42d5f37abd
Co-authored-by: github-actions <github-actions@github.com> Co-authored-by: Felicity Chapman <felicitymay@github.com> Co-authored-by: Robert Thorpe II <rthorpeii@github.com>
132 lines
11 KiB
YAML
132 lines
11 KiB
YAML
# Feature available only on dotcom
|
|
security_advisories:
|
|
title: 'Fix and disclose a security vulnerability'
|
|
description: 'Using repository security advisories to privately fix a reported vulnerability and get a CVE.'
|
|
featured_track: '{% ifversion fpt or ghec %}true{% else %}false{% endif %}'
|
|
guides:
|
|
- /code-security/security-advisories/guidance-on-reporting-and-writing/about-coordinated-disclosure-of-security-vulnerabilities
|
|
- /code-security/security-advisories/global-security-advisories/about-the-github-advisory-database
|
|
- /code-security/security-advisories/global-security-advisories/about-global-security-advisories
|
|
- /code-security/security-advisories/repository-security-advisories/about-repository-security-advisories
|
|
- /code-security/security-advisories/guidance-on-reporting-and-writing/best-practices-for-writing-repository-security-advisories
|
|
- /code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability
|
|
- /code-security/security-advisories/guidance-on-reporting-and-writing/managing-privately-reported-security-vulnerabilities
|
|
- /code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository
|
|
- /code-security/security-advisories/repository-security-advisories/creating-a-repository-security-advisory
|
|
- /code-security/security-advisories/repository-security-advisories/adding-a-collaborator-to-a-repository-security-advisory
|
|
- /code-security/security-advisories/repository-security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-repository-security-vulnerability
|
|
- /code-security/security-advisories/repository-security-advisories/publishing-a-repository-security-advisory
|
|
- /code-security/security-advisories/repository-security-advisories/editing-a-repository-security-advisory
|
|
- /code-security/security-advisories/repository-security-advisories/withdrawing-a-repository-security-advisory
|
|
- /code-security/security-advisories/repository-security-advisories/removing-a-collaborator-from-a-repository-security-advisory
|
|
|
|
# Feature available on dotcom and GHES 3.3+, so articles available on GHAE and earlier GHES hidden to hide the learning track
|
|
dependabot_alerts:
|
|
title: 'Get notifications for insecure dependencies'
|
|
description: 'Set up Dependabot to alert you to new vulnerabilities{% ifversion GH-advisory-db-supports-malware %} or malware{% endif %} in your dependencies.'
|
|
guides:
|
|
- /code-security/dependabot/dependabot-alerts/about-dependabot-alerts
|
|
- '{% ifversion fpt or ghec or ghes %}/github/administering-a-repository/managing-repository-settings/managing-security-and-analysis-settings-for-your-repository{% endif %}'
|
|
- /code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts
|
|
- /code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts
|
|
- /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates
|
|
- /code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies
|
|
- /code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors
|
|
|
|
# Feature available on dotcom and GHES 3.3+, so articles available on GHAE and earlier GHES hidden to hide the learning track
|
|
dependabot_security_updates:
|
|
title: 'Get pull requests to update your vulnerable dependencies'
|
|
description: 'Set up Dependabot to create pull requests when new vulnerabilities are reported.'
|
|
guides:
|
|
- /code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates
|
|
- /code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates
|
|
- '{% ifversion fpt or ghec or ghes %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies{% endif %}'
|
|
- '{% ifversion fpt or ghec or ghes %}/github/administering-a-repository/managing-repository-settings/managing-security-and-analysis-settings-for-your-repository{% endif %}'
|
|
- /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates
|
|
- '{% ifversion fpt or ghec or ghes %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies{% endif %}'
|
|
|
|
# Feature available only on dotcom and GHES 3.3+
|
|
dependency_version_updates:
|
|
title: 'Keep your dependencies up-to-date'
|
|
description: 'Use Dependabot to check for new releases and create pull requests to update your dependencies.'
|
|
guides:
|
|
- /code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates
|
|
- /code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates
|
|
- /code-security/dependabot/dependabot-version-updates/customizing-dependency-updates
|
|
- /code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
|
|
- /code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
|
|
- /code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
|
|
- /code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates
|
|
- /code-security/dependabot/working-with-dependabot/managing-encrypted-secrets-for-dependabot
|
|
- /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates
|
|
- /code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors
|
|
|
|
# Feature available in GHEC, GHES 3.0 up, and GHAE. Feature limited on FPT so hidden there.
|
|
secret_scanning:
|
|
title: 'Scan for secrets'
|
|
description: 'Set up secret scanning to guard against accidental check-ins of tokens, passwords, and other secrets to your repository.'
