_dotcom %} を使用してリポジトリを保護できます。 このトピックでは、既存または新規のすべてのリポジトリのセキュリティおよび分析機能を管理する方法について説明します。
{% data variables.product.prodname_dotcom %} can help secure your repositories. This topic tells you how you can manage the security and analysis features for all your existing or new repositories.
個々のリポジトリのセキュリティおよび分析機能は引き続き管理できます。 詳細については、「[リポジトリのセキュリティと分析の設定を管理する](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)」を参照してください。
You can still manage the security and analysis features for individual repositories. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)."
自分の個人アカウントに対するすべてのアクティビティのセキュリティ ログを確認することもできます。 詳細については、「[セキュリティ ログの確認](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log)」を参照してください。
You can also review the security log for all activity on your personal account. For more information, see "[Reviewing your security log](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log)."
{% data reusables.security.some-security-and-analysis-features-are-enabled-by-default %}
{% data reusables.security.security-and-analysis-features-enable-read-only %}
リポジトリレベル セキュリティの概要については、「[リポジトリをセキュリティで保護する](/code-security/getting-started/securing-your-repository)」を参照してください。
For an overview of repository-level security, see "[Securing your repository](/code-security/getting-started/securing-your-repository)."
## 既存のリポジトリに対して機能を有効または無効にする
## Enabling or disabling features for existing repositories
{% data reusables.user-settings.access_settings %} {% data reusables.user-settings.security-analysis %}
3. [Code security and analysis] の下で機能の右にある **[Disable all]** または **[Enable all]** をクリックします。
{% ifversion ghes > 3.2 %}!["Configure security and analysis" 機能の "Enable all" または "Disable all" ボタン](/assets/images/enterprise/3.3/settings/security-and-analysis-disable-or-enable-all.png){% else %}!["Configure security and analysis" 機能の "Enable all" または "Disable all" ボタン](/assets/images/help/settings/security-and-analysis-disable-or-enable-all.png){% endif %}
6. オプションで、自分が所有する新しいリポジトリに対して機能を既定で有効にできます。
{% ifversion ghes > 3.2 %}![新しいリポジトリの "Enable by default" オプション](/assets/images/enterprise/3.3/settings/security-and-analysis-enable-by-default-in-modal.png){% else %}![新しいリポジトリの "Enable by default" オプション](/assets/images/help/settings/security-and-analysis-enable-by-default-in-modal.png){% endif %}
7. **[Disable FEATURE]** または **[Enable FEATURE]** をクリックし、所有するすべてのリポジトリに対してこの機能を無効または有効にします。
{% ifversion ghes > 3.2 %}![機能を無効または有効にするボタン](/assets/images/enterprise/3.3/settings/security-and-analysis-enable-dependency-graph.png){% else %}![機能を無効または有効にするボタン](/assets/images/help/settings/security-and-analysis-enable-dependency-graph.png){% endif %}
{% data reusables.user-settings.access_settings %}
{% data reusables.user-settings.security-analysis %}
3. Under "Code security and analysis", to the right of the feature, click **Disable all** or **Enable all**.
{% ifversion ghes %}!["Enable all" or "Disable all" button for "Configure security and analysis" features](/assets/images/enterprise/3.3/settings/security-and-analysis-disable-or-enable-all.png){% else %}!["Enable all" or "Disable all" button for "Configure security and analysis" features](/assets/images/help/settings/security-and-analysis-disable-or-enable-all.png){% endif %}
6. Optionally, enable the feature by default for new repositories that you own.
{% ifversion ghes %}!["Enable by default" option for new repositories](/assets/images/enterprise/3.3/settings/security-and-analysis-enable-by-default-in-modal.png){% else %}!["Enable by default" option for new repositories](/assets/images/help/settings/security-and-analysis-enable-by-default-in-modal.png){% endif %}
7. Click **Disable FEATURE** or **Enable FEATURE** to disable or enable the feature for all the repositories you own.
{% ifversion ghes %}![Button to disable or enable feature](/assets/images/enterprise/3.3/settings/security-and-analysis-enable-dependency-graph.png){% else %}![Button to disable or enable feature](/assets/images/help/settings/security-and-analysis-enable-dependency-graph.png){% endif %}
{% data reusables.security.displayed-information %}
## 既存のリポジトリに対して機能を有効または無効にする
## Enabling or disabling features for new repositories
{% data reusables.user-settings.access_settings %} {% data reusables.user-settings.security-analysis %}
3. 機能の右側にある [Code security and analysis] で、所有する新しいリポジトリに対して既定で機能を有効または無効にします
{% ifversion ghes > 3.2 %}![新しいリポジトリの機能を有効または無効にするチェックボックス](/assets/images/enterprise/3.3/settings/security-and-analysis-enable-or-disable-feature-checkbox.png){% else %}![新しいリポジトリの機能を有効または無効にするチェックボックス](/assets/images/help/settings/security-and-analysis-enable-or-disable-feature-checkbox.png){% endif %}
{% data reusables.user-settings.access_settings %}
{% data reusables.user-settings.security-analysis %}
3. Under "Code security and analysis", to the right of the feature, enable or disable the feature by default for new repositories that you own.
{% ifversion ghes %}![Checkbox for enabling or disabling a feature for new repositories](/assets/images/enterprise/3.3/settings/security-and-analysis-enable-or-disable-feature-checkbox.png){% else %}![Checkbox for enabling or disabling a feature for new repositories](/assets/images/help/settings/security-and-analysis-enable-or-disable-feature-checkbox.png){% endif %}
## 参考資料
## Further reading
- "[依存関係グラフについて](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)"
- "[{% data variables.product.prodname_dependabot_alerts %} について](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)"
- "[依存関係を自動的に更新する](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically)"
- "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)"
- "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)"
- "[Keeping your dependencies updated automatically](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically)"

8
translations/ja-JP/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-your-cookie-preferences-for-githubs-enterprise-marketing-pages.md
View File

@@ -9,12 +9,12 @@ versions:
topics:
- Accounts
shortTitle: Manage cookie preferences
ms.openlocfilehash: f2fdbcf8bd552902e7db491aa1b3c6622c5673ab
ms.sourcegitcommit: 478f2931167988096ae6478a257f492ecaa11794
ms.openlocfilehash: 44f0324a91f8447a10947d5f5c7be111241ad091
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/09/2022
ms.locfileid: '147760923'
ms.lasthandoff: 10/25/2022
ms.locfileid: '148108809'
---
## エンタープライズ マーケティング ページでの Cookie の基本設定について

53
translations/ja-JP/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-your-theme-settings.md
View File

@@ -1,6 +1,6 @@
---
title: テーマ設定を管理する
intro: 'システム設定に従うか、ライトまたはダーク モードを常に使用するようにテーマを設定することで、{% data variables.product.product_name %} の外観を管理できます。'
title: Managing your theme settings
intro: 'You can manage how {% data variables.product.product_name %} looks to you by setting a theme preference that either follows your system settings or always uses a light or dark mode.'
versions:
fpt: '*'
ghae: '*'
@@ -13,52 +13,51 @@ redirect_from:
- /github/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-your-theme-settings
- /account-and-profile/setting-up-and-managing-your-github-user-account/managing-user-account-settings/managing-your-theme-settings
shortTitle: Manage theme settings
ms.openlocfilehash: 6251b265d99271f58a4ad02d2f6cb7fdf722cb6b
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/05/2022
ms.locfileid: '147580448'
---
{% data variables.product.product_name %} を使用時期と使用方法を選択して柔軟性を高めるために、テーマ設定をして {% data variables.product.product_name %} の外観を変更できます。 ライトとダークの 2 つのテーマから選択するか、システム設定に従うかを {% data variables.product.product_name %} で設定できます。
ダーク テーマを使用して、特定のデバイスの電力消費量を削減したり、暗い場所で目の負担を減らしたり、テーマの外観を優先したりすることができます。
For choice and flexibility in how and when you use {% data variables.product.product_name %}, you can configure theme settings to change how {% data variables.product.product_name %} looks to you. You can choose from themes that are light or dark, or you can configure {% data variables.product.product_name %} to follow your system settings.
{% ifversion fpt or ghes > 3.2 or ghae or ghec %}弱視の方は、前景と背景の要素のコントラストが強いハイ コントラスト テーマの使用をお勧めします。{% endif %}{% ifversion fpt or ghae or ghec %}色覚障碍がある方には、ライトとダークの色覚障碍向けテーマをお勧めします。
You may want to use a dark theme to reduce power consumption on certain devices, to reduce eye strain in low-light conditions, or because you prefer how the theme looks.
If you have low vision, you may benefit from a high contrast theme, with greater contrast between foreground and background elements.{% ifversion fpt or ghae or ghec %} If you have colorblindness, you may benefit from our light and dark colorblind themes.
{% endif %}
{% data reusables.user-settings.access_settings %} {% data reusables.user-settings.appearance-settings %}
{% data reusables.user-settings.access_settings %}
{% data reusables.user-settings.appearance-settings %}
1. [テーマ モード] で、ドロップダウン メニューを選択し、テーマの設定をクリックします。
1. Under "Theme mode", select the drop-down menu, then click a theme preference.
![テーマの設定を選択するための [テーマ モード] のドロップダウン メニュー](/assets/images/help/settings/theme-mode-drop-down-menu.png)
1. 使いたいテーマをクリックしてください。
- 1 つのテーマを選択する場合は、そのテーマをクリックします。
![Drop-down menu under "Theme mode" for selection of theme preference](/assets/images/help/settings/theme-mode-drop-down-menu.png)
1. Click the theme you'd like to use.
- If you chose a single theme, click a theme.
{%- ifversion ghes = 3.5 %} {% note %}
{%- ifversion ghes = 3.5 %}
{% note %}
****: 明るいハイ コントラスト テーマは、{% data variables.product.product_name %} 3.5.03.5.13.5.2、および 3.5.3 では使用できませんでした。 このテーマは 3.5.4 以降で使用できます。 アップグレードの詳しい情報については、サイト管理者にお問い合わせください。
**Note**: The light high contrast theme was unavailable in {% data variables.product.product_name %} 3.5.0, 3.5.1, 3.5.2, and 3.5.3. The theme is available in 3.5.4 and later. For more information about upgrades, contact your site administrator.
使用する {% data variables.product.product_name %} のバージョンの決定について詳しくは、「[{% data variables.product.prodname_docs %} のバージョンについて](/get-started/learning-about-github/about-versions-of-github-docs#github-enterprise-server)」を参照してください。
{% endnote %} {%- endif %}
For more information about determining the version of {% data variables.product.product_name %} you're using, see "[About versions of {% data variables.product.prodname_docs %}](/get-started/learning-about-github/about-versions-of-github-docs#github-enterprise-server)."
{% endnote %}
{%- endif %}
{% ifversion fpt or ghes > 3.2 or ghae or ghec %}![1 つのテーマを選択するためのラジオ ボタン](/assets/images/help/settings/theme-choose-a-single-theme-highcontrast.png){% else %}![1 つのテーマを選択するためのラジオ ボタン](/assets/images/help/settings/theme-choose-a-single-theme.png){% endif %}
- システム設定に従うことを選択した場合は、昼のテーマと夜のテーマをクリックします。
![Radio buttons for the choice of a single theme](/assets/images/help/settings/theme-choose-a-single-theme-highcontrast.png)
- If you chose to follow your system settings, click a day theme and a night theme.
{% ifversion fpt or ghes > 3.2 or ghae or ghec %}![システム設定と同期するテーマを選択するためのボタン](/assets/images/help/settings/theme-choose-a-day-and-night-theme-to-sync-highcontrast.png){% else %}![システム設定と同期するテーマを選択するためのボタン](/assets/images/help/settings/theme-choose-a-day-and-night-theme-to-sync.png){% endif %} {% ifversion fpt or ghec %}
- 現在パブリック ベータ版のテーマを選択する場合は、まず機能プレビューでそれを有効にする必要があります。 詳細については、「[機能プレビューを使用した早期アクセス リリースを探索する](/get-started/using-github/exploring-early-access-releases-with-feature-preview)」を参照してください。{% endif %}
![Buttons for the choice of a theme to sync with the system setting](/assets/images/help/settings/theme-choose-a-day-and-night-theme-to-sync-highcontrast.png)
{% ifversion fpt or ghec %}
- If you would like to choose a theme which is currently in public beta, you will first need to enable it with feature preview. For more information, see "[Exploring early access releases with feature preview](/get-started/using-github/exploring-early-access-releases-with-feature-preview)."{% endif %}
{% ifversion command-palette %}
{% note %}
**注:** コマンド パレットを使用してテーマの設定を変更することもできます。 詳細については、「[{% data variables.product.prodname_command_palette %}](/get-started/using-github/github-command-palette)」を参照してください。
**Note:** You can also change your theme settings with the command palette. For more information, see "[{% data variables.product.prodname_command_palette %}](/get-started/using-github/github-command-palette)".
{% endnote %}
{% endif %}
## 参考資料
## Further reading
- [{% data variables.product.prodname_desktop %}](/desktop/installing-and-configuring-github-desktop/setting-a-theme-for-github-desktop) の設定方法
- "[Setting a theme for {% data variables.product.prodname_desktop %}](/desktop/installing-and-configuring-github-desktop/setting-a-theme-for-github-desktop)"

113
translations/ja-JP/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/permission-levels-for-a-personal-account-repository.md
View File

@@ -1,6 +1,6 @@
---
title: 個人アカウントのリポジトリの権限レベル
intro: 個人アカウントが所有するリポジトリには、リポジトリ所有者とコラボレーターという 2 つのアクセス許可レベルがあります。
title: Permission levels for a personal account repository
intro: 'A repository owned by a personal account has two permission levels: the repository owner and collaborators.'
redirect_from:
- /articles/permission-levels-for-a-user-account-repository
- /github/setting-up-and-managing-your-github-user-account/permission-levels-for-a-user-account-repository
@@ -14,84 +14,79 @@ versions:
topics:
- Accounts
shortTitle: Repository permissions
ms.openlocfilehash: e7c7a542204c7b1ce69bc19ac326fb248bbbff12
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/05/2022
ms.locfileid: '147066307'
---
## 個人アカウント リポジトリのアクセス許可レベルについて
## About permissions levels for a personal account repository
個人アカウントが所有するリポジトリの所有者は 1 人です。 所有権のアクセス許可を別の個人アカウントと共有することはできません。
Repositories owned by personal accounts have one owner. Ownership permissions can't be shared with another personal account.
{% data variables.product.product_name %} のユーザーをコラボレーターとしてリポジトリに{% ifversion fpt or ghec %}招待{% else %}追加{% endif %}することもできます。 詳細については、「[コラボレーターを個人リポジトリに招待する](/github/setting-up-and-managing-your-github-user-account/inviting-collaborators-to-a-personal-repository)」を参照してください。
You can also {% ifversion fpt or ghec %}invite{% else %}add{% endif %} users on {% data variables.product.product_name %} to your repository as collaborators. For more information, see "[Inviting collaborators to a personal repository](/github/setting-up-and-managing-your-github-user-account/inviting-collaborators-to-a-personal-repository)."
{% tip %}
**ヒント:** 個人アカウントが所有しているリポジトリに対して、より詳細なアクセス権が必要な場合には、リポジトリを Organization に移譲することを検討してください。 詳細については、「[リポジトリを移譲する](/github/administering-a-repository/transferring-a-repository#transferring-a-repository-owned-by-your-personal-account)」を参照してください。
**Tip:** If you require more granular access to a repository owned by your personal account, consider transferring the repository to an organization. For more information, see "[Transferring a repository](/github/administering-a-repository/transferring-a-repository#transferring-a-repository-owned-by-your-personal-account)."
{% endtip %}
## 個人アカウントが所有しているリポジトリに対する所有者アクセス権
## Owner access for a repository owned by a personal account
リポジトリオーナーは、リポジトリを完全に制御することができます。 コラボレータが実行できるアクションに加えて、リポジトリオーナーは次のアクションを実行できます。
The repository owner has full control of the repository. In addition to the actions that any collaborator can perform, the repository owner can perform the following actions.
| アクション | 説明を見る |
| Action | More information |
| :- | :- |
| {% ifversion fpt or ghec %}コラボレーターの招待{% else %}コラボレーターの追加{% endif %} | [コラボレーターを個人リポジトリに招待する](/github/setting-up-and-managing-your-github-user-account/inviting-collaborators-to-a-personal-repository) |
| リポジトリの表示変更 | [リポジトリの可視性を設定する](/github/administering-a-repository/setting-repository-visibility) |{% ifversion fpt or ghec %}
| リポジトリとのインタラクションの制限 | [リポジトリでのインタラクションを制限する](/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository) |{% endif %}
| デフォルトブランチを含むブランチ名の変更 | [ブランチの名前を変更する](/github/administering-a-repository/renaming-a-branch) |
| 保護されたブランチで、レビューの承認がなくてもプルリクエストをマージする | [保護されたブランチについて](/github/administering-a-repository/about-protected-branches) |
| リポジトリを削除する | [リポジトリの削除](/repositories/creating-and-managing-repositories/deleting-a-repository) |
| リポジトリのトピックの管理 | [トピックでリポジトリを分類する](/github/administering-a-repository/classifying-your-repository-with-topics) |{% ifversion fpt or ghec %}
| リポジトリのセキュリティおよび分析設定の管理 | [リポジトリのセキュリティと分析設定を管理する](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository) |{% endif %}{% ifversion fpt or ghec %}
| プライベートリポジトリの依存関係グラフの有効化 | [リポジトリの依存関係を調べる](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository) |{% endif %}
| パッケージの削除および復元 | [パッケージを削除および復元する](/packages/learn-github-packages/deleting-and-restoring-a-package) |
| リポジトリのソーシャルメディア向けプレビューのカスタマイズ | [リポジトリのソーシャルメディア向けプレビューをカスタマイズする](/github/administering-a-repository/customizing-your-repositorys-social-media-preview) |
| リポジトリからのテンプレートの作成 | [テンプレートリポジトリを作成する](/github/creating-cloning-and-archiving-repositories/creating-a-template-repository) |
| Control access to {% data variables.product.prodname_dependabot_alerts %} へのアクセスを制御する| [リポジトリのセキュリティと分析設定を管理する](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts) |{% ifversion fpt or ghec %}
| リポジトリで {% data variables.product.prodname_dependabot_alerts %} を閉じる | "[{% data variables.product.prodname_dependabot_alerts %} の表示と更新](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts)" |
| プライベートリポジトリのデータ利用の管理 | [プライベート リポジトリ用のデータ利用設定の管理](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)|{% endif %}
| リポジトリのコードオーナーを定義する | [コード オーナーについて](/github/creating-cloning-and-archiving-repositories/about-code-owners) |
| リポジトリのアーカイブ | [リポジトリのアーカイブ](/repositories/archiving-a-github-repository/archiving-repositories) |{% ifversion fpt or ghec %}
| セキュリティアドバイザリの作成 | 「[{% data variables.product.prodname_security_advisories %}について](/github/managing-security-vulnerabilities/about-github-security-advisories) |
| スポンサーボタンの表示 | [リポジトリにスポンサーボタンを表示する](/github/administering-a-repository/displaying-a-sponsor-button-in-your-repository) |{% endif %}
| プルリクエストの自動マージを許可または禁止 | [リポジトリ内のプル リクエストの自動マージを管理する](/github/administering-a-repository/managing-auto-merge-for-pull-requests-in-your-repository) |
| {% ifversion fpt or ghec %}Invite collaborators{% else %}Add collaborators{% endif %} | "[Inviting collaborators to a personal repository](/github/setting-up-and-managing-your-github-user-account/inviting-collaborators-to-a-personal-repository)" |
| Change the visibility of the repository | "[Setting repository visibility](/github/administering-a-repository/setting-repository-visibility)" |{% ifversion fpt or ghec %}
| Limit interactions with the repository | "[Limiting interactions in your repository](/communities/moderating-comments-and-conversations/limiting-interactions-in-your-repository)" |{% endif %}
| Rename a branch, including the default branch | "[Renaming a branch](/github/administering-a-repository/renaming-a-branch)" |
| Merge a pull request on a protected branch, even if there are no approving reviews | "[About protected branches](/github/administering-a-repository/about-protected-branches)" |
| Delete the repository | "[Deleting a repository](/repositories/creating-and-managing-repositories/deleting-a-repository)" |
| Manage the repository's topics | "[Classifying your repository with topics](/github/administering-a-repository/classifying-your-repository-with-topics)" |{% ifversion fpt or ghec %}
| Manage security and analysis settings for the repository | "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)" |{% endif %}{% ifversion fpt or ghec %}
| Enable the dependency graph for a private repository | "[Exploring the dependencies of a repository](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)" |{% endif %}
| Delete and restore packages | "[Deleting and restoring a package](/packages/learn-github-packages/deleting-and-restoring-a-package)" |
| Customize the repository's social media preview | "[Customizing your repository's social media preview](/github/administering-a-repository/customizing-your-repositorys-social-media-preview)" |
| Create a template from the repository | "[Creating a template repository](/github/creating-cloning-and-archiving-repositories/creating-a-template-repository)" |
| Control access to {% data variables.product.prodname_dependabot_alerts %}| "[Managing security and analysis settings for your repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)" |{% ifversion fpt or ghec %}
| Dismiss {% data variables.product.prodname_dependabot_alerts %} in the repository | "[Viewing and updating {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts)" |
| Manage data use for a private repository | "[Managing data use settings for your private repository](/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository)"|{% endif %}
| Define code owners for the repository | "[About code owners](/github/creating-cloning-and-archiving-repositories/about-code-owners)" |
| Archive the repository | "[Archiving repositories](/repositories/archiving-a-github-repository/archiving-repositories)" |{% ifversion fpt or ghec %}
| Create security advisories | "[About repository security advisories](/github/managing-security-vulnerabilities/about-github-security-advisories)" |
| Display a sponsor button | "[Displaying a sponsor button in your repository](/github/administering-a-repository/displaying-a-sponsor-button-in-your-repository)" |{% endif %}
| Allow or disallow auto-merge for pull requests | "[Managing auto-merge for pull requests in your repository](/github/administering-a-repository/managing-auto-merge-for-pull-requests-in-your-repository)" |
| Manage webhooks and deploy keys | "[Managing deploy keys](/developers/overview/managing-deploy-keys#deploy-keys)" |
## 個人アカウントが所有しているリポジトリに対するコラボレーター アクセス権
## Collaborator access for a repository owned by a personal account
個人リポジトリのコラボレータは、リポジトリのコンテンツをプル(読み取り)したり、リポジトリに変更をプッシュ(書き込み)したりすることができます。
Collaborators on a personal repository can pull (read) the contents of the repository and push (write) changes to the repository.
{% note %}
**注:** プライベート リポジトリでは、リポジトリ オーナーはコラボレーターに書き込みアクセスしか付与できません。 個人アカウントが所有するリポジトリに対して、コラボレーターが読み取り専用アクセス権を持つことはできません。
**Note:** In a private repository, repository owners can only grant write access to collaborators. Collaborators can't have read-only access to repositories owned by a personal account.
{% endnote %}
コラボレータは、次のアクションを実行することもできます。
Collaborators can also perform the following actions.
| アクション | 説明を見る |
| Action | More information |
| :- | :- |
| リポジトリのフォーク | [フォークについて](/pull-requests/collaborating-with-pull-requests/working-with-forks/about-forks) |
| デフォルトブランチ以外のブランチ名の変更 | [ブランチの名前を変更する](/github/administering-a-repository/renaming-a-branch) |
| リポジトリ内のコミット、プルリクエスト、Issue に関するコメントの作成、編集、削除 | <ul><li>[Issue について](/github/managing-your-work-on-github/about-issues)</li><li>[プル リクエストへコメントする](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/commenting-on-a-pull-request)</li><li>[混乱を生むコメントを管理する](/communities/moderating-comments-and-conversations/managing-disruptive-comments)</li></ul> |
| リポジトリ内の Issue の作成、割り当て、クローズ、再オープン | [Issue で作業を管理する](/github/managing-your-work-on-github/managing-your-work-with-issues) |
| リポジトリ内の Issue とプルリクエストのラベル管理 | [Issue と Pull Request のラベル付け](/github/managing-your-work-on-github/labeling-issues-and-pull-requests) |
| リポジトリ内の Issue とプルリクエストのマイルストーン管理 | [Issue と Pull Request のマイルストーンの作成と削除](/github/managing-your-work-on-github/creating-and-editing-milestones-for-issues-and-pull-requests) |
| リポジトリ内の Issue またはプルリクエストを重複としてマーク | [Issue と Pull Request の重複について](/github/managing-your-work-on-github/about-duplicate-issues-and-pull-requests) |
| リポジトリ内のプルリクエストの作成、マージ、クローズ | [プル リクエストで、作業に対する変更を提案する](/github/collaborating-with-issues-and-pull-requests/proposing-changes-to-your-work-with-pull-requests) |
| プルリクエストの自動マージの有効化または無効化 | [プル リクエストを自動的にマージする](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/automatically-merging-a-pull-request)
| リポジトリ内のプルリクエストに提案された変更を適用 |[プル リクエストでのフィードバックを取り込む](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/incorporating-feedback-in-your-pull-request) |
| リポジトリのフォークからプルリクエストを作成 | [フォークからプル リクエストを作成する](/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request-from-a-fork) |
| プルリクエストのマージ可能性に影響するプルリクエストについてレビューを送信 | [プル リクエストで提案された変更をレビューする](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request) |
| リポジトリ用のウィキの作成と編集 | [ウィキについて](/communities/documenting-your-project-with-wikis/about-wikis) |
| リポジトリ用のリリースの作成と編集 | [リポジトリのリリースを管理する](/github/administering-a-repository/managing-releases-in-a-repository) |
| リポジトリのコードオーナーの定義 | [コード オーナーについて](/articles/about-code-owners) |{% ifversion fpt or ghae or ghec %}
| パッケージの公開、表示、インストール | [パッケージの公開と管理](/github/managing-packages-with-github-packages/publishing-and-managing-packages) |{% endif %}
| リポジトリでコラボレーターである自身を削除する | [コラボレーターのリポジトリから自分を削除する](/github/setting-up-and-managing-your-github-user-account/removing-yourself-from-a-collaborators-repository) |
| Fork the repository | "[About forks](/pull-requests/collaborating-with-pull-requests/working-with-forks/about-forks)" |
| Rename a branch other than the default branch | "[Renaming a branch](/github/administering-a-repository/renaming-a-branch)" |
| Create, edit, and delete comments on commits, pull requests, and issues in the repository | <ul><li>"[About issues](/github/managing-your-work-on-github/about-issues)"</li><li>"[Commenting on a pull request](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/commenting-on-a-pull-request)"</li><li>"[Managing disruptive comments](/communities/moderating-comments-and-conversations/managing-disruptive-comments)"</li></ul> |
| Create, assign, close, and re-open issues in the repository | "[Managing your work with issues](/github/managing-your-work-on-github/managing-your-work-with-issues)" |
| Manage labels for issues and pull requests in the repository | "[Labeling issues and pull requests](/github/managing-your-work-on-github/labeling-issues-and-pull-requests)" |
| Manage milestones for issues and pull requests in the repository | "[Creating and editing milestones for issues and pull requests](/github/managing-your-work-on-github/creating-and-editing-milestones-for-issues-and-pull-requests)" |
| Mark an issue or pull request in the repository as a duplicate | "[About duplicate issues and pull requests](/github/managing-your-work-on-github/about-duplicate-issues-and-pull-requests)" |
| Create, merge, and close pull requests in the repository | "[Proposing changes to your work with pull requests](/github/collaborating-with-issues-and-pull-requests/proposing-changes-to-your-work-with-pull-requests)" |
| Enable and disable auto-merge for a pull request | "[Automatically merging a pull request](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/automatically-merging-a-pull-request)"
| Apply suggested changes to pull requests in the repository |"[Incorporating feedback in your pull request](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/incorporating-feedback-in-your-pull-request)" |
| Create a pull request from a fork of the repository | "[Creating a pull request from a fork](/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request-from-a-fork)" |
| Submit a review on a pull request that affects the mergeability of the pull request | "[Reviewing proposed changes in a pull request](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request)" |
| Create and edit a wiki for the repository | "[About wikis](/communities/documenting-your-project-with-wikis/about-wikis)" |
| Create and edit releases for the repository | "[Managing releases in a repository](/github/administering-a-repository/managing-releases-in-a-repository)" |
| Act as a code owner for the repository | "[About code owners](/articles/about-code-owners)" |{% ifversion fpt or ghae or ghec %}
| Publish, view, or install packages | "[Publishing and managing packages](/github/managing-packages-with-github-packages/publishing-and-managing-packages)" |{% endif %}
| Remove themselves as collaborators on the repository | "[Removing yourself from a collaborator's repository](/github/setting-up-and-managing-your-github-user-account/removing-yourself-from-a-collaborators-repository)" |
## 参考資料
## Further reading
- [Organization のリポジトリ ロール](/organizations/managing-access-to-your-organizations-repositories/repository-roles-for-an-organization)
- "[Repository roles for an organization](/organizations/managing-access-to-your-organizations-repositories/repository-roles-for-an-organization)"

