diff --git a/content/actions/reference/workflows-and-actions/events-that-trigger-workflows.md b/content/actions/reference/workflows-and-actions/events-that-trigger-workflows.md index 8c4fe351820b..6f5d0f024b7c 100644 --- a/content/actions/reference/workflows-and-actions/events-that-trigger-workflows.md +++ b/content/actions/reference/workflows-and-actions/events-that-trigger-workflows.md @@ -56,6 +56,9 @@ on: {% data reusables.actions.branch-requirement %} +> [!NOTE] +> To prevent recursive workflows, this event does not trigger workflows if the check run's check suite was created by {% data variables.product.prodname_actions %} or if the check suite's head SHA is associated with {% data variables.product.prodname_actions %}. + Runs your workflow when activity related to a check run occurs. A check run is an individual test that is part of a check suite. For information, see [AUTOTITLE](/rest/guides/using-the-rest-api-to-interact-with-checks). For information about the check run APIs, see [AUTOTITLE](/graphql/reference/objects#checkrun) in the GraphQL API documentation or [AUTOTITLE](/rest/checks/runs). For example, you can run a workflow when a check run has been `rerequested` or `completed`. @@ -78,7 +81,7 @@ on: {% data reusables.actions.branch-requirement %} > [!NOTE] -> To prevent recursive workflows, this event does not trigger workflows if the check suite was created by {% data variables.product.prodname_actions %}. +> To prevent recursive workflows, this event does not trigger workflows if the check suite was created by {% data variables.product.prodname_actions %} or if the check suite's head SHA is associated with {% data variables.product.prodname_actions %}. Runs your workflow when check suite activity occurs. A check suite is a collection of the check runs created for a specific commit. Check suites summarize the status and conclusion of the check runs that are in the suite. For information, see [AUTOTITLE](/rest/guides/using-the-rest-api-to-interact-with-checks). For information about the check suite APIs, see [AUTOTITLE](/graphql/reference/objects#checksuite) in the GraphQL API documentation or [AUTOTITLE](/rest/checks/suites). diff --git a/content/billing/concepts/product-billing/git-lfs.md b/content/billing/concepts/product-billing/git-lfs.md index fdee23dab208..ba3fbc6dfdfa 100644 --- a/content/billing/concepts/product-billing/git-lfs.md +++ b/content/billing/concepts/product-billing/git-lfs.md @@ -70,6 +70,8 @@ In this example, {% data variables.product.company_short %} would bill for 1.5 G {% data reusables.billing.default-over-quota-behavior %} +{% data reusables.billing.migrated-budgets %} + ## Further reading * [AUTOTITLE](/repositories/working-with-files/managing-large-files/about-git-large-file-storage) diff --git a/content/billing/concepts/product-billing/github-actions.md b/content/billing/concepts/product-billing/github-actions.md index 902d49edf421..906afab336ba 100644 --- a/content/billing/concepts/product-billing/github-actions.md +++ b/content/billing/concepts/product-billing/github-actions.md @@ -162,3 +162,5 @@ Your {% data variables.product.prodname_actions %} usage shares your account's e ## Managing your budget for {% data variables.product.prodname_actions %} {% data reusables.billing.default-over-quota-behavior %} + +{% data reusables.billing.migrated-budgets %} diff --git a/content/billing/concepts/product-billing/github-codespaces.md b/content/billing/concepts/product-billing/github-codespaces.md index fa640398af83..3b73ddec9dc3 100644 --- a/content/billing/concepts/product-billing/github-codespaces.md +++ b/content/billing/concepts/product-billing/github-codespaces.md @@ -81,7 +81,7 @@ You can view details of your usage for the current month at any time. See [AUTOT If you are blocked from resuming a codespace and you want to continue to work on changes you have made in your codespace, you can do any of the following: -* Add a payment method and set a budget greater than $0 USD. +* Add a payment method and review your budget settings to ensure they meet your usage needs. See [AUTOTITLE](/billing/tutorials/set-up-budgets#viewing-budgets). * Export the changes from the codespace to a branch. See [AUTOTITLE](/codespaces/troubleshooting/exporting-changes-to-a-branch). * Wait for your monthly included usage to reset at the start of the next monthly billing cycle. @@ -204,6 +204,8 @@ Use of codespaces created using prebuilds is charged at the same rate as regular {% data reusables.billing.default-over-quota-behavior %} +{% data reusables.billing.migrated-budgets %} + {% data reusables.codespaces.exporting-changes %} ## Viewing projected usage for an organization diff --git a/content/billing/concepts/product-billing/github-models.md b/content/billing/concepts/product-billing/github-models.md index 45b0a383f6cb..aacb3710d0f9 100644 --- a/content/billing/concepts/product-billing/github-models.md +++ b/content/billing/concepts/product-billing/github-models.md @@ -65,7 +65,9 @@ For accounts that use a custom model with a third-party model provider, billing Enterprises and organizations can opt in to paid usage to access expanded model capabilities, including increased request allowances and larger context windows. You can manage their spending by setting a budget. -By default, organizations and personal accounts that opt in to paid usage have a spending limit of $0 US dollars (USD) until the budget is increased. +Organizations and personal accounts may have default budgets to limit spending. Check the budgets for your account to ensure they are appropriate for your usage needs. See [AUTOTITLE](/billing/tutorials/set-up-budgets#viewing-budgets). + +{% data reusables.billing.migrated-budgets %} For more information, see [AUTOTITLE](/billing/managing-your-billing/using-budgets-control-spending). @@ -105,24 +107,24 @@ The following table displays how the total cost is calculated for a request usin The following steps demonstrate how the total cost is calculated: -1. **Calculate input tokens:** - Multiply the number of input tokens by the input multiplier. +1. **Calculate input tokens:** + Multiply the number of input tokens by the input multiplier. `1,000,000 tokens × 0.25 = 250,000 input token units` -1. **Calculate billable output tokens:** - Multiply the number of output tokens by the output multiplier. +1. **Calculate billable output tokens:** + Multiply the number of output tokens by the output multiplier. `1,000,000 tokens × 1 = 1,000,000 output token units` -1. **Add billable tokens:** - Add the billable input and output tokens. +1. **Add billable tokens:** + Add the billable input and output tokens. `250,000 (input) + 1,000,000 (output) = 1,250,000 total token units` -1. **Charges by type:** - * **Input charge:** `250,000 × $0.00001 = $2.50` +1. **Charges by type:** + * **Input charge:** `250,000 × $0.00001 = $2.50` * **Output charge:** `1,000,000 × $0.00001 = $10.00` -1. **Calculate the total cost:** - Multiply the total token units by the token unit price. +1. **Calculate the total cost:** + Multiply the total token units by the token unit price. `1,250,000 × $0.00001 = $12.50 for this request` ## Opting out of paid usage diff --git a/content/billing/concepts/product-billing/github-packages.md b/content/billing/concepts/product-billing/github-packages.md index a72132a2cea4..42b0a70cf0e1 100644 --- a/content/billing/concepts/product-billing/github-packages.md +++ b/content/billing/concepts/product-billing/github-packages.md @@ -91,3 +91,5 @@ Your {% data variables.product.prodname_registry %} usage shares your account's ## Managing your budget for {% data variables.product.prodname_registry %} {% data reusables.billing.default-over-quota-behavior %} + +{% data reusables.billing.migrated-budgets %} diff --git a/content/billing/tutorials/set-up-budgets.md b/content/billing/tutorials/set-up-budgets.md index 7a5280d10b0c..b6b53a622d18 100644 --- a/content/billing/tutorials/set-up-budgets.md +++ b/content/billing/tutorials/set-up-budgets.md @@ -34,9 +34,9 @@ Budgets and alerts allow you to track spending on metered products for your acco If your account does not have a valid payment method on file, usage is blocked once you use up your quota. -By default, if you have a valid payment method on file, spending is limited to $0 USD until you set a budget. You can set and manage a budget to limit spending for a product or SKU. +If you have a valid payment method on file, spending may be limited by one or more budgets. Check the budgets set for your account to ensure they are appropriate for your usage needs. - +{% data reusables.billing.migrated-budgets %} ## About budgets @@ -126,7 +126,7 @@ As the owner of an enterprise or organization account, or as a billing manager, ### Editing or deleting a budget ->[!IMPORTANT] Deleting a budget may remove any limits on spending, depending on your other existing budgets. For example, deleting the default $0 budget for {% data variables.product.prodname_copilot_short %} premium requests allows for unlimited usage. +>[!IMPORTANT] Deleting a budget may remove any limits on spending, depending on your other existing budgets. For example, deleting the only budget that limits {% data variables.product.prodname_copilot_short %} premium requests allows for unlimited usage. You can edit or delete a budget at any time, but you cannot change the scope of a budget after creating it. diff --git a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/index.md b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/index.md index 279b31553cb8..3d7d3a4d4ea7 100644 --- a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/index.md +++ b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/index.md @@ -13,6 +13,7 @@ topics: - Secret Protection - Repositories children: + - /remediating-a-leaked-secret - /push-protection-for-users - /working-with-push-protection-from-the-command-line - /working-with-push-protection-from-the-rest-api diff --git