From bdb43a5f9a893834e98d7d54eb42b35eab0cf1fc Mon Sep 17 00:00:00 2001 From: Anne-Marie <102995847+am-stead@users.noreply.github.com> Date: Fri, 20 Sep 2024 10:44:04 +0100 Subject: [PATCH 1/2] [Improvement]: Update supported GHES versions for GHAS configurations #15768 (#52213) --- ...d-security-features-for-your-enterprise.md | 2 - ...ut-billing-for-github-advanced-security.md | 4 -- ...your-github-advanced-security-licensing.md | 1 - ...ing-your-github-advanced-security-usage.md | 4 +- .../phase-3-pilot-programs.md | 14 ++--- ...phase-5-rollout-and-scale-code-scanning.md | 2 - ...ase-6-rollout-and-scale-secret-scanning.md | 2 - ...efault-setup-for-code-scanning-at-scale.md | 15 ++--- ...ing-your-configuration-of-default-setup.md | 6 +- .../configuring-dependabot-alerts.md | 9 +-- ...e-rules-to-prioritize-dependabot-alerts.md | 18 ++---- ...configuring-dependabot-security-updates.md | 11 +--- ...ickstart-for-securing-your-organization.md | 14 +---- ...ing-push-protection-for-your-repository.md | 2 +- ...ing-secret-scanning-for-your-repository.md | 2 +- ...ing-custom-patterns-for-secret-scanning.md | 17 ++---- .../managing-custom-patterns.md | 10 ++-- ...ng-delegated-bypass-for-push-protection.md | 7 ++- ...rity-configuration-in-your-organization.md | 13 ----- ...security-settings-for-your-organization.md | 2 - ...out-enabling-security-features-at-scale.md | 6 -- ...ity-configuration-for-your-repositories.md | 2 - ...eleting-a-custom-security-configuration.md | 2 - ...ries-from-their-security-configurations.md | 2 - ...editing-a-custom-security-configuration.md | 8 +-- ...eting-security-findings-on-a-repository.md | 2 - ...-github-advanced-security-license-usage.md | 2 - ...pplying-a-custom-security-configuration.md | 6 +- ...reating-a-custom-security-configuration.md | 8 +-- ...-using-advanced-setup-for-code-scanning.md | 2 - ...nough-github-advanced-security-licenses.md | 2 - .../about-security-overview.md | 8 +-- .../assessing-adoption-code-security.md | 14 ++--- ...rity-features-for-multiple-repositories.md | 4 +- .../about-github-advanced-security.md | 2 - ...analysis-settings-for-your-organization.md | 57 ++++++------------- ...-security-managers-in-your-organization.md | 19 ++----- data/features/pre-security-configurations.yml | 3 + data/features/security-configurations.yml | 2 +- .../secret-scanning-new-custom-pattern-org.md | 2 +- ...bot-grouped-security-updates-how-enable.md | 2 +- ...disabling-dependency-graph-private-repo.md | 2 +- .../configuring-security-features.md | 2 +- ...ed-org-settings-global-settings-callout.md | 1 - ...ettings-security-configurations-callout.md | 1 - ...curity-configurations-beta-note-opt-out.md | 6 -- ...security-configurations-beta-note-short.md | 1 - .../security-configurations-beta-note.md | 6 -- .../security/note-securing-your-org.md | 2 +- 49 files changed, 89 insertions(+), 242 deletions(-) create mode 100644 data/features/pre-security-configurations.yml delete mode 100644 data/reusables/security-configurations/changed-org-settings-global-settings-callout.md delete mode 100644 data/reusables/security-configurations/changed-org-settings-security-configurations-callout.md delete mode 100644 data/reusables/security-configurations/security-configurations-beta-note-opt-out.md delete mode 100644 data/reusables/security-configurations/security-configurations-beta-note-short.md delete mode 100644 data/reusables/security-configurations/security-configurations-beta-note.md diff --git a/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise.md b/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise.md index adde586c5238..e6c77e815621 100644 --- a/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise.md +++ b/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise.md @@ -20,8 +20,6 @@ redirect_from: You can use {% data variables.product.prodname_advanced_security %} features to harden security for the organizations in your enterprise. {% ifversion security-configurations %}{% data reusables.security-configurations.enable-security-features-with-gh-config %} -{% data reusables.security-configurations.security-configurations-beta-note-short %} - To manage individual {% data variables.product.prodname_GH_advanced_security %} features, {% else %}To streamline management of {% data variables.product.prodname_advanced_security %}, {% endif %}you can enable or disable each feature for all existing and/or new repositories within the organizations owned by your enterprise. {% ifversion secret-scanning-enterprise-level-api %}{% data reusables.secret-scanning.secret-scanning-enterprise-level-api %}{% endif %} diff --git a/content/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security.md b/content/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security.md index 1872d18e9db9..ef2f8bb6bd24 100644 --- a/content/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security.md +++ b/content/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security.md @@ -60,8 +60,6 @@ If you want to use {% data variables.product.prodname_GH_advanced_security %} fe {% ifversion security-configurations %} {% data reusables.security-configurations.managing-GHAS-licenses %} -{% data reusables.security-configurations.security-configurations-beta-note-short %} - {% endif %} {% data reusables.advanced-security.ghas-trial-availability %} For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security)." @@ -77,8 +75,6 @@ You can make extra features for code security available to users by buying and u {% ifversion security-configurations %} {% data reusables.security-configurations.managing-GHAS-licenses %} -{% data reusables.security-configurations.security-configurations-beta-note-short %} - {% endif %} {% endif %} diff --git a/content/billing/managing-billing-for-github-advanced-security/managing-your-github-advanced-security-licensing.md b/content/billing/managing-billing-for-github-advanced-security/managing-your-github-advanced-security-licensing.md index d3ced521f732..bb1a8c28521d 100644 --- a/content/billing/managing-billing-for-github-advanced-security/managing-your-github-advanced-security-licensing.md +++ b/content/billing/managing-billing-for-github-advanced-security/managing-your-github-advanced-security-licensing.md @@ -20,7 +20,6 @@ Each license for {% data variables.product.prodname_GH_advanced_security %} spec {% ifversion security-configurations %} {% data reusables.security-configurations.managing-GHAS-licenses %} -{% data reusables.security-configurations.security-configurations-beta-note-short %} {% endif %} diff --git a/content/billing/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md b/content/billing/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md index 3e69b31e70aa..df90fb3cd744 100644 --- a/content/billing/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md +++ b/content/billing/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md @@ -33,7 +33,7 @@ Each license for {% data variables.product.prodname_GH_advanced_security %} spec You can estimate the number of licenses your enterprise would need to purchase {% data variables.product.prodname_GH_advanced_security %} or to enable {% data variables.product.prodname_GH_advanced_security %} for additional organizations and repositories. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/viewing-committer-information-for-github-advanced-security)." {% endif %} -{% ifversion security-configurations-ga %} +{% ifversion security-configurations %} {% data reusables.security-configurations.managing-GHAS-licenses %} @@ -54,7 +54,6 @@ You can view the enterprise account's current {% ifversion ghas-billing-UI-updat {% ifversion security-configurations %} {% data reusables.security-configurations.managing-GHAS-licenses %} - {% data reusables.security-configurations.security-configurations-beta-note-short %} {% endif %} {% elsif ghes %} @@ -86,7 +85,6 @@ You can view the enterprise account's current {% ifversion ghas-billing-UI-updat {% ifversion security-configurations %} {% data reusables.security-configurations.managing-GHAS-licenses %} -> {% data reusables.security-configurations.security-configurations-beta-note-short %} {% endif %} {% endif %} diff --git a/content/code-security/adopting-github-advanced-security-at-scale/phase-3-pilot-programs.md b/content/code-security/adopting-github-advanced-security-at-scale/phase-3-pilot-programs.md index 2762d9a094e3..6b4d2139810e 100644 --- a/content/code-security/adopting-github-advanced-security-at-scale/phase-3-pilot-programs.md +++ b/content/code-security/adopting-github-advanced-security-at-scale/phase-3-pilot-programs.md @@ -29,16 +29,12 @@ If you haven't already enabled GHAS for your {% data variables.product.prodname_ {% endif %} -You need to enable GHAS for each pilot project, either by enabling the GHAS features for each repository or for all repositories in any organizations taking part in the pilot. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)" or "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)" - {% ifversion security-configurations %} -## Piloting all {% data variables.product.prodname_GH_advanced_security %} features {% ifversion security-configurations-beta-and-pre-beta %}(beta){% endif %} +## Piloting all {% data variables.product.prodname_GH_advanced_security %} features {% data reusables.security-configurations.enable-security-features-with-gh-config %} -{% data reusables.security-configurations.security-configurations-beta-note-short %} - {% endif %} ## Piloting {% data variables.product.prodname_code_scanning %} @@ -82,18 +78,18 @@ To enable secret scanning for your {% data variables.product.prodname_ghe_server {% endif %} -{% ifversion security-configurations-ga %} +{% ifversion security-configurations %} -You need to enable {% data variables.product.prodname_secret_scanning %} for each pilot project. You can do this with the {% data variables.product.prodname_github_security_configuration %}, or you can create a {% data variables.product.prodname_custom_security_configuration %}. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)" and "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration)." +You need to enable {% data variables.product.prodname_secret_scanning %} and push protection for each pilot project. You can do this with the {% data variables.product.prodname_github_security_configuration %}, or you can create a {% data variables.product.prodname_custom_security_configuration %}. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)" and "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration)." {% else %} You need to enable {% data variables.product.prodname_secret_scanning %} for each pilot project, either by enabling the feature for each repository or for all repositories in any organizations taking part in the project. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)" or "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." -{% endif %} - Next, enable push protection for each pilot project. +{% endif %} + If you plan to configure a link to a resource in the message that's displayed when a developer attempts to push a blocked secret, now would be a good time to test and start to refine the guidance that you plan to make available. {%- ifversion security-overview-push-protection-metrics-page %} diff --git a/content/code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md b/content/code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md index 61a48ac689b3..7ee316d5367a 100644 --- a/content/code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md +++ b/content/code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md @@ -19,8 +19,6 @@ This article is part of a series on adopting {% data variables.product.prodname_ {% data reusables.security-configurations.enable-security-features-with-gh-config %} -{% data reusables.security-configurations.security-configurations-beta-note-short %} - {% endif %} ## Enabling code scanning diff --git a/content/code-security/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md b/content/code-security/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md index 8ba791b78ba7..8e140ec4a406 100644 --- a/content/code-security/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md +++ b/content/code-security/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md @@ -21,8 +21,6 @@ You can enable secret scanning for individual repositories or for all repositori {% data reusables.security-configurations.enable-security-features-with-gh-config %} -{% data reusables.security-configurations.security-configurations-beta-note-short %} - {% endif %} This article explains a high-level process focusing on enabling {% data variables.product.prodname_secret_scanning %} for all repositories in an organization. The principles described in this article can still be applied even if you take a more staggered approach of enabling {% data variables.product.prodname_secret_scanning %} for individual repositories. diff --git a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md b/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md index 613bce4ae17b..d80d67ed6a25 100644 --- a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md +++ b/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md @@ -74,8 +74,8 @@ If the code in a repository changes to include {% ifversion code-scanning-defaul ## Configuring default setup for all eligible repositories in an organization -{% ifversion security-configurations-ga %} You can enable default setup for all eligible repositories in your organization. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)." -{% elsif security-configurations-beta-and-pre-beta %} +{% ifversion security-configurations %} You can enable default setup for all eligible repositories in your organization. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)." +{% else %} Through the "Code security and analysis" page of your organization's settings, you can enable default setup for all eligible repositories in your organization. For more information on repository eligibility, see "[Eligible repositories for {% data variables.product.prodname_codeql %} default setup at scale](#eligible-repositories-default-setup)." {% data reusables.code-scanning.beta-org-enable-all %} @@ -83,11 +83,6 @@ Through the "Code security and analysis" page of your organization's settings, y {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} - -{% ifversion security-configurations %} - {% data reusables.security-configurations.changed-org-settings-security-configurations-callout %} For next steps on enabling {% data variables.product.prodname_code_scanning %} and other security features for all eligible repositories with {% data variables.product.prodname_security_configurations %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)." -{% endif %} - 1. Click **Enable all** next to "{% data variables.product.prodname_code_scanning_caps %}".{% ifversion bulk-code-scanning-query-suite%} 1. In the "Query suites" section of the "Enable {% data variables.product.prodname_code_scanning %} default setup" dialog box displayed, select the query suite your configuration of default setup will run. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites)." 1. To enable your configuration of default setup, click **Enable for eligible repositories**. @@ -109,14 +104,14 @@ Through the "Code security and analysis" page of your organization's settings, y ### Extending {% data variables.product.prodname_codeql %} coverage in default setup -Through the "Code security and analysis" page of your organization's settings, you can extend coverage in default setup using model packs for all eligible repositories in your organization. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#extending-coverage-for-all-repositories-in-an-organization)." +Through your organization's security settings page, you can extend coverage in default setup using model packs for all eligible repositories in your organization. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#extending-coverage-for-all-repositories-in-an-organization)." {% endif %} {% ifversion code-security-multi-repo-enablement %} ## Configuring default setup for a subset of repositories in an organization -{% ifversion security-configurations-ga %} +{% ifversion security-configurations %} You can filter for specific repositories you would like to configure default setup for. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/applying-a-custom-security-configuration)." @@ -151,7 +146,7 @@ Through security overview for your organization, you can find eligible repositor - The repositories do not have {% data variables.product.prodname_GH_advanced_security %} enabled. {%- endif %} -{% ifversion security-configurations-beta-and-pre-beta %} +{% ifversion pre-security-configurations %} You can select all of the displayed repositories, or a subset of them, and enable or disable default setup for {% data variables.product.prodname_code_scanning %} for them all at the same time. For more information, see step 5 of "[Configuring default setup at scale for multiple repositories in an organization](#configuring-default-setup-at-scale-for-multiple-repositories-in-an-organization)." diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md index 8b44d4f3fea4..bb2084a63628 100644 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md +++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md @@ -103,10 +103,10 @@ For more information about {% data variables.product.prodname_codeql %} model pa {% data reusables.profile.access_org %} {% data reusables.organizations.org_settings %} -{% ifversion security-configurations-beta-and-pre-beta %} -1. Click **Code security and analysis**. -{% else %} +{% ifversion security-configurations %} 1. Click **Code security** then **Global settings**. +{% else %} +1. Click **Code security and analysis**. {% endif %} 1. Find the "{% data variables.product.prodname_code_scanning_caps %}" section. 1. Next to "Expand {% data variables.product.prodname_codeql %} analysis", click **Configure**. diff --git a/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md b/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md index 5296c803f9e6..cc74a4bbca3f 100644 --- a/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md +++ b/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md @@ -83,9 +83,9 @@ An enterprise owner must first set up {% data variables.product.prodname_dependa ## Managing {% data variables.product.prodname_dependabot_alerts %} for your organization -{% ifversion security-configurations-ga %} You can enable {% data variables.product.prodname_dependabot_alerts %} for all eligible repositories in your organization. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)." +{% ifversion security-configurations %} You can enable {% data variables.product.prodname_dependabot_alerts %} for all eligible repositories in your organization. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)." -{% elsif security-configurations-beta-and-pre-beta %} +{% else %} You can enable or disable {% data variables.product.prodname_dependabot_alerts %} for some or all repositories owned by your organization. {% data reusables.security.note-securing-your-org %} @@ -105,11 +105,6 @@ You can use the organization settings page for "Code security and analysis" to e {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} - -{% ifversion security-configurations-beta-only %} - {% data reusables.security-configurations.changed-org-settings-security-configurations-callout %} For next steps on enabling {% data variables.product.prodname_dependabot_alerts %} and other security features at scale with {% data variables.product.prodname_security_configurations %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)." -{% endif %} - 1. Under "Code security and analysis", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Disable all** or **Enable all**. 1. Optionally, to enable {% data variables.product.prodname_dependabot_alerts %} by default for new repositories in your organization, in the dialog box, select "Enable by default for new repositories". 1. Click **Disable {% data variables.product.prodname_dependabot_alerts %}** or **Enable {% data variables.product.prodname_dependabot_alerts %}** to disable or enable {% data variables.product.prodname_dependabot_alerts %} for all the repositories in your organization. diff --git a/content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md b/content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md index 1e168c644b05..1521b851ed7d 100644 --- a/content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md +++ b/content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md @@ -79,9 +79,9 @@ For more information about enabling or disabling {% data variables.product.prodn ## Adding {% data variables.dependabot.custom_rules %} to your organization -{% ifversion security-configurations-ga %} You can add {% data variables.dependabot.custom_rules %} for all eligible repositories in your organization. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#creating-and-managing-dependabot-auto-triage-rules)." +{% ifversion security-configurations %} You can add {% data variables.dependabot.custom_rules %} for all eligible repositories in your organization. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#creating-and-managing-dependabot-auto-triage-rules)." -{% elsif security-configurations-beta-and-pre-beta %} +{% else %} {% note %} @@ -92,11 +92,6 @@ For more information about enabling or disabling {% data variables.product.prodn {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} - -{% ifversion security-configurations-beta-only %} - {% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For next steps on adding {% data variables.dependabot.auto_triage_rules %} to your organization with {% data variables.product.prodname_global_settings %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#creating-and-managing-dependabot-auto-triage-rules)." -{% endif %} - {% data reusables.dependabot.navigate-to-org-level-dependabot-alert-rules %} {% data reusables.dependabot.click-new-alert-rule %} {% data reusables.dependabot.dependabot-alert-rule-set-name %} @@ -124,18 +119,13 @@ For more information about enabling or disabling {% data variables.product.prodn ## Editing or deleting {% data variables.dependabot.custom_rules %} for your organization -{% ifversion security-configurations-ga %} You can edit or delete {% data variables.dependabot.custom_rules %} for all eligible repositories in your organization. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#creating-and-managing-dependabot-auto-triage-rules)." +{% ifversion security-configurations %} You can edit or delete {% data variables.dependabot.custom_rules %} for all eligible repositories in your organization. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#creating-and-managing-dependabot-auto-triage-rules)." -{% elsif security-configurations-beta-and-pre-beta %} +{% else %} {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} - -{% ifversion security-configurations-beta-only %} - {% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For next steps on editing or deleting {% data variables.dependabot.auto_triage_rules %} in your organization with {% data variables.product.prodname_global_settings %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#creating-and-managing-dependabot-auto-triage-rules)." -{% endif %} - {% data reusables.dependabot.navigate-to-org-level-dependabot-alert-rules %} 1. Under "Organization rules", to the right of the rule that you want to edit or delete, click {% octicon "pencil" aria-label="Edit custom rule" %}. {% data reusables.dependabot.custom-alert-rules-edit-rule %} diff --git a/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md b/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md index 1d6c28fce54d..c373422d4ba2 100644 --- a/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md +++ b/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md @@ -31,7 +31,7 @@ topics: You can enable {% data variables.product.prodname_dependabot_security_updates %} for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)." -You can enable or disable {% data variables.product.prodname_dependabot_security_updates %} for an individual repository{% ifversion code-security-multi-repo-enablement %}, for a selection of repositories in an organization,{% endif %} or for all repositories owned by your personal account or organization. For more information about enabling security features in an organization, see {% ifversion security-configurations-ga %}"[AUTOTITLE](/code-security/securing-your-organization)."{% else %}"[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization)."{% endif %} +You can enable or disable {% data variables.product.prodname_dependabot_security_updates %} for an individual repository{% ifversion code-security-multi-repo-enablement %}, for a selection of repositories in an organization,{% endif %} or for all repositories owned by your personal account or organization. For more information about enabling security features in an organization, see {% ifversion security-configurations %}"[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization)."{% else %}"[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization)."{% endif %} {% data reusables.dependabot.dependabot-security-updates-disable-for-alert-rules %} @@ -88,20 +88,15 @@ Repository administrators can enable or disable grouped security updates for the ### Enabling or disabling grouped {% data variables.product.prodname_dependabot_security_updates %} for an organization -{% ifversion security-configurations-ga %} You can enable grouped {% data variables.product.prodname_dependabot_security_updates %} into a single pull request. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#grouping-dependabot-security-updates)." +{% ifversion security-configurations %} You can enable grouped {% data variables.product.prodname_dependabot_security_updates %} into a single pull request. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#grouping-dependabot-security-updates)." -{% elsif security-configurations-beta-and-pre-beta %} +{% else %} Organization owners can enable or disable grouped security updates for all repositories in their organization. However, repository administrators within the organization can update the settings for their repositories to override the default organization settings. {% data reusables.dependabot.dependabot-grouped-security-updates-yaml-override %} {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} - -{% ifversion security-configurations-beta-only %} - {% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For next steps on enabling or disabling grouped {% data variables.product.prodname_dependabot_security_updates %} in your organization with {% data variables.product.prodname_global_settings %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#grouping-dependabot-security-updates)." -{% endif %} - 1. Under "Code security and analysis", to the right of "Grouped security updates", click **Disable all** or **Enable all**. 1. Optionally, to enable grouped {% data variables.product.prodname_dependabot_security_updates %} for new repositories in your organization, select **Automatically enable for new repositories**. diff --git a/content/code-security/getting-started/quickstart-for-securing-your-organization.md b/content/code-security/getting-started/quickstart-for-securing-your-organization.md index 9d88cc6c1e1b..9a7256f37e16 100644 --- a/content/code-security/getting-started/quickstart-for-securing-your-organization.md +++ b/content/code-security/getting-started/quickstart-for-securing-your-organization.md @@ -5,7 +5,7 @@ permissions: Organization owners and security managers can manage security featu redirect_from: - /code-security/getting-started/securing-your-organization versions: - ghes: '<3.15' + feature: pre-security-configurations type: how_to topics: - Organizations @@ -41,17 +41,9 @@ There are some features you must configure for each repository individually. For ## Enabling security features in your organization -{% ifversion security-configurations-beta-and-pre-beta %} - When you have decided to enable a security feature, the next step is to decide how to roll out that feature across your organization. -{% ifversion security-configurations %} -* If you want to enable multiple security features at scale, you can use the {% data variables.product.prodname_github_security_configuration %}, a collection of security enablement settings you can apply to repositories in your organization. See "[AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale)." - - {% data reusables.security-configurations.security-configurations-beta-note-short %} - -{% endif %} -* If you want to roll out a {% ifversion security-configurations %}single {% endif %}feature as quickly as possible, you can enable it for all eligible repositories at once. For more information, see "[Enabling a feature for all repositories](#enabling-a-feature-for-all-repositories)." +* If you want to roll out a feature as quickly as possible, you can enable it for all eligible repositories at once. For more information, see "[Enabling a feature for all repositories](#enabling-a-feature-for-all-repositories)." * If you want control over how quickly you roll out a feature, and which features are enabled in which repositories, you can enable a feature for a selection of repositories. For more information, see "[Enabling a feature for a selection of repositories](#enabling-a-feature-for-a-selection-of-repositories)." When you have decided how to enable a feature for your organization's existing repositories, you must also decide how to handle any new repositories that are created in your organization in the future. For more information, see "[Enabling a feature for new repositories](#enabling-a-feature-for-new-repositories)." @@ -114,8 +106,6 @@ You can choose to enable a security feature automatically in all new repositorie ![Screenshot of the "Code security and analysis" page. Below "Dependabot alerts", a checkbox for enabling the feature in future repositories is highlighted with an orange outline.](/assets/images/help/security/enable-for-new-repos.png) -{% endif %} - ## Monitoring the impact of security features When you have enabled a feature, you should communicate with repository administrators and contributors in your organization to assess the impact of the feature. You may need to adjust the configuration of some features at the repository level, or reassess the distribution of security features across your organization. You should also monitor the security alerts that a feature generates, and your members' responses to these alerts. diff --git a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md index 98552b0809dd..fcd10b97c232 100644 --- a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md +++ b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md @@ -24,7 +24,7 @@ You can additionally enable push protection for your own personal account, which {% endif %} -If you're an organization owner, you can enable push protection for multiple repositories at a time{% ifversion security-configurations-ga %} using a security configuration{% endif %}. For more information, see {% ifversion security-configurations-ga %}"[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration){% else %}"[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization#enabling-security-features-in-your-organization){% endif %}." +If you're an organization owner, you can enable push protection for multiple repositories at a time{% ifversion security-configurations %} using the {% data variables.product.prodname_github_security_configuration %}{% endif %}. For more information, see {% ifversion security-configurations %}"[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization){% else %}"[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization#enabling-security-features-in-your-organization){% endif %}." Organization owners, security managers, and repository administrators can also enable push protection for {% data variables.product.prodname_secret_scanning %} via the API. For more information, see "[AUTOTITLE](/rest/repos#update-a-repository)" and expand the "Properties of the `security_and_analysis` object" section. diff --git a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository.md b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository.md index cb6f9297d380..8531dd30168f 100644 --- a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository.md +++ b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository.md @@ -26,7 +26,7 @@ topics: {% endif %} -If you're an organization owner, you can enable {% data variables.product.prodname_secret_scanning %} for multiple repositories at the same time{% ifversion security-configurations-ga %} using a security configuration{% endif %}. For more information, see {% ifversion security-configurations-ga %}"[AUTOTITLE](/code-security/securing-your-organization){% else %}"[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization#enabling-security-features-in-your-organization)"{% endif %}." +If you're an organization owner, you can enable {% data variables.product.prodname_secret_scanning %} for multiple repositories at the same time{% ifversion security-configurations %} using the {% data variables.product.prodname_github_security_configuration %}{% endif %}. For more information, see {% ifversion security-configurations %}"[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization){% else %}"[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization#enabling-security-features-in-your-organization)"{% endif %}." {% ifversion secret-scanning-enterprise-level %} diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md index c9ff88542f3a..8c6396a2d8a1 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md @@ -108,26 +108,17 @@ aAAAe9 ## Defining a custom pattern for an organization -Before defining a custom pattern, you must ensure that you enable {% data variables.product.prodname_secret_scanning %} for the repositories that you want to scan in your organization. {% ifversion security-configurations-ga %} You can use {% data variables.product.prodname_security_configurations %} to enable {% data variables.product.prodname_secret_scanning %} on all repositories in your organization using the {% data variables.product.prodname_github_security_configuration %}, or you can create a {% data variables.product.prodname_custom_security_configuration %}. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)" and "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration)."{% else %} +Before defining a custom pattern, you must ensure that you enable {% data variables.product.prodname_secret_scanning %} for the repositories that you want to scan in your organization. {% ifversion security-configurations %} You can use {% data variables.product.prodname_security_configurations %} to enable {% data variables.product.prodname_secret_scanning %} on all repositories in your organization using the {% data variables.product.prodname_github_security_configuration %}, or you can create a {% data variables.product.prodname_custom_security_configuration %}. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)" and "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration)."{% else %} To enable {% data variables.product.prodname_secret_scanning %} on all repositories in your organization, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." {% endif %} {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} -{% ifversion security-configurations-beta-and-pre-beta %} -{% data reusables.organizations.security-and-analysis %} +{% ifversion security-configurations %} +1. In the "Security" section of the sidebar, select the **Code security** dropdown menu, then click **{% data variables.product.prodname_global_settings_caps %}**. {% else %} -1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security** then **Global settings**. -{% endif %} - -{% ifversion security-configurations-beta-only %} - {% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For next steps on defining a custom pattern for your organization with {% data variables.product.prodname_global_settings %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#defining-custom-patterns)." -{% endif %} - -{% ifversion security-configurations-beta-and-pre-beta %} +{% data reusables.organizations.security-and-analysis %} {% data reusables.repositories.navigate-to-ghas-settings %} -{% else %} -1. Find "{% data variables.product.prodname_GH_advanced_security %}." {% endif %} {% data reusables.advanced-security.secret-scanning-new-custom-pattern-org %} {% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %} diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md index d3b9febbe3ca..77329bd0c7b1 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md @@ -80,14 +80,14 @@ Before enabling push protection for a custom pattern at organization level, you {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} -{% data reusables.organizations.security-and-analysis %} - {% ifversion security-configurations %} - {% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For next steps on managing custom patterns for your organization with {% data variables.product.prodname_global_settings %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#defining-custom-patterns)." For information on enabling push protection for specific custom patterns, reference the following steps. -{% endif %} - +1. In the "Security" section of the sidebar, select the **Code security** dropdown menu, then click **{% data variables.product.prodname_global_settings_caps %}**. +1. Under "Custom patterns", click {% octicon "pencil" aria-label="Edit custom pattern" %} for the pattern of interest. +{% else %} +{% data reusables.organizations.security-and-analysis %} {% data reusables.repositories.navigate-to-ghas-settings %} {% data reusables.advanced-security.secret-scanning-edit-custom-pattern %} +{% endif %} 1. To enable push protection for your custom pattern, scroll down to "Push Protection", and click **Enable**. {% indented_data_reference reusables.secret-scanning.push-protection-org-notes spaces=3 %} diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md index 5bb5830abc9a..24736ef06c3c 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md @@ -30,11 +30,12 @@ When you enable this feature, you will create a bypass list of roles and teams w {% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.org_settings %} -{% data reusables.organizations.security-and-analysis %} {% ifversion security-configurations %} - {% data reusables.security-configurations.changed-org-settings-global-settings-callout %} -{% endif %} +1. In the "Security" section of the sidebar, select the **Code security** dropdown menu, then click **{% data variables.product.prodname_global_settings_caps %}**. +{% else %} +{% data reusables.organizations.security-and-analysis %} {% data reusables.repositories.navigate-to-ghas-settings %} +{% endif %} 1. Under "Push protection", to the right of "Who can bypass push protection for {% data variables.product.prodname_secret_scanning %}", select the dropdown menu, then click **Specific roles or teams**. 