diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-security-and-analysis-settings-for-your-personal-account.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-security-and-analysis-settings-for-your-personal-account.md index 0a4a9725b6be..060b620b01e6 100644 --- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-security-and-analysis-settings-for-your-personal-account.md +++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-security-and-analysis-settings-for-your-personal-account.md @@ -32,7 +32,7 @@ For an overview of repository-level security, see [AUTOTITLE](/code-security/get {% data reusables.user-settings.access_settings %} {% data reusables.user-settings.security-analysis %} -1. Under {% ifversion code-security-wording-only %}"Code security"{% else %}"Code security and analysis"{% endif %}, to the right of the feature, click **Disable all** or **Enable all**. +1. Under "{% data variables.product.UI_advanced_security %}", to the right of the feature, click **Disable all** or **Enable all**. 1. Optionally, enable the feature by default for new repositories that you own.{% ifversion not ghes %} ![Screenshot of the "Enable FEATURE" modal dialog, with the "Enable by default for new private repositories" option outlined in dark orange.](/assets/images/help/settings/security-and-analysis-enable-by-default-in-modal.png){% endif %} @@ -45,7 +45,7 @@ For an overview of repository-level security, see [AUTOTITLE](/code-security/get {% data reusables.user-settings.access_settings %} {% data reusables.user-settings.security-analysis %} -1. Under {% ifversion code-security-wording-only %}"Code security"{% else %}"Code security and analysis"{% endif %}, to the right of the feature, enable or disable the feature by default for new repositories that you own. +1. Under "{% data variables.product.UI_advanced_security %}", to the right of the feature, enable or disable the feature by default for new repositories that you own. ## Further reading diff --git a/content/admin/configuring-settings/configuring-github-connect/enabling-dependabot-for-your-enterprise.md b/content/admin/configuring-settings/configuring-github-connect/enabling-dependabot-for-your-enterprise.md index 43b141767b17..8b1eb3ac1941 100644 --- a/content/admin/configuring-settings/configuring-github-connect/enabling-dependabot-for-your-enterprise.md +++ b/content/admin/configuring-settings/configuring-github-connect/enabling-dependabot-for-your-enterprise.md @@ -83,7 +83,7 @@ Before you can enable {% data variables.product.prodname_dependabot_alerts %}, y > [!TIP] > We recommend configuring {% data variables.product.prodname_dependabot_alerts %} without notifications for the first few days to avoid an overload of realtime notifications. After a few days, you can enable notifications to receive {% data variables.product.prodname_dependabot_alerts %} as usual. -You can now enable {% data variables.product.prodname_dependabot_alerts %} for all existing or new private and internal repositories in the enterprise settings page for {% ifversion code-security-wording-only-enterprise %}"Code security."{% else %}"Code security and analysis."{% endif %} Alternatively, repository administrators and organization owners can enable {% data variables.product.prodname_dependabot_alerts %} for each repository and organization. Public repositories are always enabled by default. For more information, see [AUTOTITLE](/enterprise-server@latest/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts). +You can now enable {% data variables.product.prodname_dependabot_alerts %} for all existing or new private and internal repositories in the enterprise settings page for "{% data variables.product.UI_advanced_security_ent %}." Alternatively, repository administrators and organization owners can enable {% data variables.product.prodname_dependabot_alerts %} for each repository and organization. Public repositories are always enabled by default. For more information, see [AUTOTITLE](/enterprise-server@latest/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts). ## Enabling {% data variables.product.prodname_dependabot_updates %} diff --git a/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise.md b/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise.md index eab5d2a3a182..ed4fcafee1bd 100644 --- a/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise.md +++ b/content/admin/managing-code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise.md @@ -48,7 +48,7 @@ When you enable one or more security and analysis features for existing reposito {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} -1. In the left sidebar, click **Code security and analysis**. +{% data reusables.enterprise-accounts.advanced-security-tab %} 1. Optionally, enable or disable a feature for all existing repositories. * To the right of the feature, click **Disable all** or **Enable all**. If the control for "{% data variables.product.prodname_GH_advanced_security %}" is disabled, you have no available licenses for {% data variables.product.prodname_GH_advanced_security %}. diff --git a/content/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise.md b/content/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise.md index daf0bab708d5..40edb5c2439d 100644 --- a/content/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise.md +++ b/content/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise.md @@ -21,7 +21,7 @@ After you create a {% data variables.product.prodname_custom_security_configurat {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} -1. In the left sidebar, click **Code security**. +{% data reusables.enterprise-accounts.advanced-security-tab %} 1. To the right of the configuration you want to apply, select the **Apply to** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **All repositories** or **All repositories without configurations**. {% data reusables.security-configurations.apply-configuration-by-default %} diff --git a/content/admin/managing-code-security/securing-your-enterprise/applying-the-github-recommended-security-configuration-to-your-enterprise.md b/content/admin/managing-code-security/securing-your-enterprise/applying-the-github-recommended-security-configuration-to-your-enterprise.md index c4b68a9adf4c..af20b2864184 100644 --- a/content/admin/managing-code-security/securing-your-enterprise/applying-the-github-recommended-security-configuration-to-your-enterprise.md +++ b/content/admin/managing-code-security/securing-your-enterprise/applying-the-github-recommended-security-configuration-to-your-enterprise.md @@ -21,7 +21,7 @@ The {% data variables.product.prodname_github_security_configuration %} is a set {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} -1. In the left sidebar, click **Code security**. +{% data reusables.enterprise-accounts.advanced-security-tab %} 1. In the "{% data variables.product.company_short %} recommended" row of the configurations table for your enterprise, select the **Apply to** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **All repositories** or **All repositories without configurations**. {% data reusables.security-configurations.apply-configuration-by-default %} @@ -33,7 +33,7 @@ The {% data variables.product.prodname_github_security_configuration %} is a set {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} -1. In the left sidebar, click **Code security**. +{% data reusables.enterprise-accounts.advanced-security-tab %} 1. In the "Configurations" section, select "{% data variables.product.company_short %} recommended". 1. In the "Policy" section, next to "Enforce configuration", select **Enforce** from the dropdown menu. diff --git a/content/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise.md b/content/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise.md index 5e796f14f827..9fd3a29bc6b5 100644 --- a/content/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise.md +++ b/content/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise.md @@ -24,7 +24,7 @@ These additional settings only apply to repositories with {% data variables.prod {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} -1. In the left sidebar, click **Code security**. +{% data reusables.enterprise-accounts.advanced-security-tab %} 1. Scroll down the page to the "Additional settings" section. ### Configuring a resource link for push protection diff --git a/content/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise.md b/content/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise.md index 1ee8ad701b2b..3d85466b4a5b 100644 --- a/content/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise.md +++ b/content/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise.md @@ -40,7 +40,7 @@ When creating a security configuration, keep in mind that: {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} -1. In the left sidebar, click **Code security**. +{% data reusables.enterprise-accounts.advanced-security-tab %} 1. In the "Configurations" section, click **New configuration**. 1. To help identify your {% data variables.product.prodname_custom_security_configuration %} and clarify its purpose on the "Configurations" page, name your configuration and create a description. 1. In the "{% data variables.product.prodname_GH_advanced_security %} features" row, choose whether to include or exclude {% data variables.product.prodname_GH_advanced_security %} (GHAS) features. If you plan to apply a {% data variables.product.prodname_custom_security_configuration %} with GHAS features to private repositories, you must have available GHAS licenses for each active unique committer to those repositories, or the features will not be enabled. See [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security). @@ -73,7 +73,7 @@ When creating a security configuration, keep in mind that: {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} -1. In the left sidebar, click **Code security**. +{% data reusables.enterprise-accounts.advanced-security-tab %} 1. In the "Configurations" section, click **New configuration**. 1. To help identify your {% data variables.product.prodname_custom_security_configuration %} and clarify its purpose on the "Configurations" page, name your configuration and create a description. 1. In the "{% data variables.product.prodname_GH_advanced_security %} features" row, choose whether to include or exclude {% data variables.product.prodname_GH_advanced_security %} (GHAS) features. If you plan to apply a {% data variables.product.prodname_custom_security_configuration %} with GHAS features to private repositories, you must have available GHAS licenses for each active unique committer to those repositories, or the features will not be enabled. See [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security). diff --git a/content/admin/managing-code-security/securing-your-enterprise/deleting-a-custom-security-configuration.md b/content/admin/managing-code-security/securing-your-enterprise/deleting-a-custom-security-configuration.md index 33573d41c6a7..6c56d7d0cde4 100644 --- a/content/admin/managing-code-security/securing-your-enterprise/deleting-a-custom-security-configuration.md +++ b/content/admin/managing-code-security/securing-your-enterprise/deleting-a-custom-security-configuration.md @@ -22,7 +22,7 @@ If you no longer need a {% data variables.product.prodname_custom_security_confi {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} -1. In the left sidebar, click **Code security**. +{% data reusables.enterprise-accounts.advanced-security-tab %} 1. In the configurations table, click the name of the {% data variables.product.prodname_custom_security_configuration %} you want to delete. 1. In the "Edit configuration" page, scroll to the bottom of the "Policy" section, then click **Delete configuration**. 1. Ensure you read the warning in the "Delete this configuration?" dialog, to confirm you are comfortable deleting the {% data variables.product.prodname_custom_security_configuration %}, then click **Delete configuration**. diff --git a/content/admin/managing-code-security/securing-your-enterprise/editing-a-custom-security-configuration.md b/content/admin/managing-code-security/securing-your-enterprise/editing-a-custom-security-configuration.md index 1632c7fab3ca..57df14c45a13 100644 --- a/content/admin/managing-code-security/securing-your-enterprise/editing-a-custom-security-configuration.md +++ b/content/admin/managing-code-security/securing-your-enterprise/editing-a-custom-security-configuration.md @@ -26,7 +26,7 @@ After creating and applying a {% data variables.product.prodname_custom_security {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} -1. In the left sidebar, click **Code security**. +{% data reusables.enterprise-accounts.advanced-security-tab %} 1. In the "Configurations" section, click the name of the {% data variables.product.prodname_custom_security_configuration %} you want to edit. 1. Edit the name and description of your {% data variables.product.prodname_custom_security_configuration %} as desired. 