From 9a34d4b0b402870e81ad969d133772d90adb3a87 Mon Sep 17 00:00:00 2001 From: Copilot <198982749+Copilot@users.noreply.github.com> Date: Tue, 31 Mar 2026 21:11:53 -0700 Subject: [PATCH 01/13] Add Copilot SDK authentication articles (#60121) Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: sunbrye <56200261+sunbrye@users.noreply.github.com> Co-authored-by: sunbrye Co-authored-by: Patrick Nikoletich Co-authored-by: Vanessa --- .../authenticate-copilot-sdk.md | 155 ++++++++ .../bring-your-own-key.md | 342 ++++++++++++++++++ .../authenticate-copilot-sdk/index.md | 11 + content/copilot/how-tos/copilot-sdk/index.md | 1 + .../observability/opentelemetry.md | 3 +- 5 files changed, 510 insertions(+), 2 deletions(-) create mode 100644 content/copilot/how-tos/copilot-sdk/authenticate-copilot-sdk/authenticate-copilot-sdk.md create mode 100644 content/copilot/how-tos/copilot-sdk/authenticate-copilot-sdk/bring-your-own-key.md create mode 100644 content/copilot/how-tos/copilot-sdk/authenticate-copilot-sdk/index.md diff --git a/content/copilot/how-tos/copilot-sdk/authenticate-copilot-sdk/authenticate-copilot-sdk.md b/content/copilot/how-tos/copilot-sdk/authenticate-copilot-sdk/authenticate-copilot-sdk.md new file mode 100644 index 000000000000..3fae0b36e71a --- /dev/null +++ b/content/copilot/how-tos/copilot-sdk/authenticate-copilot-sdk/authenticate-copilot-sdk.md @@ -0,0 +1,155 @@ +--- +title: Authenticating with Copilot SDK +shortTitle: Authenticate Copilot SDK +intro: 'Choose the authentication method in {% data variables.copilot.copilot_sdk %} that best fits your deployment scenario.' +product: '{% data reusables.gated-features.copilot-sdk %}' +versions: + feature: copilot +contentType: how-tos +category: + - Configure Copilot +--- + +{% data reusables.copilot.copilot-sdk.technical-preview-note %} + +## Authentication methods overview + +{% data variables.copilot.copilot_sdk %} supports multiple authentication methods to fit different use cases. + +| Method | Use case | {% data variables.product.prodname_copilot_short %} subscription required | +|--------|----------|-------------------------------| +| [GitHub signed-in user](#github-signed-in-user) | Interactive apps where users sign in with {% data variables.product.github %} | Yes | +| [OAuth {% data variables.product.github %} App](#oauth-github-app) | Apps acting on behalf of users via OAuth | Yes | +| [Environment variables](#environment-variables) | CI/CD, automation, server-to-server | Yes | +| [BYOK (bring your own key)](#byok-bring-your-own-key) | Using your own API keys (Azure AI Foundry, OpenAI, etc) | No | + +## GitHub signed-in user + +This is the default authentication method when running the {% data variables.copilot.copilot_cli %} interactively, see [AUTOTITLE](/copilot/how-tos/copilot-cli/set-up-copilot-cli/authenticate-copilot-cli). Users authenticate via the {% data variables.product.github %} OAuth device flow, and the SDK uses their stored credentials. + +**How it works:** +1. User runs the `copilot` CLI and signs in via {% data variables.product.github %} OAuth. +1. Credentials are stored securely in the system keychain. +1. The SDK automatically uses stored credentials. + +**SDK configuration:** + +```typescript +import { CopilotClient } from "@github/copilot-sdk"; + +// Default: uses signed-in user credentials +const client = new CopilotClient(); +``` + +For examples in other languages, see [Authentication](https://github.com/github/copilot-sdk/blob/main/docs/auth/index.md#github-signed-in-user) in the `github/copilot-sdk` repository. + +**When to use this method:** + +* Desktop applications where users interact directly +* Development and testing environments +* Any scenario where a user can sign in interactively + +## OAuth GitHub App + +Use an OAuth {% data variables.product.github %} App to authenticate users through your application and pass their credentials