1. Under "Bypass list", click **Add role or team**. 1. In the dialog box, select the roles and teams that you want to add to the bypass list, then click **Add selected**. diff --git a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization.md b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization.md index 25741ad7d426..215e73050694 100644 --- a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization.md +++ b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization.md @@ -11,8 +11,6 @@ topics: - Security --- -{% data reusables.security-configurations.security-configurations-beta-note-opt-out %} - ## About the {% data variables.product.prodname_github_security_configuration %} The {% data variables.product.prodname_github_security_configuration %} is a collection of enablement settings for {% data variables.product.company_short %}'s security features that is created and maintained by subject matter experts at {% data variables.product.company_short %}. The {% data variables.product.prodname_github_security_configuration %} is designed to successfully reduce the security risks for low- and high-impact repositories. We recommend you apply this configuration to all the repositories in your organization. @@ -46,17 +44,8 @@ The {% data variables.product.prodname_github_security_configuration %} is a col {% data reusables.security-configurations.apply-configuration %} -{% ifversion enforce-security-configurations %} - ## Enforcing the {% data variables.product.prodname_github_security_configuration %} -{% ifversion enforce-security-configurations-beta %} - ->[!NOTE] -> This feature is in beta, and is subject to change. - -{% endif %} - {% data reusables.profile.access_org %} {% data reusables.organizations.org_settings %} {% data reusables.security-configurations.view-configurations-page %} @@ -66,8 +55,6 @@ The {% data variables.product.prodname_github_security_configuration %} is a col >[!NOTE] {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases %} -{% endif %} - ## Next steps After you apply the {% data variables.product.prodname_github_security_configuration %}, you can customize your organization-level security settings with {% data variables.product.prodname_global_settings %}. See "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization)." diff --git a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md index f72a9141db7d..a372eec3f37e 100644 --- a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md +++ b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md @@ -11,8 +11,6 @@ topics: - Security --- -{% data reusables.security-configurations.security-configurations-beta-note-opt-out %} - ## About {% data variables.product.prodname_global_settings %} Alongside {% data variables.product.prodname_security_configurations %}, which determine repository-level security settings, you should also configure {% data variables.product.prodname_global_settings %} for your organization. {% data variables.product.prodname_global_settings_caps %} apply to your entire organization, and can customize {% data variables.product.prodname_GH_advanced_security %} features based on your needs. You can also create security managers on the {% data variables.product.prodname_global_settings %} page to monitor and maintain your organization's security. diff --git a/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale.md b/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale.md index 095c2e91fa78..9da1f9e6b459 100644 --- a/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale.md +++ b/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale.md @@ -11,8 +11,6 @@ topics: - Security --- -{% data reusables.security-configurations.security-configurations-beta-note-opt-out %} - ## About securing your organization {% data variables.product.company_short %} offers many code security products and features including {% data variables.product.prodname_GH_advanced_security %}, a suite of features designed to protect your organization from vulnerabilities in your code, insecure dependencies, leaked secrets, and more. For more information on {% data variables.product.prodname_GH_advanced_security %}, see "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)." @@ -26,13 +24,9 @@ You can easily enable and manage {% data variables.product.company_short %}'s se * **The {% data variables.product.prodname_github_security_configuration %}**. This configuration is a collection of enablement settings created and managed by subject matter experts at {% data variables.product.company_short %}. The {% data variables.product.prodname_github_security_configuration %} is designed to adequately secure any repository, and can easily be applied to all repositories in your organization. * **{% data variables.product.prodname_custom_security_configurations_caps %}**. These are configurations you can create and edit yourself, allowing you to choose different enablement settings for groups of repositories with specific security needs. -{% ifversion enforce-security-configurations %} - >[!NOTE] {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases %} -{% endif %} - Each repository can only have one {% data variables.product.prodname_security_configuration %} applied to it. To find out how you should get started with {% data variables.product.prodname_security_configurations %}, see "[AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/choosing-a-security-configuration-for-your-repositories)." {% ifversion security-configurations-api %} diff --git a/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/choosing-a-security-configuration-for-your-repositories.md b/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/choosing-a-security-configuration-for-your-repositories.md index 3d252f3c9741..86a79ad9cad2 100644 --- a/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/choosing-a-security-configuration-for-your-repositories.md +++ b/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/choosing-a-security-configuration-for-your-repositories.md @@ -11,8 +11,6 @@ topics: - Security --- -{% data reusables.security-configurations.security-configurations-beta-note-opt-out %} - ## About choosing a {% data variables.product.prodname_security_configuration %} {% data reusables.security-configurations.define-security-configurations %} {% data variables.product.company_short %} offers two types of {% data variables.product.prodname_security_configurations %}: diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/deleting-a-custom-security-configuration.md b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/deleting-a-custom-security-configuration.md index 620c47352ce9..1280588bf7a4 100644 --- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/deleting-a-custom-security-configuration.md +++ b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/deleting-a-custom-security-configuration.md @@ -11,8 +11,6 @@ topics: - Security --- -{% data reusables.security-configurations.security-configurations-beta-note %} - ## About deleting a {% data variables.product.prodname_custom_security_configuration %} If you no longer need a {% data variables.product.prodname_custom_security_configuration %}, you can delete that configuration to ensure it will not be applied to any repositories in the future. If you are deleting a {% data variables.product.prodname_custom_security_configuration %} because you want to change the security enablement settings in that configuration, you can instead edit the configuration. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration)." diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/detaching-repositories-from-their-security-configurations.md b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/detaching-repositories-from-their-security-configurations.md index ca1b95d838ec..582921ea6582 100644 --- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/detaching-repositories-from-their-security-configurations.md +++ b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/detaching-repositories-from-their-security-configurations.md @@ -11,8 +11,6 @@ topics: - Security --- -{% data reusables.security-configurations.security-configurations-beta-note %} - ## About detaching repositories from their {% data variables.product.prodname_security_configurations %} If you decide that the security needs of a repository are too specific for a {% data variables.product.prodname_security_configuration %} to be useful, you can detach that repository from the linked configuration and instead manage security enablement settings at the repository level. Detaching a repository from a {% data variables.product.prodname_security_configuration %} will not change the existing security enablement settings for that repository. For an introduction to securing your repository at the repository level, see "[AUTOTITLE](/code-security/getting-started/securing-your-repository)." diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md index cf2994b3ec8c..2ec7919ea018 100644 --- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md +++ b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md @@ -11,8 +11,6 @@ topics: - Security --- -{% data reusables.security-configurations.security-configurations-beta-note %} - ## About editing a {% data variables.product.prodname_custom_security_configuration %} After creating and applying a {% data variables.product.prodname_custom_security_configuration %}, you may need to edit the enablement settings for that configuration to better secure your repositories. Any changes you make to the enablement settings of a {% data variables.product.prodname_security_configuration %} will automatically populate to all linked repositories. @@ -35,12 +33,10 @@ To determine if your {% data variables.product.prodname_custom_security_configur {% data reusables.security-configurations.default-configuration-exception-repo-transfers %} 1. Edit the name and description of your {% data variables.product.prodname_custom_security_configuration %} as desired. -1. In the "Security settings" section, edit the enablement settings of your {% data variables.product.prodname_custom_security_configuration %} as desired.{% ifversion enforce-security-configurations %} -1. In the "Policy" section, you can modify the configuration's enforcement status. Enforcing a configuration will block repository owners from changing features that are enabled or disabled by the configuration, but features that are not set aren't enforced. Next to "Enforce configuration", select **Enforce** or **Don't enforce** from the dropdown menu. {% ifversion enforce-security-configurations-beta %}This feature is in beta, and is subject to change.{% endif %} +1. In the "Security settings" section, edit the enablement settings of your {% data variables.product.prodname_custom_security_configuration %} as desired. +1. In the "Policy" section, you can modify the configuration's enforcement status. Enforcing a configuration will block repository owners from changing features that are enabled or disabled by the configuration, but features that are not set aren't enforced. Next to "Enforce configuration", select **Enforce** or **Don't enforce** from the dropdown menu. >[!NOTE] {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases %} -{% endif %} - 1. To apply your changes, click **Update configuration**. diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings-on-a-repository.md b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings-on-a-repository.md index caad619b9387..89c4aa0ee55f 100644 --- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings-on-a-repository.md +++ b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings-on-a-repository.md @@ -11,8 +11,6 @@ topics: - Security --- -{% data reusables.security-configurations.security-configurations-beta-note %} - ## About security findings on a repository After you apply a {% data variables.product.prodname_security_configuration %} to a repository, the enabled security features will likely raise security findings on that repository. These findings may show up as feature-specific alerts, or as automatically generated pull requests designed to keep your repository secure. To best secure your organization, you should be able to understand and resolve these alerts and pull requests, then analyze the findings and make any necessary adjustments to your {% data variables.product.prodname_security_configuration %}. diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage.md b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage.md index 4423a0b351ad..8f2a492d08ce 100644 --- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage.md +++ b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage.md @@ -11,8 +11,6 @@ topics: - Security --- -{% data reusables.security-configurations.security-configurations-beta-note %} - ## About {% data variables.product.prodname_GH_advanced_security %} billing and licenses {% ifversion fpt %} diff --git a/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/applying-a-custom-security-configuration.md b/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/applying-a-custom-security-configuration.md index fd85e2f02509..3380d4b5bf9f 100644 --- a/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/applying-a-custom-security-configuration.md +++ b/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/applying-a-custom-security-configuration.md @@ -11,8 +11,6 @@ topics: - Security --- -{% data reusables.security-configurations.security-configurations-beta-note %} - ## About applying a {% data variables.product.prodname_custom_security_configuration %} After you create a {% data variables.product.prodname_custom_security_configuration %}, you need to apply it to repositories in your organization to enable the configuration's settings on those repositories. To learn how to create a {% data variables.product.prodname_custom_security_configuration %}, see "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration)." @@ -26,9 +24,9 @@ After you create a {% data variables.product.prodname_custom_security_configurat 1. In the repository table, select repositories with one of three methods: * Select each repository you would like to apply the {% data variables.product.prodname_security_configuration %} to. * To select all repositories displayed on the current page of the repository table, select **NUMBER repositories**. - * After selecting **NUMBER repositories**, to select _all_ repositories in your organization that match any filters you have applied, click **Select all**.