1. In the "Security settings" section, edit the enablement settings of your {% data variables.product.prodname_custom_security_configuration %} as desired. diff --git a/content/admin/release-notes.md b/content/admin/release-notes.md index 705a692e6586..46d675892701 100644 --- a/content/admin/release-notes.md +++ b/content/admin/release-notes.md @@ -1,6 +1,7 @@ --- title: Release notes layout: release-notes +intro: 'Detailed information for all releases of the currently selected version of {% data variables.product.prodname_ghe_server %}.' versions: ghes: '*' topics: diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md b/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md index 75c71dfea89c..01557598e83e 100644 --- a/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md +++ b/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md @@ -74,7 +74,7 @@ You can view the enterprise account's current license limits and usage. * Click the name of the organization. {% ifversion ghec %} - * On the "Code security & analysis" settings page, scroll to the "{% data variables.product.prodname_GH_advanced_security %} repositories" section to see an overview of your organization's license usage, as well as a detailed breakdown of usage by repository for this organization. + * On the "{% data variables.product.UI_advanced_security_ent %}" settings page, scroll to the "{% data variables.product.prodname_GH_advanced_security %} repositories" section to see an overview of your organization's license usage, as well as a detailed breakdown of usage by repository for this organization. For more information, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization). @@ -111,7 +111,7 @@ You can download the {% data variables.product.prodname_advanced_security %} lic {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} -1. In the "Security" section of the sidebar, select the **Code security** dropdown menu, then click **{% data variables.product.prodname_global_settings_caps %}**. +1. In the "Security" section of the sidebar, select the {% data variables.product.UI_advanced_security %} dropdown menu, then click **{% data variables.product.prodname_global_settings_caps %}**. 1. In the "{% data variables.product.prodname_GH_advanced_security %} repositories" section, next to the repository you want usage information for, select {% octicon "kebab-horizontal" aria-label="GHAS repository actions" %}, then click **Download CSV report**. ![Screenshot of the committers by repository table. The horizontal kebab icon and "Download CSV report" button are highlighted with an orange outline.](/assets/images/help/billing/ghas-billing-table-repository-csv.png) diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md index 9b8546364070..e49e5285864f 100644 --- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md +++ b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md @@ -68,7 +68,7 @@ You can customize your {% data variables.product.prodname_codeql %} analysis by > [!NOTE] > If you are switching from default setup to advanced setup, in the "{% data variables.product.prodname_code_scanning_caps %}" section, select {% octicon "kebab-horizontal" aria-label="Menu" %}, then click **{% octicon "workflow" aria-hidden="true" %} Switch to advanced**. In the pop-up window that appears, click **Disable {% data variables.product.prodname_codeql %}**. - ![Screenshot of the "{% data variables.product.prodname_code_scanning_caps %}" section of {% ifversion code-security-wording-only %}"Code security"{% else %}"Code security and analysis"{% endif %} settings. The "Advanced setup" button is highlighted with an orange outline.](/assets/images/help/security/advanced-code-scanning-setup.png) + ![Screenshot of the "{% data variables.product.prodname_code_scanning_caps %}" section of "{% data variables.product.UI_advanced_security %}" settings. The "Advanced setup" button is highlighted with an orange outline.](/assets/images/help/security/advanced-code-scanning-setup.png) 1. To customize how {% data variables.product.prodname_code_scanning %} scans your code, edit the workflow. diff --git a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md b/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md index 1a2eb15bca96..d67a5d3d4d50 100644 --- a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md +++ b/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md @@ -75,7 +75,7 @@ When a repository uses code stored in a private registry, default setup needs ac {% ifversion security-configurations %} You can enable default setup for all eligible repositories in your organization. For more information, see [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale). {% else %} -Through the "Code security and analysis" page of your organization's settings, you can enable default setup for all eligible repositories in your organization. For more information on repository eligibility, see [Eligible repositories for {% data variables.product.prodname_codeql %} default setup at scale](#eligible-repositories-default-setup). +Through the "{% data variables.product.UI_advanced_security %}" page of your organization's settings, you can enable default setup for all eligible repositories in your organization. For more information on repository eligibility, see [Eligible repositories for {% data variables.product.prodname_codeql %} default setup at scale](#eligible-repositories-default-setup). {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} diff --git a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md b/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md index dd6bca0c8a5e..1ec5843d001d 100644 --- a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md +++ b/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md @@ -1,7 +1,7 @@ --- title: Configuring default setup for code scanning shortTitle: Configure code scanning -intro: 'You can quickly secure code in your repository with default setup for {% data variables.product.prodname_code_scanning %}.' +intro: 'Quickly set up {% data variables.product.prodname_code_scanning %} to find {% ifversion fpt or ghec %}and fix {% endif %}vulnerable code automatically.' redirect_from: - /github/managing-security-vulnerabilities/configuring-automated-code-scanning - /github/finding-security-vulnerabilities-and-errors-in-your-code/enabling-code-scanning @@ -88,7 +88,7 @@ Compiled languages are not automatically included in default setup configuration {% data reusables.user-settings.security-analysis %} 1. In the "{% data variables.product.prodname_code_scanning_caps %}" section, select **Set up** {% octicon "triangle-down" aria-hidden="true" %}, then click **Default**. - ![Screenshot of the "{% data variables.product.prodname_code_scanning_caps %}" section of {% ifversion code-security-wording-only %}"Code security"{% else %}"Code security and analysis"{% endif %} settings. The "Default setup" button is highlighted with an orange outline.](/assets/images/help/security/default-code-scanning-setup.png) + ![Screenshot of the "{% data variables.product.prodname_code_scanning_caps %}" section of "{% data variables.product.UI_advanced_security %}" settings. The "Default setup" button is highlighted with an orange outline.](/assets/images/help/security/default-code-scanning-setup.png) You will then see a "{% data variables.product.prodname_codeql %} default configuration" dialog summarizing the {% data variables.product.prodname_code_scanning %} configuration automatically created by default setup. diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning.md b/content/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning.md index 5e30397076d6..aa06131dfd57 100644 --- a/content/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning.md +++ b/content/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning.md @@ -45,7 +45,7 @@ Note that disabling {% data variables.product.prodname_copilot_autofix_short %} {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} -1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security** then **Global settings**. +{% data reusables.security-configurations.display-global-settings %} 1. Under the "{% data variables.product.prodname_code_scanning_caps %}" section, deselect **{% data variables.product.prodname_copilot_autofix_short %}** or **{% data variables.product.prodname_copilot_autofix_short %} for third-party tools**. For more information about configuring global {% data variables.product.prodname_code_scanning %} settings, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#configuring-global-code-scanning-settings). diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md index ad26448f865b..116279301ef3 100644 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md +++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md @@ -105,9 +105,9 @@ For more information about {% data variables.product.prodname_codeql %} model pa {% data reusables.profile.access_org %} {% data reusables.organizations.org_settings %} {% ifversion security-configurations %} -1. Click **Code security** then **Global settings**. +{% data reusables.security-configurations.display-global-settings %} {% else %} -1. Click **Code security and analysis**. +1. Click **{% data variables.product.UI_advanced_security %}**. {% endif %} 1. Find the "{% data variables.product.prodname_code_scanning_caps %}" section. 1. Next to "Expand {% data variables.product.prodname_codeql %} analysis", click **Configure**. diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/enabling-default-setup-takes-too-long.md b/content/code-security/code-scanning/troubleshooting-code-scanning/enabling-default-setup-takes-too-long.md index 4282df46ce52..0adf9bbe5802 100644 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/enabling-default-setup-takes-too-long.md +++ b/content/code-security/code-scanning/troubleshooting-code-scanning/enabling-default-setup-takes-too-long.md @@ -13,4 +13,4 @@ When you enable default setup, a workflow is triggered with the automatically ge You can check on the progress of the test run for default setup on the **Actions** tab. If the run is taking too long, try canceling the workflow run and restarting the configuration process. -To restart your configuration, navigate to the main page of your repository, then click **{% octicon "play" aria-hidden="true" %} Actions**. Click the **{% data variables.product.prodname_codeql %}** workflow run that's in progress, then click **Cancel workflow**. Once {% octicon "stop" aria-label="cancelled" %} appears beside the workflow run name, navigate back to the {% ifversion code-security-wording-only %}**Code security**{% else %}**Code security and analysis**{% endif %} settings and re-enable default setup. If default setup continues to stall, please contact {% data variables.contact.contact_support %} or try enabling advanced setup. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning). +To restart your configuration, navigate to the main page of your repository, then click **{% octicon "play" aria-hidden="true" %} Actions**. Click the **{% data variables.product.prodname_codeql %}** workflow run that's in progress, then click **Cancel workflow**. Once {% octicon "stop" aria-label="cancelled" %} appears beside the workflow run name, navigate back to the **{% data variables.product.UI_advanced_security %}** settings and re-enable default setup. If default setup continues to stall, please contact {% data variables.contact.contact_support %} or try enabling advanced setup. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning). diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/results-different-than-expected.md b/content/code-security/code-scanning/troubleshooting-code-scanning/results-different-than-expected.md index 2e2dd30abcd4..821000f46b75 100644 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/results-different-than-expected.md +++ b/content/code-security/code-scanning/troubleshooting-code-scanning/results-different-than-expected.md @@ -13,7 +13,7 @@ redirect_from: If your {% data variables.product.prodname_code_scanning %} results are different than you expected, you may have both default and advanced setup configured for your repository. When you enable default setup, this disables the existing {% data variables.product.prodname_codeql %} workflow file and blocks any {% data variables.product.prodname_codeql %} API analysis from uploading results. -To check if default setup is enabled, navigate to the main page of the repository, then click **{% octicon "gear" aria-hidden="true" %} Settings**. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} {% ifversion code-security-wording-only %}Code security{% else %}Code security and analysis{% endif %}**. In the "{% data variables.product.prodname_code_scanning_caps %}" section of the page, next to "{% data variables.product.prodname_codeql %} analysis", click {% octicon "kebab-horizontal" aria-label="Menu" %}. If there is a **{% octicon "workflow" aria-hidden="true" %} Switch to advanced** option, you are currently using default setup. +To check if default setup is enabled, navigate to the main page of the repository, then click **{% octicon "gear" aria-hidden="true" %} Settings**. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} {% data variables.product.UI_advanced_security %}**. In the "{% data variables.product.prodname_code_scanning_caps %}" section of the page, next to "{% data variables.product.prodname_codeql %} analysis", click {% octicon "kebab-horizontal" aria-label="Menu" %}. If there is a **{% octicon "workflow" aria-hidden="true" %} Switch to advanced** option, you are currently using default setup. If you want to return to using advanced setup and get {% data variables.product.prodname_code_scanning %} results from your custom workflow file, click **{% octicon "stop" aria-hidden="true" %} Disable {% data variables.product.prodname_codeql %}** to disable default setup. Then you should re-enable your pre-existing workflows to start triggering and uploading results from advanced setup. For more information, see [AUTOTITLE](/actions/managing-workflow-runs/disabling-and-enabling-a-workflow) and [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning). diff --git a/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md b/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md index 38709413fa11..4e9234172a9c 100644 --- a/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md +++ b/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md @@ -43,7 +43,7 @@ You can enable or disable {% data variables.product.prodname_dependabot_alerts % {% data reusables.user-settings.access_settings %} {% data reusables.user-settings.security-analysis %} -1. Under {% ifversion code-security-wording-only %}"Code security"{% else %}"Code security and analysis"{% endif %}, to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Disable all** or **Enable all**. +1. Under "{% data variables.product.UI_advanced_security %}", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Disable all** or **Enable all**. 1. Optionally, to enable {% data variables.product.prodname_dependabot_alerts %} by default for new repositories that you create, in the dialog box, select "Enable by default for new repositories". 1. Click **Disable {% data variables.product.prodname_dependabot_alerts %}** or **Enable {% data variables.product.prodname_dependabot_alerts %}** to disable or enable {% data variables.product.prodname_dependabot_alerts %} for all the repositories you own. @@ -53,7 +53,7 @@ When you enable {% data variables.product.prodname_dependabot_alerts %} for exis {% data reusables.user-settings.access_settings %} {% data reusables.user-settings.security-analysis %} -1. Under {% ifversion code-security-wording-only %}"Code security"{% else %}"Code security and analysis"{% endif %}, to the right of {% data variables.product.prodname_dependabot_alerts %}, select **Automatically enable for new repositories**. +1. Under "{% data variables.product.UI_advanced_security %}", to the right of {% data variables.product.prodname_dependabot_alerts %}, select **Automatically enable for new repositories**. {% else %} {% data variables.product.prodname_dependabot_alerts %} for your repositories can be enabled or disabled by your enterprise owner. For more information, see [AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise). @@ -76,7 +76,7 @@ An enterprise owner must first set up {% data variables.product.prodname_dependa {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %} -1. Under {% ifversion code-security-wording-only %}"Code security"{% else %}"Code security and analysis"{% endif %}, to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Enable** to enable alerts or **Disable** to disable alerts. +1. Under "{% data variables.product.UI_advanced_security %}", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Enable** to enable alerts or **Disable** to disable alerts. ## Managing {% data variables.product.prodname_dependabot_alerts %} for your organization @@ -94,15 +94,15 @@ An enterprise owner must first set up {% data variables.product.prodname_dependa {% ifversion code-security-multi-repo-enablement %} You can use security overview to find a set of repositories and enable or disable {% data variables.product.prodname_dependabot_alerts %} for them all at the same time. For more information, see [AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories). -You can also use the organization settings page for {% ifversion code-security-wording-only %}"Code security"{% else %}"Code security and analysis"{% endif %} to enable or disable {% data variables.product.prodname_dependabot_alerts %} for all existing repositories in an organization. +You can also use the organization settings page for "{% data variables.product.UI_advanced_security %}" to enable or disable {% data variables.product.prodname_dependabot_alerts %} for all existing repositories in an organization. {% else %} -You can use the organization settings page for {% ifversion code-security-wording-only %}"Code security"{% else %}"Code security and analysis"{% endif %} to enable {% data variables.product.prodname_dependabot_alerts %} for all existing repositories in an organization. +You can use the organization settings page for "{% data variables.product.UI_advanced_security %}" to enable {% data variables.product.prodname_dependabot_alerts %} for all existing repositories in an organization. {% endif %} {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} -1. Under {% ifversion code-security-wording-only %}"Code security"{% else %}"Code security and analysis"{% endif %}, to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Disable all** or **Enable all**. +1. Under "{% data variables.product.UI_advanced_security %}", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Disable all** or **Enable all**. 1. Optionally, to enable {% data variables.product.prodname_dependabot_alerts %} by default for new repositories in your organization, in the dialog box, select "Enable by default for new repositories". 1. Click **Disable {% data variables.product.prodname_dependabot_alerts %}** or **Enable {% data variables.product.prodname_dependabot_alerts %}** to disable or enable {% data variables.product.prodname_dependabot_alerts %} for all the repositories in your organization. @@ -126,7 +126,7 @@ You can enable or disable {% data variables.product.prodname_dependabot_alerts % {% ifversion dependabot-alerts-enterprise-enablement or ghes %} {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} -1. In the left sidebar, click {% ifversion code-security-wording-only-enterprise %}**Code security**{% else %}**Code security and analysis**{% endif %}. +{% data reusables.enterprise-accounts.advanced-security-tab %} 1. In the "{% data variables.product.prodname_dependabot %}" section, to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Disable all** or **Enable all**. 1. Optionally, select **Automatically enable for new repositories** to enable {% data variables.product.prodname_dependabot_alerts %} by default for your organizations' new repositories. {% endif %} diff --git a/content/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts.md b/content/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts.md index 78456c59dc56..1c7295aace7f 100644 --- a/content/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts.md +++ b/content/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts.md @@ -46,7 +46,7 @@ The `Dismiss low impact issues for development-scoped dependencies` rule is enab {% data reusables.repositories.navigate-to-code-security-and-analysis %} 1. Under "{% data variables.product.prodname_dependabot_alerts %}", click {% octicon "gear" aria-label="The Gear icon" %} close to "{% data variables.product.prodname_dependabot %} rules". - ![Screenshot of the {% ifversion code-security-wording-only %}"Code security"{% else %}"Code security and analysis"{% endif %} page for a repository. The gear icon is highlighted with an orange outline.](/assets/images/help/repository/dependabot-rules-page.png) + ![Screenshot of the "{% data variables.product.UI_advanced_security %}" page for a repository. The gear icon is highlighted with an orange outline.](/assets/images/help/repository/dependabot-rules-page.png) 1. Under "{% data variables.product.company_short %} presets", to the right of "Dismiss low impact issues for development-scoped dependencies", click {% octicon "pencil" aria-label="Edit rule" %}. 1. Under "State", select the dropdown menu, then click "Enabled". diff --git a/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md b/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md index 955f6ea95b26..d6175f79e71b 100644 --- a/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md +++ b/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md @@ -57,7 +57,7 @@ You can also enable or disable {% data variables.product.prodname_dependabot_sec {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %} -1. Under {% ifversion code-security-wording-only %}"Code security"{% else %}"Code security and analysis"{% endif %}, to the right of "{% data variables.product.prodname_dependabot %} security updates", click **Enable** to enable the feature or **Disable** to disable it. {% ifversion fpt or ghec %}For public repositories, the button is disabled if the feature is always enabled.{% endif %} +1. Under "{% data variables.product.UI_advanced_security %}", to the right of "{% data variables.product.prodname_dependabot %} security updates", click **Enable** to enable the feature or **Disable** to disable it. {% ifversion fpt or ghec %}For public repositories, the button is disabled if the feature is always enabled.{% endif %} {% ifversion dependabot-grouped-security-updates-config %} @@ -82,7 +82,7 @@ Repository administrators can enable or disable grouped security updates for the {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %} -1. Under {% ifversion code-security-wording-only %}"Code security"{% else %}"Code security and analysis"{% endif %}, to the right of "Grouped security updates", click **Enable** to enable the feature or **Disable** to disable it. +1. Under "{% data variables.product.UI_advanced_security %}", to the right of "Grouped security updates", click **Enable** to enable the feature or **Disable** to disable it. ### Enabling or disabling grouped {% data variables.product.prodname_dependabot_security_updates %} for an organization @@ -95,7 +95,7 @@ Organization owners can enable or disable grouped security updates for all repos {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} -1. Under {% ifversion code-security-wording-only %}"Code security"{% else %}"Code security and analysis"{% endif %}, to the right of "Grouped security updates", click **Disable all** or **Enable all**. +1. Under "{% data variables.product.UI_advanced_security %}", to the right of "Grouped security updates", click **Disable all** or **Enable all**. 1. Optionally, to enable grouped {% data variables.product.prodname_dependabot_security_updates %} for new repositories in your organization, select **Automatically enable for new repositories**. {% endif %} diff --git a/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md b/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md index ef9fcf7309df..085e7b43911f 100644 --- a/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md +++ b/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md @@ -43,7 +43,7 @@ You enable {% data variables.product.prodname_dependabot_version_updates %} by c {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %} -1. Under {% ifversion code-security-wording-only %}"Code security"{% else %}"Code security and analysis"{% endif %}, to the right of "{% data variables.product.prodname_dependabot_version_updates %}", click **Enable** to open a basic `dependabot.yml` configuration file in the `.github` directory of your repository. {% data reusables.dependabot.link-to-yml-config-file %} +1. Under "{% data variables.product.UI_advanced_security %}", to the right of "{% data variables.product.prodname_dependabot_version_updates %}", click **Enable** to open a basic `dependabot.yml` configuration file in the `.github` directory of your repository. {% data reusables.dependabot.link-to-yml-config-file %} {% else %} 1. Create a `dependabot.yml` configuration file in the `.github` directory of your repository. You can use the snippet below as a starting point. {% data reusables.dependabot.link-to-yml-config-file %} {% endif %} @@ -117,7 +117,7 @@ On a fork, you also need to explicitly enable {% data variables.product.prodname {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %} -1. Under {% ifversion code-security-wording-only %}"Code security"{% else %}"Code security and analysis"{% endif %}, to the right of "{% data variables.product.prodname_dependabot_version_updates %}", click **Enable** to allow {% data variables.product.prodname_dependabot %} to initiate version updates. +1. Under "{% data variables.product.UI_advanced_security %}", to the right of "{% data variables.product.prodname_dependabot_version_updates %}", click **Enable** to allow {% data variables.product.prodname_dependabot %} to initiate version updates. ## Checking the status of version updates diff --git a/content/code-security/dependabot/maintain-dependencies/managing-dependabot-on-self-hosted-runners.md b/content/code-security/dependabot/maintain-dependencies/managing-dependabot-on-self-hosted-runners.md index fc4311d9b41e..789f9a7d0317 100644 --- a/content/code-security/dependabot/maintain-dependencies/managing-dependabot-on-self-hosted-runners.md +++ b/content/code-security/dependabot/maintain-dependencies/managing-dependabot-on-self-hosted-runners.md @@ -95,7 +95,7 @@ You can enable {% data variables.product.prodname_dependabot %} on self-hosted r {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} -1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security** then **Global settings**. +{% data reusables.security-configurations.display-global-settings %} 1. Under "Dependabot", select "{% data variables.product.prodname_dependabot %} on self-hosted runners" to enable the feature or deselect to disable it. This action enables or disables the feature for all new repositories in the organization. For more information, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization). diff --git a/content/code-security/dependabot/troubleshooting-dependabot/dependabot-updates-stopped.md b/content/code-security/dependabot/troubleshooting-dependabot/dependabot-updates-stopped.md index 0520dfdf0c22..3216e814f667 100644 --- a/content/code-security/dependabot/troubleshooting-dependabot/dependabot-updates-stopped.md +++ b/content/code-security/dependabot/troubleshooting-dependabot/dependabot-updates-stopped.md @@ -48,7 +48,7 @@ An inactive repository is a repository: When {% data variables.product.prodname_dependabot %} is paused, {% data variables.product.github %} adds a banner notice: * To all open {% data variables.product.prodname_dependabot %} pull requests. -* To the UI of the **Settings** tab of the repository (under {% ifversion ghes %}**Code security and analysis**{% else %}**Code security**{% endif %}, then **{% data variables.product.prodname_dependabot %}**). +* To the UI of the **Settings** tab of the repository (under **{% data variables.product.UI_advanced_security %}**, then **{% data variables.product.prodname_dependabot %}**). * To the list of {% data variables.product.prodname_dependabot_alerts %} (if {% data variables.product.prodname_dependabot_security_updates %} are affected). {% ifversion dependabot-updates-paused-enterprise-orgs %} Additionally, you will be able to see whether {% data variables.product.prodname_dependabot %} is paused at the organization level in the security overview. The `paused` status will also be visible via the API. For more information, see [AUTOTITLE](/rest/repos#enable-automated-security-fixes).