jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-22 19:34:15 -05:00
Code Issues Projects Releases Wiki Activity

Merge branch 'main' into patch-1

Browse Source
This commit is contained in:
Felicity Chapman
2021-01-20 12:05:51 +00:00
committed by GitHub
parent 860d46bbf7 5827dddfaf
commit f90aec579d
5630 changed files with 710431 additions and 27291 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
content/github/administering-a-repository/about-branch-restrictions.md
View File

@@ -1,30 +0,0 @@
---
title: About branch restrictions
intro: 'Branches within repositories that belong to organizations can be configured so that only certain users, teams, or apps can push to the branch.'
product: '{% data reusables.gated-features.branch-restrictions %}'
redirect_from:
- /articles/about-branch-restrictions
versions:
free-pro-team: '*'
enterprise-server: '*'
github-ae: '*'
---
When you enable branch restrictions, only users, teams, or apps that have been given permission can push to the protected branch. For more information, see "[Enabling branch restrictions](/articles/enabling-branch-restrictions)" and "[About protected branches](/articles/about-protected-branches)." You can view and edit the users, teams, or apps with push access to a protected branch in the protected branch's settings.
You can only give push access to a protected branch to users, teams, or installed {% data variables.product.prodname_github_apps %} with `write` access to a repository.
People and apps with admin permissions to a repository are always able to push to a protected branch.
{% tip %}
**Note:** If "Include administrators" is selected, you've enabled required status checks on the branch, and if any status checks fail, any attempt to push changes to the protected branch will also fail, even for people and apps with admin permissions. For more information, see "[Enabling required status checks](/articles/enabling-required-status-checks)."
{% endtip %}
### Further reading
- "[About protected branches](/articles/about-protected-branches)"
- "[Configuring protected branches](/articles/configuring-protected-branches)"
- "[About required status checks](/articles/about-required-status-checks)"
- "[Enabling required status checks](/articles/enabling-required-status-checks)"

4
content/github/administering-a-repository/about-dependabot-version-updates.md
View File

@@ -44,3 +44,7 @@ You can configure version updates for repositories that contain a dependency man
{% data reusables.dependabot.supported-package-managers %}
If your repository already uses an integration for dependency management, you will need to disable this before enabling {% data variables.product.prodname_dependabot %}. For more information, see "[About integrations](/github/customizing-your-github-workflow/about-integrations)."
### About notifications for {% data variables.product.prodname_dependabot %} version updates
You can filter your notifications on {% data variables.product.company_short %} to show {% data variables.product.prodname_dependabot %} version updates. For more information, see "[Managing notifications from your inbox](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#dependabot-custom-filters)."

2
content/github/administering-a-repository/about-merge-methods-on-github.md
View File

@@ -14,7 +14,7 @@ versions:
{% data reusables.pull_requests.default_merge_option %}
{% if currentVersion == "free-pro-team@latest" or currentVersion == "github-ae@latest" or currentVersion ver_gt "enterprise-server@2.19" %}
The default merge method creates a merge commit. You can prevent anyone from pushing merge commits to a protected branch by enforcing a linear commit history. For more information, see "[Requiring a linear commit history](/github/administering-a-repository/requiring-a-linear-commit-history)."{% endif %}
The default merge method creates a merge commit. You can prevent anyone from pushing merge commits to a protected branch by enforcing a linear commit history. For more information, see "[About protected branches](/github/administering-a-repository/about-protected-branches#require-linear-history)."{% endif %}
### Squashing your merge commits

131
content/github/administering-a-repository/about-protected-branches.md
View File

@@ -1,38 +1,141 @@
---
title: About protected branches
intro: 'Protected branches ensure that collaborators on your repository cannot make irrevocable changes to branches. Enabling protected branches also allows you to enable other optional checks and requirements, like required status checks and required reviews.'
intro: 'You can protect important branches by setting branch protection rules, which define whether collaborators can delete or force push to the branch and set requirements for any pushes to the branch, such as passing status checks or a linear commit history.'
product: '{% data reusables.gated-features.protected-branches %}'
redirect_from:
- /articles/about-protected-branches
- /enterprise/admin/developer-workflow/about-protected-branches-and-required-status-checks
- /articles/about-branch-restrictions
- /github/administering-a-repository/about-branch-restrictions
- /articles/about-required-status-checks
- /github/administering-a-repository/about-required-status-checks
- /articles/types-of-required-status-checks
- /github/administering-a-repository/types-of-required-status-checks
- /articles/about-required-commit-signing
- /github/administering-a-repository/about-required-commit-signing
- /articles/about-required-reviews-for-pull-requests
- /github/administering-a-repository/about-required-reviews-for-pull-requests
versions:
free-pro-team: '*'
enterprise-server: '*'
github-ae: '*'
---
### About protected branches
### About branch protection rules
{% data reusables.pull_requests.about-protected-branches %} You can choose to enforce restrictions on how a pull request is merged into your repository.
You can enforce certain workflows or requirements before a collaborator can push changes to a branch in your repository, including merging a pull request into the branch, by creating a branch protection rule.
Repository owners and people with admin permissions for a repository can enforce certain workflows or requirements, before a collaborator can merge a branch in your repository by creating protected branch rules.
By default, each branch protection rule disables force pushes to the matching branches and prevents the matching branches from being deleted. You can optionally disable these restrictions and enable additional branch protection settings.
{% data reusables.repositories.branch-rules-example %} For more information, see "[Configuring protected branches](/articles/configuring-protected-branches/)."
By default, the restrictions of a branch protection rule don't apply to people with admin permissions to the repository. You can optionally choose to include administrators, too.
{% data reusables.repositories.branch-rules-example %} For more information about branch name patterns, see "[Managing a branch protection rule](/github/administering-a-repository/managing-a-branch-protection-rule)."
{% data reusables.pull_requests.you-can-auto-merge %}
### Prioritization of protected branch rules
### About branch protection settings
If a repository has multiple protected branch rules that affect the same branches, the rules that include a specific branch name have the highest priority. If there is more than one protected branch rule that references the same specific branch name, then the branch rule created first will have higher priority.
For each branch protection rule, you can choose to enable or disable the following settings.
- [Require pull request reviews before merging](#require-pull-request-reviews-before-merging)
- [Require status checks before merging](#require-status-checks-before-merging)
- [Require signed commits](#require-signed-commits)
- [Require linear history](#require-linear-history)
- [Include administrators](#include-administrators)
- [Restrict who can push to matching branches](#restrict-who-can-push-to-matching-branches)
- [Allow force pushes](#allow-force-pushes)
- [Allow deletions](#allow-deletions)
Protected branch rules that mention a special character, such as `*`, `?`, or `]`, are applied in the order they were created, so older rules with these characters have a higher priority.
#### Require pull request reviews before merging
### Branch protection settings
{% data reusables.pull_requests.required-reviews-for-prs-summary %}
When you create a branch protection rule in a repository, collaborators cannot force push to the protected branch or delete the branch{% if currentVersion == "free-pro-team@latest" %} by default{% endif %}. You can enable other branch protection settings. For information, see "[Defining the mergeability of pull requests](/github/administering-a-repository/defining-the-mergeability-of-pull-requests)."
If you enable required reviews, collaborators can only push changes to a protected branch via a pull request that is approved by the required number of reviewers with write permissions.
### Further reading
If a person with admin permissions chooses the **Request changes** option in a review, then that person must approve the pull request before the pull request can be merged. If a reviewer who requests changes on a pull request isn't available, anyone with write permissions for the repository can dismiss the blocking review.
- "[About required status checks](/articles/about-required-status-checks)"
- "[About required reviews for pull requests](/articles/about-required-reviews-for-pull-requests)"
- "[About required commit signing](/articles/about-required-commit-signing)"
{% data reusables.repositories.review-policy-overlapping-commits %}
If a collaborator attempts to merge a pull request with pending or rejected reviews into the protected branch, the collaborator will receive an error message.
```shell
remote: error: GH006: Protected branch update failed for refs/heads/main.
remote: error: Changes have been requested.
```
Optionally, you can choose to dismiss stale pull request approvals when commits are pushed. If anyone pushes a commit that modifies code to an approved pull request, the approval will be dismissed, and the pull request cannot be merged. This doesn't apply if the collaborator pushes commits that don't modify code, like merging the base branch into the pull request's branch. For information about the base branch, see "[About pull requests](/articles/about-pull-requests)."
Optionally, you can restrict the ability to dismiss pull request reviews to specific people or teams. For more information, see "[Dismissing a pull request review](/articles/dismissing-a-pull-request-review)."
Optionally, you can choose to require reviews from code owners. If you do, any pull request that affects code with a code owner must be approved by that code owner before the pull request can be merged into the protected branch.
#### Require status checks before merging
Required status checks ensure that all required CI tests are passing before collaborators can make changes to a protected branch. Required status checks can be checks or statuses. For more information, see "[About status checks](/github/collaborating-with-issues-and-pull-requests/about-status-checks)."
Before you can enable required status checks, you must configure the repository to use the status API. For more information, see "[Repositories](/rest/reference/repos#statuses)" in the REST documentation.
After enabling required status checks, all required status checks must pass before collaborators can merge changes into the protected branch. After all required status checks pass, any commits must either be pushed to another branch and then merged or pushed directly to the protected branch.
{% note %}
**Note:** Any person or integration with write permissions to a repository can set the state of any status check in the repository. {% data variables.product.company_short %} does not verify that the author of a check is authorized to create a check with a certain name or modify an existing status. Before merging a pull request, you should verify that the author of each status, listed in the merge box, is expected.
{% endnote %}
You can set up required status checks to either be "loose" or "strict." The type of required status check you choose determines whether your branch is required to be up-to-date with the base branch before merging.
| Type of required status check | Setting | Merge requirements | Considerations |
| --- | --- | --- | --- |
| **Strict** | The **Require branches to be up-to-date before merging** checkbox is checked. | The branch **must** be up to date with the base branch before merging. | This is the default behavior for required status checks. More builds may be required, as you'll need to bring the head branch up to date after other collaborators merge pull requests to the protected base branch.|
| **Loose** | The **Require branches to be up-to-date before merging** checkbox is **not** checked. | The branch **does not** have to be up to date with the base branch before merging. | You'll have fewer required builds, as you won't need to bring the head branch up to date after other collaborators merge pull requests. Status checks may fail after you merge your branch if there are incompatible changes with the base branch. |
| **Disabled** | The **Require status checks to pass before merging** checkbox is **not** checked. | The branch has no merge restrictions. | If required status checks aren't enabled, collaborators can merge the branch at any time, regardless of whether it is up to date with the base branch. This increases the possibility of incompatible changes.
For troubleshooting information, see "[Troubleshooting required status checks](/github/administering-a-repository/troubleshooting-required-status-checks)."
#### Require signed commits
When you enable required commit signing on a branch, contributors {% if currentVersion == "free-pro-team@latest" %}and bots{% endif %} can only push commits that have been signed and verified to the branch. For more information, see "[About commit signature verification](/articles/about-commit-signature-verification)."
{% note %}
**Note:** If a collaborator pushes an unsigned commit to a branch that requires commit signatures, the collaborator will need to rebase the commit to include a verified signature, then force push the rewritten commit to the branch.
{% endnote %}
You can always push local commits to the branch if the commits are signed and verified. {% if currentVersion == "free-pro-team@latest" %}You can also merge signed and verified commits into the branch using a pull request on {% data variables.product.product_name %}. However, you cannot squash and merge a pull request into the branch on {% data variables.product.product_name %} unless you are the author of the pull request.{% else %} However, you cannot merge pull requests into the branch on {% data variables.product.product_name %}.{% endif %} You can {% if currentVersion == "free-pro-team@latest" %}squash and {% endif %}merge pull requests locally. For more information, see "[Checking out pull requests locally](/github/collaborating-with-issues-and-pull-requests/checking-out-pull-requests-locally)."
{% if currentVersion == "free-pro-team@latest" %} For more information about merge methods, see "[About merge methods on {% data variables.product.prodname_dotcom %}](/github/administering-a-repository/about-merge-methods-on-github)."{% endif %}
#### Require linear history
Enforcing a linear commit history prevents collaborators from pushing merge commits to the branch. This means that any pull requests merged into the protected branch must use a squash merge or a rebase merge. A strictly linear commit history can help teams reverse changes more easily. For more information about merge methods, see "[About pull request merges](/github/collaborating-with-issues-and-pull-requests/about-pull-request-merges)."
Before you can require a linear commit history, your repository must allow squash merging or rebase merging. For more information, see "[Configuring pull request merges](/github/administering-a-repository/configuring-pull-request-merges)."
#### Include administrators
By default, protected branch rules do not apply to people with admin permissions to a repository. You can enable this setting to include administrators in your protected branch rules.
#### Restrict who can push to matching branches
{% if currentVersion == "free-pro-team@latest" %}
You can enable branch restrictions if your repository is owned by an organization using {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %}.
{% endif %}
When you enable branch restrictions, only users, teams, or apps that have been given permission can push to the protected branch. You can view and edit the users, teams, or apps with push access to a protected branch in the protected branch's settings.
You can only give push access to a protected branch to users, teams, or installed {% data variables.product.prodname_github_apps %} with write access to a repository. People and apps with admin permissions to a repository are always able to push to a protected branch.
#### Allow force pushes
By default, {% data variables.product.product_name %} blocks force pushes on all protected branches. When you enable force pushes to a protected branch, anyone with at least write permissions to the repository can force push to the branch, including those with admin permissions.
Enabling force pushes will not override any other branch protection rules. For example, if a branch requires a linear commit history, you cannot force push merge commits to that branch.
{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %}You cannot enable force pushes for a protected branch if a site administrator has blocked force pushes to all branches in your repository. For more information, see "[Blocking force pushes to repositories owned by a user account or organization](/enterprise/{{ currentVersion }}/admin/developer-workflow/blocking-force-pushes-to-repositories-owned-by-a-user-account-or-organization)."
If a site administrator has blocked force pushes to the default branch only, you can still enable force pushes for any other protected branch.{% endif %}
#### Allow deletions
By default, you cannot delete a protected branch. When you enable deletion of a protected branch, anyone with at least write permissions to the repository can delete the branch.

2
content/github/administering-a-repository/about-releases.md
View File

@@ -25,7 +25,7 @@ You can receive notifications when new releases are published in a repository wi
Anyone with read access to a repository can view and compare releases, but only people with write permissions to a repository can manage releases. For more information, see "[Managing releases in a repository](/github/administering-a-repository/managing-releases-in-a-repository)."
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" or currentVersion == "github-ae@latest" %}
People with admin permissions to a repository can choose whether {% data variables.large_files.product_name_long %} ({% data variables.large_files.product_name_short %}) objects are included in the ZIP files and tarballs that {% data variables.product.product_name %} creates for each release. For more information, see "[Managing {% data variables.large_files.product_name_short %} objects in archives of your repository](/github/administering-a-repository/managing-git-lfs-objects-in-archives-of-your-repository)."
{% endif %}

29
content/github/administering-a-repository/about-required-commit-signing.md
View File

@@ -1,29 +0,0 @@
---
title: About required commit signing
intro: Required commit signing ensures that collaborators can only push verified signed commits to a protected branch.
product: '{% data reusables.gated-features.protected-branches %}'
redirect_from:
- /articles/about-required-commit-signing
versions:
free-pro-team: '*'
enterprise-server: '*'
github-ae: '*'
---
If you've enforced branch protections in your repository, you can set up required commit signing. For more information, see "[Configuring protected branches](/articles/configuring-protected-branches/)."
When you enable required commit signing on a branch, contributors {% if currentVersion == "free-pro-team@latest" %}and bots{% endif %} can only push commits that have been signed and verified to the branch. For more information, see "[About commit signature verification](/articles/about-commit-signature-verification)."
You can always push local commits to the branch if the commits are signed and verified. {% if currentVersion == "free-pro-team@latest" %}You can also merge signed and verified commits into the branch using a pull request on {% data variables.product.product_name %}. However, you cannot squash and merge a pull request into the branch on {% data variables.product.product_name %} unless you are the author of the pull request.{% else %} However, you cannot merge pull requests into the branch on {% data variables.product.product_name %}.{% endif %} You can {% if currentVersion == "free-pro-team@latest" %}squash and {% endif %}merge pull requests locally. For more information, see "[Checking out pull requests locally](/github/collaborating-with-issues-and-pull-requests/checking-out-pull-requests-locally)."{% if currentVersion == "free-pro-team@latest" %} For more information about merge methods, see "[About merge methods on {% data variables.product.prodname_dotcom %}](/github/administering-a-repository/about-merge-methods-on-github)."{% endif %}
{% note %}
**Note:** Enabling required commit signing on a branch will make it more difficult to contribute. If a collaborator pushes an unsigned commit to a branch that has required commit signing enabled, they will need to rebase their commit to include a verified signature and force push the rewritten commit to the branch.
{% endnote %}
Administrators of a repository can push local commits that have not been signed and verified, however you can require administrators to be subject to required commit signing. For more information, see "[Enabling required commit signing](/articles/enabling-required-commit-signing)."
### Further reading
- "[About protected branches](/articles/about-protected-branches)"

36
content/github/administering-a-repository/about-required-reviews-for-pull-requests.md
View File

@@ -1,36 +0,0 @@
---
title: About required reviews for pull requests
intro: Required reviews ensure that pull requests have a specific number of approving reviews before collaborators can make changes to a protected branch.
product: '{% data reusables.gated-features.protected-branches %}'
redirect_from:
- /articles/about-required-reviews-for-pull-requests
versions:
free-pro-team: '*'
enterprise-server: '*'
github-ae: '*'
---
If you've enforced branch protections in your repository, you can set up required reviews. For more information about enforcing branch protections, see "[Configuring protected branches](/articles/configuring-protected-branches/)." For more information about setting up required reviews, see "[Enabling required reviews for pull requests](/articles/enabling-required-reviews-for-pull-requests)."
{% data reusables.pull_requests.required-reviews-for-prs-summary %}
If a person with *admin* permissions chooses the **Request changes** option in a review, then that person must approve the pull request before it can be merged. If a reviewer who requests changes on a pull request isn't available, anyone with *admin* or *write* permission for the repository can dismiss the blocking review. For more information, see "[Dismissing a pull request review](/articles/dismissing-a-pull-request-review)."
{% note %}
**Note:** Repository admins can restrict the ability to dismiss pull request reviews to specific people or teams. For more information, see "[Enabling required reviews for pull requests](/articles/enabling-required-reviews-for-pull-requests)."
{% endnote %}
If you push a code-modifying commit to the branch of an approved pull request, the approval may be dismissed if repository admins have set up stale review dismissals. For more information, see "[Enabling required reviews for pull requests](/articles/enabling-required-reviews-for-pull-requests)." This doesn't apply if you push non-code-modifying commits, like merging the base branch into your pull request's branch. For information about the base branch, see "[About pull requests](/articles/about-pull-requests)."
Unless required reviews have been set up to include repository admins, people with *admin* permissions can merge a pull request regardless of reviews from other admins.
{% data reusables.repositories.review-policy-overlapping-commits %}
You can't merge a pull request into a protected branch until someone with *write* or *admin* permissions approves it. If there are pending or rejected reviews, you'll receive an error message:
```shell
remote: error: GH006: Protected branch update failed for refs/heads/main.
remote: error: Changes have been requested.
```

72
content/github/administering-a-repository/about-required-status-checks.md
View File

@@ -1,72 +0,0 @@
---
title: About required status checks
intro: Required status checks ensure that all required CI tests are passing before collaborators can make changes to a protected branch.
product: '{% data reusables.gated-features.protected-branches %}'
redirect_from:
- /articles/about-required-status-checks
versions:
free-pro-team: '*'
enterprise-server: '*'
github-ae: '*'
---
### About required status checks
If you've enforced branch protections in your repository, you can set up required status checks. For more information, see "[Configuring protected branches](/articles/configuring-protected-branches/)" and "[Enabling required status checks](/articles/enabling-required-status-checks)." Required status checks can be checks or statuses. For more information, see "[About status checks](/github/administering-a-repository/enabling-required-status-checks)."
After enabling required status checks, all required status checks must pass before branches can be merged into the protected branch. After all required status checks pass, any commits must either be pushed to another branch and then merged or pushed directly to the protected branch.
![Merge protected branch ](/assets/images/help/repository/req-status-check-all-passed.png)
{% tip %}
**Note:** Any person or integration with write permissions to a repository can set the state of any status check in the repository. {% data variables.product.product_name %} does not verify that the author of a check is authorized to create a check with a certain name or modify an existing status. Before merging a pull request, you should verify that the author of each status, listed in the merge box, is expected.
{% endtip %}
Administrators of a repository can merge a protected branch even if required status checks have failed or are pending. You can require administrators to be subject to required status checks. For more information, see "[Enabling required status checks](/github/administering-a-repository/enabling-required-status-checks)."
![Administrator merge of protected branch](/assets/images/help/repository/req-status-check-admin-merge.png)
Administrators can also merge a protected branch even if the branch is out of date with the base branch.
### Required status checks settings
You can set up either loose or strict status checks, depending on whether you want to require your branch to be up to date with the base branch before merging. For more information, see "[Types of required status checks](/github/administering-a-repository/types-of-required-status-checks)."
### Troubleshooting required status checks
If you have a check and a status with the same name and you select that name as a required status check, both the check and the status are required. For more information, see "[Checks](/rest/reference/checks)."
Once you've set up required status checks, your branch must be up to date with the base branch before merging. This ensures that your branch has been tested with the latest code from the base branch. If your branch is out of date, you'll need to merge the base branch into your branch.
{% note %}
**Note:** You can also bring your branch up to date with the base branch using Git rebase. For more information, see "[About Git rebase](/github/using-git/about-git-rebase)."
{% endnote %}
![Out-of-date branch](/assets/images/help/repository/req-status-check-out-of-date.png)
You won't be able to push local changes to a protected branch until all required status checks pass. Instead, you'll receive an error message similar to the following:
```shell
remote: error: GH006: Protected branch update failed for refs/heads/main.
remote: error: Required status check "ci-build" is failing
```
{% note %}
**Note:** Pull requests that are up to date and pass required status checks can be merged locally and pushed to the protected branch. This can be done without status checks running on the merge commit itself.
{% endnote %}
{% if currentVersion == "free-pro-team@latest" or currentVersion == "github-ae@latest" or currentVersion ver_gt "enterprise-server@2.20" %}
Sometimes, the results of the status checks for the test merge commit and head commit will conflict. If the test merge commit has a status, it must pass. Otherwise, the status of the head commit must pass before you can merge the branch. For more information about test merge commits, see "[Pull Requests](/rest/reference/pulls#response-1)."
![Branch with conflicting merge commits](/assets/images/help/repository/req-status-check-conflicting-merge-commits.png)
{% endif %}
### Further reading
- "[About status checks](/github/collaborating-with-issues-and-pull-requests/about-status-checks)"

109
content/github/administering-a-repository/about-secret-scanning.md
View File

@@ -8,116 +8,57 @@ redirect_from:
- /articles/about-token-scanning-for-private-repositories
versions:
free-pro-team: '*'
enterprise-server: '>=3.0'
---
{% data reusables.secret-scanning.beta %}
{% data reusables.secret-scanning.enterprise-enable-secret-scanning %}
If your project communicates with an external service, you might use a token or private key for authentication. Tokens and private keys are examples of secrets that a service provider can issue. If you check a secret into a repository, anyone who has read access to the repository can use the secret to access the external service with your privileges. We recommend that you store secrets in a dedicated, secure location outside of the repository for your project.
If someone checks a secret from a {% data variables.product.company_short %} partner into a public or private repository, {% data variables.product.prodname_secret_scanning %} can detect the secret and help you mitigate the impact of the leak.
Service providers can partner with {% data variables.product.company_short %} to provide their secret formats for scanning.{% if currentVersion == "free-pro-team@latest" %} For more information, see "[Secret scanning](/developers/overview/secret-scanning)."
{% endif %}
Service providers can partner with {% data variables.product.company_short %} to provide their secret formats for scanning. For more information, see "[Secret scanning](/partnerships/secret-scanning)."
{% data reusables.secret-scanning.about-secret-scanning %}
{% if currentVersion == "free-pro-team@latest" %}
### About {% data variables.product.prodname_secret_scanning %} for public repositories
{% data variables.product.prodname_secret_scanning_caps %} is automatically enabled on public repositories, where it scans code for secrets, to check for known secret formats. When a match of your secret format is found in a public repository, {% data variables.product.company_short %} doesn't publicly disclose the information as an alert, but instead sends a payload to an HTTP endpoint of your choice. For an overview of how secret scanning works on public repositories, see "[Secret scanning](/developers/overview/secret-scanning)."
{% data variables.product.prodname_secret_scanning_caps %} is automatically enabled on public repositories. When you push to a public repository, {% data variables.product.product_name %} scans the content of the commits for secrets. If you switch a private repository to public, {% data variables.product.product_name %} scans the entire repository for secrets.
When you push to a public repository, {% data variables.product.product_name %} scans the content of the commits for secrets. If you switch a private repository to public, {% data variables.product.product_name %} scans the entire repository for secrets.
When {% data variables.product.prodname_secret_scanning %} detects a set of credentials, we notify the service provider who issued the secret. The service provider validates the credential and then decides whether they should revoke the secret, issue a new secret, or reach out to you directly, which will depend on the associated risks to you or the service provider.
When {% data variables.product.prodname_secret_scanning %} detects a set of credentials, we notify the service provider who issued the secret. The service provider validates the credential and then decides whether they should revoke the secret, issue a new secret, or reach out to you directly, which will depend on the associated risks to you or the service provider. For an overview of how we work with token-issuing partners, see "[Secret scanning](/developers/overview/secret-scanning)."
{% data variables.product.product_name %} currently scans public repositories for secrets issued by the following service providers.
- Adafruit
- Alibaba Cloud
- Amazon Web Services (AWS)
- Atlassian
- Azure
- Clojars
- CloudBees CodeShip
- Databricks
- Datadog
- Discord
- Doppler
- Dropbox
- Dynatrace
- Finicity
- Frame.io
- GitHub
- GoCardless
- Google Cloud
- Hashicorp Terraform
- Hubspot
- Mailchimp
- Mailgun
- MessageBird
- npm
- NuGet
- Palantir
- Plivo
- Postman
- Proctorio
- Pulumi
- Samsara
- Shopify
- Slack
- SSLMate
- Stripe
- Tencent Cloud
- Twilio
{% data reusables.secret-scanning.partner-secret-list-public-repo %}
### About {% data variables.product.prodname_secret_scanning %} for private repositories
{% endif %}
{% data reusables.secret-scanning.beta %}
{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %}
### About {% data variables.product.prodname_secret_scanning %} on {% data variables.product.product_name %}
If you're a repository administrator or an organization owner, you can enable {% data variables.product.prodname_secret_scanning %} for private repositories that are owned by organizations. You can enable {% data variables.product.prodname_secret_scanning %} for all your repositories, or for all new repositories within your organization. {% data variables.product.prodname_secret_scanning_caps %} is not available for user account-owned private repositories. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)" and "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)."
{% data variables.product.prodname_secret_scanning_caps %} is available on all organization-owned repositories as part of {% data variables.product.prodname_GH_advanced_security %}. It is not available on user-owned repositories.
{% endif %}
When you push commits to a private repository with {% data variables.product.prodname_secret_scanning %} enabled, {% data variables.product.product_name %} scans the contents of the commits for secrets.
If you're a repository administrator or an organization owner, you can enable {% data variables.product.prodname_secret_scanning %} for {% if currentVersion == "free-pro-team@latest" %} private{% endif %} repositories that are owned by organizations. You can enable {% data variables.product.prodname_secret_scanning %} for all your repositories, or for all new repositories within your organization.{% if currentVersion == "free-pro-team@latest" %} {% data variables.product.prodname_secret_scanning_caps %} is not available for user-owned private repositories.{% endif %} For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)" and "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)."
When {% data variables.product.prodname_secret_scanning %} detects a secret in a private repository, {% data variables.product.prodname_dotcom %} sends alerts.
When you push commits to a{% if currentVersion == "free-pro-team@latest" %} private{% endif %} repository with {% data variables.product.prodname_secret_scanning %} enabled, {% data variables.product.prodname_dotcom %} scans the contents of the commits for secrets.
When {% data variables.product.prodname_secret_scanning %} detects a secret in a{% if currentVersion == "free-pro-team@latest" %} private{% endif %} repository, {% data variables.product.prodname_dotcom %} sends alerts.
- {% data variables.product.prodname_dotcom %} sends an email alert to the repository administrators and organization owners.
- {% data variables.product.prodname_dotcom %} displays an alert in the repository. For more information, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/github/administering-a-repository/managing-alerts-from-secret-scanning)."
Repository administrators and organization owners can grant users and team access to {% data variables.product.prodname_secret_scanning %} alerts. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)."
Repository administrators and organization owners can grant users and teams access to {% data variables.product.prodname_secret_scanning %} alerts. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)."
To monitor results from {% data variables.product.prodname_secret_scanning %} across your private repositories or your organization, you can use the {% data variables.product.prodname_secret_scanning %} API. For more information about API endpoints, see "[{% data variables.product.prodname_secret_scanning_caps %}](/rest/reference/secret-scanning)."
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
To monitor results from {% data variables.product.prodname_secret_scanning %} across your private repositories or your organization, you can use the {% data variables.product.prodname_secret_scanning %} API. For more information about API endpoints, see "[{% data variables.product.prodname_secret_scanning_caps %}](/rest/reference/secret-scanning)."{% endif %}
{% data variables.product.product_name %} currently scans private repositories for secrets issued by the following service providers.
{% data variables.product.prodname_dotcom %} currently scans{% if currentVersion == "free-pro-team@latest" %} private{% endif %} repositories for secrets issued by the following service providers.
- Adafruit
- Alibaba Cloud
- Amazon Web Services (AWS)
- Atlassian
- Azure
- Clojars
- CloudBees CodeShip
- Databricks
- Discord
- Doppler
- Dropbox
- Dynatrace
- Finicity
- Frame.io
- GitHub
- GoCardless
- Google Cloud
- Hashicorp Terraform
- Hubspot
- Mailchimp
- Mailgun
- npm
- NuGet
- Palantir
- Postman
- Proctorio
- Pulumi
- Samsara
- Shopify
- Slack
- SSLMate
- Stripe
- Tencent Cloud
- Twilio
{% data reusables.secret-scanning.partner-secret-list-private-repo %}
{% note %}

14
content/github/administering-a-repository/about-securing-your-repository.md
View File

@@ -3,6 +3,7 @@ title: About securing your repository
intro: '{% data variables.product.product_name %} provides a number of ways that you can help keep your repository secure.'
versions:
free-pro-team: '*'
enterprise-server: '>=3.0'
---
### Setting up your repository securely
@@ -13,6 +14,7 @@ The first step to securing a repository is to set up who can see and modify your
{% data variables.product.prodname_dotcom %} has a growing set of security features that help you keep your code secure. You can find these on the **Security** tab for your repository.
{% if currentVersion == "free-pro-team@latest" %}
- **Security policy**
Make it easy for people to confidentially report security vulnerabilities they've found in your repository. For more information, see "[Adding a security policy to your repository](/github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository)."
@@ -25,10 +27,21 @@ The first step to securing a repository is to set up who can see and modify your
View alerts about dependencies that are known to contain security vulnerabilities, and choose whether to have pull requests generated automatically to update these dependencies. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)"
and "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)."
{% endif %}
{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %}
- **{% data variables.product.prodname_dependabot_alerts %}**
View alerts about dependencies that are known to contain security vulnerabilities, and manage these alerts. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)."
{% endif %}
{% if currentVersion == "free-pro-team@latest" %}
- **{% data variables.product.prodname_dependabot %} version updates**
Use {% data variables.product.prodname_dependabot %} to automatically raise pull requests to keep your dependencies up-to-date. This helps reduce your exposure to older versions of dependencies. Using newer versions makes it easier to apply patches if security vulnerabilities are discovered, and also makes it easier for {% data variables.product.prodname_dependabot_security_updates %} to successfully raise pull requests to upgrade vulnerable dependencies. For more information, see "[About {% data variables.product.prodname_dependabot_version_updates %}](/github/administering-a-repository/about-dependabot-version-updates)."
{% endif %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
- **{% data variables.product.prodname_code_scanning_capc %} alerts**
@@ -37,6 +50,7 @@ The first step to securing a repository is to set up who can see and modify your
- **Detected secrets**
View any secrets that {% data variables.product.prodname_dotcom %} has found in your code. You should treat tokens or credentials that have been checked into the repository as compromised. For more information, see "[About secret scanning](/github/administering-a-repository/about-secret-scanning)."
{% endif %}
### Exploring dependencies
{% data variables.product.prodname_dotcom %}'s dependency graph allows you to explore:

8
content/github/administering-a-repository/changing-the-default-branch.md
View File

@@ -23,7 +23,13 @@ You can choose the default branch for a repository. The default branch is the ba
{% endnote %}
{% endif %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %}
{% if currentVersion == "free-pro-team@latest" %}
You can also rename the default branch. For more information, see "[Renaming a branch](/github/administering-a-repository/renaming-a-branch)."
{% endif %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
{% data reusables.branches.set-default-branch %}

42
content/github/administering-a-repository/configuring-protected-branches.md
View File

@@ -1,42 +0,0 @@
---
title: Configuring protected branches
intro: 'If you''re a repository owner or have admin permissions in a repository, you can customize branch protections in the repository and enforce certain workflows, such as requiring more than one pull request review or requiring certain status checks to pass before allowing a pull request to merge.'
product: '{% data reusables.gated-features.protected-branches %}'
redirect_from:
- /articles/configuring-protected-branches
- /enterprise/admin/developer-workflow/configuring-protected-branches-and-required-status-checks
versions:
free-pro-team: '*'
enterprise-server: '*'
github-ae: '*'
---
{% data reusables.repositories.branch-rules-example %}
You can also set up automatic branch protection for all branches in your repository with the wildcard syntax `*`. Because {% data variables.product.prodname_dotcom %} uses the `File::FNM_PATHNAME` flag for the `File.fnmatch` syntax, the wildcard does not match directory separators (`/`). For example, `qa/*` will match all branches beginning with `qa/` and containing a single slash. You can include multiple slashes with `qa/**/*`, and you can extend the `qa` string with `qa**/**/*` to make it more inclusive. For more information about syntax options for branch rules, see the [fnmatch documentation](https://ruby-doc.org/core-2.5.1/File.html#method-c-fnmatch).
To create an exception to an existing branch rule, you can create a new branch protection rule that is higher priority, such as a branch rule for a specific branch name. For more information about the priority order and other settings for protected branch rules, see "[About protected branches](/github/administering-a-repository/about-protected-branches)."
{% note %}
**Note:** To create a branch rule, the branch you specify doesn't have to exist yet in the repository.
{% endnote %}
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.repositories.repository-branches %}
{% data reusables.repositories.add-branch-protection-rules %}
6. Optionally, you can configure specific branch rule settings.
![Protected branch rule settings](/assets/images/help/branches/branch-rule-settings.png)
7. To confirm your branch protection rule, click **Create** or **Save changes.**
### Further reading
- "[About protected branches](/github/administering-a-repository/about-protected-branches)"
- "[About required status checks](/github/administering-a-repository/about-required-status-checks)"
- "[Enabling required status checks](/github/administering-a-repository/enabling-required-status-checks)"
- "[About branch restrictions](/github/administering-a-repository/about-branch-restrictions)"
- "[Enabling branch restrictions](/github/administering-a-repository/enabling-branch-restrictions)"
- "[About required commit signing](/github/administering-a-repository/about-required-commit-signing)"

21
content/github/administering-a-repository/configuring-secret-scanning-for-your-repositories.md
View File

@@ -1,17 +1,27 @@
---
title: Configuring secret scanning for your repositories
intro: 'You can configure how {% data variables.product.product_name %} scans your private repositories for secrets.'
permissions: 'People with admin permissions to a private repository can enable {% data variables.product.prodname_secret_scanning %} for the repository.'
intro: 'You can configure how {% data variables.product.prodname_dotcom %} scans your repositories for secrets.'
permissions: 'People with admin permissions to a repository can enable {% data variables.product.prodname_secret_scanning %} for the repository.'
redirect_from:
- /github/administering-a-repository/configuring-secret-scanning-for-private-repositories
product: '{% data reusables.gated-features.secret-scanning %}'
versions:
free-pro-team: '*'
enterprise-server: '>=3.0'
---
{% data reusables.secret-scanning.beta %}
{% data reusables.secret-scanning.enterprise-enable-secret-scanning %}
### Enabling {% data variables.product.prodname_secret_scanning %} for private repositories
{% if currentVersion == "free-pro-team@latest" %}
{% note %}
**Note:** {% data variables.product.prodname_secret_scanning_caps %} is enabled by default on public repositories and cannot be turned off. You can configure {% data variables.product.prodname_secret_scanning %} for your private repositories only.
{% endnote %}
{% endif %}
### Enabling {% data variables.product.prodname_secret_scanning %} for {% if currentVersion == "free-pro-team@latest" %}private {% endif %}repositories
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
@@ -24,13 +34,12 @@ versions:
![Confirm enabling {% data variables.product.prodname_GH_advanced_security %} for your repository](/assets/images/help/repository/enable-ghas-confirmation-dotcom.png)
6. When you enable {% data variables.product.prodname_GH_advanced_security %} this may automatically enable {% data variables.product.prodname_secret_scanning %} for the repository (this is controlled by the organization configuration). If "{% data variables.product.prodname_secret_scanning_caps %}" is shown with an **Enable** button, you still need to enable {% data variables.product.prodname_secret_scanning %} by clicking **Enable**. If you see a **Disable** button, {% data variables.product.prodname_secret_scanning %} is already enabled.
![Enable {% data variables.product.prodname_secret_scanning %} for your repository](/assets/images/help/repository/enable-secret-scanning-dotcom.png){% endif %}
{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %}
4. To the right of "{% data variables.product.prodname_secret_scanning_caps %}", click **Enable**.
![Enable {% data variables.product.prodname_secret_scanning %} for your repository](/assets/images/help/repository/enable-secret-scanning-ghe.png)
{% endif %}
### Excluding alerts from {% data variables.product.prodname_secret_scanning %} in private repositories
### Excluding alerts from {% data variables.product.prodname_secret_scanning %} in {% if currentVersion == "free-pro-team@latest" %}private {% endif %}repositories
You can use a *secret_scanning.yml* file to exclude directories from {% data variables.product.prodname_secret_scanning %}. For example, you can exclude directories that contain tests or randomly generated content.
@@ -57,4 +66,4 @@ You can also ignore individual alerts from {% data variables.product.prodname_se
### Further reading
- "[Managing {% data variables.product.prodname_secret_scanning %} for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-secret-scanning-for-your-organization)"
- "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)"

33
content/github/administering-a-repository/enabling-branch-restrictions.md
View File

@@ -1,33 +0,0 @@
---
title: Enabling branch restrictions
intro: 'You can enforce branch restrictions so that only certain users, teams, or apps can push to a protected branch in repositories owned by your organization.'
product: '{% data reusables.gated-features.branch-restrictions %}'
redirect_from:
- /articles/enabling-branch-restrictions
versions:
free-pro-team: '*'
enterprise-server: '*'
github-ae: '*'
---
Anyone with admin permissions to an organization-owned repository can enable branch restrictions.
{% data reusables.repositories.protected-branches-options %}
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.repositories.repository-branches %}
{% data reusables.repositories.add-branch-protection-rules %}
{% data reusables.repositories.include-administrators %}
6. Under "Protect matching branches", select **Restrict who can push to matching branches**.
![Branch restriction checkbox](/assets/images/help/repository/restrict-branch.png)
8. Search for and select the people, teams, or apps who will have permission to push to the protected branch.
![Branch restriction search](/assets/images/help/repository/restrict-branch-search.png)
9. Click **Create**.
### Further reading
- "[About protected branches](/github/administering-a-repository/about-protected-branches)"
- "[Configuring protected branches](/github/administering-a-repository/configuring-protected-branches)"
- "[About required status checks](/github/administering-a-repository/about-required-status-checks)"
- "[Enabling required status checks](/github/administering-a-repository/enabling-required-status-checks)"

23
content/github/administering-a-repository/enabling-deletion-of-a-protected-branch.md
View File

@@ -1,23 +0,0 @@
---
title: Enabling deletion of a protected branch
intro: You can allow anyone with write access for a repository to delete a protected branch.
product: '{% data reusables.gated-features.protected-branches %}'
versions:
free-pro-team: '*'
enterprise-server: '>=2.20'
github-ae: '*'
---
Anyone with admin permissions to a repository can enable branch deletions.
By default, you cannot delete a protected branch. When you enable deletion to a protected branch, anyone with at least write permissions to the repository can delete the branch, including those with admin permissions.
{% data reusables.repositories.protected-branches-options %}
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.repositories.repository-branches %}
{% data reusables.repositories.add-branch-protection-rules %}
6. Under "Rules applied to everyone including administrators", select **Allow deletions**.
![Allow branch deletions option](/assets/images/help/repository/allow-branch-deletions.png)
7. Click **Create**.

33
content/github/administering-a-repository/enabling-force-pushes-to-a-protected-branch.md
View File

@@ -1,33 +0,0 @@
---
title: Enabling force pushes to a protected branch
intro: You can allow force pushes to a protected branch.
product: '{% data reusables.gated-features.protected-branches %}'
versions:
free-pro-team: '*'
enterprise-server: '>=2.20'
github-ae: '*'
---
Anyone with admin permissions to a repository can enable force pushes.
### About force pushes to protected branches
By default, force pushes are blocked on all protected branches. When you enable force pushes to a protected branch, anyone with at least write permissions to the repository can force push to the branch, including those with admin permissions.
Enabling force pushes will not override any other branch protection rules. For example, if a branch requires a linear commit history, you cannot force push merge commits to that branch.
{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %}You cannot enable force pushes for a protected branch if a site administrator has blocked force pushes to all branches in your repository. For more information, see "[Blocking force pushes to repositories owned by a user account or organization](/enterprise/{{ currentVersion }}/admin/developer-workflow/blocking-force-pushes-to-repositories-owned-by-a-user-account-or-organization)."
If a site administrator has blocked force pushes to the default branch only, you can still enable force pushes for any other protected branch.{% endif %}
{% data reusables.repositories.protected-branches-options %}
### Enabling force pushes
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.repositories.repository-branches %}
{% data reusables.repositories.add-branch-protection-rules %}
6. Under "Rules applied to everyone including administrators", select **Allow force pushes**.
![Allow force pushes option](/assets/images/help/repository/allow-force-pushes.png)
7. Click **Create**.

25
content/github/administering-a-repository/enabling-required-commit-signing.md
View File

@@ -1,25 +0,0 @@
---
title: Enabling required commit signing
intro: Repository administrators can enforce required commit signing on a branch to block all commits that are not signed and verified.
product: '{% data reusables.gated-features.protected-branches %}'
redirect_from:
- /articles/enabling-required-commit-signing
versions:
free-pro-team: '*'
enterprise-server: '*'
github-ae: '*'
---
Before enabling required commit signing on a branch, you must first set the branch up as a protected branch. For more information, see "[Configuring protected branches](/github/administering-a-repository/configuring-protected-branches)."
{% data reusables.repositories.protected-branches-options %}
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.repositories.repository-branches %}
{% data reusables.repositories.add-branch-protection-rules %}
5. Select **Require signed commits**.
![Require signed commits option](/assets/images/help/repository/require-signed-commits.png)
6. Optionally, select **Include administrators**. This enforces the required signed commits on the repository administrators.
![Include administrators checkbox](/assets/images/help/repository/include-admins-protected-branches.png)
7. Click **Create**.

38
content/github/administering-a-repository/enabling-required-reviews-for-pull-requests.md
View File

@@ -1,38 +0,0 @@
---
title: Enabling required reviews for pull requests
intro: Repository administrators can enforce required reviews so that pull requests must have a specific number of approving reviews before they are merged.
product: '{% data reusables.gated-features.protected-branches %}'
redirect_from:
- /articles/enabling-required-reviews-for-pull-requests
versions:
free-pro-team: '*'
enterprise-server: '*'
github-ae: '*'
---
Before enabling required reviews on a branch, you must first set the branch up as a protected branch. For more information, see "[Configuring protected branches](/github/administering-a-repository/configuring-protected-branches)."
{% data reusables.repositories.protected-branches-options %}
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.repositories.repository-branches %}
{% data reusables.repositories.add-branch-protection-rules %}
5. Select **Require pull request reviews before merging**.
![Pull request review restriction checkbox](/assets/images/help/repository/PR-reviews-required.png)
6. In the Required approving reviews drop-down menu, select the number of approving reviews you'd like to require on the branch.
![Drop-down menu to select number of required review approvals](/assets/images/help/repository/number-of-required-review-approvals.png)
7. Optionally, select **Dismiss stale pull request approvals when new commits are pushed**. This dismisses a pull request approval review when a code-modifying commit is pushed to the branch.
![Dismiss stale pull request approvals when new commits are pushed checkbox](/assets/images/help/repository/PR-reviews-required-dismiss-stale.png)
8. Optionally, select **Require review from Code Owners** to require review from a code owner when the pull request affects code that has a designated owner. For more information, see "[About code owners](/github/creating-cloning-and-archiving-repositories/about-code-owners)."
![Require review from code owners](/assets/images/help/repository/PR-review-required-code-owner.png)
9. Optionally, if the repository is part of an organization, select **Restrict who can dismiss pull request reviews** to search for and select the people or teams who can dismiss pull request reviews. For more information, see "[Dismissing a pull request review](/github/collaborating-with-issues-and-pull-requests/dismissing-a-pull-request-review)." This option is not available for personal repositories.
![Restrict who can dismiss pull request reviews checkbox](/assets/images/help/repository/PR-review-required-dismissals.png)
{% data reusables.repositories.include-administrators %}
11. Click **Create**.
### Further reading
- "[About required reviews for pull requests](/github/administering-a-repository/about-required-reviews-for-pull-requests)"
- "[About protected branches](/github/administering-a-repository/about-protected-branches)"
- "[About required status checks](/github/administering-a-repository/about-required-status-checks)"

30
content/github/administering-a-repository/enabling-required-status-checks.md
View File

@@ -1,30 +0,0 @@
---
title: Enabling required status checks
intro: Repository administrators can enforce required status checks before a branch is merged in a pull request or before commits on a local branch can be pushed to the protected remote branch.
product: '{% data reusables.gated-features.protected-branches %}'
redirect_from:
- /articles/enabling-required-status-checks
versions:
free-pro-team: '*'
enterprise-server: '*'
github-ae: '*'
---
{% data reusables.repositories.protected-branches-options %}
Before you can enable required status checks, you must configure the repository to use the status API. For more information, see "[Building a CI Server](/guides/building-a-ci-server/)."
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.repositories.repository-branches %}
{% data reusables.repositories.add-branch-protection-rules %}
6. Under "Protect matching branches", select **Require status checks to pass before merging**.
![Required status checks option](/assets/images/help/repository/required-status-checks.png)
7. Optionally, select **Require branches to be up to date before merging**. If selected, this ensures that the branch is tested with the latest code on the base branch.
![Loose or strict required status checkbox](/assets/images/help/repository/protecting-branch-loose-status.png)
7. From the list of available status checks, select the checks you want to require.
![List of available status checks](/assets/images/help/repository/required-statuses-list.png)
{% data reusables.repositories.include-administrators %}
9. Click **Create**.
{% data reusables.repositories.required-status-merge-tip %}

16
content/github/administering-a-repository/index.md
View File

@@ -33,6 +33,7 @@ versions:
{% link_in_list /restoring-a-deleted-repository %}
{% topic_link_in_list /managing-branches-in-your-repository %}
{% link_in_list /viewing-branches-in-your-repository %}
{% link_in_list /renaming-a-branch %}
{% link_in_list /changing-the-default-branch %}
{% link_in_list /deleting-and-restoring-branches-in-a-pull-request %}
{% topic_link_in_list /configuring-pull-request-merges %}
@@ -43,19 +44,8 @@ versions:
{% link_in_list /managing-the-automatic-deletion-of-branches %}
{% topic_link_in_list /defining-the-mergeability-of-pull-requests %}
{% link_in_list /about-protected-branches %}
{% link_in_list /configuring-protected-branches %}
{% link_in_list /about-required-status-checks %}
{% link_in_list /types-of-required-status-checks %}
{% link_in_list /enabling-required-status-checks %}
{% link_in_list /about-branch-restrictions %}
{% link_in_list /enabling-branch-restrictions %}
{% link_in_list /about-required-reviews-for-pull-requests %}
{% link_in_list /enabling-required-reviews-for-pull-requests %}
{% link_in_list /about-required-commit-signing %}
{% link_in_list /enabling-required-commit-signing %}
{% link_in_list /requiring-a-linear-commit-history %}
{% link_in_list /enabling-force-pushes-to-a-protected-branch %}
{% link_in_list /enabling-deletion-of-a-protected-branch %}
{% link_in_list /managing-a-branch-protection-rule %}
{% link_in_list /troubleshooting-required-status-checks %}
{% topic_link_in_list /releasing-projects-on-github %}
{% link_in_list /about-releases %}
{% link_in_list /managing-releases-in-a-repository %}

100
content/github/administering-a-repository/managing-a-branch-protection-rule.md Normal file
View File

