jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 18:10:59 -05:00
Code Issues Projects Releases Wiki Activity

Separate out existing how-to and reference content on the SRA (#57752)

Browse Source 
Co-authored-by: Laura Coursen <lecoursen@github.com>
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
This commit is contained in:
Sam Browning
2025-10-31 12:11:38 -04:00
committed by GitHub
parent ce019e8bca
commit e6a2523c55
8 changed files with 108 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment.md
View File

@@ -56,8 +56,4 @@ Because the {% data variables.product.prodname_secret_risk_assessment %} report
## Next steps
Now that you know about the {% data variables.product.prodname_secret_risk_assessment %} report, you may want to learn how to:
* Generate the report to see your organization risk. Navigate to {% data reusables.security-overview.navigate-to-risk-assessment %}.
* Interpret the results of the report. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results).
* Enable {% data variables.product.prodname_GH_secret_protection %} to improve your secret leak footprint. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/choosing-github-secret-protection#enabling-secret-protection).
To start analyzing your organization's secret risk, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/assess-your-secret-risk).

42
content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/assess-your-secret-risk.md Normal file
View File

@@ -0,0 +1,42 @@
---
title: 'Running the secret risk assessment for your organization'
shortTitle: 'Assess your secret risk'
intro: 'Determine your organization''s exposure to leaked secrets by generating a {% data variables.product.prodname_secret_risk_assessment %} report.'
product: '{% data reusables.gated-features.secret-risk-assessment-report %}'
permissions: '{% data reusables.permissions.secret-risk-assessment-report-generation %}'
type: how_to
versions:
feature: secret-risk-assessment
topics:
- Code Security
- Secret scanning
- Secret Protection
- Organizations
- Security
---
## Generating an initial {% data variables.product.prodname_secret_risk_assessment %}
{% data reusables.organizations.navigate-to-org %}
{% data reusables.organizations.security-overview %}
{% data reusables.security-overview.open-assessments-view %}
{% data reusables.security-overview.generate-secret-risk-assessment-report %}
{% data reusables.secret-risk-assessment.notification-report-ready %}
## Rerunning the {% data variables.product.prodname_secret_risk_assessment %}
> [!NOTE]
> You can only generate a secret risk assessment report once every 90 days.
{% data reusables.organizations.navigate-to-org %}
{% data reusables.organizations.security-overview %}
{% data reusables.security-overview.open-assessments-view %}
1. Towards the top right side of the existing report, click {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %}.
1. Select **Rerun scan**.
{% data reusables.secret-risk-assessment.notification-report-ready %}
## Next steps
Now that you've generated a {% data variables.product.prodname_secret_risk_assessment %} report for your organization, learn how to interpret the results. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results).

25
content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/export-risk-report-csv.md Normal file
View File

@@ -0,0 +1,25 @@
---
title: 'Exporting the secret risk assessment report to CSV'
shortTitle: 'Export risk report CSV'
intro: 'Export the {% data variables.product.prodname_secret_risk_assessment %} report to a CSV file for detailed investigation and stakeholder sharing.'
product: '{% data reusables.gated-features.secret-risk-assessment-report %}'
permissions: '{% data reusables.permissions.secret-risk-assessment-report-generation %}'
type: how_to
versions:
feature: secret-risk-assessment
topics:
- Code Security
- Secret scanning
- Secret Protection
- Organizations
- Security
---
{% data reusables.organizations.navigate-to-org %}
{% data reusables.organizations.security-overview %}
{% data reusables.security-overview.open-assessments-view %}
1. Towards the top-right side of the report, select the {% octicon "kebab-horizontal" aria-label="More options" %} dropdown menu, then click {% octicon "download" aria-hidden="true" aria-label="download" %} **Download CSV**.
## Next steps
To better understand the fields of your CSV file, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/risk-report-csv-contents).

3
content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/index.md
View File

@@ -12,7 +12,10 @@ topics:
- Security
children:
- /about-secret-risk-assessment
- /assess-your-secret-risk
- /viewing-the-secret-risk-assessment-report-for-your-organization
- /export-risk-report-csv
- /risk-report-csv-contents
- /interpreting-secret-risk-assessment-results
- /choosing-github-secret-protection
- /calculating-the-cost-savings-of-push-protection

4
content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results.md
View File

@@ -23,7 +23,7 @@ In this tutorial, you'll interpret your secret risk assessment results, and lear
## Prerequisites
You must generate a {% data variables.product.prodname_secret_risk_assessment %} report and wait for the scan to complete. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization#generating-an-initial-secret-risk-assessment).
You must generate a {% data variables.product.prodname_secret_risk_assessment %} report and wait for the scan to complete. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/assess-your-secret-risk).
## Step 1: Understand your dashboard metrics
@@ -71,7 +71,7 @@ If you see **many secrets of the same type** (for example, multiple AWS keys), t
* Developers may not be using environment variables
* Missing documentation on secret management
## Step 5: Prioritizing remediation and related actions
## Step 5: Prioritize remediation and related actions
Now that you understand the metrics, prioritize remediation based on risk.