{% endif %} diff --git a/content/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners.md b/content/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners.md index 84993847af2b..158dc3d9b1fd 100644 --- a/content/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners.md +++ b/content/code-security/dependabot/working-with-dependabot/about-dependabot-on-github-actions-runners.md @@ -82,7 +82,7 @@ If a repository in your organization has {% data variables.product.prodname_depe {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} -1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security** then **Global settings**. +{% data reusables.security-configurations.display-global-settings %} 1. Under "Dependabot", select "{% data variables.product.prodname_dependabot %} on Actions runners" to enable the feature or deselect to disable it. For more information, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#enabling-dependency-updates-on-github-actions-runners). diff --git a/content/code-security/getting-started/dependabot-quickstart-guide.md b/content/code-security/getting-started/dependabot-quickstart-guide.md index 00d9239e8009..f1bd749b2e4f 100644 --- a/content/code-security/getting-started/dependabot-quickstart-guide.md +++ b/content/code-security/getting-started/dependabot-quickstart-guide.md @@ -1,6 +1,6 @@ --- title: Dependabot quickstart guide -intro: 'You can use {% data variables.product.prodname_dependabot %} to alert you when your repository is using a software dependency with a known vulnerability. This guide will help get you started on enabling {% data variables.product.prodname_dependabot %} for a repository, and exploring reported alerts.' +intro: 'Find and fix vulnerable dependencies you rely on with {% data variables.product.prodname_dependabot %}.' product: '{% data reusables.gated-features.dependabot-alerts %}' versions: fpt: '*' @@ -18,7 +18,7 @@ shortTitle: Dependabot quickstart ## About {% data variables.product.prodname_dependabot %} -This quickstart guide walks you through setting up and enabling {% data variables.product.prodname_dependabot %} and viewing {% data variables.product.prodname_dependabot_alerts %} and updates for a repository. +This quickstart guide walks you through setting up and enabling {% data variables.product.prodname_dependabot %}, viewing {% data variables.product.prodname_dependabot_alerts %}, and updating your repository to use a secure version of the dependency. {% data reusables.dependabot.dependabot-overview %} @@ -44,7 +44,7 @@ You need to follow the steps below on the repository you forked in [Prerequisite {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %} -1. Under {% ifversion code-security-wording-only %}"Code security"{% else %}"Code security and analysis"{% endif %}, to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Enable** for {% data variables.product.prodname_dependabot_alerts %}, {% data variables.product.prodname_dependabot_security_updates %}, and {% data variables.product.prodname_dependabot_version_updates %}. +1. Under "{% data variables.product.UI_advanced_security %}", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Enable** for {% data variables.product.prodname_dependabot_alerts %}, {% data variables.product.prodname_dependabot_security_updates %}, and {% data variables.product.prodname_dependabot_version_updates %}. 1. Optionally, if you are interested in experimenting with {% data variables.product.prodname_dependabot_version_updates %}, click **.github/dependabot.yml**. This will create a default `dependabot.yml` configuration file in the `/.github` directory of your repository. To enable {% data variables.product.prodname_dependabot_version_updates %} for your repository, you typically configure this file to suit your needs by editing the default file, and committing your changes. You can refer to the snippet provided in [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#example-dependabotyml-file) for an example. > [!NOTE] diff --git a/content/code-security/getting-started/quickstart-for-securing-your-repository.md b/content/code-security/getting-started/quickstart-for-securing-your-repository.md index 96c6def55fed..e6ada1c89cfd 100644 --- a/content/code-security/getting-started/quickstart-for-securing-your-repository.md +++ b/content/code-security/getting-started/quickstart-for-securing-your-repository.md @@ -1,6 +1,6 @@ --- title: Quickstart for securing your repository -intro: 'You can use a number of {% data variables.product.prodname_dotcom %} features to help keep your repository secure.' +intro: 'Manage access to your code. Find and fix vulnerable code and dependencies automatically.' permissions: '{% data reusables.permissions.security-repo-enable %}' redirect_from: - /github/administering-a-repository/about-securing-your-repository @@ -43,7 +43,7 @@ From the main page of your repository, click **{% octicon "gear" aria-hidden="tr {% data reusables.dependency-graph.feature-availability %} The dependency graph interprets manifest and lock files in a repository to identify dependencies. 1. From the main page of your repository, click **{% octicon "gear" aria-hidden="true" %} Settings**. -1. Click {% ifversion code-security-wording-only %}**Code security**{% else %}**Code security and analysis**{% endif %}. +1. Click **{% data variables.product.UI_advanced_security %}**. 1. Next to Dependency graph, click **Enable** or **Disable**. {% endif %} @@ -61,7 +61,7 @@ For more information, see [AUTOTITLE](/code-security/supply-chain-security/under {% ifversion fpt or ghec %} 1. Click your profile photo, then click **Settings**. -1. Click {% ifversion code-security-wording-only %}**Code security**{% else %}**Code security and analysis**{% endif %}. +1. Click **{% data variables.product.UI_advanced_security %}**. 1. Click **Enable all** next to {% data variables.product.prodname_dependabot_alerts %}. {% endif %} @@ -80,7 +80,7 @@ Dependency review lets you visualize dependency changes in pull requests before Dependency review is a {% data variables.product.prodname_GH_code_security %} feature. {% ifversion fpt or ghec %}Dependency review is already enabled for all public repositories. {% ifversion fpt %}Organizations that use {% ifversion ghas-products-cloud %}{% data variables.product.prodname_team %} or {% endif %}{% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_GH_code_security %} can additionally enable dependency review for private and internal repositories. For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/getting-started/quickstart-for-securing-your-repository#managing-dependency-review). {% endif %}{% endif %}{% ifversion ghec or ghes %}To enable dependency review for a {% ifversion ghec %}private or internal {% endif %}repository, ensure that the dependency graph is enabled and enable {% data variables.product.prodname_GH_code_security %}. 1. From the main page of your repository, click **{% octicon "gear" aria-hidden="true" %} Settings**. -1. Click {% ifversion code-security-wording-only %}**Code security**{% else %}**Code security and analysis**{% endif %}. +1. Click **{% data variables.product.UI_advanced_security %}**. 1. {% ifversion ghec %}If dependency graph is not already enabled, click **Enable**.{% elsif ghes %}Check that dependency graph is configured for your enterprise.{% endif %} 1. If {% data variables.product.prodname_GH_advanced_security %} is not already enabled, click **Enable**. @@ -91,7 +91,7 @@ Dependency review is a {% data variables.product.prodname_GH_code_security %} fe For any repository that uses {% data variables.product.prodname_dependabot_alerts %}, you can enable {% data variables.product.prodname_dependabot_security_updates %} to raise pull requests with security updates when vulnerabilities are detected. 1. From the main page of your repository, click **{% octicon "gear" aria-hidden="true" %} Settings**. -1. Click {% ifversion code-security-wording-only %}**Code security**{% else %}**Code security and analysis**{% endif %}. +1. Click **{% data variables.product.UI_advanced_security %}**. 1. Next to {% data variables.product.prodname_dependabot_security_updates %}, click **Enable**. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates) and [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates). @@ -102,7 +102,7 @@ You can enable {% data variables.product.prodname_dependabot %} to automatically {% ifversion dependabot-settings-update-37 %} 1. From the main page of your repository, click **{% octicon "gear" aria-hidden="true" %} Settings**. -1. Click {% ifversion code-security-wording-only %}**Code security**{% else %}**Code security and analysis**{% endif %}. +1. Click **{% data variables.product.UI_advanced_security %}**. 1. Next to {% data variables.product.prodname_dependabot_version_updates %}, click **Enable** to create a basic `dependabot.yml` configuration file. 1. Specify the dependencies to update and any associated configuration options, then commit the file to the repository. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#enabling-dependabot-version-updates). @@ -118,7 +118,7 @@ To enable {% data variables.product.prodname_dependabot_version_updates %}, you You can configure {% data variables.product.prodname_code_scanning %} to automatically identify vulnerabilities and errors in the code stored in your repository by using a {% data variables.code-scanning.codeql_workflow %} or third-party tool. Depending on the programming languages in your repository, you can configure {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %} using default setup, in which {% data variables.product.prodname_dotcom %} automatically determines the languages to scan, query suites to run, and events that will trigger a new scan. For more information, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning). 1. From the main page of your repository, click **{% octicon "gear" aria-hidden="true" %} Settings**. -1. In the "Security" section of the sidebar, click **{% octicon "shield-lock" aria-hidden="true" %} {% ifversion code-security-wording-only %}Code security{% else %}Code security and analysis{% endif %}**. +1. In the "Security" section of the sidebar, click **{% octicon "shield-lock" aria-hidden="true" %} {% data variables.product.UI_advanced_security %}**. 1. In the "{% data variables.product.prodname_code_scanning_caps %}" section, select **Set up** {% octicon "triangle-down" aria-hidden="true" %}, then click **Default**. 1. In the pop-up window that appears, review the default configuration settings for your repository, then click **Enable {% data variables.product.prodname_codeql %}**. @@ -129,7 +129,7 @@ Alternatively, you can use advanced setup, which generates a workflow file you c {% data reusables.gated-features.secret-scanning %} 1. From the main page of your repository, click **{% octicon "gear" aria-hidden="true" %} Settings**. -1. Click {% ifversion code-security-wording-only %}**Code security**{% else %}**Code security and analysis**{% endif %}. +1. Click **{% data variables.product.UI_advanced_security %}**. {% ifversion ghec or ghes %} 1. If {% data variables.product.prodname_GH_advanced_security %} is not already enabled, click **Enable**.