a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/remediating-a-leaked-secret.md b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/remediating-a-leaked-secret.md new file mode 100644 index 000000000000..8bc4a2f89512 --- /dev/null +++ b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/remediating-a-leaked-secret.md @@ -0,0 +1,196 @@ +--- +title: Remediating a leaked secret in your repository +shortTitle: Remediate a leaked secret +allowTitleToDifferFromFilename: true +intro: Learn how to respond effectively to a leaked secret in your {% data variables.product.github %} repository. +type: how_to +topics: + - Secret scanning + - Secret Protection + - Alerts + - Repositories +versions: + fpt: '*' + ghec: '*' + ghes: '*' +--- + +## Introduction + +Secrets, such as API keys, tokens and credentials, can pose significant security risks to your team and organization if inadvertently exposed in your codebase or stored improperly. + +You should consider any leaked secret to be immediately compromised and it is essential that you undertake proper remediation steps, such as revoking the secret. Simply removing the secret from the codebase, pushing a new commit, or deleting and recreating the repository do not prevent the secret from being exploited. + +This how-to walks you through what to do if you've accidentally committed a secret to your repository, or if you've been alerted to a secret leak in your repository. + +### Prerequisites + +* You have at least write access to the repository. +* Optional: {% data variables.product.prodname_secret_scanning_caps %} is enabled for the repository. + > [!NOTE] + > {% data variables.product.prodname_secret_scanning_caps %} is **free** for public repositories. It is available as part of [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) for private repositories on {% data variables.product.prodname_team %} and {% data variables.product.prodname_ghe_cloud %} plans. + +## Step 1. Identify the secret and gather context + +Gather as much information as you can about the leaked secret. This will help you assess the risk and determine the best course of action for remediation. + +1. Determine the secret type and its provider. + * For example, is the secret a {% data variables.product.github %} {% data variables.product.pat_generic %} (PAT), an OpenAI API key, an SSH private key? +1. Locate the repository, file and line that contains the leaked secret. +1. Identify the secret owner. This is the person or team who created, or is responsible for, the secret. + * Check the `CODEOWNERS` file of the repository to determine the responsible team. + * Use `git log -S` to help search the commit history of your repository to identify who committed the secret. + +> [!TIP] +> If you have {% data variables.product.prodname_secret_scanning %} enabled for your repository, the {% data variables.product.prodname_secret_scanning %} alert can provide you with most of these details. + +## Step 2. Assess risk + +How you approach remediation will be determined by the risk factors associated with the secret leak. + +{% data variables.product.prodname_secret_scanning_caps %} can help you assess the risk associated with an alert, but if you don't yet have {% data variables.product.prodname_secret_scanning %} enabled, you can still perform a risk assessment based on the information available to you. + +### Option 1. {% data variables.product.prodname_secret_scanning_caps %} is enabled + +Review the {% data variables.product.prodname_secret_scanning %} alert associated with the leak, checking the alert labels and any available metadata: + +1. Check the secret's **validity status** to determine if the secret is still active. The alert will include a status that describes whether the secret is active, inactive, or if its validity is unknown. + > [!NOTE] + > * Validity checks are only available for certain secret types. To check if your secret type is supported, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#default-patterns). + > * The secret provider is always the most reliable source of truth for determining the validity of a secret. +1. Check for the `public exposure` label to determine if the secret was leaked in a public repository. +1. Check for the `multiple leaks` label to determine if the secret is exposed in multiple locations. +1. If the secret is a {% data variables.product.github %} PAT, check the **alert metadata** for any information on when the secret was last used and its access scope. +1. Assess which services or applications depend on the secret, and consider the potential for downtime or disruption if you were to immediately revoke the secret. + +### Option 2. {% data variables.product.prodname_secret_scanning_caps %} is not enabled + +If you don't yet have {% data variables.product.prodname_secret_scanning %} enabled for the repository, perform a risk assessment based on the following: + +1. Check the repository's **visibility**. Is the repository public? +1. Look for indications that the secret **has been used recently**. Are there any recent commits or pull requests that reference the secret? Are there any logs or audit trails that show the secret being used? +1. Assess the **file** containing the secret and the **surrounding context**. Is the secret used in a production deployment script (higher risk) or a test file (lower risk)? Is the secret associated with a database credential or admin key (higher risk)? +1. Assess which services or applications depend on the secret, and consider the potential for downtime or disruption if you were to immediately revoke the secret. + +{% ifversion secret-risk-assessment %} + +> [!TIP] +> Organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %} plans can perform a **free** secret risk assessment (an on-demand, point-in-time scan) that evaluates their exposure to leaked secrets. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment). + +{% endif %} + +## Step 3. Strategize remediation + +The next step depends on the risk assessment you performed in the previous step. + +### Act quickly for high-risk secrets + +Automated scanners can locate publicly exposed secrets in minutes. They can be exploited by malicious actors within hours. The longer that an active secret is left exposed, the greater the potential for serious breaches. + +If the secret is high risk (that is, the secret is still active, is exposed in a public repository, or is a production credential), we would recommend that you: + +1. Prioritize revoking the secret immediately. See [Step 4](#step-4-revoke-the-secret). + + > [!NOTE] If you are concerned about downtime to services, you may want to first generate a new secret with the same permissions, make the application start using the new token, and _then_ revoke the old secret. + +1. Communicate with the secret owner (identified in Step 1), repository administrators, and security leads **during or after** revocation. + +### Plan for medium to low-risk secrets + +If the secret is medium to low risk (that is, the secret is no longer active, is exposed in a private repository, or is a test or development credential), you can plan the remediation strategy accordingly: + +1. Using the information gathered in Step 1, locate the responsible team for the secret and alert them to the secret leak. +1. Explain what was leaked and when. Explain that you'll need to revoke the secret, generate a new secret and that affected services will require updating. +1. Inform the repository administrators and security leads about the leak, explaining any remediation actions needed or already taken. +1. Plan a time for revocation and rotation together with the appropriate team to coordinate a smooth transition. + +It is important to remediate even medium- to low-risk secrets, as they can still pose a risk to both security and compliance if left exposed. + +## Step 4. Revoke the secret + +It is not sufficient to simply remove the secret from your codebase. The most important remediation step is revoking the secret with the secret's provider. By revoking the secret, you drastically reduce the potential for the secret to be exploited. + +1. Using the information gathered in Step 1, locate the secret provider's website or documentation. +1. Follow the provider's instructions for revoking the secret. This typically involves logging into the provider's portal and navigating to the section where the secret is managed. + + If you lack access to the provider portal, contact the secret owner or relevant repository administrator to get help with revoking the secret. +1. Generate a new secret, if necessary, to replace the revoked secret. This is often required to restore functionality for services that relied on the original secret. + +> [!NOTE] +> {% data variables.product.github %} automatically revokes {% data variables.product.github %} {% data variables.product.pat_generic_plural %} (PATs) leaked in public repositories. +> +> For leaked {% data variables.product.github %} PATs in private repositories, you can report the leak to {% data variables.product.github %} directly from within the {% data variables.product.prodname_secret_scanning %} alert by clicking **Report leak**. +> +> For other secret types, if a secret matching one of {% data variables.product.github %}'s supported partner patterns is leaked in a public repository, {% data variables.product.github %} automatically reports the leak to the secret provider, who may immediately revoke the secret. + +## Step 5: Identify and update affected services + +Next, you need to coordinate updates to all affected services using the leaked secret and update them with the new secret. + +### Identify + +1. Use {% data variables.product.github %}'s code search to check all code, issues, and pull requests for the secret. + * Search across your organization using `org:YOUR-ORG "SECRET-STRING"`. + * Search your repository using `repo:YOUR-REPO "SECRET-STRING"`. +1. Check the repository's stored deploy keys and secrets and variables. + * Click "Settings," then under "Security," click **Secrets and variables** or **Deploy keys**. +1. Check for any installed {% data variables.product.prodname_github_apps %} and integrations that may use the secret. + +### Coordinate + +1. Instruct {% data variables.product.prodname_copilot_short %} to create issues (and sub-issues) for each task involved in updating an affected service. {% ifversion fpt or ghec %} See [AUTOTITLE](/copilot/how-tos/github-flow/using-github-copilot-to-create-issues).