to the SDK. This lets your application make {% data variables.product.prodname_copilot %} API requests on behalf of users who authorize your app. + +**How it works:** +1. User authorizes your OAuth {% data variables.product.github %} App. +1. Your app receives a user access token (`gho_` or `ghu_` prefix). +1. Pass the token to the SDK via the `githubToken` option. + +**SDK configuration:** + +```typescript +import { CopilotClient } from "@github/copilot-sdk"; + +const client = new CopilotClient({ + githubToken: userAccessToken, // Token from OAuth flow + useLoggedInUser: false, // Don't use stored CLI credentials +}); +``` + +For examples in other languages, see [Authentication](https://github.com/github/copilot-sdk/blob/main/docs/auth/index.md#oauth-github-app) in the `github/copilot-sdk` repository. + +**Supported token types:** + +* `gho_` — OAuth user access tokens +* `ghu_` — {% data variables.product.github %} App user access tokens +* `github_pat_` — {% data variables.product.pat_v2_caps_plural %} + +**Not supported:** + +* `ghp_` — {% data variables.product.pat_v1_caps_plural %} (closing down) + +**When to use this method:** + +* Web applications where users sign in via {% data variables.product.github %} +* Software-as-a-service (SaaS) applications building on top of {% data variables.product.prodname_copilot %} +* Any multi-user application where you need to make requests on behalf of different users + +## Environment variables + +For automation, CI/CD pipelines, and server-to-server scenarios, you can authenticate using environment variables. + +**Supported environment variables (in priority order):** + +1. `COPILOT_GITHUB_TOKEN` — Recommended for explicit {% data variables.product.prodname_copilot_short %} usage +1. `GH_TOKEN` — {% data variables.product.prodname_cli %} compatible +1. `GITHUB_TOKEN` — {% data variables.product.prodname_actions %} compatible + +The SDK automatically detects and uses these environment variables without any code changes required: + +```typescript +import { CopilotClient } from "@github/copilot-sdk"; + +// Token is read from environment variable automatically +const client = new CopilotClient(); +``` + +**When to use this method:** + +* CI/CD pipelines ({% data variables.product.prodname_actions %}, Jenkins, etc) +* Automated testing +* Server-side applications with service accounts +* Development when you don't want to use interactive sign-in + +## BYOK (bring your own key) + +BYOK lets you use your own API keys from model providers like Azure AI Foundry, OpenAI, or Anthropic. This bypasses {% data variables.product.prodname_copilot %} authentication entirely. + +**Key benefits:** + +* No {% data variables.product.prodname_copilot %} subscription required +* Use enterprise model deployments +* Direct billing with your model provider +* Support for Azure AI Foundry, OpenAI, Anthropic, and OpenAI-compatible endpoints + +For complete setup instructions, including provider configuration options, limitations, and code examples, see [AUTOTITLE](/copilot/how-tos/copilot-sdk/authenticate-copilot-sdk/bring-your-own-key). + +## Authentication priority + +When multiple authentication methods are available, the SDK uses them in this priority order: + +1. **Explicit `githubToken`** — Token passed directly to the SDK constructor +1. **HMAC key** — `CAPI_HMAC_KEY` or `COPILOT_HMAC_KEY` environment variables +1. **Direct API token** — `GITHUB_COPILOT_API_TOKEN` with `COPILOT_API_URL` +1. **Environment variable tokens** — `COPILOT_GITHUB_TOKEN` → `GH_TOKEN` → `GITHUB_TOKEN` +1. **Stored OAuth credentials** — From previous `copilot` CLI sign-in +1. **{% data variables.product.prodname_cli %}** — `gh auth` credentials + +## Disabling auto sign-in + +To prevent the SDK from automatically using stored credentials or {% data variables.product.prodname_cli %} authentication, set the `useLoggedInUser` option to `false`: + +```typescript +const client = new CopilotClient({ + useLoggedInUser: false, // Only use explicit tokens +}); +``` + +For examples in other languages, see [Authentication](https://github.com/github/copilot-sdk/blob/main/docs/auth/index.md#disabling-auto-login) in the `github/copilot-sdk` repository. + +## Next steps + +* [AUTOTITLE](/copilot/how-tos/copilot-sdk/authenticate-copilot-sdk/bring-your-own-key) +* [MCP servers documentation](https://github.com/github/copilot-sdk/blob/main/docs/features/mcp.md)—Connect to external tools using the SDK diff --git a/content/copilot/how-tos/copilot-sdk/authenticate-copilot-sdk/bring-your-own-key.md b/content/copilot/how-tos/copilot-sdk/authenticate-copilot-sdk/bring-your-own-key.md new file mode 100644 index 000000000000..b73e11aecbf3 --- /dev/null +++ b/content/copilot/how-tos/copilot-sdk/authenticate-copilot-sdk/bring-your-own-key.md @@ -0,0 +1,342 @@ +--- +title: Bring your own key (BYOK) +shortTitle: Bring your own key (BYOK) +intro: Use {% data variables.copilot.copilot_sdk_short %} with your own API keys from different model providers, bypassing {% data variables.product.prodname_copilot %} authentication. +product: '{% data reusables.gated-features.copilot-sdk %}' +versions: + feature: copilot +contentType: how-tos +category: + - Configure Copilot +allowTitleToDifferFromFilename: true +--- + +{% data reusables.copilot.copilot-sdk.technical-preview-note %} + +Bring your own key (BYOK) allows you to use {% data variables.copilot.copilot_sdk_short %} with your own API keys from model providers, bypassing {% data variables.product.prodname_copilot %} authentication. This is useful for enterprise deployments, custom model hosting, or when you want direct billing with your model provider. + +## Supported providers + +| Provider | Type value | Notes | +|----------|------------|-------| +| OpenAI | `"openai"` | OpenAI API and OpenAI-compatible endpoints | +| Azure OpenAI / Azure AI Foundry | `"azure"` or `"openai"` | Azure-hosted models (see [Azure endpoint types](#azure-endpoint-type-confusion)) | +| Anthropic | `"anthropic"` | Claude models | +| Ollama | `"openai"` | Local models via OpenAI-compatible API | +| Microsoft Foundry Local | `"openai"` | Run AI models locally on your device via OpenAI-compatible API | +| Other OpenAI-compatible | `"openai"` | vLLM, LiteLLM, and similar | + +## Quick start: Azure AI Foundry + +Azure AI Foundry (formerly Azure OpenAI) is a common BYOK deployment target for enterprises. The following example shows a complete Node.js/TypeScript setup: + +1. Create a session with your Azure AI Foundry endpoint and API key: + + ```typescript copy + import { CopilotClient } from "@github/copilot-sdk"; + + const client = new CopilotClient(); + const session = await client.createSession({ + model: "YOUR-DEPLOYMENT-NAME", + provider: { + type: "openai", + baseUrl: "https://YOUR-RESOURCE.openai.azure.com/openai/v1/", + wireApi: "responses", // Use "completions" for older models + apiKey: process.env.FOUNDRY_API_KEY, + }, + }); + + session.on("assistant.message", (event) => { + console.log(event.data.content); + }); + + await session.sendAndWait({ prompt: "What is 2+2?" }); + await client.stop(); + ``` + +Replace `YOUR-RESOURCE` with your Azure resource name and `YOUR-DEPLOYMENT-NAME` with your model deployment name. Set the `FOUNDRY_API_KEY` environment variable to your Azure API key. + +For examples in Python, Go, and .NET, see [BYOK](https://github.com/github/copilot-sdk/blob/main/docs/auth/byok.md) in the `github/copilot-sdk` repository. + +## Provider configuration reference + +### ProviderConfig fields + +| Field | Type | Description | +|-------|------|-------------| +| `type` | `"openai"` \| `"azure"` \| `"anthropic"` | Provider type. Defaults to `"openai"`. | +| `baseUrl` | string | **Required.** API endpoint URL. | +| `apiKey` | string | API key. Optional for local providers like Ollama. | +| `bearerToken` | string | Bearer token authentication. Takes precedence over `apiKey`. | +| `wireApi` | `"completions"` \| `"responses"` | API format. Defaults to `"completions"`. | +| `azure.apiVersion` | string | Azure API version. Defaults to `"2024-10-21"`. | + +### Wire API format + +The `wireApi` setting determines which OpenAI API format to use: + +* **`"completions"`** (default): Chat Completions API (`/chat/completions`). Use for most models. +* **`"responses"`**: Responses API. Use for GPT-5 series models that support the newer responses format. + +### Type-specific notes + +**OpenAI (`type: "openai"`)** +* Works with OpenAI API and any OpenAI-compatible endpoint. +* `baseUrl` should include the full path, for example, `https://api.openai.com/v1`. + +**Azure (`type: "azure"`)** +* Use for native Azure OpenAI endpoints. +* `baseUrl` should be just the host, for example, `https://YOUR-RESOURCE.openai.azure.com`. +* Do not include `/openai/v1` in the URL—the SDK handles path construction. + +**Anthropic (`type: "anthropic"`)** +* For direct Anthropic API access. +* Uses Claude-specific API format. + +## Example configurations + +### OpenAI direct + +```typescript copy +provider: { + type: "openai", + baseUrl: "https://api.openai.com/v1", + apiKey: process.env.OPENAI_API_KEY, +} +``` + +### Azure OpenAI (native Azure endpoint) + +Use `type: "azure"` for endpoints at `*.openai.azure.com`: + +```typescript copy +provider: { + type: "azure", + baseUrl: "https://YOUR-RESOURCE.openai.azure.com", // Just the host + apiKey: process.env.AZURE_OPENAI_KEY, + azure: { + apiVersion: "2024-10-21", + }, +} +``` + +Replace `YOUR-RESOURCE` with your Azure resource name. + +### Azure AI Foundry (OpenAI-compatible endpoint) + +For Azure AI Foundry deployments with `/openai/v1/` endpoints, use `type: "openai"`: + +```typescript copy +provider: { + type: "openai", + baseUrl: "https://YOUR-RESOURCE.openai.azure.com/openai/v1/", + apiKey: process.env.FOUNDRY_API_KEY, + wireApi: "responses", // For GPT-5 series models +} +``` + +### Ollama (local) + +```typescript copy +provider: { + type: "openai", + baseUrl: "http://localhost:11434/v1", + // No apiKey needed for local Ollama +} +``` + +### Microsoft Foundry Local + +[Microsoft Foundry Local](https://foundrylocal.ai) lets you run AI models locally with an OpenAI-compatible API. Install it via the Foundry Local CLI, then point the SDK at your local endpoint: + +```typescript copy +provider: { + type: "openai", + baseUrl: "http://localhost:YOUR-PORT/v1", + // No apiKey needed for local Foundry Local +} +``` + +> [!NOTE] +> Foundry Local starts on a dynamic port that is not fixed. Run `foundry service status` to confirm the port the service is currently listening on, then use that port in your `baseUrl`. + +To get started with Foundry Local: + +```bash copy +# Windows: Install Foundry Local CLI (requires winget) +winget install Microsoft.FoundryLocal + +# List available models +foundry model list + +# Run a model (starts the local server automatically) +foundry model run phi-4-mini + +# Check the port the service is running on +foundry service status +``` + +For macOS/Linux installation, see [foundrylocal.ai](https://foundrylocal.ai). + +### Anthropic + +```typescript copy +provider: { + type: "anthropic", + baseUrl: "https://api.anthropic.com", + apiKey: process.env.ANTHROPIC_API_KEY, +} +``` + +### Bearer token authentication + +Some providers require bearer token authentication instead of API keys: + +```typescript copy +provider: { + type: "openai", + baseUrl: "https://YOUR-CUSTOM-ENDPOINT.example.com/v1", + bearerToken: process.env.MY_BEARER_TOKEN, // Sets Authorization header +} +``` + +> [!NOTE] +> The `bearerToken` option accepts a static token string only. The SDK does not refresh this token automatically. If your token expires, requests will fail and