@@ -0,0 +1,100 @@
---
title: Managing a branch protection rule
intro: 'You can create a branch protection rule to enforce certain workflows for one or more branches, such as requiring an approving review or passing status checks for all pull requests merged into the protected branch.'
product: '{% data reusables.gated-features.protected-branches %}'
redirect_from:
- /articles/configuring-protected-branches
- /enterprise/admin/developer-workflow/configuring-protected-branches-and-required-status-checks
- /articles/enabling-required-status-checks
- /github/administering-a-repository/enabling-required-status-checks
- /articles/enabling-branch-restrictions
- /github/administering-a-repository/enabling-branch-restrictions
- /articles/enabling-required-reviews-for-pull-requests
- /github/administering-a-repository/enabling-required-reviews-for-pull-requests
- /articles/enabling-required-commit-signing
- /github/administering-a-repository/enabling-required-commit-signing
- /github/administering-a-repository/requiring-a-linear-commit-history
- /github/administering-a-repository/enabling-force-pushes-to-a-protected-branch
- /github/administering-a-repository/enabling-deletion-of-a-protected-branch
versions:
free-pro-team: '*'
enterprise-server: '*'
github-ae: '*'
permissions: People with admin permissions to a repository can manage branch protection rules.
---
### About branch protection rules
{% data reusables.repositories.branch-rules-example %}
You can create a rule for all current and future branches in your repository with the wildcard syntax `*`. Because {% data variables.product.company_short %} uses the `File::FNM_PATHNAME` flag for the `File.fnmatch` syntax, the wildcard does not match directory separators (`/`). For example, `qa/*` will match all branches beginning with `qa/` and containing a single slash. You can include multiple slashes with `qa/**/*`, and you can extend the `qa` string with `qa**/**/*` to make the rule more inclusive. For more information about syntax options for branch rules, see the [fnmatch documentation](https://ruby-doc.org/core-2.5.1/File.html#method-c-fnmatch).
If a repository has multiple protected branch rules that affect the same branches, the rules that include a specific branch name have the highest priority. If there is more than one protected branch rule that references the same specific branch name, then the branch rule created first will have higher priority.
Protected branch rules that mention a special character, such as `*`, `?`, or `]`, are applied in the order they were created, so older rules with these characters have a higher priority.
To create an exception to an existing branch rule, you can create a new branch protection rule that is higher priority, such as a branch rule for a specific branch name.
For more information about each of each of the available branch protection settings, see "[About protected branches](/github/administering-a-repository/about-protected-branches)."
### Creating a branch protection rule
When you create a branch rule, the branch you specify doesn't have to exist yet in the repository.
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.repositories.repository-branches %}
{% data reusables.repositories.add-branch-protection-rules %}
1. Optionally, enable required pull request reviews.
- Under "Protect matching branches", select **Require pull request reviews before merging**.
![Pull request review restriction checkbox](/assets/images/help/repository/PR-reviews-required.png)
- Click the **Required approving reviews** drop-down menu, then select the number of approving reviews you'd like to require on the branch.
![Drop-down menu to select number of required review approvals](/assets/images/help/repository/number-of-required-review-approvals.png)
- Optionally, to dismiss a pull request approval review when a code-modifying commit is pushed to the branch, select **Dismiss stale pull request approvals when new commits are pushed**.
![Dismiss stale pull request approvals when new commits are pushed checkbox](/assets/images/help/repository/PR-reviews-required-dismiss-stale.png)
- Optionally, to require review from a code owner when the pull request affects code that has a designated owner, select **Require review from Code Owners**. For more information, see "[About code owners](/github/creating-cloning-and-archiving-repositories/about-code-owners)."
![Require review from code owners](/assets/images/help/repository/PR-review-required-code-owner.png)
- Optionally, if the repository is part of an organization, select **Restrict who can dismiss pull request reviews**. Then, search for and select the people or teams who are allowed to dismiss pull request reviews. For more information, see "[Dismissing a pull request review](/github/collaborating-with-issues-and-pull-requests/dismissing-a-pull-request-review)."
![Restrict who can dismiss pull request reviews checkbox](/assets/images/help/repository/PR-review-required-dismissals.png)
1. Optionally, enable required status checks.
- Select **Require status checks to pass before merging**.
![Required status checks option](/assets/images/help/repository/required-status-checks.png)
- Optionally, to ensure that pull requests are tested with the latest code on the protected branch, select **Require branches to be up to date before merging**.
![Loose or strict required status checkbox](/assets/images/help/repository/protecting-branch-loose-status.png)
- From the list of available status checks, select the checks you want to require.
![List of available status checks](/assets/images/help/repository/required-statuses-list.png)
1. Optionally, select **Require signed commits**.
![Require signed commits option](/assets/images/help/repository/require-signed-commits.png)
1. Optionally, select **Require linear history**.
![Required linear history option](/assets/images/help/repository/required-linear-history.png)
1. Optionally, select **Include administrators**.
![Include administrators checkbox](/assets/images/help/repository/include-admins-protected-branches.png)
1. Optionally,{% if currentVersion == "free-pro-team@latest" %} if your repository is owned by an organization using {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %},{% endif %} enable branch restrictions.
- Select **Restrict who can push to matching branches**.
![Branch restriction checkbox](/assets/images/help/repository/restrict-branch.png)
- Search for and select the people, teams, or apps who will have permission to push to the protected branch.
![Branch restriction search](/assets/images/help/repository/restrict-branch-search.png)
1. Optionally, under "Rules applied to everyone including administrators", select **Allow force pushes**.
![Allow force pushes option](/assets/images/help/repository/allow-force-pushes.png)
1. Optionally, select **Allow deletions**.
![Allow branch deletions option](/assets/images/help/repository/allow-branch-deletions.png)
1. Click **Create**.
### Editing a branch protection rule
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.repositories.repository-branches %}
1. To the right of the branch protection rule you want to edit, click **Edit**.
![Edit button](/assets/images/help/repository/edit-branch-protection-rule.png)
1. Make your desired changes to the branch protection rule.
1. Click **Save changes**.
![Save changes button](/assets/images/help/repository/save-branch-protection-rule.png)
### Deleting a branch protection rule
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.repositories.repository-branches %}
1. To the right of the branch protection rule you want to delete, click **Delete**.
![Delete button](/assets/images/help/repository/delete-branch-protection-rule.png)

19
content/github/administering-a-repository/managing-alerts-from-secret-scanning.md
View File

@@ -4,6 +4,7 @@ intro: You can view and close alerts for secrets checked in to your repository.
product: '{% data reusables.gated-features.secret-scanning %}'
versions:
free-pro-team: '*'
enterprise-server: '>=3.0'
---
{% data reusables.secret-scanning.beta %}
@@ -15,13 +16,23 @@ versions:
3. In the left sidebar, click **Detected secrets**.
!["Detected secrets" tab](/assets/images/help/repository/sidebar-secrets.png)
4. Under "Secret scanning" click the alert you want to view.
![List of alerts from secret scanning](/assets/images/help/repository/secret-scanning-click-alert.png)
5. Optionally, use the "Resolve" drop-down menu and click a reason for resolving an alert.
![Drop-down menu for resolving an alert from secret scanning](/assets/images/help/repository/secret-scanning-resolve-alert.png)
{% if currentVersion == "free-pro-team@latest" %}
![List of alerts from secret scanning](/assets/images/help/repository/secret-scanning-click-alert.png)
{% endif %}
{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %}
![List of alerts from secret scanning](/assets/images/help/repository/secret-scanning-click-alert-ghe.png)
{% endif %}
1. Optionally, use the "Mark as" drop-down menu and click a reason for resolving an alert.
{% if currentVersion == "free-pro-team@latest" %}
![Drop-down menu for resolving an alert from secret scanning](/assets/images/help/repository/secret-scanning-resolve-alert.png)
{% endif %}
{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %}
![Drop-down menu for resolving an alert from secret scanning](/assets/images/help/repository/secret-scanning-resolve-alert-ghe.png)
{% endif %}
### Securing compromised secrets
Once a secret has been committed to a repository, you should consider the secret compromised. {% data variables.product.prodname_dotcom %} recommends the following actions for compromised secrets:
- For a compromised {% data variables.product.prodname_dotcom %} personal access token, delete the compromised token, create a new token, and update any services that use the old token. For more information, see "[Creating a personal access token for the command line](/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line)."
- For all other secrets, first verify that the secret committed to {% data variables.product.prodname_dotcom %} is valid. If so, create a new secret, update any services that use the old secret, and then delete the old secret.
- For all other secrets, first verify that the secret committed to {% data variables.product.product_name %} is valid. If so, create a new secret, update any services that use the old secret, and then delete the old secret.

4
content/github/administering-a-repository/managing-git-lfs-objects-in-archives-of-your-repository.md
View File

@@ -5,7 +5,7 @@ intro: 'You can choose whether {% data variables.large_files.product_name_long %
permissions: 'People with admin permissions for a repository can manage whether {% data variables.large_files.product_name_short %} objects are included in archives of the repository.'
versions:
free-pro-team: '*'
enterprise-server: '=>2.23'
enterprise-server: '>3.0'
github-ae: '*'
---
@@ -13,7 +13,7 @@ versions:
{% data variables.product.product_name %} creates source code archives of your repository in the form of ZIP files and tarballs. People can download these archives on the main page of your repository or as release assets. By default, {% data variables.large_files.product_name_short %} objects are not included in these archives, only the pointer files to these objects. To improve the usability of archives for your repository, you can choose to include the {% data variables.large_files.product_name_short %} objects instead.
{% if currentVersion != "github-ae@latest" %}
{% if currentVersion == "free-pro-team@latest" %}
If you choose to include {% data variables.large_files.product_name_short %} objects in archives of your repository, every download of those archives will count towards bandwidth usage for your account. Each account receives {% data variables.large_files.initial_bandwidth_quota %} per month of bandwidth for free, and you can pay for additional usage. For more information, see "[About storage and bandwidth usage](/github/managing-large-files/about-storage-and-bandwidth-usage)" and "[Managing billing for {% data variables.large_files.product_name_long %}](/github/setting-up-and-managing-billing-and-payments-on-github/managing-billing-for-git-large-file-storage)."
{% endif %}

2
content/github/administering-a-repository/managing-releases-in-a-repository.md
View File

@@ -15,7 +15,7 @@ versions:
github-ae: '*'
---
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion ver_gt "github-ae@latest" %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" or currentVersion ver_gt "github-ae@latest" %}
### About release management

15
content/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository.md
View File

@@ -9,6 +9,7 @@ redirect_from:
- /github/managing-security-vulnerabilities/managing-alerts-for-vulnerable-dependencies-in-your-organization
versions:
free-pro-team: '*'
enterprise-server: '>=3.0'
---
{% if currentVersion == "free-pro-team@latest" %}
@@ -53,7 +54,12 @@ Organization owners and repository administrators can only grant access to view
{% data reusables.repositories.sidebar-settings %}
{% data reusables.repositories.navigate-to-security-and-analysis %}
4. Under "Access to alerts", in the search field, start typing the name of the person or team you'd like to find, then click a name in the list of matches.
![Search field for granting people or teams access to security alerts](/assets/images/help/repository/security-and-analysis-security-alerts-person-or-team-search.png)
{% if currentVersion == "free-pro-team@latest" %}
![Search field for granting people or teams access to security alerts](/assets/images/help/repository/security-and-analysis-security-alerts-person-or-team-search.png)
{% endif %}
{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %}
![Search field for granting people or teams access to security alerts](/assets/images/help/repository/security-and-analysis-security-alerts-person-or-team-search-ghe.png)
{% endif %}
5. Click **Save changes**.
!["Save changes" button for changes to security alert settings](/assets/images/help/repository/security-and-analysis-security-alerts-save-changes.png)
@@ -63,7 +69,12 @@ Organization owners and repository administrators can only grant access to view
{% data reusables.repositories.sidebar-settings %}
{% data reusables.repositories.navigate-to-security-and-analysis %}
4. Under "Access to alerts", to the right of the person or team whose access you'd like to remove, click {% octicon "x" aria-label="X symbol" %}.
!["x" button to remove someone's access to security alerts for your repository](/assets/images/help/repository/security-and-analysis-security-alerts-username-x.png)
{% if currentVersion == "free-pro-team@latest" %}
!["x" button to remove someone's access to security alerts for your repository](/assets/images/help/repository/security-and-analysis-security-alerts-username-x.png)
{% endif %}
{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %}
!["x" button to remove someone's access to security alerts for your repository](/assets/images/help/repository/security-and-analysis-security-alerts-username-x-ghe.png)
{% endif %}
### Further reading

24
content/github/administering-a-repository/renaming-a-branch.md Normal file
View File

@@ -0,0 +1,24 @@
---
title: Renaming a branch
intro: You can change the name of a branch in a repository.
permissions: People with write permissions to a repository can rename a branch in the repository. People with admin permissions can rename the default branch.
versions:
free-pro-team: '*'
---
### About renaming branches
You can rename a branch in a repository on {% data variables.product.product_location %}. For more information about branches, see "[About branches](/github/collaborating-with-issues-and-pull-requests/about-branches)."
If you rename a branch, {% data variables.product.prodname_dotcom %} will automatically redirect links on {% if currentVersion == "free-pro-team@latest" %}{% data variables.product.prodname_dotcom_the_website %}{% else %}{% data variables.product.product_location_enterprise %}{% endif %} that contain the old branch name to the equivalent link on the renamed branch. {% data variables.product.prodname_dotcom %} will also update branch protection policies, as well as the base branch for open pull requests and draft releases.
### Renaming a branch
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.navigate-to-branches %}
1. In the list of branches, to the right of the branch you want to rename, click {% octicon "pencil" aria-label="The edit icon" %}.
![Pencil icon to the right of branch you want to rename](/assets/images/help/branch/branch-rename-edit.png)
1. Type a new name for the branch.
![Text field for typing new branch name](/assets/images/help/branch/branch-rename-type.png)
1. Review the information about local environments, then click **Rename branch**.
![Local environment information and "Rename branch" button](/assets/images/help/branch/branch-rename-rename.png)

31
content/github/administering-a-repository/requiring-a-linear-commit-history.md
View File

@@ -1,31 +0,0 @@
---
title: Requiring a linear commit history
intro: You can require a linear commit history to block all merge commits from a protected branch.
product: '{% data reusables.gated-features.protected-branches %}'
versions:
free-pro-team: '*'
enterprise-server: '>=2.20'
github-ae: '*'
---
Anyone with admin permissions to a repository can require a linear commit history.
### About enforcement of linear commit history
Enforcing a linear commit history prevents merge commits from being pushed to the protected branch. This means that any pull requests merged into the protected branch must use a squash merge or a rebase merge. A strictly linear commit history can help teams backtrack changes more efficiently. For more information about merge methods, see "[About pull request merges](/github/collaborating-with-issues-and-pull-requests/about-pull-request-merges)."
{% data reusables.repositories.protected-branches-options %}
Before you can require a linear commit history, your repository must allow squash merging or rebase merging. For more information, see "[Configuring pull request merges](/github/administering-a-repository/configuring-pull-request-merges)."
### Enforcing a linear commit history
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.repositories.repository-branches %}
{% data reusables.repositories.add-branch-protection-rules %}
6. Under "Protect matching branches", select **Require linear history**.
![Required linear history option](/assets/images/help/repository/required-linear-history.png)
{% data reusables.repositories.include-administrators %}
7. Click **Create**.

38
content/github/administering-a-repository/troubleshooting-required-status-checks.md Normal file
View File

@@ -0,0 +1,38 @@
---
title: Troubleshooting required status checks
intro: 'You can check for common errors and resolve issues with required status checks.'
product: '{% data reusables.gated-features.protected-branches %}'
versions:
free-pro-team: '*'
enterprise-server: '*'
github-ae: '*'
---
If you have a check and a status with the same name, and you select that name as a required status check, both the check and the status are required. For more information, see "[Checks](/rest/reference/checks)."
After you enable required status checks, your branch may need to be up-to-date with the base branch before merging. This ensures that your branch has been tested with the latest code from the base branch. If your branch is out of date, you'll need to merge the base branch into your branch. For more information, see "[About protected branches](/github/administering-a-repository/about-protected-branches#require-status-checks-before-merging)."
{% note %}
**Note:** You can also bring your branch up to date with the base branch using Git rebase. For more information, see "[About Git rebase](/github/using-git/about-git-rebase)."
{% endnote %}
You won't be able to push local changes to a protected branch until all required status checks pass. Instead, you'll receive an error message similar to the following.
```shell
remote: error: GH006: Protected branch update failed for refs/heads/main.
remote: error: Required status check "ci-build" is failing
```
{% note %}
**Note:** Pull requests that are up-to-date and pass required status checks can be merged locally and pushed to the protected branch. This can be done without status checks running on the merge commit itself.
{% endnote %}
{% if currentVersion == "free-pro-team@latest" or currentVersion == "github-ae@latest" or currentVersion ver_gt "enterprise-server@2.20" %}
Sometimes, the results of the status checks for the test merge commit and head commit will conflict. If the test merge commit has a status, the test merge commit must pass. Otherwise, the status of the head commit must pass before you can merge the branch. For more information about test merge commits, see "[Pulls](/rest/reference/pulls#get-a-pull-request)."
![Branch with conflicting merge commits](/assets/images/help/repository/req-status-check-conflicting-merge-commits.png)
{% endif %}

22
content/github/administering-a-repository/types-of-required-status-checks.md
View File

@@ -1,22 +0,0 @@
---
title: Types of required status checks
intro: You can set up required status checks to either be "loose" or "strict." The type of required status check you choose determines whether your branch is required to be up to date with the base branch before merging.
product: '{% data reusables.gated-features.protected-branches %}'
redirect_from:
- /articles/types-of-required-status-checks
versions:
free-pro-team: '*'
enterprise-server: '*'
github-ae: '*'
---
| Type of required status check | Setting | Merge requirements | Considerations |
| --- | --- | --- | --- |
| **Strict** | The **Require branches to be up-to-date before merging** checkbox is checked. | The branch **must** be up to date with the base branch before merging. | This is the default behavior for required status checks. More builds may be required, as you'll need to bring the head branch up to date after other collaborators merge pull requests to the protected base branch.|
| **Loose** | The **Require branches to be up-to-date before merging** checkbox is **not** checked. | The branch **does not** have to be up to date with the base branch before merging. | You'll have fewer required builds, as you won't need to bring the head branch up to date after other collaborators merge pull requests. Status checks may fail after you merge your branch if there are incompatible changes with the base branch. |
| **Disabled** | The **Require status checks to pass before merging** checkbox is **not** checked. | The branch has no merge restrictions. | If required status checks aren't enabled, collaborators can merge the branch at any time, regardless of whether it is up to date with the base branch. This increases the possibility of incompatible changes.
### Further reading
- "[About required status checks](/articles/about-required-status-checks)"
- "[Enabling required status checks](/articles/enabling-required-status-checks)"

2
content/github/authenticating-to-github/about-commit-signature-verification.md
View File

@@ -19,7 +19,7 @@ You can sign commits and tags locally, so other people can verify that your work
If a commit or tag has a signature that cannot be verified, {% data variables.product.product_name %} marks the commit or tag as unverified.
Repository administrators can enforce required commit signing on a branch to block all commits that are not signed and verified. For more information, see "[About required commit signing](/articles/about-required-commit-signing)."
Repository administrators can enforce required commit signing on a branch to block all commits that are not signed and verified. For more information, see "[About protected branches](/github/administering-a-repository/about-protected-branches#require-signed-commits)."
You can check the verification status of your signed commits or tags on {% data variables.product.product_name %} and view why your commit signatures might be unverified. For more information, see "[Checking your commit and tag signature verification status](/articles/checking-your-commit-and-tag-signature-verification-status)."

3
content/github/authenticating-to-github/reviewing-your-security-log.md
View File

@@ -246,7 +246,8 @@ An overview of some of the most common actions that are recorded as events in th
| `change_password` | Triggered when you change your password.
| `forgot_password` | Triggered when you ask for [a password reset](/articles/how-can-i-reset-my-password).{% endif %}
| `hide_private_contributions_count` | Triggered when you [hide private contributions on your profile](/articles/publicizing-or-hiding-your-private-contributions-on-your-profile).
| `login` | Triggered when you log in to {% data variables.product.product_location %}.
| `login` | Triggered when you log in to {% data variables.product.product_location %}.{% if currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %}
`mandatory_message_viewed` | Triggered when you view a mandatory message (see "[Customizing user messages](/admin/user-management/customizing-user-messages-for-your-enterprise)" for details) | {% endif %}
| `failed_login` | Triggered when you failed to log in successfully.
| `remove_email` | Triggered when you remove an email address.
| `rename` | Triggered when you rename your account.{% if currentVersion == "free-pro-team@latest" %}

9
content/github/authenticating-to-github/working-with-ssh-key-passphrases.md
View File

@@ -18,12 +18,11 @@ With SSH keys, if someone gains access to your computer, they also gain access t
You can change the passphrase for an existing private key without regenerating the keypair by typing the following command:
```shell
$ ssh-keygen -p
# Start the SSH key creation process
> Enter file in which the key is (/Users/<em>you</em>/.ssh/id_rsa): <em>[Hit enter]</em>
> Key has comment '/Users/<em>you</em>/.ssh/id_rsa'
$ ssh-keygen -p -f ~/.ssh/id_ed25519
> Enter old passphrase: <em>[Type old passphrase]</em>
> Key has comment '<em>your_email@example.com</em>'
> Enter new passphrase (empty for no passphrase): <em>[Type new passphrase]</em>
> Enter same passphrase again: <em>[One more time for luck]</em>
> Enter same passphrase again: <em>[Repeat the new passphrase]</em>
> Your identification has been saved with the new passphrase.
```

2
content/github/building-a-strong-community/manually-creating-a-single-issue-template-for-your-repository.md
View File

@@ -18,7 +18,7 @@ You can add YAML frontmatter to each issue template to pre-fill the issue title,
Here is example YAML front matter.
```
```yaml
---
name: Tracking issue
about: Use this template for tracking new features.

2
content/github/collaborating-with-issues-and-pull-requests/about-branches.md
View File

@@ -74,7 +74,7 @@ When a branch is protected:
- If required status checks are enabled on the branch, you won't be able to merge changes into the branch until all of the required CI tests pass. For more information, see "[About status checks](/articles/about-status-checks)."
- If required pull request reviews are enabled on the branch, you won't be able to merge changes into the branch until all requirements in the pull request review policy have been met. For more information, see "[Merging a pull request](/articles/merging-a-pull-request)."
- If required review from a code owner is enabled on a branch, and a pull request modifies code that has an owner, a code owner must approve the pull request before it can be merged. For more information, see "[About code owners](/articles/about-code-owners)."
- If required commit signing is enabled on a branch, you won't be able to push any commits to the branch that are not signed and verified. For more information, see "[About commit signature verification](/articles/about-commit-signature-verification)" and "[About required commit signing](/articles/about-required-commit-signing)."{% if currentVersion == "free-pro-team@latest" or currentVersion == "github-ae@latest" or currentVersion ver_gt "enterprise-server@2.21" %}
- If required commit signing is enabled on a branch, you won't be able to push any commits to the branch that are not signed and verified. For more information, see "[About commit signature verification](/articles/about-commit-signature-verification)" and "[About protected branches](/github/administering-a-repository/about-protected-branches#require-signed-commits)."{% if currentVersion == "free-pro-team@latest" or currentVersion == "github-ae@latest" or currentVersion ver_gt "enterprise-server@2.21" %}
- If you use {% data variables.product.prodname_dotcom %}'s conflict editor to fix conflicts for a pull request that you created from a protected branch, {% data variables.product.prodname_dotcom %} helps you to create an alternative branch for the pull request, so that your resolution of the conflicts can be merged. For more information, see "[Resolving a merge conflict on {% data variables.product.prodname_dotcom %}](/github/collaborating-with-issues-and-pull-requests/resolving-a-merge-conflict-on-github)."{% endif %}
### Further reading

5
content/github/collaborating-with-issues-and-pull-requests/about-pull-request-reviews.md
View File

@@ -44,9 +44,7 @@ You can view all of the reviews a pull request has received in the Conversation
### Required reviews
{% data reusables.pull_requests.required-reviews-for-prs-summary %}
For more information, see "[About required reviews for pull requests](/articles/about-required-reviews-for-pull-requests)."
{% data reusables.pull_requests.required-reviews-for-prs-summary %} For more information, see "[About protected branches](/github/administering-a-repository/about-protected-branches#require-pull-request-reviews-before-merging)."
{% tip %}
@@ -57,6 +55,5 @@ For more information, see "[About required reviews for pull requests](/articles/
### Further reading
- "[Reviewing proposed changes in a pull request](/articles/reviewing-proposed-changes-in-a-pull-request)"
- "[Enabling required reviews for pull requests](/articles/enabling-required-reviews-for-pull-requests)"
- "[Viewing a pull request review](/articles/viewing-a-pull-request-review)"
- "[Setting guidelines for repository contributors](/articles/setting-guidelines-for-repository-contributors)"

5
content/github/collaborating-with-issues-and-pull-requests/approving-a-pull-request-with-required-reviews.md
View File

@@ -9,9 +9,9 @@ versions:
github-ae: '*'
---
For more information about required reviews, see "[About required reviews for pull requests](/articles/about-required-reviews-for-pull-requests)."
For more information about required reviews, see "[About protected branches](/github/administering-a-repository/about-protected-branches#require-pull-request-reviews-before-merging)."
You can comment on a pull request, approve the changes, or request improvements before approving. For more information, see "[About required reviews for pull requests](/articles/about-required-reviews-for-pull-requests)" and "[Reviewing proposed changes in a pull request](/articles/reviewing-proposed-changes-in-a-pull-request)."
You can comment on a pull request, approve the changes, or request improvements before approving. For more information, see "[Reviewing proposed changes in a pull request](/articles/reviewing-proposed-changes-in-a-pull-request)."
{% data reusables.search.requested_reviews_search %}
@@ -34,6 +34,5 @@ You can comment on a pull request, approve the changes, or request improvements
### Further reading
- "[About required reviews for pull requests](/articles/about-required-reviews-for-pull-requests)"
- "[Reviewing proposed changes in a pull request](/articles/reviewing-proposed-changes-in-a-pull-request)"
- "[Commenting on a pull request](/articles/commenting-on-a-pull-request)"

2
content/github/collaborating-with-issues-and-pull-requests/committing-changes-to-a-pull-request-branch-created-from-a-fork.md
View File

@@ -13,7 +13,7 @@ You can only make commits on pull request branches that:
- are opened in a repository that you have push access to and that were created from a fork of that repository
- are on a user-owned fork
- have permission granted from the pull request creator
- don't have [branch restrictions](/articles/about-branch-restrictions) that will prevent you from committing
- don't have [branch restrictions](/github/administering-a-repository/about-protected-branches#restrict-who-can-push-to-matching-branches) that will prevent you from committing
Only the user who created the pull request can give you permission to push commits to the user-owned fork. For more information, see "[Allowing changes to a pull request branch created from a fork](/articles/allowing-changes-to-a-pull-request-branch-created-from-a-fork)."