|
|
guides:
|
|
- '{% ifversion not fpt %}/code-security/secret-scanning/about-secret-scanning{% endif %}'
|
|
- '{% ifversion not fpt %}/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories{% endif %}'
|
|
- '{% ifversion not fpt %}/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning{% endif %}'
|
|
- '{% ifversion not fpt %}/code-security/secret-scanning/managing-alerts-from-secret-scanning{% endif %}'
|
|
- '{% ifversion not fpt %}/code-security/secret-scanning/secret-scanning-patterns{% endif %}'
|
|
- '{% ifversion secret-scanning-push-protection %}/code-security/secret-scanning/protecting-pushes-with-secret-scanning{% endif %}'
|
|
- '{% ifversion secret-scanning-push-protection %}/code-security/secret-scanning/pushing-a-branch-blocked-by-push-protection{% endif %}'
|
|
|
|
# Security overview feature available in GHEC and GHES 3.2+, so other articles hidden to hide the learning path in other versions
|
|
security_alerts:
|
|
title: 'Explore and manage security alerts'
|
|
description: 'Learn where to find and resolve security alerts.'
|
|
guides:
|
|
- '{% ifversion ghec or ghes %}/code-security/security-overview/about-the-security-overview {% endif %}'
|
|
- '{% ifversion ghec or ghes %}/code-security/security-overview/viewing-the-security-overview {% endif %}'
|
|
- '{% ifversion ghec or ghes %}/code-security/secret-scanning/managing-alerts-from-secret-scanning {% endif %}'
|
|
- '{% ifversion ghec or ghes %}/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository{% endif %}'
|
|
- '{% ifversion ghec or ghes %}/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests{% endif %}'
|
|
- '{% ifversion ghec or ghes %}/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository{% endif %}'
|
|
|
|
# Feature available in all versions from GHES 2.22 up
|
|
code_security_actions:
|
|
title: 'Run code scanning with GitHub Actions'
|
|
description: 'Check your default branch and every pull request to keep vulnerabilities and errors out of your repository.'
|
|
featured_track: '{% ifversion ghae or ghes %}true{% else %}false{% endif %}'
|
|
guides:
|
|
- /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning
|
|
- /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository
|
|
- /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning
|
|
- /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages
|
|
- /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/running-codeql-code-scanning-in-a-container
|
|
- /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow
|
|
|
|
# Feature available in all versions from GHES 2.22 up
|
|
code_security_integration:
|
|
title: 'Integrate with code scanning'
|
|
description: 'Upload code analysis results from third-party systems to GitHub using SARIF.'
|
|
guides:
|
|
- /code-security/code-scanning/integrating-with-code-scanning/about-integration-with-code-scanning
|
|
- /code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github
|
|
- /code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning
|
|
- /rest/reference/code-scanning
|
|
|
|
# Feature available in all versions from GHES 2.22 up
|
|
code_security_ci:
|
|
title: 'Run CodeQL code scanning in your CI'
|
|
description: 'Set up CodeQL within your existing CI and upload results to GitHub code scanning.'
|
|
guides:
|
|
- /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/about-codeql-code-scanning-in-your-ci-system
|
|
- /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/installing-codeql-cli-in-your-ci-system
|
|
- /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-cli-in-your-ci-system
|
|
- /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/migrating-from-the-codeql-runner-to-codeql-cli
|
|
- /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/troubleshooting-codeql-runner-in-your-ci-system
|
|
|
|
# Feature available in all versions
|
|
end_to_end_supply_chain:
|
|
title: 'End-to-end supply chain'
|
|
description: 'How to think about securing your user accounts, your code, and your build process.'
|
|
guides:
|
|
- /code-security/supply-chain-security/end-to-end-supply-chain/end-to-end-supply-chain-overview
|
|
- /code-security/supply-chain-security/end-to-end-supply-chain/securing-accounts
|
|
- /code-security/supply-chain-security/end-to-end-supply-chain/securing-code
|
|
- /code-security/supply-chain-security/end-to-end-supply-chain/securing-builds
|