14
translations/ja-JP/content/actions/creating-actions/metadata-syntax-for-github-actions.md
View File

@@ -231,19 +231,11 @@ For example, this `cleanup.js` will only run on Linux-based runners:
### `runs.steps`
{% ifversion fpt or ghes > 3.2 or ghae or ghec %}
**Required** The steps that you plan to run in this action. These can be either `run` steps or `uses` steps.
{% else %}
**Required** The steps that you plan to run in this action.
{% endif %}
#### `runs.steps[*].run`
{% ifversion fpt or ghes > 3.2 or ghae or ghec %}
**Optional** The command you want to run. This can be inline or a script in your action repository:
{% else %}
**Required** The command you want to run. This can be inline or a script in your action repository:
{% endif %}
{% raw %}
```yaml
@@ -269,11 +261,7 @@ For more information, see "[`github context`](/actions/reference/context-and-exp
#### `runs.steps[*].shell`
{% ifversion fpt or ghes > 3.2 or ghae or ghec %}
**Optional** The shell where you want to run the command. You can use any of the shells listed [here](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsshell). Required if `run` is set.
{% else %}
**Required** The shell where you want to run the command. You can use any of the shells listed [here](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsshell). Required if `run` is set.
{% endif %}
{% ifversion fpt or ghes > 3.3 or ghae > 3.3 or ghec %}
#### `runs.steps[*].if`
@@ -322,7 +310,6 @@ steps:
**Optional** Specifies the working directory where the command is run.
{% ifversion fpt or ghes > 3.2 or ghae or ghec %}
#### `runs.steps[*].uses`
**Optional** Selects an action to run as part of a step in your job. An action is a reusable unit of code. You can use an action defined in the same repository as the workflow, a public repository, or in a [published Docker container image](https://hub.docker.com/).
@@ -371,7 +358,6 @@ runs:
middle_name: The
last_name: Octocat
```
{% endif %}
{% ifversion ghes > 3.5 or ghae > 3.5 %}

102
translations/ja-JP/content/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-hashicorp-vault.md
View File

@@ -1,7 +1,7 @@
---
title: Configuring OpenID Connect in HashiCorp Vault
title: HashiCorp Vault での OpenID Connect の構成
shortTitle: OpenID Connect in HashiCorp Vault
intro: Use OpenID Connect within your workflows to authenticate with HashiCorp Vault.
intro: ワークフロー内で OpenID Connect を使用して HashiCorp Vault で認証します。
miniTocMaxHeadingLevel: 3
versions:
fpt: '*'
@@ -10,31 +10,35 @@ versions:
type: tutorial
topics:
- Security
ms.openlocfilehash: 174243818443709ee6ffe3b22aa668cff254266f
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 10/25/2022
ms.locfileid: '148106630'
---
{% data reusables.actions.enterprise-beta %} {% data reusables.actions.enterprise-github-hosted-runners %}
{% data reusables.actions.enterprise-beta %}
{% data reusables.actions.enterprise-github-hosted-runners %}
## 概要
## Overview
OpenID Connect (OIDC) を使うと、{% data variables.product.prodname_actions %} ワークフローが HashiCorp Vault で認証し、シークレットを取得できます。
OpenID Connect (OIDC) allows your {% data variables.product.prodname_actions %} workflows to authenticate with a HashiCorp Vault to retrieve secrets.
このガイドでは、HashiCorp Vault が {% data variables.product.prodname_dotcom %} の OIDC をフェデレーション ID として信頼するように構成する方法の概要について説明します。また、この構成を [hashicorp/vault-action](https://github.com/hashicorp/vault-action) アクションで使って HashiCorp Vault からシークレットを取得する方法を示します。
This guide gives an overview of how to configure HashiCorp Vault to trust {% data variables.product.prodname_dotcom %}'s OIDC as a federated identity, and demonstrates how to use this configuration in the [hashicorp/vault-action](https://github.com/hashicorp/vault-action) action to retrieve secrets from HashiCorp Vault.
## Prerequisites
## 前提条件
{% data reusables.actions.oidc-link-to-intro %}
{% data reusables.actions.oidc-security-notice %}
## Adding the identity provider to HashiCorp Vault
## HashiCorp Vault への ID プロバイダーの追加
To use OIDC with HashiCorp Vault, you will need to add a trust configuration for the {% data variables.product.prodname_dotcom %} OIDC provider. For more information, see the HashiCorp Vault [documentation](https://www.vaultproject.io/docs/auth/jwt).
HashiCorp Vault と共に OIDC を使うには、{% data variables.product.prodname_dotcom %} OIDC プロバイダーの信頼構成を追加する必要があります。 詳細については、HashiCorp Vault [ドキュメント](https://www.vaultproject.io/docs/auth/jwt)を参照してください。
To configure your Vault server to accept JSON Web Tokens (JWT) for authentication:
認証に JSON Web トークン (JWT) を受け入れるように Vault サーバーを構成します。
1. Enable the JWT `auth` method, and use `write` to apply the configuration to your Vault.
For `oidc_discovery_url` and `bound_issuer` parameters, use {% ifversion ghes %}`https://HOSTNAME/_services/token`{% else %}`https://token.actions.githubusercontent.com`{% endif %}. These parameters allow the Vault server to verify the received JSON Web Tokens (JWT) during the authentication process.
1. JWT `auth` メソッドを有効にし、`write` を使用して Vault に構成を適用します。
`oidc_discovery_url` および `bound_issuer` パラメーターの場合は、{% ifversion ghes %}`https://HOSTNAME/_services/token`{% else %}`https://token.actions.githubusercontent.com`{% endif %} を使います。 これらのパラメーターを使用すると、Vault サーバーは認証プロセス中に受信した JSON Web トークン (JWT) を確認できます。
```sh{:copy}
vault auth enable jwt
@@ -45,7 +49,7 @@ To configure your Vault server to accept JSON Web Tokens (JWT) for authenticatio
bound_issuer="{% ifversion ghes %}https://HOSTNAME/_services/token{% else %}https://token.actions.githubusercontent.com{% endif %}" \
oidc_discovery_url="{% ifversion ghes %}https://HOSTNAME/_services/token{% else %}https://token.actions.githubusercontent.com{% endif %}"
```
2. Configure a policy that only grants access to the specific paths your workflows will use to retrieve secrets. For more advanced policies, see the HashiCorp Vault [Policies documentation](https://www.vaultproject.io/docs/concepts/policies).
2. ワークフローがシークレットの取得に使用する特定のパスへのアクセスのみを許可するポリシーを構成します。 詳細なポリシーについては、HashiCorp Vault の [「ポリシー」のドキュメント](https://www.vaultproject.io/docs/concepts/policies)を参照してください。
```sh{:copy}
vault policy write myproject-production - <<EOF
@@ -56,7 +60,7 @@ To configure your Vault server to accept JSON Web Tokens (JWT) for authenticatio
}
EOF
```
3. Configure roles to group different policies together. If the authentication is successful, these policies are attached to the resulting Vault access token.
3. 異なるポリシーをグループ化するようにロールを構成します。 認証が成功した場合、これらのポリシーは結果の Vault アクセス トークンにアタッチされます。
```sh{:copy}
vault write auth/jwt/role/myproject-production -<<EOF
@@ -72,51 +76,51 @@ To configure your Vault server to accept JSON Web Tokens (JWT) for authenticatio
EOF
```
- `ttl` defines the validity of the resulting access token.
- Ensure that the `bound_claims` parameter is defined for your security requirements, and has at least one condition. Optionally, you can also set the `bound_subject` as well as the `bound_audiences` parameter.
- To check arbitrary claims in the received JWT payload, the `bound_claims` parameter contains a set of claims and their required values. In the above example, the role will accept any incoming authentication requests from the `repo-name` repository owned by the `user-or-org-name` account.
- To see all the available claims supported by {% data variables.product.prodname_dotcom %}'s OIDC provider, see ["Configuring the OIDC trust with the cloud"](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#configuring-the-oidc-trust-with-the-cloud).
- `ttl` によって、結果のアクセス トークンの有効性が定義されます。
- `bound_claims` パラメーターがセキュリティ要件に対して定義されており、少なくとも 1 つの条件があることを確認します。 必要に応じて、`bound_subject` だけでなく、`bound_audiences` パラメーターも設定できます。
- 受信した JWT ペイロード内の任意の要求を確認するために、`bound_claims` パラメーターには一連の要求とその必須の値が含まれています。 上記の例では、ロールは、`user-or-org-name` アカウントによって所有される `repo-name` リポジトリからの受信認証要求を受け取ります。
- {% data variables.product.prodname_dotcom %} OIDC プロバイダーでサポートされている使用可能なすべての要求を確認するには、「[クラウドを使った OIDC 信頼の構成](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#configuring-the-oidc-trust-with-the-cloud)」を参照してください。
For more information, see the HashiCorp Vault [documentation](https://www.vaultproject.io/docs/auth/jwt).
詳細については、HashiCorp Vault [ドキュメント](https://www.vaultproject.io/docs/auth/jwt)を参照してください。
## Updating your {% data variables.product.prodname_actions %} workflow
## {% data variables.product.prodname_actions %} ワークフローを更新する
To update your workflows for OIDC, you will need to make two changes to your YAML:
1. Add permissions settings for the token.
2. Use the [`hashicorp/vault-action`](https://github.com/hashicorp/vault-action) action to exchange the OIDC token (JWT) for a cloud access token.
OIDC のワークフローを更新するには、YAML に 2 つの変更を行う必要があります。
1. トークンのアクセス許可設定を追加します。
2. この [`hashicorp/vault-action`](https://github.com/hashicorp/vault-action) アクションを使って、OIDC トークン (JWT) をクラウド アクセス トークンと交換します。
To add OIDC integration to your workflows that allow them to access secrets in Vault, you will need to add the following code changes:
Vault のシークレットにアクセスできるようにワークフローに OIDC 統合を追加するには、次のコード変更を追加する必要があります。
- Grant permission to fetch the token from the {% data variables.product.prodname_dotcom %} OIDC provider:
- The workflow needs `permissions:` settings with the `id-token` value set to `write`. This lets you fetch the OIDC token from every job in the workflow.
- Request the JWT from the {% data variables.product.prodname_dotcom %} OIDC provider, and present it to HashiCorp Vault to receive an access token:
- You can use the [`hashicorp/vault-action`](https://github.com/hashicorp/vault-action) action to fetch the JWT and receive the access token from Vault, or you could use the [Actions toolkit](https://github.com/actions/toolkit/) to fetch the tokens for your job.
- {% data variables.product.prodname_dotcom %} OIDC プロバイダーからトークンをフェッチするアクセス許可を付与します。
- ワークフローには、`id-token` の値が `write` に設定された `permissions:` 設定が必要です。 これにより、ワークフロー内のすべてのジョブから OIDC トークンをフェッチすることができます。
- {% data variables.product.prodname_dotcom %} OIDC プロバイダーに JWT を要求し、それを HashiCorp Vault に提示してアクセス トークンを受け取ります。
- [`hashicorp/vault-action`](https://github.com/hashicorp/vault-action) アクションを使って、JWT をフェッチし、Vault からアクセス トークンを受け取ることができます。または、[Actions ツールキット](https://github.com/actions/toolkit/)を使ってジョブのトークンをフェッチすることもできます。
This example demonstrates how to use OIDC with the official action to request a secret from HashiCorp Vault.
この例は、HashiCorp Vault からシークレットを要求するために、公式のアクションと共に OIDC を使う方法を示しています。
### Adding permissions settings
### アクセス許可設定の追加
{% data reusables.actions.oidc-permissions-token %}
{% note %}
**Note**:
****:
When the `permissions` key is used, all unspecified permissions are set to _no access_, with the exception of the metadata scope, which always gets _read_ access. As a result, you may need to add other permissions, such as `contents: read`. See [Automatic token authentication](/actions/security-guides/automatic-token-authentication) for more information.
`permissions` キーを使用すると、すべての未指定のアクセス許可が "アクセスなし" に設定されます。ただし、メタデータ スコープは例外であり、常に "読み取り" アクセス権を取得します。 その結果、`contents: read` のような他のアクセス許可を追加することが必要になる場合があります。 詳しくは、「[自動トークン認証](/actions/security-guides/automatic-token-authentication)」を参照してください。
{% endnote %}
### Requesting the access token
### アクセス トークンの要求
The `hashicorp/vault-action` action receives a JWT from the {% data variables.product.prodname_dotcom %} OIDC provider, and then requests an access token from your HashiCorp Vault instance to retrieve secrets. For more information, see the HashiCorp Vault GitHub Action [documentation](https://github.com/hashicorp/vault-action).
`hashicorp/vault-action` アクションは、{% data variables.product.prodname_dotcom %} OIDC プロバイダーから JWT を受け取り、HashiCorp Vault インスタンスにアクセス トークンを要求し、シークレットを取得します。 詳しくは、HashiCorp Vault GitHub Action [ドキュメント](https://github.com/hashicorp/vault-action)を参照してください。
This example demonstrates how to create a job that requests a secret from HashiCorp Vault.
この例では、HashiCorp Vault にシークレットを要求するジョブを作成する方法を示しています。
- `<Vault URL>`: Replace this with the URL of your HashiCorp Vault.
- `<Vault Namespace>`: Replace this with the Namespace you've set in HashiCorp Vault. For example: `admin`.
- `<Role name>`: Replace this with the role you've set in the HashiCorp Vault trust relationship.
- `<Secret-Path>`: Replace this with the path to the secret you're retrieving from HashiCorp Vault. For example: `secret/data/production/ci npmToken`.
- `<Vault URL>`: これを HashiCorp Vault の URL に置き換えます。
- `<Vault Namespace>`: これを HashiCorp Vault で設定した名前空間に置き換えます。 (例: `admin`)。
- `<Role name>`: これを HashiCorp Vault の信頼関係で設定したロールに置き換えます。
- `<Secret-Path>`: これを HashiCorp Vault から取得するシークレットのパスに置き換えます。 たとえば、「`secret/data/production/ci npmToken`」のように入力します。
```yaml{:copy}
jobs:
@@ -142,19 +146,19 @@ jobs:
{% note %}
**Note**:
****:
- If your Vault server is not accessible from the public network, consider using a self-hosted runner with other available Vault [auth methods](https://www.vaultproject.io/docs/auth). For more information, see "[About self-hosted runners](/actions/hosting-your-own-runners/about-self-hosted-runners)."
- `<Vault Namespace>` must be set for a Vault Enterprise (including HCP Vault) deployment. For more information, see [Vault namespace](https://www.vaultproject.io/docs/enterprise/namespaces).
- Vault サーバーにパブリック ネットワークからアクセスできない場合は、他の使用可能な Vault [認証方法](https://www.vaultproject.io/docs/auth)でセルフホステッド ランナーを使用することを検討してください。 詳細については、[セルフホステッド ランナー](/actions/hosting-your-own-runners/about-self-hosted-runners)に関する記述をご覧ください。
- `<Vault Namespace>` は、Vault Enterprise (HCP Vault を含む) デプロイに対して設定する必要があります。 詳しくは、[Vault 名前空間](https://www.vaultproject.io/docs/enterprise/namespaces)に関するページを参照してください。
{% endnote %}
### Revoking the access token
### アクセス トークンの取り消し
By default, the Vault server will automatically revoke access tokens when their TTL is expired, so you don't have to manually revoke the access tokens. However, if you do want to revoke access tokens immediately after your job has completed or failed, you can manually revoke the issued token using the [Vault API](https://www.vaultproject.io/api/auth/token#revoke-a-token-self).
既定で、Vault サーバーでは TTL の有効期限が切れたときにアクセス トークンを自動的に取り消します。そのため、アクセス トークンを手動で取り消す必要はありません。 ただし、ジョブが完了または失敗した直後にアクセス トークンを取り消す場合は、[Vault API](https://www.vaultproject.io/api/auth/token#revoke-a-token-self) を使用して発行されたトークンを手動で取り消すことができます。
1. Set the `exportToken` option to `true` (default: `false`). This exports the issued Vault access token as an environment variable: `VAULT_TOKEN`.
2. Add a step to call the [Revoke a Token (Self)](https://www.vaultproject.io/api/auth/token#revoke-a-token-self) Vault API to revoke the access token.
1. `exportToken` オプションを `true` (既定値: `false`) に設定します。 これにより、発行された Vault アクセス トークンが環境変数としてエクスポートされます: `VAULT_TOKEN`
2. [トークンの取り消し (自己)](https://www.vaultproject.io/api/auth/token#revoke-a-token-self) Vault API を呼び出してアクセス トークンを取り消すステップを追加します。
```yaml{:copy}
jobs:
@@ -183,4 +187,4 @@ jobs:
run: |
curl -X POST -sv -H "X-Vault-Token: {% raw %}${{ env.VAULT_TOKEN }}{% endraw %}" \
<Vault URL>/v1/auth/token/revoke-self
```
```

92
translations/ja-JP/content/actions/examples/using-the-github-cli-on-a-runner.md
View File

@@ -1,7 +1,7 @@
---
title: Using the GitHub CLI on a runner
title: ランナーでの GitHub CLI の使用
shortTitle: Use the GitHub CLI on a runner
intro: 'How to use advanced {% data variables.product.prodname_actions %} features for continuous integration (CI).'
intro: '継続的インテグレーション (CI) のために高度な {% data variables.product.prodname_actions %} 機能を使用する方法。'
versions:
fpt: '*'
ghes: '> 3.1'
@@ -10,40 +10,34 @@ versions:
type: how_to
topics:
- Workflows
ms.openlocfilehash: e0787d09cd194de0038d259c1aff777cc91a4a6a
ms.sourcegitcommit: bf11c3e08cbb5eab6320e0de35b32ade6d863c03
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 10/27/2022
ms.locfileid: '148111586'
---
{% data reusables.actions.enterprise-github-hosted-runners %}
## Example overview
## サンプルの概要
{% data reusables.actions.example-workflow-intro-ci %} When this workflow is triggered, it automatically runs a script that checks whether the {% data variables.product.prodname_dotcom %} Docs site has any broken links. If any broken links are found, the workflow uses the {% data variables.product.prodname_dotcom %} CLI to create a {% data variables.product.prodname_dotcom %} issue with the details.
{% data reusables.actions.example-workflow-intro-ci %}このワークフローがトリガーされると、{% data variables.product.prodname_dotcom %} Docs サイトに壊れたリンクがあるかどうかを確認するスクリプトが自動的に実行されます。 壊れたリンクが見つかった場合、ワークフローで詳しい情報を含む {% data variables.product.prodname_dotcom %} のイシューが {% data variables.product.prodname_dotcom %} CLI を使用して作成されます。
{% data reusables.actions.example-diagram-intro %}
![Overview diagram of workflow steps](/assets/images/help/images/overview-actions-using-cli-ci-example.png)
![ワークフローのステップの概要図](/assets/images/help/images/overview-actions-using-cli-ci-example.png)
## Features used in this example
## この例で使用されている機能
{% data reusables.actions.example-table-intro %}
| **Feature** | **Implementation** |
| **機能** | **実装** |
| --- | --- |
{% data reusables.actions.cron-table-entry %}
{% data reusables.actions.permissions-table-entry %}
{% data reusables.actions.if-conditions-table-entry %}
{% data reusables.actions.secrets-table-entry %}
{% data reusables.actions.checkout-action-table-entry %}
{% data reusables.actions.setup-node-table-entry %}
| Using a third-party action: | [`peter-evans/create-issue-from-file`](https://github.com/peter-evans/create-issue-from-file)|
| Running shell commands on the runner: | [`run`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun) |
| Running a script on the runner: | Using `script/check-english-links.js` |
| Generating an output file: | Piping the output using the `>` operator |
| Checking for existing issues using {% data variables.product.prodname_cli %}: | [`gh issue list`](https://cli.github.com/manual/gh_issue_list) |
| Commenting on an issue using {% data variables.product.prodname_cli %}: | [`gh issue comment`](https://cli.github.com/manual/gh_issue_comment) |
{% data reusables.actions.cron-table-entry %} {% data reusables.actions.permissions-table-entry %} {% data reusables.actions.if-conditions-table-entry %} {% data reusables.actions.secrets-table-entry %} {% data reusables.actions.checkout-action-table-entry %} {% data reusables.actions.setup-node-table-entry %} | サード パーティのアクションの使用: | [`peter-evans/create-issue-from-file`](https://github.com/peter-evans/create-issue-from-file)| | ランナーでのシェル コマンドの実行: | [`run`](/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun) | | ランナーでのスクリプトの実行: | `script/check-english-links.js` の使用 | | 出力ファイルの生成: | `>` 演算子を使用した出力のパイプ処理 | | {% data variables.product.prodname_cli %} を使用した既存のイシューの確認: | [`gh issue list`](https://cli.github.com/manual/gh_issue_list) | | {% data variables.product.prodname_cli %} を使用したイシューへのコメント: | [`gh issue comment`](https://cli.github.com/manual/gh_issue_comment) |
## Example workflow
## ワークフローの例
{% data reusables.actions.example-docs-engineering-intro %} [`check-all-english-links.yml`](https://github.com/github/docs/blob/main/.github/workflows/check-all-english-links.yml).
{% data reusables.actions.example-docs-engineering-intro %} [`check-all-english-links.yml`](https://github.com/github/docs/blob/6e01c0653836c10d7e092a17566a2c88b10504ce/.github/workflows/check-all-english-links.yml)
{% data reusables.actions.note-understanding-example %}
@@ -178,15 +172,15 @@ jobs:
</tbody>
</table>
## Understanding the example
## 例の説明
{% data reusables.actions.example-explanation-table-intro %}
<table style="table-layout: fixed;">
<thead>
<tr>
<th style="width:60%"><b>Code</b></th>
<th style="width:40%"><b>Explanation</b></th>
<th style="width:60%">"<b>コード</b>"</th>
<th style="width:40%"><b>説明</b></th>
</tr>
</thead>
<tbody>
@@ -214,10 +208,10 @@ on:
</td>
<td>
Defines the `workflow_dispatch` and `scheduled` as triggers for the workflow:
ワークフローのトリガーとして `workflow_dispatch` `scheduled` を定義します。
* The `workflow_dispatch` lets you manually run this workflow from the UI. For more information, see [`workflow_dispatch`](/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch).
* The `schedule` event lets you use `cron` syntax to define a regular interval for automatically triggering the workflow. For more information, see [`schedule`](/actions/reference/events-that-trigger-workflows#schedule).
* `workflow_dispatch` を使用すると、UI からこのワークフローを手動で実行できます。 詳細については、「[`workflow_dispatch`](/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch)」を参照してください。
* `schedule` イベントにより、`cron` 構文を使用して、ワークフローを自動的にトリガーするための一定の間隔を定義できます。 詳細については、「[`schedule`](/actions/reference/events-that-trigger-workflows#schedule)」を参照してください。
</td>
</tr>
<tr>
@@ -231,7 +225,7 @@ permissions:
</td>
<td>
Modifies the default permissions granted to `GITHUB_TOKEN`. This will vary depending on the needs of your workflow. For more information, see "[Assigning permissions to jobs](/actions/using-jobs/assigning-permissions-to-jobs)."
`GITHUB_TOKEN` に付与される既定のアクセス許可を変更します。 これはワークフローのニーズによって異なります。 詳しい情報については、「[ジョブへのアクセス許可の割り当て](/actions/using-jobs/assigning-permissions-to-jobs)」を参照してください。
</td>
</tr>
<tr>
@@ -243,7 +237,7 @@ jobs:
</td>
<td>
Groups together all the jobs that run in the workflow file.
ワークフロー ファイルで実行されるすべてのジョブをグループ化します。
</td>
</tr>
<tr>
@@ -256,7 +250,7 @@ Groups together all the jobs that run in the workflow file.
</td>
<td>
Defines a job with the ID `check_all_english_links`, and the name `Check all links`, that is stored within the `jobs` key.
ID `check_all_english_links` と名前 `Check all links` を持つジョブを定義します。これは `jobs` キー内に格納されます。
</td>
</tr>
<tr>
@@ -268,7 +262,7 @@ if: github.repository == 'github/docs-internal'
</td>
<td>
Only run the `check_all_english_links` job if the repository is named `docs-internal` and is within the `github` organization. Otherwise, the job is marked as _skipped_.
リポジトリが `docs-internal` という名前で、`github` という Organization 内にある場合のみ、`check_all_english_links` ジョブを実行します。 それ以外の場合、ジョブは _"スキップ済み"_ としてマークされます。
</td>
</tr>
<tr>
@@ -280,7 +274,7 @@ runs-on: ubuntu-latest
</td>
<td>
Configures the job to run on an Ubuntu Linux runner. This means that the job will execute on a fresh virtual machine hosted by {% data variables.product.prodname_dotcom %}. For syntax examples using other runners, see "[Workflow syntax for {% data variables.product.prodname_actions %}](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idruns-on)."
Ubuntu Linux ランナーで実行するようにジョブを設定します。 これは、ジョブが {% data variables.product.prodname_dotcom %} によってホストされている新しい仮想マシンで実行されるということです。 他のランナーを使う構文例については、「[{% data variables.product.prodname_actions %} のワークフロー構文](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idruns-on)」を参照してください。
</td>
</tr>
<tr>
@@ -296,7 +290,7 @@ Configures the job to run on an Ubuntu Linux runner. This means that the job wil
</td>
<td>
Creates custom environment variables, and redefines the built-in `GITHUB_TOKEN` variable to use a custom [secret](/actions/security-guides/encrypted-secrets). These variables will be referenced later in the workflow.
カスタム環境変数を作成し、組み込み `GITHUB_TOKEN` 変数を再定義してカスタム [シークレット](/actions/security-guides/encrypted-secrets)を使用します。 これらの変数は、ワークフローで後から参照されます。
</td>
</tr>
<tr>
@@ -308,7 +302,7 @@ Creates custom environment variables, and redefines the built-in `GITHUB_TOKEN`
</td>
<td>
Groups together all the steps that will run as part of the `check_all_english_links` job. Each job in the workflow has its own `steps` section.
`check_all_english_links` ジョブの一部として実行されるすべてのステップをグループ化します。 ワークフロー内の各ジョブには、独自の `steps` セクションがあります。
</td>
</tr>
<tr>
@@ -321,7 +315,7 @@ Groups together all the steps that will run as part of the `check_all_english_li
</td>
<td>
The `uses` keyword tells the job to retrieve the action named `actions/checkout`. This is an action that checks out your repository and downloads it to the runner, allowing you to run actions against your code (such as testing tools). You must use the checkout action any time your workflow will run against the repository's code or you are using an action defined in the repository.
`uses` キーワードは、`actions/checkout` という名前のアクションを取得するようにジョブに指示します。 これは、リポジトリをチェックアウトしてランナーにダウンロードし、コードに対してアクション(テストツールなど)を実行できるようにします。 ワークフローがリポジトリのコードに対して実行されるとき、またはリポジトリで定義されたアクションを使用しているときはいつでも、チェックアウトアクションを使用する必要があります。
</td>
</tr>
<tr>
@@ -337,7 +331,7 @@ The `uses` keyword tells the job to retrieve the action named `actions/checkout`
</td>
<td>
This step uses the `actions/setup-node` action to install the specified version of the `node` software package on the runner, which gives you access to the `npm` command.
このステップでは、`actions/setup-node` アクションを使用して、指定したバージョンの `node` ソフトウェア パッケージをランナーにインストールします。これにより、`npm` コマンドにアクセスできるようになります。
</td>
</tr>
<tr>
@@ -352,7 +346,7 @@ This step uses the `actions/setup-node` action to install the specified version
</td>
<td>
The `run` keyword tells the job to execute a command on the runner. In this case, the `npm ci` and `npm run build` commands are run as separate steps to install and build the Node.js application in the repository.
`run` キーワードは、ランナーでコマンドを実行するようにジョブに指示します。 この場合、Node.js アプリケーションをリポジトリにインストールしてビルドするための個別のステップとして、`npm ci` コマンドと `npm run build` コマンドが実行されます。
</td>
</tr>
<tr>
@@ -366,7 +360,7 @@ The `run` keyword tells the job to execute a command on the runner. In this case
</td>
<td>
This `run` command executes a script that is stored in the repository at `script/check-english-links.js`, and pipes the output to a file called `broken_links.md`.
この `run` コマンドは、リポジトリの `script/check-english-links.js` に保存されているスクリプトを実行し、出力を `broken_links.md` というファイルにパイプで渡します。
</td>
</tr>
<tr>
@@ -385,7 +379,7 @@ This `run` command executes a script that is stored in the repository at `script
</td>
<td>
If the `check-english-links.js` script detects broken links and returns a non-zero (failure) exit status, then use a [workflow command](/actions/using-workflows/workflow-commands-for-github-actions#setting-an-output-parameter) to set an output that has the value of the first line of the `broken_links.md` file (this is used the next step).
`check-english-links.js` スクリプトで壊れたリンクが検出され、0 以外 (失敗) の終了状態が返された場合は、[ワークフロー コマンド](/actions/using-workflows/workflow-commands-for-github-actions#setting-an-output-parameter)を使用して、`broken_links.md` ファイルの先頭行の値を持つ出力を設定します (これは次のステップで使用されます)。
</td>
</tr>
<tr>
@@ -407,7 +401,7 @@ If the `check-english-links.js` script detects broken links and returns a non-ze
</td>
<td>
Uses the `peter-evans/create-issue-from-file` action to create a new {% data variables.product.prodname_dotcom %} issue. This example is pinned to a specific version of the action, using the `b4f9ee0a9d4abbfc6986601d9b1a4f8f8e74c77e` SHA.
`peter-evans/create-issue-from-file` アクションを使用して、新しい {% data variables.product.prodname_dotcom %} のイシューを作成します。 この例は、`b4f9ee0a9d4abbfc6986601d9b1a4f8f8e74c77e` SHA を使用して、特定のバージョンのアクションに合わせて固定されています。
</td>
</tr>
<tr>
@@ -435,9 +429,9 @@ Uses the `peter-evans/create-issue-from-file` action to create a new {% data var
</td>
<td>
Uses [`gh issue list`](https://cli.github.com/manual/gh_issue_list) to locate the previously created issue from earlier runs. This is [aliased](https://cli.github.com/manual/gh_alias_set) to `gh list-reports` for simpler processing in later steps. To get the issue URL, the `jq` expression processes the resulting JSON output.
[`gh issue list`](https://cli.github.com/manual/gh_issue_list) を使用して、以前の実行から以前に作成したイシューを見つけます。 これには、後のステップでの処理を簡単にするために、`gh list-reports` という[別名](https://cli.github.com/manual/gh_alias_set)が付けられます。 イシューの URL を取得するために、`jq` 式で結果の JSON 出力を処理します。
[`gh issue comment`](https://cli.github.com/manual/gh_issue_comment) is then used to add a comment to the new issue that links to the previous one.
次に [`gh issue comment`](https://cli.github.com/manual/gh_issue_comment) を使用して、以前のイシューにリンクするコメントを新しいイシューに追加します。
</td>
</tr>
<tr>
@@ -455,7 +449,7 @@ Uses [`gh issue list`](https://cli.github.com/manual/gh_issue_list) to locate th
</td>
<td>
If an issue from a previous run is open and assigned to someone, then use [`gh issue comment`](https://cli.github.com/manual/gh_issue_comment) to add a comment with a link to the new issue.
以前の実行でのイシューが未解決であり誰かに割り当てられている場合は、[`gh issue comment`](https://cli.github.com/manual/gh_issue_comment) を使用して、新しいイシューへのリンクを含むコメントを追加します。
</td>
</tr>
<tr>
@@ -476,16 +470,16 @@ If an issue from a previous run is open and assigned to someone, then use [`gh i
</td>
<td>
If an issue from a previous run is open and is not assigned to anyone, then:
以前の実行でのイシューが未解決であり誰にも割り当てられない場合は、次のようになります。
* Use [`gh issue comment`](https://cli.github.com/manual/gh_issue_comment) to add a comment with a link to the new issue.
* Use [`gh issue close`](https://cli.github.com/manual/gh_issue_close) to close the old issue.
* Use [`gh issue edit`](https://cli.github.com/manual/gh_issue_edit) to edit the old issue to remove it from a specific {% data variables.product.prodname_dotcom %} project board.
* [`gh issue comment`](https://cli.github.com/manual/gh_issue_comment) を使用して、新しいイシューへのリンクを含むコメントを追加します。
* [`gh issue close`](https://cli.github.com/manual/gh_issue_close) を使用して以前のイシューを閉じます。
* [`gh issue edit`](https://cli.github.com/manual/gh_issue_edit) を使用して以前のイシューを編集し、特定の {% data variables.product.prodname_dotcom %} プロジェクト ボードから削除します。
</td>
</tr>
</tbody>
</table>
## Next steps
## 次の手順
{% data reusables.actions.learning-actions %}