32
content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/risk-report-csv-contents.md Normal file
View File

@@ -0,0 +1,32 @@
---
title: 'Contents of the secret risk assessment report CSV'
shortTitle: 'Risk report CSV contents'
intro: 'Understand the data included in the CSV export of the {% data variables.product.prodname_secret_risk_assessment %} report.'
product: '{% data reusables.gated-features.secret-risk-assessment-report %}'
permissions: '{% data reusables.permissions.secret-risk-assessment-report-generation %}'
type: reference
versions:
feature: secret-risk-assessment
topics:
- Code Security
- Secret scanning
- Secret Protection
- Organizations
- Security
---
The {% data variables.product.prodname_secret_risk_assessment %} report CSV file includes the following information:
| CSV column | Name | Description |
| ---------- | ---------------------- | --------------------------------------------------------- |
| A | `Organization Name` | The name of the organization the secret was detected in |
| B | `Name` | The token name for the type of secret |
| C | `Slug` | The normalized string for the token. This corresponds to `Token` in the table of supported secrets. See [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets). |
| D | `Push Protected` | A `boolean` to indicate whether the secret would be detected and blocked by push protection if it were enabled |
| E | `Non-Provider Pattern` | A `boolean` to indicate whether the secret matched a non-provider pattern and would generate an alert if {% data variables.product.prodname_secret_scanning %} with non-provider patterns were enabled |
| F | `Secret Count` | An aggregate count of the active and inactive secrets found for the token type |
| G | `Repository Count` | An aggregate count of distinct repositories in which the secret type was found, including public, private,{% ifversion ghec or ghes %} internal,{% endif %} and archived repositories |
## Next steps
To learn which secrets you should prioritize for remediation, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results#step-5-prioritizing-remediation-and-related-actions).

63
content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization.md
View File

@@ -1,7 +1,7 @@
---
title: 'Viewing the secret risk assessment report for your organization'
shortTitle: 'View secret risk assessment'
intro: 'You can generate and view the {% data variables.product.prodname_secret_risk_assessment %} report for your organization from the "Security" tab.'
shortTitle: 'View risk report'
intro: 'Understand your organization''s exposure to leaked secrets at a glance by viewing your most recent {% data variables.product.prodname_secret_risk_assessment %} report.'
product: '{% data reusables.gated-features.secret-risk-assessment-report %}'
permissions: '{% data reusables.permissions.secret-risk-assessment-report-generation %}'
allowTitleToDifferFromFilename: true
@@ -16,65 +16,6 @@ topics:
- Security
---
{% data reusables.secret-risk-assessment.report-intro %} {% data reusables.secret-risk-assessment.link-conceptual-information %}
You can generate the {% data variables.product.prodname_secret_risk_assessment %} report for your organization, review it, and export the results to CSV.
## Generating an initial {% data variables.product.prodname_secret_risk_assessment %}
{% data reusables.organizations.navigate-to-org %}
{% data reusables.organizations.security-overview %}
{% data reusables.security-overview.open-assessments-view %}
{% data reusables.security-overview.generate-secret-risk-assessment-report %}
{% data reusables.secret-risk-assessment.notification-report-ready %}
{% note %}
Did you successfully generate the {% data variables.product.prodname_secret_risk_assessment %} report for your organization?
<a href="https://docs.github.io/success-test/yes.html" target="_blank" class="btn btn-outline mt-3 mr-3 no-underline"><span>Yes</span></a> <a href="https://docs.github.io/success-test/no.html" target="_blank" class="btn btn-outline mt-3 mr-3 no-underline"><span>No</span></a>
{% endnote %}
## Rerunning the {% data variables.product.prodname_secret_risk_assessment %}
{% data reusables.security-overview.secret-risk-assessment-report-generation-cadence %}
{% data reusables.organizations.navigate-to-org %}
{% data reusables.organizations.security-overview %}
{% data reusables.security-overview.open-assessments-view %}
1. Towards the top right side of the existing report, click {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %}.
1. Select **Rerun scan**.
{% data reusables.secret-risk-assessment.notification-report-ready %}
## Viewing the {% data variables.product.prodname_secret_risk_assessment %}
{% data reusables.organizations.navigate-to-org %}
{% data reusables.organizations.security-overview %}
{% data reusables.security-overview.open-assessments-view %} You can see the most recent report on this page.
## Exporting the {% data variables.product.prodname_secret_risk_assessment %} to CSV
{% data reusables.organizations.navigate-to-org %}
{% data reusables.organizations.security-overview %}
{% data reusables.security-overview.open-assessments-view %}
1. Towards the top right side of the report, click {% octicon "kebab-horizontal" aria-label="More options" %}.
1. Select **Download CSV**.
The {% data variables.product.prodname_secret_risk_assessment %} CSV file includes the following information.
| CSV column | Name | Description |
| ---------- | ---------------------- | --------------------------------------------------------- |
| A | `Organization Name` | The name of the organization the secret was detected in |
| B | `Name` | The token name for the type of secret |
| C | `Slug` | The normalized string for the token. This corresponds to `Token` in the table of supported secrets. See [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets). |
| D | `Push Protected` | A `boolean` to indicate whether the secret would be detected and blocked by push protection if it were enabled |
| E | `Non-Provider Pattern` | A `boolean` to indicate whether the secret matched a non-provider pattern and would generate an alert if {% data variables.product.prodname_secret_scanning %} with non-provider patterns were enabled |
| F | `Secret Count` | An aggregate count of the active and inactive secrets found for the token type |
| G | `Repository Count` | An aggregate count of distinct repositories in which the secret type was found, including public, private,{% ifversion ghec or ghes %} internal{% endif %}, and archived repositories |
## Next steps
Now that you've generated {% data variables.product.prodname_secret_risk_assessment %} for your organization, learn how to interpret the results. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results).

2
data/reusables/gated-features/secret-risk-assessment-report.md
View File

@@ -1 +1 @@
{% data variables.product.prodname_secret_risk_assessment_caps %} is available for free in organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %}
Free for organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %}