Repo sync

content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md

@@ -138,7 +138,11 @@ If your enterprise uses {% data variables.product.prodname_emus %}, you can choo
 
 By default, to hide the existence of private resources, when an unauthenticated user attempts to access your enterprise, {% data variables.product.company_short %} displays a 404 error.
 
-To prevent confusion from your developers, you can change this behavior so that users are automatically redirected to single sign-on (SSO) through your identity provider (IdP). When you enable automatic redirects, anyone who visits the URL for any of your enterprise's resources will be able to see that the resource exists. However, they'll only be able to see the resource if they have appropriate access after authenticating with your IdP.
+To prevent confusion from your developers, you can change this behavior by enabling the "Automatically redirect users to sign in" setting so that users are automatically redirected to single sign-on (SSO) through your identity provider (IdP). When you enable this setting, anyone who visits the URL for any of your enterprise's resources will be able to see that the resource exists. However, they'll only be able to see the resource if they have appropriate access after authenticating with your IdP.
+
+The configuration of this setting also affects {% data variables.product.prodname_emus %} who use Git Credential Manager (GCM). For more details, see the [`git-credential-manager` repository](https://github.com/git-ecosystem/git-credential-manager)
+
+If "Automatically redirect users to sign in" is enabled, {% data variables.product.github %} sends the server hints that let GCM automatically filter accounts for your enterprise members. If the setting is disabled, users who use GCM must turn off account filtering locally in GCM to avoid being prompted for authentication each time they perform a Git operation. For more details, see [AUTOTITLE](/get-started/git-basics/caching-your-github-credentials-in-git).
 
 > [!NOTE]
 > If a user is signed in to their personal account when they attempt to access any of your enterprise's resources, they'll be automatically signed out and redirected to SSO to sign in to their {% data variables.enterprise.prodname_managed_user %}. For more information, see [AUTOTITLE](/enterprise-cloud@latest/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/managing-multiple-accounts).

content/admin/managing-iam/understanding-iam-for-enterprises/getting-started-with-enterprise-managed-users.md

@@ -79,4 +79,5 @@ Using an **incognito or private browsing window**:
 Developers may need to maintain separate, personal accounts for their work outside of your {% data variables.enterprise.prodname_emu_enterprise %}. You can help them manage multiple accounts by providing the following resources:
 
 * **On the command line**, developers can configure Git to simplify the process of using multiple accounts. See [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-your-personal-account/managing-multiple-accounts).
+* **In Git Credential Manager (GCM)**: Turn off account filtering to prevent multiple sign-in prompts if the [SSO Redirect setting](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-sso-for-unauthenticated-users) is not enabled for your enterprise. See [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-sso-for-unauthenticated-users).
 * **In the web interface**, developers can switch between accounts without always needing to re-authenticate. See [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/switching-between-accounts).

content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise.md

@@ -117,7 +117,7 @@ From {% data variables.product.prodname_dotcom %}:
 1. Under "Authentication", click **Access keys**.{% endif %}
 1. Configure the stream settings.
 
-{% ifversion ghec %}
+{% ifversion ghec or ghes > 3.14 %}
     - Under "Region", select the bucket's region. For example, `us-east-1`.{% endif %}
     - Under "Bucket", type the name of the bucket you want to stream to. For example, `auditlog-streaming-test`.
     - Under "Access Key ID", type your access key ID. For example, `ABCAIOSFODNN7EXAMPLE1`.

content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.md

@@ -174,19 +174,34 @@ If this parameter is not used, the {% data variables.code-scanning.codeql_workfl
 
 ## Changing the languages that are analyzed
 
-{% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} automatically detects code written in the supported languages.
+{% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} supports code written in the following languages:
 
 {% data reusables.code-scanning.codeql-languages-bullets %}
 
 {% data variables.product.prodname_codeql %} uses the following language identifiers:
 
