jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-21 10:57:10 -05:00
Code Issues Projects Releases Wiki Activity

Merge branch 'main' into patch-1

Browse Source
This commit is contained in:
Felicity Chapman
2020-10-21 23:10:03 +01:00
committed by GitHub
parent a683168857 9fc242a2bc
commit d43a895922
9005 changed files with 82960 additions and 119490 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
content/github/administering-a-repository/configuration-options-for-dependency-updates.md
View File

@@ -546,12 +546,6 @@ updates:
Use the `vendor` option to tell {% data variables.product.prodname_dependabot_short %} to vendor dependencies when updating them.
{% note %}
Currently, {% data variables.product.prodname_dependabot_short %} only supports vendoring dependencies for Bundler.
{% endnote %}
```yaml
# Configure version updates for both dependencies defined in manifests and vendored dependencies
@@ -565,7 +559,13 @@ updates:
interval: "weekly"
```
{% data variables.product.prodname_dependabot_short %} only updates the vendored dependencies located in specific directories in a repository. For Bundler, the dependencies must be in the _vendor/cache_ directory. Other file paths are not supported. For more information, see the [`bundle cache` documentation](https://bundler.io/man/bundle-cache.1.html).
{% data variables.product.prodname_dependabot_short %} only updates the vendored dependencies located in specific directories in a repository.
| Package manager | Required file path for vendored dependencies | More information |
|------------------|-------------------------------|--------|
| `bundler` | The dependencies must be in the _vendor/cache_ directory.</br>Other file paths are not supported. | [`bundle cache` documentation](https://bundler.io/man/bundle-cache.1.html) |
| `gomod` | No path requirement (dependencies are usually located in the _vendor_ directory) | [`go mod vendor` documentation](https://golang.org/ref/mod#go-mod-vendor) |
### `versioning-strategy`

2
content/github/authenticating-to-github/adding-a-new-ssh-key-to-your-github-account.md
View File

@@ -87,7 +87,7 @@ After adding a new SSH key to your {% data variables.product.product_name %} acc
$ sudo apt-get install xclip
# Downloads and installs xclip. If you don't have `apt-get`, you might need to use another installer (like `yum`)
$ xclip -sel clip &lt; ~/.ssh/id_rsa.pub
$ xclip -selection clipboard &lt; ~/.ssh/id_rsa.pub
# Copies the contents of the id_rsa.pub file to your clipboard
```
{% tip %}

2
content/github/authenticating-to-github/generating-a-new-gpg-key.md
View File

@@ -29,7 +29,7 @@ versions:
```shell
$ gpg --default-new-key-algo rsa4096 --gen-key
```
4. At the prompt, specify the kind of key you want, or press `Enter` to accept the default `RSA and DSA`.
4. At the prompt, specify the kind of key you want, or press `Enter` to accept the default `RSA and RSA`.
5. Enter the desired key size. Your key must be at least `4096` bits.
6. Enter the length of time the key should be valid. Press `Enter` to specify the default selection, indicating that the key doesn't expire.
7. Verify that your selections are correct.

4
content/github/authenticating-to-github/removing-sensitive-data-from-a-repository.md
View File

@@ -134,7 +134,7 @@ To illustrate how `git filter-branch` works, we'll show you how to remove your f
{% endnote %}
## Avoiding accidental commits in the future
### Avoiding accidental commits in the future
There are a few simple tricks to avoid committing things you don't want committed:
@@ -145,5 +145,5 @@ There are a few simple tricks to avoid committing things you don't want committe
### Further reading
- [`git filter-branch` main page](https://git-scm.com/docs/git-filter-branch)
- [`git filter-branch` man page](https://git-scm.com/docs/git-filter-branch)
- [Pro Git: Git Tools - Rewriting History](https://git-scm.com/book/en/Git-Tools-Rewriting-History)

2
content/github/building-a-strong-community/creating-a-default-community-health-file.md
View File

@@ -44,7 +44,7 @@ You cannot create a default license file. License files must be added to individ
![Owner drop-down menu](/assets/images/help/repository/create-repository-owner.png)
3. Type **.github** as the name for your repository, and an optional description.
![Create repository field](/assets/images/help/repository/default-file-repository-name.png)
4. Choose to make the repository public.
4. Make sure the repository status is set to **Public** (a repository for default files cannot be private).
![Radio buttons to select private or public status](/assets/images/help/repository/create-repository-public-private.png)
{% data reusables.repositories.initialize-with-readme %}
{% data reusables.repositories.create-repo %}

2
content/github/building-a-strong-community/unblocking-a-user-from-your-personal-account.md
View File

@@ -23,7 +23,7 @@ You can unblock a user in your account settings or from the user's profile page.
### Unblocking a user from their profile page
{% data reusables.profile.user_profile_page_navigation %}
2. In the left sidebar, under the user's profile picture, click **Unblock or report user**.
2. In the left sidebar, under the user's profile picture, click {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %}, then click **Unblock or report user**.
![Unblock or report user link](/assets/images/help/profile/profile-unblock-or-report-user.png)
3. Click **Unblock user**.
![Modal box with option to unblock user or report abuse](/assets/images/help/profile/profile-unblockuser.png)

7
content/github/collaborating-with-issues-and-pull-requests/about-pull-requests.md
View File

@@ -53,6 +53,13 @@ When you create a pull request, you can choose to create a pull request that is
{% data reusables.pull_requests.mark-ready-review %} You can convert a pull request to a draft at any time. For more information, see "[Changing the stage of a pull request](/articles/changing-the-stage-of-a-pull-request)."
### Differences between commits on compare and pull request pages
The compare and pull request pages use different methods to calculate the diff for changed files:
- Compare pages show the diff between the tip of the head ref and the current common ancestor (that is, the merge base) of the head and base ref.
- Pull request pages show the diff between the tip of the head ref and the common ancestor of the head and base ref at the time when the pull request was created. Consequently, the merge base used for the comparison might be different.
### Further reading
- "[Pull request](/articles/github-glossary/#pull-request)" in the {% data variables.product.prodname_dotcom %} glossary

6
content/github/collaborating-with-issues-and-pull-requests/changing-the-base-branch-of-a-pull-request.md
View File

@@ -20,6 +20,12 @@ versions:
4. In the base branch drop-down menu, select the base branch you'd like to [compare changes against](/github/committing-changes-to-your-project/comparing-commits#comparing-branches). ![Base branch drop-down menu ](/assets/images/help/pull_requests/pull-request-edit-base-branch.png)
5. Read the information about changing the base branch and click **Change base**. ![Base branch change confirmation button ](/assets/images/help/pull_requests/pull-request-base-branch-confirm.png)
{% tip %}
**Tip:** When you open a pull request, {% data variables.product.product_name %} will set the base to the commit that branch references. If the branch is updated in the future, {% data variables.product.product_name %} will not update the base branch's commit.
{% endtip %}
### Further reading
- "[Creating a pull request](/articles/creating-a-pull-request)"

3
content/github/creating-cloning-and-archiving-repositories/about-code-owners.md
View File

@@ -78,7 +78,8 @@ docs/* docs@example.com
apps/ @octocat
# In this example, @doctocat owns any file in the `/docs`
# directory in the root of your repository.
# directory in the root of your repository and any of its
# subdirectories.
/docs/ @doctocat
```