{% ifversion enforce-security-configurations %} + * After selecting **NUMBER repositories**, to select _all_ repositories in your organization that match any filters you have applied, click **Select all**. >[!NOTE] - > The repository table will show which repositories have an enforced configuration{% ifversion enforce-security-configurations-beta %} (beta){% endif %}. This means that repository owners will be blocked from changing features that have been enabled or disabled in the configuration, but features that are not set aren't enforced.{% endif %} + > The repository table will show which repositories have an enforced configuration. This means that repository owners will be blocked from changing features that have been enabled or disabled in the configuration, but features that are not set aren't enforced. 1. Select the **Apply configuration** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **YOUR-CONFIGURATION-NAME**. {% data reusables.security-configurations.apply-configuration-by-default %} diff --git a/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration.md b/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration.md index a0110c2ac051..bbde41aeadb9 100644 --- a/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration.md +++ b/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration.md @@ -11,8 +11,6 @@ topics: - Security --- -{% data reusables.security-configurations.security-configurations-beta-note %} - ## About {% data variables.product.prodname_custom_security_configurations %} We recommend securing your organization with the {% data variables.product.prodname_github_security_configuration %}, then evaluating the security findings on your repositories before configuring {% data variables.product.prodname_custom_security_configurations %}. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)." @@ -59,13 +57,13 @@ With {% data variables.product.prodname_custom_security_configurations %}, you c {% endif %} 1. Optionally, in the "Policy" section, you can choose to automatically apply the {% data variables.product.prodname_security_configuration %} to newly created repositories depending on their visibility. Select the **None** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **Public**, or **Private and internal**, or both. - {% data reusables.security-configurations.default-configuration-exception-repo-transfers %}{% ifversion enforce-security-configurations %} -1. Optionally, in the "Policy" section, you can enforce the configuration and block repository owners from changing features that are enabled or disabled by the configuration (features that are not set aren't enforced). Next to "Enforce configuration", select **Enforce** from the dropdown menu.{% ifversion enforce-security-configurations-beta %} This feature is in beta, and is subject to change.{% endif %} + {% data reusables.security-configurations.default-configuration-exception-repo-transfers %} + +1. Optionally, in the "Policy" section, you can enforce the configuration and block repository owners from changing features that are enabled or disabled by the configuration (features that are not set aren't enforced). Next to "Enforce configuration", select **Enforce** from the dropdown menu. >[!NOTE] {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases %} -{% endif %} 1. To finish creating your {% data variables.product.prodname_custom_security_configuration %}, click **Save configuration**. ## Next steps diff --git a/content/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-is-using-advanced-setup-for-code-scanning.md b/content/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-is-using-advanced-setup-for-code-scanning.md index 861852d06f75..7b093449b3b9 100644 --- a/content/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-is-using-advanced-setup-for-code-scanning.md +++ b/content/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-is-using-advanced-setup-for-code-scanning.md @@ -13,8 +13,6 @@ topics: - Security --- -{% data reusables.security-configurations.security-configurations-beta-note-short %} - ## About the problem You cannot successfully apply a {% data variables.product.prodname_security_configuration %} with {% data variables.product.prodname_code_scanning %} default setup enabled to a target repository that uses advanced setup for {% data variables.product.prodname_code_scanning %}. Advanced setups are tailored to the specific security needs of their repositories, so they are not intended to be overridden at scale. diff --git a/content/code-security/securing-your-organization/troubleshooting-security-configurations/not-enough-github-advanced-security-licenses.md b/content/code-security/securing-your-organization/troubleshooting-security-configurations/not-enough-github-advanced-security-licenses.md index b9ac5aeb3f08..8c8bc04484f4 100644 --- a/content/code-security/securing-your-organization/troubleshooting-security-configurations/not-enough-github-advanced-security-licenses.md +++ b/content/code-security/securing-your-organization/troubleshooting-security-configurations/not-enough-github-advanced-security-licenses.md @@ -11,8 +11,6 @@ topics: - Security --- -{% data reusables.security-configurations.security-configurations-beta-note-short %} - You must have an available {% data variables.product.prodname_GH_advanced_security %} (GHAS) license for each unique active committer to enable GHAS features on a private{% ifversion ghec or ghes %} or internal{% endif %} repository. To learn about GHAS licensing, as well as unique and active committers, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)." If you try to apply a {% data variables.product.prodname_security_configuration %} with GHAS features to your repositories and don't have enough GHAS licenses, the configuration will only be successfully applied to public repositories. For private {% ifversion ghec or ghes %}and internal {% endif %}repositories, only free security features will be enabled due to the license limitation, resulting in the following outcomes: diff --git a/content/code-security/security-overview/about-security-overview.md b/content/code-security/security-overview/about-security-overview.md index 78eb6aaff519..41ef085d2018 100644 --- a/content/code-security/security-overview/about-security-overview.md +++ b/content/code-security/security-overview/about-security-overview.md @@ -60,7 +60,7 @@ There are also dedicated views for each type of security alert that you can use ## About security overview for organizations -The application security team at your company can use the different views for both broad and specific analyses of your organization's security status. {% ifversion security-overview-org-risk-coverage %} For example, {% ifversion security-overview-dashboard %}the team can use the "Overview" dashboard view to track your organization's security landscape and progression{% else %}the team can use the "Coverage" view to monitor the adoption of features across your organization or by a specific team as you roll out {% data variables.product.prodname_GH_advanced_security %}, or use the "Risk" view to identify repositories with more than five open {% data variables.secret-scanning.alerts %}{% endif %}. {% else %}For example, they can use the overview page to monitor adoption of features by your organization or by a specific team as you roll out {% data variables.product.prodname_GH_advanced_security %} to your enterprise, or to review all alerts of a specific type and severity level across all repositories in your organization.{% endif %} {% ifversion code-security-multi-repo-enablement %}{% ifversion security-configurations-beta-and-pre-beta %}You can also use security overview to find a set of repositories and enable or disable security features for them all at the same time. For more information, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)."{% endif %}{% endif %} +The application security team at your company can use the different views for both broad and specific analyses of your organization's security status. {% ifversion security-overview-org-risk-coverage %} For example, {% ifversion security-overview-dashboard %}the team can use the "Overview" dashboard view to track your organization's security landscape and progression{% else %}the team can use the "Coverage" view to monitor the adoption of features across your organization or by a specific team as you roll out {% data variables.product.prodname_GH_advanced_security %}, or use the "Risk" view to identify repositories with more than five open {% data variables.secret-scanning.alerts %}{% endif %}. {% else %}For example, they can use the overview page to monitor adoption of features by your organization or by a specific team as you roll out {% data variables.product.prodname_GH_advanced_security %} to your enterprise, or to review all alerts of a specific type and severity level across all repositories in your organization.{% endif %} {% ifversion code-security-multi-repo-enablement %}{% ifversion pre-security-configurations %}You can also use security overview to find a set of repositories and enable or disable security features for them all at the same time. For more information, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)."{% endif %}{% endif %} You can find security overview on the **Security** tab for any organization that's owned by an enterprise. Each view shows a summary of the data that you have access to. As you add filters, all data and metrics across the view change to reflect the repositories or alerts that you've selected. For information about permissions, see "[Permission to view data in security overview](#permission-to-view-data-in-security-overview)." @@ -135,7 +135,7 @@ If you are an organization or team member, you can view security overview for th | Organization or team member with | Overview dashboard view | Risk and alerts views | Coverage view | |--------------------|-------------|---------------------|---------| -| `admin` access for one or more repositories | View data for those repositories | View data for those repositories | View data for those repositories{% ifversion security-configurations-beta-and-pre-beta %}, and enable and disable security features{% endif %} | +| `admin` access for one or more repositories | View data for those repositories | View data for those repositories | View data for those repositories{% ifversion pre-security-configurations %}, and enable and disable security features{% endif %} | | `write` access for one or more repositories | View {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_dependabot %} data for those repositories | View {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_dependabot %} data for those repositories | No access | | `read` or `triage` access for one or more repositories | No access | No access | No access | | Security alert access for one or more repositories | View all security alert data for those repositories | View all security alert data for those repositories | No access | @@ -178,7 +178,7 @@ For more information about access to security alerts and related views, see "[AU {% endnote %} {% endif %} -In the enterprise-level security overview, you can see data for all organizations where you are an organization owner or security manager. {% ifversion security-configurations-beta-and-pre-beta %}However, you cannot use the enterprise-level security overview to enable and disable security features.