4
content/github/collaborating-with-issues-and-pull-requests/dismissing-a-pull-request-review.md
View File

@@ -1,6 +1,6 @@
---
title: Dismissing a pull request review
intro: 'If your repository [requires reviews](/articles/about-required-reviews-for-pull-requests), you can dismiss pull request reviews that are no longer valid or are unable to be approved by the reviewer.'
intro: 'If your repository requires reviews, you can dismiss pull request reviews that are no longer valid or are unable to be approved by the reviewer.'
redirect_from:
- /articles/dismissing-a-pull-request-review
versions:
@@ -26,4 +26,4 @@ This changes the status of the review to a review comment. When you dismiss a re
- "[About pull request reviews](/articles/about-pull-request-reviews)"
- "[Reviewing proposed changes in a pull request](/articles/reviewing-proposed-changes-in-a-pull-request)"
- "[About required reviews for pull requests](/articles/about-required-reviews-for-pull-requests)"
- "[About protected branches](/github/administering-a-repository/about-protected-branches#require-pull-request-reviews-before-merging)"

2
content/github/collaborating-with-issues-and-pull-requests/merging-a-pull-request.md
View File

@@ -12,7 +12,7 @@ versions:
### About pull request merges
In a pull request, you propose that changes you've made on a head branch should be merged into a base branch. {% data reusables.pull_requests.about-protected-branches %} However, there may be restrictions on when you can merge a pull request into a specific branch. For example, you may only be able to merge a pull request into the default branch if required status checks are passing. For more information, see "[About protected branches](/github/administering-a-repository/about-protected-branches)."
In a pull request, you propose that changes you've made on a head branch should be merged into a base branch. By default, any pull request can be merged at any time, unless the head branch is in conflict with the base branch. However, there may be restrictions on when you can merge a pull request into a specific branch. For example, you may only be able to merge a pull request into the default branch if required status checks are passing. For more information, see "[About protected branches](/github/administering-a-repository/about-protected-branches)."
{% data reusables.pull_requests.you-can-auto-merge %}

16
content/github/collaborating-with-issues-and-pull-requests/resolving-a-merge-conflict-using-the-command-line.md
View File

@@ -46,14 +46,14 @@ For example, if you and another person both edited the file _styleguide.md_ on t
4. Open your favorite text editor, such as [Atom](https://atom.io/), and navigate to the file that has merge conflicts.
5. To see the beginning of the merge conflict in your file, search the file for the conflict marker `<<<<<<<`. When you open the file in your text editor, you'll see the changes from the HEAD or base branch after the line `<<<<<<< HEAD`. Next, you'll see `=======`, which divides your changes from the changes in the other branch, followed by `>>>>>>> BRANCH-NAME`. In this example, one person wrote "open an issue" in the base or HEAD branch and another person wrote "ask your question in IRC" in the compare branch or `branch-a`.
```
If you have questions, please
<<<<<<< HEAD
open an issue
=======
ask your question in IRC.
>>>>>>> branch-a
````
```
If you have questions, please
<<<<<<< HEAD
open an issue
=======
ask your question in IRC.
>>>>>>> branch-a
```
{% data reusables.pull_requests.decide-how-to-resolve-competing-line-change-merge-conflict %} In this example, both changes are incorporated into the final merge:
```shell

2
content/github/collaborating-with-issues-and-pull-requests/reviewing-proposed-changes-in-a-pull-request.md
View File

@@ -70,5 +70,5 @@ After you've finished reviewing all the files you want in the pull request, subm
### Further reading
- "[About required reviews for pull requests](/github/administering-a-repository/about-required-reviews-for-pull-requests)"
- "[About protected branches](/github/administering-a-repository/about-protected-branches#require-pull-request-reviews-before-merging)"
- "[Filtering pull requests by review status](/github/managing-your-work-on-github/filtering-pull-requests-by-review-status)"

2
content/github/collaborating-with-issues-and-pull-requests/working-with-pre-receive-hooks.md
View File

@@ -11,7 +11,7 @@ Pre-receive hooks run tests on code pushed to a repository to ensure contributio
If your push isn't accepted, you'll see an error message corresponding to the failed pre-receive hook.
```
```shell
$ git push
Counting objects: 3, done.
Delta compression using up to 4 threads.

12
content/github/committing-changes-to-your-project/creating-a-commit-on-behalf-of-an-organization.md
View File

@@ -26,7 +26,17 @@ Organization's can use the `name@organization.com` email as a public point of co
### Creating commits with an `on-behalf-of` badge on the command line
{% data reusables.pull_requests.commit-message-with-trailer-beginning %}
1. Type your commit message and a short, meaningful description of your changes. After your commit description, instead of a closing quotation, add two empty lines.
```shell
$ git commit -m "Refactor usability tests.
>
>
```
{% tip %}
**Tip:** If you're using a text editor on the command line to type your commit message, ensure there are two newlines between the end of your commit description and the `on-behalf-of:` commit trailer.
{% endtip %}
2. On the next line of the commit message, type `on-behalf-of: @org <name@organization.com>`, then a closing quotation mark.

12
content/github/committing-changes-to-your-project/creating-a-commit-with-multiple-authors.md
View File

@@ -39,7 +39,17 @@ You can use {% data variables.product.prodname_desktop %} to create a commit wit
{% data reusables.pull_requests.collect-co-author-commit-git-config-info %}
{% data reusables.pull_requests.commit-message-with-trailer-beginning %}
1. Type your commit message and a short, meaningful description of your changes. After your commit description, instead of a closing quotation, add two empty lines.
```shell
$ git commit -m "Refactor usability tests.
>
>
```
{% tip %}
**Tip:** If you're using a text editor on the command line to type your commit message, ensure there are two newlines between the end of your commit description and the `Co-authored-by:` commit trailer.
{% endtip %}
3. On the next line of the commit message, type `Co-authored-by: name <name@example.com>` with specific information for each co-author. After the co-author information, add a closing quotation mark.

2
content/github/creating-cloning-and-archiving-repositories/about-code-owners.md
View File

@@ -19,7 +19,7 @@ The people you choose as code owners must have write permissions for the reposit
Code owners are automatically requested for review when someone opens a pull request that modifies code that they own. Code owners are not automatically requested to review draft pull requests. For more information about draft pull requests, see "[About pull requests](/github/collaborating-with-issues-and-pull-requests/about-pull-requests#draft-pull-requests)." When you mark a draft pull request as ready for review, code owners are automatically notified. If you convert a pull request to a draft, people who are already subscribed to notifications are not automatically unsubscribed. For more information, see "[Changing the stage of a pull request](/github/collaborating-with-issues-and-pull-requests/changing-the-stage-of-a-pull-request)."
When someone with admin or owner permissions has enabled required reviews, they also can optionally require approval from a code owner before the author can merge a pull request in the repository. For more information, see "[Enabling required reviews for pull requests](/github/administering-a-repository/enabling-required-reviews-for-pull-requests)."
When someone with admin or owner permissions has enabled required reviews, they also can optionally require approval from a code owner before the author can merge a pull request in the repository. For more information, see "[About protected branches](/github/administering-a-repository/about-protected-branches#require-pull-request-reviews-before-merging)."
{% if currentVersion == "free-pro-team@latest" or currentVersion == "github-ae@latest" or currentVersion ver_gt "enterprise-server@2.19" %}If a team has enabled code review assignments, the individual approvals won't satisfy the requirement for code owner approval in a protected branch. For more information, see "[Managing code review assignment for your team](/github/setting-up-and-managing-organizations-and-teams/managing-code-review-assignment-for-your-team)."{% endif %}

4
content/github/creating-cloning-and-archiving-repositories/about-repositories.md
View File

@@ -22,8 +22,8 @@ Each person and organization can own unlimited repositories and invite an unlimi
{% endif %}
You can use repositories to manage your work and collaborate with others.
- You can use issues to collect user feedback, report software bugs, and organize tasks you'd like to accomplish. For more information, see "[About issues](/github/managing-your-work-on-github/about-issues)."
- {% data reusables.discussions.you-can-use-discussions %}
- You can use issues to collect user feedback, report software bugs, and organize tasks you'd like to accomplish. For more information, see "[About issues](/github/managing-your-work-on-github/about-issues)."{% if currentVersion == "free-pro-team@latest" %}
- {% data reusables.discussions.you-can-use-discussions %}{% endif %}
- You can use pull requests to propose changes to a repository. For more information, see "[About pull requests](/github/collaborating-with-issues-and-pull-requests/about-pull-requests)."
- You can use project boards to organize and prioritize your issues and pull requests. For more information, see "[About project boards](/github/managing-your-work-on-github/about-project-boards)."

6
content/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning.md
View File

@@ -20,8 +20,8 @@ You can use {% data variables.product.prodname_code_scanning %} to find, triage,
If {% data variables.product.prodname_code_scanning %} finds a potential vulnerability or error in your code, {% data variables.product.prodname_dotcom %} displays an alert in the repository. After you fix the code that triggered the alert, {% data variables.product.prodname_dotcom %} closes the alert. For more information, see "[Managing {% data variables.product.prodname_code_scanning %} alerts for your repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository)."
To monitor results from {% data variables.product.prodname_code_scanning %} across your repositories or your organization, you can use the {% data variables.product.prodname_code_scanning %} API.
For more information about API endpoints, see "[{% data variables.product.prodname_code_scanning_capc %}](/rest/reference/code-scanning)."
To monitor results from {% data variables.product.prodname_code_scanning %} across your repositories or your organization, you can use webhooks and the {% data variables.product.prodname_code_scanning %} API. For information about the webhooks for {% data variables.product.prodname_code_scanning %}, see
"[Webhook events and payloads](/developers/webhooks-and-events/webhook-events-and-payloads#code_scanning_alert)." For information about API endpoints, see "[{% data variables.product.prodname_code_scanning_capc %}](/rest/reference/code-scanning)."
To get started with {% data variables.product.prodname_code_scanning %}, see "[Enabling {% data variables.product.prodname_code_scanning %} for a repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/enabling-code-scanning-for-a-repository)."
@@ -55,7 +55,7 @@ You can view and contribute to the queries for {% data variables.product.prodnam
### Further reading
{% if currentVersion == "free-pro-team@latest" %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
- "[About securing your repository](/github/administering-a-repository/about-securing-your-repository)"{% endif %}
- [{% data variables.product.prodname_security %}](https://securitylab.github.com/)
- [OASIS Static Analysis Results Interchange Format (SARIF) TC](https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=sarif) on the OASIS Committee website

4
content/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning.md
View File

@@ -238,7 +238,9 @@ In the workflow file, use the `config-file` parameter of the `init` action to sp
config-file: ./.github/codeql/codeql-config.yml
```
The configuration file can be located within the local repository, or in a public, remote repository. For remote repositories, you can use the _owner/repository/file.yml@branch_ syntax. The settings in the file are written in YAML format.
The configuration file can be located within the local repository, or in a remote, public repository. Using a remote, public repository allows you to specify configuration options for multiple repositories in a single place. When you reference a configuration file located in a remote repository, you can use the _OWNER/REPOSITORY/FILENAME@BRANCH_ syntax. For example, _monacorp/shared/codeql-config.yml@main_.
The settings in the file are written in YAML format.
#### Specifying additional queries

10
content/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-codeql-code-scanning-in-your-ci-system.md
View File

@@ -21,7 +21,7 @@ To integrate {% data variables.product.prodname_code_scanning %} into your CI sy
In general, you invoke the {% data variables.product.prodname_codeql_runner %} as follows.
```
```shell
$ /path/to-runner/codeql-runner-OS <COMMAND> <FLAGS>
```
@@ -40,7 +40,7 @@ The {% data variables.product.prodname_codeql_runner %} automatically detects an
To override automatic language detection, run the `init` command with the `--languages` flag, followed by a comma-separated list of language keywords. The keywords for the supported languages are `cpp`, `csharp`, `go`, `java`, `javascript`, and `python`.
```
```shell
$ /path/to-runner/codeql-runner-linux init --languages cpp,java
```
@@ -58,7 +58,7 @@ For more information, see "[Using a custom configuration file](#using-a-custom-c
In the following example, the `+` symbol ensures that the {% data variables.product.prodname_codeql_runner %} uses the additional queries together with any queries specified in the referenced configuration file.
```
```shell
$ /path/to-runner/codeql-runner-linux init --config-file .github/codeql/codeql-config.yml
--queries +security-and-quality,octo-org/python-qlpack/show_ifs.ql@main
```
@@ -71,7 +71,7 @@ The configuration file is a YAML file. It uses syntax similar to the workflow sy
Use the `--config-file` flag of the `init` command to specify the configuration file. The value of <nobr>`--config-file`</nobr> is the path to the configuration file that you want to use. This example loads the configuration file _.github/codeql/codeql-config.yml_.
```
```shell
$ /path/to-runner/codeql-runner-linux init --config-file .github/codeql/codeql-config.yml
```
@@ -87,7 +87,7 @@ For many common build systems, the {% data variables.product.prodname_codeql_run
The `autobuild` process only ever attempts to build _one_ compiled language for a repository. The language automatically selected for analysis is the language with the most files. If you want to choose a language explicitly, use the `--language` flag of the `autobuild` command.
```
```shell
$ /path/to-runner/codeql-runner-linux autobuild --language csharp
```

5
content/github/finding-security-vulnerabilities-and-errors-in-your-code/enabling-code-scanning-for-a-repository.md
View File

@@ -44,13 +44,16 @@ You decide how you generate {% data variables.product.prodname_code_scanning %}
In the default {% data variables.product.prodname_codeql_workflow %}, {% data variables.product.prodname_code_scanning %} is configured to analyze your code each time you either push a change to the default branch or any protected branches, or raise a pull request against the default branch. As a result, {% data variables.product.prodname_code_scanning %} will now commence.
### Bulk enabling {% data variables.product.prodname_code_scanning %}
You can enable {% data variables.product.prodname_code_scanning %} in many repositories in bulk using a script. For an example of a script that raises pull requests to add a {% data variables.product.prodname_actions %} workflow to multiple repositories, see the [`jhutchings1/Create-ActionsPRs`](https://github.com/jhutchings1/Create-ActionsPRs) repository.
### Viewing the logging output from {% data variables.product.prodname_code_scanning %}
After enabling {% data variables.product.prodname_code_scanning %} for your repository, you can watch the output of the actions as they run.
{% data reusables.repositories.actions-tab %}
You'll see a list that includes an entry for running the {% data variables.product.prodname_code_scanning %} workflow.
You'll see a list that includes an entry for running the {% data variables.product.prodname_code_scanning %} workflow. The text of the entry is the title you gave your commit message.
![Actions list showing {% data variables.product.prodname_code_scanning %} workflow](/assets/images/help/repository/code-scanning-actions-list.png)

2
content/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository.md
View File

@@ -20,6 +20,8 @@ You can set up {% data variables.product.prodname_code_scanning %} to check the
By default, {% data variables.product.prodname_code_scanning %} analyzes your code periodically on the default branch and during pull requests. For information about managing alerts on a pull request, see "[Triaging {% data variables.product.prodname_code_scanning %} alerts in pull requests](/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests)."
{% data reusables.code-scanning.upload-sarif-alert-limit %}
### About alerts details
Each alert highlights a problem with the code and the name of the tool that identified it. You can see the line of code that triggered the alert, as well as properties of the alert, such as the severity and the nature of the problem. Alerts also tell you when the issue was first introduced. For alerts identified by {% data variables.product.prodname_codeql %} analysis, you will also see information on how to fix the problem.

19
content/github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-your-ci-system.md
View File

@@ -27,7 +27,16 @@ You can use the {% data variables.product.prodname_codeql_runner %} to run {% da
The {% data variables.product.prodname_codeql_runner %} is a command-line tool that runs {% data variables.product.prodname_codeql %} analysis on a checkout of a {% data variables.product.prodname_dotcom %} repository. You add the runner to your third-party system, then call the runner to analyze code and upload the results to {% data variables.product.product_location %}. These results are displayed as {% data variables.product.prodname_code_scanning %} alerts in the repository.
{% data reusables.code-scanning.codeql-runner-license %}
{% note %}
**Notes:**
{% if currentVersion == "free-pro-team@latest" %}
* The {% data variables.product.prodname_codeql_runner %} uses the {% data variables.product.prodname_codeql %} CLI to analyze code and therefore has the same license conditions. It's free to use on public repositories that are maintained on {% data variables.product.prodname_dotcom_the_website %}, and available to use on private repositories that are owned by customers with an {% data variables.product.prodname_advanced_security %} license. For information, see "[{% data variables.product.product_name %} {% data variables.product.prodname_codeql %} Terms and Conditions](https://securitylab.github.com/tools/codeql/license)" and "[{% data variables.product.prodname_codeql %} CLI](https://codeql.github.com/docs/codeql-cli/)."
{% else %}
* The {% data variables.product.prodname_codeql_runner %} is available to customers with an {% data variables.product.prodname_advanced_security %} license.
{% endif %}
* The {% data variables.product.prodname_codeql_runner %} shouldn't be confused with the {% data variables.product.prodname_codeql %} CLI. The {% data variables.product.prodname_codeql %} CLI is an interactive command-line interface that lets you create {% data variables.product.prodname_codeql %} databases for security research and run {% data variables.product.prodname_codeql %} queries. For more information, see "[{% data variables.product.prodname_codeql %} CLI](https://codeql.github.com/docs/codeql-cli/)."
{% endnote %}
### Downloading the {% data variables.product.prodname_codeql_runner %}
@@ -50,7 +59,7 @@ On Windows, the `codeql-runner-win.exe` file usually requires no change to permi
### Adding the {% data variables.product.prodname_codeql_runner %} to your CI system
Once you have downloaded the {% data variables.product.prodname_codeql_runner %} and verified that it can be executed, you should make the runner available to each CI server that you intend to use for {% data variables.product.prodname_code_scanning %}. It is important to notice that each CI server that you intend to use for {% data variables.product.prodname_code_scanning %} needs to have the {% data variables.product.prodname_codeql_runner %}. You might configure each server to copy the runner from a central, internal location, or you could use the REST API to get the runner direct from GitHub, for example:
Once you download the {% data variables.product.prodname_codeql_runner %} and verify that it can be executed, you should make the runner available to each CI server that you intend to use for {% data variables.product.prodname_code_scanning %}. For example, you might configure each server to copy the runner from a central, internal location. Alternatively, you could use the REST API to get the runner directly from GitHub, for example:
```shell
wget https://github.com/github/codeql-action/releases/latest/download/codeql-runner-linux
@@ -59,8 +68,8 @@ chmod +x codeql-runner-linux
In addition to this, each CI server also needs:
- A {% data variables.product.prodname_github_apps %} or personal access token for the {% data variables.product.prodname_codeql_runner %} to use. For private repositories the token must have the `repo` scope. For public the token needs only the `public_repo` and `repo:security_events` scopes. For information, see "[Building {% data variables.product.prodname_github_apps %}](/developers/apps/building-github-apps)" and "[Creating a personal access token](/github/authenticating-to-github/creating-a-personal-access-token)."
- Access to the {% data variables.product.prodname_codeql %} bundle associated with this release of the {% data variables.product.prodname_codeql_runner %}. This package contains the {% data variables.product.prodname_codeql %} CLI, queries, and libraries needed for {% data variables.product.prodname_codeql %} analysis. For information, see "[{% data variables.product.prodname_codeql %} CLI](https://help.semmle.com/codeql/codeql-cli.html)."
- A {% data variables.product.prodname_github_app %} or personal access token for the {% data variables.product.prodname_codeql_runner %} to use. You must use an access token with the `security_events` scope, or a {% data variables.product.prodname_github_app %} with the `security_events` write permission. For information, see "[Building {% data variables.product.prodname_github_apps %}](/developers/apps/building-github-apps)" and "[Creating a personal access token](/github/authenticating-to-github/creating-a-personal-access-token)."
- Access to the {% data variables.product.prodname_codeql %} bundle associated with this release of the {% data variables.product.prodname_codeql_runner %}. This package contains queries and libraries needed for {% data variables.product.prodname_codeql %} analysis, plus the {% data variables.product.prodname_codeql %} CLI, which is used internally by the runner. For information, see "[{% data variables.product.prodname_codeql %} CLI](https://codeql.github.com/docs/codeql-cli/)."
The options for providing access to the {% data variables.product.prodname_codeql %} bundle are:
@@ -82,6 +91,8 @@ You can configure where the {% data variables.product.prodname_codeql_runner %}
To view the command-line reference for the runner, use the `-h` flag. For example, to list all commands run: `codeql-runner-OS -h`, or to list all the flags available for the `init` command run: `codeql-runner-OS init -h` (where `OS` varies according to the executable that you are using). For more information, see "[Configuring {% data variables.product.prodname_code_scanning %} in your CI system](/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-codeql-code-scanning-in-your-ci-system#codeql-runner-command-reference)."
{% data reusables.code-scanning.upload-sarif-alert-limit %}
#### Basic example
This example runs {% data variables.product.prodname_codeql %} analysis on a Linux CI server for the `octo-org/example-repo` repository hosted on `{% data variables.command_line.git_url_example %}`. The process is very simple because the repository contains only languages that can be analyzed by {% data variables.product.prodname_codeql %} directly, without being built (that is, Go, JavaScript, Python, and TypeScript).

6
content/github/finding-security-vulnerabilities-and-errors-in-your-code/sarif-support-for-code-scanning.md
View File

@@ -40,6 +40,8 @@ If you upload a SARIF file without fingerprint data using the `/code-scanning/sa
You can check a SARIF file is compatible with {% data variables.product.prodname_code_scanning %} by testing it against the {% data variables.product.prodname_dotcom %} ingestion rules. For more information, visit the [Microsoft SARIF validator](https://sarifweb.azurewebsites.net/).
{% data reusables.code-scanning.upload-sarif-alert-limit %}
### Supported SARIF output file properties
If you use a code analysis engine other than {% data variables.product.prodname_codeql %}, you can review the supported SARIF properties to optimize how your analysis results will appear on {% data variables.product.prodname_dotcom %}.
@@ -82,6 +84,8 @@ Any valid SARIF 2.1.0 output file can be uploaded, however, {% data variables.pr
#### `result` object
{% data reusables.code-scanning.upload-sarif-alert-limit %}
| Name | Description |
|----|----|
| `ruleId`| **Optional.** The unique identifier of the rule (`reportingDescriptor.id`). For more information, see the [`reportingDescriptor` object](#reportingdescriptor-object). {% data variables.product.prodname_code_scanning_capc %} uses the rule identifier to filter results by rule on {% data variables.product.prodname_dotcom %}.
@@ -89,7 +93,7 @@ Any valid SARIF 2.1.0 output file can be uploaded, however, {% data variables.pr
| `rule`| **Optional.** A reference used to locate the rule (reporting descriptor) for this result. For more information, see the [`reportingDescriptor` object](#reportingdescriptor-object).
| `level`| **Optional.** The severity of the result. This level overrides the default severity defined by the rule. {% data variables.product.prodname_code_scanning_capc %} uses the level to filter results by severity on {% data variables.product.prodname_dotcom %}.
| `message.text`| **Required.** A message that describes the result. {% data variables.product.prodname_code_scanning_capc %} displays the message text as the title of the result. Only the first sentence of the message will be displayed when visible space is limited.
| `locations[]`| **Required.** The set of locations where the result was detected. Only one location should be included unless the problem can only be corrected by making a change at every specified location. **Note:** At least one location is required for {% data variables.product.prodname_code_scanning %} to display a result. {% data variables.product.prodname_code_scanning_capc %} will use this property to decide which file to annotate with the result. Only the first value of this array is used. All other values are ignored.
| `locations[]`| **Required.** The set of locations where the result was detected up to a maximum of 10. Only one location should be included unless the problem can only be corrected by making a change at every specified location. **Note:** At least one location is required for {% data variables.product.prodname_code_scanning %} to display a result. {% data variables.product.prodname_code_scanning_capc %} will use this property to decide which file to annotate with the result. Only the first value of this array is used. All other values are ignored.
| `partialFingerprints`| **Required.** A set of strings used to track the unique identity of the result. {% data variables.product.prodname_code_scanning_capc %} uses `partialFingerprints` to accurately identify which results are the same across commits and branches. {% data variables.product.prodname_code_scanning_capc %} will attempt to use `partialFingerprints` if they exist. If you are uploading third-party SARIF files with the `upload-action`, the action will create `partialFingerprints` for you when they are not included in the SARIF file. For more information, see "[Preventing duplicate alerts using fingerprints](#preventing-duplicate-alerts-using-fingerprints)." **Note:** {% data variables.product.prodname_code_scanning_capc %} only uses the `primaryLocationLineHash`.
| `codeFlows[].threadFlows[].locations[]`| **Optional.** An array of `location` objects for a `threadFlow` object, which describes the progress of a program through a thread of execution. A `codeFlow` object describes a pattern of code execution used to detect a result. If code flows are provided, {% data variables.product.prodname_code_scanning %} will expand code flows on {% data variables.product.prodname_dotcom %} for the relevant result. For more information, see the [`location` object](#location-object).
| `relatedLocations[]`| A set of locations relevant to this result. {% data variables.product.prodname_code_scanning_capc %} will link to related locations when they are embedded in the result message. For more information, see the [`location` object](#location-object).