9
content/github/creating-cloning-and-archiving-repositories/creating-a-template-repository.md
View File

@@ -1,6 +1,7 @@
---
title: Creating a template repository
intro: 'You can make an existing repository a template, so you and others can generate new repositories with the same directory structure{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.20" %}, branches,{% endif %} and files.'
permissions: 'Anyone with admin permissions to a repository can make the repository a template.'
redirect_from:
- /articles/creating-a-template-repository
versions:
@@ -8,7 +9,11 @@ versions:
enterprise-server: '*'
---
Anyone with admin permissions to a repository can make the repository a template.
{% note %}
**Note**: Your template repository cannot include files stored using {% data variables.large_files.product_name_short %}.
{% endnote %}
To create a template repository, you must create a repository, then make the repository a template. For more information about creating a repository, see "[Creating a new repository](/articles/creating-a-new-repository)."
@@ -16,5 +21,5 @@ After you make your repository a template, anyone with access to the repository
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
3. Select **Template repository**.
1. Select **Template repository**.
![Checkbox to make a repository a template](/assets/images/help/repository/template-repository-checkbox.png)

10
content/github/customizing-your-github-workflow/github-extensions-and-integrations.md
View File

@@ -10,7 +10,7 @@ versions:
### Editor tools
To streamline your workflow, you can connect to {% data variables.product.product_name %} repositories within third-party editor tools, such as Atom, Unity, and Visual Studio.
You can connect to {% data variables.product.product_name %} repositories within third-party editor tools, such as Atom, Unity, and Visual Studio.
#### {% data variables.product.product_name %} for Atom
@@ -30,8 +30,12 @@ With the {% data variables.product.prodname_dotcom %} for Visual Studio Code ext
### Project management tools
To streamline your workflow, you can integrate your {% data variables.product.product_name %} personal account or organization with third-party project management tools, such as Jira.
You can integrate your {% data variables.product.product_name %} personal account or organization with third-party project management tools, such as Jira or Slack.
#### Jira Cloud and {% data variables.product.product_name %}.com integration
You can integrate Jira Cloud with your personal or organization account to scan commits and pull requests, creating relevant metadata and hyperlinks in any mentioned Jira issues.
You can integrate Jira Cloud with your personal or organization account to scan commits and pull requests, creating relevant metadata and hyperlinks in any mentioned Jira issues. For more information, visit the [Jira integration app](https://github.com/marketplace/jira-software-github) in the marketplace.
#### Slack and {% data variables.product.product_name %} integration
You can integrate Slack with your personal or organization account to subscribe for notifications, close or open issues, and provide rich references to issues and pull requests without leaving Slack. For more information, visit the [Slack integration app](https://github.com/marketplace/slack-github) in the marketplace.

