From 433cdbed4fbe5dc54161b5ef6b4c52f34cb33536 Mon Sep 17 00:00:00 2001 From: docs-bot <77750099+docs-bot@users.noreply.github.com> Date: Sun, 6 Apr 2025 23:28:55 -0700 Subject: [PATCH 1/8] Sync secret scanning data (#55129) Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- src/secret-scanning/data/public-docs.yml | 42 ++++++++++++------------ src/secret-scanning/lib/config.json | 4 +-- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/src/secret-scanning/data/public-docs.yml b/src/secret-scanning/data/public-docs.yml index bf47bc019623..0440aa3d7c01 100644 --- a/src/secret-scanning/data/public-docs.yml +++ b/src/secret-scanning/data/public-docs.yml @@ -237,7 +237,7 @@ ghes: '*' isPublic: true isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false isduplicate: false - provider: Authress @@ -705,7 +705,7 @@ ghes: '*' isPublic: false isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false isduplicate: false - provider: Bitbucket @@ -837,7 +837,7 @@ ghes: '*' isPublic: true isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false isduplicate: true - provider: Chief Tools @@ -1290,7 +1290,7 @@ ghes: '*' isPublic: false isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false isduplicate: false - provider: Dynatrace @@ -1314,7 +1314,7 @@ ghes: '*' isPublic: true isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false isduplicate: false - provider: EasyPost @@ -1362,7 +1362,7 @@ ghes: '>3.8' isPublic: false isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false isduplicate: false - provider: Facebook @@ -2168,7 +2168,7 @@ ghes: '*' isPublic: false isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false isduplicate: false - provider: Localstack @@ -2599,7 +2599,7 @@ ghes: '*' isPublic: false isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false isduplicate: false - provider: npm @@ -3137,7 +3137,7 @@ ghes: '*' isPublic: true isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false isduplicate: false - provider: PyPI @@ -3245,7 +3245,7 @@ ghes: '*' isPublic: true isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false isduplicate: false - provider: Samsara @@ -3413,7 +3413,7 @@ ghes: '>3.4' isPublic: true isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false isduplicate: false - provider: Shopify @@ -3449,7 +3449,7 @@ ghes: '*' isPublic: true isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false isduplicate: false - provider: Shopify @@ -3485,7 +3485,7 @@ ghes: '>3.4' isPublic: true isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false isduplicate: false - provider: Shopify @@ -3497,7 +3497,7 @@ ghes: '*' isPublic: true isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false isduplicate: false - provider: Siemens @@ -3568,7 +3568,7 @@ ghes: '*' isPublic: true isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false isduplicate: false - provider: Sourcegraph @@ -3640,7 +3640,7 @@ ghes: '*' isPublic: false isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false isduplicate: true - provider: Square @@ -3652,7 +3652,7 @@ ghes: '*' isPublic: false isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false isduplicate: false - provider: Square @@ -3664,7 +3664,7 @@ ghes: '*' isPublic: false isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false isduplicate: false - provider: SSLMate @@ -3784,7 +3784,7 @@ ghes: '*' isPublic: false isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false isduplicate: false - provider: Tailscale @@ -4024,7 +4024,7 @@ ghes: '>=3.12' isPublic: true isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false isduplicate: true - provider: Yandex @@ -4096,7 +4096,7 @@ ghes: '*' isPublic: false isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false isduplicate: false - provider: Yandex diff --git a/src/secret-scanning/lib/config.json b/src/secret-scanning/lib/config.json index eabd49aaee4c..0b5ebc9220fb 100644 --- a/src/secret-scanning/lib/config.json +++ b/src/secret-scanning/lib/config.json @@ -1,5 +1,5 @@ { - "sha": "8ac939d1d6cc631a764024efd9638e2d366fd5a4", - "blob-sha": "dcd2a16b74621ad62f7af0775535331ee3f62dbd", + "sha": "1a3f0cedb9b2f05d0ffd4422e1dbaded09210591", + "blob-sha": "48dc0e2b23d3b6497cf65f6de2f27703a3c88575", "targetFilename": "code-security/secret-scanning/introduction/supported-secret-scanning-patterns" } \ No newline at end of file From 85c69d8d14258061113d82a4f18122c3b0f7f187 Mon Sep 17 00:00:00 2001 From: docs-bot <77750099+docs-bot@users.noreply.github.com> Date: Sun, 6 Apr 2025 23:49:14 -0700 Subject: [PATCH 2/8] Sync secret scanning data (#55160) Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- src/secret-scanning/lib/config.