{% endif %} For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)." +In the enterprise-level security overview, you can see data for all organizations where you are an organization owner or security manager. However, you cannot use the enterprise-level security overview to enable and disable security features. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)." {% endif %} {% ifversion ghec %} @@ -187,7 +187,7 @@ If you're an owner of an {% data variables.enterprise.prodname_emu_enterprise %} ## Further reading -* "[AUTOTITLE](/code-security/getting-started/securing-your-repository)"{% ifversion security-configurations-ga %} +* "[AUTOTITLE](/code-security/getting-started/securing-your-repository)"{% ifversion security-configurations %} * "[AUTOTITLE](/code-security/securing-your-organization)"{% else %} * "[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization)"{% endif %} * "[AUTOTITLE](/code-security/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale)" diff --git a/content/code-security/security-overview/assessing-adoption-code-security.md b/content/code-security/security-overview/assessing-adoption-code-security.md index 663009aa3122..09405270407d 100644 --- a/content/code-security/security-overview/assessing-adoption-code-security.md +++ b/content/code-security/security-overview/assessing-adoption-code-security.md @@ -51,25 +51,21 @@ In the list of repositories, the "Paused" label under "{% data variables.product ![Screenshot of the header section of the "Security coverage" view on the "Security" tab for an organization. The options for filtering are outlined in dark orange, including "enabled" and "not enabled" links, "Teams" selector, archived repositories, and search field.](/assets/images/help/security-overview/security-coverage-view-highlights.png) -{% ifversion security-configurations-ga %} -1. You can optionally enable code security features for a repository or selected repositories using the {% data variables.product.prodname_github_security_configuration %}, or you can create a {% data variables.product.prodname_custom_security_configuration %}. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)" and "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration)." -{% endif %} -{% ifversion security-configurations-beta-and-pre-beta %} +{% ifversion pre-security-configurations %} 1. Optionally, click **{% octicon "gear" aria-hidden="true" %} Security settings** to enable code security features for a repository and click **Save security settings** to confirm the changes. If a feature is not shown, it has more complex configuration requirements and you need to use the repository settings dialog. For more information, see "[AUTOTITLE](/code-security/getting-started/securing-your-repository)." 1. Optionally, select some or all of the repositories that match your current search and click **Security settings** in the table header to display a side panel where you can enable security features for the selected repositories. When you've finished, click **Apply changes** to confirm the changes. For more information, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)." -{% endif %} {% data reusables.security-overview.settings-limitations %} +{% endif %} + {% ifversion security-overview-org-risk-coverage-enterprise %} ## Viewing the enablement of code security features for an enterprise You can view data to assess the enablement of code security features across organizations in an enterprise. {% data reusables.security-overview.information-varies-GHAS %} -{% ifversion security-configurations-beta-and-pre-beta %} -In the enterprise-level view, you can view data about the enablement of features, but you cannot enable or disable features. For more information about enabling features, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)." -{% endif %} +In the enterprise-level view, you can view data about the enablement of features, but you cannot enable or disable features. For more information about enabling features, see {% ifversion security-configurations %}"[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization){% else %}"[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories){% endif %}." {% data reusables.security-overview.enterprise-filters-tip %} @@ -132,7 +128,7 @@ You can view data to assess the enablement status and enablement status trends o ## Interpreting and acting on the enablement data -Some code security features can and should be enabled on all repositories. For example, {% data variables.secret-scanning.alerts %} and push protection reduce the risk of a security leak no matter what information is stored in the repository. If you see repositories that don't already use these features, you should either enable them or discuss an enablement plan with the team who owns the repository. For information on enabling features for a whole organization, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." For information on enabling features across your entire enterprise, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)." +Some code security features can and should be enabled on all repositories. For example, {% data variables.secret-scanning.alerts %} and push protection reduce the risk of a security leak no matter what information is stored in the repository. If you see repositories that don't already use these features, you should either enable them or discuss an enablement plan with the team who owns the repository. For information on enabling features for a whole organization, see {% ifversion security-configurations %}"[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization){% else %}"[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization){% endif %}." For information on enabling features across your entire enterprise, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)." Other features are not available for use in all repositories. For example, there would be no point in enabling {% data variables.product.prodname_dependabot %}{% ifversion default-setup-pre-enablement %}{% else %} or {% data variables.product.prodname_code_scanning %}{% endif %} for repositories that only use ecosystems or languages that are unsupported. As such, it's normal to have some repositories where these features are not enabled. diff --git a/content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md b/content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md index 655c0db571ae..c21488aa84fd 100644 --- a/content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md +++ b/content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md @@ -6,7 +6,7 @@ permissions: '{% data reusables.security-overview.permissions %}' product: '{% data reusables.gated-features.security-overview %}' allowTitleToDifferFromFilename: true versions: - feature: security-configurations-beta-and-pre-beta + feature: pre-security-configurations type: how_to topics: - Security overview @@ -29,7 +29,7 @@ You can use checkboxes to select which repositories you want to include, or use For more information on filters you can use in different parts of security overview, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)." -For more information about the different ways of enabling security features in an organization, see {% ifversion security-configurations-ga %}"[AUTOTITLE](/code-security/securing-your-organization)."{% else %}"[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization)."{% endif %} +For more information about the different ways of enabling security features in an organization, see "[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization)." ## Enabling security features for multiple repositories diff --git a/content/get-started/learning-about-github/about-github-advanced-security.md b/content/get-started/learning-about-github/about-github-advanced-security.md index 16a95eb99189..656ca67fb1cb 100644 --- a/content/get-started/learning-about-github/about-github-advanced-security.md +++ b/content/get-started/learning-about-github/about-github-advanced-security.md @@ -94,8 +94,6 @@ To learn about what you need to know to plan your {% data variables.product.prod {% ifversion security-configurations %} {% data reusables.security-configurations.enable-security-features-with-gh-config %} -{% data reusables.security-configurations.security-configurations-beta-note-short %} - {% endif %} {%- ifversion ghes %} The site administrator must enable {% data variables.product.prodname_advanced_security %} for {% data variables.location.product_location %} before you can use these features. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise)." diff --git a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md index 43f88b03c434..2835e69283a3 100644 --- a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md +++ b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md @@ -26,12 +26,10 @@ shortTitle: Manage security & analysis {% ifversion security-configurations %} {% data reusables.security-configurations.enable-security-features-with-gh-config %} -{% data reusables.security-configurations.security-configurations-beta-note-short %} - {% endif %} {% data reusables.security.security-and-analysis-features-enable-read-only %} -{% ifversion security-configurations-beta-and-pre-beta %} +{% ifversion pre-security-configurations %} ## Displaying the security and analysis settings @@ -39,32 +37,13 @@ shortTitle: Manage security & analysis {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} -{% ifversion security-configurations %} - >[!NOTE] If your organization is enrolled in the {% data variables.product.prodname_security_configurations %} and {% data variables.product.prodname_global_settings %} public beta, instead of "Code security and analysis", you will see a **Code security** dropdown menu. You can manage your repository-level security settings with {% data variables.product.prodname_security_configurations %}, and your organization-level security settings with {% data variables.product.prodname_global_settings %}. See "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)" and "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization)." -{% endif %} - The page that's displayed allows you to enable or disable all security and analysis features for the repositories in your organization. -{% ifversion ghec %}If your organization belongs to an enterprise with a license for {% data variables.product.prodname_GH_advanced_security %}, the page will also contain options to enable and disable {% data variables.product.prodname_advanced_security %} features. Any repositories that use {% data variables.product.prodname_GH_advanced_security %} are listed at the bottom of the page.{% endif %} - -{% ifversion ghes %}If you have a license for {% data variables.product.prodname_GH_advanced_security %}, the page will also contain options to enable and disable {% data variables.product.prodname_advanced_security %} features. Any repositories that use {% data variables.product.prodname_GH_advanced_security %} are listed at the bottom of the page.{% endif %} +If you have a license for {% data variables.product.prodname_GH_advanced_security %}, the page will also contain options to enable and disable {% data variables.product.prodname_advanced_security %} features. Any repositories that use {% data variables.product.prodname_GH_advanced_security %} are listed at the bottom of the page. ## Enabling or disabling a feature for all existing repositories You can enable or disable features for all repositories. -{% ifversion fpt or ghec %}The impact of your changes on repositories in your organization is determined by their visibility: - -* **Private vulnerability reporting** - Your changes affect public repositories only. -* **Dependency graph** - Your changes affect only private repositories because the feature is always enabled for public repositories. -* **{% data variables.product.prodname_dependabot_alerts %}** - Your changes affect all repositories. -* **{% data variables.product.prodname_dependabot_security_updates %}** - Your changes affect all repositories. -{%- ifversion ghec %} -* **{% data variables.product.prodname_GH_advanced_security %}** - Your changes affect only private repositories because {% data variables.product.prodname_GH_advanced_security %} and the related features are always enabled for public repositories.{% endif %} -* **{% data variables.product.prodname_secret_scanning_caps %}** - Your changes affect {% ifversion fpt %}public repositories and public npm packages these repositories may depend on.{% endif %}{% ifversion ghec %}public repositories, and private or internal repositories where {% data variables.product.prodname_GH_advanced_security %} is enabled.