{% endif %} 1. Next to {% data variables.product.prodname_secret_scanning_caps %}, click **Enable**. diff --git a/content/code-security/index.md b/content/code-security/index.md index a5b708081888..8df92c6787e0 100644 --- a/content/code-security/index.md +++ b/content/code-security/index.md @@ -1,30 +1,30 @@ --- -title: Code security documentation -shortTitle: Code security -intro: 'Build security into your {% data variables.product.prodname_dotcom %} workflow with features to keep secrets and vulnerabilities out of your codebase, and to maintain your software supply chain.' +title: Secure coding documentation +shortTitle: Secure coding +intro: 'Build security into your {% data variables.product.github %} workflow to secure your software supply chain, automatically find and fix vulnerabilities in your codebase, and prevent data leaks.' redirect_from: - /code-security/guides introLinks: overview: /code-security/getting-started/github-security-features try_ghas_for_free: '{% ifversion ghec %}/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security{% endif %}' featuredLinks: - startHere: + startHere: # Links aimed at the builder audience - /code-security/getting-started/quickstart-for-securing-your-repository - - '{% ifversion fpt or ghec %}/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory{% endif %}' + - /code-security/secret-scanning/working-with-secret-scanning-and-push-protection + - /code-security/getting-started/dependabot-quickstart-guide - /code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning guideCards: + - /code-security/trialing-github-advanced-security/planning-a-trial-of-ghas + - /code-security/secret-scanning/enabling-secret-scanning-features + - /code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning - /code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates - /code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates - - /code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning - - /code-security/supply-chain-security/end-to-end-supply-chain/end-to-end-supply-chain-overview - popular: + popular: # Links aimed at the driver audience - '{% ifversion ghes %}/admin/release-notes{% endif %}' - - /code-security/dependabot/dependabot-alerts/about-dependabot-alerts - /code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/about-coordinated-disclosure-of-security-vulnerabilities - - /code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot - - /code-security/dependabot/working-with-dependabot/dependabot-options-reference - - /code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot - - /code-security/dependabot/troubleshooting-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies + - /code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization + - /code-security/securing-your-organization/fixing-security-alerts-at-scale/best-practice-fix-alerts-at-scale + - /code-security/dependabot/maintain-dependencies/best-practices-for-maintaining-dependencies changelog: label: security-and-compliance versions: diff --git a/content/code-security/secret-scanning/copilot-secret-scanning/enabling-ai-powered-generic-secret-detection.md b/content/code-security/secret-scanning/copilot-secret-scanning/enabling-ai-powered-generic-secret-detection.md index 0d17b7fb7a73..86ce2db6253d 100644 --- a/content/code-security/secret-scanning/copilot-secret-scanning/enabling-ai-powered-generic-secret-detection.md +++ b/content/code-security/secret-scanning/copilot-secret-scanning/enabling-ai-powered-generic-secret-detection.md @@ -37,7 +37,7 @@ You can then enable {% data variables.secret-scanning.generic-secret-detection % {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} -1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security** then **Global settings**. +{% data reusables.security-configurations.display-global-settings %} 1. Under "Secret scanning", select the checkbox next to "Scan for generic secrets". For information on how to view alerts for generic secrets that have been detected using AI, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts). diff --git a/content/code-security/secret-scanning/copilot-secret-scanning/generating-regular-expressions-for-custom-patterns-with-copilot-secret-scanning.md b/content/code-security/secret-scanning/copilot-secret-scanning/generating-regular-expressions-for-custom-patterns-with-copilot-secret-scanning.md index a3465fff5732..97292c925ef7 100644 --- a/content/code-security/secret-scanning/copilot-secret-scanning/generating-regular-expressions-for-custom-patterns-with-copilot-secret-scanning.md +++ b/content/code-security/secret-scanning/copilot-secret-scanning/generating-regular-expressions-for-custom-patterns-with-copilot-secret-scanning.md @@ -38,7 +38,7 @@ redirect_from: {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} -1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security** then **Global settings**. +{% data reusables.security-configurations.display-global-settings %} {% data reusables.advanced-security.secret-scanning-new-custom-pattern-org %} {% data reusables.advanced-security.secret-scanning-generate-regular-expression-custom-pattern %} 1. When you're ready to test your new custom pattern, to identify matches in selected repositories without creating alerts, click **Save and dry run**. diff --git a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md index 11322643a39b..308dc8be248c 100644 --- a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md +++ b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md @@ -16,7 +16,7 @@ topics: ## About enabling push protection -To enable push protection for a repository, you must first enable {% data variables.product.prodname_secret_scanning %}. You can then enable push protection in the repository's {% ifversion code-security-wording-only %}"Code security"{% else %}"Code security and analysis"{% endif %} settings page following the steps outlined in this article. +To enable push protection for a repository, you must first enable {% data variables.product.prodname_secret_scanning %}. You can then enable push protection in the repository's "{% data variables.product.UI_advanced_security %}" settings page following the steps outlined in this article. {% ifversion secret-scanning-push-protection-for-users %} diff --git a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository.md b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository.md index 4735bc855ad1..b1b9e116a560 100644 --- a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository.md +++ b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository.md @@ -55,10 +55,10 @@ If your organization is owned by an enterprise account, an enterprise owner can 1. Review the impact of enabling {% data variables.product.prodname_advanced_security %}, then click **Enable {% data variables.product.prodname_GH_advanced_security %} for this repository**. 1. When you enable {% data variables.product.prodname_advanced_security %}, {% data variables.product.prodname_secret_scanning %} may automatically be enabled for the repository due to the organization's settings. If "{% data variables.product.prodname_secret_scanning_caps %}" is shown with an **Enable** button, you still need to enable {% data variables.product.prodname_secret_scanning %} by clicking **Enable**. If you see a **Disable** button, {% data variables.product.prodname_secret_scanning %} is already enabled. - ![Screenshot of the "{% data variables.product.prodname_secret_scanning_caps %}" section of the {% ifversion code-security-wording-only %}"Code security"{% else %}"Code security and analysis"{% endif %} page, with the "Enable" button highlighted in a dark orange outline.](/assets/images/help/repository/enable-secret-scanning-alerts.png){% endif %}{% ifversion fpt %} + ![Screenshot of the "{% data variables.product.prodname_secret_scanning_caps %}" section of the "{% data variables.product.UI_advanced_security %}" page, with the "Enable" button highlighted in a dark orange outline.](/assets/images/help/repository/enable-secret-scanning-alerts.png){% endif %}{% ifversion fpt %} 1. Scroll down to the bottom of the page, and click **Enable** for {% data variables.product.prodname_secret_scanning %}. If you see a **Disable** button, it means that {% data variables.product.prodname_secret_scanning %} is already enabled for the repository. - ![Screenshot of the "{% data variables.product.prodname_secret_scanning_caps %}" section of the {% ifversion code-security-wording-only %}"Code security"{% else %}"Code security and analysis"{% endif %} page, with the "Enable" button highlighted in a dark orange outline.](/assets/images/help/repository/enable-secret-scanning-alerts.png){% endif %} + ![Screenshot of the "{% data variables.product.prodname_secret_scanning_caps %}" section of the "{% data variables.product.UI_advanced_security %}" page, with the "Enable" button highlighted in a dark orange outline.](/assets/images/help/repository/enable-secret-scanning-alerts.png){% endif %} A repository administrator can choose to disable {% data variables.product.prodname_secret_scanning %} for a repository at any time. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository). diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md index affc13054b1b..bbd408060fe5 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md @@ -113,7 +113,7 @@ To enable {% data variables.product.prodname_secret_scanning %} on all repositor {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% ifversion security-configurations %} -1. In the "Security" section of the sidebar, select the **Code security** dropdown menu, then click **{% data variables.product.prodname_global_settings_caps %}**. +1. In the "Security" section of the sidebar, select the **{% data variables.product.UI_advanced_security %}** dropdown menu, then click **{% data variables.product.prodname_global_settings_caps %}**. {% else %} {% data reusables.organizations.security-and-analysis %} {% data reusables.repositories.navigate-to-ghas-settings %} @@ -141,7 +141,7 @@ Before defining a custom pattern, you must ensure that you enable secret scannin {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.policies-tab %} {% data reusables.enterprise-accounts.code-security-and-analysis-policies %} -1. Under "{% ifversion code-security-wording-only-enterprise %}Code security{% else %}Code security and analysis{% endif %}", click **Security features**. +1. Under "{% data variables.product.UI_advanced_security_ent %}", click **Security features**. 1. Under "Secret scanning custom patterns", click **New pattern**. {% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %} 1. When you're ready to test your new custom pattern, to identify matches in the enterprise without creating alerts, click **Save and dry run**. diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md index 3e941e46d838..73823129e421 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md @@ -53,7 +53,7 @@ Before enabling push protection for a custom pattern at enterprise level, you mu {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.policies-tab %} {% data reusables.enterprise-accounts.code-security-and-analysis-policies %} -1. Under "{% ifversion code-security-wording-only-enterprise %}Code security{% else %}Code security and analysis{% endif %}", click **Security features**. +1. Under "{% data variables.product.UI_advanced_security_ent %}", click **Security features**. {% data reusables.advanced-security.secret-scanning-edit-custom-pattern %} >[!NOTE] At the enterprise level, you can only edit and enable push protection for custom patterns that you created. @@ -71,7 +71,7 @@ Before enabling push protection for a custom pattern at organization level, you {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% ifversion security-configurations %} -1. In the "Security" section of the sidebar, select the **Code security** dropdown menu, then click **{% data variables.product.prodname_global_settings_caps %}**. +1. In the "Security" section of the sidebar, select the **{% data variables.product.UI_advanced_security %}** dropdown menu, then click **{% data variables.product.prodname_global_settings_caps %}**. 1. Under "Custom patterns", click {% octicon "pencil" aria-label="Edit custom pattern" %} for the pattern of interest. {% else %} {% data reusables.organizations.security-and-analysis %} diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md index c5d4ce6bec41..8a30cd4e423e 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md @@ -73,7 +73,7 @@ To learn more about security configurations, see [AUTOTITLE](/code-security/secu {% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.org_settings %} {% ifversion security-configurations %} -1. In the "Security" section of the sidebar, select the **Code security** dropdown menu, then click **{% data variables.product.prodname_global_settings_caps %}**. +1. In the "Security" section of the sidebar, select the **{% data variables.product.UI_advanced_security %}** dropdown menu, then click **{% data variables.product.prodname_global_settings_caps %}**. {% else %} {% data reusables.organizations.security-and-analysis %} {% data reusables.repositories.navigate-to-ghas-settings %} diff --git a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/index.md b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/index.md index d11874e4eacd..279b31553cb8 100644 --- a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/index.md +++ b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/index.md @@ -2,7 +2,7 @@ title: Working with secret scanning and push protection shortTitle: Work with secret scanning allowTitleToDifferFromFilename: true -intro: '{% data variables.product.prodname_secret_scanning_caps %} scans for and detects secrets that have been checked into a repository. Push protection proactively secures you against leaking secrets by blocking pushes containing secrets.' +intro: 'Avoid leaking sensitive data by blocking pushes containing tokens and other secrets.' product: '{% data reusables.gated-features.secret-scanning %}' versions: fpt: '*' diff --git a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md index 749b1149e537..faff085a80e5 100644 --- a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md +++ b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md @@ -20,7 +20,7 @@ Alongside {% data variables.product.prodname_security_configurations %}, which d {% data reusables.profile.access_org %} {% data reusables.organizations.org_settings %} -1. In the "Security" section of the sidebar, select the **Code security** dropdown menu, then click **{% data variables.product.prodname_global_settings_caps %}**. +1. In the "Security" section of the sidebar, select the **{% data variables.product.UI_advanced_security %}** dropdown menu, then click **{% data variables.product.prodname_global_settings_caps %}**. ## Configuring global {% data variables.product.prodname_dependabot %} settings diff --git a/content/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository.md b/content/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository.md index 9ca8aa908e23..c293b94a8edc 100644 --- a/content/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository.md +++ b/content/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository.md @@ -30,7 +30,7 @@ The instructions in this article refer to enablement at repository level. For in {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %} -1. Under "Code security and analysis", to the right of "Private vulnerability reporting", click **Enable** or **Disable**, to enable or disable the feature, respectively. +1. Under "{% data variables.product.UI_advanced_security %}", to the right of "Private vulnerability reporting", click **Enable** or **Disable**, to enable or disable the feature, respectively. ![Screenshot of the "Code security and analysis" page, showing the "Private vulnerability reporting" setting. The "Enable" button is outlined in orange.](/assets/images/help/security/private-vulnerability-reporting-enable-or-disable-repo.png) {% data reusables.security-advisory.private-vulnerability-reporting-security-researcher %} diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md index e3434746e5ac..77b81908f3eb 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md @@ -50,7 +50,15 @@ Enterprise owners can configure the dependency graph at an enterprise level. For ### Dependencies view {% ifversion fpt or ghec %} -For each dependency, you can see its ecosystem, the manifest file in which it was found, and the license (where detected). Dependencies on private repositories, private packages, or unrecognized files are shown in plain text. If the package manager for the dependency is in a public repository, you can hover on the dependency name to display a pop-up with the associated repository information. +For each dependency, you can see its ecosystem, the manifest file in which it was found, and the license (where detected). + +* Dependencies for private repositories, private packages, or unrecognized files are shown in plain text. +* If the package manager for the dependency is in a public repository, you can hover on the dependency name to display a pop-up with the associated repository information. +* You can sort and filter dependencies by typing filters as `key:value` pairs into the search bar. + + * Use `ecosystem: ` to display dependencies for the selected ecosystem.{% ifversion transitive-dependency-labeling-npm %} + * **For npm only.** Use `relationship:` to filter the list by relationship status. Possible values are `direct`, `transitive`, and `inconclusive`. Alternatively, you can click the relationship label adjacent to a dependency name to only show dependencies of the same relationship status.{% endif %} + {% endif %} {% ifversion ghes %} @@ -97,7 +105,7 @@ The "Used by" section represents a single package from the repository. If you ha {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %} -1. Under "Code security and analysis", click the drop-down menu in the "Used by counter" section and choose a package. +1. Under "{% data variables.product.UI_advanced_security %}", click the drop-down menu in the "Used by counter" section and choose a package. {% endif %} diff --git a/content/code-security/trialing-github-advanced-security/enable-security-features-trial.md b/content/code-security/trialing-github-advanced-security/enable-security-features-trial.md index 1c042af706da..82859a3d915f 100644 --- a/content/code-security/trialing-github-advanced-security/enable-security-features-trial.md +++ b/content/code-security/trialing-github-advanced-security/enable-security-features-trial.md @@ -24,7 +24,7 @@ When you planned your trial, you identified the features that you want to test a 1. In the top-right corner of {% data variables.product.prodname_dotcom %}, click your profile photo. 1. Depending on your environment, click **Your enterprise**, or click **Your enterprises** then click your trial enterprise. {% data reusables.enterprise-accounts.settings-tab %} -1. In the left sidebar, click **Code security** to display the security configurations page. +{% data reusables.enterprise-accounts.advanced-security-tab %} 1. Click **New configuration** to create a new configuration. 1. Give the configuration a meaningful name and description. 1. You will see that most features are already enabled. Review the features that are **Not set** and enable any that you want to trial, for example: "Automatic dependency submission." @@ -52,14 +52,14 @@ You may find it helpful to apply an enterprise security configuration to all rep ### Enterprise-level application 1. Open your trial enterprise. -1. In the sidebar, click **Settings** and then **Code security** to display the security configurations page. +1. In the sidebar, click **Settings** and then {% ifversion ghas-products-cloud %}**{% data variables.product.prodname_AS %}**{% else %}**Code security**{% endif %} to display the security configurations page. 1. For the configuration you want to apply, click **Apply to** and choose whether to apply the configuration to all repositories in the enterprise or just to the repositories without an existing security configuration. ### Organization-level application 1. Open an organization in your trial enterprise. 1. Click the **Settings** tab to display the organization settings. -1. In the sidebar, click **Code security** and then **Configurations** to display the security configurations page. +1. In the sidebar, click {% ifversion ghas-products-cloud %}**{% data variables.product.prodname_AS %}**{% else %}**Code security**{% endif %} and then **Configurations** to display the security configurations page. 1. Optionally, select the **Apply to** dropdown menu and click either **All repositories**, to apply any configuration to all repositories in the organization, or **All repositories without configurations**, to configure just the repositories in the organization without an existing security configuration. 1. Optionally, in the "Apply configurations" section use the "Search repositories" field or **Filter** button to filter repositories. Then select one or more repositories and use the **Apply configuration** button to choose a configuration to apply to those repositories. diff --git a/content/code-security/trialing-github-advanced-security/explore-trial-code-scanning.md b/content/code-security/trialing-github-advanced-security/explore-trial-code-scanning.md index 6ee17117b193..9670da0a86f1 100644 --- a/content/code-security/trialing-github-advanced-security/explore-trial-code-scanning.md +++ b/content/code-security/trialing-github-advanced-security/explore-trial-code-scanning.md @@ -36,7 +36,7 @@ By default, only the repository administrator and the organization owner can vie The default setup for {% data variables.product.prodname_code_scanning %} runs a set of high confidence queries. These are chosen to ensure that, when you roll out {% data variables.product.prodname_code_scanning %} across your whole codebase, developers see a limited set of high quality results, with few false positive results. -You can see a summary of any results found in the organizations in your trial enterprise in the **Code security** tab for the enterprise. There are also separate views for each type of security alert, see [AUTOTITLE](/code-security/security-overview/viewing-security-insights). +You can see a summary of any results found in the organizations in your trial enterprise in the **{% ifversion ghas-products-cloud %}{% data variables.product.prodname_AS %}{% else %}Code security{% endif %}** tab for the enterprise. There are also separate views for each type of security alert, see [AUTOTITLE](/code-security/security-overview/viewing-security-insights). If you don't see the results you expect for {% data variables.product.prodname_code_scanning %}, you can update default setup to run an extended query suite for repositories where you expected to find more results. This is controlled at the repository level, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup). @@ -98,7 +98,7 @@ By default, users request a review from {% data variables.product.prodname_copil There are two levels of control: -* Enterprises can allow or block use of {% data variables.product.prodname_copilot_autofix_short %} throughout the enterprise using the "Code security" policy, see: [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise). +* Enterprises can allow or block use of {% data variables.product.prodname_copilot_autofix_short %} throughout the enterprise using an "{% ifversion ghas-products %}{% data variables.product.prodname_AS %}{% else %}Code security{% endif %}" policy, see: [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise). * Organizations can enable or disable {% data variables.product.prodname_copilot_autofix_short %} for all organization-owned repositories in the "Global settings" for the organization, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization). ## Engage developers in security remediation diff --git a/content/code-security/trialing-github-advanced-security/explore-trial-secret-scanning.md b/content/code-security/trialing-github-advanced-security/explore-trial-secret-scanning.md index 7a73e981cc4c..fb03f69d51f0 100644 --- a/content/code-security/trialing-github-advanced-security/explore-trial-secret-scanning.md +++ b/content/code-security/trialing-github-advanced-security/explore-trial-secret-scanning.md @@ -30,7 +30,7 @@ Most enterprises choose to enable {% data variables.product.prodname_secret_scan By default, only the repository administrator and the organization owner can view all {% data variables.product.prodname_secret_scanning %} alerts in their area. You should assign the predefined security manager role to all organization teams and users who you want to access the alerts found during the trial. You may also want to give the enterprise account owner this role for each organization in the trial. For more information, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization). -You can see a summary of any results found in the organizations in your trial enterprise in the **Code security** tab for the enterprise. There are also separate views for each type of security alert, see [AUTOTITLE](/code-security/security-overview/viewing-security-insights). +You can see a summary of any results found in the organizations in your trial enterprise in the **{% ifversion ghas-products-cloud %}{% data variables.product.prodname_AS %}{% else %}Code security{% endif %}** tab for the enterprise. There are also separate views for each type of security alert, see [AUTOTITLE](/code-security/security-overview/viewing-security-insights). ## Identify additional access tokens diff --git a/content/contributing/style-guide-and-content-model/style-guide.md b/content/contributing/style-guide-and-content-model/style-guide.md index 6e9c1d3e0b7f..fcb191d60a93 100644 --- a/content/contributing/style-guide-and-content-model/style-guide.md +++ b/content/contributing/style-guide-and-content-model/style-guide.md @@ -1642,7 +1642,7 @@ The following documentation should reference "user accounts." * The [AUTOTITLE](/enterprise-cloud@latest/admin) product * Enterprise-specific billing documentation, like [AUTOTITLE](/enterprise-cloud@latest/billing/managing-your-github-billing-settings/about-billing-for-your-enterprise) -* Content within other products that's intended for an administrative audience, like [AUTOTITLE](/enterprise-cloud@latest/code-security/supply-chain-security/end-to-end-supply-chain/securing-accounts) in the "Code security" product or [AUTOTITLE](/enterprise-cloud@latest/admin/overview/setting-up-a-trial-of-github-enterprise-cloud) in the "Get started" product +* Content within other products that's intended for an administrative audience, like [AUTOTITLE](/enterprise-cloud@latest/code-security/supply-chain-security/end-to-end-supply-chain/securing-accounts) in the "Secure coding" product or [AUTOTITLE](/enterprise-cloud@latest/admin/overview/setting-up-a-trial-of-github-enterprise-cloud) in the "Get started" product * Enterprise-specific API content, like the [AUTOTITLE](/enterprise-cloud@latest/rest/reference/enterprise-admin) REST API reference documentation For enterprises on {% data variables.product.prodname_ghe_cloud %} that don't use {% data variables.product.prodname_emus %}, use "personal account" when describing members of organizations owned by the enterprise. diff --git a/content/copilot/using-github-copilot/ai-models/changing-the-ai-model-for-copilot-chat.md b/content/copilot/using-github-copilot/ai-models/changing-the-ai-model-for-copilot-chat.md index 8c8ea554e254..0652667221ce 100644 --- a/content/copilot/using-github-copilot/ai-models/changing-the-ai-model-for-copilot-chat.md +++ b/content/copilot/using-github-copilot/ai-models/changing-the-ai-model-for-copilot-chat.md @@ -145,6 +145,8 @@ The following models