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/secret-scanning/lib/config.json b/src/secret-scanning/lib/config.json index 0b5ebc9220fb..4c5c8e3179da 100644 --- a/src/secret-scanning/lib/config.json +++ b/src/secret-scanning/lib/config.json @@ -1,5 +1,5 @@ { - "sha": "1a3f0cedb9b2f05d0ffd4422e1dbaded09210591", + "sha": "7b4d3827b809d6d619506668704ea197a572caaa", "blob-sha": "48dc0e2b23d3b6497cf65f6de2f27703a3c88575", "targetFilename": "code-security/secret-scanning/introduction/supported-secret-scanning-patterns" } \ No newline at end of file From 832728065cc321a731be27aadc1b0c654126d032 Mon Sep 17 00:00:00 2001 From: mc <42146119+mchammer01@users.noreply.github.com> Date: Mon, 7 Apr 2025 08:12:38 +0100 Subject: [PATCH 3/8] More fixes for the secret risk assesment work - fast follow (#55126) --- .../security-overview/about-security-overview.md | 6 ++++++ .../security-overview/viewing-security-insights.md | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/content/code-security/security-overview/about-security-overview.md b/content/code-security/security-overview/about-security-overview.md index 122d1e7a63e8..5ad3c1b44e91 100644 --- a/content/code-security/security-overview/about-security-overview.md +++ b/content/code-security/security-overview/about-security-overview.md @@ -100,6 +100,12 @@ If you are an **owner or security manager** for an organization, you can see dat If you are an **organization or team member**, you can view security overview for the organization and see data for repositories where you have an appropriate level of access. +{% ifversion secret-risk-assessment %} + +> [!TIP] The Assessments view, which is not shown in the table below, is only available to organization owners and security managers. + +{% endif %} + {% ifversion security-overview-dashboard %} {% rowheaders %} diff --git a/content/code-security/security-overview/viewing-security-insights.md b/content/code-security/security-overview/viewing-security-insights.md index b12f4b497c0a..b005e72922ae 100644 --- a/content/code-security/security-overview/viewing-security-insights.md +++ b/content/code-security/security-overview/viewing-security-insights.md @@ -57,6 +57,12 @@ You can download a CSV file of the overview dashboard data for your organization {% ifversion security-overview-dashboard-enterprise %}Enterprise members can access the overview page for organizations in their enterprise. {% endif %}The metrics you see will depend on your role and repository permissions. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview#permission-to-view-data-in-security-overview). +{% ifversion secret-risk-assessment %} + +> [!TIP] If you're interested in assessing your organization's exposure to secret leaks specifically, you can run a free {% data variables.product.prodname_secret_risk_assessment %} on {% data variables.product.github %}. The resulting report gives you aggregate insights on public leaks, private exposures, and token types, as well as provides you with actionable steps to strengthen your security and protect your code. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment). + +{% endif %} + ### Limitations The data that populates the overview page can and will change over time due to various factors, such as repository deletion or modifications to a security advisory. This means that the overview metrics for the same time period could vary if viewed at two different times. For compliance reports or other scenarios where data consistency is crucial, we recommend that you source data from the audit log. For more information, see [AUTOTITLE](/code-security/getting-started/auditing-security-alerts). From da620eb6d06ace9b8d40ed2be953dc7dd0f2b84b Mon Sep 17 00:00:00 2001 From: docs-bot <77750099+docs-bot@users.noreply.github.com> Date: Mon, 7 Apr 2025 00:32:45 -0700 Subject: [PATCH 4/8] Sync secret scanning data (#55171) Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- src/secret-scanning/lib/config.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/secret-scanning/lib/config.json b/src/secret-scanning/lib/config.json index 4c5c8e3179da..1a70d5c414c4 100644 --- a/src/secret-scanning/lib/config.json +++ b/src/secret-scanning/lib/config.json @@ -1,5 +1,5 @@ { - "sha": "7b4d3827b809d6d619506668704ea197a572caaa", + "sha": "066b750f698b2ef9ac62df4dba6c08d319a1254d", "blob-sha": "48dc0e2b23d3b6497cf65f6de2f27703a3c88575", "targetFilename": "code-security/secret-scanning/introduction/supported-secret-scanning-patterns" } \ No newline at end of file From 13721cccbf7d07c1cfb2b8a4851d47ec5aa5e99c Mon Sep 17 00:00:00 2001 From: Jules <19994093+jules-p@users.noreply.github.com> Date: Mon, 7 Apr 2025 09:36:31 +0200 Subject: [PATCH 5/8] Removes NES and agent mode from preview list (#55175) Co-authored-by: Jules Porter --- .../managing-policies-for-copilot-in-your-organization.