 {% data reusables.code-scanning.codeql-language-identifiers-table %}
 
-The default {% data variables.code-scanning.codeql_workflow %} file contains a matrix called `language` which lists the languages in your repository that are analyzed. {% data variables.product.prodname_codeql %} automatically populates this matrix when you add {% data variables.product.prodname_code_scanning %} to a repository. Using the `language` matrix optimizes {% data variables.product.prodname_codeql %} to run each analysis in parallel. We recommend that all workflows adopt this configuration due to the performance benefits of parallelizing builds. For more information about matrices, see [AUTOTITLE](/actions/using-jobs/using-a-matrix-for-your-jobs).
+> [!NOTE]
+> If you specify one of the alternative identifiers, this is equivalent to using the standard language identifier. For example, specifying `javascript` instead of `javascript-typescript` will not exclude analysis of TypeScript code. Instead, you can use a custom configuration file to exclude files from analysis using the `paths-ignore` setting. For more information, see [Using a custom configuration file](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#using-a-custom-configuration-file) and [Specifying directories to scan](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan).
 
-{% data reusables.code-scanning.specify-language-to-analyze %}
+These language identifiers can be used as arguments to the `languages` input of the `init` action. We recommend that only one language is provided as an argument:
 
-If your workflow uses the `language` matrix then {% data variables.product.prodname_codeql %} is hardcoded to analyze only the languages in the matrix. To change the languages you want to analyze, edit the value of the matrix variable. You can remove a language to prevent it being analyzed or you can add a language that was not present in the repository when {% data variables.product.prodname_code_scanning %} was configured. For example, if the repository initially only contained JavaScript when {% data variables.product.prodname_code_scanning %} was configured, and you later added Python code, you will need to add `python` to the matrix.
+```yaml copy
+- uses: {% data reusables.actions.action-codeql-action-init %}
+  with:
+    languages: javascript-typescript
+```
+
+The default {% data variables.code-scanning.codeql_workflow %} file created after [configuring advanced setup for code scanning with CodeQL](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning#configuring-advanced-setup-for-code-scanning-with-codeql) defines a matrix containing a property named `language` which lists the languages in your repository that will be analyzed. This matrix has been automatically pre-populated with supported languages detected in your repository. Using the `language` matrix allows {% data variables.product.prodname_codeql %} to run each language analysis in parallel and to customize analysis for each language. In an individual analysis, the name of the language from the matrix is provided to the `init` action as the argument for the `languages` input. We recommend that all workflows adopt this configuration. For more information about matrices, see [AUTOTITLE](/actions/using-jobs/using-a-matrix-for-your-jobs).
+
+```yaml copy
+- uses: {% data reusables.actions.action-codeql-action-init %}
+  with:
+    languages: {% raw %}${{ matrix.language }}{% endraw %}
+```
+
+If your workflow uses the `language` matrix, then {% data variables.product.prodname_codeql %} will only analyze the languages in the matrix. To change the languages you want to analyze, edit the matrix configuration. You can remove a language to prevent it from being analyzed. There are several reasons you might want to prevent a language being analyzed. For example, the project might have dependencies in a different language to the main body of your code, and you might prefer not to see alerts for those dependencies. You can also add a language that was not present in the repository when {% data variables.product.prodname_code_scanning %} was configured. For example, if the repository initially only contained JavaScript when {% data variables.product.prodname_code_scanning %} was configured, and you later added Python code, you will need to add `python` to the matrix.
 
 ```yaml copy
 jobs:
@@ -196,19 +211,19 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: ['javascript-typescript', 'python']
+        include:
+          - language: javascript-typescript
+            build-mode: none
+          - language: python
+            build-mode: none
 ```
 
-If your workflow does not contain a matrix called `language`, then {% data variables.product.prodname_codeql %} is configured to run analysis sequentially. If you don't specify languages in the workflow, {% data variables.product.prodname_codeql %} automatically detects, and attempts to analyze, any supported languages in the repository. If you want to choose which languages to analyze, without using a matrix, you can use the `languages` parameter under the `init` action.
+For compiled languages, the matrix can also be used to configure which build mode should be used for analysis by changing the value of the `build-mode` property. For more information about build modes, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#about-build-mode-none-for-codeql).
 