2
content/github/finding-security-vulnerabilities-and-errors-in-your-code/about-integration-with-code-scanning.md
View File

@@ -22,5 +22,5 @@ You can use {% data variables.product.prodname_code_scanning %} webhooks to buil
### Further reading
* "[About {% data variables.product.prodname_code_scanning %}](/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning)"
* "[Using {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} with your existing CI system
* "[Using {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} with your existing CI system](/github/finding-security-vulnerabilities-and-errors-in-your-code/using-codeql-code-scanning-with-your-existing-ci-system)"
* "[SARIF support for {% data variables.product.prodname_code_scanning %}](/github/finding-security-vulnerabilities-and-errors-in-your-code/sarif-support-for-code-scanning)"

1
content/github/finding-security-vulnerabilities-and-errors-in-your-code/index.md
View File

@@ -18,6 +18,7 @@ versions:
{% link_in_list /configuring-code-scanning %}
{% link_in_list /configuring-the-codeql-workflow-for-compiled-languages %}
{% link_in_list /troubleshooting-the-codeql-workflow %}
{% link_in_list /running-codeql-code-scanning-in-a-container %}
{% topic_link_in_list /integrating-with-code-scanning %}
{% link_in_list /about-integration-with-code-scanning %}
{% link_in_list /uploading-a-sarif-file-to-github %}

68
content/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository.md
View File

@@ -1,7 +1,7 @@
---
title: Managing code scanning alerts for your repository
shortTitle: Managing alerts
intro: 'You can view, fix, and close alerts for potential vulnerabilities or errors in your project''s code.'
intro: 'You can view, fix, dismiss, or delete alerts for potential vulnerabilities or errors in your project''s code.'
product: '{% data reusables.gated-features.code-scanning %}'
permissions: 'People with write permission to a repository can manage {% data variables.product.prodname_code_scanning %} alerts for the repository.'
versions:
@@ -28,7 +28,7 @@ Each alert highlights a problem with the code and the name of the tool that iden
If you enable {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, this can also detect data-flow problems in your code. Data-flow analysis finds potential security issues in code, such as: using data insecurely, passing dangerous arguments to functions, and leaking sensitive information.
When {% data variables.product.prodname_code_scanning %} reports data-flow alerts, {% data variables.product.prodname_dotcom %} shows you how data moves through the code. {% data variables.product.prodname_code_scanning_capc %} allows you to identify the areas of your code that leak sensitive information, and that could be the entry point for attacks by malicious users.
When {% data variables.product.prodname_code_scanning_capc %} reports data-flow alerts, {% data variables.product.prodname_dotcom %} shows you how data moves through the code. {% data variables.product.prodname_code_scanning_capc %} allows you to identify the areas of your code that leak sensitive information, and that could be the entry point for attacks by malicious users.
### Viewing an alert
@@ -37,26 +37,72 @@ Anyone with read permission for a repository can see {% data variables.product.p
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-security %}
{% data reusables.repositories.sidebar-code-scanning-alerts %}
{% data reusables.code-scanning.click-alert-in-list %}
5. Optionally, if the alert highlights a problem with data flow, click **Show paths** to display the path from the data source to the sink where it's used.
![Example data-flow alert](/assets/images/help/repository/code-scanning-show-paths.png)
1. Under "{% data variables.product.prodname_code_scanning_capc %}," click the alert you'd like to explore.
![Summary of alerts](/assets/images/help/repository/code-scanning-click-alert.png)
1. Optionally, if the alert highlights a problem with data flow, click **Show paths** to display the path from the data source to the sink where it's used.
![The "Show paths" link on an alert](/assets/images/help/repository/code-scanning-show-paths.png)
1. Alerts from {% data variables.product.prodname_codeql %} analysis include a description of the problem. Click **Show more** for guidance on how to fix your code.
![Details for an alert](/assets/images/help/repository/code-scanning-alert-details.png)
### Fixing an alert
Anyone with write permission for a repository can fix an alert by committing a correction to the code. If the repository has {% data variables.product.prodname_code_scanning %} scheduled to run on pull requests, it's best to raise a pull request with your correction. This will trigger {% data variables.product.prodname_code_scanning %} analysis of the changes and test that your fix doesn't introduce any new problems. For more information, see "[Configuring {% data variables.product.prodname_code_scanning %}](/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning)" and "[Triaging {% data variables.product.prodname_code_scanning %} alerts in pull requests](/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests)."
### Closing an alert
If you have write permission for a repository, you can view fixed alerts by viewing the summary of alerts and clicking **Closed**. For more information, see "[Viewing an alert](#viewing-an-alert)." The "Closed" list shows fixed alerts and alerts that users have dismissed.
Closing an alert is a way to resolve an alert that you don't think needs to be fixed. {% data reusables.code-scanning.close-alert-examples %}
Alerts may be fixed in one branch but not in another. You can use the "Branch" drop-down menu, on the summary of alerts, to check whether an alert is fixed in a particular branch.
![Filtering alerts by branch](/assets/images/help/repository/code-scanning-branch-filter.png)
### Dismissing or deleting alerts
There are two ways of closing an alert. You can fix the problem in the code, or you can dismiss the alert. Alternatively, you can delete alerts. Deleting alerts is useful in situations where you have enabled a {% data variables.product.prodname_code_scanning %} tool and then decided to remove it, or where you have enabled {% data variables.product.prodname_codeql %} analysis with a larger set of queries than you want to continue using, and you've then removed some queries from the tool. In both cases, deleting alerts allows you to clean up your {% data variables.product.prodname_code_scanning %} results. You can delete alerts from the summary list within the **Security** tab.
Dismissing an alert is a way of closing an alert that you don't think needs to be fixed. {% data reusables.code-scanning.close-alert-examples %} You can dismiss alerts from {% data variables.product.prodname_code_scanning %} annotations in code, or from the summary list within the **Security** tab.
When you dismiss an alert:
- It's dismissed in all branches.
- The alert is removed from the number of current alerts for your project.
- The alert is moved to the "Closed" list in the summary of alerts, from where you can reopen it, if required.
- The reason why you closed the alert is recorded.
- Next time {% data variables.product.prodname_code_scanning %} runs, the same code won't generate an alert.
When you delete an alert:
- It's deleted in all branches.
- The alert is removed from the number of current alerts for your project.
- It is _not_ added to the "Closed" list in the summary of alerts.
- If the code that generated the alert stays the same, and the same {% data variables.product.prodname_code_scanning %} tool runs again without any configuration changes, the alert will be shown again in your analysis results.
To dismiss or delete alerts:
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-security %}
{% data reusables.repositories.sidebar-code-scanning-alerts %}
{% data reusables.code-scanning.click-alert-in-list %}
5. Select the Close drop-down menu and click a reason for closing the alert.
![Choosing reason for closing the alert via the Close drop-down](/assets/images/help/repository/code-scanning-alert-close-drop-down.png)
{% data reusables.code-scanning.false-positive-fix-codeql %}
1. If you want to delete alerts for this {% data variables.product.prodname_code_scanning %} tool, select some or all of the check boxes and click **Delete**.
![Deleting alerts](/assets/images/help/repository/code-scanning-delete-alerts.png)
Optionally, you can use the filters to display a subset of alerts and then delete all matching alerts at once. For example, if you have removed a query from {% data variables.product.prodname_codeql %} analysis, you can use the "Rule" filter to list just the alerts for that query and then select and delete all of those alerts.
![Filter alerts by rule](/assets/images/help/repository/code-scanning-filter-by-rule.png)
1. If you want to dismiss an alert, it's important to explore the alert first, so that you can choose the correct dismissal reason. Click the alert you'd like to explore.
![Open an alert from the summary list](/assets/images/help/repository/code-scanning-click-alert.png)
1. Review the alert, then click **Dismiss** and choose a reason for closing the alert.
![Choosing a reason for dismissing an alert](/assets/images/help/repository/code-scanning-alert-close-drop-down.png)
{% data reusables.code-scanning.choose-alert-dismissal-reason %}
{% data reusables.code-scanning.false-positive-fix-codeql %}
#### Dismissing multiple alerts at once
If a project has multiple alerts that you want to dismiss for the same reason, you can bulk dismiss them from the summary of alerts. Typically, you'll want to filter the list and then dismiss all of the matching alerts. For example, you might want to dismiss all of the current alerts in the project that have been tagged for a particular Common Weakness Enumeration (CWE) vulnerability.
### Further reading