2
content/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests.md
View File

@@ -15,7 +15,7 @@ versions:
In repositories where {% data variables.product.prodname_code_scanning %} is configured as a pull request check, {% data variables.product.prodname_code_scanning %} checks the code in the pull request. By default, this is limited to pull requests that target the default branch, but you can change this configuration within {% data variables.product.prodname_actions %} or in a third-party CI/CD system. If merging the changes would introduce new {% data variables.product.prodname_code_scanning %} alerts to the target branch, these are reported as check results in the pull request. The alerts are also shown as annotations in the **Files changed** tab of the pull request. If you have write permission for the repository, you can see any existing {% data variables.product.prodname_code_scanning %} alerts on the **Security** tab. For information about repository alerts, see "[Managing {% data variables.product.prodname_code_scanning %} alerts for your repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository)."
If {% data variables.product.prodname_code_scanning %} has any results with a severity of `error`, the check fails and the error is reported in the check results. If all the results found by {% data variables.product.prodname_code_scanning %} have lower severities, the alerts are treated as warnings or notices and the check succeeds. If your pull request targets a protected branch that has been enabled for {% data variables.product.prodname_code_scanning %}, and the repository owner has configured required status checks, then you must either fix or {% if currentVersion == "enterprise-server@2.22" %}close{% else %}dismiss{% endif %} all error alerts before the pull request can be merged. For more information, see "[About required status checks](/github/administering-a-repository/about-required-status-checks)."
If {% data variables.product.prodname_code_scanning %} has any results with a severity of `error`, the check fails and the error is reported in the check results. If all the results found by {% data variables.product.prodname_code_scanning %} have lower severities, the alerts are treated as warnings or notices and the check succeeds. If your pull request targets a protected branch that has been enabled for {% data variables.product.prodname_code_scanning %}, and the repository owner has configured required status checks, then you must either fix or {% if currentVersion == "enterprise-server@2.22" %}close{% else %}dismiss{% endif %} all error alerts before the pull request can be merged. For more information, see "[About protected branches](/github/administering-a-repository/about-protected-branches#require-status-checks-before-merging)."
![Failed {% data variables.product.prodname_code_scanning %} check on a pull request](/assets/images/help/repository/code-scanning-check-failure.png)

2
content/github/finding-security-vulnerabilities-and-errors-in-your-code/uploading-a-sarif-file-to-github.md
View File

@@ -39,6 +39,8 @@ The `upload-sarif` action can be configured to run when the `push` and `schedule
If your SARIF file doesn't include `partialFingerprints`, the `upload-sarif` action will calculate the `partialFingerprints` field for you and attempt to prevent duplicate alerts. {% data variables.product.prodname_dotcom %} can only create `partialFingerprints` when the repository contains both the SARIF file and the source code used in the static analysis. For more information about preventing duplicate alerts, see "[About SARIF support for code scanning](/github/finding-security-vulnerabilities-and-errors-in-your-code/about-sarif-support-for-code-scanning#preventing-duplicate-alerts-using-fingerprints)."
{% data reusables.code-scanning.upload-sarif-alert-limit %}
#### Example workflow for SARIF files generated outside of a repository
You can create a new workflow that uploads SARIF files after you commit them to your repository. This is useful when the SARIF file is generated as an artifact outside of your repository.

4
content/github/getting-started-with-github/about-github-advanced-security.md
View File

@@ -10,7 +10,7 @@ versions:
{% data variables.product.prodname_dotcom %} has many features that help you improve and maintain the quality of your code. Some of these are included in all plans, for example: dependency graph and {% data variables.product.prodname_dependabot_alerts %}. Other security features require a license for {% data variables.product.prodname_GH_advanced_security %} to run on repositories apart from public repositories on {% data variables.product.prodname_dotcom_the_website %}. (That is, private and internal repositories on {% data variables.product.prodname_dotcom_the_website %}, and all repositories on {% data variables.product.prodname_ghe_server %}.)
For an overview of all security features, see "[About securing your repository](/github/administering-a-repository/about-securing-your-repository#setting-up-your-repository-securely)."
For an overview of all security features, see "[About securing your repository](/github/administering-a-repository/about-securing-your-repository#setting-up-your-repository-securely)." For information about permission requirements for actions related to security features, see "[Repository permission levels for an organization](/github/setting-up-and-managing-organizations-and-teams/repository-permission-levels-for-an-organization#permission-requirements-for-security-features)."
### About {% data variables.product.prodname_advanced_security %} features
@@ -43,4 +43,4 @@ For public repositories on {% data variables.product.prodname_dotcom_the_website
For all other repositories, once you have a license, you can enable and disable these features at the organization or repository level. {% if currentVersion == "free-pro-team@latest" %}For more information, see "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)" and "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)."
For information about purchasing a license for {% data variables.product.prodname_GH_advanced_security %}, contact {% data variables.contact.contact_enterprise_sales %}.
{% endif %}
{% endif %}

38
content/github/getting-started-with-github/github-for-mobile.md
View File

@@ -1,15 +1,18 @@
---
title: GitHub for mobile
intro: 'Triage, collaborate, and manage your work on {% data variables.product.company_short %} from your mobile device.'
intro: 'Triage, collaborate, and manage your work on {% data variables.product.product_name %} from your mobile device.'
versions:
free-pro-team: '*'
enterprise-server: '>=3.0'
---
{% data reusables.mobile.ghes-release-phase %}
### About {% data variables.product.prodname_mobile %}
{% data variables.product.prodname_mobile %} is currently available for {% data variables.product.prodname_dotcom_the_website %} users as an Android and iOS app.
{% data reusables.mobile.about-mobile %}
{% data variables.product.prodname_mobile %} gives you a way to do high-impact work on {% data variables.product.prodname_dotcom %} quickly and from anywhere. {% data variables.product.prodname_mobile %} is a safe and secure way to access your {% data variables.product.prodname_dotcom %} data through a trusted, first-party client application.
{% data variables.product.prodname_mobile %} gives you a way to do high-impact work on {% data variables.product.product_name %} quickly and from anywhere. {% data variables.product.prodname_mobile %} is a safe and secure way to access your {% data variables.product.product_name %} data through a trusted, first-party client application.
With {% data variables.product.prodname_mobile %} you can:
- Manage, triage, and clear notifications
@@ -23,6 +26,30 @@ For more information about notifications for {% data variables.product.prodname_
To install {% data variables.product.prodname_mobile %} for Android or iOS, see [{% data variables.product.prodname_mobile %}](https://github.com/mobile).
### Managing accounts
You can be simultaneously signed into mobile with one user account on {% data variables.product.prodname_dotcom_the_website %} and one user account on {% data variables.product.prodname_ghe_server %}.
{% data reusables.mobile.push-notifications-on-ghes %}
{% data variables.product.prodname_mobile %} may not work with your enterprise if you're required to access your enterprise over VPN.
#### Prerequisites
You must install {% data variables.product.prodname_mobile %} 1.4 or later on your device to use {% data variables.product.prodname_mobile %} with {% data variables.product.prodname_ghe_server %}.
To use {% data variables.product.prodname_mobile %} with {% data variables.product.prodname_ghe_server %}, {% data variables.product.product_location %} must be version 3.0 or greater, and your enterprise owner must enable mobile support for your enterprise. For more information, see "[Release notes](/enterprise-server/admin/release-notes)" and "[Managing {% data variables.product.prodname_mobile %} for your enterprise](/admin/configuration/managing-github-for-mobile-for-your-enterprise)."
During the beta for {% data variables.product.prodname_mobile %} with {% data variables.product.prodname_ghe_server %}, you must be signed in with a user account on {% data variables.product.prodname_dotcom_the_website %}.
#### Adding, switching, or signing out of accounts
You can sign into mobile with a user account on {% data variables.product.product_location %}. At the bottom of the app, long-press {% octicon "person" aria-label="The person icon" %} **Profile**, then tap {% octicon "plus" aria-label="The plus icon" %} **Add Enterprise Account**. Follow the prompts to sign in.
After you sign into mobile with a user account on {% data variables.product.product_location %}, you can switch between the account and your account on {% data variables.product.prodname_dotcom_the_website %}. At the bottom of the app, long-press {% octicon "person" aria-label="The person icon" %} **Profile**, then tap the account you want to switch to.
If you no longer need to access data for your user account on {% data variables.product.product_location %} from {% data variables.product.prodname_mobile %}, you can sign out of the account. At the bottom of the app, long-press {% octicon "person" aria-label="The person icon" %} **Profile**, swipe left on the account to sign out of, then tap **Sign out**.
### Supported languages for {% data variables.product.prodname_mobile %}
{% data variables.product.prodname_mobile %} is available in the following languages.
@@ -30,6 +57,7 @@ To install {% data variables.product.prodname_mobile %} for Android or iOS, see
- English
- Japanese
- Brazilian Portuguese
- Simplified Chinese
- Spanish
If you configure the language on your device to a supported language, {% data variables.product.prodname_mobile %} will default to the language. You can change the language for {% data variables.product.prodname_mobile %} in {% data variables.product.prodname_mobile %}'s **Settings** menu.
@@ -38,9 +66,9 @@ If you configure the language on your device to a supported language, {% data va
{% data variables.product.prodname_mobile %} automatically enables Universal Links for iOS. When you tap any {% data variables.product.product_name %} link, the destination URL will open in {% data variables.product.prodname_mobile %} instead of Safari. For more information, see [Universal Links](https://developer.apple.com/ios/universal-links/) on the Apple Developer site.
To disable Universal Links, long-press any {% data variables.product.prodname_dotcom %} link, then tap **Open**. Every time you tap a {% data variables.product.prodname_dotcom %} link in the future, the destination URL will open in Safari instead of {% data variables.product.prodname_mobile %}.
To disable Universal Links, long-press any {% data variables.product.product_name %} link, then tap **Open**. Every time you tap a {% data variables.product.product_name %} link in the future, the destination URL will open in Safari instead of {% data variables.product.prodname_mobile %}.
To re-enable Universal Links, long-press any {% data variables.product.prodname_dotcom %} link, then tap **Open in {% data variables.product.prodname_dotcom %}**.
To re-enable Universal Links, long-press any {% data variables.product.product_name %} link, then tap **Open in {% data variables.product.prodname_dotcom %}**.
### Sharing feedback

5
content/github/getting-started-with-github/githubs-products.md
View File

@@ -1,5 +1,6 @@
---
title: GitHub's products
intro: 'An overview of {% data variables.product.prodname_dotcom %}''s products and pricing plans.'
redirect_from:
- /articles/github-s-products
- /articles/githubs-products
@@ -97,7 +98,7 @@ For more information about hosting your own instance of [{% data variables.produ
- {% data variables.contact.github_support %} {% data variables.product.premium_plus_support_plan %}
- {% data variables.product.prodname_insights %}
- {% data variables.product.prodname_GH_advanced_security %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}. For more information, see "[About {% data variables.product.prodname_GH_advanced_security %}](/github/getting-started-with-github/about-github-advanced-security)."{% endif %}{% if enterpriseServerVersions contains currentVersion and currentVersion == "enterprise-server@2.22" %}. For more information, see "[About {% data variables.product.prodname_code_scanning %}](/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning)" (beta).{% endif %}
- {% data variables.product.prodname_GH_advanced_security %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}. For more information, see "[About {% data variables.product.prodname_GH_advanced_security %}](/github/getting-started-with-github/about-github-advanced-security)."{% endif %}{% if enterpriseServerVersions contains currentVersion and currentVersion == "enterprise-server@2.22" %}. For more information, see "[About {% data variables.product.prodname_code_scanning %}](/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning)."{% endif %}
- [{% data variables.product.prodname_learning %} for organizations](https://lab.github.com/organizations)
For more information about signing up for {% data variables.product.prodname_ghe_one %}, contact [{% data variables.product.product_name %}'s Sales team](https://enterprise.github.com/contact).
For more information about signing up for {% data variables.product.prodname_ghe_one %}, contact {% data variables.contact.contact_enterprise_sales %}.

6
content/github/getting-started-with-github/keyboard-shortcuts.md
View File

@@ -33,7 +33,7 @@ Below is a list of some of the available keyboard shortcuts.
|-----------|------------
|<kbd>g</kbd> <kbd>c</kbd> | Go to the **Code** tab
|<kbd>g</kbd> <kbd>i</kbd> | Go to the **Issues** tab. For more information, see "[About issues](/articles/about-issues)."
|<kbd>g</kbd> <kbd>p</kbd> | Go to the **Pull requests** tab. For more information, see "[About pull requests](/articles/about-pull-requests)."{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" or currentVersion == "github-ae@latest" %}
|<kbd>g</kbd> <kbd>p</kbd> | Go to the **Pull requests** tab. For more information, see "[About pull requests](/articles/about-pull-requests)."{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}
|<kbd>g</kbd> <kbd>a</kbd> | Go to the **Actions** tab. For more information, see "[About Actions](/actions/getting-started-with-github-actions/about-github-actions)."{% endif %}
|<kbd>g</kbd> <kbd>b</kbd> | Go to the **Projects** tab. For more information, see "[About project boards](/articles/about-project-boards)."
|<kbd>g</kbd> <kbd>w</kbd> | Go to the **Wiki** tab. For more information, see "[About wikis](/articles/about-wikis)."
@@ -159,6 +159,10 @@ For more keyboard shortcuts, see the [CodeMirror documentation](https://codemirr
| Keyboard shortcut | Description
|-----------|------------
|<kbd>command + space </kbd> or <kbd>control + space</kbd> | In the workflow editor, get suggestions for your workflow file.
|<kbd>g</kbd> <kbd>f</kbd> | Go to the workflow file
|<kbd>shift + t</kbd> or <kbd>T</kbd> | Toggle timestamps in logs
|<kbd>shift + f</kbd> or <kbd>F</kbd> | Toggle fullscreen logs
|<kbd>esc</kbd> | Exit fullscreen logs
{% endif %}

2
content/github/managing-large-files/about-storage-and-bandwidth-usage.md
View File

@@ -19,7 +19,7 @@ For example:
- If you push a 500 MB file to {% data variables.large_files.product_name_short %}, you'll use 500 MB of your allotted storage and none of your bandwidth. If you make a 1 byte change and push the file again, you'll use another 500 MB of storage and no bandwidth, bringing your total usage for these two pushes to 1 GB of storage and zero bandwidth.
- If you download a 500 MB file that's tracked with LFS, you'll use 500 MB of the repository owner's allotted bandwidth. If a collaborator pushes a change to the file and you pull the new version to your local repository, you'll use another 500 MB of bandwidth, bringing the total usage for these two downloads to 1 GB of bandwidth.
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
If {% data variables.large_files.product_name_long %} ({% data variables.large_files.product_name_short %}) objects are included in source code archives for your repository, downloads of those archives will count towards bandwidth usage for the repository. For more information, see "[Managing {% data variables.large_files.product_name_short %} objects in archives of your repository](/github/administering-a-repository/managing-git-lfs-objects-in-archives-of-your-repository)."
{% endif %}

2
content/github/managing-large-files/configuring-git-large-file-storage.md
View File

@@ -59,5 +59,5 @@ If there are existing files in your repository that you'd like to use {% data va
### Further reading
- "[Collaboration with {% data variables.large_files.product_name_long %}](/articles/collaboration-with-git-large-file-storage/)"{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %}
- "[Collaboration with {% data variables.large_files.product_name_long %}](/articles/collaboration-with-git-large-file-storage/)"{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" or currentVersion == "github-ae@latest" %}
- "[Managing {% data variables.large_files.product_name_short %} objects in archives of your repository](/github/administering-a-repository/managing-git-lfs-objects-in-archives-of-your-repository)"{% endif %}

2
content/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies.md
View File

@@ -47,6 +47,8 @@ For a list of the ecosystems that {% data variables.product.product_name %} can
You can also enable or disable {% data variables.product.prodname_dependabot_alerts %} for all repositories owned by your user account or organization. For more information, see "[Managing security and analysis settings for your user account](/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account)" or "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)."
For information about permission requirements for actions related to {% data variables.product.prodname_dependabot_alerts %}, see "[Repository permission levels for an organization](/github/setting-up-and-managing-organizations-and-teams/repository-permission-levels-for-an-organization#permission-requirements-for-security-features)."
{% data variables.product.product_name %} starts generating the dependency graph immediately and generates alerts for any vulnerable dependencies as soon as they are identified. The graph is usually populated within minutes but this may take longer for repositories with many dependencies. For more information, see "[Managing data use settings for your private repository](/github/understanding-how-github-uses-and-protects-your-data/managing-data-use-settings-for-your-private-repository)."
{% endif %}

4
content/github/managing-security-vulnerabilities/about-dependabot-security-updates.md
View File

@@ -33,3 +33,7 @@ When you merge a pull request that contains a security update, the corresponding
### About compatibility scores
{% data variables.product.prodname_dependabot_security_updates %} may include compatibility scores to let you know whether updating a vulnerability could cause breaking changes to your project. These are calculated from CI tests in other public repositories where the same security update has been generated. An update's compatibility score is the percentage of CI runs that passed when updating between specific versions of the dependency.
### About notifications for {% data variables.product.prodname_dependabot %} security updates
You can filter your notifications on {% data variables.product.company_short %} to show {% data variables.product.prodname_dependabot %} security updates. For more information, see "[Managing notifications from your inbox](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#dependabot-custom-filters)."

12
content/github/managing-security-vulnerabilities/configuring-dependabot-security-updates.md
View File

@@ -42,17 +42,19 @@ If security updates are not enabled for your repository and you don't know why,
### Managing {% data variables.product.prodname_dependabot_security_updates %} for your repositories
You can enable or disable {% data variables.product.prodname_dependabot_security_updates %} for an individual repository.
You can enable or disable {% data variables.product.prodname_dependabot_security_updates %} for an individual repository (see below).
You can also enable or disable {% data variables.product.prodname_dependabot_security_updates %} for all repositories owned by your user account or organization. For more information, see "[Managing security and analysis settings for your user account](/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account)" or "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)."
{% data variables.product.prodname_dependabot_security_updates %} require specific repository settings. For more information, see "[Supported repositories](#supported-repositories)."
#### Enabling or disabling {% data variables.product.prodname_dependabot_security_updates %} for an individual repository
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-security %}
{% data reusables.repositories.sidebar-dependabot-alerts %}
1. Above the list of alerts, use the drop-down menu and select or unselect **{% data variables.product.prodname_dependabot %} security updates**.
![Drop-down menu with the option to enable {% data variables.product.prodname_dependabot_security_updates %}](/assets/images/help/repository/enable-dependabot-security-updates-drop-down.png)
{% data reusables.repositories.sidebar-settings %}
{% data reusables.repositories.navigate-to-security-and-analysis %}
1. Under "Configure security and analysis features", to the right of "{% data variables.product.prodname_dependabot %} security updates", click **Enable** or **Disable**.
!["Configure security and analysis features" section with button to enable {% data variables.product.prodname_dependabot_security_updates %}](/assets/images/help/repository/enable-dependabot-security-updates-button.png)
### Further reading

2
content/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies.md
View File

@@ -40,7 +40,7 @@ You can configure notification settings for yourself or your organization from t
{% note %}
**Note:** You can filter your {% data variables.product.company_short %} inbox notifications to show {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot %}{% else %} security{% endif %} alerts. For more information, see "[Managing notifications from your inbox](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#supported-queries-for-custom-filters)."
**Note:** You can filter your notifications on {% data variables.product.company_short %} to show {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}{% data variables.product.prodname_dependabot %}{% else %} security{% endif %} alerts. For more information, see "[Managing notifications from your inbox](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox#dependabot-custom-filters)."
{% endnote %}

10
content/github/managing-subscriptions-and-notifications-on-github/about-notifications.md
View File

@@ -11,6 +11,10 @@ versions:
github-ae: '*'
---
{% if enterpriseServerVersions contains currentVersion %}
{% data reusables.mobile.ghes-release-phase %}
{% endif %}
### Notifications and subscriptions
You can choose to receive ongoing updates about specific activity on {% data variables.product.product_name %} through a subscription. Notifications are updates that you receive for specific activity that you are subscribed to.
@@ -50,7 +54,7 @@ To unsubscribe from conversations you're automatically subscribed to, you can ch
### Customizing notifications and subscriptions
You can choose to view your notifications through the notifications inbox at [https://github.com/notifications](https://github.com/notifications){% if currentVersion == "free-pro-team@latest" %} and in the {% data variables.product.prodname_mobile %} app{% endif %}, through your email, or some combination of these options.
You can choose to view your notifications through the notifications inbox at [https://github.com/notifications](https://github.com/notifications){% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "2.22" %} and in the {% data variables.product.prodname_mobile %} app{% endif %}, through your email, or some combination of these options.
To customize the types of updates you'd like to receive and where to send those updates, configure your notification settings. For more information, see “[Configuring notifications](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications).”
@@ -58,7 +62,7 @@ To keep your subscriptions manageable, review your subscriptions and watched rep
To customize how you'd like to receive updates for specific pull requests or issues, you can configure your preferences within the issue or pull request. For more information, see “[Triaging a single notification](/github/managing-subscriptions-and-notifications-on-github/triaging-a-single-notification#customizing-when-to-receive-future-updates-for-an-issue-or-pull-request).”
{% if currentVersion == "free-pro-team@latest" %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "2.22"%}
You can enable push notifications in the {% data variables.product.prodname_mobile %} app. For more information, see "[Configuring notifications](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#enabling-push-notifications-with-github-for-mobile)."
{% endif %}
@@ -88,7 +92,7 @@ From your inbox you can also triage multiple notifications at once. For more inf
### Customizing your notifications inbox
To focus on a group of notifications in your inbox on {% data variables.product.product_name %}{% if currentVersion == "free-pro-team@latest" %} or {% data variables.product.prodname_mobile %}{% endif %}, you can create custom filters. For example, you can create a custom filter for an open source project you contribute to and only see notifications for that repository in which you are mentioned. For more information, see "[Managing notifications from your inbox](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox)." For more examples of how to customize your triaging workflow, see "[Customizing a workflow for triaging your notifications](/github/managing-subscriptions-and-notifications-on-github/customizing-a-workflow-for-triaging-your-notifications)."
To focus on a group of notifications in your inbox on {% data variables.product.product_name %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "2.22" %} or {% data variables.product.prodname_mobile %}{% endif %}, you can create custom filters. For example, you can create a custom filter for an open source project you contribute to and only see notifications for that repository in which you are mentioned. For more information, see "[Managing notifications from your inbox](/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox)." For more examples of how to customize your triaging workflow, see "[Customizing a workflow for triaging your notifications](/github/managing-subscriptions-and-notifications-on-github/customizing-a-workflow-for-triaging-your-notifications)."
### Notification retention policy

24
content/github/managing-subscriptions-and-notifications-on-github/configuring-notifications.md
View File

@@ -19,15 +19,19 @@ versions:
github-ae: '*'
---
{% if enterpriseServerVersions contains currentVersion %}
{% data reusables.mobile.ghes-release-phase %}
{% endif %}
### Notification delivery options
You can receive notifications for activity on {% data variables.product.product_name %} in the following locations.
- The notifications inbox in the {% data variables.product.product_name %} web interface{% if currentVersion == "free-pro-team@latest" %}
- The notifications inbox in the {% data variables.product.product_name %} web interface{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "2.22" %}
- The notifications inbox on {% data variables.product.prodname_mobile %}, which syncs with the inbox on {% data variables.product.product_name %}{% endif %}
- An email client that uses a verified email address, which can also sync with the notifications inbox on {% data variables.product.product_name %}{% if currentVersion == "free-pro-team@latest" %} and {% data variables.product.prodname_mobile %}{% endif %}
- An email client that uses a verified email address, which can also sync with the notifications inbox on {% data variables.product.product_name %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "2.22" %} and {% data variables.product.prodname_mobile %}{% endif %}
{% if currentVersion == "free-pro-team@latest" %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "2.22" %}
{% data reusables.notifications-v2.notifications-inbox-required-setting %} For more information, see "[Choosing your notification settings](#choosing-your-notification-settings)."
{% endif %}
@@ -35,7 +39,7 @@ You can receive notifications for activity on {% data variables.product.product_
#### Benefits of the notifications inbox
The notifications inbox on {% data variables.product.product_name %}{% if currentVersion == "free-pro-team@latest" %} and {% data variables.product.prodname_mobile %}{% endif %} includes triaging options designed specifically for your {% data variables.product.product_name %} notifications flow, including options to:
The notifications inbox on {% data variables.product.product_name %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "2.22" %} and {% data variables.product.prodname_mobile %}{% endif %} includes triaging options designed specifically for your {% data variables.product.product_name %} notifications flow, including options to:
- Triage multiple notifications at once.
- Mark completed notifications as **Done** and remove them from your inbox. To view all of your notifications marked as **Done**, use the `is:done` query.
- Save a notification to review later. Saved notifications are flagged in your inbox and kept indefinitely. To view all of your saved notifications, use the `is:saved` query.
@@ -45,7 +49,7 @@ The notifications inbox on {% data variables.product.product_name %}{% if curren
- Create custom filters to focus on different notifications when you want.
- Group notifications in your inbox by repository or date to get a quick overview with less context switching
{% if currentVersion == "free-pro-team@latest" %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "2.22" %}
In addition, the notifications inbox on {% data variables.product.prodname_mobile %} allows you to triage notifications in dark mode and receive push notifications for direct mentions. For more information, see "[Enabling push notifications with GitHub for mobile](#enabling-push-notifications-with-github-for-mobile)" or "[GitHub for mobile](/github/getting-started-with-github/github-for-mobile)."
{% endif %}
@@ -75,7 +79,7 @@ You can customize notifications for a repository, for example, you can choose to
#### Participating in conversations
Anytime you comment in a conversation or when someone @mentions your username, you are _participating_ in a conversation. By default, you are automatically subscribed to a conversation when you participate in it. You can unsubscribe from a conversation you've participated in manually by clicking **Unsubscribe** on the issue or pull request or through the **Unsubscribe** option in the notifications inbox.
For conversations you're watching or participating in, you can choose whether you want to receive notifications by email or through the notifications inbox on {% data variables.product.product_name %}{% if currentVersion == "free-pro-team@latest" %} and {% data variables.product.prodname_mobile %}{% endif %}.
For conversations you're watching or participating in, you can choose whether you want to receive notifications by email or through the notifications inbox on {% data variables.product.product_name %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "2.22" %} and {% data variables.product.prodname_mobile %}{% endif %}.
![Participating and watching notifications options](/assets/images/help/notifications-v2/participating-and-watching-options.png)
@@ -83,7 +87,7 @@ For example:
- If you don't want notifications to be sent to your email, unselect **email** for participating and watching notifications.
- If you want to receive notifications by email when you've participated in a conversation, then you can select **email** under "Participating".
If you do not enable watching or participating notifications for web{% if currentVersion == "free-pro-team@latest" %} and mobile{% endif %}, then your notifications inbox will not have any updates.
If you do not enable watching or participating notifications for web{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "2.22" %} and mobile{% endif %}, then your notifications inbox will not have any updates.
### Customizing your email notifications
@@ -195,13 +199,15 @@ Choose how you want to receive workflow run updates for repositories that you ar
{% endif %}
{% if currentVersion == "free-pro-team@latest" %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "2.22" %}
### Enabling push notifications with {% data variables.product.prodname_mobile %}
When you install {% data variables.product.prodname_mobile %}, you will automatically be opted into web notifications. You can then enable push notifications for direct mentions within the app.
You can only receive notifications for pushes to repositories on {% data variables.product.prodname_mobile %} at this time.
{% data reusables.mobile.push-notifications-on-ghes %}
#### Enabling push notifications with {% data variables.product.prodname_ios %}
1. Above "Home", tap your profile photo.
@@ -210,6 +216,7 @@ You can only receive notifications for pushes to repositories on {% data variabl
3. To update your notification settings, tap **Push notifications**.
4. To turn on push notifications for direct mentions, use the **Direct Mentions** toggle.
{% if currentVersion == "free-pro-team@latest" %}
#### Enabling push notifications with {% data variables.product.prodname_android %}
1. Above "Home", tap your profile photo.
@@ -217,3 +224,4 @@ You can only receive notifications for pushes to repositories on {% data variabl
![Settings icon for GitHub for Android](/assets/images/help/mobile/android-settings-icon.png)
3. To turn on push notifications for direct mentions, use the **Direct mentions** toggle.
{% endif %}
{% endif %}