{% endif %} +1. If multiple stakeholders are involved, create a project board for the issues to track progress and facilitate communication. + +### Update and verify + +1. Update your application with the new secret, ensuring that your application properly uses the new credential. + > [!TIP] A safe way of providing sensitive credentials to your application is through a vault. For example, you can make sensitive credentials available to {% data variables.product.github %} actions and workflows through the "Secrets and variables" store under your repository's settings page. +1. Test affected services to ensure they are functioning correctly with the new secret. + +## Step 6. Check for unauthorized access + +Once services are back up and running, it's important to check for any unauthorized access that may have occurred while the secret was exposed. + +1. Review {% data variables.product.github %}'s audit logs for events relating to the secret and its usage. + * Security log for your personal account. See [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log). + * Audit log for your organization. See [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization). + * Audit log for your enterprise. See [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise). + + For the organization- and enterprise-level audit logs, you can specifically search for events related to an access token. See [AUTOTITLE](/enterprise-cloud@latest/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/identifying-audit-log-events-performed-by-an-access-token) (organizations) and [AUTOTITLE](/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/identifying-audit-log-events-performed-by-an-access-token) (enterprises). + + Access to {% data variables.product.github %}'s audit logs depends on your role, so you may need to contact an organization owner or enterprise administrator if you don't have the necessary permissions. +1. Review the secret provider's audit logs. + * For example, for Amazon Web Services (AWS) secrets, you can check the CloudTrail logs for any unauthorized access attempts using the leaked secret. See [What Is AWS CloudTrail?](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html) in the AWS CloudTrail documentation. + +## Step 7. Clean the repository + +Although you've now revoked and updated the secret in your codebase, the secret may still exist in your repository's commit history. Ideally, you should search for and remove all instances of the secret from your repository. + +However, cleaning Git history can be a destructive and disruptive process, as it may involve force pushing changes to the repository. + +Together with your repository's security leads, consider carefully the effects of cleaning the repository's history against your compliance or security obligations. See [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository#side-effects-of-rewriting-history). + +## Step 8. Resolve the alert + +1. Close the {% data variables.product.prodname_secret_scanning %} alert in the repository by selecting **Close as** and marking the alert as "Revoked." +1. Document the incident in your team's knowledge base or incident management system, including the steps taken to remediate the leak and any lessons learned. + +## Step 9. Prevent further leaks + +Dealing with secret leaks is often disruptive, complicated, and time-consuming. The focus for secret handling should always be on **preventing leaks** at all costs: + +1. Ensure that push protection (part of {% data variables.product.prodname_GH_secret_protection %}) is enabled for the repository, if it's not already. Explore implementing strict bypass controls, so that only trusted users can bypass push protection. See [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection). +1. Ensure you have "Push protection for users" enabled on your personal account, which protects you from accidentally pushing supported secrets to _any_ public repository. +1. Advocate for, or implement, best practices for secret management within your team or organization: + * Use environment variables to store secrets instead of hardcoding them in the codebase. + * Use secret management tools like {% data variables.product.github %}'s "Secrets and variables" store under your repository's settings page to securely store and manage secrets. + * Regularly rotate secrets to minimize the impact of any potential leaks. +1. Document incidents and remediation steps to help your team