4
translations/ja-JP/content/actions/hosting-your-own-runners/about-self-hosted-runners.md
View File

@@ -69,13 +69,10 @@ You can use any machine as a self-hosted runner as long at it meets these requir
* The machine has enough hardware resources for the type of workflows you plan to run. The self-hosted runner application itself only requires minimal resources.
* If you want to run workflows that use Docker container actions or service containers, you must use a Linux machine and Docker must be installed.
{% ifversion fpt or ghes > 3.2 or ghec or ghae %}
## Autoscaling your self-hosted runners
You can automatically increase or decrease the number of self-hosted runners in your environment in response to the webhook events you receive. For more information, see "[Autoscaling with self-hosted runners](/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners)."
{% endif %}
## Usage limits
There are some limits on {% data variables.product.prodname_actions %} usage when using self-hosted runners. These limits are subject to change.
@@ -249,7 +246,6 @@ codeload.github.com
{% endnote %}
{% endif %}
## Self-hosted runner security

2
translations/ja-JP/content/actions/hosting-your-own-runners/adding-self-hosted-runners.md
View File

@@ -32,7 +32,7 @@ For more information, see "[About self-hosted runners](/github/automating-your-w
{% endwarning %}
{% endif %}
{% ifversion fpt or ghec or ghes > 3.2 %}
{% ifversion fpt or ghec or ghes %}
You can set up automation to scale the number of self-hosted runners. For more information, see "[Autoscaling with self-hosted runners](/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners)."

2
translations/ja-JP/content/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners.md
View File

@@ -5,7 +5,7 @@ intro: You can automatically scale your self-hosted runners in response to webho
versions:
fpt: '*'
ghec: '*'
ghes: '>3.2'
ghes: '*'
ghae: '*'
type: overview
---

2
translations/ja-JP/content/actions/learn-github-actions/contexts.md
View File

@@ -608,7 +608,7 @@ jobs:
## `secrets` context
The `secrets` context contains the names and values of secrets that are available to a workflow run. The `secrets` context is not available for composite actions. For more information about secrets, see "[Encrypted secrets](/actions/security-guides/encrypted-secrets)."
The `secrets` context contains the names and values of secrets that are available to a workflow run. The `secrets` context is not available for composite actions due to security reasons. If you want to pass a secret to a composite action, you need to do it explicitly as an input. For more information about secrets, see "[Encrypted secrets](/actions/security-guides/encrypted-secrets)."
`GITHUB_TOKEN` is a secret that is automatically created for every workflow run, and is always included in the `secrets` context. For more information, see "[Automatic token authentication](/actions/security-guides/automatic-token-authentication)."

2
translations/ja-JP/content/actions/security-guides/automatic-token-authentication.md
View File

@@ -87,9 +87,7 @@ The following table shows the permissions granted to the `GITHUB_TOKEN` by defau
| issues | read/write | none | read |
| metadata | read | read | read |
| packages | read/write | none | read |
{%- ifversion fpt or ghec or ghes > 3.2 or ghae %}
| pages | read/write | none | read |
{%- endif %}
| pull-requests | read/write | none | read |
| repository-projects | read/write | none | read |
| security-events | read/write | none | read |

2
translations/ja-JP/content/actions/security-guides/encrypted-secrets.md
View File

@@ -7,6 +7,8 @@ redirect_from:
- /actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets
- /actions/configuring-and-managing-workflows/using-variables-and-secrets-in-a-workflow
- /actions/reference/encrypted-secrets
- /actions/managing-workflows/storing-secrets
miniTocMaxHeadingLevel: 3
versions:
fpt: '*'

41
translations/ja-JP/content/actions/using-github-hosted-runners/controlling-access-to-larger-runners.md
View File

@@ -1,50 +1,49 @@
---
title: より大きなランナーへのアクセスの制御
intro: 'Organization または Enterprise に追加された {% data variables.actions.hosted_runner %} へのアクセスを、ポリシーを使って制限できます。'
title: Controlling access to larger runners
shortTitle: 'Control access to {% data variables.actions.hosted_runner %}s'
intro: 'You can use policies to limit access to {% data variables.actions.hosted_runner %}s that have been added to an organization or enterprise.'
product: '{% data reusables.gated-features.hosted-runners %}'
versions:
feature: actions-hosted-runners
type: tutorial
shortTitle: 'Controlling access to {% data variables.actions.hosted_runner %}s'
ms.openlocfilehash: 6761f05ef04d18ebba7b9ef8a2894d7effd2622b
ms.sourcegitcommit: 478f2931167988096ae6478a257f492ecaa11794
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/09/2022
ms.locfileid: '147764022'
---
{% data reusables.actions.enterprise-beta %} {% data reusables.actions.enterprise-github-hosted-runners %}
## ランナー グループについて
{% data reusables.actions.enterprise-beta %}
{% data reusables.actions.enterprise-github-hosted-runners %}
{% data reusables.actions.about-runner-groups %} {% ifversion fpt %}詳しくは、[{% data variables.product.prodname_ghe_cloud %} のドキュメント](/enterprise-cloud@latest/actions/using-github-hosted-runners/controlling-access-to-larger-runners)をご覧ください。{% endif %}
## About runner groups
{% data reusables.actions.about-runner-groups %} {% ifversion fpt %}For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/actions/using-github-hosted-runners/controlling-access-to-larger-runners).{% endif %}
{% ifversion ghec or ghes or ghae %}
## Organization のランナー グループを作成する
## Creating a runner group for an organization
{% data reusables.actions.hosted-runner-security-admonition %} {% data reusables.actions.creating-a-runner-group-for-an-organization %}
{% data reusables.actions.hosted-runner-security-admonition %}
{% data reusables.actions.creating-a-runner-group-for-an-organization %}
## Enterprise のランナー グループを作成する
## Creating a runner group for an enterprise
{% data reusables.actions.hosted-runner-security-admonition %} {% data reusables.actions.creating-a-runner-group-for-an-enterprise %}
{% data reusables.actions.hosted-runner-security-admonition %}
{% data reusables.actions.creating-a-runner-group-for-an-enterprise %}
{% endif %}
## ランナー グループのアクセス ポリシーを変更する
## Changing the access policy of a runner group
{% data reusables.actions.hosted-runner-security-admonition %} {% data reusables.actions.changing-the-access-policy-of-a-runner-group %}
{% data reusables.actions.hosted-runner-security-admonition %}
{% data reusables.actions.changing-the-access-policy-of-a-runner-group %}
## ランナー グループの名前を変更する
## Changing the name of a runner group
{% data reusables.actions.changing-the-name-of-a-runner-group %}
{% ifversion ghec or ghes or ghae %}
## ランナーをグループに移動する
## Moving a runner to a group
{% data reusables.actions.moving-a-runner-to-a-group %}
## ランナー グループを削除する
## Removing a runner group
{% data reusables.actions.removing-a-runner-group %}

4
translations/ja-JP/content/actions/using-github-hosted-runners/using-larger-runners.md
View File

@@ -1,11 +1,11 @@
---
title: Using larger runners
shortTitle: 'Larger runners'
shortTitle: Larger runners
intro: '{% data variables.product.prodname_dotcom %} offers larger runners with more RAM and CPU.'
miniTocMaxHeadingLevel: 3
product: '{% data reusables.gated-features.hosted-runners %}'
versions:
feature: 'actions-hosted-runners'
feature: actions-hosted-runners
---
## Overview of {% data variables.actions.hosted_runner %}s

9
translations/ja-JP/content/actions/using-workflows/workflow-commands-for-github-actions.md
View File