-```yaml copy
-- uses: {% data reusables.actions.action-codeql-action-init %}
-  with:
-    languages: c-cpp, csharp, python
-```
+If your workflow does not provide an argument to the `languages` input of the `init` action, then {% data variables.product.prodname_codeql %} is configured to run analyses sequentially. In this case, {% data variables.product.prodname_codeql %} automatically detects, and attempts to analyze, any supported languages in the repository. Depending on the size of the repository and the number of languages, this may take a long time. If analysis for one language fails in this mode, then the analysis for all languages fails. Therefore, we do not recommend this configuration.
 
 > [!NOTE]
-> When analyzing languages sequentially, the default build-mode for every language will be used. Alternatively, if you provide an explicit `autobuild` step, then every language that supports the `autobuild` mode will use it while other languages use their default mode. If a more complex build-mode configuration than this is required, then you will need to use a `language` matrix.
+> When analyzing languages sequentially, the default build-mode for every language will be used. Alternatively, if you provide an explicit `autobuild` step, then every language that supports the `autobuild` mode will use it while other languages use their default mode. If a more complex build-mode configuration than this is required, then you will need to configure a matrix.
 
 ## Defining the alert severities that cause a check failure for a pull request
 

content/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis.md

@@ -57,6 +57,11 @@ You must specify:
 