{% endif %} This option controls whether or not {% data variables.secret-scanning.user_alerts %} are enabled. {% data variables.secret-scanning.partner_alerts_caps %} always runs on all public repositories. - -* **{% data variables.product.prodname_code_scanning_caps %}** - Your changes affect {% ifversion fpt %}public repositories{% elsif ghec %}public repositories, and private or internal repositories where {% data variables.product.prodname_GH_advanced_security %} is enabled{% elsif ghes %}repositories that are eligible for default setup using {% data variables.product.prodname_codeql %} where {% data variables.product.prodname_GH_advanced_security %} is enabled{% endif %}. {% data reusables.code-scanning.default-setup-info-link %} For repositories that are not eligible for default setup, you can configure advanced setup at the repository level. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning)." - -{% endif %} {% ifversion code-security-multi-repo-enablement %} You can use security overview to find a set of repositories and enable or disable security features for them all at the same time. For more information, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)." @@ -72,12 +51,11 @@ You can use security overview to find a set of repositories and enable or disabl {% data reusables.advanced-security.note-org-enable-uses-seats %} -{% ifversion ghes or ghec %} {% note %} **Note:** If you encounter an error that reads "GitHub Advanced Security cannot be enabled because of a policy setting for the organization," contact your enterprise admin and ask them to change the GitHub Advanced Security policy for your enterprise. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise)." + {% endnote %} -{% endif %} {% ifversion dependabot-alerts-enterprise-enablement %} @@ -90,9 +68,9 @@ You can use security overview to find a set of repositories and enable or disabl {% endif %} 1. Go to the security and analysis settings for your organization. For more information, see "[Displaying the security and analysis settings](#displaying-the-security-and-analysis-settings)." -1. Under "Code security and analysis", to the right of the feature, click **Disable all** or **Enable all** to display a confirmation dialog box. {% ifversion ghes or ghec %}The control for "{% data variables.product.prodname_GH_advanced_security %}" is disabled if you have no available {% ifversion ghas-billing-UI-update %}licenses{% else %}seats{% endif %} for {% data variables.product.prodname_GH_advanced_security %}.{% endif %} +1. Under "Code security and analysis", to the right of the feature, click **Disable all** or **Enable all** to display a confirmation dialog box. The control for "{% data variables.product.prodname_GH_advanced_security %}" is disabled if you have no available {% ifversion ghas-billing-UI-update %}licenses{% else %}seats{% endif %} for {% data variables.product.prodname_GH_advanced_security %}. 1. Review the information in the dialog box. -1. Optionally, if you are enabling private vulnerability reporting, dependency graph, or {% data variables.product.prodname_dependabot %}, select **Enable by default for new {% ifversion fpt or ghec %}private {% endif %}repositories**. +1. Optionally, if you are enabling private vulnerability reporting, dependency graph, or {% data variables.product.prodname_dependabot %}, select **Enable by default for new repositories**. ![Screenshot of the "Enable FEATURE" modal dialog, with the "Enable by default for new private repositories" option highlighted with a dark orange outline.](/assets/images/help/organizations/security-and-analysis-enable-by-default-in-modal.png) @@ -114,18 +92,12 @@ You can use security overview to find a set of repositories and enable or disabl ## Enabling or disabling a feature automatically when new repositories are added 1. Go to the security and analysis settings for your organization. For more information, see "[Displaying the security and analysis settings](#displaying-the-security-and-analysis-settings)." -1. Under "Code security and analysis", locate the feature, enable or disable the feature by default for new repositories{% ifversion fpt or ghec %}, or all new private repositories,{% endif %} in your organization. +1. Under "Code security and analysis", locate the feature, enable or disable the feature by default for new repositories in your organization. {% endif %} ## Allowing {% data variables.product.prodname_dependabot %} to access private{% ifversion ghec or ghes %} or internal{% endif %} dependencies -{% ifversion security-configurations-ga %} - -You can use {% data variables.product.prodname_security_configurations %} to allow {% data variables.product.prodname_dependabot %} to access private{% ifversion ghec or ghes %} or internal{% endif %} dependencies. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#granting-dependabot-access-to-private-and-internal-repositories)." - -{% elsif security-configurations-beta-and-pre-beta %} - {% data variables.product.prodname_dependabot %} can check for outdated dependency references in a project and automatically generate a pull request to update them. To do this, {% data variables.product.prodname_dependabot %} must have access to all of the targeted dependency files. Typically, version updates will fail if one or more dependencies are inaccessible. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates)." By default, {% data variables.product.prodname_dependabot %} can't update dependencies that are located in private{% ifversion ghec or ghes %} or internal{% endif %} repositories, or private{% ifversion ghec or ghes %} or internal{% endif %} package registries. However, if a dependency is in a private{% ifversion ghec or ghes %} or internal{% endif %} {% data variables.product.prodname_dotcom %} repository within the same organization as the project that uses that dependency, you can allow {% data variables.product.prodname_dependabot %} to update the version successfully by giving it access to the host repository. @@ -140,10 +112,16 @@ If your code depends on packages in a private{% ifversion ghec or ghes %} or int {% endnote %} {% endif %} -To allow {% data variables.product.prodname_dependabot %} to access a private{% ifversion ghec or ghes %} or internal{% endif %} {% data variables.product.prodname_dotcom %} repository: +{% ifversion security-configurations %} + + For more information on how to grant {% data variables.product.prodname_dependabot %} access to private{% ifversion ghec or ghes %} or internal{% endif %} dependencies, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#granting-dependabot-access-to-private-and-internal-repositories)." + +{% else %} + +To allow {% data variables.product.prodname_dependabot %} to access a private or internal {% data variables.product.prodname_dotcom %} repository: 1. Go to the security and analysis settings for your organization. For more information, see "[Displaying the security and analysis settings](#displaying-the-security-and-analysis-settings)." -1. Under "Grant {% data variables.product.prodname_dependabot %} private repository access", click {% ifversion fpt %}**Add private repositories**{% else %}**Add internal and private repositories**{% endif %} to display a repository search field. +1. Under "Grant {% data variables.product.prodname_dependabot %} private repository access", click **Add internal and private repositories** to display a repository search field. ![Screenshot of the dropdown that you can use to search for repositories. As you type, repositories whose name matches your search criteria will appear in the list. The search text field is highlighted with a dark orange outline.](/assets/images/help/organizations/dependabot-private-repo-choose.png) @@ -153,15 +131,13 @@ To allow {% data variables.product.prodname_dependabot %} to access a private{% {% endif %} -{% ifversion ghes or ghec %} - ## Removing access to {% data variables.product.prodname_GH_advanced_security %} from individual repositories in an organization -{% ifversion security-configurations-ga %} +{% ifversion security-configurations %} You can use {% data variables.product.prodname_security_configurations %} to remove access to {% data variables.product.prodname_GH_advanced_security %} from individual repositories in an organization. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage#turning-off-github-advanced-security-features-on-select-repositories-in-your-organization)." -{% elsif security-configurations-beta-and-pre-beta %} +{% else %} You can manage access to {% data variables.product.prodname_GH_advanced_security %} features for a repository from its "Settings" tab. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)." However, you can also disable {% data variables.product.prodname_GH_advanced_security %} features for a repository from the "Settings" tab for the organization. @@ -178,7 +154,6 @@ You can manage access to {% data variables.product.prodname_GH_advanced_security {% endnote %} -{% endif %} {% endif %} ## Further reading diff --git a/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization.md b/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization.md index 83c9d1026346..14cdd849cec3 100644 --- a/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization.md +++ b/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization.md @@ -36,27 +36,20 @@ You can assign the security manager role to a maximum of 10 teams in your organi {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} - -{% ifversion security-configurations-beta-and-pre-beta %} -{% data reusables.organizations.security-and-analysis %} -{% else %} +{% ifversion security-configurations %} 1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security** then **Global settings**. +{% else %} +{% data reusables.organizations.security-and-analysis %} {% endif %} - -{% ifversion security-configurations-beta-only %} - {% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For next steps on assigning the security manager role in your organization with {% data variables.product.prodname_global_settings %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#creating-security-managers-for-your-organization)." -{% endif %} - 1. In the "Security managers" section, in the search field, search for and select the team to give the role. Each team you select will appear in a list below the search bar. ## Removing the security manager role from a team in your organization {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} -{% data reusables.organizations.security-and-analysis %} - {% ifversion security-configurations %} - {% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For next steps on managing the security manager role in your organization with {% data variables.product.prodname_global_settings %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#creating-security-managers-for-your-organization)." For detail on removing security managers, reference the following steps. +1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security** then **Global settings**. +{% else %} +{% data reusables.organizations.security-and-analysis %} {% endif %} - 1. Under **Security managers**, next to the team you want to remove as security managers, click {% octicon "x" aria-label="Remove TEAM" %}. diff --git a/data/features/pre-security-configurations.yml b/data/features/pre-security-configurations.yml new file mode 100644 index 000000000000..7972aa0e2e2e --- /dev/null +++ b/data/features/pre-security-configurations.yml @@ -0,0 +1,3 @@ +# Reference: #13288 and #15768 +versions: + ghes: '>3.9 <3.15' diff --git a/data/features/security-configurations.yml b/data/features/security-configurations.yml index 6aa37553b7d7..1eae7e3df4cb 100644 --- a/data/features/security-configurations.yml +++ b/data/features/security-configurations.yml @@ -3,4 +3,4 @@ versions: fpt: '*' ghec: '*' - ghes: '>3.12' + ghes: '>3.14' diff --git a/data/reusables/advanced-security/secret-scanning-new-custom-pattern-org.md b/data/reusables/advanced-security/secret-scanning-new-custom-pattern-org.md index 8a17b35cff28..70698ffe0f69 100644 --- a/data/reusables/advanced-security/secret-scanning-new-custom-pattern-org.md +++ b/data/reusables/advanced-security/secret-scanning-new-custom-pattern-org.md @@ -1 +1 @@ -{% ifversion security-configurations-ga %}1. Under "Custom patterns", click **New pattern**.{% else %}1. Under "Secret scanning", under "Custom patterns", click **New pattern**.{% endif %} +{% ifversion security-configurations %}1. Under "Custom patterns", click **New pattern**.{% else %}1. Under "Secret scanning", under "Custom patterns", click **New pattern**.