are currently available through multi-model {% data variabl * {% data reusables.copilot.model-description-o1 %} * {% data reusables.copilot.model-description-o3-mini %} +For more information about these models, see: + * **OpenAI's GPT-4o, o1, and o3-mini models**: [Models](https://platform.openai.com/docs/models) in the OpenAI Platform documentation. * **Anthropic's {% data variables.copilot.copilot_claude_sonnet %} models**: [AUTOTITLE](/copilot/using-github-copilot/ai-models/using-claude-sonnet-in-github-copilot). * **Google's {% data variables.copilot.copilot_gemini_flash %} model**: [AUTOTITLE](/copilot/using-github-copilot/ai-models/using-gemini-flash-in-github-copilot). diff --git a/content/copilot/using-github-copilot/ai-models/changing-the-ai-model-for-copilot-code-completion.md b/content/copilot/using-github-copilot/ai-models/changing-the-ai-model-for-copilot-code-completion.md index 46b8753deddc..4f567f3381b7 100644 --- a/content/copilot/using-github-copilot/ai-models/changing-the-ai-model-for-copilot-code-completion.md +++ b/content/copilot/using-github-copilot/ai-models/changing-the-ai-model-for-copilot-code-completion.md @@ -10,7 +10,7 @@ topics: ## Overview -By default, {% data variables.product.prodname_copilot_short %} code completion uses the GPT 3.5 Turbo large language model (LLM). As an alternative, if you use {% data variables.product.prodname_vscode_shortname %}, you can choose to use a model based on GPT 4o-mini. This model has been trained on a wide range of high quality public {% data variables.product.github %} repositories, providing coverage of over 30 programming languages. Its knowledge base is more current than the default model and you may find that it generates completion suggestions more quickly. +By default, {% data variables.product.prodname_copilot_short %} code completion uses the GPT 3.5 Turbo large language model (LLM). As an alternative, you can choose to use a model based on GPT 4o-mini. This model has been trained on a wide range of high quality public {% data variables.product.github %} repositories, providing coverage of over 30 programming languages. Its knowledge base is more current than the default model and you may find that it generates completion suggestions more quickly. > [!NOTE] > * Multiple model support for {% data variables.product.prodname_copilot_short %} code completion is in {% data variables.release-phases.public_preview %} and is subject to change. diff --git a/content/index.md b/content/index.md index bab6e1c80cb3..28104dbab921 100644 --- a/content/index.md +++ b/content/index.md @@ -121,11 +121,11 @@ childGroups: octicon: ShieldLockIcon children: - code-security + - code-security/secret-scanning - code-security/supply-chain-security - - code-security/security-advisories - code-security/dependabot - code-security/code-scanning - - code-security/secret-scanning + - code-security/security-advisories - name: Client apps octicon: DeviceMobileIcon children: diff --git a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md index c34fc9cd9f34..77b652c44b92 100644 --- a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md +++ b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md @@ -60,7 +60,7 @@ You can use security overview to find a set of repositories and enable or disabl {% endif %} 1. Go to the security and analysis settings for your organization. For more information, see [Displaying the security and analysis settings](#displaying-the-security-and-analysis-settings). -1. Under "Code security and analysis", to the right of the feature, click **Disable all** or **Enable all** to display a confirmation dialog box. The control for "{% data variables.product.prodname_GHAS %}" is disabled if you have no available licenses for {% data variables.product.prodname_GHAS %}. +1. Under "{% data variables.product.UI_advanced_security %}", to the right of the feature, click **Disable all** or **Enable all** to display a confirmation dialog box. The control for "{% data variables.product.prodname_GHAS %}" is disabled if you have no available licenses for {% data variables.product.prodname_GHAS %}. 1. Review the information in the dialog box. 1. Optionally, if you are enabling private vulnerability reporting, dependency graph, or {% data variables.product.prodname_dependabot %}, select **Enable by default for new repositories**. @@ -80,7 +80,7 @@ You can use security overview to find a set of repositories and enable or disabl ## Enabling or disabling a feature automatically when new repositories are added 1. Go to the security and analysis settings for your organization. For more information, see [Displaying the security and analysis settings](#displaying-the-security-and-analysis-settings). -1. Under "Code security and analysis", locate the feature, enable or disable the feature by default for new repositories in your organization. +1. Under "{% data variables.product.UI_advanced_security %}", locate the feature, enable or disable the feature by default for new repositories in your organization. {% endif %} diff --git a/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization.md b/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization.md index 66f35195544d..81040554496f 100644 --- a/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization.md +++ b/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization.md @@ -53,7 +53,7 @@ You can assign the security manager role to a maximum of 10 teams in your organi {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% ifversion security-configurations %} -1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security** then **Global settings**. +{% data reusables.security-configurations.display-global-settings %} {% else %} {% data reusables.organizations.security-and-analysis %} {% endif %} @@ -64,7 +64,7 @@ You can assign the security manager role to a maximum of 10 teams in your organi {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% ifversion security-configurations %} -1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security** then **Global settings**. +{% data reusables.security-configurations.display-global-settings %} {% else %} {% data reusables.organizations.security-and-analysis %} {% endif %} diff --git a/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository.md b/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository.md index 94c260cccd64..128741af1cb0 100644 --- a/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository.md +++ b/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository.md @@ -54,7 +54,7 @@ Other features are permanently enabled for public repositories, such as the depe {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %} -1. Under {% ifversion code-security-wording-only %}"Code security"{% else %}"Code security and analysis"{% endif %}, to the right of the feature, click **Disable** or **Enable**. +1. Under "{% data variables.product.UI_advanced_security %}", to the right of the feature, click **Disable** or **Enable**. {% endif %} @@ -67,7 +67,7 @@ You can manage the security and analysis features for your {% ifversion fpt or g {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %} -1. Under {% ifversion code-security-wording-only %}"Code security"{% else %}"Code security and analysis"{% endif %}, to the right of the feature, click **Disable** or **Enable**. {% ifversion not fpt %}The control for "{% data variables.product.prodname_GH_advanced_security %}" is disabled if your enterprise has no available licenses for {% data variables.product.prodname_GH_advanced_security %} features.{% endif %} +1. Under "{% data variables.product.UI_advanced_security %}", to the right of the feature, click **Disable** or **Enable**. {% ifversion not fpt %}The control for "{% data variables.product.prodname_GH_advanced_security %}" is disabled if your enterprise has no available licenses for {% data variables.product.prodname_GH_advanced_security %} features.{% endif %} > [!NOTE] > If you disable {% ifversion ghas-products %}{% data variables.product.prodname_GH_code_security %} and {% data variables.product.prodname_GH_secret_protection %}{% else %}{% data variables.product.prodname_GH_advanced_security %}{% endif %}, dependency review, {% data variables.secret-scanning.user_alerts %} and {% data variables.product.prodname_code_scanning %} are disabled. Any workflows, SARIF uploads, or API calls for {% data variables.product.prodname_code_scanning %} will fail. If {% data variables.product.prodname_GH_code_security %} is re-enabled, {% data variables.product.prodname_code_scanning %} will return to its previous state. diff --git a/data/features/code-security-wording-only.yml b/data/features/code-security-wording-only.yml index f069057c5537..875e0023be02 100644 --- a/data/features/code-security-wording-only.yml +++ b/data/features/code-security-wording-only.yml @@ -3,3 +3,4 @@ versions: fpt: '*' ghec: '*' + ghes: '>= 3.16' diff --git a/data/features/transitive-dependency-labeling-npm.yml b/data/features/transitive-dependency-labeling-npm.yml new file mode 100644 index 000000000000..8ecbdad86641 --- /dev/null +++ b/data/features/transitive-dependency-labeling-npm.yml @@ -0,0 +1,5 @@ +# Issue 15878: Transitive Dependency labeling for npm [GA] + +versions: + fpt: '*' + ghec: '*' diff --git a/data/reusables/dependabot/dependabot-alerts-enterprise-server-repo-org-enablement.md b/data/reusables/dependabot/dependabot-alerts-enterprise-server-repo-org-enablement.md index 381ebf9cb810..7ebe4a17e576 100644 --- a/data/reusables/dependabot/dependabot-alerts-enterprise-server-repo-org-enablement.md +++ b/data/reusables/dependabot/dependabot-alerts-enterprise-server-repo-org-enablement.md @@ -1,3 +1,3 @@ Enterprise owners must configure the dependency graph and {% data variables.product.prodname_dependabot_alerts %} for an enterprise. -Once {% data variables.product.prodname_dependabot_alerts %} have been configured, repository administrators and organization owners can enable {% data variables.product.prodname_dependabot_alerts %} for private and internal repositories in their {% ifversion code-security-wording-only %}"Code security"{% else %}"Code security and analysis"{% endif %} settings page. Public repositories are enabled by default. For more information, see [AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise), [AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise), and [AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts). +Once {% data variables.product.prodname_dependabot_alerts %} have been configured, repository administrators and organization owners can enable {% data variables.product.prodname_dependabot_alerts %} for private and internal repositories in their "{% data variables.product.UI_advanced_security %}" settings page. Public repositories are enabled by default. For more information, see [AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise), [AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise), and [AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts). diff --git a/data/reusables/dependabot/dependabot-alerts-filters.md b/data/reusables/dependabot/dependabot-alerts-filters.md index 6f4808b376bb..ffeb57482cc6 100644 --- a/data/reusables/dependabot/dependabot-alerts-filters.md +++ b/data/reusables/dependabot/dependabot-alerts-filters.md @@ -7,10 +7,16 @@ You can sort and filter {% data variables.product.prodname_dependabot_alerts %} | `is` | Displays alerts based on their state | Use `is:open` to show open alerts | | `manifest` | Displays alerts for the selected manifest | Use `manifest:webwolf/pom.xml` to show alerts on the pom.xml file of the webwolf application | | `package` | Displays alerts for the selected package | Use `package:django` to show alerts for django | +| {% ifversion transitive-dependency-labeling-npm %} | +| `relationship` | Displays alerts of the selected relationship status
Note that this filter is only available for npm. | Use `relationship:direct` to show alerts for direct dependencies (marked with the `Direct` label). | +| {% endif %} | | `resolution` | Displays alerts of the selected resolution status | Use `resolution:no-bandwidth` to show alerts previously parked due to lack of resources or time to fix them | | `repo` | Displays alerts based on the repository they relate to
Note that this filter is only available for security overview. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview) | Use `repo:octocat-repo` to show alerts in the repository called `octocat-repo` | | `scope` | Displays alerts based on the scope of the dependency they relate to | Use `scope:development` to show alerts for dependencies that are only used during development | | `severity` | Displays alerts based on their level of severity | Use `severity:high` to show alerts with a severity of High | +|{% ifversion dependabot-alerts-epss-score %}| +| `epss_percentage` | Displays alerts based on their EPSS-predicted probability of exploitation | Use `epss_percentage:>0.01` to see alerts with an EPSS percentage greater than 1% | +|{% endif %}| | `sort` | Displays alerts according to the selected sort order | The default sorting option for alerts is `sort:most-important`, which ranks alerts by importance
Use `sort:newest` to show the latest alerts reported by {% data variables.product.prodname_dependabot %}{% ifversion dependabot-alerts-epss-score %}