@@ -139,8 +139,8 @@ The following table shows which toolkit functions are available within a workflo
| Toolkit function | Equivalent workflow command |
| ----------------- | ------------- |
| `core.addPath` | Accessible using environment file `GITHUB_PATH` |
| `core.debug` | `debug` |{% ifversion fpt or ghes > 3.2 or ghae or ghec %}
| `core.notice` | `notice` |{% endif %}
| `core.debug` | `debug` |
| `core.notice` | `notice` |
| `core.error` | `error` |
| `core.endGroup` | `endgroup` |
| `core.exportVariable` | Accessible using environment file `GITHUB_ENV` |
@@ -216,8 +216,6 @@ Write-Output "::debug::Set the Octocat variable"
{% endpowershell %}
{% ifversion fpt or ghes > 3.2 or ghae or ghec %}
## Setting a notice message
Creates a notice message and prints the message to the log. {% data reusables.actions.message-annotation-explanation %}
@@ -245,7 +243,6 @@ Write-Output "::notice file=app.js,line=1,col=5,endColumn=7::Missing semicolon"
```
{% endpowershell %}
{% endif %}
## Setting a warning message
@@ -584,6 +581,8 @@ console.log("The running PID from the main action is: " + process.env.STATE_pro
During the execution of a workflow, the runner generates temporary files that can be used to perform certain actions. The path to these files are exposed via environment variables. You will need to use UTF-8 encoding when writing to these files to ensure proper processing of the commands. Multiple commands can be written to the same file, separated by newlines.
Most commands in the following examples use double quotes for echoing strings, which will attempt to interpolate characters like `$` for shell variable names. To always use literal values in quoted strings, you can use single quotes instead.
{% powershell %}
{% note %}

2
translations/ja-JP/content/actions/using-workflows/workflow-syntax-for-github-actions.md
View File

@@ -32,7 +32,7 @@ The name of your workflow. {% data variables.product.prodname_dotcom %} displays
{% ifversion actions-run-name %}
## `run-name`
The name for workflow runs generated from the workflow. {% data variables.product.prodname_dotcom %} displays the workflow run name in the list of workflow runs on your repository's "Actions" tab. If you omit `run-name`, the run name is set to event-specific information for the workflow run. For example, for a workflow triggered by a `push` or `pull_request` event, it is set as the commit message.
The name for workflow runs generated from the workflow. {% data variables.product.prodname_dotcom %} displays the workflow run name in the list of workflow runs on your repository's "Actions" tab. If `run-name` is omitted or is only whitespace, then the run name is set to event-specific information for the workflow run. For example, for a workflow triggered by a `push` or `pull_request` event, it is set as the commit message.
This value can include expressions and can reference the [`github`](/actions/learn-github-actions/contexts#github-context) and [`inputs`](/actions/learn-github-actions/contexts#inputs-context) contexts.

4
translations/ja-JP/content/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-dependency-review-for-your-appliance.md
View File

@@ -1,7 +1,7 @@
---
title: Configuring dependency review for your appliance
shortTitle: Configuring dependency review
intro: 'To helps users understand dependency changes when reviewing pull requests, you can enable, configure, and disable dependency review for {% data variables.location.product_location %}.'
intro: 'To helps users understand dependency changes when reviewing pull requests, you can enable, configure, and disable dependency review for {% data variables.location.product_location %}.'
product: '{% data reusables.gated-features.dependency-review %}'
miniTocMaxHeadingLevel: 3
versions:
@@ -14,8 +14,6 @@ topics:
- Security
---
{% data reusables.dependency-review.beta %}
## About dependency review
{% data reusables.dependency-review.feature-overview %}

2
translations/ja-JP/content/admin/code-security/managing-supply-chain-security-for-your-enterprise/about-supply-chain-security-for-your-enterprise.md
View File

@@ -15,6 +15,6 @@ topics:
You can allow users to identify their projects' dependencies by {% ifversion ghes %}enabling{% elsif ghae %}using{% endif %} the dependency graph for {% data variables.location.product_location %}. For more information, see "{% ifversion ghes %}[Enabling the dependency graph for your enterprise](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise){% elsif ghae %}[About the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph){% endif %}."
You can also allow users on {% data variables.location.product_location %} to find and fix vulnerabilities in their code dependencies by enabling {% data variables.product.prodname_dependabot_alerts %}{% ifversion ghes > 3.2 %} and {% data variables.product.prodname_dependabot_updates %}{% endif %}. For more information, see "[Enabling {% data variables.product.prodname_dependabot %} for your enterprise](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."
You can also allow users on {% data variables.location.product_location %} to find and fix vulnerabilities in their code dependencies by enabling {% data variables.product.prodname_dependabot_alerts %}{% ifversion ghes %} and {% data variables.product.prodname_dependabot_updates %}{% endif %}. For more information, see "[Enabling {% data variables.product.prodname_dependabot %} for your enterprise](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."
After you enable {% data variables.product.prodname_dependabot_alerts %}, you can view vulnerability data from the {% data variables.product.prodname_advisory_database %} on {% data variables.location.product_location %} and manually sync the data. For more information, see "[Viewing the vulnerability data for your enterprise](/admin/code-security/managing-supply-chain-security-for-your-enterprise/viewing-the-vulnerability-data-for-your-enterprise)."

2
translations/ja-JP/content/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise.md
View File

@@ -16,7 +16,7 @@ topics:
{% data reusables.dependabot.about-the-dependency-graph %} For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)"
After you enable the dependency graph for your enterprise, you can enable {% data variables.product.prodname_dependabot %} to detect insecure dependencies in your repository{% ifversion ghes > 3.2 %} and automatically fix the vulnerabilities{% endif %}. For more information, see "[Enabling {% data variables.product.prodname_dependabot %} for your enterprise](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."
After you enable the dependency graph for your enterprise, you can enable {% data variables.product.prodname_dependabot %} to detect insecure dependencies in your repository{% ifversion ghes %} and automatically fix the vulnerabilities{% endif %}. For more information, see "[Enabling {% data variables.product.prodname_dependabot %} for your enterprise](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."
{% ifversion ghes %}
You can enable the dependency graph via the {% data variables.enterprise.management_console %} or the administrative shell. We recommend using the {% data variables.enterprise.management_console %} unless {% data variables.location.product_location %} uses clustering.

8
translations/ja-JP/content/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise.md
View File

@@ -1,6 +1,6 @@
---
title: Enabling Dependabot for your enterprise
intro: 'You can allow users of {% data variables.location.product_location %} to find and fix vulnerabilities in code dependencies by enabling {% data variables.product.prodname_dependabot_alerts %}{% ifversion ghes > 3.2 %} and {% data variables.product.prodname_dependabot_updates %}{% endif %}.'
intro: 'You can allow users of {% data variables.location.product_location %} to find and fix vulnerabilities in code dependencies by enabling {% data variables.product.prodname_dependabot_alerts %}{% ifversion ghes %} and {% data variables.product.prodname_dependabot_updates %}{% endif %}.'
miniTocMaxHeadingLevel: 3
shortTitle: Dependabot
redirect_from:
@@ -26,7 +26,7 @@ topics:
## About {% data variables.product.prodname_dependabot %} for {% data variables.product.product_name %}
{% data variables.product.prodname_dependabot %} helps users of {% data variables.location.product_location %} find and fix vulnerabilities in their dependencies.{% ifversion ghes > 3.2 %} You can enable {% data variables.product.prodname_dependabot_alerts %} to notify users about vulnerable dependencies and {% data variables.product.prodname_dependabot_updates %} to fix the vulnerabilities and keep dependencies updated to the latest version.
{% data variables.product.prodname_dependabot %} helps users of {% data variables.location.product_location %} find and fix vulnerabilities in their dependencies.{% ifversion ghes %} You can enable {% data variables.product.prodname_dependabot_alerts %} to notify users about vulnerable dependencies and {% data variables.product.prodname_dependabot_updates %} to fix the vulnerabilities and keep dependencies updated to the latest version.
### About {% data variables.product.prodname_dependabot_alerts %}
{% endif %}
@@ -51,7 +51,7 @@ When {% data variables.location.product_location %} receives information about a
For repositories with {% data variables.product.prodname_dependabot_alerts %} enabled, scanning is triggered on any push to the default branch that contains a manifest file or lock file. Additionally, when a new vulnerability record is added to {% data variables.location.product_location %}, {% data variables.product.product_name %} scans all existing repositories on {% data variables.location.product_location %} and generates alerts for any repository that is vulnerable. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)."
{% ifversion ghes > 3.2 %}
{% ifversion ghes %}
### About {% data variables.product.prodname_dependabot_updates %}
{% data reusables.dependabot.beta-security-and-version-updates %}
@@ -124,7 +124,7 @@ After you enable {% data variables.product.prodname_dependabot_alerts %} for you
![Screenshot of the dropdown menu to enable updating vulnerable dependencies](/assets/images/enterprise/site-admin-settings/dependabot-updates-button.png)
{% endif %}
{% ifversion ghes > 3.2 %}
{% ifversion ghes %}
When you enable {% data variables.product.prodname_dependabot_alerts %}, you should consider also setting up {% data variables.product.prodname_actions %} for {% data variables.product.prodname_dependabot_security_updates %}. This feature allows developers to fix vulnerabilities in their dependencies. For more information, see "[Managing self-hosted runners for {% data variables.product.prodname_dependabot_updates %} on your enterprise](/admin/github-actions/enabling-github-actions-for-github-enterprise-server/managing-self-hosted-runners-for-dependabot-updates)."

2
translations/ja-JP/content/admin/configuration/configuring-your-enterprise/configuring-host-keys-for-your-instance.md
View File

@@ -2,7 +2,7 @@
title: Configuring host keys for your instance
shortTitle: Configure host keys
intro: 'You can increase the security of {% data variables.location.product_location %} by configuring the algorithms that your instance uses to generate and advertise host keys for incoming SSH connections.'
permissions: "Site administrators can configure the host keys for a {% data variables.product.product_name %} instance."
permissions: 'Site administrators can configure the host keys for a {% data variables.product.product_name %} instance.'
versions:
ghes: '>= 3.6'
type: how_to

2
translations/ja-JP/content/admin/configuration/configuring-your-enterprise/configuring-ssh-connections-to-your-instance.md
View File

@@ -2,7 +2,7 @@
title: Configuring SSH connections to your instance
shortTitle: Configure SSH connections
intro: 'You can increase the security of {% data variables.location.product_location %} by configuring the SSH algorithms that clients can use to establish a connection.'
permissions: "Site administrators can configure SSH connections to a {% data variables.product.product_name %} instance."
permissions: 'Site administrators can configure SSH connections to a {% data variables.product.product_name %} instance.'
versions:
ghes: '>= 3.6'
type: how_to

23
translations/ja-JP/content/admin/enterprise-management/caching-repositories/about-repository-caching.md
View File

@@ -1,26 +1,21 @@
---
title: リポジトリのキャッシュについて
intro: リポジトリのキャッシュを使用して、分散チームと CI ファームでの Git 読み取り操作のパフォーマンスを向上させることができます。
title: About repository caching
intro: You can increase the performance of Git read operations for distributed teams and CI farms with repository caching.
versions:
ghes: '>=3.3'
ghes: '*'
type: overview
topics:
- Enterprise
ms.openlocfilehash: 06a0dd3ba202c73f1ee035d61f7865fadd13b415
ms.sourcegitcommit: fb047f9450b41b24afc43d9512a5db2a2b750a2a
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/11/2022
ms.locfileid: '145120645'
---
{% data reusables.enterprise.repository-caching-release-phase %}
世界中にチームと CI ファームがある場合、{% data variables.product.prodname_ghe_server %} のプライマリ インスタンスのパフォーマンスが低下する可能性があります。 アクティブ geo レプリカを使うと読み取り要求のパフォーマンスが向上しますが、書き込みスループットが制限されます。 プライマリ インスタンスの負荷を軽減し、書き込みスループットのパフォーマンスを向上させるには、これらの地理的に分散したクライアントの近くに配置されたリポジトリの非同期読み取り専用ミラーであるリポジトリ キャッシュを構成できます。
If you have teams and CI farms located around the world, you may experience reduced performance on your primary {% data variables.product.prodname_ghe_server %} instance. While active geo-replicas can improve the performance of read requests, this comes at the cost of limiting write throughput. To reduce load on your primary instance and improve write throughput performance, you can configure a repository cache, an asynchronous read-only mirror of repositories located near these geographically-distributed clients.
リポジトリ キャッシュを使うと、CI ファームや分散チームの近くにリポジトリ データが提供されるため、{% data variables.product.product_name %} は、複数のクライアントにサービスを提供するために、同じ Git データを長距離ネットワーク リンク経由で何回も送信する必要がなくなります。 たとえば、プライマリ インスタンスが北米にあり、アジアの多くの場所でもそれを利用している場合は、アジアの CI ランナーが使用するためのリポジトリ キャッシュをアジアに設けるとメリットがあります。
A repository cache eliminates the need for {% data variables.product.product_name %} to transmit the same Git data over a long-haul network link multiple times to serve multiple clients, by serving your repository data close to CI farms and distributed teams. For instance, if your primary instance is in North America and you also have a large presence in Asia, you will benefit from setting up the repository cache in Asia for use by CI runners there.
リポジトリ キャッシュは、プライマリ インスタンス (単一インスタンスでも、geo レプリケートされたインスタンスのセットでも) で、Git データの変更をリッスンします。 CI ファームや他の読み取り負荷の高いコンシューマーは、プライマリ インスタンスの代わりにリポジトリ キャッシュからクローンしてフェッチします。 変更は、クライアントごとに 1 回ではなく、キャッシュ インスタンスごとに 1 回ずつ、定期的にネットワーク全体に反映されます。 通常、Git データは、データがプライマリ インスタンスにプッシュされてから数分以内に、リポジトリ キャッシュで使用できるようになります。 {% ifversion ghes > 3.3 %}CI システムは、[`cache_sync` Webhook](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#cache_sync) を使うことで、キャッシュで使用可能になったデータに対応できます。{% endif %}
The repository cache listens to the primary instance, whether that's a single instance or a geo-replicated set of instances, for changes to Git data. CI farms and other read-heavy consumers clone and fetch from the repository cache instead of the primary instance. Changes are propagated across the network, at periodic intervals, once per cache instance rather than once per client. Git data will typically be visible on the repository cache within several minutes after the data is pushed to the primary instance. {% ifversion ghes > 3.3 %}The [`cache_sync` webhook](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#cache_sync) can be used by CI systems to react to data being available in the cache.{% endif %}
リポジトリ キャッシュと同期できるようにするリポジトリを、きめ細かく制御できます。 Git データは、ユーザーが指定した場所にのみレプリケートされます。
You have fine-grained control over which repositories are allowed to sync to the repository cache. Git data will only be replicated to the locations you specify.
{% data reusables.enterprise.repository-caching-config-summary %}詳しくは、「[リポジトリ キャッシュを構成する](/admin/enterprise-management/caching-repositories/configuring-a-repository-cache)」をご覧ください。
{% data reusables.enterprise.repository-caching-config-summary %} For more information, see "[Configuring a repository cache](/admin/enterprise-management/caching-repositories/configuring-a-repository-cache)."

76
translations/ja-JP/content/admin/enterprise-management/caching-repositories/configuring-a-repository-cache.md
View File

@@ -1,107 +1,105 @@
---
title: リポジトリ キャッシュの構成
intro: リポジトリ キャッシュを構成するには、新しいアプライアンスを作成し、リポジトリ キャッシュをプライマリ アプライアンスに接続し、リポジトリ キャッシュに対するリポジトリ ネットワークのレプリケーションを構成します。
title: Configuring a repository cache
intro: 'You can configure a repository cache by creating a new appliance, connecting the repository cache to your primary appliance, and configuring replication of repository networks to the repository cache.'
versions:
ghes: '>=3.3'
ghes: '*'
type: how_to
topics:
- Enterprise
ms.openlocfilehash: dced49e1e6795407e2e41f12275a310c3a98aaf1
ms.sourcegitcommit: fb047f9450b41b24afc43d9512a5db2a2b750a2a
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/10/2022
ms.locfileid: '146332011'
---
{% data reusables.enterprise.repository-caching-release-phase %}
## リポジトリ キャッシュの構成について
## About configuration for repository caching
{% data reusables.enterprise.repository-caching-config-summary %}次に、リポジトリ キャッシュにレプリケートされるリポジトリ ネットワークを管理するデータの場所ポリシーを設定できます。
{% data reusables.enterprise.repository-caching-config-summary %} Then, you can set data location policies that govern which repository networks are replicated to the repository cache.
クラスタリングでは、リポジトリ キャッシュはサポートされていません。
Repository caching is not supported with clustering.
## リポジトリ キャッシュの DNS
## DNS for repository caches
プライマリ インスタンスとリポジトリ キャッシュの DNS 名は異なっている必要があります。 たとえば、プライマリ インスタンスが `github.example.com` にある場合は、キャッシュ名は `europe-ci.github.example.com` `github.asia.example.com` に決定できます。
The primary instance and repository cache should have different DNS names. For example, if your primary instance is at `github.example.com`, you might decide to name a cache `europe-ci.github.example.com` or `github.asia.example.com`.
CI マシンで、プライマリ インスタンスではなくリポジトリ キャッシュからフェッチするには、Git `url.<base>.insteadOf` 構成設定を使用できます。 詳細については、Git ドキュメントにある「[`git-config`](https://git-scm.com/docs/git-config#Documentation/git-config.txt-urlltbasegtinsteadOf)」を参照してください。
To have your CI machines fetch from the repository cache instead of the primary instance, you can use Git's `url.<base>.insteadOf` configuration setting. For more information, see [`git-config`](https://git-scm.com/docs/git-config#Documentation/git-config.txt-urlltbasegtinsteadOf) in the Git documentation.
たとえば、CI マシンのグローバル `.gitconfig` には、次の行が含まれます。
For example, the global `.gitconfig` for the CI machine would include these lines.
```
[url "https://europe-ci.github.example.com/"]
insteadOf = https://github.example.com/
insteadOf = https://github.example.com/
```
次に、`https://github.example.com/myorg/myrepo` をフェッチするように Git に要求すると、代わりに `https://europe-ci.github.example.com/myorg/myrepo` からフェッチされます。
Then, when told to fetch `https://github.example.com/myorg/myrepo`, Git will instead fetch from `https://europe-ci.github.example.com/myorg/myrepo`.
## リポジトリ キャッシュの構成
## Configuring a repository cache
{% ifversion ghes = 3.3 %}
1. プライマリ {% data variables.product.prodname_ghe_server %} アプライアンスで、リポジトリ キャッシュの機能フラグを有効にします。
1. On your primary {% data variables.product.prodname_ghe_server %} appliance, enable the feature flag for repository caching.
```
$ ghe-config cluster.cache-enabled true
```
{%- endif %}
1. 新しい {% data variables.product.prodname_ghe_server %} アプライアンスを希望するプラットフォームにセットアップします。 このアプライアンスがリポジトリ キャッシュになります。 詳細については、「[{% data variables.product.prodname_ghe_server %} インスタンスをセットアップする](/admin/guides/installation/setting-up-a-github-enterprise-server-instance)」を参照してください。
1. Set up a new {% data variables.product.prodname_ghe_server %} appliance on your desired platform. This appliance will be your repository cache. For more information, see "[Setting up a {% data variables.product.prodname_ghe_server %} instance](/admin/guides/installation/setting-up-a-github-enterprise-server-instance)."
{% data reusables.enterprise_installation.replica-steps %}
1. SSH を使用して、リポジトリ キャッシュの IP アドレスに接続します。
1. Connect to the repository cache's IP address using SSH.
```shell
$ ssh -p 122 admin@<em>REPLICA IP</em>
$ ssh -p 122 admin@REPLICA-IP
```
{%- ifversion ghes = 3.3 %}
1. キャッシュ レプリカで、リポジトリ キャッシュの機能フラグを有効にします。
1. On your cache replica, enable the feature flag for repository caching.
```
$ ghe-config cluster.cache-enabled true
```
{%- endif %} {% data reusables.enterprise_installation.generate-replication-key-pair %} {% data reusables.enterprise_installation.add-ssh-key-to-primary %}
1. プライマリへの接続を確認し、リポジトリ キャッシュに対してレプリカ モードを有効にするには、`ghe-repl-setup` をもう一度実行します。
{%- endif %}
{% data reusables.enterprise_installation.generate-replication-key-pair %}
{% data reusables.enterprise_installation.add-ssh-key-to-primary %}
1. To verify the connection to the primary and enable replica mode for the repository cache, run `ghe-repl-setup` again.
```shell
$ ghe-repl-setup <em>PRIMARY IP</em>
$ ghe-repl-setup PRIMARY-IP
```
1. *CACHE-LOCATION* を、キャッシュがデプロイされているリージョンなどの英数字識別子に置き換えて、リポジトリ キャッシュに対して `cache_location` を設定します。 また、このキャッシュのデータセンター名も設定します。新しいキャッシュでは、同じデータセンター内の別のキャッシュからシード処理を試みます。
1. Set a `cache_location` for the repository cache, replacing *CACHE-LOCATION* with an alphanumeric identifier, such as the region where the cache is deployed. Also set a datacenter name for this cache; new caches will attempt to seed from another cache in the same datacenter.
```shell
$ ghe-repl-node --cache <em>CACHE-LOCATION</em> --datacenter <em>REPLICA-DC-NAME</em>
$ ghe-repl-node --cache CACHE-LOCATION --datacenter REPLICA-DC-NAME
```
{% data reusables.enterprise_installation.replication-command %} {% data reusables.enterprise_installation.verify-replication-channel %}
1. リポジトリ キャッシュへのリポジトリ ネットワークのレプリケーションを有効にするには、データの場所ポリシーを設定します。 詳細については、「[データの場所ポリシー](#data-location-policies)」を参照してください。
{% data reusables.enterprise_installation.replication-command %}
{% data reusables.enterprise_installation.verify-replication-channel %}
1. To enable replication of repository networks to the repository cache, set a data location policy. For more information, see "[Data location policies](#data-location-policies)."
## データの場所ポリシー
## Data location policies
`spokesctl cache-policy` コマンドでリポジトリのデータの場所ポリシーを構成して、データの局所性を制御できます。 データの場所ポリシーによって、どのリポジトリ ネットワークがどのリポジトリ キャッシュにレプリケートされているかが決まります。 既定では、データの場所ポリシーが構成されるまで、どのリポジトリ キャッシュにもリポジトリ ネットワークはレプリケートされません。
You can control data locality by configuring data location policies for your repositories with the `spokesctl cache-policy` command. Data location policies determine which repository networks are replicated on which repository caches. By default, no repository networks will be replicated on any repository caches until a data location policy is configured.
データの場所ポリシーは、Git コンテンツにのみ影響します。 Issue や pull request コメントなどのデータベース内のコンテンツは、ポリシーに関係なくすべてのノードにレプリケートされます。
Data location policies affect only Git content. Content in the database, such as issues and pull request comments, will be replicated to all nodes regardless of policy.
{% note %}
**注:** データの場所ポリシーは、アクセス制御と同じではありません。 リポジトリにアクセスできるユーザーを制御するには、リポジトリ ロールを使用する必要があります。 リポジトリ ロールの詳細については、「[Organization のリポジトリ ロール](/organizations/managing-access-to-your-organizations-repositories/repository-roles-for-an-organization)」を参照してください。
**Note:** Data location policies are not the same as access control. You must use repository roles to control which users may access a repository. For more information about repository roles, see "[Repository roles for an organization](/organizations/managing-access-to-your-organizations-repositories/repository-roles-for-an-organization)."
{% endnote %}
`--default` フラグを使用して、すべてのネットワークをレプリケートするようにポリシーを構成できます。 たとえば、次のコマンドでは、すべてのリポジトリ ネットワークの 1 つのコピーを、`cache_location` "kansas" であるリポジトリ キャッシュのセットにレプリケートするポリシーが作成されます。
You can configure a policy to replicate all networks with the `--default` flag. For example, this command will create a policy to replicate a single copy of every repository network to the set of repository caches whose `cache_location` is "kansas".
```
$ ghe-spokesctl cache-policy set --default 1 kansas
```
リポジトリ ネットワークのレプリケーションを構成するには、ネットワークのルートであるリポジトリを指定します。 リポジトリ ネットワークには、リポジトリとリポジトリのすべてのフォークが含まれます。 ネットワーク全体をレプリケートしないと、ネットワークの一部をレプリケートすることはできません。
To configure replication for a repository network, specify the repository that is the root of the network. A repository network includes a repository and all of the repository's forks. You cannot replicate part of a network without replicating the whole network.
```
$ ghe-spokesctl cache-policy set <owner/repository> 1 kansas
```
ネットワークのレプリカ数を 0 に指定すると、すべてのネットワークをレプリケートし、特定のネットワークを除外するポリシーをオーバーライドできます。 たとえば、次のコマンドでは、場所 "kansas" 内のリポジトリ キャッシュに、そのネットワークのコピーを含めることができないことが指定されます。
You can override a policy that replicates all networks and exclude specific networks by specifying a replica count of zero for the network. For example, this command specifies that any repository cache in location "kansas" cannot contain any copies of that network.
```
$ ghe-spokesctl cache-policy set <owner/repository> 0 kansas
```
特定のキャッシュの場所で、1 より大きいレプリカ数はサポートされていません。
Replica counts greater than one in a given cache location are not supported.

13
translations/ja-JP/content/admin/enterprise-management/caching-repositories/index.md
View File

@@ -1,18 +1,13 @@
---
title: リポジトリのキャッシュ
intro: ユーザーと CI クライアントに近い読み取り専用ミラーを提供するリポジトリ キャッシュを使用して、地理的に分散した Team のパフォーマンスを向上させることができます。
title: Caching repositories
intro: 'You can improve performance for your geographically-distributed team with repository caching, which provides read-only mirrors close to your users and CI clients.'
versions:
ghes: '>=3.3'
ghes: '*'
topics:
- Enterprise
children:
- /about-repository-caching
- /configuring-a-repository-cache
ms.openlocfilehash: 4c019db4ea99bc2383c4496fb9632e8723a7a02b
ms.sourcegitcommit: fb047f9450b41b24afc43d9512a5db2a2b750a2a
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/11/2022
ms.locfileid: '145112798'
---
{% data reusables.enterprise.repository-caching-release-phase %}

30
translations/ja-JP/content/admin/enterprise-management/configuring-high-availability/about-geo-replication.md
View File

@@ -1,6 +1,6 @@
---
title: Geo-replicationについて
intro: '{% data variables.product.prodname_ghe_server %} 上の Geo-replication は、地理的に分散したデータセンターからの要求を満たすために、複数のアクティブなレプリカを使用します。'
title: About geo-replication
intro: 'Geo-replication on {% data variables.product.prodname_ghe_server %} uses multiple active replicas to fulfill requests from geographically distributed data centers.'
redirect_from:
- /enterprise/admin/installation/about-geo-replication
- /enterprise/admin/enterprise-management/about-geo-replication
@@ -11,32 +11,26 @@ type: overview
topics:
- Enterprise
- High availability
ms.openlocfilehash: 0e4e2feb161dd897172385bf25cf997268527fd3
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/05/2022
ms.locfileid: '146332809'
---
アクティブなレプリカが複数あれば、最も近いレプリカへの距離を短くできます。 たとえばサンフランシスコ、ニューヨーク、ロンドンにオフィスを持つ組織は、プライマリのアプライアンスをニューヨークの近くのデータセンター内で動作させ、2つのレプリカをサンフランシスコとロンドンの近くのデータセンターで動作させることができます。 地理的な場所を認識するDNSを利用すれば、ユーザーは利用可能な最も近いサーバへ振り分けられ、リポジトリのデータに高速にアクセスできます。 ニューヨークの近くにあるアプライアンスをプライマリにすれば、ロンドンへのレイテンシが大きいサンフランシスコ近くのアプライアンスをプライマリにする場合に比べ、ホスト間のレイテンシの削減に役立ちます。
Multiple active replicas can provide a shorter distance to the nearest replica. For example, an organization with offices in San Francisco, New York, and London could run the primary appliance in a datacenter near New York and two replicas in datacenters near San Francisco and London. Using geolocation-aware DNS, users can be directed to the closest server available and access repository data faster. Designating the appliance near New York as the primary helps reduce the latency between the hosts, compared to the appliance near San Francisco being the primary which has a higher latency to London.
アクティブなレプリカは、自身では処理できないリクエストをプライマリインスタンスに中継します。 レプリカは、すべてのSSL接続をターミネートする接続点として機能します。 ホスト間のトラフィックは、暗号化されたVPN接続を通じて送信されます。これは、Geo-replicationなしの2ードのHigh Availability構成に似ています。
The active replica proxies requests that it can't process itself to the primary instance. The replicas function as a point of presence terminating all SSL connections. Traffic between hosts is sent through an encrypted VPN connection, similar to a two-node high availability configuration without geo-replication.
Git リクエストと、LFS やファイルアップロードなどの特定のファイルサーバーリクエストは、プライマリからデータをロードせずにレプリカから直接処理できます。 Webリクエストは常にプライマリにルーティングされますが、レプリカがユーザに近ければ、近くでSSLのターミネーションが行われることからリクエストは高速に処理されます。
Git requests and specific file server requests, such as LFS and file uploads, can be served directly from the replica without loading any data from the primary. Web requests are always routed to the primary, but if the replica is closer to the user the requests are faster due to the closer SSL termination.
[Amazon Route 53 サービス](http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html#routing-policy-geo)など、Geo DNS は、geo レプリケーションがシームレスに機能するために必要です。 インスタンスのホスト名は、ユーザの場所に最も近いレプリカに解決されるべきです。
Geo DNS, such as [Amazon's Route 53 service](http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html#routing-policy-geo), is required for geo-replication to work seamlessly. The hostname for the instance should resolve to the replica that is closest to the user's location.
## 制限事項
## Limitations
レプリカへの書き込みリクエストには、データをプライマリとすべてのレプリカへ送信することが必要です。 これは、すべての書き込みのパフォーマンスが最も遅いレプリカによって制限されることを意味しますが、新しい Geo-replication レプリカは、プライマリからではなく、既存の同じ場所に配置された Geo-replication レプリカからデータの大部分をシードできます。 {% ifversion ghes > 3.2 %}書き込みスループットに影響を与えず、分散チームと大規模 CI ファームによって引き起こされる待機時間と帯域幅を減らすには、代わりにリポジトリ キャッシュを構成できます。 詳細については、「[About repository caching](/admin/enterprise-management/caching-repositories/about-repository-caching)」(リポジトリのキャッシュについて) を参照してください。{% endif %}
Writing requests to the replica requires sending the data to the primary and all replicas. This means that the performance of all writes is limited by the slowest replica, although new geo-replicas can seed the majority of their data from existing co-located geo-replicas, rather than from the primary. To reduce the latency and bandwidth caused by distributed teams and large CI farms without impacting write throughput, you can configure repository caching instead. For more information, see "[About repository caching](/admin/enterprise-management/caching-repositories/about-repository-caching)."
Geo-replication は、{% data variables.product.prodname_ghe_server %} インスタンスに容量を追加したり、不十分な CPU やメモリリソースに関連するパフォーマンスの問題を解決したりしません。 プライマリのアプライアンスがオフラインである場合、アクティブなレプリカはいかなる読み込みや書き込みのリクエストも処理できません。
Geo-replication will not add capacity to a {% data variables.product.prodname_ghe_server %} instance or solve performance issues related to insufficient CPU or memory resources. If the primary appliance is offline, active replicas will be unable to serve any read or write requests.
{% data reusables.enterprise_installation.replica-limit %}
## Geo-replication設定のモニタリング
## Monitoring a geo-replication configuration
{% data reusables.enterprise_installation.monitoring-replicas %}
## 参考資料
- [geo レプリケーションレプリカの作成](/enterprise/admin/guides/installation/creating-a-high-availability-replica/#creating-geo-replication-replicas)
## Further reading
- "[Creating geo-replication replicas](/enterprise/admin/guides/installation/creating-a-high-availability-replica/#creating-geo-replication-replicas)"

12
translations/ja-JP/content/admin/enterprise-management/configuring-high-availability/about-high-availability-configuration.md
View File

@@ -13,12 +13,12 @@ topics:
- High availability
- Infrastructure
shortTitle: About HA configuration
ms.openlocfilehash: 921a1a935bbfa930c77e2c72d7856f00d54d6016
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
ms.openlocfilehash: b54ca60c6cf1d79b9435ca8deedebec09ed39396
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/05/2022
ms.locfileid: '146332746'
ms.lasthandoff: 10/25/2022
ms.locfileid: '148109001'
---
High Availability設定をする際には、プライマリからレプリカアプライアンスへのすべてのデータストアGitリポジトリ、MySQL、Redis、Elasticsearchの一方方向の非同期レプリケーションが、自動的にセットアップされます。 ほとんどの {% data variables.product.prodname_ghe_server %} 構成設定も、{% data variables.enterprise.management_console %} パスワードを含めてレプリケートされます。 詳細については、「[Accessing the management console](/admin/configuration/configuring-your-enterprise/accessing-the-management-console)」 (管理コンソールへのアクセス) を参照してください。
@@ -35,8 +35,8 @@ High Availability設定をする際には、プライマリからレプリカア
High Availability設定は、以下に対するソリューションとしては適切ではありません。
- **スケールアウト**: geo レプリケーションを使えば地理的にトラフィックを分散させることができるものの、書き込みのパフォーマンスはプライマリ アプライアンスの速度と可用性によって制限されます。 詳細については、「[geo レプリケーションについて](/enterprise/admin/guides/installation/about-geo-replication/)」を参照してください。{% ifversion ghes > 3.2 %}
- **CI/CD の読み込み**: プライマリ インスタンスから地理的に離れている多数の CI クライアントがある場合は、リポジトリ キャッシュを構成するとメリットが得られる場合があります。 詳細については、「[About repository caching](/admin/enterprise-management/caching-repositories/about-repository-caching)」(リポジトリのキャッシュについて) を参照してください。{% endif %}
- **スケールアウト**: geo レプリケーションを使えば地理的にトラフィックを分散させることができるものの、書き込みのパフォーマンスはプライマリ アプライアンスの速度と可用性によって制限されます。 詳細については、「[geo レプリケーションについて](/enterprise/admin/guides/installation/about-geo-replication/)」を参照してください。
- **CI/CD の読み込み**: プライマリ インスタンスから地理的に離れている多数の CI クライアントがある場合は、リポジトリ キャッシュを構成するとメリットが得られる場合があります。 詳細については、「[About repository caching](/admin/enterprise-management/caching-repositories/about-repository-caching)」(リポジトリのキャッシュについて) を参照してください。
- **プライマリ アプライアンスのバックアップ**: High Availabilityレプリカは、システム災害復旧計画のオフサイトバックアップを置き換えるものではありません。 データ破壊や損失の中には、プライマリからレプリカへ即座にレプリケーションされてしまうものもあります。 安定した過去の状態への安全なロールバックを保証するには、履歴スナップショットでの定期的なバックアップを行う必要があります。
- **ダウンタイムなしのアップグレード**: コントロールされた昇格のシナリオにおけるデータ損失やスプリットブレインの状況を避けるには、プライマリアプライアンスをメンテナンスモードにして、すべての書き込みが完了するのを待ってからレプリカを昇格させてください。

2
translations/ja-JP/content/admin/enterprise-management/configuring-high-availability/creating-a-high-availability-replica.md
View File

@@ -39,7 +39,7 @@ shortTitle: Create HA replica
This example configuration uses a primary and two replicas, which are located in three different geographic regions. While the three nodes can be in different networks, all nodes are required to be reachable from all the other nodes. At the minimum, the required administrative ports should be open to all the other nodes. For more information about the port requirements, see "[Network Ports](/enterprise/admin/guides/installation/network-ports/#administrative-ports)."
{% data reusables.enterprise_clustering.network-latency %}{% ifversion ghes > 3.2 %} If latency is more than 70 milliseconds, we recommend cache replica nodes instead. For more information, see "[Configuring a repository cache](/admin/enterprise-management/caching-repositories/configuring-a-repository-cache)."{% endif %}
{% data reusables.enterprise_clustering.network-latency %} If latency is more than 70 milliseconds, we recommend cache replica nodes instead. For more information, see "[Configuring a repository cache](/admin/enterprise-management/caching-repositories/configuring-a-repository-cache)."
1. Create the first replica the same way you would for a standard two node configuration by running `ghe-repl-setup` on the first replica.
```shell

1
translations/ja-JP/content/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrade-requirements.md
View File

@@ -17,7 +17,6 @@ topics:
{% note %}
**Notes:**
{% ifversion ghes < 3.3 %}- Features such as {% data variables.product.prodname_actions %}, {% data variables.product.prodname_registry %}, {% data variables.product.prodname_mobile %} and {% data variables.product.prodname_GH_advanced_security %} are available on {% data variables.product.prodname_ghe_server %} 3.0 or higher. We highly recommend upgrading to 3.0 or later releases to take advantage of critical security updates, bug fixes and feature enhancements.{% endif %}
- Upgrade packages are available at [enterprise.github.com](https://enterprise.github.com/releases) for supported versions. Verify the availability of the upgrade packages you will need to complete the upgrade. If a package is not available, contact {% data variables.contact.contact_ent_support %} for assistance.
- If you're using {% data variables.product.prodname_ghe_server %} Clustering, see "[Upgrading a cluster](/enterprise/admin/guides/clustering/upgrading-a-cluster/)" in the {% data variables.product.prodname_ghe_server %} Clustering Guide for specific instructions unique to clustering.
- The release notes for {% data variables.product.prodname_ghe_server %} provide a comprehensive list of new features for every version of {% data variables.product.prodname_ghe_server %}. For more information, see the [releases page](https://enterprise.github.com/releases).

4
translations/ja-JP/content/admin/enterprise-management/updating-the-virtual-machine-and-physical-resources/upgrading-github-enterprise-server.md
View File

@@ -23,7 +23,6 @@ topics:
shortTitle: Upgrading GHES
---
{% ifversion ghes < 3.3 %}{% data reusables.enterprise.upgrade-ghes-for-features %}{% endif %}
## Preparing to upgrade
@@ -70,8 +69,7 @@ There are two types of snapshots:
| Azure | VM | <https://docs.microsoft.com/azure/backup/backup-azure-vms-first-look-arm>
| Hyper-V | VM | <https://docs.microsoft.com/windows-server/virtualization/hyper-v/manage/enable-or-disable-checkpoints-in-hyper-v>
| Google Compute Engine | Disk | <https://cloud.google.com/compute/docs/disks/create-snapshots>
| VMware | VM | <https://pubs.vmware.com/vsphere-50/topic/com.vmware.wssdk.pg.doc_50/PG_Ch11_VM_Manage.13.3.html>{% ifversion ghes < 3.3 %}
| XenServer | VM | <https://docs.citrix.com/en-us/xencenter/current-release/vms-snapshots.html>{% endif %}
| VMware | VM | <https://pubs.vmware.com/vsphere-50/topic/com.vmware.wssdk.pg.doc_50/PG_Ch11_VM_Manage.13.3.html>
## Upgrading with a hotpatch

2
translations/ja-JP/content/admin/github-actions/advanced-configuration-and-troubleshooting/backing-up-and-restoring-github-enterprise-server-with-github-actions-enabled.md
View File