{% endif %} diff --git a/data/reusables/dependabot/dependabot-grouped-security-updates-how-enable.md b/data/reusables/dependabot/dependabot-grouped-security-updates-how-enable.md index 788893bb5cbe..0ac9eff9e403 100644 --- a/data/reusables/dependabot/dependabot-grouped-security-updates-how-enable.md +++ b/data/reusables/dependabot/dependabot-grouped-security-updates-how-enable.md @@ -1,4 +1,4 @@ You can enable grouped pull requests for {% data variables.product.prodname_dependabot_security_updates %} in one, or both, of the following ways. -* To group as many available security updates together as possible, across directories and per ecosystem, enable grouping in the "Code security and analysis" settings for your repository{% ifversion security-configurations-beta-and-pre-beta %}or organization{% elsif security-configurations-ga %}, or in "Global settings" under "Code security" for your organization{% endif %}. +* To group as many available security updates together as possible, across directories and per ecosystem, enable grouping in the "Code security and analysis" settings for your repository{% ifversion pre-security-configurations %}or organization{% elsif security-configurations %}, or in "Global settings" under "Code security" for your organization{% endif %}. * For more granular control of grouping, such as grouping by package name, development/production dependencies,{% ifversion dependabot-updates-multidirectory-support %} SemVer level, or across multiple directories per ecosystem{% else %} or SemVer level{% endif %}, add configuration options to the `dependabot.yml` configuration file in your repository. diff --git a/data/reusables/dependabot/enabling-disabling-dependency-graph-private-repo.md b/data/reusables/dependabot/enabling-disabling-dependency-graph-private-repo.md index 960f8b662c97..3975804c8c78 100644 --- a/data/reusables/dependabot/enabling-disabling-dependency-graph-private-repo.md +++ b/data/reusables/dependabot/enabling-disabling-dependency-graph-private-repo.md @@ -2,7 +2,7 @@ Repository administrators can enable or disable the dependency graph for private You can enable or disable the dependency graph for all repositories owned by your user account. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-security-and-analysis-settings-for-your-personal-account)". -You can also enable the dependency graph for multiple repositories in an organization at the same time. For more information, see {% ifversion security-configurations-ga %}"[AUTOTITLE](/code-security/securing-your-organization)."{% else %}"[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization)."{% endif %} +You can also enable the dependency graph for multiple repositories in an organization at the same time. For more information, see {% ifversion security-configurations %}"[AUTOTITLE](/code-security/securing-your-organization)."{% else %}"[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization)."{% endif %} {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} diff --git a/data/reusables/getting-started/configuring-security-features.md b/data/reusables/getting-started/configuring-security-features.md index dc9eae2257b6..5aa47ecad58d 100644 --- a/data/reusables/getting-started/configuring-security-features.md +++ b/data/reusables/getting-started/configuring-security-features.md @@ -1 +1 @@ -To keep {% ifversion ghes %}the organizations in {% data variables.location.product_location %}{% else %}your organization{% endif %} secure, you can use a variety of {% data variables.product.prodname_dotcom %} security features, including security policies, dependency graphs, secret scanning and Dependabot security and version updates. For more information, see {% ifversion security-configurations-ga %}"[AUTOTITLE](/code-security/securing-your-organization)."{% else %}"[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization)."{% endif %} +To keep {% ifversion ghes %}the organizations in {% data variables.location.product_location %}{% else %}your organization{% endif %} secure, you can use a variety of {% data variables.product.prodname_dotcom %} security features, including security policies, dependency graphs, secret scanning and Dependabot security and version updates. For more information, see {% ifversion security-configurations %}"[AUTOTITLE](/code-security/securing-your-organization)."{% else %}"[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization)."{% endif %} diff --git a/data/reusables/security-configurations/changed-org-settings-global-settings-callout.md b/data/reusables/security-configurations/changed-org-settings-global-settings-callout.md deleted file mode 100644 index 0694b907cc94..000000000000 --- a/data/reusables/security-configurations/changed-org-settings-global-settings-callout.md +++ /dev/null @@ -1 +0,0 @@ ->[!NOTE] If your organization is enrolled in the {% data variables.product.prodname_security_configurations %} and {% data variables.product.prodname_global_settings %} public beta, instead of "Code security and analysis", you will see a "Code security" dropdown menu. Select {% octicon "codescan" aria-hidden="true" %} **Code security**, then click **{% data variables.product.prodname_global_settings_caps %}**. diff --git a/data/reusables/security-configurations/changed-org-settings-security-configurations-callout.md b/data/reusables/security-configurations/changed-org-settings-security-configurations-callout.md deleted file mode 100644 index 818dec927d59..000000000000 --- a/data/reusables/security-configurations/changed-org-settings-security-configurations-callout.md +++ /dev/null @@ -1 +0,0 @@ ->[!NOTE] If your organization is enrolled in the {% data variables.product.prodname_security_configurations %} and {% data variables.product.prodname_global_settings %} public beta, instead of "Code security and analysis", you will see a "Code security" dropdown menu. Select {% octicon "codescan" aria-hidden="true" %} **Code security**, then click **Global settings**. diff --git a/data/reusables/security-configurations/security-configurations-beta-note-opt-out.md b/data/reusables/security-configurations/security-configurations-beta-note-opt-out.md deleted file mode 100644 index 2328d27f162c..000000000000 --- a/data/reusables/security-configurations/security-configurations-beta-note-opt-out.md +++ /dev/null @@ -1,6 +0,0 @@ -{% ifversion security-configurations-beta-only %} - ->[!NOTE] -> {% data variables.product.prodname_security_configurations_caps %} and {% data variables.product.prodname_global_settings %} are in beta and subject to change. - -{% endif %} diff --git a/data/reusables/security-configurations/security-configurations-beta-note-short.md b/data/reusables/security-configurations/security-configurations-beta-note-short.md deleted file mode 100644 index 7474434556d1..000000000000 --- a/data/reusables/security-configurations/security-configurations-beta-note-short.md +++ /dev/null @@ -1 +0,0 @@ -{% ifversion security-configurations-beta-only %} {% data variables.product.prodname_security_configurations_caps %} and {% data variables.product.prodname_global_settings %} are in beta and subject to change. {% endif %} diff --git a/data/reusables/security-configurations/security-configurations-beta-note.md b/data/reusables/security-configurations/security-configurations-beta-note.md deleted file mode 100644 index b6412d518b5f..000000000000 --- a/data/reusables/security-configurations/security-configurations-beta-note.md +++ /dev/null @@ -1,6 +0,0 @@ -{% ifversion security-configurations-beta-only %} - ->[!NOTE] -> {% data variables.product.prodname_security_configurations_caps %} and {% data variables.product.prodname_global_settings %} are in beta and subject to change. To provide feedback on these features, see the [feedback discussion](https://github.com/orgs/community/discussions/114519). - -{% endif %} diff --git a/data/reusables/security/note-securing-your-org.md b/data/reusables/security/note-securing-your-org.md index e1f54636b674..21652afeb7a7 100644 --- a/data/reusables/security/note-securing-your-org.md +++ b/data/reusables/security/note-securing-your-org.md @@ -1 +1 @@ -For more information about enabling security features across an organization, see {% ifversion security-configurations-ga %}"[AUTOTITLE](/code-security/securing-your-organization)."{% else %}"[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization)."{% endif %} +For more information about enabling security features across an organization, see {% ifversion security-configurations %}"[AUTOTITLE](/code-security/securing-your-organization)."{% else %}"[AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization)."{% endif %} From 570ee3c913e2ea9e430e52ff93f0261ca0df5be2 Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Fri, 20 Sep 2024 10:53:34 +0100 Subject: [PATCH 2/2] Remove references to `actions-stable-actor-ids` (#52361) --- .../re-running-workflows-and-jobs.md | 2 +- .../automating-dependabot-with-github-actions.md | 10 +--------- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/re-running-workflows-and-jobs.md b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/re-running-workflows-and-jobs.md index 20e2e7200205..5bc42b8cb014 100644 --- a/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/re-running-workflows-and-jobs.md +++ b/content/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/re-running-workflows-and-jobs.md @@ -16,7 +16,7 @@ versions: ## About re-running workflows and jobs -Re-running a workflow{% ifversion re-run-jobs %} or jobs in a workflow{% endif %} uses the same `GITHUB_SHA` (commit SHA) and `GITHUB_REF` (Git ref) of the original event that triggered the workflow run. {% ifversion actions-stable-actor-ids %}The workflow will use the privileges of the actor who initially triggered the workflow, not the privileges of the actor who initiated the re-run. {% endif %}You can re-run a workflow{% ifversion re-run-jobs %} or jobs in a workflow{% endif %} for up to 30 days after the initial run.{% ifversion re-run-jobs %} You cannot re-run jobs in a workflow once its logs have passed their retention limits. For more information, see "[AUTOTITLE](/actions/learn-github-actions/usage-limits-billing-and-administration#artifact-and-log-retention-policy)."{% endif %}{% ifversion debug-reruns %} When you re-run a workflow or jobs in a workflow, you can enable debug logging for the re-run. This will enable runner diagnostic logging and step debug logging for the re-run. For more information about debug logging, see "[AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging)."{% endif %} +Re-running a workflow{% ifversion re-run-jobs %} or jobs in a workflow{% endif %} uses the same `GITHUB_SHA` (commit SHA) and `GITHUB_REF` (Git ref) of the original event that triggered the workflow run. The workflow will use the privileges of the actor who initially triggered the workflow, not the privileges of the actor who initiated the re-run. You can re-run a workflow{% ifversion re-run-jobs %} or jobs in a workflow{% endif %} for up to 30 days after the initial run.{% ifversion re-run-jobs %} You cannot re-run jobs in a workflow once its logs have passed their retention limits. For more information, see "[AUTOTITLE](/actions/learn-github-actions/usage-limits-billing-and-administration#artifact-and-log-retention-policy)."{% endif %}{% ifversion debug-reruns %} When you re-run a workflow or jobs in a workflow, you can enable debug logging for the re-run. This will enable runner diagnostic logging and step debug logging for the re-run. For more information about debug logging, see "[AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging)."{% endif %} ## Re-running all the jobs in a workflow diff --git a/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md b/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md index db52a3b92beb..34126a926eca 100644 --- a/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md +++ b/content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md @@ -41,7 +41,7 @@ For workflows initiated by {% data variables.product.prodname_dependabot %} (`gi For workflows initiated by {% data variables.product.prodname_dependabot %} (`github.actor == 'dependabot[bot]'`) using the `pull_request_target` event, if the base ref of the pull request was created by {% data variables.product.prodname_dependabot %} (`github.event.pull_request.user.login == 'dependabot[bot]'`), the `GITHUB_TOKEN` will be read-only and secrets are not available. -{% ifversion actions-stable-actor-ids %}These restrictions apply even if the workflow is re-run by a different actor.{% endif %} +These restrictions apply even if the workflow is re-run by a different actor. For more information, see "[Keeping your GitHub Actions and workflows secure: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)." @@ -106,16 +106,8 @@ jobs: ### Manually re-running a workflow -{% ifversion actions-stable-actor-ids %} - When you manually re-run a Dependabot workflow, it will run with the same privileges as before even if the user who initiated the rerun has different privileges. For more information, see "[AUTOTITLE](/actions/managing-workflow-runs/re-running-workflows-and-jobs)." -{% else %} - -You can also manually re-run a failed Dependabot workflow, and it will run with a read-write token and access to secrets. Before manually re-running a failed workflow, you should always check the dependency being updated to ensure that the change doesn't introduce any malicious or unintended behavior. - -{% endif %} - ## Common Dependabot automations Here are several common scenarios that can be automated using {% data variables.product.prodname_actions %}.