69
content/github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-a-container.md Normal file
View File

@@ -0,0 +1,69 @@
---
title: 'Running CodeQL code scanning in a container'
shortTitle: '{% data variables.product.prodname_code_scanning_capc %} in a container'
intro: 'You can run {% data variables.product.prodname_code_scanning %} in a container by ensuring that all processes run in the same container.'
product: '{% data reusables.gated-features.code-scanning %}'
versions:
free-pro-team: '*'
enterprise-server: '>=2.22'
---
{% data reusables.code-scanning.beta %}
### About {% data variables.product.prodname_code_scanning %} with a containerized build
If you're setting up {% data variables.product.prodname_code_scanning %} for a compiled language, and you're building the code in a containerized environment, the analysis may fail with the error message "No source code was seen during the build." This indicates that {% data variables.product.prodname_codeql %} was unable to monitor your code as it was compiled.
You must run {% data variables.product.prodname_codeql %} in the same container in which you build your code. This applies whether you are using the {% data variables.product.prodname_codeql_runner %}, or {% data variables.product.prodname_actions %}. If you're using the {% data variables.product.prodname_codeql_runner %}, run it in the container where your code builds. For more information about the {% data variables.product.prodname_codeql_runner %}, see "[Running {% data variables.product.prodname_codeql %} in your CI system](/github/finding-security-vulnerabilities-and-errors-in-your-code/running-code-scanning-in-your-ci-system)." If you're using {% data variables.product.prodname_actions %}, configure your workflow to run all the actions in the same container. For more information, see "[Example workflow](#example-workflow)."
### Dependencies
You may have difficulty running {% data variables.product.prodname_code_scanning %} if the container you're using is missing certain dependencies (for example, Git must be installed and added to the PATH variable). If you encounter dependency issues, review the list of software typically included on {% data variables.product.prodname_dotcom %}'s virtual environments. For more information, see the version-specific `readme` files in these locations:
* Linux: https://github.com/actions/virtual-environments/tree/main/images/linux
* MacOS: https://github.com/actions/virtual-environments/tree/main/images/macos
* Windows: https://github.com/actions/virtual-environments/tree/main/images/win
### Example workflow
This sample workflow uses {% data variables.product.prodname_actions %} to run {% data variables.product.prodname_codeql %} analysis in a containerized environment. The value of `container.image` identifies the container to use. In this example the image is named `codeql-container`, with a tag of `f0f91db`. For more information, see "[Workflow syntax for {% data variables.product.prodname_actions %}](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idcontainer)."
``` yaml
name: "{% data variables.product.prodname_codeql %}"
on:
push:
branches: [main]
pull_request:
branches: [main]
schedule:
- cron: '0 0 * * 0'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
language: [java]
# Specify the container in which actions will run
container:
image: codeql-container:f0f91db
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Initialize {% data variables.product.prodname_codeql %}
uses: github/codeql-action/init@v1
with:
languages: {% raw %}${{ matrix.language }}{% endraw %}
- name: Build
run: |
./configure
make
- name: Perform {% data variables.product.prodname_codeql %} Analysis
uses: github/codeql-action/analyze@v1
```