@@ -41,4 +41,4 @@ To restore a backup of {% data variables.location.product_location %} with {% da
```
{% data reusables.actions.apply-configuration-and-enable %}
1. After {% data variables.product.prodname_actions %} is configured and enabled, to restore the rest of the data from the backup, use the `ghe-restore` command. For more information, see "[Restoring a backup](/admin/configuration/configuring-backups-on-your-appliance#restoring-a-backup)."
1. Re-register your self-hosted runners on the destination instance. For more information, see "[Adding self-hosted runners](/actions/hosting-your-own-runners/adding-self-hosted-runners)."
1. Re-register your self-hosted runners on the destination instance. For more information, see "[Adding self-hosted runners](/actions/hosting-your-own-runners/adding-self-hosted-runners)."

2
translations/ja-JP/content/admin/github-actions/advanced-configuration-and-troubleshooting/troubleshooting-github-actions-for-your-enterprise.md
View File

@@ -156,7 +156,7 @@ If any of these services are at or near 100% CPU utilization, or the memory is n
When running `ghe-config-apply`, if you see output like `Failed to run nomad job '/etc/nomad-jobs/<name>.hcl'`, then the change has likely over-allocated CPU or memory resources. If this happens, edit the configuration files again and lower the allocated CPU or memory, then re-run `ghe-config-apply`.
1. After the configuration is applied, run `ghe-actions-check` to verify that the {% data variables.product.prodname_actions %} services are operational.
{% ifversion fpt or ghec or ghes > 3.2 %}
{% ifversion fpt or ghec or ghes %}
## Troubleshooting failures when {% data variables.product.prodname_dependabot %} triggers existing workflows
{% data reusables.dependabot.beta-security-and-version-updates %}

8
translations/ja-JP/content/admin/github-actions/enabling-github-actions-for-github-enterprise-server/index.md
View File

@@ -12,11 +12,11 @@ children:
- /enabling-github-actions-with-minio-gateway-for-nas-storage
- /managing-self-hosted-runners-for-dependabot-updates
shortTitle: Enable GitHub Actions
ms.openlocfilehash: 675bbbe0ccbb68d676602b0553c8534f1601bcf6
ms.sourcegitcommit: 5f9527483381cfb1e41f2322f67c80554750a47d
ms.openlocfilehash: 273e03407dd8c3c0a125e2c215a973c88aaf884b
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/11/2022
ms.locfileid: '145120446'
ms.lasthandoff: 10/25/2022
ms.locfileid: '148109060'
---

8
translations/ja-JP/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md
View File

@@ -12,13 +12,6 @@ topics:
- Enterprise
---
{% ifversion ghes < 3.3 %}
{% note %}
**Note:** {% data reusables.enterprise.upgrade-ghes-for-actions %}
{% endnote %}
{% endif %}
## About {% data variables.product.prodname_actions %} for enterprises
@@ -56,7 +49,6 @@ You can create your own unique automations, or you can use and adapt workflows f
After you finish planning, you can follow the instructions for getting started with {% data variables.product.prodname_actions %}. For more information, see {% ifversion ghec %}"[Getting started with {% data variables.product.prodname_actions %} for {% data variables.product.prodname_ghe_cloud %}](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud)."{% elsif ghae %}"[Getting started with {% data variables.product.prodname_actions %} for {% data variables.product.prodname_ghe_managed %}](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-ae)."{% endif %}
{% endif %}
## Further reading
- "[Understanding {% data variables.product.prodname_actions %}](/actions/learn-github-actions/understanding-github-actions)"{% ifversion ghec %}

15
translations/ja-JP/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server.md
View File

@@ -23,8 +23,6 @@ topics:
This article explains how site administrators can configure {% data variables.product.prodname_ghe_server %} to use {% data variables.product.prodname_actions %}.
{% data reusables.enterprise.upgrade-ghes-for-actions %}
{% data reusables.actions.ghes-actions-not-enabled-by-default %} You'll need to determine whether your instance has adequate CPU and memory resources to handle the load from {% data variables.product.prodname_actions %} without causing performance loss, and possibly increase those resources. You'll also need to decide which storage provider you'll use for the blob storage required to store artifacts{% ifversion actions-caching %} and caches{% endif %} generated by workflow runs. Then, you'll enable {% data variables.product.prodname_actions %} for your enterprise, manage access permissions, and add self-hosted runners to run workflows.
{% data reusables.actions.introducing-enterprise %}
@@ -33,7 +31,6 @@ This article explains how site administrators can configure {% data variables.pr
## Review hardware requirements
{%- ifversion ghes < 3.6 %}
The CPU and memory resources available to {% data variables.location.product_location %} determine the number of jobs that can be run concurrently without performance loss. {% data reusables.actions.minimum-hardware %}
@@ -50,14 +47,6 @@ The peak quantity of connected runners without performance loss depends on such
{% endif %}
{%- ifversion ghes = 3.2 %}
{% data reusables.actions.hardware-requirements-3.2 %}
Maximum concurrency was measured using multiple repositories, job duration of approximately 10 minutes, and 10 MB artifact uploads. You may experience different performance depending on the overall levels of activity on your instance.
{%- endif %}
{%- ifversion ghes = 3.3 %}
{% data reusables.actions.hardware-requirements-3.3 %}
@@ -88,7 +77,6 @@ Maximum concurrency was measured using multiple repositories, job duration of ap
{%- endif %}
{%- ifversion ghes = 3.6 %}
{% data reusables.actions.hardware-requirements-3.6 %}
@@ -114,8 +102,7 @@ For more information about minimum hardware requirements for {% data variables.l
- [Google Cloud Platform](/admin/installation/installing-github-enterprise-server-on-google-cloud-platform#hardware-considerations)
- [Hyper-V](/admin/installation/installing-github-enterprise-server-on-hyper-v#hardware-considerations)
- [OpenStack KVM](/admin/installation/installing-github-enterprise-server-on-openstack-kvm#hardware-considerations)
- [VMware](/admin/installation/installing-github-enterprise-server-on-vmware#hardware-considerations){% ifversion ghes < 3.3 %}
- [XenServer](/admin/installation/installing-github-enterprise-server-on-xenserver#hardware-considerations){% endif %}
- [VMware](/admin/installation/installing-github-enterprise-server-on-vmware#hardware-considerations)
{% data reusables.enterprise_installation.about-adjusting-resources %}

6
translations/ja-JP/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-self-hosted-runners-for-your-enterprise.md
View File

@@ -32,9 +32,7 @@ This guide shows you how to apply a centralized management approach to self-host
1. Deploy a self-hosted runner for your enterprise
1. Create a group to manage access to the runners available to your enterprise
1. Optionally, further restrict the repositories that can use the runner
{%- ifversion ghec or ghae or ghes > 3.2 %}
1. Optionally, build custom tooling to automatically scale your self-hosted runners
{% endif %}
You'll also find additional information about how to monitor and secure your self-hosted runners,{% ifversion ghes or ghae %} how to access actions from {% data variables.product.prodname_dotcom_the_website %},{% endif %} and how to customize the software on your runner machines.
@@ -122,14 +120,10 @@ Optionally, organization owners can further restrict the access policy of the ru
For more information, see "[Managing access to self-hosted runners using groups](/actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups#changing-the-access-policy-of-a-self-hosted-runner-group)."
{% ifversion ghec or ghae or ghes > 3.2 %}
## 5. Automatically scale your self-hosted runners
Optionally, you can build custom tooling to automatically scale the self-hosted runners for {% ifversion ghec or ghae %}your enterprise{% elsif ghes %}{% data variables.location.product_location %}{% endif %}. For example, your tooling can respond to webhook events from {% data variables.location.product_location %} to automatically scale a cluster of runner machines. For more information, see "[Autoscaling with self-hosted runners](/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners)."
{% endif %}
## Next steps
- You can monitor self-hosted runners and troubleshoot common issues. For more information, see "[Monitoring and troubleshooting self-hosted runners](/actions/hosting-your-own-runners/monitoring-and-troubleshooting-self-hosted-runners)."

4
translations/ja-JP/content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md
View File

@@ -18,8 +18,6 @@ topics:
![Diagram of jobs running on self-hosted runners](/assets/images/help/images/actions-enterprise-overview.png)
{% data reusables.enterprise.upgrade-ghes-for-actions %}
Before you introduce {% data variables.product.prodname_actions %} to a large enterprise, you first need to plan your adoption and make decisions about how your enterprise will use {% data variables.product.prodname_actions %} to best support your unique needs.
## Governance and compliance
@@ -102,7 +100,7 @@ You may need to upgrade the CPU and memory resources for {% data variables.locat
You also have to decide where to add each runner. You can add a self-hosted runner to an individual repository, or you can make the runner available to an entire organization or your entire enterprise. Adding runners at the organization or enterprise levels allows sharing of runners, which might reduce the size of your runner infrastructure. You can use policies to limit access to self-hosted runners at the organization and enterprise levels by assigning groups of runners to specific repositories or organizations. For more information, see "[Adding self-hosted runners](/actions/hosting-your-own-runners/adding-self-hosted-runners)" and "[Managing access to self-hosted runners using groups](/actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups)."
{% ifversion ghec or ghes > 3.2 %}
{% ifversion ghec or ghes %}
You should consider using autoscaling to automatically increase or decrease the number of available self-hosted runners. For more information, see "[Autoscaling with self-hosted runners](/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners)."
{% endif %}

6
translations/ja-JP/content/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect.md
View File

@@ -31,7 +31,7 @@ Alternatively, if you want stricter control over which actions are allowed in yo
{% data reusables.actions.github-connect-resolution %}
If a user has already created an organization and repository in your enterprise that matches an organization and repository name on {% data variables.product.prodname_dotcom_the_website %}, the repository on your enterprise will be used instead of the {% data variables.product.prodname_dotcom_the_website %} repository. {% ifversion ghes < 3.3 or ghae %}A malicious user could take advantage of this behavior to run code as part of a workflow{% else %}For more information, see "[Automatic retirement of namespaces for actions accessed on {% data variables.product.prodname_dotcom_the_website%}](#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)."
If a user has already created an organization and repository in your enterprise that matches an organization and repository name on {% data variables.product.prodname_dotcom_the_website %}, the repository on your enterprise will be used instead of the {% data variables.product.prodname_dotcom_the_website %} repository. {% ifversion ghae %}A malicious user could take advantage of this behavior to run code as part of a workflow.{% else %}For more information, see "[Automatic retirement of namespaces for actions accessed on {% data variables.product.prodname_dotcom_the_website%}](#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)."
{% endif %}
## Enabling automatic access to all {% data variables.product.prodname_dotcom_the_website %} actions
@@ -46,8 +46,6 @@ Before enabling access to all actions from {% data variables.product.prodname_do
![Drop-down menu to actions from GitHub.com in workflows runs](/assets/images/enterprise/site-admin-settings/enable-marketplace-actions-drop-down-ae.png)
1. {% data reusables.actions.enterprise-limit-actions-use %}
{% ifversion ghes > 3.2 or ghae %}
## Automatic retirement of namespaces for actions accessed on {% data variables.product.prodname_dotcom_the_website %}
When you enable {% data variables.product.prodname_github_connect %}, users see no change in behavior for existing workflows because {% data variables.product.prodname_actions %} searches {% data variables.location.product_location %} for each action before falling back to {% data variables.product.prodname_dotcom_the_website%}. This ensures that any custom versions of actions your enterprise has created are used in preference to their counterparts on {% data variables.product.prodname_dotcom_the_website%}.
@@ -67,5 +65,3 @@ After using an action from {% data variables.product.prodname_dotcom_the_website
**Tip:** When you unretire a namespace, always create the new repository with that name as soon as possible. If a workflow calls the associated action on {% data variables.product.prodname_dotcom_the_website %} before you create the local repository, the namespace will be retired again. For actions used in workflows that run frequently, you may find that a namespace is retired again before you have time to create the local repository. In this case, you can temporarily disable the relevant workflows until you have created the new repository.
{% endtip %}
{% endif %}

2
translations/ja-JP/content/admin/github-actions/managing-access-to-actions-from-githubcom/manually-syncing-actions-from-githubcom.md
View File

@@ -33,13 +33,11 @@ If your machine has access to both systems at the same time, you can do the sync
The `actions-sync` tool can only download actions from {% data variables.product.prodname_dotcom_the_website %} that are stored in public repositories.
{% ifversion ghes > 3.2 or ghae %}
{% note %}
**Note:** The `actions-sync` tool is intended for use in systems where {% data variables.product.prodname_github_connect %} is not enabled. If you run the tool on a system with {% data variables.product.prodname_github_connect %} enabled, you may see the error `The repository <repo_name> has been retired and cannot be reused`. This indicates that a workflow has used that action directly on {% data variables.product.prodname_dotcom_the_website %} and the namespace is retired on {% data variables.location.product_location %}. For more information, see "[Automatic retirement of namespaces for actions accessed on {% data variables.product.prodname_dotcom_the_website%}](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)."
{% endnote %}
{% endif %}
## Prerequisites

2
translations/ja-JP/content/admin/github-actions/managing-access-to-actions-from-githubcom/using-the-latest-version-of-the-official-bundled-actions.md
View File

@@ -47,10 +47,8 @@ Once {% data variables.product.prodname_github_connect %} is configured, you can
1. Configure your workflow's YAML to use `{% data reusables.actions.action-checkout %}`.
1. Each time your workflow runs, the runner will use the specified version of `actions/checkout` from {% data variables.product.prodname_dotcom_the_website %}.
{% ifversion ghes > 3.2 or ghae %}
{% note %}
**Note:** The first time the `checkout` action is used from {% data variables.product.prodname_dotcom_the_website %}, the `actions/checkout` namespace is automatically retired on {% data variables.location.product_location %}. If you ever want to revert to using a local copy of the action, you first need to remove the namespace from retirement. For more information, see "[Automatic retirement of namespaces for actions accessed on {% data variables.product.prodname_dotcom_the_website%}](/admin/github-actions/managing-access-to-actions-from-githubcom/enabling-automatic-access-to-githubcom-actions-using-github-connect#automatic-retirement-of-namespaces-for-actions-accessed-on-githubcom)."
{% endnote %}
{% endif %}

16
translations/ja-JP/content/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users.md
View File

@@ -1,5 +1,5 @@
---
title: About Enterprise Managed Users
title: About {% data variables.product.prodname_emus %}
shortTitle: About managed users
intro: 'You can centrally manage identity and access for your enterprise members on {% data variables.product.prodname_dotcom %} from your identity provider.'
redirect_from:
@@ -16,6 +16,7 @@ topics:
- Authentication
- Enterprise
- SSO
allowTitleToDifferFromFilename: true
---
## About {% data variables.product.prodname_emus %}
@@ -24,8 +25,6 @@ With {% data variables.product.prodname_emus %}, you can control the user accoun
In your IdP, you can give each {% data variables.enterprise.prodname_managed_user %} the role of user, enterprise owner, or billing manager. {% data variables.enterprise.prodname_managed_users_caps %} can own organizations within your enterprise and can add other {% data variables.enterprise.prodname_managed_users %} to the organizations and teams within. For more information, see "[Roles in an enterprise](/github/setting-up-and-managing-your-enterprise/managing-users-in-your-enterprise/roles-in-an-enterprise)" and "[About organizations](/organizations/collaborating-with-groups-in-organizations/about-organizations)."
Organization membership can be managed manually, or you can update membership automatically as {% data variables.enterprise.prodname_managed_users %} are added to IdP groups that are connected to teams within the organization. When a {% data variables.enterprise.prodname_managed_user %} is manually added to an organization, unassigning them from the {% data variables.product.prodname_emu_idp_application %} application on your IdP will suspend the user but not remove them from the organization. For more information about managing organization and team membership automatically, see "[Managing team memberships with identity provider groups](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/managing-team-memberships-with-identity-provider-groups)."
{% ifversion oidc-for-emu %}
{% data reusables.enterprise-accounts.emu-cap-validates %} For more information, see "[About support for your IdP's Conditional Access Policy](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-support-for-your-idps-conditional-access-policy)."
@@ -46,6 +45,17 @@ To use {% data variables.product.prodname_emus %}, you need a separate type of e
{% endnote %}
## About organization membership management
Organization memberships can be managed manually, or you can update memberships automatically using IdP groups. To manage organization memberships through your IdP, the members must be added to an IdP group, and the IdP group must be connected to a team within the organization. For more information about managing organization and team memberships automatically, see "[Managing team memberships with identity provider groups](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/managing-team-memberships-with-identity-provider-groups)."
The way a member is added to an organization owned by your enterprise (through IdP groups or manually) determines how they must be removed from an organization.
- If a member was added to an organization manually, you must remove them manually. Unassigning them from the {% data variables.product.prodname_emu_idp_application %} application on your IdP will suspend the user but not remove them from the organization.
- If a user became a member of an organization because they were added to IdP groups mapped to one or more teams in the organization, removing them from _all_ of the mapped IdP groups associated with the organization will remove them from the organization.
To discover how a member was added to an organization, you can filter the member list by type. For more information, see "[Viewing people in your enterprise](/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise#filtering-by-member-type-in-an-enterprise-with-managed-users)."
## Identity provider support
{% data variables.product.prodname_emus %} supports the following IdPs{% ifversion oidc-for-emu %} and authentication methods:

8
translations/ja-JP/content/admin/identity-and-access-management/using-ldap-for-enterprise-iam/using-ldap.md
View File

@@ -145,7 +145,13 @@ After you enable LDAP sync, a synchronization job will run at the specified time
A synchronization job will also run at the specified time interval to perform the following operations on each team that has been mapped to an LDAP group:
- If a team's corresponding LDAP group has been removed, remove all members from the team.
- If LDAP member entries have been removed from the LDAP group, remove the corresponding users from the team. If the user is no longer a member of any team in the organization, remove the user from the organization. If the user loses access to any repositories as a result, delete any private forks the user has of those repositories.
- If LDAP member entries have been removed from the LDAP group, remove the corresponding users from the team. If the user is no longer a member of any team in the organization and is not an owner of the organization, remove the user from the organization. If the user loses access to any repositories as a result, delete any private forks the user has of those repositories.
{% note %}
**Note:** LDAP Sync will not remove a user from an organization if the user is an owner of that organization. Another organization owner will need to manually remove the user instead.
{% endnote %}
- If LDAP member entries have been added to the LDAP group, add the corresponding users to the team. If the user regains access to any repositories as a result, restore any private forks of the repositories that were deleted because the user lost access in the past 90 days.
{% data reusables.enterprise_user_management.ldap-sync-nested-teams %}

8
translations/ja-JP/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise-using-okta.md
View File

@@ -15,12 +15,12 @@ topics:
- Enterprise
type: how_to
shortTitle: Configure SAML SSO with Okta
ms.openlocfilehash: 2772285f266a2593e8fc0900b39602325d30c46d
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
ms.openlocfilehash: e9cbf6e70fb5e07f9cd2c5e27d9b952921e18fdc
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/05/2022
ms.locfileid: '147094807'
ms.lasthandoff: 10/25/2022
ms.locfileid: '148109667'
---
{% data reusables.enterprise-accounts.emu-saml-note %}

2
translations/ja-JP/content/admin/identity-and-access-management/using-saml-for-enterprise-iam/troubleshooting-saml-authentication.md
View File

@@ -108,4 +108,4 @@ Ensure that you set the value for `Audience` on your IdP to the `EntityId` for {
{% ifversion ghec %}
{% data reusables.saml.authentication-loop %}
{% endif %}
{% endif %}

16
translations/ja-JP/content/admin/index.md
View File

@@ -105,14 +105,6 @@ featuredLinks:
- '{% ifversion ghec %}/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/managing-global-webhooks{% endif %}'
- /billing/managing-your-license-for-github-enterprise/using-visual-studio-subscription-with-github-enterprise/setting-up-visual-studio-subscription-with-github-enterprise
- /admin/enterprise-support/about-github-enterprise-support
videos:
- title: GitHub in the Enterprise Maya Ross
href: 'https://www.youtube-nocookie.com/embed/1-i39RqaxRs'
- title: What's new for GitHub Enterprise Jarryd McCree
href: 'https://www.youtube-nocookie.com/embed/ZZviWZgrqhM'
- title: Enforcing information security policy through GitHub Enterprise Thomas Worley
href: 'https://www.youtube-nocookie.com/embed/DCu-ZTT7WTI'
videosHeading: GitHub Universe 2021 videos
layout: product-landing
versions:
ghec: '*'
@@ -133,11 +125,11 @@ children:
- /guides
- /release-notes
- /all-releases
ms.openlocfilehash: ebd1473538d42928ff3d9abb3c0e2bd9f12767f5
ms.sourcegitcommit: fb047f9450b41b24afc43d9512a5db2a2b750a2a
ms.openlocfilehash: 3980ad01e56bf1e38dd6473c5e5246c6d45350eb
ms.sourcegitcommit: 3268914369fb29540e4d88ee5e56bc7a41f2a60e
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/11/2022
ms.locfileid: '147881156'
ms.lasthandoff: 10/26/2022
ms.locfileid: '148111313'
---

9
translations/ja-JP/content/admin/installation/setting-up-a-github-enterprise-server-instance/index.md
View File

@@ -18,14 +18,13 @@ children:
- /installing-github-enterprise-server-on-hyper-v
- /installing-github-enterprise-server-on-openstack-kvm
- /installing-github-enterprise-server-on-vmware
- /installing-github-enterprise-server-on-xenserver
- /setting-up-a-staging-instance
shortTitle: Set up an instance
ms.openlocfilehash: 23fe586f2c4baa87a2e2b388685bf8e42d5e10a4
ms.sourcegitcommit: fb047f9450b41b24afc43d9512a5db2a2b750a2a
ms.openlocfilehash: 7c23ae31e8e976f2acc664f87fbff82ffe025a0e
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/11/2022
ms.locfileid: '147881462'
ms.lasthandoff: 10/25/2022
ms.locfileid: '148109000'
---

2
translations/ja-JP/content/admin/installation/setting-up-a-github-enterprise-server-instance/setting-up-a-staging-instance.md
View File

@@ -5,7 +5,7 @@ redirect_from:
- /enterprise/admin/installation/setting-up-a-staging-instance
- /admin/installation/setting-up-a-staging-instance
versions:
ghes: "*"
ghes: '*'
type: how_to
topics:
- Enterprise

2
translations/ja-JP/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise.md
View File

@@ -46,9 +46,7 @@ As an enterprise owner{% ifversion ghes %} or site administrator{% endif %}, you
{%- ifversion ghes %}
- You can forward audit and system logs, from your enterprise to an third-party hosted monitoring system. For more information, see "[Log forwarding](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/log-forwarding)."
{%- endif %}
{%- ifversion ghec or ghes > 3.2 or ghae %}
- You can use the Audit log API to view actions performed in your enterprise. For more information, see "[Using the audit log API for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/using-the-audit-log-api-for-your-enterprise)."
{%- endif %}
For a full list of audit log actions that may appear in your enterprise audit log, see "[Audit log actions for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise)."

6
translations/ja-JP/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise.md
View File

@@ -265,7 +265,6 @@ Action | Description
| `config_entry.update` | A configuration setting was edited. These events are only visible in the site admin audit log. The type of events recorded relate to:</br>- Enterprise settings and policies</br>- Organization and repository permissions and settings</br>- Git, Git LFS, {% data variables.product.prodname_github_connect %}, {% data variables.product.prodname_registry %}, project, and code security settings.
{%- endif %}
{%- ifversion fpt or ghec or ghes > 3.2 or ghae %}
## `dependabot_alerts` category actions
| Action | Description
@@ -285,9 +284,8 @@ Action | Description
| Action | Description
|--------|-------------
| `dependabot_repository_access.repositories_updated` | The repositories that {% data variables.product.prodname_dependabot %} can access were updated.
{%- endif %}
{%- ifversion fpt or ghec or ghes > 3.2 %}
{%- ifversion fpt or ghec or ghes %}
## `dependabot_security_updates` category actions
| Action | Description
@@ -1341,7 +1339,7 @@ Before you'll see `git` category actions, you must enable Git events in the audi
|--------|-------------
| `staff.disable_repo` | An organization{% ifversion ghes %}, repository or site{% else %} or repository{% endif %} administrator disabled access to a repository and all of its forks.
| `staff.enable_repo` | An organization{% ifversion ghes %}, repository or site{% else %} or repository{% endif %} administrator re-enabled access to a repository and all of its forks.
{%- ifversion ghes > 3.2 or ghae %}
{%- ifversion ghes or ghae %}
| `staff.exit_fake_login` | An enterprise owner{% ifversion ghes %} or site administrator{% endif %} ended an impersonation session on {% data variables.product.product_name %}.
| `staff.fake_login` | An enterprise owner{% ifversion ghes %} or site administrator{% endif %} signed into {% data variables.product.product_name %} as another user.
{%- endif %}

6
translations/ja-JP/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/configuring-the-audit-log-for-your-enterprise.md
View File

@@ -1,8 +1,8 @@
---
title: Configuring the audit log for your enterprise
intro: "You can configure settings for your enterprise's audit log."
intro: You can configure settings for your enterprise's audit log.
shortTitle: Configure audit logs
permissions: 'Enterprise owners can configure the audit log.'
permissions: Enterprise owners can configure the audit log.
versions:
feature: audit-data-retention-tab
type: how_to
@@ -53,4 +53,4 @@ Before you can enable Git events in the audit log, you must configure a retentio
![Screenshot of the checkbox to enable Git events in the audit log](/assets/images/help/enterprises/enable-git-events-checkbox.png)
1. Click **Save**.
{% endif %}
{% endif %}

7
translations/ja-JP/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/using-the-audit-log-api-for-your-enterprise.md
View File

@@ -1,6 +1,6 @@
---
title: Using the audit log API for your enterprise
intro: 'You can programmatically retrieve enterprise events with the{% ifversion ghec or ghes > 3.2 %} REST or{% endif %} GraphQL API.'
intro: 'You can programmatically retrieve enterprise events with the REST or GraphQL API.'
shortTitle: Audit log API
permissions: 'Enterprise owners {% ifversion ghes %}and site administrators {% endif %}can use the audit log API.'
miniTocMaxHeadingLevel: 3
@@ -18,7 +18,7 @@ topics:
## Using the audit log API
You can interact with the audit log using the GraphQL API{% ifversion ghec or ghes > 3.2 or ghae %} or the REST API{% endif %}.
You can interact with the audit log using the GraphQL API or the REST API.
Timestamps and date fields in the API response are measured in [UTC epoch milliseconds](http://en.wikipedia.org/wiki/Unix_time).
@@ -106,7 +106,6 @@ This query uses the [AuditEntry](/graphql/reference/interfaces#auditentry) inter
For more query examples, see the [platform-samples repository](https://github.com/github/platform-samples/blob/master/graphql/queries).
{% ifversion ghec or ghes > 3.2 or ghae %}
## Querying the audit log REST API
To ensure your intellectual property is secure, and you maintain compliance for your enterprise, you can use the audit log REST API to keep copies of your audit log data and monitor:
@@ -137,5 +136,3 @@ curl -H "Authorization: Bearer TOKEN" \
--request GET \
"https://api.github.com/enterprises/avocado-corp/audit-log?phrase=action:pull_request+created:>=2022-01-01+actor:octocat"
```
{% endif %}

10
translations/ja-JP/content/admin/overview/about-upgrades-to-new-releases.md
View File

@@ -9,15 +9,13 @@ type: overview
topics:
- Enterprise
- Upgrades
ms.openlocfilehash: 196745ee4ededaf78bd5afe876e4afa09141e930
ms.sourcegitcommit: fb047f9450b41b24afc43d9512a5db2a2b750a2a
ms.openlocfilehash: b3a2d340ef73ffe92f2117caf38a84e76ba0c8d1
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/11/2022
ms.locfileid: '145120205'
ms.lasthandoff: 10/25/2022
ms.locfileid: '148108851'
---
{% ifversion ghes < 3.3 %}{% data reusables.enterprise.upgrade-ghes-for-features %}{% endif %}
{% data reusables.enterprise.constantly-improving %}{% ifversion ghae %}{% data variables.product.prodname_ghe_managed %} はフルマネージドサービスであるため、{% data variables.product.company_short %} が Enterprise のアップグレードプロセスを完了します。{% endif %}
通常、機能リリースは四半期ごとに行われ、新機能と機能のアップグレードが含まれます。 {% ifversion ghae %}{% data variables.product.company_short %} は、エンタープライズを最新の機能リリースにアップグレードします。 Enterprise で予定されているダウンタイムについては、事前に通知されます。{% endif %}

4
translations/ja-JP/content/admin/packages/migrating-your-enterprise-to-the-container-registry-from-the-docker-registry.md
View File

@@ -2,9 +2,9 @@
title: Migrating your enterprise to the Container registry from the Docker registry
intro: 'You can migrate Docker images previously stored in the Docker registry on {% data variables.location.product_location %} to the {% data variables.product.prodname_container_registry %}.'
product: '{% data reusables.gated-features.packages %}'
permissions: "Enterprise owners can migrate Docker images to the {% data variables.product.prodname_container_registry %}."
permissions: 'Enterprise owners can migrate Docker images to the {% data variables.product.prodname_container_registry %}.'
versions:
feature: 'docker-ghcr-enterprise-migration'
feature: docker-ghcr-enterprise-migration
shortTitle: Migrate to Container registry
topics:
- Containers

8
translations/ja-JP/content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-projects-in-your-enterprise.md
View File

@@ -20,12 +20,12 @@ topics:
- Policies
- Projects
shortTitle: Project board policies
ms.openlocfilehash: 2066ab3fd36814150ff79457930d05909027513e
ms.sourcegitcommit: 478f2931167988096ae6478a257f492ecaa11794
ms.openlocfilehash: 2bb72b21094fadea8f584eb4749ed0cea69619ee
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/09/2022
ms.locfileid: '147854136'
ms.lasthandoff: 10/25/2022
ms.locfileid: '148108797'
---
## エンタープライズ内のプロジェクトのポリシーについて

8
translations/ja-JP/content/admin/policies/index.md
View File

@@ -14,11 +14,11 @@ children:
- /enforcing-policies-for-your-enterprise
- /enforcing-policy-with-pre-receive-hooks
shortTitle: Set policies
ms.openlocfilehash: 075d4f949435539c9c45ae651aedb0878f3317db
ms.sourcegitcommit: 5f9527483381cfb1e41f2322f67c80554750a47d
ms.openlocfilehash: 6fae4d9a9aa9c137be114b51eb90d79eb16d71df
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/11/2022
ms.locfileid: '147400371'
ms.lasthandoff: 10/25/2022
ms.locfileid: '148109115'
---

8
translations/ja-JP/content/admin/user-management/managing-organizations-in-your-enterprise/index.md
View File

@@ -33,11 +33,11 @@ children:
- /managing-projects-using-jira
- /continuous-integration-using-jenkins
shortTitle: Manage organizations
ms.openlocfilehash: 5d1430bc4efff03e6cddfe81f3c018d4f2064155
ms.sourcegitcommit: 5f9527483381cfb1e41f2322f67c80554750a47d
ms.openlocfilehash: 333d9b8d50bcdb86f709a447fee5a4078353dfe2
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/11/2022
ms.locfileid: '147884246'
ms.lasthandoff: 10/25/2022
ms.locfileid: '148109114'
---

10
translations/ja-JP/content/admin/user-management/managing-users-in-your-enterprise/impersonating-a-user.md
View File

@@ -3,7 +3,7 @@ title: ユーザーの偽装
intro: トラブルシューティング、ブロック解除、その他の正当な理由のために、ユーザーを偽装し、ユーザーに代わってアクションを実行できます。
permissions: Enterprise owners can impersonate users within their enterprise.
versions:
ghes: '>3.2'
ghes: '*'
ghae: '*'
type: how_to
topics:
@@ -11,12 +11,12 @@ topics:
- Enterprise
- User account
shortTitle: Impersonate a user
ms.openlocfilehash: 8e237c6ace7e7feb4badefcbd863b0974c983732
ms.sourcegitcommit: fb047f9450b41b24afc43d9512a5db2a2b750a2a
ms.openlocfilehash: df0513c3ca2931378e656f228939540dd5ea5816
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/11/2022
ms.locfileid: '145116269'
ms.lasthandoff: 10/25/2022
ms.locfileid: '148109291'
---
## ユーザーの偽装について

8
translations/ja-JP/content/admin/user-management/managing-users-in-your-enterprise/index.md
View File

@@ -36,11 +36,11 @@ children:
- /customizing-user-messages-for-your-enterprise
- /rebuilding-contributions-data
shortTitle: Manage users
ms.openlocfilehash: 9ec6d7dc6822e71ff72542dd6b67ded031a1c44d
ms.sourcegitcommit: ac00e2afa6160341c5b258d73539869720b395a4
ms.openlocfilehash: 763277882c2af96505c2a6d4c236c05475ab9f3f
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/09/2022
ms.locfileid: '147878519'
ms.lasthandoff: 10/25/2022
ms.locfileid: '148008663'
---

19
translations/ja-JP/content/admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise.md
View File

@@ -1,7 +1,7 @@
---
title: Viewing people in your enterprise
intro: 'To audit access to enterprise-owned resources or user license usage, enterprise owners can view every administrator and member of the enterprise.'
permissions: 'Enterprise owners can view the people in an enterprise.'
permissions: Enterprise owners can view the people in an enterprise.
redirect_from:
- /github/setting-up-and-managing-your-enterprise-account/viewing-people-in-your-enterprise-account
- /articles/viewing-people-in-your-enterprise-account
@@ -116,7 +116,7 @@ If you use {% data variables.product.prodname_vss_ghe %}, the list of pending in
## Viewing suspended members in an {% data variables.enterprise.prodname_emu_enterprise %}
If your enterprise uses {% data variables.product.prodname_emus %}, you can also view suspended users. Suspended users are members who have been deprovisioned after being unassigned from the {% data variables.product.prodname_emu_idp_application %} application or deleted from the identity provider. For more information, see "[About Enterprise Managed Users](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/about-enterprise-managed-users)."
If your enterprise uses {% data variables.product.prodname_emus %}, you can view suspended users. Suspended users are members who have been deprovisioned after being unassigned from the {% data variables.product.prodname_emu_idp_application %} application or deleted from the identity provider. For more information, see "[About {% data variables.product.prodname_emus %}](/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/about-enterprise-managed-users)."
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.people-tab %}
@@ -129,6 +129,21 @@ If your enterprise uses {% data variables.product.prodname_emus %}, you can also
You can view a list of all dormant users {% ifversion ghes or ghae %} who have not been suspended and {% endif %}who are not site administrators. {% data reusables.enterprise-accounts.dormant-user-activity-threshold %} For more information, see "[Managing dormant users](/admin/user-management/managing-users-in-your-enterprise/managing-dormant-users)."
{% ifversion filter-by-enterprise-member-type %}
## Filtering by member type{% ifversion ghec %} in an {% data variables.enterprise.prodname_emu_enterprise %}{% endif %}
{% ifversion ghec %}If your enterprise uses {% data variables.product.prodname_emus %}, you{% elsif ghes or ghae %}You{% endif %} can filter the member list of an organization by type to determine if memberships are managed through an IdP or managed directly. Memberships managed through an IdP were added through an IdP group, and the IdP group was connected to a team within the organization. Memberships managed directly were added to the organization manually. The way a membership is mananaged in an organization determines how it must be removed. You can use this filter to determine how members were added to an organization, so you know how to remove them.{% ifversion ghec %} For more information, see "[About {% data variables.product.prodname_emus %}](/enterprise-cloud@latest/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/about-enterprise-managed-users#about-organization-membership-management)."{% endif %}
{% data reusables.enterprise-accounts.access-enterprise %}
1. Under "Organizations," in the search bar, begin typing the organization's name until the organization appears in the search results, then click the name of the organization.
![Screenshot of the search field for organizations](/assets/images/help/enterprises/organization-search.png)
1. Under the organization name, click {% octicon "person" aria-label="The Person icon" %} **People**.
![Screenshot of the People tab](/assets/images/help/enterprises/emu-organization-people-tab.png)
1. Above the list of members, click **Type**, then select the type of members you want to view.
![Screenshot of the "Type" button](/assets/images/help/enterprises/filter-by-member-type.png)
{% endif %}
{% ifversion ghec or ghes %}
## Viewing members without an email address from a verified domain

