46fda7b959
* 3.1 megabranch * these should be in a topic branch to avoid unnecessary ci failures * add copies of 3.0 schema files * update link veresion from 3.0 -> 3.1 * update correct version 🤦♀️ * update with 3.1 version links * first stab of this work * fix product variable and links to section that has been moved * simplify Liquid conditions * elsif * Update content/github/managing-subscriptions-and-notifications-on-github/viewing-your-subscriptions.md Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> * [GHES 3.1] Code scanning: SARIF limit increased to 5000 (#18539) * revert api previews * delete 3.1 preview * Revert "delete 3.1 preview" This reverts commit 0a7df3e17a1e182e5b01b0fdafacb6bb19100f70. * regenerate decorated file * make security policy docs available in GHES 3.1 and GHAE docs * adapt for GHES/GHAE and remove the word * revert a whole bunch of stuff * more reverting and further updating * update links to Adding a security policy to your repo article * fix broken links and remove responsibly * simplify Liquid versioning * Update content/code-security/getting-started/adding-a-security-policy-to-your-repository.md Co-authored-by: Felicity Chapman <felicitymay@github.com> * address comment * Remove overcomplicated versioning (#18934) * Update information on licensing and billing for GHES 3.1 (#18835) * regenerate graphql files with new prerendered input object * add release notes placeholder file * add scaffolding * use real date * ✂️ 3.1 schema added accidentally * update enterprise release dates * add base files * Correct versioning for branch renaming and master to main transition in GHES docs (#19050) * update versioning * apply Alistair's suggestion * add new cached index names * Update docs for code scanning in external CI to cover CodeQL CLI usage (#19030) * 3893 add missing flag for GHES and GHAE (next) users (#19129) * [GHES 3.1] Release candidate 1 release notes (#18419) * fleshing out the 33.1 RC1 release notes * update with moreee * really flesh it all out * format a bit * fix linter errors * fix errors again * add quotes around heading with Liquid * placeholder to get error fixed * add quotes * just remove thoose things * typo * Update 0-rc1.yml * update with feedback * add workflow beta * upload increase * some last changes * change the date * fix links Co-authored-by: Sarah Schneider <sarahs@github.com> Co-authored-by: Rachael Sewell <rachmari@github.com> * Conflict resolution between 19082 and 3.1 Megabranch (#19158) * Fix typo in new reusable * delete 3.1 rest schema files * Update OpenAPI Descriptions (#19166) * last minute additions yikes * redeploy staging Co-authored-by: Melanie Yarbrough <11952755+myarb@users.noreply.github.com> Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com> Co-authored-by: mchammer01 <42146119+mchammer01@users.noreply.github.com> Co-authored-by: skedwards88 <skedwards88@github.com> Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com> Co-authored-by: Felicity Chapman <felicitymay@github.com> Co-authored-by: Meg Bird <megbird@github.com> Co-authored-by: Sarah Schneider <sarahs@github.com> Co-authored-by: github-openapi-bot <69533958+github-openapi-bot@users.noreply.github.com>
6.4 KiB
title, intro, permissions, redirect_from, product, versions, topics
| title | intro | permissions | redirect_from | product | versions | topics | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Configuring secret scanning for your repositories | You can configure how {% data variables.product.prodname_dotcom %} scans your repositories for secrets. | People with admin permissions to a repository can enable {% data variables.product.prodname_secret_scanning %} for the repository. |
|
{% data reusables.gated-features.secret-scanning %} |
|
|
{% data reusables.secret-scanning.beta %} {% data reusables.secret-scanning.enterprise-enable-secret-scanning %}
{% if currentVersion == "free-pro-team@latest" %} {% note %}
Note: {% data variables.product.prodname_secret_scanning_caps %} is enabled by default on public repositories and cannot be turned off. You can configure {% data variables.product.prodname_secret_scanning %} for your private repositories only.
{% endnote %} {% endif %}
Enabling {% data variables.product.prodname_secret_scanning %} for {% if currentVersion == "free-pro-team@latest" %}private {% endif %}repositories
{% if currentVersion ver_gt "enterprise-server@2.22" or currentVersion == "github-ae@next" %} You can enable {% data variables.product.prodname_secret_scanning %} for any repository that is owned by an organization. {% endif %}
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-settings %}
{% data reusables.repositories.navigate-to-security-and-analysis %}
{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" or currentVersion == "github-ae@next"%}
4. If {% data variables.product.prodname_advanced_security %} is not already enabled for the repository, to the right of "{% data variables.product.prodname_GH_advanced_security %}", click Enable.
{% if currentVersion == "free-pro-team@latest" %}
{% elsif currentVersion ver_gt "enterprise-server@3.0" or currentVersion == "github-ae@next" %}
{% endif %}
5. Review the impact of enabling {% data variables.product.prodname_advanced_security %}, then click Enable {% data variables.product.prodname_GH_advanced_security %} for this repository.
6. When you enable {% data variables.product.prodname_advanced_security %}, {% data variables.product.prodname_secret_scanning %} may automatically be enabled for the repository due to the organization's settings. If "{% data variables.product.prodname_secret_scanning_caps %}" is shown with an Enable button, you still need to enable {% data variables.product.prodname_secret_scanning %} by clicking Enable. If you see a Disable button, {% data variables.product.prodname_secret_scanning %} is already enabled.
{% elsif currentVersion == "enterprise-server@3.0" %}
7. To the right of "{% data variables.product.prodname_secret_scanning_caps %}", click Enable.
{% endif %}
{% if currentVersion == "github-ae@latest" %}
- Before you can enable {% data variables.product.prodname_secret_scanning %}, you need to enable {% data variables.product.prodname_GH_advanced_security %} first. To the right of "{% data variables.product.prodname_GH_advanced_security %}", click Enable.
- Click Enable {% data variables.product.prodname_GH_advanced_security %} for this repository to confirm the action.
- To the right of "{% data variables.product.prodname_secret_scanning_caps %}", click Enable.
{% endif %}
Excluding alerts from {% data variables.product.prodname_secret_scanning %} in {% if currentVersion == "free-pro-team@latest" %}private {% endif %}repositories
You can use a secret_scanning.yml file to exclude directories from {% data variables.product.prodname_secret_scanning %}. For example, you can exclude directories that contain tests or randomly generated content.
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.files.add-file %}
3. In the file name field, type .github/secret_scanning.yml.
4. Under Edit new file, type paths-ignore: followed by the paths you want to exclude from {% data variables.product.prodname_secret_scanning %}.
yaml paths-ignore: - "foo/bar/*.js"
You can use special characters, such as `*` to filter paths. For more information about filter patterns, see "[Workflow syntax for GitHub Actions](/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet)."
{% note %}
**Notes:**
- If there are more than 1,000 entries in `paths-ignore`, {% data variables.product.prodname_secret_scanning %} will only exclude the first 1,000 directories from scans.
- If *secret_scanning.yml* is larger than 1 MB, {% data variables.product.prodname_secret_scanning %} will ignore the entire file.
{% endnote %}
You can also ignore individual alerts from {% data variables.product.prodname_secret_scanning %}. For more information, see "Managing alerts from {% data variables.product.prodname_secret_scanning %}."