learn from past mistakes and improve future practices. +1. Advocate for, and undertake, regular learning and security training. See, for example, [{% data variables.product.github %} Advanced Security](https://learn.microsoft.com/en-us/training/paths/github-advanced-security/) course from Microsoft Learn. + +## Further reading + +* [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning) +* [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection) +* [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns) +* [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security) diff --git a/content/codespaces/about-codespaces/what-are-codespaces.md b/content/codespaces/about-codespaces/what-are-codespaces.md index 4b3305a86368..b205c202fe56 100644 --- a/content/codespaces/about-codespaces/what-are-codespaces.md +++ b/content/codespaces/about-codespaces/what-are-codespaces.md @@ -67,6 +67,6 @@ See [AUTOTITLE](/codespaces/customizing-your-codespace). For information on pricing, storage, and usage for {% data variables.product.prodname_github_codespaces %}, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces). -{% data reusables.codespaces.codespaces-spending-limit-requirement %} +{% data reusables.billing.default-over-quota-behavior %} {% data reusables.codespaces.codespaces-monthly-billing %} For information on how organizations owners and billing managers can manage the spending limit for {% data variables.product.prodname_github_codespaces %} for an organization, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/managing-the-spending-limit-for-github-codespaces). diff --git a/content/packages/learn-github-packages/introduction-to-github-packages.md b/content/packages/learn-github-packages/introduction-to-github-packages.md index 205541d3ffc4..95b39b5b0422 100644 --- a/content/packages/learn-github-packages/introduction-to-github-packages.md +++ b/content/packages/learn-github-packages/introduction-to-github-packages.md @@ -47,7 +47,11 @@ The permissions for a package are either inherited from the repository where the ## About billing for {% data variables.product.prodname_registry %} -{% data reusables.package_registry.packages-billing %} {% data reusables.package_registry.packages-spending-limit-brief %} For more information, see [AUTOTITLE](/billing/managing-billing-for-github-packages/about-billing-for-github-packages). +{% data reusables.package_registry.packages-billing %} + +{% data reusables.billing.default-over-quota-behavior %} + +For more information, see [AUTOTITLE](/billing/managing-billing-for-github-packages/about-billing-for-github-packages). {% endif %} diff --git a/data/reusables/actions/actions-spending-limit-brief.md b/data/reusables/actions/actions-spending-limit-brief.md index 8005a32b08eb..6b5f9fdcbc51 100644 --- a/data/reusables/actions/actions-spending-limit-brief.md +++ b/data/reusables/actions/actions-spending-limit-brief.md @@ -1,3 +1 @@ -If you are a monthly-billed customer, your account will have a default budget of 0 US dollars (USD), which prevents additional usage of minutes or storage for private repositories beyond the quota included with your account. If you pay your account by invoice, your account will have an unlimited default spending limit. - - +Monthly-billed customers may have budgets that prevent additional usage of minutes or storage for private repositories beyond the quota included with your account. Invoice-billed customers typically have unlimited spending. Check your account's budgets to ensure they are appropriate for your usage needs. See [AUTOTITLE](/billing/tutorials/set-up-budgets#viewing-budgets). diff --git a/data/reusables/billing/default-over-quota-behavior.md b/data/reusables/billing/default-over-quota-behavior.md index 5b6dd38d52ee..65ad13891e80 100644 --- a/data/reusables/billing/default-over-quota-behavior.md +++ b/data/reusables/billing/default-over-quota-behavior.md @@ -1,5 +1,3 @@ If your account does not have a valid payment method on file, usage is blocked once you use up your quota. -By default, if you have a valid payment method on file, spending is limited to $0 USD until you set a budget. You can set and manage a budget to limit spending for a product or SKU. See [AUTOTITLE](/billing/managing-your-billing/using-budgets-control-spending). - - +If you have a valid payment method on file, spending may be limited by one or more budgets. Check the budgets set for your account to ensure they are appropriate for your usage needs. See [AUTOTITLE](/billing/managing-your-billing/using-budgets-control-spending). diff --git a/data/reusables/billing/migrated-budgets.md b/data/reusables/billing/migrated-budgets.md new file mode 100644 index 000000000000..1248985af1bf --- /dev/null +++ b/data/reusables/billing/migrated-budgets.md @@ -0,0 +1,6 @@ + + + +Accounts that have migrated from the old billing platform may contain automatically generated budgets that mirror their previous spending limits. + + diff --git