6
translations/ja-JP/content/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on.md
View File

@@ -24,13 +24,15 @@ If you can't access {% data variables.product.product_name %}, contact your loca
{% endif %}
{% ifversion fpt or ghec %}
{% ifversion ghec %}
{% data reusables.saml.dotcom-saml-explanation %} Organization owners can invite your personal account on {% data variables.product.prodname_dotcom %} to join their organization that uses SAML SSO, which allows you to contribute to the organization and retain your existing identity and contributions on {% data variables.product.prodname_dotcom %}.
If you're a member of an {% data variables.enterprise.prodname_emu_enterprise %}, you will instead use a new account that is provisioned for you and controlled by your enterprise. {% data reusables.enterprise-accounts.emu-more-info-account %}
When you access private resources within an organization that uses SAML SSO, {% data variables.product.prodname_dotcom %} will redirect you to the organization's SAML IdP to authenticate. After you successfully authenticate with your account on the IdP, the IdP redirects you back to {% data variables.product.prodname_dotcom %}, where you can access the organization's resources.
When you attempt to access most resources within an organization that uses SAML SSO, {% data variables.product.prodname_dotcom %} will redirect you to the organization's SAML IdP to authenticate. After you successfully authenticate with your account on the IdP, the IdP redirects you back to {% data variables.product.prodname_dotcom %}, where you can access the organization's resources.
{% data reusables.saml.resources-without-sso %}
{% data reusables.saml.outside-collaborators-exemption %}

12
translations/ja-JP/content/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token.md
View File

@@ -1,6 +1,6 @@
---
title: Creating a personal access token
intro: You can create a {% data variables.product.pat_generic %} to use in place of a password with the command line or with the API.
intro: 'You can create a {% data variables.product.pat_generic %} to use in place of a password with the command line or with the API.'
redirect_from:
- /articles/creating-an-oauth-token-for-command-line-use
- /articles/creating-an-access-token-for-command-line-use
@@ -17,7 +17,7 @@ versions:
topics:
- Identity
- Access management
shortTitle: Create a {% data variables.product.pat_generic %}
shortTitle: 'Create a {% data variables.product.pat_generic %}'
---
{% warning %}
@@ -112,9 +112,9 @@ If you selected an organization as the resource owner and the organization requi
{% ifversion pat-v2 %}1. In the left sidebar, under **{% octicon "key" aria-label="The key icon" %} {% data variables.product.pat_generic_caps %}s**, click **Tokens (classic)**.{% else %}{% data reusables.user-settings.personal_access_tokens %}{% endif %}
{% ifversion pat-v2%}1. Select **Generate new token**, then click **Generate new token (classic)**.{% else %}{% data reusables.user-settings.generate_new_token %}{% endif %}
5. Give your token a descriptive name.
![Token description field](/assets/images/help/settings/token_description.png){% ifversion fpt or ghes > 3.2 or ghae or ghec %}
![Token description field](/assets/images/help/settings/token_description.png)
6. To give your token an expiration, select the **Expiration** drop-down menu, then click a default or use the calendar picker.
![Token expiration field](/assets/images/help/settings/token_expiration.png){% endif %}
![Token expiration field](/assets/images/help/settings/token_expiration.png)
7. Select the scopes you'd like to grant this token. To use your token to access repositories from the command line, select **repo**. A token with no assigned scopes can only access public information. For more information, see "[Available scopes](/apps/building-oauth-apps/scopes-for-oauth-apps#available-scopes)".
{% ifversion fpt or ghes or ghec %}
![Selecting token scopes](/assets/images/help/settings/token_scopes.gif)
@@ -143,5 +143,5 @@ Instead of manually entering your {% data variables.product.pat_generic %} for e
## Further reading
- "[About authentication to GitHub](/github/authenticating-to-github/about-authentication-to-github)"{% ifversion fpt or ghae or ghes > 3.2 or ghec %}
- "[Token expiration and revocation](/github/authenticating-to-github/keeping-your-account-and-data-secure/token-expiration-and-revocation)"{% endif %}
- "[About authentication to GitHub](/github/authenticating-to-github/about-authentication-to-github)"
- "[Token expiration and revocation](/github/authenticating-to-github/keeping-your-account-and-data-secure/token-expiration-and-revocation)"

2
translations/ja-JP/content/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log.md
View File

@@ -109,7 +109,7 @@ An overview of some of the most common actions that are recorded as events in th
| Action | Description
|------------------|-------------------
| `create` | Triggered when you [grant access to an {% data variables.product.prodname_oauth_app %}](/github/authenticating-to-github/keeping-your-account-and-data-secure/authorizing-oauth-apps).
| `destroy` | Triggered when you [revoke an {% data variables.product.prodname_oauth_app %}'s access to your account](/articles/reviewing-your-authorized-integrations){% ifversion fpt or ghae or ghes > 3.2 or ghec %} and when [authorizations are revoked or expire](/github/authenticating-to-github/keeping-your-account-and-data-secure/token-expiration-and-revocation).{% else %}.{% endif %}
| `destroy` | Triggered when you [revoke an {% data variables.product.prodname_oauth_app %}'s access to your account](/articles/reviewing-your-authorized-integrations) and when [authorizations are revoked or expire](/github/authenticating-to-github/keeping-your-account-and-data-secure/token-expiration-and-revocation).
{% ifversion fpt or ghec %}

4
translations/ja-JP/content/authentication/keeping-your-account-and-data-secure/token-expiration-and-revocation.md
View File

@@ -14,7 +14,7 @@ redirect_from:
- /github/authenticating-to-github/keeping-your-account-and-data-secure/token-expiration-and-revocation
---
When a token {% ifversion fpt or ghae or ghes > 3.2 or ghec %}has expired or {% endif %} has been revoked, it can no longer be used to authenticate Git and API requests. It is not possible to restore an expired or revoked token, you or the application will need to create a new token.
When a token has expired or has been revoked, it can no longer be used to authenticate Git and API requests. It is not possible to restore an expired or revoked token, you or the application will need to create a new token.
This article explains the possible reasons your {% data variables.product.product_name %} token might be revoked or expire.
@@ -24,11 +24,9 @@ This article explains the possible reasons your {% data variables.product.produc
{% endnote %}
{% ifversion fpt or ghae or ghes > 3.2 or ghec %}
## Token revoked after reaching its expiration date
When you create a {% data variables.product.pat_generic %}, we recommend that you set an expiration for your token. Upon reaching your token's expiration date, the token is automatically revoked. For more information, see "[Creating a {% data variables.product.pat_generic %}](/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token)."
{% endif %}
{% ifversion fpt or ghec %}
## Token revoked when pushed to a public repository or public gist

10
translations/ja-JP/content/authentication/managing-commit-signature-verification/signing-commits.md
View File

@@ -15,12 +15,12 @@ versions:
topics:
- Identity
- Access management
ms.openlocfilehash: 9b37417ab81bf51e39e41fcbed3a9b64cb4fe7bc
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
ms.openlocfilehash: 8550393cc31571756099ac364698434f38b02cfa
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/05/2022
ms.locfileid: '147653227'
ms.lasthandoff: 10/25/2022
ms.locfileid: '148106750'
---
{% data reusables.gpg.desktop-support-for-commit-signing %}
@@ -42,7 +42,7 @@ Git バージョン 2.0.0 以降で、ローカル リポジトリ用に既定
1. ローカルブランチに変更をコミットする場合、 -S フラグをGitコミットコマンドに追加します。
```shell
$ git commit -S -m <em>"your commit message"</em>
$ git commit -S -m "YOUR_COMMIT_MESSAGE"
# Creates a signed commit
```
2. GPG を使用している場合は、コミットを作成した後、[GPG キーを生成](/articles/generating-a-new-gpg-key)したときに設定したパスフレーズを指定します。

12
translations/ja-JP/content/authentication/managing-commit-signature-verification/signing-tags.md
View File

@@ -14,23 +14,23 @@ versions:
topics:
- Identity
- Access management
ms.openlocfilehash: d93cfae4a6e128c2aef79ee1494fb66f30afcf1b
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
ms.openlocfilehash: 22bdc1c5095a8fa82d2ac406a19dc633f8f44fc6
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/05/2022
ms.locfileid: '147653363'
ms.lasthandoff: 10/25/2022
ms.locfileid: '148106678'
---
{% data reusables.gpg.desktop-support-for-commit-signing %}
1. タグに署名するには、`git tag` コマンドに `-s` を追加します。
```shell
$ git tag -s <em>mytag</em>
$ git tag -s MYTAG
# Creates a signed tag
```
2. `git tag -v [tag-name]` を実行して署名されたタグを検証します。
```shell
$ git tag -v <em>mytag</em>
$ git tag -v MYTAG
# Verifies the signed tag
```

8
translations/ja-JP/content/billing/index.md
View File

@@ -54,11 +54,11 @@ children:
- /managing-billing-for-github-marketplace-apps
- /managing-billing-for-git-large-file-storage
- /setting-up-paid-organizations-for-procurement-companies
ms.openlocfilehash: 816bfb699135974a180ccf350aa04bc36dfbf25a
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
ms.openlocfilehash: 977d170024ddec1d49f51723b654ee7171915e94
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/05/2022
ms.locfileid: '147110899'
ms.lasthandoff: 10/25/2022
ms.locfileid: '148109292'
---

1
translations/ja-JP/content/billing/managing-billing-for-github-codespaces/index.md
View File

@@ -11,3 +11,4 @@ children:
- /viewing-your-github-codespaces-usage
- /managing-spending-limits-for-github-codespaces
---

2
translations/ja-JP/content/billing/managing-billing-for-github-codespaces/viewing-your-github-codespaces-usage.md
View File

@@ -54,4 +54,4 @@ Enterprise owners and billing managers can view {% data variables.product.prodna
## Further reading
- "[Listing the codespaces in your organization](/codespaces/managing-codespaces-for-your-organization/listing-the-codespaces-in-your-organization)"
- "[Listing the codespaces in your organization](/codespaces/managing-codespaces-for-your-organization/listing-the-codespaces-in-your-organization)"

5
translations/ja-JP/content/billing/managing-billing-for-your-github-account/about-per-user-pricing.md
View File

@@ -72,9 +72,12 @@ In addition to licensed seats, your bill may include other charges, such as {% d
- Enterprise owners who are a member or owner of at least one organization in the enterprise
- Organization members, including owners
- Outside collaborators on private or internal repositories owned by your organization, excluding forks
- Dormant users
If your enterprise does not use {% data variables.product.prodname_emus %}, you will also be billed for each of the following accounts:
- Anyone with a pending invitation to become an organization owner or member
- Anyone with a pending invitation to become an outside collaborator on private or internal repositories owned by your organization, excluding forks
- Dormant users
{% note %}

8
translations/ja-JP/content/code-security/adopting-github-advanced-security-at-scale/index.md
View File

@@ -18,11 +18,11 @@ children:
- /phase-4-create-internal-documentation
- /phase-5-rollout-and-scale-code-scanning
- /phase-6-rollout-and-scale-secret-scanning
ms.openlocfilehash: c5624ca33d347e1be1c7bfc9a687f1c06bb828ed
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
ms.openlocfilehash: 5430d24ecf8979f5421c6f3fea9f10ad3f580e4c
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/05/2022
ms.locfileid: '147145433'
ms.lasthandoff: 10/25/2022
ms.locfileid: '148109721'
---

8
translations/ja-JP/content/code-security/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale.md
View File

@@ -14,12 +14,12 @@ redirect_from:
- /admin/advanced-security/deploying-github-advanced-security-in-your-enterprise
- /admin/code-security/managing-github-advanced-security-for-your-enterprise/deploying-github-advanced-security-in-your-enterprise
miniTocMaxHeadingLevel: 2
ms.openlocfilehash: 0993205a2f51262c0766062995caa1c2e2714742
ms.sourcegitcommit: 76b840f45ba85fb79a7f0c1eb43bc663b3eadf2b
ms.openlocfilehash: f42a461b3c53565725d6909680fa8e6a202c0439
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/12/2022
ms.locfileid: '147145426'
ms.lasthandoff: 10/25/2022
ms.locfileid: '148109716'
---
## これらの記事について

8
translations/ja-JP/content/code-security/adopting-github-advanced-security-at-scale/phase-1-align-on-your-rollout-strategy-and-goals.md
View File

@@ -9,12 +9,12 @@ topics:
- Advanced Security
shortTitle: 1. Align on strategy
miniTocMaxHeadingLevel: 3
ms.openlocfilehash: 63154ac960e4b3a9d29f41e72cd925230838069c
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
ms.openlocfilehash: b2677cf11c300ad657f9bd6b8862fb1f292c2fb7
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/05/2022
ms.locfileid: '147145401'
ms.lasthandoff: 10/25/2022
ms.locfileid: '148109709'
---
{% note %}

8
translations/ja-JP/content/code-security/adopting-github-advanced-security-at-scale/phase-2-preparing-to-enable-at-scale.md
View File

@@ -9,12 +9,12 @@ topics:
- Advanced Security
shortTitle: 2. Preparation
miniTocMaxHeadingLevel: 3
ms.openlocfilehash: a34711765e8beb6d57215c0c8fd16519e975539d
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
ms.openlocfilehash: 79368897c125ff23541520a253a34a2aae8c7c27
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/05/2022
ms.locfileid: '147145393'
ms.lasthandoff: 10/25/2022
ms.locfileid: '148109715'
---
{% note %}

8
translations/ja-JP/content/code-security/adopting-github-advanced-security-at-scale/phase-3-pilot-programs.md
View File

@@ -9,12 +9,12 @@ topics:
- Advanced Security
shortTitle: 3. Pilot programs
miniTocMaxHeadingLevel: 3
ms.openlocfilehash: 3df893158c402b9180260ddd1c82c96f62b84717
ms.sourcegitcommit: 5f9527483381cfb1e41f2322f67c80554750a47d
ms.openlocfilehash: d56427173580558a192d0709ae700cbd497e2935
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/11/2022
ms.locfileid: '147145394'
ms.lasthandoff: 10/25/2022
ms.locfileid: '148109109'
---
{% note %}

8
translations/ja-JP/content/code-security/adopting-github-advanced-security-at-scale/phase-4-create-internal-documentation.md
View File

@@ -9,12 +9,12 @@ topics:
- Advanced Security
shortTitle: 4. Create internal documentation
miniTocMaxHeadingLevel: 3
ms.openlocfilehash: e9852eacc95b98eca5358aafb9a9b13811888f15
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
ms.openlocfilehash: caf35f06c3f836ea7532b7c5e9dfb419ba8c325b
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/05/2022
ms.locfileid: '147145385'
ms.lasthandoff: 10/25/2022
ms.locfileid: '148109108'
---
{% note %}

8
translations/ja-JP/content/code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md
View File

@@ -9,12 +9,12 @@ topics:
- Advanced Security
shortTitle: 5. Rollout code scanning
miniTocMaxHeadingLevel: 3
ms.openlocfilehash: 69c5a4e88c5490cbd7dcddca902426862047dff5
ms.sourcegitcommit: fb047f9450b41b24afc43d9512a5db2a2b750a2a
ms.openlocfilehash: abbcdf4c1e4a231a568e8d8cd488877ebdf2fd9f
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/11/2022
ms.locfileid: '147145386'
ms.lasthandoff: 10/25/2022
ms.locfileid: '148109103'
---
{% note %}

77
translations/ja-JP/content/code-security/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md
View File

@@ -1,6 +1,6 @@
---
title: 'フェーズ 6: secret scanning のロールアウトとスケーリング'
intro: 'この最後のフェーズでは、{% data variables.product.prodname_secret_scanning %} のロールアウトについて重点的に取り上げます。 {% data variables.product.prodname_secret_scanning_caps %} は、必要な構成が少ないため、{% data variables.product.prodname_code_scanning %} よりも簡単にロールアウトできるツールですが、新しい結果と古い結果を処理するための戦略を策定することが重要です。'
title: 'Phase 6: Rollout and scale secret scanning'
intro: 'For the final phase, you will focus on the rollout of {% data variables.product.prodname_secret_scanning %}. {% data variables.product.prodname_secret_scanning_caps %} is a more straightforward tool to rollout than {% data variables.product.prodname_code_scanning %}, as it involves less configuration, but it''s critical to have a strategy for handling new and old results.'
versions:
ghes: '*'
ghae: '*'
@@ -9,103 +9,98 @@ topics:
- Advanced Security
shortTitle: 6. Rollout secret scanning
miniTocMaxHeadingLevel: 3
ms.openlocfilehash: f116bd8aad09639fb3c2fad4aa85bfa9a8b3401d
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/05/2022
ms.locfileid: '147650390'
---
{% note %}
この記事は、{% data variables.product.prodname_GH_advanced_security %} の大規模な導入に関するシリーズの一部です。 このシリーズの前の記事については、「[フェーズ 5: code scanning のロールアウトとスケーリング](/code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning)」を参照してください。
This article is part of a series on adopting {% data variables.product.prodname_GH_advanced_security %} at scale. For the previous article in this series, see "[Phase 5: Rollout and scale code scanning](/code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning)."
{% endnote %}
Organization 内の個々のリポジトリまたはすべてのリポジトリに対して secret scanning を有効にすることができます。 詳しい情報については、「[リポジトリのセキュリティと分析設定を管理する](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)」または「[Organization のセキュリティと分析設定を管理する](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)」を参照してください。
You can enable secret scanning for individual repositories or for all repositories in an organization. For more information, see "[Managing security and analysis settings for your repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)" or "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)."
この記事では、Organization 内のすべてのリポジトリに対する {% data variables.product.prodname_secret_scanning %} の有効化に重点を置いてプロセスの概要について説明します。 この記事で説明する原則は、時間をずらして、個々のリポジトリに対して {% data variables.product.prodname_secret_scanning %} を有効にする場合でも適用できます。
This article explains a high-level process focusing on enabling {% data variables.product.prodname_secret_scanning %} for all repositories in an organization. The principles described in this article can still be applied even if you take a more staggered approach of enabling {% data variables.product.prodname_secret_scanning %} for individual repositories.
### 1. 新しくコミットされたシークレットに集中する
### 1. Focus on newly committed secrets
{% data variables.product.prodname_secret_scanning %} を有効にする場合、secret scanning によって検出された、新しくコミットされた資格情報の修復に集中する必要があります。 コミットされた資格情報のクリーンアップに集中すると、開発者は誤って新しい視覚情報をプッシュし続ける可能性があります。つまり、シークレットの合計数は、意図したとおりに減少せず、ほぼ同じレベルにとどまります。 現在のシークレットを取り消すことに集中する前に、新しい資格情報が漏洩するのを止めることが不可欠なのは、このためです。
When you enable {% data variables.product.prodname_secret_scanning %}, you should focus on remediating any newly committed credentials detected by secret scanning. If you focus on cleaning up committed credentials, developers could continue to accidentally push new credentials, which means your total secret count will stay around the same level, not decrease as intended. This is why it is essential to stop new credentials being leaked before focusing on revoking any current secrets.
新しくコミットされた資格情報に取り組むためのアプローチはいくつかありますが、その一例は次のとおりです。
There are a few approaches for tackling newly committed credentials, but one example approach would be:
1. **通知**: Webhook を使用して、新しいシークレット アラートが、可能な限り迅速に適切なチームに表示されるようにします。 Webhook は、シークレット アラートが作成または解決されるか、もう一度開かれたときに発生します。 その後、Webhook ペイロードを解析し、SlackTeamsSplunk、メールなど、自分やチームが使用するツールと統合できます。 詳しい情報については、「[Webhook について](/developers/webhooks-and-events/webhooks/about-webhooks)」および「[Webhook イベントとペイロード](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#secret_scanning_alert)」を参照してください。
2. **フォローアップ**: すべてのシークレットの種類に対して機能する高度な修復プロセスを作成します。 たとえば、シークレットをコミットした開発者とそのプロジェクトの技術リーダーに連絡し、シークレットを GitHub にコミットする危険性を強調し、検出されたシークレットの取り消しと更新を依頼することができます。
1. **Notify**: Use webhooks to ensure that any new secret alerts are seen by the right teams as quickly as possible. A webhook fires when a secret alert is either created, resolved, or reopened. You can then parse the webhook payload, and integrate it into any tools you and your team use such Slack, Teams, Splunk, or email. For more information, see "[About webhooks](/developers/webhooks-and-events/webhooks/about-webhooks)" and "[Webhook events and payloads](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#secret_scanning_alert)."
2. **Follow Up**: Create a high-level remediation process that works for all secret types. For example, you could contact the developer who committed the secret and their technical lead on that project, highlighting the dangers of committing secrets to GitHub, and asking the them to revoke, and update the detected secret.
{% note %}
**:** この手順を自動化できます。 数百のリポジトリを持つ大規模な Enterprise および Organization の場合、手動によるフォローアップを持続するのは不可能です。 最初の手順で定義した Webhook プロセスに自動化を取り入れることができます。 Webhook ペイロードには、漏洩したシークレットに関するリポジトリおよび Organization 情報が含まれます。 この情報を使って、リポジトリの現在のメンテナンス担当者に連絡し、責任者宛のメールやメッセージを作成したり、issue を開いたりすることができます。
**Note:** You can automate this step. For large enterprises and organizations with hundreds of repositories, manually following up is unsustainable. You could incorporate automation into the webhook process defined in the first step. The webhook payload contains repository and organization information about the leaked secret. Using this information, you can contact the current maintainers on the repository and create an email/message to the responsible people or open an issue.
{% endnote %}
3. **教育**: シークレットをコミットした開発者に割り当てる内部トレーニング ドキュメントを作成します。 このトレーニング ドキュメントでは、シークレットをコミットすることによって生じるリスクを説明し、開発中のシークレットの安全な使用についてベスト プラクティス情報を指示します。 開発者が経験から学ばず、シークレットのコミットを続ける場合、エスカレーション プロセスを作成できますが、通常は教育する方が効果的です。
3. **Educate**: Create an internal training document assigned to the developer who committed the secret. Within this training document, you can explain the risks created by committing secrets and direct them to your best practice information about using secrets securely in development. If the a developer doesn't learn from the experience and continues to commit secrets, you could create an escalation process, but education usually works well.
漏洩した新しいシークレットについて最後の 2 つの手順を繰り返します。 このプロセスにより、開発者はコードで使用されるシークレットを安全に管理することに対して責任を負うようになり、新しくコミットされたシークレットの削減を測定できます。
Repeat the last two steps for any new secrets leaked. This process encourages developers to take responsibility for managing the secrets used in their code securely, and allows you to measure the reduction in newly committed secrets.
{% note %}
**注:** より先進的な組織では、特定の種類のシークレットの自動修正を実行することが必要な場合があります。 [GitHub Secret Scanner Auto Remediator](https://github.com/NickLiffen/GSSAR) と呼ばれるオープンソース イニシアチブがあります。これを AWSAzure、または GCP 環境にデプロイし、最も重要として定義した内容に基づいて特定の種類のシークレットを自動的に取り消すように調整できます。 これは、より自動化されたアプローチでコミットされる新しいシークレットに対応できる優れた方法でもあります。
**Note:** More advanced organizations may want to perform auto-remediation of certain types of secrets. There is an open-source initiative called [GitHub Secret Scanner Auto Remediator](https://github.com/NickLiffen/GSSAR) which you can deploy into your AWS, Azure, or GCP environment and tailor to automatically revoke certain types of secrets based on what you define as the most critical. This is also an excellent way to react to new secrets being committed with a more automated approach.
{% endnote %}
### 2. 以前にコミットされたシークレットを最も重要なものから順に修復する
### 2. Remediate previously committed secrets, starting with the most critical
新しく公開されたシークレットを監視、通知、修復するプロセスを確立したら、{% data variables.product.prodname_GH_advanced_security %} が導入される前にコミットされたシークレットの作業を開始できます。
After you have established a process to monitor, notify and remediate newly published secrets, you can start work on secrets committed before {% data variables.product.prodname_GH_advanced_security %} was introduced.
最も重要なシークレットを定義する方法は、Organization のプロセスと統合によって異なります。 たとえば、企業は Slack を使用していない場合、Slack Incoming Webhook のシークレットについて心配しない可能性があります。 Organization にとって最も重要な資格情報の種類の上位 5 つに注目することから始めると便利な場合があります。
How you define your most critical secrets will depend on your organization's processes and integrations. For example, a company likely isnt worried about a Slack Incoming Webhook secret if they dont use Slack. You may find it useful to start by focusing on the top five most critical credential types for your organization.
シークレットの種類を決定したら、次の手順を実行できます。
Once you have decided on the secret types, you can do the following:
1. 各種類のシークレットを修復するためのプロセスを定義します。 多くの場合、実際の手順は、シークレットの種類によって大きく異なります。 ドキュメントまたは内部のナレッジ ベースに、シークレットの種類ごとのプロセスを書き留めます。
1. Define a process for remediating each type of secret. The actual procedure for each secret type is often drastically different. Write down the process for each type of secret in a document or internal knowledge base.
{% note %}
**:** シークレットを取り消すためのプロセスを作成する場合、中央のチームではなく、リポジトリを保守しているチームにシークレットを取り消す責任を与えます。 GHAS の原則の 1 つは、特に、開発者がセキュリティ イシューを作成した場合、開発者がセキュリティの所有権を取得し、セキュリティ イシューを修正する責任を担うことです。
**Note:** When you create the process for revoking secrets, try and give the responsibility for revoking secrets to the team maintaining the repository instead of a central team. One of the principles of GHAS is developers taking ownership of security and having the responsibility of fixing security issues, especially if they have created them.
{% endnote %}
2. 資格情報を取り消すためにチームが従うプロセスを作成したら、シークレットの種類と、漏洩したシークレットに関連付けられているその他のメタデータに関する情報を照合して、新しいプロセスの伝達先を識別することができます。
2. When you have created the process that teams will follow for revoking credentials, you can collate information about the types of secrets and other metadata associated with the leaked secrets so you can discern who to communicate the new process to.
{% ifversion not ghae %}
この情報を収集するには、セキュリティの概要を使用できます。 セキュリティの概要の使用に関する詳しい情報については、「[セキュリティの概要でのアラートのフィルタリング](/code-security/security-overview/filtering-alerts-in-the-security-overview)」を参照してください。
You can use the security overview to collect this information. For more information about using the security overview, see "[Filtering alerts in the security overview](/code-security/security-overview/filtering-alerts-in-the-security-overview)."
{% endif %}
収集する必要がある情報としては、次のものがあります。
Some information you may want to collect includes:
- Organization
- リポジトリ
- シークレットの種類
- シークレット値
- 連絡先のリポジトリの保守管理者
- Repository
- Secret type
- Secret value
- Maintainers on repository to contact
{% note %}
**:** その種類の漏洩したシークレットが少ない場合は、UI を使用します。 数百ものシークレットが漏洩した場合は、API を使用して情報を収集します。 詳しい情報については、「[secret scanning REST API](/rest/reference/secret-scanning)」を参照してください。
**Note:** Use the UI if you have few secrets leaked of that type. If you have hundreds of leaked secrets, use the API to collect information. For more information, see "[Secret scanning REST API](/rest/reference/secret-scanning)."
{% endnote %}
3. 漏洩したシークレットに関する情報を収集したら、シークレットの各種類によって影響を受けるリポジトリを保守しているユーザーを対象とした通信計画を作成します。 電子メールまたはメッセージングを使用でき、影響を受けるリポジトリに GitHub イシューを作成することもできます。 これらのツールによって提供される API を使用して自動的に連絡を送信できる場合、これにより、複数のシークレットの種類にまたがって簡単にスケーリングできます。
3. After you collect information about leaked secrets, create a targeted communication plan for the users who maintain the repositories affected by each secret type. You could use email, messaging, or even create GitHub issues in the affected repositories. If you can use APIs provided by these tools to send out the communications in an automated manner, this will make it easier for you to scale across multiple secret types.
### 3. プログラムを拡張してより多くのシークレットの種類とカスタム パターンを含める
### 3. Expand the program to include more secret types and custom patterns
これで、5 つの最も重要なシークレットの種類を超えて、教育にさらに焦点を当てた、より包括的なリストに拡張できます。 対象としたさまざまなシークレットの種類について前の手順を繰り返し、以前にコミットされたシークレットを修正できます。
You can now expand beyond the five most critical secret types into a more comprehensive list, with an additional focus on education. You can repeat the previous step, remediating previously committed secrets, for the different secret types you have targeted.
また、初期のフェーズで照合されたより多くのカスタム パターンを含めて、さらに多くのパターンを送信するようにセキュリティ チームや開発者チームに促し、新しいシークレットの種類タイプが作成されたときに新しいパターンを送信するプロセスを確立することもできます。 詳細については、[シークレット スキャンのカスタム パターンの定義](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)に関する記事を参照してください。
You can also include more of the custom patterns collated in the earlier phases and invite security teams and developer teams to submit more patterns, establishing a process for submitting new patterns as new secret types are created. For more information, see "[Defining custom patterns for secret scanning](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."
{% ifversion secret-scanning-push-protection %}
また、secret scanning を使用してプッシュ保護を有効にすることもできます。 有効にすると、secret scanning により、信頼度の高いシークレットについてプッシュがチェックされ、ブロックされます。 詳細については、「[Protecting pushes with secret scanning (シークレット スキャンによるプッシュの保護)](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#using-secret-scanning-as-a-push-protection-from-the-command-line)」を参照してください。
You can also enable push protection with secret scanning. Once enabled, secret scanning checks pushes for high-confidence secrets and blocks the push. For more information, see "[Protecting pushes with secret scanning](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#using-secret-scanning-as-a-push-protection-from-the-command-line)."
{% endif %}
他のシークレットの種類の修復プロセスを引き続き構築する際は、組織内の GitHub のすべての開発者と共有できるプロアクティブなトレーニング資料の作成を開始します。 この時点まで、焦点の多くはリアクティブでした。 焦点をプロアクティブに変えて、まず、開発者が GitHub に資格情報をプッシュしないように促すことは、優れたアイデアです。 これは複数の方法で実現できますが、リスクと理由を説明する短いドキュメントを作成することが出発点として適しています。
As you continue to build your remediation processes for other secret types, start to create proactive training material that can be shared with all developers of GitHub in your organization. Until this point, a lot of the focus has been reactive. It is an excellent idea to shift focus to being proactive and encourage developers not to push credentials to GitHub in the first place. This can be achieved in multiple ways but creating a short document explaining the risks and reasons would be a great place to start.
{% note %}
これは、{% data variables.product.prodname_GH_advanced_security %} の大規模な導入に関するシリーズの最後の記事です。 ご質問がある場合、またはサポートが必要な場合は、「[{% data variables.product.prodname_GH_advanced_security %} の大規模な導入の概要](/code-security/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale#github-support-and-professional-services)」にある {% data variables.contact.github_support %} と {% data variables.product.prodname_professional_services_team %} に関するセクションを参照してください。
This is the final article of a series on adopting {% data variables.product.prodname_GH_advanced_security %} at scale. If you have questions or need support, see the section on {% data variables.contact.github_support %} and {% data variables.product.prodname_professional_services_team %} in "[Introduction to adopting {% data variables.product.prodname_GH_advanced_security %} at scale](/code-security/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale#github-support-and-professional-services)."
{% endnote %}