87
content/github/managing-subscriptions-and-notifications-on-github/managing-notifications-from-your-inbox.md
View File

@@ -1,6 +1,6 @@
---
title: Managing notifications from your inbox
intro: 'Use your inbox to quickly triage and sync your notifications across email{% if currentVersion == "free-pro-team@latest" %} and mobile{% endif %}.'
intro: 'Use your inbox to quickly triage and sync your notifications across email{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "2.22" %} and mobile{% endif %}.'
redirect_from:
- /articles/marking-notifications-as-read
- /articles/saving-notifications-for-later
@@ -10,9 +10,13 @@ versions:
github-ae: '*'
---
{% if enterpriseServerVersions contains currentVersion %}
{% data reusables.mobile.ghes-release-phase %}
{% endif %}
### About your inbox
{% if currentVersion == "free-pro-team@latest" %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "2.22" %}
{% data reusables.notifications-v2.notifications-inbox-required-setting %} For more information, see "[Configuring notifications](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#choosing-your-notification-settings)."
{% endif %}
@@ -86,31 +90,16 @@ Custom filters do not currently support:
### Supported queries for custom filters
There are three types of filters that you can use:
These are the types of filters that you can use:
- Filter by repository with `repo:`
- Filter by discussion type with `is:`
- Filter by notification reason with `reason:`
- Filter by notification reason with `reason:`{% if currentVersion == "free-pro-team@latest" %}
- Filter by notification author with `author:`
- Filter by organization with `org:`{% endif %}
To add a `repo:` filter, you must include the owner of the repository in the query. For example, `repo:atom/atom` represents the Atom repository owned by the Atom organization.
#### Supported `repo:` queries
#### Supported `reason:` queries
To filter notifications by why you've received an update, you can use the `reason:` query. For example, to see notifications when you (or a team you're on) is requested to review a pull request, use `reason:review-requested`. For more information, see "[About notifications](/github/managing-subscriptions-and-notifications-on-github/about-notifications#reasons-for-receiving-notifications)."
| Query | Description |
|-----------------|-------------|
| `reason:assign` | When there's an update on an issue or pull request you've been assigned to.
| `reason:author` | When you opened a pull request or issue and there has been an update or new comment.
| `reason:comment`| When you commented on an issue, pull request, or team discussion.
| `reason:participating` | When you have commented on an issue, pull request, or team discussion or you have been @mentioned.
| `reason:invitation` | When you're invited to a team, organization, or repository.
| `reason:manual` | When you click **Subscribe** on an issue or pull request you weren't already subscribed to.
| `reason:mention` | You were directly @mentioned.
| `reason:review-requested` | You or a team you're on have been requested to review a pull request.{% if currentVersion != "github-ae@latest" %}
| `reason:security-alert` | When a security alert is issued for a repository.{% endif %}
| `reason:state-change` | When the state of a pull request or issue is changed. For example, an issue is closed or a pull request is merged.
| `reason:team-mention` | When a team you're a member of is @mentioned.
| `reason:ci-activity` | When a repository has a CI update, such as a new workflow run status.
To add a `repo:` filter, you must include the owner of the repository in the query: `repo:owner/repository`. An owner is the organization or the user who owns the {% data variables.product.prodname_dotcom %} asset that triggers the notification. For example, `repo:octo-org/octo-repo` will show notifications triggered in the octo-repo repository within the octo-org organization.
#### Supported `is:` queries
@@ -137,3 +126,55 @@ You can also use the `is:` query to describe how the notification was triaged.
- `is:done`
- `is:unread`
- `is:read`
#### Supported `reason:` queries
To filter notifications by why you've received an update, you can use the `reason:` query. For example, to see notifications when you (or a team you're on) is requested to review a pull request, use `reason:review-requested`. For more information, see "[About notifications](/github/managing-subscriptions-and-notifications-on-github/about-notifications#reasons-for-receiving-notifications)."
| Query | Description |
|-----------------|-------------|
| `reason:assign` | When there's an update on an issue or pull request you've been assigned to.
| `reason:author` | When you opened a pull request or issue and there has been an update or new comment.
| `reason:comment`| When you commented on an issue, pull request, or team discussion.
| `reason:participating` | When you have commented on an issue, pull request, or team discussion or you have been @mentioned.
| `reason:invitation` | When you're invited to a team, organization, or repository.
| `reason:manual` | When you click **Subscribe** on an issue or pull request you weren't already subscribed to.
| `reason:mention` | You were directly @mentioned.
| `reason:review-requested` | You or a team you're on have been requested to review a pull request.{% if currentVersion != "github-ae@latest" %}
| `reason:security-alert` | When a security alert is issued for a repository.{% endif %}
| `reason:state-change` | When the state of a pull request or issue is changed. For example, an issue is closed or a pull request is merged.
| `reason:team-mention` | When a team you're a member of is @mentioned.
| `reason:ci-activity` | When a repository has a CI update, such as a new workflow run status.
{% if currentVersion == "free-pro-team@latest" %}
#### Supported `author:` queries
To filter notifications by user, you can use the `author:` query. An author is the original author of the thread (issue, pull request, gist, discussions, and so on) for which you are being notified. For example, to see notifications for threads created by the Octocat user, use `author:octocat`.
#### Supported `org:` queries
To filter notifications by organization, you can use the `org` query. The organization you need to specify in the query is the organization of the repository for which you are being notified on {% data variables.product.prodname_dotcom %}. This query is useful if you belong to several organizations, and want to see notifications for a specific organization.
For example, to see notifications from the octo-org organization, use `org:octo-org`.
{% endif %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}
### {% data variables.product.prodname_dependabot %} custom filters
{% if currentVersion == "free-pro-team@latest" %}
If you use {% data variables.product.prodname_dependabot %} to keep your dependencies up-to-date, you can use and save these custom filters:
- `is:repository_vulnerability_alert` to show notifications for {% data variables.product.prodname_dependabot_alerts %}.
- `reason:security_alert` to show notifications for {% data variables.product.prodname_dependabot_alerts %} and security update pull requests.
- `author:app/dependabot` to show notifications generated by {% data variables.product.prodname_dependabot %}. This includes {% data variables.product.prodname_dependabot_alerts %}, security update pull requests, and version update pull requests.
For more information about {% data variables.product.prodname_dependabot %}, see "[About managing vulnerable dependencies](/github/managing-security-vulnerabilities/about-managing-vulnerable-dependencies)."
{% endif %}
{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.21" %}
If you use {% data variables.product.prodname_dependabot %} to keep your dependencies-up-to-date, you can use and save the `is:repository_vulnerability_alert` custom filter to show notifications for {% data variables.product.prodname_dependabot_alerts %}.
For more information about {% data variables.product.prodname_dependabot %}, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)."
{% endif %}
{% endif %}

2
content/github/managing-your-work-on-github/about-issues.md
View File

@@ -14,9 +14,11 @@ versions:
You can collect user feedback, report software bugs, and organize tasks you'd like to accomplish with issues in a repository. Issues can act as more than just a place to report software bugs.
{% if currentVersion == "free-pro-team@latest" %}
Other conversations are more suitable for discussions. {% data reusables.discussions.you-can-use-discussions %}
{% data reusables.discussions.you-cannot-convert-a-discussion %}
{% endif %}
{% data reusables.pull_requests.close-issues-using-keywords %}

10
content/github/managing-your-work-on-github/changing-project-board-visibility.md
View File

@@ -1,6 +1,6 @@
---
title: Changing project board visibility
intro: 'As an organization owner or project board admin, you can make a project board public or private.'
intro: 'As an organization owner or project board admin, you can make a project board {% if currentVersion == "github-ae@latest" %}internal{% else %}public{% endif %} or private.'
redirect_from:
- /articles/changing-project-board-visibility
versions:
@@ -13,12 +13,12 @@ versions:
{% tip %}
**Tip:** When you make your project board public, organization members are given read access by default. You can give specific organization members write or admin permissions by giving project board access to teams they're on or by adding them to the project board as a collaborator. For more information, see "[Project board permissions for an organization](/articles/project-board-permissions-for-an-organization)."
**Tip:** When you make your project board {% if currentVersion == "github-ae@latest" %}internal{% else %}public{% endif %}, organization members are given read access by default. You can give specific organization members write or admin permissions by giving project board access to teams they're on or by adding them to the project board as a collaborator. For more information, see "[Project board permissions for an organization](/articles/project-board-permissions-for-an-organization)."
{% endtip %}
1. Navigate to the project board you want to make public or private.
1. Navigate to the project board you want to make {% if currentVersion == "github-ae@latest" %}internal{% else %}public{% endif %} or private.
{% data reusables.project-management.click-menu %}
{% data reusables.project-management.access-collaboration-settings %}
4. Under "Visibility", select **Public** or **Private**. Then, click **Save**.
![Public and private radio buttons](/assets/images/help/projects/project-board-visibility-options.png)
{% data reusables.project-management.choose-visibility %}
1. Click **Save**.

3
content/github/managing-your-work-on-github/copying-a-project-board.md
View File

@@ -27,7 +27,6 @@ A project board's automation is also enabled by default. For more information, s
![Field to type a description for the copied project board](/assets/images/help/projects/copied-project-board-description.png)
7. Optionally, under "Automation settings", select whether you want to copy the configured automatic workflows. This option is enabled by default. For more information, see "[About automation for project boards](/articles/about-automation-for-project-boards/)."
![Select automation settings for copied project board](/assets/images/help/projects/copied-project-board-automation-settings.png)
8. If you are copying an organization-owned project board, under "Visibility", select whether you want your copied project board to be private or public.
![Select visibility settings for copied project board](/assets/images/help/projects/copied-project-board-visibility-settings.png)
{% data reusables.project-management.choose-visibility %}
9. Click **Copy project**.
![Confirm Copy button](/assets/images/help/projects/confirm-copy-project-board.png)

2
content/github/managing-your-work-on-github/creating-a-project-board.md
View File

@@ -30,6 +30,7 @@ You can also configure workflow automations to keep your project board in sync w
{% data reusables.project-management.click-new-project %}
{% data reusables.project-management.create-project-name-description %}
{% data reusables.project-management.choose-template %}
{% data reusables.project-management.choose-visibility %}
{% data reusables.project-management.linked-repositories %}
{% data reusables.project-management.create-project-button %}
{% data reusables.project-management.add-column-new-project %}
@@ -49,6 +50,7 @@ You can also configure workflow automations to keep your project board in sync w
{% data reusables.project-management.click-new-project %}
{% data reusables.project-management.create-project-name-description %}
{% data reusables.project-management.choose-template %}
{% data reusables.project-management.choose-visibility %}
{% data reusables.project-management.linked-repositories %}
{% data reusables.project-management.create-project-button %}
{% data reusables.project-management.add-column-new-project %}

2
content/github/managing-your-work-on-github/filtering-pull-requests-by-review-status.md
View File

@@ -11,7 +11,7 @@ versions:
You can filter a repository's list of pull requests to find:
- Pull requests that haven't been [reviewed](/articles/about-pull-request-reviews) yet
- Pull requests that [require a review](/articles/about-required-reviews-for-pull-requests) before they can be merged
- Pull requests that [require a review](/github/administering-a-repository/about-protected-branches#require-pull-request-reviews-before-merging) before they can be merged
- Pull requests that a reviewer has approved
- Pull requests in which a reviewer has asked for changes
- Pull requests that you have reviewed

2
content/github/managing-your-work-on-github/managing-labels.md
View File

@@ -27,7 +27,7 @@ versions:
You can manage your work on {% data variables.product.product_name %} by creating labels to categorize issues and pull requests. You can apply labels in the repository the label was created in. Once a label exists, you can use the label on any issue or pull request within that repository.
Anyone with read access to a repository can view and search the repositorys labels. To create, edit, apply, or delete a label, you must have write access to the repository.
Anyone with read access to a repository can view and search the repositorys labels. Anyone with triage access to a repository can apply/dismiss existing labels. To create, edit, apply, or delete a label, you must have write access to the repository.
### About default labels

2
content/github/managing-your-work-on-github/using-search-to-filter-issues-and-pull-requests.md
View File

@@ -36,7 +36,7 @@ For issues, you can also use search to:
For pull requests, you can also use search to:
- Filter [draft](/articles/about-pull-requests#draft-pull-requests) pull requests: `is:draft`
- Filter pull requests that haven't been [reviewed](/articles/about-pull-request-reviews) yet: `state:open type:pr review:none`
- Filter pull requests that [require a review](/articles/about-required-reviews-for-pull-requests) before they can be merged: `state:open type:pr review:required`
- Filter pull requests that [require a review](/github/administering-a-repository/about-protected-branches#require-pull-request-reviews-before-merging) before they can be merged: `state:open type:pr review:required`
- Filter pull requests that a reviewer has approved: `state:open type:pr review:approved`
- Filter pull requests in which a reviewer has asked for changes: `state:open type:pr review:changes_requested`
- Filter pull requests by [reviewer](/articles/about-pull-request-reviews/): `state:open type:pr reviewed-by:octocat`

8
content/github/setting-up-and-managing-organizations-and-teams/about-identity-and-access-management-with-saml-single-sign-on.md
View File

@@ -14,7 +14,7 @@ versions:
After you configure SAML SSO, members of your {% data variables.product.prodname_dotcom %} organization will continue to log into their user accounts on {% data variables.product.prodname_dotcom %}. When a member accesses resources within your organization that uses SAML SSO, {% data variables.product.prodname_dotcom %} redirects the member to your IdP to authenticate. After successful authentication, your IdP redirects the member back to {% data variables.product.prodname_dotcom %}, where the member can access your organization's resources.
Enterprise owners can also enforce SAML SSO for all organizations in an enterprise account. For more information, see "[Enforcing security settings in your enterprise account](/github/setting-up-and-managing-your-enterprise/enforcing-security-settings-in-your-enterprise-account#enabling-saml-single-sign-on-for-organizations-in-your-enterprise-account)."
Organization owners can enforce SAML SSO for an individual organization, or enterprise owners can enforce SAML SSO for all organizations in an enterprise account. For more information, see "[Enabling SAML single sign-on for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/enabling-saml-single-sign-on-for-organizations-in-your-enterprise-account)."
{% data reusables.saml.outside-collaborators-exemption %}
@@ -32,6 +32,8 @@ If members are signed in with a SAML SSO session when they create a new reposito
Organization members must also have an active SAML session to authorize an {% data variables.product.prodname_oauth_app %}. You can opt out of this requirement by contacting {% data variables.contact.contact_support %}. {% data variables.product.product_name %} does not recommend opting out of this requirement, which will expose your organization to a higher risk of account takeovers and potential data loss.
{% data reusables.saml.saml-single-logout-not-supported %}
### Supported SAML services
{% data reusables.saml.saml-supported-idps %}
@@ -42,12 +44,12 @@ Some IdPs support provisioning access to a {% data variables.product.prodname_d
After you enable SAML SSO, there are multiple ways you can add new members to your organization. Organization owners can invite new members manually on {% data variables.product.product_name %} or using the API. For more information, see "[Inviting users to join your organization](/articles/inviting-users-to-join-your-organization)" and "[Members](/rest/reference/orgs#add-or-update-organization-membership)."
{% data reusables.organizations.team-synchronization %}
To provision new users without an invitation from an organization owner, you can use the URL `https://github.com/orgs/ORGANIZATION/sso/sign_up`, replacing _ORGANIZATION_ with the name of your organization. For example, you can configure your IdP so that anyone with access to the IdP can click a link on the IdP's dashboard to join your {% data variables.product.prodname_dotcom %} organization.
If your IdP supports SCIM, {% data variables.product.prodname_dotcom %} can automatically invite members to join your organization when you grant access on your IdP. If you remove a member's access to your {% data variables.product.prodname_dotcom %} organization on your SAML IdP, the member will be automatically removed from the {% data variables.product.prodname_dotcom %} organization. For more information, see "[About SCIM](/github/setting-up-and-managing-organizations-and-teams/about-scim)."
{% data reusables.organizations.team-synchronization %}
{% data reusables.saml.saml-single-logout-not-supported %}
### Further reading

2
content/github/setting-up-and-managing-organizations-and-teams/about-scim.md
View File

@@ -17,7 +17,7 @@ These identity providers are compatible with the {% data variables.product.produ
- Okta
- OneLogin
{% data reusables.scim.enterprise-account-scim %} For more information, see "[Enforcing security settings in your enterprise account](/github/setting-up-and-managing-your-enterprise/enforcing-security-settings-in-your-enterprise-account#managing-user-provisioning-for-organizations-in-your-enterprise-account)."
{% data reusables.scim.enterprise-account-scim %} For more information, see "[About user provisioning for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/about-user-provisioning-for-organizations-in-your-enterprise-account)."
### Further reading

1
content/github/setting-up-and-managing-organizations-and-teams/index.md
View File

@@ -113,7 +113,6 @@ versions:
{% link_in_list /preparing-to-require-two-factor-authentication-in-your-organization %}
{% link_in_list /requiring-two-factor-authentication-in-your-organization %}
{% link_in_list /managing-security-and-analysis-settings-for-your-organization %}
{% link_in_list /managing-secret-scanning-for-your-organization %}
{% link_in_list /managing-allowed-ip-addresses-for-your-organization %}
{% link_in_list /restricting-email-notifications-to-an-approved-domain %}
{% link_in_list /reviewing-the-audit-log-for-your-organization %}

46
content/github/setting-up-and-managing-organizations-and-teams/managing-secret-scanning-for-your-organization.md
View File

@@ -1,46 +0,0 @@
---
title: Managing secret scanning for your organization
intro: 'You can control which repositories in your organization {% data variables.product.product_name %} will scan for secrets.'
product: '{% data reusables.gated-features.secret-scanning %}'
permissions: 'Organization owners can manage {% data variables.product.prodname_secret_scanning %} for repositories in the organization.'
versions:
free-pro-team: '*'
---
{% data reusables.secret-scanning.beta %}
### About management of {% data variables.product.prodname_secret_scanning %}
{% data variables.product.prodname_secret_scanning_caps %} can help you mitigate the impact of leaked secrets in your organization's repositories. For more information, see "[About {% data variables.product.prodname_secret_scanning %}](/github/administering-a-repository/about-secret-scanning)."
You can manage how {% data variables.product.prodname_dotcom %} scans for secrets in existing repositories in your organization. You can also enable or disable {% data variables.product.prodname_secret_scanning %} by default for any new repositories that members create in your organization.
{% data reusables.security.security-and-analysis-features-enable-read-only %}
{% note %}
**Note**: {% data variables.product.prodname_secret_scanning_caps %} is enabled by default for public repositories in your organization and can't be disabled. For more information, see "[About secret scanning for public repositories](/github/administering-a-repository/about-secret-scanning#about-secret-scanning-for-public-repositories)."
{% endnote %}
### Enabling or disabling {% data variables.product.prodname_secret_scanning %} for existing private repositories
{% data reusables.profile.access_profile %}
{% data reusables.profile.access_org %}
{% data reusables.organizations.org_settings %}
{% data reusables.organizations.security-and-analysis %}
5. To the right of "Secret scanning", click **Disable all** or **Enable all**.
!["Enable all" or "Disable all" button for secret scanning](/assets/images/help/organizations/security-and-analysis-disable-or-enable-secret-scanning.png)
6. Optionally, enable {% data variables.product.prodname_secret_scanning %} by default for new private repositories in your organization.
!["Enable by default" option for new repositories](/assets/images/help/organizations/security-and-analysis-secret-scanning-enable-by-default.png)
7. Click **Disable secret scanning** or **Enable secret scanning** to disable or enable the feature for all the repositories in your organization.
![Button to disable or enable {% data variables.product.prodname_secret_scanning %} ](/assets/images/help/organizations/security-and-analysis-enable-secret-scanning.png)
### Enabling or disabling {% data variables.product.prodname_secret_scanning %} for new private repositories
{% data reusables.profile.access_profile %}
{% data reusables.profile.access_org %}
{% data reusables.organizations.org_settings %}
{% data reusables.organizations.security-and-analysis %}
5. To the right of "Secret scanning", enable or disable the feature by default for new private repositories in your organization.
![Checkbox for enabling or disabling a feature for new repositories](/assets/images/help/organizations/security-and-analysis-enable-or-disable-secret-scanning-checkbox.png)

21
content/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization.md
View File

@@ -2,8 +2,11 @@
title: Managing security and analysis settings for your organization
intro: 'You can control features that secure and analyze the code in your organization''s projects on {% data variables.product.prodname_dotcom %}.'
permissions: Organization owners can manage security and analysis settings for repositories in the organization.
redirect_from:
- /github/setting-up-and-managing-organizations-and-teams/managing-secret-scanning-for-your-organization
versions:
free-pro-team: '*'
enterprise-server: '>=3.0'
---
### About management of security and analysis settings
@@ -53,7 +56,12 @@ You can enable or disable features for all repositories. {% if currentVersion ==
!["Enable by default" option for new repositories](/assets/images/help/organizations/security-and-analysis-secret-scanning-enable-by-default-ghe.png)
{% endif %}
1. Click **Disable FEATURE** or **Enable FEATURE** to disable or enable the feature for all the repositories in your organization.
![Button to disable or enable feature](/assets/images/help/organizations/security-and-analysis-enable-dependency-graph.png)
{% if currentVersion == "free-pro-team@latest" %}
![Button to disable or enable feature](/assets/images/help/organizations/security-and-analysis-enable-dependency-graph.png)
{% endif %}
{% if enterpriseServerVersions contains currentVersion and currentVersion ver_gt "enterprise-server@2.22" %}
![Button to disable or enable feature](/assets/images/help/organizations/security-and-analysis-enable-secret-scanning-ghe.png)
{% endif %}
### Enabling or disabling a feature automatically when new repositories are added
@@ -68,6 +76,8 @@ You can enable or disable features for all repositories. {% if currentVersion ==
{% data reusables.advanced-security.note-org-enable-uses-seats %}
{% if currentVersion == "free-pro-team@latest" %}
### Allowing Dependabot to access private repositories
{% data reusables.dependabot.beta-note %}
@@ -83,13 +93,12 @@ By default, {% data variables.product.prodname_dependabot %} can't update depend
![The Repositories list](/assets/images/help/organizations/repositories-dialog.png)
1. Select the repositories that {% data variables.product.prodname_dependabot %} can access.
1. Click **Select repositories**.
{% endif %}
### Further reading
{% if currentVersion == "free-pro-team@latest" %}- "[About securing your repository](/github/administering-a-repository/about-securing-your-repository)"
- "[About secret scanning](/github/administering-a-repository/about-secret-scanning)"
- "[Keeping your dependencies updated automatically](/github/administering-a-repository/keeping-your-dependencies-updated-automatically)"
{% endif %}
- "[About securing your repository](/github/administering-a-repository/about-securing-your-repository)"
- "[About secret scanning](/github/administering-a-repository/about-secret-scanning)"{% if currentVersion == "free-pro-team@latest" %}
- "[Keeping your dependencies updated automatically](/github/administering-a-repository/keeping-your-dependencies-updated-automatically)"{% endif %}
- "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)"
- "[Managing vulnerabilities in your project's dependencies](/github/managing-security-vulnerabilities/managing-vulnerabilities-in-your-projects-dependencies)"

2
content/github/setting-up-and-managing-organizations-and-teams/project-board-permissions-for-an-organization.md
View File

@@ -30,7 +30,7 @@ For example, if an organization owner has given all organization members read pe
### Project board visibility
{% data reusables.project-management.project-board-visibility %} You can change the project board's visibility from private to public and back again. For more information, see "[Changing project board visibility](/articles/changing-project-board-visibility)."
{% data reusables.project-management.project-board-visibility %} You can change the project board's visibility from private to {% if currentVersion == "github-ae@latest" %}internal{% else %}public{% endif %} and back again. For more information, see "[Changing project board visibility](/articles/changing-project-board-visibility)."
### Further reading

49
content/github/setting-up-and-managing-organizations-and-teams/repository-permission-levels-for-an-organization.md
View File