1
content/github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-your-ci-system.md
View File

@@ -9,6 +9,7 @@ versions:
free-pro-team: '*'
enterprise-server: '>=2.22'
---
<!--UI-LINK: When GitHub Enterprise Server doesn't have GitHub Actions set up, the Security > Code scanning alerts view links to this article.-->
{% data reusables.code-scanning.beta-codeql-runner %}
{% data reusables.code-scanning.beta %}

2
content/github/finding-security-vulnerabilities-and-errors-in-your-code/sarif-support-for-code-scanning.md
View File

@@ -36,6 +36,8 @@ If you upload a SARIF file without fingerprint data using the `/code-scanning/sa
### Validating your SARIF file
<!--UI-LINK: When code scanning fails, the error banner shown in the Security > Code scanning alerts view links to this anchor.-->
You can check a SARIF file is compatible with {% data variables.product.prodname_code_scanning %} by testing it against the {% data variables.product.prodname_dotcom %} ingestion rules. For more information, visit the [Microsoft SARIF validator](https://sarifweb.azurewebsites.net/).
### Supported SARIF output file properties

24
content/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests.md
View File

@@ -15,9 +15,9 @@ versions:
In repositories where {% data variables.product.prodname_code_scanning %} is configured as a pull request check, {% data variables.product.prodname_code_scanning %} checks the code in the pull request. By default, this is limited to pull requests that target the default branch or protected branches, but you can change this configuration within {% data variables.product.prodname_actions %} or in a third-party CI/CD system. If merging the changes would introduce new {% data variables.product.prodname_code_scanning %} alerts to the target branch, these are reported as check results in the pull request. The alerts are also shown as annotations in the **Files changed** tab of the pull request. If you have write permission for the repository, you can see any existing {% data variables.product.prodname_code_scanning %} alerts on the **Security** tab. For information about repository alerts, see "[Managing {% data variables.product.prodname_code_scanning %} alerts for your repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository)."
If {% data variables.product.prodname_code_scanning %} has any results with a severity of `error`, the check fails and the error is reported in the check results. If all the results found by {% data variables.product.prodname_code_scanning %} have lower severities, the alerts are treated as warnings or notices and the check succeeds. If your pull request targets a protected branch, and the repository owner has configured required status checks, then you must either fix or close any error alerts before the pull request can be merged. For more information, see "[About required status checks](/github/administering-a-repository/about-required-status-checks)."
If {% data variables.product.prodname_code_scanning %} has any results with a severity of `error`, the check fails and the error is reported in the check results. If all the results found by {% data variables.product.prodname_code_scanning %} have lower severities, the alerts are treated as warnings or notices and the check succeeds. If your pull request targets a protected branch, and the repository owner has configured required status checks, then you must either fix or dismiss all error alerts before the pull request can be merged. For more information, see "[About required status checks](/github/administering-a-repository/about-required-status-checks)."
![Example pull request check status with {% data variables.product.prodname_code_scanning %} alert](/assets/images/help/repository/code-scanning-check-failure.png)
![Failed {% data variables.product.prodname_code_scanning %} check on a pull request](/assets/images/help/repository/code-scanning-check-failure.png)
### About {% data variables.product.prodname_code_scanning %} as a pull request check
@@ -29,20 +29,28 @@ If the repository uses the {% data variables.product.prodname_codeql_workflow %}
When you look at the **Files changed** tab for a pull request, you see annotations for any lines of code that triggered the alert.
![Example {% data variables.product.prodname_code_scanning %} alert shown as an annotation in the "Files changed" view of a pull request](/assets/images/help/repository/code-scanning-pr-annotation.png)
![Alert annotation within a pull request diff](/assets/images/help/repository/code-scanning-pr-annotation.png)
Some annotations contain links with extra context for the alert. In the example above, from {% data variables.product.prodname_codeql %} analysis, you can click **user-provided value** to see where the untrusted data enters the data flow (this is referred to as the source). In this case you can view the full path from the source to the code that uses the data (the sink) by clicking **Show paths**. This makes it easy to check whether the data is untrusted or if the analysis failed to recognize a data sanitization step between the source and the sink. For information about analyzing data flow using {% data variables.product.prodname_codeql %}, see "[About data flow analysis](https://help.semmle.com/QL/learn-ql/intro-to-data-flow.html)."
For more information about an alert, click **Show more details** on the annotation. This allows you to see all of the context and metadata provided by the tool in an alert view. In the example below, you can see tags showing the severity, type, and relevant common weakness enumerations (CWEs) for the problem. The view also shows which commit introduced the problem.
Alerts from some tools, like {% data variables.product.prodname_codeql %}, also include a description and a **Show more** link for guidance on how to fix the problem in the code.
In the detailed view for an alert, some {% data variables.product.prodname_code_scanning %} tools, like {% data variables.product.prodname_codeql %} analysis, also include a description of the problem and a **Show more** link for guidance on how to fix your code.
![Example of "Show more details" for a {% data variables.product.prodname_code_scanning %} alert in a pull request](/assets/images/help/repository/code-scanning-pr-alert.png)
![Alert description and link to show more information](/assets/images/help/repository/code-scanning-pr-alert.png)
### Resolving an alert on your pull request
### Fixing an alert on your pull request
Anyone with write permission for a repository can resolve alerts on a pull request. If you commit changes to the pull request this triggers a new run of the pull request checks. If your changes fix the problem, the alert is resolved and the annotation removed.
Anyone with write permission for a repository can fix a {% data variables.product.prodname_code_scanning %} alert that's identified on a pull request. If you commit changes to the pull request this triggers a new run of the pull request checks. If your changes fix the problem, the alert is closed and the annotation removed.
If you don't think that an alert needs to be fixed, you can close the alert manually. {% data reusables.code-scanning.close-alert-examples %} The **Close** button is available in annotations and in the alerts view if you have write permission for the repository.
### Dismissing an alert on your pull request
An alternative way of closing an alert is to dismiss it. You can dismiss an alert if you don't think it needs to be fixed. {% data reusables.code-scanning.close-alert-examples %} If you have write permission for the repository, the **Dismiss** button is available in code annotations and in the alerts summary. When you click **Dismiss** you will be prompted to choose a reason for closing the alert.
![Choosing a reason for dismissing an alert](/assets/images/help/repository/code-scanning-alert-close-drop-down.png)
{% data reusables.code-scanning.choose-alert-dismissal-reason %}
{% data reusables.code-scanning.false-positive-fix-codeql %}
For more information about dismissing alerts, see "[Managing {% data variables.product.prodname_code_scanning %} alerts for your repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository#dismissing-or-deleting-alerts)."

2
content/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-codeql-code-scanning-in-your-ci-system.md
View File

@@ -50,4 +50,4 @@ If the `analyze` command for the {% data variables.product.prodname_codeql_runne
{% endnote %}
1. The code is built in a container or on a separate machine. If you use a containerized build or if you outsource the build to another machine, make sure to run the {% data variables.product.prodname_codeql_runner %} in the container or on the machine where your build task takes place.
1. The code is built in a container or on a separate machine. If you use a containerized build or if you outsource the build to another machine, make sure to run the {% data variables.product.prodname_codeql_runner %} in the container or on the machine where your build task takes place. For more information, see "[Running CodeQL code scanning in a container](/github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-a-container)."

6
content/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-the-codeql-workflow.md
View File

@@ -60,7 +60,11 @@ For more information, see the workflow extract in "[Automatic build for a compil
1. Your {% data variables.product.prodname_code_scanning %} workflow is analyzing a compiled language (C, C++, C#, or Java), but the code was not compiled. By default, the {% data variables.product.prodname_codeql %} analysis workflow contains an `autobuild` step, however, this step represents a best effort process, and may not succeed in building your code, depending on your specific build environment. Compilation may also fail if you have removed the `autobuild` step and did not include build steps manually. For more information about specifying build steps, see "[Configuring the {% data variables.product.prodname_codeql %} workflow for compiled languages](/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
1. Your workflow is analyzing a compiled language (C, C++, C#, or Java), but portions of your build are cached to improve performance (most likely to occur with build systems like Gradle or Bazel). Since {% data variables.product.prodname_codeql %} observes the activity of the compiler to understand the data flows in a repository, {% data variables.product.prodname_codeql %} requires a complete build to take place in order to perform analysis.
1. Your workflow is analyzing a compiled language (C, C++, C#, or Java), but compilation does not occur between the `init` and `analyze` steps in the workflow. {% data variables.product.prodname_codeql %} requires that your build happens in between these two steps in order to observe the activity of the compiler and perform analysis.
1. Your compiled code (in C, C++, C#, or Java) was compiled successfully, but {% data variables.product.prodname_codeql %} was unable to detect the compiler invocations. The most common causes are certain configuration options like running your build process in a container, if you're building using a distributed build system external to {% data variables.product.prodname_actions %} using a daemon process, or if {% data variables.product.prodname_codeql %} isn't aware of the specific compiler you are using.
1. Your compiled code (in C, C++, C#, or Java) was compiled successfully, but {% data variables.product.prodname_codeql %} was unable to detect the compiler invocations. The most common causes are:
* Running your build process in a separate container to {% data variables.product.prodname_codeql %}. For more information, see "[Running CodeQL code scanning in a container](/github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-a-container)."
* Building using a distributed build system external to GitHub Actions, using a daemon process.
* {% data variables.product.prodname_codeql %} isn't aware of the specific compiler you are using.
For C# projects using either `dotnet build` or `msbuild` which target .NET Core 2, you should specify `/p:UseSharedCompilation=false` in your workflow's `run` step, when you build your code. The `UseSharedCompilation` flag isn't necessary for .NET Core 3.0 and later.