a/data/reusables/codespaces/codespaces-spending-limit-requirement.md b/data/reusables/codespaces/codespaces-spending-limit-requirement.md index a34b251d762b..aafcb78e7aa9 100644 --- a/data/reusables/codespaces/codespaces-spending-limit-requirement.md +++ b/data/reusables/codespaces/codespaces-spending-limit-requirement.md @@ -1,3 +1 @@ ->[!NOTE] You must set a non-zero spending limit on your personal, organization, or enterprise account before the account can be billed for use of {% data variables.product.prodname_github_codespaces %}. - -By default, all accounts have a {% data variables.product.prodname_github_codespaces %} spending limit of $0 USD. This prevents new codespaces being created, or existing codespaces being opened, if doing so would incur a billable cost to your personal, organization, or enterprise account. For personal accounts, if you have access to create a codespace, you can do so as long as the account has not reached the limit of its monthly included usage. For organizations and enterprises, the default spending limit means that, to allow people to create codespaces that are billed to the organization, or its parent enterprise, the limit must be changed to a value above $0 USD. +Accounts may have spending limits that prevent new codespaces being created, or existing codespaces being opened, if doing so would incur a billable cost to your personal, organization, or enterprise account. Check your account's budgets to ensure they are appropriate for your usage needs. See [AUTOTITLE](/billing/managing-your-billing/using-budgets-control-spending). diff --git a/data/reusables/package_registry/packages-spending-limit-brief.md b/data/reusables/package_registry/packages-spending-limit-brief.md index 72ed6e5ffcb9..b9ab7fc8b309 100644 --- a/data/reusables/package_registry/packages-spending-limit-brief.md +++ b/data/reusables/package_registry/packages-spending-limit-brief.md @@ -1 +1 @@ -If you are a monthly-billed customer, your account will have a default spending limit of 0 US dollars (USD), which prevents additional usage of storage or data transfer after you reach the included amounts. If you pay your account by invoice, your account will have an unlimited default spending limit. +Monthly-billed customers may have spending limits in place that prevent additional usage of storage or data transfer after you reach the included amounts. Invoice-billed customers typically have unlimited spending. Check your account's budgets to ensure they are appropriate for your usage needs. See [AUTOTITLE](/billing/tutorials/set-up-budgets#viewing-budgets). diff --git a/src/secret-scanning/data/public-docs.yml b/src/secret-scanning/data/public-docs.yml index 43f0d0773d75..8524bfad125f 100644 --- a/src/secret-scanning/data/public-docs.yml +++ b/src/secret-scanning/data/public-docs.yml @@ -2121,6 +2121,17 @@ hasPushProtection: true hasValidityCheck: false isduplicate: false +- provider: Elastic + supportedSecret: Elastic Cloud API Key + secretType: elastic_cloud_api_key + versions: + fpt: '*' + ghec: '*' + isPublic: false + isPrivateWithGhas: true + hasPushProtection: false + hasValidityCheck: false + isduplicate: false - provider: Facebook supportedSecret: Facebook Access Token secretType: facebook_access_token @@ -2832,6 +2843,28 @@ hasPushProtection: true hasValidityCheck: false isduplicate: false +- provider: Langchain + supportedSecret: Langchain API Personal Key + secretType: langchain_api_personal_key + versions: + fpt: '*' + ghec: '*' + isPublic: false + isPrivateWithGhas: true + hasPushProtection: false + hasValidityCheck: false + isduplicate: false +- provider: Langchain + supportedSecret: Langchain API Server Key + secretType: langchain_api_server_key + versions: + fpt: '*' + ghec: '*' + isPublic: false + isPrivateWithGhas: true + hasPushProtection: false + hasValidityCheck: false + isduplicate: false - provider: LaunchDarkly supportedSecret: LaunchDarkly API Token secretType: launchdarkly_access_token @@ -3568,6 +3601,17 @@ hasPushProtection: false hasValidityCheck: '{% ifversion fpt or ghes %}false{% else %}true{% endif %}' isduplicate: false +- provider: Openweather + supportedSecret: Openweather API Key + secretType: openweather_api_key + versions: + fpt: '*' + ghec: '*' + isPublic: false + isPrivateWithGhas: true + hasPushProtection: false + hasValidityCheck: false + isduplicate: false - provider: Oracle supportedSecret: Oracle API Key secretType: oracle_api_key diff --git a/src/secret-scanning/lib/config.json b/src/secret-scanning/lib/config.json index 3580693128ee..17764fcb9568 100644 --- a/src/secret-scanning/lib/config.json +++ b/src/secret-scanning/lib/config.json @@ -1,5 +1,5 @@ { - "sha": "8c4882cc5e248d08d7dd4daedcf92a9556d7bf5b", - "blob-sha": "ea7f614767331a7ca755778cd1a13fb984fc40f1", + "sha": "01299c0adaae7096ec8fae216614337d502a4613", + "blob-sha": "a4039b2ae13a43e5737fc1e789713a0ebc2ea4c6", "targetFilename": "code-security/secret-scanning/introduction/supported-secret-scanning-patterns" } \ No newline at end of file