@@ -1,6 +1,7 @@
---
title: Repository permission levels for an organization
intro: 'You can customize access to each repository in your organization with granular permission levels, giving people access to the features and tasks they need.'
miniTocMaxHeadingLevel: 4
redirect_from:
- /articles/repository-permission-levels-for-an-organization-early-access-program/
- /articles/repository-permission-levels-for-an-organization
@@ -42,6 +43,13 @@ In addition to managing organization-level settings, organization owners have ad
{% endwarning %}
### Repository access for each permission level
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}
{% note %}
**Note:** Repository permissions required to use security features are listed in "[Permission requirements for security features](#permission-requirements-for-security-features)" below.
{% endnote %}
{% endif %}
| Repository action | Read | Triage | Write | Maintain | Admin |
|:---|:---:|:---:|:---:|:---:|:---:|
@@ -58,7 +66,7 @@ In addition to managing organization-level settings, organization owners have ad
| View [GitHub Actions workflow runs](/actions/automating-your-workflow-with-github-actions/managing-a-workflow-run) | **X** | **X** | **X** | **X** | **X** |{% endif %}
| Edit wikis | **X** | **X** | **X** | **X** | **X** |{% if currentVersion == "free-pro-team@latest" %}
| [Report abusive or spammy content](/articles/reporting-abuse-or-spam) | **X** | **X** | **X** | **X** | **X** |{% endif %}
| Apply labels | | **X** | **X** | **X** | **X** |
| Apply/dismiss labels | | **X** | **X** | **X** | **X** |
| Create, edit, delete labels | | | **X** | **X** | **X** |
| Close, reopen, and assign all issues and pull requests | | **X** | **X** | **X** | **X** |{% if currentVersion == "free-pro-team@latest" %}
| [Enable and disable auto-merge on a pull request](/github/administering-a-repository/managing-auto-merge-for-pull-requests-in-your-repository) | | | **X** | **X** | **X** |{% endif %}
@@ -100,25 +108,17 @@ In addition to managing organization-level settings, organization owners have ad
| Make a repository a template (see "[Creating a template repository](/articles/creating-a-template-repository)") | | | | | **X** |
| Change a repository's settings | | | | | **X** |
| Manage team and collaborator access to the repository | | | | | **X** |
| Edit the repository's default branch | | | | | **X** |
| Edit the repository's default branch | | | | | **X** |{% if currentVersion == "free-pro-team@latest" %}
| Rename the repository's default branch (see "[Renaming a branch](/github/administering-a-repository/renaming-a-branch)") | | | | | **X** |
| Rename a branch other than the repository's default branch (see "[Renaming a branch](/github/administering-a-repository/renaming-a-branch)") | | | **X** | **X** | **X** |{% endif %}
| Manage webhooks and deploy keys | | | | | **X** |{% if currentVersion == "free-pro-team@latest" %}
| [Enable the dependency graph](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-and-dependents-of-a-repository) for a private repository | | | | | **X** |
| Receive [{% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies) in a repository | | | | | **X** |
| [Dismiss {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository) | | | | | **X** |
| [Designate additional people or teams to receive {% data variables.product.prodname_dependabot_alerts %}](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository) for vulnerable dependencies | | | | | **X** |
| [Manage data use settings for your private repository](/github/understanding-how-github-uses-and-protects-your-data/managing-data-use-settings-for-your-private-repository) | | | | | **X** |
| Create [security advisories](/github/managing-security-vulnerabilities/about-github-security-advisories) | | | | | **X** |
| Manage access to {% data variables.product.prodname_GH_advanced_security %} features (see "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)") | | | | | **X** |{% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}
| [View {% data variables.product.prodname_code_scanning %} alerts on pull requests](/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests) | **X** | **X** | **X** | **X** | **X** |
| [List, dismiss, and delete {% data variables.product.prodname_code_scanning %} alerts](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository) | | | **X** | **X** | **X** |{% endif %}
| [Manage data use settings for your private repository](/github/understanding-how-github-uses-and-protects-your-data/managing-data-use-settings-for-your-private-repository) | | | | | **X** |{% endif %}
| [Manage the forking policy for a repository](/github/administering-a-repository/managing-the-forking-policy-for-your-repository) | | | | | **X** |
| [Transfer repositories into the organization](/articles/restricting-repository-creation-in-your-organization) | | | | | **X** |
| [Delete or transfer repositories out of the organization](/articles/setting-permissions-for-deleting-or-transferring-repositories) | | | | | **X** |
| [Archive repositories](/articles/about-archiving-repositories) | | | | | **X** |{% if currentVersion == "free-pro-team@latest" %}
| Display a sponsor button (see "[Displaying a sponsor button in your repository](/articles/displaying-a-sponsor-button-in-your-repository)") | | | | | **X** |{% endif %}
| Create autolink references to external resources, like JIRA or Zendesk (see "[Configuring autolinks to reference external resources](/articles/configuring-autolinks-to-reference-external-resources)") | | | | | **X** |{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}
| [View {% data variables.product.prodname_code_scanning %} alerts on pull requests](/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests) | **X** | **X** | **X** | **X** | **X** |
| [List, dismiss, and delete {% data variables.product.prodname_code_scanning %} alerts](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository) | | | **X** | **X** | **X** |{% endif %}{% if currentVersion == "free-pro-team@latest" %}
| Create autolink references to external resources, like JIRA or Zendesk (see "[Configuring autolinks to reference external resources](/articles/configuring-autolinks-to-reference-external-resources)") | | | | | **X** |{% if currentVersion == "free-pro-team@latest" %}
| [Enable {% data variables.product.prodname_discussions %}](/github/administering-a-repository/enabling-or-disabling-github-discussions-for-a-repository) in a repository | | | | **X** | **X** |
| [Create and edit categories](/discussions/managing-discussions-for-your-community/managing-categories-for-discussions-in-your-repository) for {% data variables.product.prodname_discussions %} | | | | **X** | **X** |
| [Move a discussion to a different category](/discussions/managing-discussions-for-your-community/managing-discussions-in-your-repository) | | | **X** | **X** | **X** |
@@ -130,6 +130,27 @@ In addition to managing organization-level settings, organization owners have ad
| [Create new discussions and comment on existing discussions](/discussions/collaborating-with-your-community-using-discussions/participating-in-a-discussion) | **X** | **X** | **X** | **X** | **X** |
| [Delete a discussion](/discussions/managing-discussions-for-your-community/managing-discussions-in-your-repository#deleting-a-discussion) | | | | **X** | **X** |{% endif %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}
#### Permission requirements for security features
In this section, you can find the repository permission levels required for security features, such as {% data variables.product.prodname_dependabot %} and {% data variables.product.prodname_advanced_security %} features.
| Repository action | Read | Triage | Write | Maintain | Admin |
|:---|:---:|:---:|:---:|:---:|:---:|{% if currentVersion == "free-pro-team@latest" %}
| Receive [{% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies) in a repository | | | | | **X** |
| [Dismiss {% data variables.product.prodname_dependabot_alerts %}](/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository) | | | | | **X** |
| [Designate additional people or teams to receive {% data variables.product.prodname_dependabot_alerts %}](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts) for vulnerable dependencies | | | | | **X** |
| Create [security advisories](/github/managing-security-vulnerabilities/about-github-security-advisories) | | | | | **X** |
| Manage access to {% data variables.product.prodname_GH_advanced_security %} features (see "[Managing security and analysis settings for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-security-and-analysis-settings-for-your-organization)") | | | | | **X** |
| [Enable the dependency graph](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-and-dependents-of-a-repository) for a private repository | | | | | **X** |
| [View dependency reviews](/github/collaborating-with-issues-and-pull-requests/reviewing-dependency-changes-in-a-pull-request) | **X** | **X** | **X** | **X** | **X** |{% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.21" %}
| [View {% data variables.product.prodname_code_scanning %} alerts on pull requests](/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests) | **X** | **X** | **X** | **X** | **X** |
| [List, dismiss, and delete {% data variables.product.prodname_code_scanning %} alerts](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository) | | | **X** | **X** | **X** |{% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
| [View {% data variables.product.prodname_secret_scanning %} alerts in a repository](/github/administering-a-repository/managing-alerts-from-secret-scanning) | | | | | **X** |
| [Resolve, revoke or re-open {% data variables.product.prodname_secret_scanning %} alerts](/github/administering-a-repository/managing-alerts-from-secret-scanning) | | | | | **X** |
| [Designate additional people or teams to receive {% data variables.product.prodname_secret_scanning %} alerts](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts) in repositories | | | | | **X** |{% endif %}
{% endif %}
### Further reading
- "[Managing access to your organization's repositories](/articles/managing-access-to-your-organization-s-repositories)"

12
content/github/setting-up-and-managing-organizations-and-teams/reviewing-the-audit-log-for-your-organization.md
View File

@@ -63,8 +63,8 @@ To search for specific events, use the `action` qualifier in your query. Actions
| [`repository_vulnerability_alerts`](#repository_vulnerability_alerts-category-actions) | Contains repository-level configuration activities for {% data variables.product.prodname_dependabot %} alerts. {% endif %}{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" %}
| [`secret_scanning`](#secret_scanning-category-actions) | Contains organization-level configuration activities for secret scanning in existing repositories. For more information, see "[About secret scanning](/github/administering-a-repository/about-secret-scanning)."
| [`secret_scanning_new_repos`](#secret_scanning_new_repos-category-actions) | Contains organization-level configuration activities for secret scanning for new repositories created in the organization. {% endif %}{% if currentVersion == "free-pro-team@latest" %}
| [`sponsors`](#sponsors-category-actions) | Contains all events related to sponsor buttons (see "[Displaying a sponsor button in your repository](/articles/displaying-a-sponsor-button-in-your-repository)"){% endif %}{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %}
| [`team`](#team-category-actions) | Contains all activities related to teams in your organization.{% endif %}
| [`sponsors`](#sponsors-category-actions) | Contains all events related to sponsor buttons (see "[Displaying a sponsor button in your repository](/articles/displaying-a-sponsor-button-in-your-repository)"){% endif %}
| [`team`](#team-category-actions) | Contains all activities related to teams in your organization.
| [`team_discussions`](#team_discussions-category-actions) | Contains activities related to managing team discussions for an organization.
You can search for specific sets of actions using these terms. For example:
@@ -572,7 +572,6 @@ For more information, see "[Restricting publication of {% data variables.product
| `waitlist_join` | Triggered when you join the waitlist to become a sponsored organization (see "[Setting up {% data variables.product.prodname_sponsors %} for your organization](/github/supporting-the-open-source-community-with-github-sponsors/setting-up-github-sponsors-for-your-organization)")
{% endif %}
{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %}
#### `team` category actions
| Action | Description
@@ -581,11 +580,12 @@ For more information, see "[Restricting publication of {% data variables.product
| `add_repository` | Triggered when a team is given control of a repository.
| `change_parent_team` | Triggered when a child team is created or [a child team's parent is changed](/articles/moving-a-team-in-your-organization-s-hierarchy).
| `change_privacy` | Triggered when a team's privacy level is changed.
| `create` | Triggered when a new team is created.
| `destroy` | Triggered when a team is deleted from the organization.
| `create` | Triggered when a new team is created.{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %}
`demote_maintainer` | Triggered when a user was demoted from a team maintainer to a team member. For more information, see "[Giving "team maintainer" permissions to an organization member](/github/setting-up-and-managing-organizations-and-teams/giving-team-maintainer-permissions-to-an-organization-member)."{% endif %}
| `destroy` | Triggered when a team is deleted from the organization.{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@latest" %}
`team.promote_maintainer` | Triggered when a user was promoted from a team member to a team maintainer. For more information, see "[Giving "team maintainer" permissions to an organization member](/github/setting-up-and-managing-organizations-and-teams/giving-team-maintainer-permissions-to-an-organization-member)."{% endif %}
| `remove_member` | Triggered when a member of an organization is [removed from a team](/articles/removing-organization-members-from-a-team).
| `remove_repository` | Triggered when a repository is no longer under a team's control.
{% endif %}
#### `team_discussions` category actions

15
content/github/setting-up-and-managing-organizations-and-teams/synchronizing-a-team-with-an-identity-provider-group.md
View File

@@ -15,6 +15,8 @@ versions:
You can connect up to five IdP groups to a {% data variables.product.prodname_dotcom %} team. An IdP group can be assigned to multiple {% data variables.product.prodname_dotcom %} teams without restriction.
Team synchronization does not support IdP groups with more than 5000 members.
Once a {% data variables.product.prodname_dotcom %} team is connected to an IdP group, your IdP administrator must make team membership changes through the identity provider. You cannot manage team membership on {% data variables.product.product_name %} or using the API.
All team membership changes made through your IdP will appear in the audit log on {% data variables.product.product_name %} as changes made by the team synchronization bot. Your IdP will send team membership data to {% data variables.product.prodname_dotcom %} once every hour.
@@ -28,19 +30,22 @@ You can also manage team synchronization with the API. For more information, see
### Requirements for members of synchronized teams
After you connect a team to an IdP group, membership data for each team member will synchronize if the person continues to authenticate using SAML SSO with the same SSO identity on {% data variables.product.prodname_dotcom %}, and if the person remains a member of the connected IdP group.
After you connect a team to an IdP group, team synchronization will add each member of the IdP group to the corresponding team on {% data variables.product.prodname_dotcom %} only if:
- The person is a member of the organization on {% data variables.product.prodname_dotcom %}.
- The person has already logged in with their user account on {% data variables.product.prodname_dotcom %} and authenticated to the organization or enterprise account via SAML single sign-on at least once.
- The person's SSO identity is a member of the IdP group.
Existing teams or group members can be automatically removed from the team on {% data variables.product.prodname_dotcom %}. Any existing teams or group members not authenticating to the organization or enterprise account using SSO may lose access to repositories. Any existing teams or group members not in the connected IdP group may potentially lose access to repositories.
Existing teams or group members who do not meet these criteria will be automatically removed from the team on {% data variables.product.prodname_dotcom %} and lose access to repositories. Revoking a user's linked identity will also remove the user from from any teams mapped to IdP groups. For more information, see "[Viewing and managing a member's SAML access to your organization](/github/setting-up-and-managing-organizations-and-teams/viewing-and-managing-a-members-saml-access-to-your-organization#viewing-and-revoking-a-linked-identity)" and "[Viewing and managing a user's SAML access to your enterprise](/github/setting-up-and-managing-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise#viewing-and-revoking-a-linked-identity)."
A removed team member can be added back to a team automatically once they have authenticated to the organization or enterprise account using SSO and are moved to the connected IdP group.
To avoid unintentionally removing team members, we recommend enforcing SAML SSO in your organization or enterprise account, creating new teams to synchronize membership data, and checking IdP group membership before synchronizing existing teams. For more information, see "[Enforcing SAML single sign-on for your organization](/articles/enforcing-saml-single-sign-on-for-your-organization)."
To avoid unintentionally removing team members, we recommend enforcing SAML SSO in your organization or enterprise account, creating new teams to synchronize membership data, and checking IdP group membership before synchronizing existing teams. For more information, see "[Enforcing SAML single sign-on for your organization](/articles/enforcing-saml-single-sign-on-for-your-organization)" and "[Enabling SAML single sign-on for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/enabling-saml-single-sign-on-for-organizations-in-your-enterprise-account)."
If your organization is owned by an enterprise account, enabling team synchronization for the enterprise account will override your organization-level team synchronization settings. For more information, see "[Enforcing security settings in your enterprise account](/github/setting-up-and-managing-your-enterprise/enforcing-security-settings-in-your-enterprise-account#managing-team-synchronization-for-organizations-in-your-enterprise-account)."
If your organization is owned by an enterprise account, enabling team synchronization for the enterprise account will override your organization-level team synchronization settings. For more information, see "[Managing team synchronization for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/managing-team-synchronization-for-organizations-in-your-enterprise-account)."
### Prerequisites
Before you can connect a team with an identity provider group, an organization or enterprise owner must enable team synchronization for your organization or enterprise account. For more information, see "[Managing team synchronization for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-team-synchronization-for-your-organization)" and "[Enforcing security settings in your enterprise account](/github/setting-up-and-managing-your-enterprise/enforcing-security-settings-in-your-enterprise-account#managing-team-synchronization-for-organizations-in-your-enterprise-account)."
Before you can connect a team with an identity provider group, an organization or enterprise owner must enable team synchronization for your organization or enterprise account. For more information, see "[Managing team synchronization for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-team-synchronization-for-your-organization)" and "[Managing team synchronization for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/managing-team-synchronization-for-organizations-in-your-enterprise-account)."
To avoid unintentionally removing team members, visit the administrative portal for your IdP and confirm that each current team member is also in the IdP groups that you want to connect to this team. If you don't have this access to your identity provider, you can reach out to your IdP administrator.

2
content/github/setting-up-and-managing-organizations-and-teams/viewing-and-managing-a-members-saml-access-to-your-organization.md
View File

@@ -20,6 +20,8 @@ You can view and revoke each member's linked identity, active sessions, and auth
{% data reusables.saml.about-linked-identities %}
{% data reusables.identity-and-permissions.revoking-identity-team-sync %}
{% data reusables.profile.access_profile %}
{% data reusables.profile.access_org %}
{% data reusables.organizations.people %}

31
content/github/setting-up-and-managing-your-enterprise/about-identity-and-access-management-for-your-enterprise-account.md Normal file
View File

@@ -0,0 +1,31 @@
---
title: About identity and access management for your enterprise account
intro: You can centrally manage access to your enterprise's resources, organization membership, and team membership using your identity provider (IdP).
product: '{% data reusables.gated-features.enterprise-accounts %}'
versions:
free-pro-team: '*'
---
### About identity and access management for your enterprise account
{% data reusables.saml.dotcom-saml-explanation %} {% data reusables.saml.about-saml-enterprise-accounts %} For more information, see "[Enabling SAML single sign-on for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/enabling-saml-single-sign-on-for-organizations-in-your-enterprise-account)."
After you enable SAML SSO, depending on the IdP you use, you may be able to enable additional identity and access management features.
{% data reusables.saml.about-user-provisioning-enterprise-account %} For more information, see "[About user provisioning for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/about-user-provisioning-for-organizations-in-your-enterprise-account)."
If you use Azure AD as your IDP, you can use team synchronization to manage team membership within each organization. {% data reusables.identity-and-permissions.about-team-sync %} For more information, see "[Managing team synchronization for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/managing-team-synchronization-for-organizations-in-your-enterprise-account)."
### Supported IdPs
We test and officially support the following IdPs. For SAML SSO, we offer limited support for all identity providers that implement the SAML 2.0 standard. For more information, see the [SAML Wiki](https://wiki.oasis-open.org/security) on the OASIS website.
IdP | SAML | User provisioning | Team synchronization |
--- | :--: | :---------------: | :-------: |
Active Directory Federation Services (AD FS) | {% octicon "check-circle-fill" aria-label= "The check icon" %} | | |
Azure Active Directory (Azure AD) | {% octicon "check-circle-fill" aria-label="The check icon" %} | | {% octicon "check-circle-fill" aria-label="The check icon" %} |
Okta | {% octicon "check-circle-fill" aria-label="The check icon" %} | {% octicon "check-circle-fill" aria-label= "The check icon" %} | |
OneLogin | {% octicon "check-circle-fill" aria-label="The check icon" %} | | |
PingOne | {% octicon "check-circle-fill" aria-label="The check icon" %} | | |
Shibboleth | {% octicon "check-circle-fill" aria-label="The check icon" %} | | |

28
content/github/setting-up-and-managing-your-enterprise/about-user-provisioning-for-organizations-in-your-enterprise-account.md Normal file
View File

@@ -0,0 +1,28 @@
---
title: About user provisioning for organizations in your enterprise account
intro: You can manage organization membership in an enterprise account directly from an identity provider (IdP).
product: '{% data reusables.gated-features.enterprise-accounts %}'
versions:
free-pro-team: '*'
---
{% data reusables.enterprise-accounts.user-provisioning-release-stage %}
{% data reusables.saml.about-user-provisioning-enterprise-account %}
{% data reusables.scim.enterprise-account-scim %} Optionally, you can also enable SAML provisioning and, separately, deprovisioning.
If you configure SCIM for the {% data variables.product.product_name %} application in your IdP, each time you make changes to group membership in your IdP, your IdP will make a SCIM call to {% data variables.product.prodname_dotcom %} to update the corresponding organization's membership. If you enable SAML provisioning, each time an enterprise member accesses a resource protected by your enterprise account's SAML configuration, that SAML assertion will trigger provisioning.
For each SCIM call or SAML assertion, {% data variables.product.product_name %} will check the IdP groups the user belongs to and perform the following operations:
- If the user is a member of an IdP group that corresponds to an organization owned by your enterprise account, and the user is not currently a member of that organization, add the user to the organization (SAML assertion) or send the user an email invitation to join the organization (SCIM call).
- Cancel any existing invitations for the user to join an organization owned by your enterprise account.
For each SCIM call and, if you enable SAML deprovisioning, each SAML assertion, {% data variables.product.product_name %} will also perform the following operation:
- If the user is not a member of an IdP group that corresponds to an organization owned by your enterprise account, and the user is currently a member of that organization, remove the user from the organization.
If deprovisioning removes the last remaining owner from an organization, the organization will become unowned. Enterprise owners can assume ownership of unowned organizations. For more information, see "[Managing unowned organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/managing-unowned-organizations-in-your-enterprise-account)."
To enable user provisioning for your enterprise account using Okta, see "[Configuring SAML single sign-on and SCIM for your enterprise account using Okta](/github/setting-up-and-managing-your-enterprise/configuring-saml-single-sign-on-and-scim-for-your-enterprise-account-using-okta)."

9
content/github/setting-up-and-managing-your-enterprise/configuring-identity-and-access-management-for-your-enterprise-account.md Normal file
View File

@@ -0,0 +1,9 @@
---
title: Configuring identity and access management for your enterprise account
intro: You can manage SAML single sign-on, user provisioning, and team synchronization for your enterprise.
product: '{% data reusables.gated-features.enterprise-accounts %}'
mapTopic: true
versions:
free-pro-team: '*'
---

2
content/github/setting-up-and-managing-your-enterprise/configuring-saml-single-sign-on-and-scim-for-your-enterprise-account-using-okta.md
View File

@@ -56,7 +56,7 @@ After you enable SCIM, the following provisioning features are available for any
1. To the right of the drop-down menu, type `.*.*`.
1. Click **Save**.
{% data reusables.saml.okta-view-setup-instructions %}
1. Enable SAML for your enterprise account using the information in the setup instructions. For more information, see "[Enforcing security settings in your enterprise account](/github/setting-up-and-managing-your-enterprise/enforcing-security-settings-in-your-enterprise-account#enabling-saml-single-sign-on-for-organizations-in-your-enterprise-account)."
1. Enable SAML for your enterprise account using the information in the setup instructions. For more information, see "[Enabling SAML single sign-on for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/enabling-saml-single-sign-on-for-organizations-in-your-enterprise-account)."
### Creating groups in Okta

47
content/github/setting-up-and-managing-your-enterprise/enabling-saml-single-sign-on-for-organizations-in-your-enterprise-account.md Normal file
View File

@@ -0,0 +1,47 @@
---
title: Enabling SAML single sign-on for organizations in your enterprise account
intro: 'You can control and secure access to resources like repositories, issues, and pull requests by enabling SAML single sign-on (SSO) and centralized authentication through an IdP across all organizations owned by an enterprise account.'
product: '{% data reusables.gated-features.enterprise-accounts %}'
permissions: Enterprise owners can enable SAML single sign-on for organizations in an enterprise account.
versions:
free-pro-team: '*'
---
### About SAML single sign-on for enterprise accounts
{% data reusables.saml.dotcom-saml-explanation %} For more information, see "[About identity and access management with SAML single sign-on](/github/setting-up-and-managing-organizations-and-teams/about-identity-and-access-management-with-saml-single-sign-on)."
{% data reusables.saml.about-saml-enterprise-accounts %}
{% data reusables.saml.about-saml-access-enterprise-account %} For more information, see "[Viewing and managing a user's SAML access to your enterprise account](/github/setting-up-and-managing-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise-account)."
{% data reusables.saml.saml-supported-idps %}
{% data reusables.scim.enterprise-account-scim %} If you're not participating in the private beta, SCIM is not supported for enterprise accounts. For more information, see "[About user provisioning for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/about-user-provisioning-for-organizations-in-your-enterprise-account)."
### Enabling SAML single-sign on for organizations in your enterprise account
{% note %}
**Note:** Enabling authentication with SAML single sign-on for your enterprise account will override any existing organization-level SAML configurations.
{% endnote %}
For more detailed information about how to enable SAML using Okta, see "[Configuring SAML single sign-on and SCIM for your enterprise account using Okta](/github/setting-up-and-managing-your-enterprise/configuring-saml-single-sign-on-and-scim-for-your-enterprise-account-using-okta)."
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.security-tab %}
4. {% data reusables.enterprise-accounts.view-current-policy-config-orgs %}
5. Under "SAML single sign-on", select **Enable SAML authentication**.
![Checkbox for enabling SAML SSO](/assets/images/help/business-accounts/enable-saml-auth-enterprise.png)
6. In the **Sign on URL** field, type the HTTPS endpoint of your IdP for single sign-on requests. This value is available in your IdP configuration.
![Field for the URL that members will be forwarded to when signing in](/assets/images/help/saml/saml_sign_on_url_business.png)
7. Optionally, in the **Issuer** field, type your SAML issuer URL to verify the authenticity of sent messages.
![Field for the SAML issuer's name](/assets/images/help/saml/saml_issuer.png)
8. Under **Public Certificate**, paste a certificate to verify SAML responses.
![Field for the public certificate from your identity provider](/assets/images/help/saml/saml_public_certificate.png)
9. To verify the integrity of the requests from your SAML issuer, click {% octicon "pencil" aria-label="The edit icon" %}. Then in the "Signature Method" and "Digest Method" drop-downs, choose the hashing algorithm used by your SAML issuer.
![Drop-downs for the Signature Method and Digest method hashing algorithms used by your SAML issuer](/assets/images/help/saml/saml_hashing_method.png)
10. Before enabling SAML SSO for your enterprise, click **Test SAML configuration** to ensure that the information you've entered is correct. ![Button to test SAML configuration before enforcing](/assets/images/help/saml/saml_test.png)
11. Click **Save**.