1
content/github/managing-files-in-a-repository/navigating-code-on-github.md
View File

@@ -10,6 +10,7 @@ versions:
### About navigating code on {% data variables.product.prodname_dotcom %}
Navigating code functions use the open source library [`semantic`](https://github.com/github/semantic). The following languages are supported:
- C#
- CodeQL
- Go
- Java

10
content/github/managing-large-files/about-git-large-file-storage.md
View File

@@ -39,11 +39,13 @@ size 84977953
It tracks the `version` of {% data variables.large_files.product_name_short %} you're using, followed by a unique identifier for the file (`oid`). It also stores the `size` of the final file.
{% tip %}
{% note %}
**Tip**: {% data variables.large_files.product_name_short %} cannot be used with {% data variables.product.prodname_pages %} sites.
{% endtip %}
**Notes**:
- {% data variables.large_files.product_name_short %} cannot be used with {% data variables.product.prodname_pages %} sites.
- {% data variables.large_files.product_name_short %} cannot be used with template repositories.
{% endnote %}
### Further reading

10
content/github/managing-your-work-on-github/linking-a-pull-request-to-an-issue.md
View File

@@ -11,9 +11,15 @@ versions:
enterprise-server: '*'
---
{% note %}
**Note:** The special keywords in a pull request description are interpreted when the pull request targets the repository's *default* branch. However, if the PR's base is *any other branch*, then these keywords are ignored, no links are created and merging the PR has no effect on the issues. **If you want to link a pull request to an issue using a keyword, the PR must be on the default branch.**
{% endnote %}
### About linked issues and pull requests
You can link an issue to a pull request {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.20" %}manually or {% endif %}using a supported keyword in the pull request description.
You can link an issue to a pull request {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.20" %}manually or {% endif %}using a supported keyword in the pull request description.
When you link a pull request to the issue the pull request addresses, collaborators can see that someone is working on the issue. {% if currentVersion ver_lt "enterprise-server@2.21" %}If the pull request and the issue are in different repositories, {% data variables.product.product_name %} will display the link after the pull request is merged, if the person who merges the pull request also has permission to close the issue.{% endif %}
@@ -37,7 +43,7 @@ You can manually link up to ten issues to each pull request. The issue and pull
### Linking a pull request to an issue using a keyword
You can link a pull request to an issue by using a supported keyword in the pull request's description.
You can link a pull request to an issue by using a supported keyword in the pull request's description or in a commit message (please note that the pull request must be on the default branch).
* close
* closes

5
content/github/managing-your-work-on-github/linking-a-repository-to-a-project-board.md
View File

@@ -7,6 +7,11 @@ versions:
free-pro-team: '*'
enterprise-server: '*'
---
{% note %}
**Note:** In order to link a repository to your organization or user owned project board the repository needs to have issues enabled. For information on how to see if issues are disabled for a repository, see "[Disabling issues](/github/managing-your-work-on-github/disabling-issues) ."
{% endnote %}
Anyone with write permissions to a project board can link repositories owned by that organization or user account to the project board. For more information, see "[Project board permissions for an organization](/articles/project-board-permissions-for-an-organization/)" or "[Permission levels for user-owned project boards](/articles/permission-levels-for-user-owned-project-boards/)."

2
content/github/setting-up-and-managing-organizations-and-teams/about-your-organization-dashboard.md
View File

@@ -28,7 +28,7 @@ In the left sidebar of your dashboard, you can access your organization's top re
In the "All activity" section of your news feed, you can view updates from other teams and repositories in your organization.
The "All activity" section shows all recent activity in the organization, including activity in repositories you're not subscribed to and of people you're not following. For more information, see {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.20" %}"About notifications](/github/managing-subscriptions-and-notifications-on-github/about-notifications){% else %}"[Watching and unwatching repositories](/github/receiving-notifications-about-activity-on-github/watching-and-unwatching-repositories){% endif %}" and "[Following people](/articles/following-people)."
The "All activity" section shows all recent activity in the organization, including activity in repositories you're not subscribed to and of people you're not following. For more information, see {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.20" %}"[About notifications](/github/managing-subscriptions-and-notifications-on-github/about-notifications){% else %}"[Watching and unwatching repositories](/github/receiving-notifications-about-activity-on-github/watching-and-unwatching-repositories){% endif %}" and "[Following people](/articles/following-people)."
For instance, the organization news feed shows updates when someone in the organization:
- Creates a new branch.