     {% data reusables.code-scanning.codeql-language-identifiers-table %}
 
+    > [!NOTE]
+    > If you specify one of the alternative identifiers, this is equivalent to using the standard language identifier. For example, specifying `javascript` instead of `javascript-typescript` will not exclude analysis of TypeScript code. Instead, you can use the `--codescanning-config` CLI option to load a configuration file that specifies files to exclude with the `paths-ignore` configuration key. See [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#using-a-custom-configuration-file).
+    >
+    > Alternatively, for languages that support it, use a custom build command that only builds the files that you want to scan. See [Creating databases for compiled languages](/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis#creating-databases-for-compiled-languages).
+
 If your codebase has a build command or script that invokes the build process, we recommend that you specify it as well:
 
 ```shell

content/get-started/git-basics/index.md

@@ -16,7 +16,7 @@ children:
   - /set-up-git
   - /setting-your-username-in-git
   - /caching-your-github-credentials-in-git
-  - /why-is-git-always-asking-for-my-password
+  - /why-is-git-always-asking-for-my-credentials
   - /updating-credentials-from-the-macos-keychain
   - /git-workflows
   - /about-remote-repositories

content/get-started/git-basics/why-is-git-always-asking-for-my-password.md → content/get-started/git-basics/why-is-git-always-asking-for-my-credentials.md

@@ -1,26 +1,32 @@
 ---
-title: Why is Git always asking for my password?
-intro: 'If Git prompts you for a username and password every time you try to interact with GitHub, you''re probably using the HTTPS clone URL for your repository.'
+title: Why is Git always asking for my credentials?
+intro: 'If Git prompts you for your credentials every time you try to interact with GitHub, you''re probably using the HTTPS clone URL for your repository.'
 redirect_from:
   - /articles/why-is-git-always-asking-for-my-password
   - /github/using-git/why-is-git-always-asking-for-my-password
   - /github/getting-started-with-github/why-is-git-always-asking-for-my-password
   - /github/getting-started-with-github/getting-started-with-git/why-is-git-always-asking-for-my-password
   - /get-started/getting-started-with-git/why-is-git-always-asking-for-my-password
+  - /get-started/git-basics/why-is-git-always-asking-for-my-password
 versions:
   fpt: '*'
   ghes: '*'
   ghec: '*'
-shortTitle: Git passwords
+shortTitle: Repeated credential prompts
 ---
 Using an HTTPS remote URL has some advantages compared with using SSH. It's easier to set up than SSH, and usually works through strict firewalls and proxies. However, it also prompts you to enter your {% data variables.product.github %} credentials every time you pull or push a repository.
 
 {% data reusables.user-settings.password-authentication-deprecation %}
 
 You can avoid being prompted for your password by configuring Git to [cache your credentials](/get-started/git-basics/caching-your-github-credentials-in-git) for you. Once you've configured credential caching, Git automatically uses your cached {% data variables.product.pat_generic %} when you pull or push a repository using HTTPS.
 
+{% ifversion ghec %}
+If you are an [Enterprise Managed User](/get-started/learning-about-github/types-of-github-accounts#managed-user-accounts), and your enterprise owners do not have [the SSO Redirect setting](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise#managing-sso-for-unauthenticated-users) enabled for the enterprise, then credential caching may not work properly when using [Git Credential Manager (GCM)](https://github.com/git-ecosystem/git-credential-manager). You will need to disable GCM [account filtering](https://github.com/git-ecosystem/git-credential-manager/blob/release/docs/configuration.md#credentialgithubaccountfiltering) locally in this situation to prevent getting prompted for authentication each time you perform a Git operation. For more details, see [AUTOTITLE](/get-started/git-basics/caching-your-github-credentials-in-git).
+{% endif %}
+
 ## Further reading
 
 * [AUTOTITLE](/get-started/git-basics/about-remote-repositories)
 * [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/about-authentication-to-github)
 * [AUTOTITLE](/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#adding-your-ssh-key-to-the-ssh-agent)
+* [AUTOTITLE](/get-started/git-basics/caching-your-github-credentials-in-git)

data/reusables/code-scanning/codeql-language-identifiers-table.md

@@ -3,15 +3,12 @@
 |------------------|------------------- | ---------------
 | C/C++ | `c-cpp` | `c` or `cpp` |
 | C# | `csharp` |
+| {% ifversion code-scanning-actions-language %} |
+{% data variables.product.prodname_actions %} workflows | `actions`
+| {% endif %}
 | Go | `go` |
 | Java/Kotlin | `java-kotlin` | `java` or `kotlin` |
 | JavaScript/TypeScript | `javascript-typescript` | `javascript` or `typescript` |
 | Python | `python` |
 | Ruby | `ruby` |
 | Swift | `swift` |
-| {% ifversion code-scanning-actions-language %} |
-{% data variables.product.prodname_actions %} workflows | `actions`
-| {% endif %}
-
-> [!NOTE]
-> If you specify one of the alternative identifiers, this is equivalent to using the standard language identifier. For example, specifying `javascript` instead of `javascript-typescript` will not exclude analysis of TypeScript code. You can do this in an advanced setup workflow with the `--paths-ignore` option. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#specifying-directories-to-scan).

data/reusables/enterprise-accounts/audit-log-tab.md

@@ -1 +1 @@
-1. Under "Settings", click **{% octicon "log" aria-hidden="true" aria-label="log" %} Audit log**.
+1. Under "Settings", click **Audit log**.

data/reusables/gcm-core/next-time-you-clone.md

@@ -1 +1,15 @@
 The next time you clone an HTTPS URL that requires authentication, Git will prompt you to log in using a browser window. You may first be asked to authorize an {% data variables.product.prodname_oauth_app %}. If your account or organization requires [two-factor auth](/authentication/securing-your-account-with-two-factor-authentication-2fa), you'll also need to complete the 2FA challenge.
+
+{% ifversion not ghes %}
+
+> [!TIP]
+>
+> If you're a member of an enterprise that uses {% data variables.product.prodname_emus %}, your enterprise view has the "Users managed by ACCOUNT NAME" header bar at the top of the screen. In that case you will need to disable account filtering locally in GCM to prevent getting prompted for authentication each time a remote Git operation is performed. For more details, see the [`git-credential-manager` repository](https://github.com/git-ecosystem/git-credential-manager/blob/release/docs/configuration.md#credentialgithubaccountfiltering).
+>
+> To configure the Git Credential Manager run the following command:
+>
+> ```bash
+> git config --global credential.gitHubAccountFiltering "false"
+> ```
+
+{% endif %}