6
translations/ja-JP/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning.md
View File

@@ -73,9 +73,7 @@ By default, the {% data variables.product.prodname_codeql_workflow %} uses the `
If you scan on push, then the results appear in the **Security** tab for your repository. For more information, see "[Managing code scanning alerts for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository)."
{% ifversion fpt or ghes > 3.2 or ghae or ghec %}
Additionally, when an `on:push` scan returns results that can be mapped to an open pull request, these alerts will automatically appear on the pull request in the same places as other pull request alerts. The alerts are identified by comparing the existing analysis of the head of the branch to the analysis for the target branch. For more information on {% data variables.product.prodname_code_scanning %} alerts in pull requests, see "[Triaging {% data variables.product.prodname_code_scanning %} alerts in pull requests](/code-security/secure-coding/triaging-code-scanning-alerts-in-pull-requests)."
{% endif %}
### Scanning pull requests
@@ -85,9 +83,7 @@ For more information about the `pull_request` event, see "[Events that trigger w
If you scan pull requests, then the results appear as alerts in a pull request check. For more information, see "[Triaging code scanning alerts in pull requests](/code-security/secure-coding/triaging-code-scanning-alerts-in-pull-requests)."
{% ifversion fpt or ghes > 3.2 or ghae or ghec %}
Using the `pull_request` trigger, configured to scan the pull request's merge commit rather than the head commit, will produce more efficient and accurate results than scanning the head of the branch on each push. However, if you use a CI/CD system that cannot be configured to trigger on pull requests, you can still use the `on:push` trigger and {% data variables.product.prodname_code_scanning %} will map the results to open pull requests on the branch and add the alerts as annotations on the pull request. For more information, see "[Scanning on push](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#scanning-on-push)."
{% endif %}
Using the `pull_request` trigger, configured to scan the pull request's merge commit rather than the head commit, will produce more efficient and accurate results than scanning the head of the branch on each push. However, if you use a CI/CD system that cannot be configured to trigger on pull requests, you can still use the `on:push` trigger and {% data variables.product.prodname_code_scanning %} will map the results to open pull requests on the branch and add the alerts as annotations on the pull request. For more information, see "[Scanning on push](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#scanning-on-push)."
### Defining the severities causing pull request check failure

22
translations/ja-JP/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages.md
View File

@@ -41,7 +41,7 @@ For general information about configuring {% data variables.product.prodname_cod
## About autobuild for {% data variables.product.prodname_codeql %}
{% data variables.product.prodname_code_scanning_capc %} works by running queries against one or more databases. Each database contains a representation of all of the code in a single language in your repository.
For the compiled languages C/C++, C#, and Java, the process of populating this database involves building the code and extracting data. {% data reusables.code-scanning.analyze-go %}
For the compiled languages C/C++, C#,{% ifversion codeql-go-autobuild %} Go,{% endif %} and Java, the process of populating this database involves building the code and extracting data. {% data reusables.code-scanning.analyze-go %}
{% data reusables.code-scanning.autobuild-compiled-languages %}
@@ -90,6 +90,20 @@ The `autobuild` process attempts to autodetect a suitable build method for C# us
If `autobuild` detects multiple solution or project files at the same (shortest) depth from the top level directory, it will attempt to build all of them.
3. Invoke a script that looks like a build script—_build_ and _build.sh_ (in that order, for Linux) or _build.bat_, _build.cmd_, _and build.exe_ (in that order, for Windows).
### Go
| Supported system type | System name |
|----|----|
| Operating system | Windows, macOS, and Linux |
| Build system | Go modules, `dep` and Glide, as well as build scripts including Makefiles and Ninja scripts |
The `autobuild` process attempts to autodetect a suitable way to install the dependencies needed by a Go repository before extracting all `.go` files:
1. Invoke `make`, `ninja`, `./build` or `./build.sh` (in that order) until one of these commands succeeds and a subsequent `go list ./...` also succeeds, indicating that the needed dependencies have been installed.
2. If none of those commands succeeded, look for `go.mod`, `Gopkg.toml` or `glide.yaml`, and run `go get` (unless vendoring is in use), `dep ensure -v` or `glide install` respectively to try to install dependencies.
3. Finally, if configurations files for these dependency managers are not found, rearrange the repository directory structure suitable for addition to `GOPATH`, and use `go get` to install dependencies. The directory structure reverts to normal after extraction completes.
4. Extract all Go code in the repository, similar to running `go build ./...`.
### Java
| Supported system type | System name |
@@ -107,12 +121,12 @@ The `autobuild` process tries to determine the build system for Java codebases b
{% data reusables.code-scanning.autobuild-add-build-steps %} For information on how to edit the workflow file, see "[Configuring {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/configuring-code-scanning#editing-a-code-scanning-workflow)."
After removing the `autobuild` step, uncomment the `run` step and add build commands that are suitable for your repository. The workflow `run` step runs command-line programs using the operating system's shell. You can modify these commands and add more commands to customize the build process.
After removing the `autobuild` step, uncomment the `run` step and add build commands that are suitable for your repository. The workflow `run` step runs command-line programs using the operating system's shell. You can modify these commands and add more commands to customize the build process.
``` yaml
- run: |
make bootstrap
make release
make bootstrap
make release
```
For more information about the `run` keyword, see "[Workflow syntax for {% data variables.product.prodname_actions %}](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsrun)."

14
translations/ja-JP/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository.md
View File

@@ -153,12 +153,9 @@ The names of the {% data variables.product.prodname_code_scanning %} analysis ch
When the {% data variables.product.prodname_code_scanning %} jobs complete, {% data variables.product.prodname_dotcom %} works out whether any alerts were added by the pull request and adds the "{% data variables.product.prodname_code_scanning_capc %} results / TOOL NAME" entry to the list of checks. After {% data variables.product.prodname_code_scanning %} has been performed at least once, you can click **Details** to view the results of the analysis.
{% ifversion fpt or ghec or ghes > 3.4 or ghae > 3.4 %}
<!--Troubleshooting section no longer relevant-->
{% elsif ghes < 3.5 or ghae %}
If you used a pull request to add {% data variables.product.prodname_code_scanning %} to the repository, you will initially see {% ifversion ghes > 3.2 or ghae %}an "Analysis not found"{% elsif ghes = 3.2 %}a "Missing analysis"{% endif %} message when you click **Details** on the "{% data variables.product.prodname_code_scanning_capc %} results / TOOL NAME" check.
{% ifversion ghes < 3.5 or ghae %}
If you used a pull request to add {% data variables.product.prodname_code_scanning %} to the repository, you will initially see an "Analysis not found" message when you click **Details** on the "{% data variables.product.prodname_code_scanning_capc %} results / TOOL NAME" check.
{% ifversion ghes > 3.2 or ghae %}
![Analysis not found for commit message](/assets/images/enterprise/3.4/repository/code-scanning-analysis-not-found.png)
The table lists one or more categories. Each category relates to specific analyses, for the same tool and commit, performed on a different language or a different part of the code. For each category, the table shows the two analyses that {% data variables.product.prodname_code_scanning %} attempted to compare to determine which alerts were introduced or fixed in the pull request.
@@ -167,13 +164,8 @@ For example, in the screenshot above, {% data variables.product.prodname_code_sc
### Reasons for the "Analysis not found" message
{% elsif ghes = 3.2 %}
![Missing analysis for commit message](/assets/images/enterprise/3.2/repository/code-scanning-missing-analysis.png)
### Reasons for the "Missing analysis" message
{% endif %}
After {% data variables.product.prodname_code_scanning %} has analyzed the code in a pull request, it needs to compare the analysis of the topic branch (the branch you used to create the pull request) with the analysis of the base branch (the branch into which you want to merge the pull request). This allows {% data variables.product.prodname_code_scanning %} to compute which alerts are newly introduced by the pull request, which alerts were already present in the base branch, and whether any existing alerts are fixed by the changes in the pull request. Initially, if you use a pull request to add {% data variables.product.prodname_code_scanning %} to a repository, the base branch has not yet been analyzed, so it's not possible to compute these details. In this case, when you click through from the results check on the pull request you will see the {% ifversion ghes > 3.2 or ghae %}"Analysis not found"{% elsif ghes = 3.2 %}"Missing analysis for base commit SHA-HASH"{% endif %} message.
After {% data variables.product.prodname_code_scanning %} has analyzed the code in a pull request, it needs to compare the analysis of the topic branch (the branch you used to create the pull request) with the analysis of the base branch (the branch into which you want to merge the pull request). This allows {% data variables.product.prodname_code_scanning %} to compute which alerts are newly introduced by the pull request, which alerts were already present in the base branch, and whether any existing alerts are fixed by the changes in the pull request. Initially, if you use a pull request to add {% data variables.product.prodname_code_scanning %} to a repository, the base branch has not yet been analyzed, so it's not possible to compute these details. In this case, when you click through from the results check on the pull request you will see the "Analysis not found" message.
There are other situations where there may be no analysis for the latest commit to the base branch for a pull request. These include:

5
translations/ja-JP/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests.md
View File

@@ -35,9 +35,7 @@ In repositories where {% data variables.product.prodname_code_scanning %} is con
If you have write permission for the repository, you can see any existing {% data variables.product.prodname_code_scanning %} alerts on the **Security** tab. For information about repository alerts, see "[Managing {% data variables.product.prodname_code_scanning %} alerts for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)."
{% ifversion fpt or ghes > 3.2 or ghae or ghec %}
In repositories where {% data variables.product.prodname_code_scanning %} is configured to scan each time code is pushed, {% data variables.product.prodname_code_scanning %} will also map the results to any open pull requests and add the alerts as annotations in the same places as other pull request checks. For more information, see "[Scanning on push](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#scanning-on-push)."
{% endif %}
If your pull request targets a protected branch that uses {% data variables.product.prodname_code_scanning %}, and the repository owner has configured required status checks, then the "{% data variables.product.prodname_code_scanning_capc %} results" check must pass before you can merge the pull request. For more information, see "[About protected branches](/github/administering-a-repository/about-protected-branches#require-status-checks-before-merging)."
@@ -49,10 +47,9 @@ There are many options for configuring {% data variables.product.prodname_code_s
For all configurations of {% data variables.product.prodname_code_scanning %}, the check that contains the results of {% data variables.product.prodname_code_scanning %} is: **{% data variables.product.prodname_code_scanning_capc %} results**. The results for each analysis tool used are shown separately. Any new alerts caused by changes in the pull request are shown as annotations.
{% ifversion fpt or ghes > 3.2 or ghae or ghec %} To see the full set of alerts for the analyzed branch, click **View all branch alerts**. This opens the full alert view where you can filter all the alerts on the branch by type, severity, tag, etc. For more information, see "[Managing code scanning alerts for your repository](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository#filtering-and-searching-for-code-scanning-alerts)."
To see the full set of alerts for the analyzed branch, click **View all branch alerts**. This opens the full alert view where you can filter all the alerts on the branch by type, severity, tag, etc. For more information, see "[Managing code scanning alerts for your repository](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository#filtering-and-searching-for-code-scanning-alerts)."
![{% data variables.product.prodname_code_scanning_capc %} results check on a pull request](/assets/images/help/repository/code-scanning-results-check.png)
{% endif %}
### {% data variables.product.prodname_code_scanning_capc %} results check failures

43
translations/ja-JP/content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow.md
View File