4
content/github/setting-up-and-managing-your-enterprise-account/about-enterprise-accounts.md
View File

@@ -27,6 +27,8 @@ For more information about member access and management, see "[Managing users in
For more information about managing enterprise accounts using the GraphQL API, see "[Enterprise accounts](/v4/guides/managing-enterprise-accounts)."
{% if currentVersion == "free-pro-team@latest" %}
### Managing organizations linked to your enterprise account
Organizations are shared accounts where groups of people can collaborate across many projects at once. Owners can manage member access to the organization's data and projects with sophisticated security and administrative features. For more information, see "[About organizations](/articles/about-organizations)."
@@ -35,6 +37,8 @@ Enterprise owners can create organizations and link them to the enterprise. Afte
For more information, see "[Managing organizations in your enterprise account](/articles/managing-organizations-in-your-enterprise-account)" and "[Setting policies for organizations in your enterprise account](/articles/setting-policies-for-organizations-in-your-enterprise-account)."
{% endif %}
### Managing {% data variables.product.prodname_ghe_server %} licenses linked to your enterprise account
{% data reusables.enterprise-accounts.admin-managing-licenses %}

1
content/github/setting-up-and-managing-your-enterprise-account/index.md
View File

@@ -6,6 +6,7 @@ redirect_from:
- /categories/setting-up-and-managing-your-enterprise-account
versions:
free-pro-team: '*'
enterprise-server: '*'
---

1
content/github/setting-up-and-managing-your-enterprise-account/managing-organizations-in-your-enterprise-account.md
View File

@@ -6,6 +6,5 @@ redirect_from:
- /articles/managing-organizations-in-your-enterprise-account
versions:
free-pro-team: '*'
enterprise-server: '*'
---

1
content/github/setting-up-and-managing-your-enterprise-account/managing-your-enterprise-account.md
View File

@@ -6,5 +6,6 @@ redirect_from:
- /articles/managing-your-enterprise-account
versions:
free-pro-team: '*'
enterprise-server: '*'
---

1
content/github/setting-up-and-managing-your-enterprise-account/setting-policies-for-organizations-in-your-enterprise-account.md
View File

@@ -6,6 +6,5 @@ redirect_from:
- /articles/setting-policies-for-organizations-in-your-enterprise-account
versions:
free-pro-team: '*'
enterprise-server: '*'
---

9
content/github/setting-up-and-managing-your-enterprise-account/viewing-the-subscription-and-usage-for-your-enterprise-account.md
View File

@@ -18,7 +18,8 @@ Enterprise accounts are currently available to {% data variables.product.prodnam
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.enterprise-licensing-tab %}
4. Under "User licenses", view your total licenses, number of consumed licenses, and your subscription expiration date.
![License and subscription information in enterprise billing settings](/assets/images/help/business-accounts/billing-license-info.png)
5. To view details of the user licenses currently in use, click **View details**.
{% data reusables.enterprise-accounts.license-tab %}
4. Under "User {% if currentVersion == "free-pro-team@latest" %}Licenses{% else %}licenses{% endif %}", view your total licenses, number of consumed licenses, and your subscription expiration date.
{% if currentVersion == "free-pro-team@latest" %}![License and subscription information in enterprise billing settings](/assets/images/help/business-accounts/billing-license-info.png){% else %}
![License and subscription information in enterprise billing settings](/assets/images/enterprise/enterprises/enterprise-server-billing-license-info.png){% endif %}
5. To view details of the user licenses currently in use, click **View {% if currentVersion == "free-pro-team@latest" %}details{% else %}users{% endif %}**.

2
content/github/site-policy/github-sensitive-data-removal-policy.md
View File

@@ -75,7 +75,7 @@ These guidelines are designed to make the processing of requests to remove sensi
### How to Submit Your Request
You can submit your request to remove sensitive data via our [contact form](https://support.github.com/contact). Please include a plain-text version of your request in the body of your message. Sending your request in an attachment may result in processing delays.
You can submit your request to remove sensitive data via our [contact form](https://support.github.com/contact?tags=docs-sensitive-data). Please include a plain-text version of your request in the body of your message. Sending your request in an attachment may result in processing delays.
### Disputes

2
content/github/site-policy/github-trademark-policy.md
View File

@@ -22,7 +22,7 @@ When we receive reports of trademark policy violations from holders of federal o
### How Do I Report a Trademark Policy Violation?
Holders of registered trademarks can report possible trademark policy violations to GitHub via our [contact form](https://support.github.com/contact). Please submit trademark-related requests using your company email address and include all the information requested below to help expedite our response. Also be sure to clearly describe to us why the account may cause confusion with your mark or how the account may dilute or tarnish your mark.
Holders of registered trademarks can report possible trademark policy violations to GitHub via our [contact form](https://support.github.com/contact?tags=docs-trademark). Please submit trademark-related requests using your company email address and include all the information requested below to help expedite our response. Also be sure to clearly describe to us why the account may cause confusion with your mark or how the account may dilute or tarnish your mark.
### What Information is Required When Reporting Trademark Policy Violations?