Use `sort:epss-percentage` to show alerts ordered by descending EPSS score.{% endif %} | {% ifversion dependabot-alerts-epss-score %} diff --git a/data/reusables/dependabot/dependabot-grouped-security-updates-how-enable.md b/data/reusables/dependabot/dependabot-grouped-security-updates-how-enable.md index bcc03cbd4c30..ba37a3883099 100644 --- a/data/reusables/dependabot/dependabot-grouped-security-updates-how-enable.md +++ b/data/reusables/dependabot/dependabot-grouped-security-updates-how-enable.md @@ -1,4 +1,4 @@ You can enable grouped pull requests for {% data variables.product.prodname_dependabot_security_updates %} in one, or both, of the following ways. -* To group as many available security updates together as possible, across directories and per ecosystem, enable grouping in the {% ifversion code-security-wording-only %}"Code security"{% else %}"Code security and analysis"{% endif %} settings for your repository{% ifversion pre-security-configurations %}or organization{% elsif security-configurations %}, or in "Global settings" under "Code security" for your organization{% endif %}. +* To group as many available security updates together as possible, across directories and per ecosystem, enable grouping in the "{% data variables.product.UI_advanced_security %}" settings for your repository{% ifversion pre-security-configurations %}or organization{% elsif security-configurations %}, or in "Global settings" under {% data variables.product.UI_advanced_security %} for your organization{% endif %}. * For more granular control of grouping, such as grouping by package name, development/production dependencies,{% ifversion dependabot-updates-multidirectory-support %} SemVer level, or across multiple directories per ecosystem{% else %} or SemVer level{% endif %}, add configuration options to the `dependabot.yml` configuration file in your repository. diff --git a/data/reusables/dependabot/dependabot-updates-and-actions.md b/data/reusables/dependabot/dependabot-updates-and-actions.md index f3fb2b9b9d70..f02f31d3e0f0 100644 --- a/data/reusables/dependabot/dependabot-updates-and-actions.md +++ b/data/reusables/dependabot/dependabot-updates-and-actions.md @@ -1,3 +1,3 @@ If you enable {% data variables.product.prodname_dependabot %} on a new repository and have {% data variables.product.prodname_actions %} enabled, {% data variables.product.prodname_dependabot %} will run on {% data variables.product.prodname_actions %} by default. -If you enable {% data variables.product.prodname_dependabot %} on a new repository and have {% data variables.product.prodname_actions %} disabled, {% data variables.product.prodname_dependabot %} will run on the legacy application in {% data variables.product.github %} to perform {% data variables.product.prodname_dependabot_updates %}. This doesn't provide as good performance, visibility, or control of {% data variables.product.prodname_dependabot_updates %} jobs as {% data variables.product.prodname_actions %} does. If you want to use {% data variables.product.prodname_dependabot %} with {% data variables.product.prodname_actions %}, you must ensure that your repository enables {% data variables.product.prodname_actions %}, then enable "{% data variables.product.prodname_dependabot %} on Actions runners" from the repository's {% ifversion code-security-wording-only %}"Code security"{% else %}"Code security and analysis"{% endif %} settings page. +If you enable {% data variables.product.prodname_dependabot %} on a new repository and have {% data variables.product.prodname_actions %} disabled, {% data variables.product.prodname_dependabot %} will run on the legacy application in {% data variables.product.github %} to perform {% data variables.product.prodname_dependabot_updates %}. This doesn't provide as good performance, visibility, or control of {% data variables.product.prodname_dependabot_updates %} jobs as {% data variables.product.prodname_actions %} does. If you want to use {% data variables.product.prodname_dependabot %} with {% data variables.product.prodname_actions %}, you must ensure that your repository enables {% data variables.product.prodname_actions %}, then enable "{% data variables.product.prodname_dependabot %} on Actions runners" from the repository's "{% data variables.product.UI_advanced_security %}" settings page. diff --git a/data/reusables/dependency-graph/sbom-intro.md b/data/reusables/dependency-graph/sbom-intro.md index c5c80e1b3a7b..85c73ddc7f1d 100644 --- a/data/reusables/dependency-graph/sbom-intro.md +++ b/data/reusables/dependency-graph/sbom-intro.md @@ -1,6 +1,8 @@ -An SBOM is a formal, machine-readable inventory of a project's dependencies and associated information (such as {% ifversion ghes %}versions and package identifiers{% else %}versions, package identifiers, licenses, and copyright information{% endif %}). SBOMs help reduced supply chain risks by: +An SBOM is a formal, machine-readable inventory of a project's dependencies and associated information (such as {% ifversion ghes %}versions and package identifiers{% else %}versions, package identifiers, licenses, transitive paths for package ecosystems with support for transitive dependency labeling, and copyright information{% endif %}). SBOMs help reduced supply chain risks by: * Providing transparency about the dependencies used by your repository * Allowing vulnerabilities to be identified early in the process * Providing insights in the license compliance, security, or quality issues that may exist in your codebase * Enabling you to better comply with various data protection standards + +{% ifversion transitive-dependency-labeling-npm %}For more information about the ecosystems supporting transitive dependency labeling, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#dependencies-view).{% endif %} diff --git a/data/reusables/dependency-graph/supported-package-ecosystems.md b/data/reusables/dependency-graph/supported-package-ecosystems.md index f509a5cdfae6..5aee52a30f1e 100644 --- a/data/reusables/dependency-graph/supported-package-ecosystems.md +++ b/data/reusables/dependency-graph/supported-package-ecosystems.md @@ -15,7 +15,8 @@ | Swift Package Manager | Swift | `Package.resolved` | `Package.resolved` | | Yarn | JavaScript | `yarn.lock` | `package.json`, `yarn.lock` | -> [!NOTE] +> [!NOTE]{% ifversion transitive-dependency-labeling-npm %} +> * For some package managers, such as npm, a label indicates whether the dependency is direct or transitive on the dependency graph view. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#dependencies-view).{% endif %} > * If you list your Python dependencies within a `setup.py` file, we may not be able to parse and list every dependency in your project. > * {% data variables.product.prodname_actions %} workflows must be located in the `.github/workflows/` directory of a repository to be recognized as manifests. Any actions or workflows referenced using the syntax `jobs[*].steps[*].uses` or `jobs..uses` will be parsed as dependencies. For more information, see [AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions). > * {% data reusables.dependabot.dependabot-alert-actions-semver %} For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts) and [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates). diff --git a/data/reusables/enterprise-accounts/advanced-security-tab.md b/data/reusables/enterprise-accounts/advanced-security-tab.md new file mode 100644 index 000000000000..c5c2a59b49d8 --- /dev/null +++ b/data/reusables/enterprise-accounts/advanced-security-tab.md @@ -0,0 +1 @@ +1. In the left sidebar, click **{% data variables.product.UI_advanced_security_ent %}**. diff --git a/data/reusables/enterprise-accounts/code-security-and-analysis-policies.md b/data/reusables/enterprise-accounts/code-security-and-analysis-policies.md index 6ec7082d4cf5..b61c2267ab6f 100644 --- a/data/reusables/enterprise-accounts/code-security-and-analysis-policies.md +++ b/data/reusables/enterprise-accounts/code-security-and-analysis-policies.md @@ -1 +1 @@ -1. Under {% octicon "law" aria-hidden="true" %} "Policies", click {% ifversion code-security-wording-only-enterprise %}**Code security**{% else %}**Code security and analysis**{% endif %}. +1. Under {% octicon "law" aria-hidden="true" %} "Policies", click **{% data variables.product.UI_advanced_security_ent %}**. diff --git a/data/reusables/repositories/navigate-to-code-security-and-analysis.md b/data/reusables/repositories/navigate-to-code-security-and-analysis.md index 0d59fc5b039b..cf61e30e7391 100644 --- a/data/reusables/repositories/navigate-to-code-security-and-analysis.md +++ b/data/reusables/repositories/navigate-to-code-security-and-analysis.md @@ -1 +1 @@ -1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} {% ifversion code-security-wording-only %}Code security{% else %}Code security and analysis{% endif %}**. +1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} {% data variables.product.UI_advanced_security %}**. diff --git a/data/reusables/repositories/navigate-to-ghas-settings.md b/data/reusables/repositories/navigate-to-ghas-settings.md index 32245b8a0ab7..87b0157828fa 100644 --- a/data/reusables/repositories/navigate-to-ghas-settings.md +++ b/data/reusables/repositories/navigate-to-ghas-settings.md @@ -1 +1 @@ -1. Under {% ifversion code-security-wording-only %}"Code security"{% else %}"Code security and analysis"{% endif %}, find "{% data variables.product.prodname_GH_advanced_security %}." +1. Under "{% data variables.product.UI_advanced_security %}", find "{% data variables.product.prodname_GH_advanced_security %}." diff --git a/data/reusables/secret-scanning/view-custom-pattern.md b/data/reusables/secret-scanning/view-custom-pattern.md index 35957abf6e75..11ad189617a5 100644 --- a/data/reusables/secret-scanning/view-custom-pattern.md +++ b/data/reusables/secret-scanning/view-custom-pattern.md @@ -1,3 +1,3 @@ 1. Navigate to where the custom pattern was created. A custom pattern can be created in a repository, organization, or enterprise account. * For a repository or organization, display the "Security & analysis" settings for the repository or organization where the custom pattern was created. For more information, see [Defining a custom pattern for a repository](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository) or [Defining a custom pattern for an organization](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization). - * For an enterprise, under "Policies" display the "Advanced Security" area, and then click **Security features**. For more information, see [Defining a custom pattern for an enterprise account](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account). + * For an enterprise, under "Policies" display the "{% data variables.product.UI_advanced_security_ent %}" area, and then click **Security features**. For more information, see [Defining a custom pattern for an enterprise account](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account). diff --git a/data/reusables/security-configurations/display-global-settings.md b/data/reusables/security-configurations/display-global-settings.md new file mode 100644 index 000000000000..e7157e4f8452 --- /dev/null +++ b/data/reusables/security-configurations/display-global-settings.md @@ -0,0 +1 @@ +1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} {% data variables.product.UI_advanced_security %}** then **Global settings**. diff --git a/data/reusables/security-configurations/view-configurations-page.md b/data/reusables/security-configurations/view-configurations-page.md index 400953e1632a..48562d252513 100644 --- a/data/reusables/security-configurations/view-configurations-page.md +++ b/data/reusables/security-configurations/view-configurations-page.md @@ -1 +1 @@ -1. In the "Security" section of the sidebar, select the **Code security** dropdown menu, then click **Configurations**. +1. In the "Security" section of the sidebar, select the **{% data variables.product.UI_advanced_security %}** dropdown menu, then click **Configurations**. diff --git a/data/reusables/user-settings/security-analysis.md b/data/reusables/user-settings/security-analysis.md index 768251f218bc..33d6a12b6f86 100644 --- a/data/reusables/user-settings/security-analysis.md +++ b/data/reusables/user-settings/security-analysis.md @@ -1 +1 @@ -1. In the "Security" section of the sidebar, click **{% octicon "shield-lock" aria-hidden="true" %} {% ifversion code-security-wording-only %}Code security{% else %}Code security and analysis{% endif %}**. +1. In the "Security" section of the sidebar, click **{% octicon "shield-lock" aria-hidden="true" %} {% data variables.product.UI_advanced_security %}**. diff --git a/data/variables/product.yml b/data/variables/product.yml index 8457c2f46fd4..aeb618045ce4 100644 --- a/data/variables/product.yml +++ b/data/variables/product.yml @@ -196,6 +196,8 @@ prodname_GH_cs_or_sp: '{% ifversion ghas-products %}GitHub Code Security or GitH prodname_AS: 'Advanced Security' prodname_code_security: '{% ifversion ghas-products %}Code Security{% else %}Advanced Security{% endif %}' prodname_secret_protection: '{% ifversion ghas-products %}Secret Protection{% else %}Advanced Security{% endif %}' +UI_advanced_security: '{% ifversion ghas-products %}{% data variables.product.prodname_AS %}{% elsif code-security-wording-only %}Code security{% else %}Code security and analysis{% endif %}' +UI_advanced_security_ent: '{% ifversion ghas-products %}{% data variables.product.prodname_AS %}{% elsif code-security-wording-only-enterprise %}Code security{% else %}Code security and analysis{% endif %}' ## OLD variables, DO NOT USE prodname_GH_advanced_security: 'GitHub Advanced Security'