@@ -49,7 +49,7 @@ To produce more detailed logging output, you can enable step debug logging. For
## Creating {% data variables.product.prodname_codeql %} debugging artifacts
You can obtain artifacts to help you debug {% data variables.product.prodname_codeql %}.
The debug artifacts will be uploaded to the workflow run as an artifact named `debug-artifacts`. The data contains the {% data variables.product.prodname_codeql %} logs, {% data variables.product.prodname_codeql %} database(s), and any SARIF file(s) produced by the workflow.
The debug artifacts will be uploaded to the workflow run as an artifact named `debug-artifacts`. The data contains the {% data variables.product.prodname_codeql %} logs, {% data variables.product.prodname_codeql %} database(s), and any SARIF file(s) produced by the workflow.
These artifacts will help you debug problems with {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}. If you contact GitHub support, they might ask for this data.
@@ -59,11 +59,10 @@ These artifacts will help you debug problems with {% data variables.product.prod
### Creating {% data variables.product.prodname_codeql %} debugging artifacts by re-running jobs with debug logging enabled
You can create {% data variables.product.prodname_codeql %} debugging artifacts by enabling debug logging and re-running the jobs. For more information about re-running {% data variables.product.prodname_actions %} workflows and jobs, see "[Re-running workflows and jobs](/actions/managing-workflow-runs/re-running-workflows-and-jobs)."
You can create {% data variables.product.prodname_codeql %} debugging artifacts by enabling debug logging and re-running the jobs. For more information about re-running {% data variables.product.prodname_actions %} workflows and jobs, see "[Re-running workflows and jobs](/actions/managing-workflow-runs/re-running-workflows-and-jobs)."
You need to ensure that you select **Enable debug logging** . This option enables runner diagnostic logging and step debug logging for the run. You'll then be able to download `debug-artifacts` to investigate further. You do not need to modify the workflow file when creating {% data variables.product.prodname_codeql %} debugging artifacts by re-running jobs.
{% endif %}
{% ifversion fpt or ghec or ghes > 3.3 or ghae > 3.3 %}
@@ -87,7 +86,7 @@ If an automatic build of code for a compiled language within your project fails,
- Remove the `autobuild` step from your {% data variables.product.prodname_code_scanning %} workflow and add specific build steps. For information about editing the workflow, see "[Configuring {% data variables.product.prodname_code_scanning %}](/code-security/secure-coding/configuring-code-scanning#editing-a-code-scanning-workflow)." For more information about replacing the `autobuild` step, see "[Configuring the {% data variables.product.prodname_codeql %} workflow for compiled languages](/code-security/secure-coding/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
- If your workflow doesn't explicitly specify the languages to analyze, {% data variables.product.prodname_codeql %} implicitly detects the supported languages in your code base. In this configuration, out of the compiled languages C/C++, C#, and Java, {% data variables.product.prodname_codeql %} only analyzes the language with the most source files. Edit the workflow and add a matrix specifying the languages you want to analyze. The default CodeQL analysis workflow uses such a matrix.
- If your workflow doesn't explicitly specify the languages to analyze, {% data variables.product.prodname_codeql %} implicitly detects the supported languages in your code base. In this configuration, out of the compiled languages C/C++, C#,{% ifversion codeql-go-autobuild %} Go,{% endif %} and Java, {% data variables.product.prodname_codeql %} only analyzes the language with the most source files. Edit the workflow and add a matrix specifying the languages you want to analyze. The default CodeQL analysis workflow uses such a matrix.
The following extracts from a workflow show how you can use a matrix within the job strategy to specify languages, and then reference each language within the "Initialize {% data variables.product.prodname_codeql %}" step:
@@ -131,14 +130,15 @@ If your workflow fails with an error `No source code was seen during the build`
```
For more information, see the workflow extract in "[Automatic build for a compiled language fails](#automatic-build-for-a-compiled-language-fails)" above.
1. Your {% data variables.product.prodname_code_scanning %} workflow is analyzing a compiled language (C, C++, C#, or Java), but the code was not compiled. By default, the {% data variables.product.prodname_codeql %} analysis workflow contains an `autobuild` step, however, this step represents a best effort process, and may not succeed in building your code, depending on your specific build environment. Compilation may also fail if you have removed the `autobuild` step and did not include build steps manually. For more information about specifying build steps, see "[Configuring the {% data variables.product.prodname_codeql %} workflow for compiled languages](/code-security/secure-coding/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
1. Your workflow is analyzing a compiled language (C, C++, C#, or Java), but portions of your build are cached to improve performance (most likely to occur with build systems like Gradle or Bazel). Since {% data variables.product.prodname_codeql %} observes the activity of the compiler to understand the data flows in a repository, {% data variables.product.prodname_codeql %} requires a complete build to take place in order to perform analysis.
1. Your workflow is analyzing a compiled language (C, C++, C#, or Java), but compilation does not occur between the `init` and `analyze` steps in the workflow. {% data variables.product.prodname_codeql %} requires that your build happens in between these two steps in order to observe the activity of the compiler and perform analysis.
1. Your compiled code (in C, C++, C#, or Java) was compiled successfully, but {% data variables.product.prodname_codeql %} was unable to detect the compiler invocations. The most common causes are:
* Running your build process in a separate container to {% data variables.product.prodname_codeql %}. For more information, see "[Running CodeQL code scanning in a container](/code-security/secure-coding/running-codeql-code-scanning-in-a-container)."
* Building using a distributed build system external to GitHub Actions, using a daemon process.
* {% data variables.product.prodname_codeql %} isn't aware of the specific compiler you are using.
1. Your {% data variables.product.prodname_code_scanning %} workflow is analyzing a compiled language (C, C++, C#,{% ifversion codeql-go-autobuild %} Go,{% endif %} or Java), but the code was not compiled. By default, the {% data variables.product.prodname_codeql %} analysis workflow contains an `autobuild` step, however, this step represents a best effort process, and may not succeed in building your code, depending on your specific build environment. Compilation may also fail if you have removed the `autobuild` step and did not include build steps manually. For more information about specifying build steps, see "[Configuring the {% data variables.product.prodname_codeql %} workflow for compiled languages](/code-security/secure-coding/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
1. Your workflow is analyzing a compiled language (C, C++, C#,{% ifversion codeql-go-autobuild %} Go,{% endif %} or Java), but portions of your build are cached to improve performance (most likely to occur with build systems like Gradle or Bazel). Since {% data variables.product.prodname_codeql %} observes the activity of the compiler to understand the data flows in a repository, {% data variables.product.prodname_codeql %} requires a complete build to take place in order to perform analysis.
1. Your workflow is analyzing a compiled language (C, C++, C#,{% ifversion codeql-go-autobuild %} Go,{% endif %} or Java), but compilation does not occur between the `init` and `analyze` steps in the workflow. {% data variables.product.prodname_codeql %} requires that your build happens in between these two steps in order to observe the activity of the compiler and perform analysis.
1. Your compiled code (in C, C++, C#,{% ifversion codeql-go-autobuild %} Go,{% endif %} or Java) was compiled successfully, but {% data variables.product.prodname_codeql %} was unable to detect the compiler invocations. The most common causes are:
- Running your build process in a separate container to {% data variables.product.prodname_codeql %}. For more information, see "[Running CodeQL code scanning in a container](/code-security/secure-coding/running-codeql-code-scanning-in-a-container)."
- Building using a distributed build system external to GitHub Actions, using a daemon process.
- {% data variables.product.prodname_codeql %} isn't aware of the specific compiler you are using.
For .NET Framework projects, and for C# projects using either `dotnet build` or `msbuild`, you should specify `/p:UseSharedCompilation=false` in your workflow's `run` step, when you build your code.
@@ -151,9 +151,10 @@ If your workflow fails with an error `No source code was seen during the build`
If you encounter another problem with your specific compiler or configuration, contact {% data variables.contact.contact_support %}.
For more information about specifying build steps, see "[Configuring the {% data variables.product.prodname_codeql %} workflow for compiled languages](/code-security/secure-coding/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
For more information about specifying build steps, see "[Configuring the {% data variables.product.prodname_codeql %} workflow for compiled languages](/code-security/secure-coding/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
{% ifversion fpt or ghes > 3.1 or ghae or ghec %}
## Lines of code scanned are lower than expected
For compiled languages like C/C++, C#, Go, and Java, {% data variables.product.prodname_codeql %} only scans files that are built during the analysis. Therefore the number of lines of code scanned will be lower than expected if some of the source code isn't compiled correctly. This can happen for several reasons:
@@ -163,12 +164,13 @@ For compiled languages like C/C++, C#, Go, and Java, {% data variables.product.p
If your {% data variables.product.prodname_codeql %} analysis scans fewer lines of code than expected, there are several approaches you can try to make sure all the necessary source files are compiled.
### Replace the `autobuild` step
### Replace the `autobuild` step
Replace the `autobuild` step with the same build commands you would use in production. This makes sure that {% data variables.product.prodname_codeql %} knows exactly how to compile all of the source files you want to scan.
For more information, see "[Configuring the {% data variables.product.prodname_codeql %} workflow for compiled languages](/code-security/secure-coding/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
For more information, see "[Configuring the {% data variables.product.prodname_codeql %} workflow for compiled languages](/code-security/secure-coding/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
### Inspect the copy of the source files in the {% data variables.product.prodname_codeql %} database
You may be able to understand why some source files haven't been analyzed by inspecting the copy of the source code included with the {% data variables.product.prodname_codeql %} database. To obtain the database from your Actions workflow, modify the `init` step of your {% data variables.product.prodname_codeql %} workflow file and set `debug: true`.
```yaml
@@ -188,12 +190,13 @@ The artifact will contain an archived copy of the source files scanned by {% dat
## Extraction errors in the database
The {% data variables.product.prodname_codeql %} team constantly works on critical extraction errors to make sure that all source files can be scanned. However, the {% data variables.product.prodname_codeql %} extractors do occasionally generate errors during database creation. {% data variables.product.prodname_codeql %} provides information about extraction errors and warnings generated during database creation in a log file.
The {% data variables.product.prodname_codeql %} team constantly works on critical extraction errors to make sure that all source files can be scanned. However, the {% data variables.product.prodname_codeql %} extractors do occasionally generate errors during database creation. {% data variables.product.prodname_codeql %} provides information about extraction errors and warnings generated during database creation in a log file.
The extraction diagnostics information gives an indication of overall database health. Most extractor errors do not significantly impact the analysis. A small number of extractor errors is healthy and typically indicates a good state of analysis.
However, if you see extractor errors in the overwhelming majority of files that were compiled during database creation, you should look into the errors in more detail to try to understand why some source files weren't extracted properly.
{% else %}
## Portions of my repository were not analyzed using `autobuild`
The {% data variables.product.prodname_codeql %} `autobuild` feature uses heuristics to build the code in a repository, however, sometimes this approach results in incomplete analysis of a repository. For example, when multiple `build.sh` commands exist in a single repository, the analysis may not complete since the `autobuild` step will only execute one of the commands. The solution is to replace the `autobuild` step with build steps which build all of the source code which you wish to analyze. For more information, see "[Configuring the {% data variables.product.prodname_codeql %} workflow for compiled languages](/code-security/secure-coding/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
@@ -201,7 +204,7 @@ The {% data variables.product.prodname_codeql %} `autobuild` feature uses heuris
## The build takes too long
If your build with {% data variables.product.prodname_codeql %} analysis takes too long to run, there are several approaches you can try to reduce the build time.
If your build with {% data variables.product.prodname_codeql %} analysis takes too long to run, there are several approaches you can try to reduce the build time.
### Increase the memory or cores
@@ -225,7 +228,7 @@ If your analysis is still too slow to be run during `push` or `pull_request` eve
### Check which query suites the workflow runs
By default, there are three main query suites available for each language. If you have optimized the CodeQL database build and the process is still too long, you could reduce the number of queries you run. The default query suite is run automatically; it contains the fastest security queries with the lowest rates of false positive results.
By default, there are three main query suites available for each language. If you have optimized the CodeQL database build and the process is still too long, you could reduce the number of queries you run. The default query suite is run automatically; it contains the fastest security queries with the lowest rates of false positive results.
You may be running extra queries or query suites in addition to the default queries. Check whether the workflow defines an additional query suite or additional queries to run using the `queries` element. You can experiment with disabling the additional query suite or queries. For more information, see "[Configuring {% data variables.product.prodname_code_scanning %}](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs)."
@@ -237,6 +240,7 @@ You may be running extra queries or query suites in addition to the default quer
{% endif %}
{% ifversion fpt or ghec %}
## Results differ between analysis platforms
If you are analyzing code written in Python, you may see different results depending on whether you run the {% data variables.product.prodname_codeql_workflow %} on Linux, macOS, or Windows.
@@ -256,11 +260,13 @@ On very large projects, {% data variables.product.prodname_codeql %} may run out
{% else %}If you encounter this issue, try increasing the memory on the runner.{% endif %}
{% ifversion fpt or ghec %}
## Error: 403 "Resource not accessible by integration" when using {% data variables.product.prodname_dependabot %}
{% data variables.product.prodname_dependabot %} is considered untrusted when it triggers a workflow run, and the workflow will run with read-only scopes. Uploading {% data variables.product.prodname_code_scanning %} results for a branch usually requires the `security_events: write` scope. However, {% data variables.product.prodname_code_scanning %} always allows the uploading of results when the `pull_request` event triggers the action run. This is why, for {% data variables.product.prodname_dependabot %} branches, we recommend you use the `pull_request` event instead of the `push` event.
A simple approach is to run on pushes to the default branch and any other important long-running branches, as well as pull requests opened against this set of branches:
```yaml
on:
push:
@@ -270,7 +276,9 @@ on:
branches:
- main
```
An alternative approach is to run on all pushes except for {% data variables.product.prodname_dependabot %} branches:
```yaml
on:
push:
@@ -282,6 +290,7 @@ on:
### Analysis still failing on the default branch
If the {% data variables.product.prodname_codeql_workflow %} still fails on a commit made on the default branch, you need to check:
- whether {% data variables.product.prodname_dependabot %} authored the commit
- whether the pull request that includes the commit has been merged using `@dependabot squash and merge`

11
translations/ja-JP/content/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/about-codeql-code-scanning-in-your-ci-system.md
View File

@@ -49,21 +49,12 @@ redirect_from:
Use the {% data variables.product.prodname_codeql_cli %} to analyze:
- Dynamic languages, for example, JavaScript and Python.
- Compiled languages, for example, C/C++, C# and Java.
- Compiled languages, for example, C/C++, C#,{% ifversion codeql-go-autobuild %} Go,{% endif %} and Java.
- Codebases written in a mixture of languages.
For more information, see "[Installing {% data variables.product.prodname_codeql_cli %} in your CI system](/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/installing-codeql-cli-in-your-ci-system)."
{% data reusables.code-scanning.licensing-note %}
{% ifversion ghes = 3.2 %}
<!-- Content for GHES 3.2 only. CodeQL CLI 2.6.2, which introduces full feature parity between CodeQL CLI and CodeQL runner, is officially recommended for GHES 3.0+ -->
Since version 2.6.3, the {% data variables.product.prodname_codeql_cli %} has had full feature parity with the {% data variables.product.prodname_codeql_runner %}.
{% data reusables.code-scanning.deprecation-codeql-runner %}
{% endif %}
<!--Content for GHES 3.1 only. Both CodeQL CLI and CodeQL runner are available -->

4
translations/ja-JP/content/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-cli-in-your-ci-system.md
View File

@@ -78,8 +78,8 @@ You can display the command-line help for any command using the <nobr>`--help`</
| <nobr>`--command`</nobr> | | Recommended. Use to specify the build command or script that invokes the build process for the codebase. Commands are run from the current folder or, where it is defined, from <nobr>`--source-root`</nobr>. Not needed for Python and JavaScript/TypeScript analysis. |
| <nobr>`--db-cluster`</nobr> | | Optional. Use in multi-language codebases to generate one database for each language specified by <nobr>`--language`</nobr>.
| <nobr>`--no-run-unnecessary-builds`</nobr> | | Recommended. Use to suppress the build command for languages where the {% data variables.product.prodname_codeql_cli %} does not need to monitor the build (for example, Python and JavaScript/TypeScript).
| <nobr>`--source-root`</nobr> | | Optional. Use if you run the CLI outside the checkout root of the repository. By default, the `database create` command assumes that the current directory is the root directory for the source files, use this option to specify a different location. |{% ifversion fpt or ghec or ghes > 3.2 or ghae %}
| <nobr>`--codescanning-config`</nobr> | | Optional (Advanced). Use if you have a configuration file that specifies how to create the {% data variables.product.prodname_codeql %} databases and what queries to run in later steps. For more information, see "[Using a custom configuration file](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-a-custom-configuration-file)" and "[database create](https://codeql.github.com/docs/codeql-cli/manual/database-create/#cmdoption-codeql-database-create-codescanning-config)." |{% endif %}
| <nobr>`--source-root`</nobr> | | Optional. Use if you run the CLI outside the checkout root of the repository. By default, the `database create` command assumes that the current directory is the root directory for the source files, use this option to specify a different location. |
| <nobr>`--codescanning-config`</nobr> | | Optional (Advanced). Use if you have a configuration file that specifies how to create the {% data variables.product.prodname_codeql %} databases and what queries to run in later steps. For more information, see "[Using a custom configuration file](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-a-custom-configuration-file)" and "[database create](https://codeql.github.com/docs/codeql-cli/manual/database-create/#cmdoption-codeql-database-create-codescanning-config)." |
For more information, see [Creating {% data variables.product.prodname_codeql %} databases](https://codeql.github.com/docs/codeql-cli/creating-codeql-databases/) in the documentation for the {% data variables.product.prodname_codeql_cli %}.

2
translations/ja-JP/content/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-runner-in-your-ci-system.md
View File

@@ -115,7 +115,7 @@ $ /path/to-runner/codeql-runner-linux init --config-file .github/codeql/codeql-c
## Configuring {% data variables.product.prodname_code_scanning %} for compiled languages
For the compiled languages C/C++, C#, and Java, {% data variables.product.prodname_codeql %} builds the code before analyzing it. {% data reusables.code-scanning.analyze-go %}
For the compiled languages C/C++, C#,{% ifversion codeql-go-autobuild %} Go,{% endif %} and Java, {% data variables.product.prodname_codeql %} builds the code before analyzing it. {% data reusables.code-scanning.analyze-go %}
For many common build systems, the {% data variables.product.prodname_codeql_runner %} can build the code automatically. To attempt to build the code automatically, run `autobuild` between the `init` and `analyze` steps. Note that if your repository requires a specific version of a build tool, you may need to install the build tool manually first.

4
translations/ja-JP/content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md
View File

@@ -76,7 +76,7 @@ For information about access requirements for actions related to {% data variabl
When {% data variables.product.product_name %} identifies a vulnerable dependency{% ifversion GH-advisory-db-supports-malware %} or malware{% endif %}, we generate a {% data variables.product.prodname_dependabot %} alert and display it {% ifversion fpt or ghec or ghes %} on the Security tab for the repository and{% endif %} in the repository's dependency graph. The alert includes {% ifversion fpt or ghec or ghes %}a link to the affected file in the project, and {% endif %}information about a fixed version. {% data variables.product.product_name %} may also notify the maintainers of affected repositories about the new alert according to their notification preferences. For more information, see "[Configuring notifications for {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts)."
{% ifversion fpt or ghec or ghes > 3.2 %}
{% ifversion fpt or ghec or ghes %}
For repositories where {% data variables.product.prodname_dependabot_security_updates %} are enabled, the alert may also contain a link to a pull request to update the manifest or lock file to the minimum version that resolves the vulnerability. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)."
{% endif %}
@@ -98,7 +98,7 @@ By default, we notify people with admin permissions in the affected repositories
You can also see all the {% data variables.product.prodname_dependabot_alerts %} that correspond to a particular advisory in the {% data variables.product.prodname_advisory_database %}. {% data reusables.security-advisory.link-browsing-advisory-db %}
{% ifversion fpt or ghec or ghes > 3.2 %}
{% ifversion fpt or ghec or ghes %}
## Further reading
- "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)"

188
translations/ja-JP/content/code-security/dependabot/dependabot-alerts/browsing-security-advisories-in-the-github-advisory-database.md
View File

@@ -1,188 +0,0 @@
---
title: Browsing security advisories in the GitHub Advisory Database
intro: 'You can browse the {% data variables.product.prodname_advisory_database %} to find advisories for security risks in open source projects that are hosted on {% data variables.product.company_short %}.'
shortTitle: Browse Advisory Database
miniTocMaxHeadingLevel: 3
redirect_from:
- /github/managing-security-vulnerabilities/browsing-security-vulnerabilities-in-the-github-advisory-database
- /code-security/supply-chain-security/browsing-security-vulnerabilities-in-the-github-advisory-database
- /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/browsing-security-vulnerabilities-in-the-github-advisory-database
- /code-security/dependabot/dependabot-alerts/browsing-security-vulnerabilities-in-the-github-advisory-database
versions:
fpt: '*'
ghec: '*'
ghes: '*'
ghae: '*'
type: how_to
topics:
- Security advisories
- Alerts
- Dependabot
- Vulnerabilities
- CVEs
---
<!--Marketing-LINK: From /features/security/software-supply-chain page "Browsing security vulnerabilities in the GitHub Advisory Database".-->
## About the {% data variables.product.prodname_advisory_database %}
The {% data variables.product.prodname_advisory_database %} contains a list of known security vulnerabilities {% ifversion GH-advisory-db-supports-malware %}and malware, {% endif %}grouped in two categories: {% data variables.product.company_short %}-reviewed advisories and unreviewed advisories.
{% data reusables.repositories.tracks-vulnerabilities %}
## About types of security advisories
{% data reusables.advisory-database.beta-malware-advisories %}
Each advisory in the {% data variables.product.prodname_advisory_database %} is for a vulnerability in open source projects{% ifversion GH-advisory-db-supports-malware %} or for malicious open source software{% endif %}.
{% data reusables.repositories.a-vulnerability-is %} Vulnerabilities in code are usually introduced by accident and fixed soon after they are discovered. You should update your code to use the fixed version of the dependency as soon as it is available.
{% ifversion GH-advisory-db-supports-malware %}
In contrast, malicious software, or malware, is code that is intentionally designed to perform unwanted or harmful functions. The malware may target hardware, software, confidential data, or users of any application that uses the malware. You need to remove the malware from your project and find an alternative, more secure replacement for the dependency.
{% endif %}
### {% data variables.product.company_short %}-reviewed advisories
{% data variables.product.company_short %}-reviewed advisories are security vulnerabilities{% ifversion GH-advisory-db-supports-malware %} or malware{% endif %} that have been mapped to packages in ecosystems we support. We carefully review each advisory for validity and ensure that they have a full description, and contain both ecosystem and package information.
Generally, we name our supported ecosystems after the software programming language's associated package registry. We review advisories if they are for a vulnerability in a package that comes from a supported registry.
- Composer (registry: https://packagist.org/){% ifversion GH-advisory-db-erlang-support %}
- Erlang (registry: https://hex.pm/){% endif %}
- Go (registry: https://pkg.go.dev/)
{%- ifversion fpt or ghec or ghes > 3.6 or ghae > 3.6 %}
- GitHub Actions (https://github.com/marketplace?type=actions/) {% endif %}
- Maven (registry: https://repo.maven.apache.org/maven2)
- npm (registry: https://www.npmjs.com/)
- NuGet (registry: https://www.nuget.org/)
- pip (registry: https://pypi.org/){% ifversion dependency-graph-dart-support %}
- pub (registry: https://pub.dev/packages/registry){% endif %}
- RubyGems (registry: https://rubygems.org/)
- Rust (registry: https://crates.io/)
If you have a suggestion for a new ecosystem we should support, please open an [issue](https://github.com/github/advisory-database/issues) for discussion.
If you enable {% data variables.product.prodname_dependabot_alerts %} for your repositories, you are automatically notified when a new {% data variables.product.company_short %}-reviewed advisory reports a vulnerability {% ifversion GH-advisory-db-supports-malware %}or malware{% endif %} for a package you depend on. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."
### Unreviewed advisories
Unreviewed advisories are security vulnerabilites that we publish automatically into the {% data variables.product.prodname_advisory_database %}, directly from the National Vulnerability Database feed.
{% data variables.product.prodname_dependabot %} doesn't create {% data variables.product.prodname_dependabot_alerts %} for unreviewed advisories as this type of advisory isn't checked for validity or completion.
## About information in security advisories
Each security advisory contains information about the vulnerability{% ifversion GH-advisory-db-supports-malware %} or malware,{% endif %} which may include the description, severity, affected package, package ecosystem, affected versions and patched versions, impact, and optional information such as references, workarounds, and credits. In addition, advisories from the National Vulnerability Database list contain a link to the CVE record, where you can read more details about the vulnerability, its CVSS scores, and its qualitative severity level. For more information, see the "[National Vulnerability Database](https://nvd.nist.gov/)" from the National Institute of Standards and Technology.
The severity level is one of four possible levels defined in the "[Common Vulnerability Scoring System (CVSS), Section 5](https://www.first.org/cvss/specification-document)."
- Low
- Medium/Moderate
- High
- Critical
The {% data variables.product.prodname_advisory_database %} uses the CVSS levels described above. If {% data variables.product.company_short %} obtains a CVE, the {% data variables.product.prodname_advisory_database %} uses CVSS version 3.1. If the CVE is imported, the {% data variables.product.prodname_advisory_database %} supports both CVSS versions 3.0 and 3.1.
{% data reusables.repositories.github-security-lab %}
## Accessing an advisory in the {% data variables.product.prodname_advisory_database %}
1. Navigate to https://github.com/advisories.
2. Optionally, to filter the list, use any of the drop-down menus.
![Dropdown filters](/assets/images/help/security/advisory-database-dropdown-filters.png)
{% tip %}
**Tip:** You can use the sidebar on the left to explore {% data variables.product.company_short %}-reviewed and unreviewed advisories separately.
{% endtip %}
3. Click an advisory to view details. By default, you will see {% data variables.product.company_short %}-reviewed advisories for security vulnerabilities. {% ifversion GH-advisory-db-supports-malware %}To show malware advisories, use `type:malware` in the search bar.{% endif %}
{% note %}
The database is also accessible using the GraphQL API. {% ifversion GH-advisory-db-supports-malware %}By default, queries will return {% data variables.product.company_short %}-reviewed advisories for security vulnerabilities unless you specify `type:malware`.{% endif %} For more information, see the "[`security_advisory` webhook event](/webhooks/event-payloads/#security_advisory)."
{% endnote %}
## Editing an advisory in the {% data variables.product.prodname_advisory_database %}
You can suggest improvements to any advisory in the {% data variables.product.prodname_advisory_database %}. For more information, see "[Editing security advisories in the {% data variables.product.prodname_advisory_database %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database)."
## Searching the {% data variables.product.prodname_advisory_database %}
You can search the database, and use qualifiers to narrow your search. For example, you can search for advisories created on a certain date, in a specific ecosystem, or in a particular library.
{% data reusables.time_date.date_format %} {% data reusables.time_date.time_format %}
{% data reusables.search.date_gt_lt %}
| Qualifier | Example |
| ------------- | ------------- |
| `type:reviewed`| [**type:reviewed**](https://github.com/advisories?query=type%3Areviewed) will show {% data variables.product.company_short %}-reviewed advisories for security vulnerabilities. |
{% ifversion GH-advisory-db-supports-malware %}| `type:malware` | [**type:malware**](https://github.com/advisories?query=type%3Amalware) will show {% data variables.product.company_short %}-reviewed advisories for malware. |
{% endif %}| `type:unreviewed`| [**type:unreviewed**](https://github.com/advisories?query=type%3Aunreviewed) will show unreviewed advisories. |
| `GHSA-ID`| [**GHSA-49wp-qq6x-g2rf**](https://github.com/advisories?query=GHSA-49wp-qq6x-g2rf) will show the advisory with this {% data variables.product.prodname_advisory_database %} ID. |
| `CVE-ID`| [**CVE-2020-28482**](https://github.com/advisories?query=CVE-2020-28482) will show the advisory with this CVE ID number. |
| `ecosystem:ECOSYSTEM`| [**ecosystem:npm**](https://github.com/advisories?utf8=%E2%9C%93&query=ecosystem%3Anpm) will show only advisories affecting NPM packages. |
| `severity:LEVEL`| [**severity:high**](https://github.com/advisories?utf8=%E2%9C%93&query=severity%3Ahigh) will show only advisories with a high severity level. |
| `affects:LIBRARY`| [**affects:lodash**](https://github.com/advisories?utf8=%E2%9C%93&query=affects%3Alodash) will show only advisories affecting the lodash library. |
| `cwe:ID`| [**cwe:352**](https://github.com/advisories?query=cwe%3A352) will show only advisories with this CWE number. |
| `credit:USERNAME`| [**credit:octocat**](https://github.com/advisories?query=credit%3Aoctocat) will show only advisories credited to the "octocat" user account. |
| `sort:created-asc`| [**sort:created-asc**](https://github.com/advisories?utf8=%E2%9C%93&query=sort%3Acreated-asc) will sort by the oldest advisories first. |
| `sort:created-desc`| [**sort:created-desc**](https://github.com/advisories?utf8=%E2%9C%93&query=sort%3Acreated-desc) will sort by the newest advisories first. |
| `sort:updated-asc`| [**sort:updated-asc**](https://github.com/advisories?utf8=%E2%9C%93&query=sort%3Aupdated-asc) will sort by the least recently updated first. |
| `sort:updated-desc`| [**sort:updated-desc**](https://github.com/advisories?utf8=%E2%9C%93&query=sort%3Aupdated-desc) will sort by the most recently updated first. |
| `is:withdrawn`| [**is:withdrawn**](https://github.com/advisories?utf8=%E2%9C%93&query=is%3Awithdrawn) will show only advisories that have been withdrawn. |
| `created:YYYY-MM-DD`| [**created:2021-01-13**](https://github.com/advisories?utf8=%E2%9C%93&query=created%3A2021-01-13) will show only advisories created on this date. |
| `updated:YYYY-MM-DD`| [**updated:2021-01-13**](https://github.com/advisories?utf8=%E2%9C%93&query=updated%3A2021-01-13) will show only advisories updated on this date. |
## Viewing your vulnerable repositories
For any {% data variables.product.company_short %}-reviewed advisory in the {% data variables.product.prodname_advisory_database %}, you can see which of your repositories are affected by that security vulnerability{% ifversion GH-advisory-db-supports-malware %} or malware{% endif %}. To see a vulnerable repository, you must have access to {% data variables.product.prodname_dependabot_alerts %} for that repository. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#access-to-dependabot-alerts)."
1. Navigate to https://github.com/advisories.
2. Click an advisory.
3. At the top of the advisory page, click **Dependabot alerts**.
![Dependabot alerts](/assets/images/help/security/advisory-database-dependabot-alerts.png)
4. Optionally, to filter the list, use the search bar or the drop-down menus. The "Organization" drop-down menu allows you to filter the {% data variables.product.prodname_dependabot_alerts %} per owner (organization or user).
![Search bar and drop-down menus to filter alerts](/assets/images/help/security/advisory-database-dependabot-alerts-filters.png)
5. For more details about the advisory, and for advice on how to fix the vulnerable repository, click the repository name.
{% ifversion security-advisories-ghes-ghae %}
## Accessing the local advisory database on {% data variables.location.product_location %}
If your site administrator has enabled {% data variables.product.prodname_github_connect %} for {% data variables.location.product_location %}, you can also browse reviewed advisories locally. For more information, see "[About {% data variables.product.prodname_github_connect %}](/admin/configuration/configuring-github-connect/about-github-connect)".
You can use your local advisory database to check whether a specific security vulnerability is included, and therefore whether you'd get alerts for vulnerable dependencies. You can also view any vulnerable repositories.
1. Navigate to `https://HOSTNAME/advisories`.
2. Optionally, to filter the list, use any of the drop-down menus.
![Dropdown filters](/assets/images/help/security/advisory-database-dropdown-filters.png)
{% note %}
**Note:** Only reviewed advisories will be listed. Unreviewed advisories can be viewed in the {% data variables.product.prodname_advisory_database %} on {% data variables.product.prodname_dotcom_the_website %}. For more information, see "[Accessing an advisory in the GitHub Advisory Database](#accessing-an-advisory-in-the-github-advisory-database)".
{% endnote %}
3. Click an advisory to view details.{% ifversion GH-advisory-db-supports-malware %} By default, you will see {% data variables.product.company_short %}-reviewed advisories for security vulnerabilities. To show malware advisories, use `type:malware` in the search bar.{% endif %}
You can also suggest improvements to any advisory directly from your local advisory database. For more information, see "[Editing advisories from {% data variables.location.product_location %}](/code-security/dependabot/dependabot-alerts/editing-security-advisories-in-the-github-advisory-database#editing-advisories-from-your-github-enterprise-server-instance)".
### Viewing vulnerable repositories for {% data variables.location.product_location %}
{% data reusables.repositories.enable-security-alerts %}
In the local advisory database, you can see which repositories are affected by each security vulnerability{% ifversion GH-advisory-db-supports-malware %} or malware{% endif %}. To see a vulnerable repository, you must have access to {% data variables.product.prodname_dependabot_alerts %} for that repository. For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#access-to-dependabot-alerts)."
1. Navigate to `https://HOSTNAME/advisories`.
2. Click an advisory.
3. At the top of the advisory page, click **Dependabot alerts**.
![Dependabot alerts](/assets/images/help/security/advisory-database-dependabot-alerts.png)
4. Optionally, to filter the list, use the search bar or the drop-down menus. The "Organization" drop-down menu allows you to filter the {% data variables.product.prodname_dependabot_alerts %} per owner (organization or user).
![Search bar and drop-down menus to filter alerts](/assets/images/help/security/advisory-database-dependabot-alerts-filters.png)
5. For more details about the advisory, and for advice on how to fix the vulnerable repository, click the repository name.
{% endif %}
## Further reading
- MITRE's [definition of "vulnerability"](https://www.cve.org/ResourcesSupport/Glossary#vulnerability)

55
translations/ja-JP/content/code-security/dependabot/dependabot-alerts/editing-security-advisories-in-the-github-advisory-database.md
View File

@@ -1,55 +0,0 @@
---
title: Editing security advisories in the GitHub Advisory Database
intro: 'You can submit improvements to any advisory published in the {% data variables.product.prodname_advisory_database %}.'
redirect_from:
- /code-security/security-advisories/editing-security-advisories-in-the-github-advisory-database
- /code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/editing-security-advisories-in-the-github-advisory-database
versions:
fpt: '*'
ghec: '*'
ghes: '*'
ghae: '*'
type: how_to
topics:
- Security advisories
- Alerts
- Dependabot
- Vulnerabilities
- CVEs
shortTitle: Edit Advisory Database
---
## About editing advisories in the {% data variables.product.prodname_advisory_database %}
Security advisories in the {% data variables.product.prodname_advisory_database %} at [github.com/advisories](https://github.com/advisories) are considered global advisories. Anyone can suggest improvements on any global security advisory in the {% data variables.product.prodname_advisory_database %}. You can edit or add any detail, including additionally affected ecosystems, severity level or description of who is impacted. The {% data variables.product.prodname_security %} curation team will review the submitted improvements and publish them onto the {% data variables.product.prodname_advisory_database %} if accepted.
{% ifversion fpt or ghec %}
Only repository owners and administrators can edit repository-level security advisories. For more information, see "[Editing a repository security advisory](/code-security/security-advisories/editing-a-security-advisory)."{% endif %}
## Editing advisories in the GitHub Advisory Database
1. Navigate to https://github.com/advisories.
1. Select the security advisory you would like to contribute to.
1. On the right-hand side of the page, click the **Suggest improvements for this vulnerability** link.
![Screenshot of the suggest improvements link](/assets/images/help/security/suggest-improvements-to-advisory.png)
1. In the "Improve security advisory" form, make the desired improvements. You can edit or add any detail.{% ifversion fpt or ghec %} For information about correctly specifying information on the form, including affected versions, see "[Best practices for writing repository security advisories](/code-security/repository-security-advisories/best-practices-for-writing-repository-security-advisories)."{% endif %}{% ifversion security-advisories-reason-for-change %}
1. Under **Reason for change**, explain why you want to make this improvement. If you include links to supporting material this will help our reviewers.
![Screenshot of the reason for change field](/assets/images/help/security/security-advisories-suggest-improvement-reason.png){% endif %}
1. When you finish editing the advisory, click **Submit improvements**.
1. Once you submit your improvements, a pull request containing your changes will be created for review in [github/advisory-database](https://github.com/github/advisory-database) by the {% data variables.product.prodname_security %} curation team. If the advisory originated from a {% data variables.product.prodname_dotcom %} repository, we will also tag the original publisher for optional commentary. You can view the pull request and get notifications when it is updated or closed.
You can also open a pull request directly on an advisory file in the [github/advisory-database](https://github.com/github/advisory-database) repository. For more information, see the [contribution guidelines](https://github.com/github/advisory-database/blob/main/CONTRIBUTING.md).
{% ifversion security-advisories-ghes-ghae %}
## Editing advisories from {% data variables.location.product_location %}
If you have {% data variables.product.prodname_github_connect %} enabled for {% data variables.location.product_location %}, you will be able to see advisories by adding `/advisories` to the instance url.
1. Navigate to `https://HOSTNAME/advisories`.
2. Select the security advisory you would like to contribute to.
3. On the right-hand side of the page, click the **Suggest improvements for this vulnerability on Github.com.** link. A new tab opens with the same security advisory on {% data variables.product.prodname_dotcom_the_website %}.
![Suggest improvements link](/assets/images/help/security/suggest-improvements-to-advisory-on-github-com.png)
4. Edit the advisory, following steps four through six in "[Editing advisories in the GitHub Advisory Database](#editing-advisories-in-the-github-advisory-database)" above.
{% endif %}

2
translations/ja-JP/content/code-security/dependabot/dependabot-alerts/index.md
View File

@@ -15,8 +15,6 @@ topics:
- Repositories
- Dependencies
children:
- /browsing-security-advisories-in-the-github-advisory-database
- /editing-security-advisories-in-the-github-advisory-database
- /about-dependabot-alerts
- /configuring-dependabot-alerts
- /viewing-and-updating-dependabot-alerts

12
translations/ja-JP/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md
View File

@@ -26,13 +26,13 @@ topics:
{% data reusables.dependabot.beta-security-and-version-updates %}
{% data reusables.dependabot.enterprise-enable-dependabot %}
Your repository's {% data variables.product.prodname_dependabot_alerts %} tab lists all open and closed {% data variables.product.prodname_dependabot_alerts %}{% ifversion fpt or ghec or ghes > 3.2 %} and corresponding {% data variables.product.prodname_dependabot_security_updates %}{% endif %}. You can{% ifversion fpt or ghec or ghes > 3.4 or ghae > 3.4 %} filter alerts by package, ecosystem, or manifest. You can {% endif %} sort the list of alerts, and you can click into specific alerts for more details. {% ifversion dependabot-bulk-alerts %}You can also dismiss or reopen alerts, either one by one or by selecting multiple alerts at once.{% else %}You can also dismiss or reopen alerts. {% endif %} For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."
Your repository's {% data variables.product.prodname_dependabot_alerts %} tab lists all open and closed {% data variables.product.prodname_dependabot_alerts %}{% ifversion fpt or ghec or ghes %} and corresponding {% data variables.product.prodname_dependabot_security_updates %}{% endif %}. You can{% ifversion fpt or ghec or ghes > 3.4 or ghae > 3.4 %} filter alerts by package, ecosystem, or manifest. You can {% endif %} sort the list of alerts, and you can click into specific alerts for more details. {% ifversion dependabot-bulk-alerts %}You can also dismiss or reopen alerts, either one by one or by selecting multiple alerts at once.{% else %}You can also dismiss or reopen alerts. {% endif %} For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."
{% ifversion fpt or ghec or ghes > 3.2 %}
{% ifversion fpt or ghec or ghes %}
You can enable automatic security updates for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-dependabot-security-updates)."
{% endif %}
{% ifversion fpt or ghec or ghes > 3.2 %}
{% ifversion fpt or ghec or ghes %}
## About updates for vulnerable dependencies in your repository
{% data variables.product.product_name %} generates {% data variables.product.prodname_dependabot_alerts %} when we detect that your codebase is using dependencies with known security risks. For repositories where {% data variables.product.prodname_dependabot_security_updates %} are enabled, when {% data variables.product.product_name %} detects a vulnerable dependency in the default branch, {% data variables.product.prodname_dependabot %} creates a pull request to fix it. The pull request will upgrade the dependency to the minimum possible secure version needed to avoid the vulnerability.
@@ -144,16 +144,16 @@ For supported languages, {% data variables.product.prodname_dependabot %} detect
### Fixing vulnerable dependencies
1. View the details for an alert. For more information, see "[Viewing {% data variables.product.prodname_dependabot_alerts %}](#viewing-dependabot-alerts)" (above).
{% ifversion fpt or ghec or ghes > 3.2 %}
{% ifversion fpt or ghec or ghes %}
1. If you have {% data variables.product.prodname_dependabot_security_updates %} enabled, there may be a link to a pull request that will fix the dependency. Alternatively, you can click **Create {% data variables.product.prodname_dependabot %} security update** at the top of the alert details page to create a pull request.
![Create {% data variables.product.prodname_dependabot %} security update button](/assets/images/help/repository/create-dependabot-security-update-button-ungrouped.png)
1. Optionally, if you do not use {% data variables.product.prodname_dependabot_security_updates %}, you can use the information on the page to decide which version of the dependency to upgrade to and create a pull request to update the dependency to a secure version.
{% elsif ghes < 3.3 or ghae %}
{% elsif ghae %}
1. You can use the information on the page to decide which version of the dependency to upgrade to and create a pull request to the manifest or lock file to a secure version.
{% endif %}
1. When you're ready to update your dependency and resolve the vulnerability, merge the pull request.
{% ifversion fpt or ghec or ghes > 3.2 %}
{% ifversion fpt or ghec or ghes %}
Each pull request raised by {% data variables.product.prodname_dependabot %} includes information on commands you can use to control {% data variables.product.prodname_dependabot %}. For more information, see "[Managing pull requests for dependency updates](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands)."
{% endif %}

2
translations/ja-JP/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md
View File

@@ -13,7 +13,7 @@ redirect_from:
versions:
fpt: '*'
ghec: '*'
ghes: '>3.2'
ghes: '*'
type: how_to
topics:
- Dependabot

10
translations/ja-JP/content/code-security/dependabot/dependabot-security-updates/index.md
View File

@@ -5,7 +5,7 @@ allowTitleToDifferFromFilename: true
versions:
fpt: '*'
ghec: '*'
ghes: '>3.2'
ghes: '*'
topics:
- Repositories
- Dependabot
@@ -16,11 +16,11 @@ shortTitle: Dependabot security updates
children:
- /about-dependabot-security-updates
- /configuring-dependabot-security-updates
ms.openlocfilehash: 046ef28084ce31c1a4178355f5db6644b5ba0f12
ms.sourcegitcommit: 47bd0e48c7dba1dde49baff60bc1eddc91ab10c5
ms.openlocfilehash: e18b6331f762a81b82c759de5fdbc6eeed300308
ms.sourcegitcommit: f638d569cd4f0dd6d0fb967818267992c0499110
ms.translationtype: HT
ms.contentlocale: ja-JP
ms.lasthandoff: 09/05/2022
ms.locfileid: '145124877'
ms.lasthandoff: 10/25/2022
ms.locfileid: '148108899'
---

2
translations/ja-JP/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md
View File

@@ -11,7 +11,7 @@ miniTocMaxHeadingLevel: 3
versions:
fpt: '*'
ghec: '*'
ghes: '>3.2'
ghes: '*'
type: reference
topics:
- Dependabot

Some files were not shown because too many files have changed in this diff Show More