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization.md index 257ba9252396..f1fb5444882e 100644 --- a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization.md +++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization.md @@ -31,9 +31,7 @@ Organization owners can set policies to govern how {% data variables.product.pro * {% data variables.product.prodname_copilot_chat_short %} in the IDE * Editor preview features, such as: * Using images in {% data variables.product.prodname_copilot_chat_short %} (available in {% data variables.product.prodname_vscode_shortname %} and {% data variables.product.prodname_vs %}) - * {% data variables.copilot.next_edit_suggestions_caps %} (available in {% data variables.product.prodname_vscode_shortname %}) * GPT-4o {% data variables.product.prodname_copilot_short %} code completion (available in {% data variables.product.prodname_vscode_shortname %} and JetBrains IDEs) - * {% data variables.product.prodname_copilot_short %} Edits agent mode (available in {% data variables.product.prodname_vscode_shortname %}) * {% data variables.product.prodname_copilot_mobile_short %} * {% data variables.product.prodname_copilot_cli_short %} and {% data variables.product.prodname_windows_terminal %} * Suggestions matching public code From 696c87708a3ccf555f18fef184dafff5cd9eb038 Mon Sep 17 00:00:00 2001 From: Glen Babiano Date: Mon, 7 Apr 2025 17:41:14 +1000 Subject: [PATCH 6/8] Add information about SCIM reconciliation interval (#55124) Co-authored-by: Sophie <29382425+sophietheking@users.noreply.github.com> --- ...bleshooting-team-membership-with-identity-provider-groups.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/admin/managing-iam/provisioning-user-accounts-with-scim/troubleshooting-team-membership-with-identity-provider-groups.md b/content/admin/managing-iam/provisioning-user-accounts-with-scim/troubleshooting-team-membership-with-identity-provider-groups.md index 2269af9c1f37..f1792b1065de 100644 --- a/content/admin/managing-iam/provisioning-user-accounts-with-scim/troubleshooting-team-membership-with-identity-provider-groups.md +++ b/content/admin/managing-iam/provisioning-user-accounts-with-scim/troubleshooting-team-membership-with-identity-provider-groups.md @@ -24,6 +24,8 @@ redirect_from: {% data reusables.emus.about-team-management-with-idp %} You can review a list of teams that you've synchronized to IdP groups from your enterprise's settings. For more information, see [AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/managing-team-memberships-with-identity-provider-groups#viewing-idp-groups-group-membership-and-connected-teams). +{% data variables.product.github %} also runs a reconciliation job once per day, which synchronizes team membership with IdP group membership that is stored on {% data variables.product.github %}, based on information previously sent from the IdP via SCIM. If this job finds that a user is a member of an IdP group in the enterprise, but they are not a member of the mapped team or its organization, the job will attempt to add the user to the organization and team. + If {% data variables.product.prodname_dotcom %} is unable to synchronize team membership with a group on your IdP, you can view an error message and troubleshoot the problem. ## Viewing errors for team synchronization with an IdP group From 28300e318600913c6368c0c476163d6863c6d4e5 Mon Sep 17 00:00:00 2001 From: docs-bot <77750099+docs-bot@users.noreply.github.com> Date: Mon, 7 Apr 2025 00:52:48 -0700 Subject: [PATCH 7/8] Sync secret scanning data (#55172) Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- src/secret-scanning/lib/config.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/secret-scanning/lib/config.json b/src/secret-scanning/lib/config.json index 1a70d5c414c4..155749e08dd6 100644 --- a/src/secret-scanning/lib/config.json +++ b/src/secret-scanning/lib/config.json @@ -1,5 +1,5 @@ { - "sha": "066b750f698b2ef9ac62df4dba6c08d319a1254d", + "sha": "82247bbeeb4c22705a1575389b4583f83aaadf57", "blob-sha": "48dc0e2b23d3b6497cf65f6de2f27703a3c88575", "targetFilename": "code-security/secret-scanning/introduction/supported-secret-scanning-patterns" } \ No newline at end of file From d85ad6c14f4cc89e7a58115587de84dd3d47332b Mon Sep 17 00:00:00 2001 From: Anne-Marie <102995847+am-stead@users.noreply.github.com> Date: Mon, 7 Apr 2025 10:13:16 +0100 Subject: [PATCH 8/8] [Improvement]: fixes formatting error in Dependabot note #17837 (#55156) --- data/reusables/dependabot/enterprise-enable-dependabot.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/data/reusables/dependabot/enterprise-enable-dependabot.md b/data/reusables/dependabot/enterprise-enable-dependabot.md index 44573f948b9a..f1b5d8ff0a2e 100644 --- a/data/reusables/dependabot/enterprise-enable-dependabot.md +++ b/data/reusables/dependabot/enterprise-enable-dependabot.md @@ -1,8 +1,7 @@ {% ifversion ghes %} > [!NOTE] -> Your site administrator must set up {% data variables.product.prodname_dependabot_updates %} for {% data variables.location.product_location %} before you can use this feature. For more information, see [AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise). -{% ifversion security-feature-enablement-policies-dependabot %} +> Your site administrator must set up {% data variables.product.prodname_dependabot_updates %} for {% data variables.location.product_location %} before you can use this feature. For more information, see [AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise).{% ifversion security-feature-enablement-policies-dependabot %} > > You may not be able to enable or disable {% data variables.product.prodname_dependabot_updates %} if an enterprise owner has set a policy at the enterprise level. For more information, see [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise). {% endif %}