102
content/github/setting-up-and-managing-your-enterprise/enforcing-security-settings-in-your-enterprise-account.md
View File

@@ -91,104 +91,6 @@ You can also configure allowed IP addresses for an individual organization. For
{% data reusables.github-actions.ip-allow-list-self-hosted-runners %}
### Enabling SAML single sign-on for organizations in your enterprise account
{% data reusables.saml.dotcom-saml-explanation %} For more information, see "[About identity and access management with SAML single sign-on](/github/setting-up-and-managing-organizations-and-teams/about-identity-and-access-management-with-saml-single-sign-on)."
Enterprise owners can enable SAML SSO and centralized authentication through a SAML IdP across all organizations owned by an enterprise account. After you enable SAML SSO for your enterprise account, SAML SSO is enabled by default for all organizations owned by your enterprise account. All members will be required to authenticate using SAML SSO to gain access to the organizations where they are a member, and enterprise owners will be required to authenticate using SAML SSO when accessing an enterprise account.
{% data reusables.saml.about-saml-access-enterprise-account %} For more information, see "[Viewing and managing a user's SAML access to your enterprise account](/github/setting-up-and-managing-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise-account)."
{% data reusables.saml.saml-supported-idps %}
{% data reusables.scim.enterprise-account-scim %} If you're not participating in the private beta, SCIM is not supported for enterprise accounts. For more information, see "[Managing user provisioning for organizations in your enterprise account](#managing-user-provisioning-for-organizations-in-your-enterprise-account)."
{% note %}
**Note:** Enabling authentication with SAML single sign-on for your enterprise account will override any existing organization-level SAML configurations.
{% endnote %}
For more detailed information about how to enable SAML using Okta, see "[Configuring SAML single sign-on and SCIM for your enterprise account using Okta](/github/setting-up-and-managing-your-enterprise/configuring-saml-single-sign-on-and-scim-for-your-enterprise-account-using-okta).
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.security-tab %}
4. {% data reusables.enterprise-accounts.view-current-policy-config-orgs %}
5. Under "SAML single sign-on", select **Enable SAML authentication**.
![Checkbox for enabling SAML SSO](/assets/images/help/business-accounts/enable-saml-auth-enterprise.png)
6. In the **Sign on URL** field, type the HTTPS endpoint of your IdP for single sign-on requests. This value is available in your IdP configuration.
![Field for the URL that members will be forwarded to when signing in](/assets/images/help/saml/saml_sign_on_url_business.png)
7. Optionally, in the **Issuer** field, type your SAML issuer's name. This verifies the authenticity of sent messages.
![Field for the SAML issuer's name](/assets/images/help/saml/saml_issuer.png)
8. Under **Public Certificate**, paste a certificate to verify SAML responses.
![Field for the public certificate from your identity provider](/assets/images/help/saml/saml_public_certificate.png)
9. To verify the integrity of the requests from your SAML issuer, click {% octicon "pencil" aria-label="The edit icon" %}. Then in the Signature Method and Digest Method drop-downs, choose the hashing algorithm used by your SAML issuer.
![Drop-downs for the Signature Method and Digest method hashing algorithms used by your SAML issuer](/assets/images/help/saml/saml_hashing_method.png)
10. Before enabling SAML SSO for your enterprise, click **Test SAML configuration** to ensure that the information you've entered is correct. ![Button to test SAML configuration before enforcing](/assets/images/help/saml/saml_test.png)
11. Click **Save**.
### Managing user provisioning for organizations in your enterprise account
Enterprise owners can manage organization membership in an enterprise account directly from an identity provider (IdP).
{% data reusables.enterprise-accounts.user-provisioning-release-stage %}
{% data reusables.saml.about-user-provisioning-enterprise-account %}
{% data reusables.scim.enterprise-account-scim %} Optionally, you can also enable SAML provisioning and, separately, deprovisioning.
If you configure SCIM in your IdP, each time you make changes to group membership in your IdP, your IdP will make a SCIM call to {% data variables.product.prodname_dotcom %} to update the corresponding organization's membership. If you enable SAML provisioning, each time an enterprise member accesses a resource protected by your enterprise account's SAML configuration, that SAML assertion will trigger provisioning.
For each SCIM call or SAML assertion, {% data variables.product.product_name %} will check the IdP groups the user belongs to and perform the following operations:
- If the user is a member of an IdP group that corresponds to an organization owned by your enterprise account, and the user is not currently a member of that organization, add the user to the organization (SAML assertion) or send the user an email invitation to join the organization (SCIM call).
- Cancel any existing invitations for the user to join an organization owned by your enterprise account.
For each SCIM call and, if you enable SAML deprovisioning, each SAML assertion, {% data variables.product.product_name %} will also perform the following operation:
- If the user is not a member of an IdP group that corresponds to an organization owned by your enterprise account, and the user is currently a member of that organization, remove the user from the organization.
If deprovisioning removes the last remaining owner from an organization, the organization will become unowned. Enterprise owners can assume ownership of unowned organizations. For more information, see "[Managing unowned organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/managing-unowned-organizations-in-your-enterprise-account)."
To enable user provisioning for your enterprise account using Okta, see "[Configuring SAML single sign-on and SCIM for your enterprise account using Okta](/github/setting-up-and-managing-your-enterprise/configuring-saml-single-sign-on-and-scim-for-your-enterprise-account-using-okta)."
### Managing team synchronization for organizations in your enterprise account
Enterprise owners can enable team synchronization between an IdP and {% data variables.product.product_name %} to allow organization owners and team maintainers to connect teams in the organizations owned by your enterprise account with IdP groups.
{% data reusables.identity-and-permissions.about-team-sync %}
You can use team synchronization with your enterprise account with Azure AD.
{% data reusables.identity-and-permissions.sync-team-with-idp-group %}
{% data reusables.identity-and-permissions.team-sync-disable %}
You can also configure and manage team synchronization for an individual organization. For more information, see "[Managing team synchronization for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-team-synchronization-for-your-organization)."
#### Prerequisites
Before you can enable team synchronization for your enterprise account:
- You or your Azure AD administrator must be a Global administrator or a Privileged Role administrator in Azure AD.
- You must enable SAML single sign-on for organizations in your enterprise account with your supported IdP. For more information, see "[Enabling SAML single sign-on for organizations in your enterprise account](#enabling-saml-single-sign-on-for-organizations-in-your-enterprise-account)."
- You must authenticate to your enterprise account using SAML SSO and the supported IdP. For more information, see "[Authenticating with SAML single sign-on](/articles/authenticating-with-saml-single-sign-on)."
#### Managing team synchronization for Azure AD
{% data reusables.identity-and-permissions.team-sync-azure-permissions %}
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.security-tab %}
{% data reusables.identity-and-permissions.team-sync-confirm-saml %}
{% data reusables.identity-and-permissions.enable-team-sync-azure %}
{% data reusables.identity-and-permissions.team-sync-confirm %}
7. Review the identity provider tenant information you want to connect to your enterprise account, then click **Approve**.
![Pending request to enable team synchronization to a specific IdP tenant with option to approve or cancel request](/assets/images/help/teams/approve-team-synchronization.png)
8. To disable team synchronization, click **Disable team synchronization**.
![Disable team synchronization](/assets/images/help/teams/disable-team-synchronization.png)
### Managing your enterprise account's SSH certificate authorities
Enterprise owners can add and delete an enterprise account's SSH certificate authorities (CA).
@@ -213,3 +115,7 @@ Deleting a CA cannot be undone. If you want to use the same CA in the future, yo
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.security-tab %}
{% data reusables.organizations.delete-ssh-ca %}
### Further reading
- "[Configuring identity and access management for your enterprise account](/github/setting-up-and-managing-your-enterprise/configuring-identity-and-access-management-for-your-enterprise-account)"

8
content/github/setting-up-and-managing-your-enterprise/index.md
View File

@@ -28,14 +28,20 @@ versions:
{% link_in_list /managing-unowned-organizations-in-your-enterprise-account %}
{% link_in_list /viewing-the-audit-logs-for-organizations-in-your-enterprise-account %}
{% link_in_list /configuring-webhooks-for-organization-events-in-your-enterprise-account %}
{% topic_link_in_list /configuring-identity-and-access-management-for-your-enterprise-account %}
{% link_in_list /about-identity-and-access-management-for-your-enterprise-account %}
{% link_in_list /enabling-saml-single-sign-on-for-organizations-in-your-enterprise-account %}
{% link_in_list /about-user-provisioning-for-organizations-in-your-enterprise-account %}
{% link_in_list /configuring-saml-single-sign-on-and-scim-for-your-enterprise-account-using-okta %}
{% link_in_list /managing-team-synchronization-for-organizations-in-your-enterprise-account %}
{% topic_link_in_list /setting-policies-for-organizations-in-your-enterprise-account %}
{% link_in_list /enforcing-repository-management-policies-in-your-enterprise-account %}
{% link_in_list /enforcing-project-board-policies-in-your-enterprise-account %}
{% link_in_list /enforcing-team-policies-in-your-enterprise-account %}
{% link_in_list /enforcing-security-settings-in-your-enterprise-account %}
{% link_in_list /configuring-saml-single-sign-on-and-scim-for-your-enterprise-account-using-okta %}
{% link_in_list /verifying-your-enterprise-accounts-domain %}
{% link_in_list /restricting-email-notifications-for-your-enterprise-account-to-approved-domains %}
{% link_in_list /enforcing-a-policy-on-dependency-insights-in-your-enterprise-account %}
{% link_in_list /enforcing-github-actions-policies-in-your-enterprise-account %}
{% link_in_list /configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-enterprise-account %}

12
content/github/setting-up-and-managing-your-enterprise/managing-licenses-for-visual-studio-subscription-with-github-enterprise.md
View File

@@ -15,7 +15,9 @@ versions:
{% data variables.product.prodname_vss_ghe %} is a combined offering from Microsoft that allows a subscriber to use both {% data variables.product.prodname_enterprise %} and {% data variables.product.prodname_vs %}. {% data variables.product.prodname_vss_ghe %} is available from Microsoft under the terms of the Microsoft Enterprise Agreement. For more information, see [{% data variables.product.prodname_vss_ghe %}](https://visualstudio.microsoft.com/subscriptions/visual-studio-github/) on the {% data variables.product.prodname_vs %} website.
After you assign a license for {% data variables.product.prodname_vss_ghe %} to a subscriber, the subscriber will use the {% data variables.product.prodname_enterprise %} portion of the license by joining an organization in your enterprise account with a user account on {% data variables.product.prodname_dotcom_the_website %}.
After you assign a license for {% data variables.product.prodname_vss_ghe %} to a subscriber, the subscriber will use the {% data variables.product.prodname_enterprise %} portion of the license by joining an organization in your enterprise account with a user account on {% data variables.product.prodname_dotcom_the_website %}. If the email address for the user account of an enterprise member on {% data variables.product.prodname_dotcom_the_website %} matches the User Primary Name (UPN) for a subscriber to your {% data variables.product.prodname_vs %} account, the {% data variables.product.prodname_vs %} subscriber will automatically consume one license for {% data variables.product.prodname_vss_ghe %}.
The total quantity of your licenses for your enterprise on {% data variables.product.prodname_dotcom %} is the sum of any standard {% data variables.product.prodname_enterprise %} licenses and the number of {% data variables.product.prodname_vs %} subscription licenses that include access to {% data variables.product.prodname_dotcom %}. If the user account for an enterprise member does not correspond with the email address for a {% data variables.product.prodname_vs %} subscriber, the license that the user account consumes is unavailable for a {% data variables.product.prodname_vs %} subscriber.
For more information about {% data variables.product.prodname_enterprise %}, see "[{% data variables.product.company_short %}'s products](/github/getting-started-with-github/githubs-products#github-enterprise)." For more information about accounts on {% data variables.product.prodname_dotcom_the_website %}, see "[Types of {% data variables.product.prodname_dotcom %} accounts](/github/getting-started-with-github/types-of-github-accounts)."
@@ -27,11 +29,13 @@ For more information about {% data variables.product.prodname_enterprise %}, see
3. On {% data variables.product.prodname_dotcom_the_website %}, create at least one organization owned by your enterprise account. For more information, see "[Adding organizations to your enterprise account](/github/setting-up-and-managing-your-enterprise/adding-organizations-to-your-enterprise-account)."
4. The subscriber must create a user account on {% data variables.product.prodname_dotcom_the_website %}, and the email address for the account must be the same email address as the email address in the {% data variables.product.prodname_vs %} portal. For more information, see "[Signing up for {% data variables.product.prodname_dotcom %}](/github/getting-started-with-github/signing-up-for-github)" and "[Managing email preferences](/github/setting-up-and-managing-your-github-user-account/managing-email-preferences)."
### Inviting a subscriber to use {% data variables.product.prodname_enterprise %}
To use the {% data variables.product.prodname_enterprise %} portion of the license, the subscriber must join an organization owned by your enterprise account on {% data variables.product.prodname_dotcom_the_website %}. Organization owners can invite new members to an organization. For more information, see "[Inviting users to join your organization](/github/setting-up-and-managing-organizations-and-teams/inviting-users-to-join-your-organization)."
To use the {% data variables.product.prodname_enterprise %} portion of the license, the subscriber's user account on {% data variables.product.prodname_dotcom_the_website %} must be or become a member of an organization owned by your enterprise on {% data variables.product.prodname_dotcom_the_website %}.
Organization owners can invite new members to an organization by email address. The email address that the organization owner invites must match the {% data variables.product.prodname_vs %} subscriber's User Primary Name (UPN), which should be an email address. The subscriber can accept the invitation with an existing user account on {% data variables.product.prodname_dotcom_the_website %} or create a new account.
For more information, see "[Inviting users to join your organization](/github/setting-up-and-managing-organizations-and-teams/inviting-users-to-join-your-organization)," "[Signing up for {% data variables.product.prodname_dotcom %}](/github/getting-started-with-github/signing-up-for-github)," and "[Managing email preferences](/github/setting-up-and-managing-your-github-user-account/managing-email-preferences)."
### Viewing {% data variables.product.prodname_enterprise %} licensing

43
content/github/setting-up-and-managing-your-enterprise/managing-team-synchronization-for-organizations-in-your-enterprise-account.md Normal file
View File

@@ -0,0 +1,43 @@
---
title: Managing team synchronization for organizations in your enterprise account
intro: 'You can enable team synchronization between an identity provider (IdP) and {% data variables.product.product_name %} to allow organizations owned by your enterprise account to manage team membership through IdP groups.'
product: '{% data reusables.gated-features.enterprise-accounts %}'
permissions: Enterprise owners can manage team synchronization for an enterprise account.
versions:
free-pro-team: '*'
---
### About team synchronization for enterprise accounts
If you use Azure AD as your IdP, you can enable team synchronization for your enterprise account to allow organization owners and team maintainers to synchronize teams in the organizations owned by your enterprise accounts with IdP groups.
{% data reusables.identity-and-permissions.about-team-sync %}
{% data reusables.identity-and-permissions.sync-team-with-idp-group %}
{% data reusables.identity-and-permissions.team-sync-disable %}
You can also configure and manage team synchronization for an individual organization. For more information, see "[Managing team synchronization for your organization](/github/setting-up-and-managing-organizations-and-teams/managing-team-synchronization-for-your-organization)."
### Prerequisites
You or your Azure AD administrator must be a Global administrator or a Privileged Role administrator in Azure AD.
You must enable SAML single sign-on for organizations in your enterprise account with your supported IdP. For more information, see "[Enabling SAML single sign-on for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/enabling-saml-single-sign-on-for-organizations-in-your-enterprise-account)."
You must authenticate to your enterprise account using SAML SSO and the supported IdP. For more information, see "[Authenticating with SAML single sign-on](/articles/authenticating-with-saml-single-sign-on)."
### Managing team synchronization for Azure AD
{% data reusables.identity-and-permissions.team-sync-azure-permissions %}
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.security-tab %}
{% data reusables.identity-and-permissions.team-sync-confirm-saml %}
{% data reusables.identity-and-permissions.enable-team-sync-azure %}
{% data reusables.identity-and-permissions.team-sync-confirm %}
7. Review the details for the IdP tenant you want to connect to your enterprise account, then click **Approve**.
![Pending request to enable team synchronization to a specific IdP tenant with option to approve or cancel request](/assets/images/help/teams/approve-team-synchronization.png)
8. To disable team synchronization, click **Disable team synchronization**.
![Disable team synchronization](/assets/images/help/teams/disable-team-synchronization.png)

2
content/github/setting-up-and-managing-your-enterprise/managing-unowned-organizations-in-your-enterprise-account.md
View File

@@ -9,7 +9,7 @@ versions:
free-pro-team: '*'
---
If you enable user deprovisioning to manage organization membership in your enterprise account, you could end up with an organization that has no organization owners. For more information, see "[Enforcing security settings in your enterprise account](/github/setting-up-and-managing-your-enterprise/enforcing-security-settings-in-your-enterprise-account#managing-user-provisioning-for-organizations-in-your-enterprise-account)."
If you enable user deprovisioning to manage organization membership in your enterprise account, you could end up with an organization that has no organization owners. For more information, see "[About user provisioning for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/about-user-provisioning-for-organizations-in-your-enterprise-account)."
{% data reusables.enterprise-accounts.access-enterprise %}
2. To the right of the search field, click **X unowned**.

2
content/github/setting-up-and-managing-your-enterprise/viewing-and-managing-a-users-saml-access-to-your-enterprise.md
View File

@@ -18,6 +18,8 @@ When you enable SAML single sign-on for your enterprise account, each enterprise
{% data reusables.saml.about-linked-identities %}
{% data reusables.identity-and-permissions.revoking-identity-team-sync %}
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.people-tab %}
{% data reusables.saml.click-person-revoke-identity %}

5
content/github/setting-up-and-managing-your-enterprise/viewing-the-subscription-and-usage-for-your-enterprise-account.md
View File

@@ -22,7 +22,8 @@ For more information about managing billing managers, see "[Inviting people to m
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.license-tab %}
4. Under "User {% if currentVersion == "free-pro-team@latest" %}Licenses{% else %}licenses{% endif %}", view your total licenses, number of consumed licenses, and your subscription expiration date.
1. Under "User {% if currentVersion == "free-pro-team@latest" %}Licenses{% else %}licenses{% endif %}", view your total licenses, number of consumed licenses, and your subscription expiration date.
{% if currentVersion == "free-pro-team@latest" %}![License and subscription information in enterprise billing settings](/assets/images/help/business-accounts/billing-license-info.png){% else %}
![License and subscription information in enterprise billing settings](/assets/images/enterprise/enterprises/enterprise-server-billing-license-info.png){% endif %}
5. To view details of the user licenses currently in use, click **View {% if currentVersion == "free-pro-team@latest" %}details{% else %}users{% endif %}**.
1. Optionally, to view details for license usage or download a {% if currentVersion == "free-pro-team@latest" %}CSV{% elsif enterpriseServerVersions contains currentVersion %}JSON{% endif %} file with license details{% if currentVersion == "free-pro-team@latest" %}, to the right of "User Licenses"{% endif %}, click **View {% if currentVersion == "free-pro-team@latest" %}details{% elsif enterpriseServerVersions contains currentVersion %}users{% endif %}** or {% if currentVersion == "free-pro-team@latest" %}{% octicon "download" aria-label="The download icon" %}{% elsif enterpriseServerVersions contains currentVersion %}**Export license usage**{% endif %}.{% if currentVersion == "free-pro-team@latest" %}
!["View details" button and button with download icon to the right of "User Licenses"](/assets/images/help/business-accounts/billing-license-info-click-view-details-or-download.png){% endif %}

6
content/github/setting-up-and-managing-your-github-user-account/permission-levels-for-a-user-account-repository.md
View File

@@ -29,7 +29,8 @@ The repository owner has full control of the repository. In addition to the acti
| :- | :- |
| {% if currentVersion == "free-pro-team@latest" %}Invite collaborators{% else %}Add collaborators{% endif %} | "[Inviting collaborators to a personal repository](/github/setting-up-and-managing-your-github-user-account/inviting-collaborators-to-a-personal-repository)" |
| Change the visibility of the repository | "[Setting repository visibility](/github/administering-a-repository/setting-repository-visibility)" |{% if currentVersion == "free-pro-team@latest" %}
| Limit interactions with the repository | "[Limiting interactions in your repository](/github/building-a-strong-community/limiting-interactions-in-your-repository)" |{% endif %}
| Limit interactions with the repository | "[Limiting interactions in your repository](/github/building-a-strong-community/limiting-interactions-in-your-repository)" |{% endif %}{% if currentVersion == "free-pro-team@latest" %}
| Rename a branch, including the default branch | "[Renaming a branch](/github/administering-a-repository/renaming-a-branch)" |{% endif %}
| Merge a pull request on a protected branch, even if there are no approving reviews | "[About protected branches](/github/administering-a-repository/about-protected-branches)" |
| Delete the repository | "[Deleting a repository](/github/administering-a-repository/deleting-a-repository)" |
| Manage the repository's topics | "[Classifying your repository with topics](/github/administering-a-repository/classifying-your-repository-with-topics)" |{% if currentVersion == "free-pro-team@latest" %}
@@ -61,7 +62,8 @@ Collaborators can also perform the following actions.
| Action | More information |
| :- | :- |
| Fork the repository | "[About forks](/github/collaborating-with-issues-and-pull-requests/about-forks)" |
| Fork the repository | "[About forks](/github/collaborating-with-issues-and-pull-requests/about-forks)" |{% if currentVersion == "free-pro-team@latest" %}
| Rename a branch other than the default branch | "[Renaming a branch](/github/administering-a-repository/renaming-a-branch)" |{% endif %}
| Create, edit, and delete comments on commits, pull requests, and issues in the repository | <ul><li>"[About issues](/github/managing-your-work-on-github/about-issues)"</li><li>"[Commenting on a pull request](/github/collaborating-with-issues-and-pull-requests/commenting-on-a-pull-request)"</li><li>"[Managing disruptive comments](/github/building-a-strong-community/managing-disruptive-comments)"</li></ul> |
| Create, assign, close, and re-open issues in the repository | "[Managing your work with issues](/github/managing-your-work-on-github/managing-your-work-with-issues)" |
| Manage labels for issues and pull requests in the repository | "[Labeling issues and pull requests](/github/managing-your-work-on-github/labeling-issues-and-pull-requests)" |

4
content/github/setting-up-and-managing-your-github-user-account/permission-levels-for-user-owned-project-boards.md
View File

@@ -22,7 +22,7 @@ There are three levels of permissions for project board collaborators:
The project board owner and collaborators with admin access have full control of the project board. In addition to all the permissions allowed by project board collaborators, a project board owner and collaborator with admin access can:
- [Manage, view, and add collaborators](/articles/managing-access-to-your-user-account-s-project-boards)
- [Configure a project board as public or private](/articles/changing-project-board-visibility)
- [Configure a project board as {% if currentVersion == "github-ae@latest" %}internal{% else %}public{% endif %} or private](/articles/changing-project-board-visibility)
- [Delete a project board](/articles/deleting-a-project-board/)
- [Close a project board](/articles/closing-a-project-board/)
- [Reopen a closed project board](/articles/reopening-a-closed-project-board)
@@ -51,7 +51,7 @@ Collaborators with write access to a user-owned project board can:
### Project board visibility
You can change the project board's visibility from private to public and back again. By default, user-owned project boards are private. For more information, see "[Changing project board visibility](/articles/changing-project-board-visibility)."
You can change the project board's visibility from private to {% if currentVersion == "github-ae@latest" %}internal{% else %}public{% endif %} and back again. By default, user-owned project boards are private. For more information, see "[Changing project board visibility](/articles/changing-project-board-visibility)."
### Further reading

13
content/github/setting-up-and-managing-your-github-user-account/types-of-emails-github-sends.md
View File

@@ -1,6 +1,6 @@
---
title: Types of emails GitHub sends
intro: 'There are several types of emails you can receive from {% data variables.product.product_name %}, including notifications, account information, and marketing communications.'
intro: 'There are several types of emails you can receive from {% data variables.product.product_name %}, including notifications, account information, customer research invitations, and marketing communications.'
redirect_from:
- /articles/types-of-emails-github-sends
versions:
@@ -25,6 +25,17 @@ You can also choose which type of email updates you'd like to receive on convers
If you've upgraded to paid products or features, then you'll receive billing receipts at the account's primary email address. For more information, see "[Setting your billing email](/articles/setting-your-billing-email)."
### Customer research emails
{% data variables.product.product_name %} occasionally seeks customers to participate in research sessions to help us build a better GitHub. These are conducted remotely, open to customers worldwide, and may include:
- Feedback surveys
- Research interviews
- Usability testing sessions
- Previewing early prototypes or concepts
These emails are infrequent and you can choose whether or not to participate. If you're interested in additional opportunities to participate in research sessions, you may add yourself to the GitHub Customer Research Panel. For more information, see "[GitHub Customer Experience Research](https://cxr.github.com)."
### Marketing emails
{% data variables.product.product_name %} occasionally sends these types of marketing emails:

Some files were not shown because too many files have changed in this diff Show More