you'll need to create a new session with a fresh token. + +## Custom model listing + +When using BYOK, the CLI server may not know which models your provider supports. You can supply a custom `onListModels` handler at the client level so that `client.listModels()` returns your provider's models in the standard `ModelInfo` format: + +```typescript copy +import { CopilotClient } from "@github/copilot-sdk"; +import type { ModelInfo } from "@github/copilot-sdk"; + +const client = new CopilotClient({ + onListModels: () => [ + { + id: "my-custom-model", + name: "My Custom Model", + capabilities: { + supports: { vision: false, reasoningEffort: false }, + limits: { max_context_window_tokens: 128000 }, + }, + }, + ], +}); +``` + +Results are cached after the first call. The handler completely replaces the CLI's `models.list` RPC—no fallback to the server occurs. + +For examples in Python, Go, and .NET, see [BYOK](https://github.com/github/copilot-sdk/blob/main/docs/auth/byok.md) in the `github/copilot-sdk` repository. + +## Limitations + +### Identity limitations + +BYOK authentication uses static credentials only. The following identity providers are not supported: + +* Microsoft Entra ID (Azure AD)—no support for Entra managed identities or service principals. +* Third-party identity providers—no OIDC, SAML, or other federated identity. +* Managed identities—Azure Managed Identity is not supported. + +You must use an API key or static bearer token that you manage yourself. + +> [!NOTE] +> While Entra ID does issue bearer tokens, these tokens are short-lived (typically one hour) and require automatic refresh via the Azure Identity SDK. The `bearerToken` option only accepts a static string—there is no callback mechanism for the SDK to request fresh tokens. For long-running workloads requiring Entra authentication, you would need to implement your own token refresh logic and create new sessions with updated tokens. + +### Feature limitations + +Some {% data variables.product.prodname_copilot_short %} features may behave differently with BYOK: + +* **Model availability**: Only models supported by your provider are available. +* **Rate limiting**: Subject to your provider's rate limits, not {% data variables.product.prodname_copilot_short %}'s. +* **Usage tracking**: Usage is tracked by your provider, not {% data variables.product.github %}. +* **Premium requests**: Do not count against {% data variables.product.prodname_copilot_short %} premium request quotas. + +### Provider-specific limitations + +| Provider | Limitations | +|----------|-------------| +| Azure AI Foundry | No Entra ID auth; must use API keys. | +| Ollama | No API key; local only; model support varies. | +| Microsoft Foundry Local | Local only; model availability depends on device hardware; no API key required. | +| OpenAI | Subject to OpenAI rate limits and quotas. | + +## Troubleshooting + +### "Model not specified" error + +When using BYOK, the `model` parameter is required: + +```typescript +// Error: model required with custom provider +const session = await client.createSession({ + provider: { type: "openai", baseUrl: "..." }, +}); + +// Correct: model specified +const session = await client.createSession({ + model: "gpt-4", + provider: { type: "openai", baseUrl: "..." }, +}); +``` + +### Azure endpoint type confusion + +For Azure OpenAI endpoints (`*.openai.azure.com`), make sure you use the correct provider type: + +```typescript +// Wrong: using "openai" type with native Azure endpoint +provider: { + type: "openai", + baseUrl: "https://YOUR-RESOURCE.openai.azure.com", +} + +// Correct: using "azure" type +provider: { + type: "azure", + baseUrl: "https://YOUR-RESOURCE.openai.azure.com", +} +``` + +If your Azure AI Foundry deployment provides an OpenAI-compatible endpoint path (for example, `/openai/v1/`), use `type: "openai"` instead: + +```typescript +// Correct: OpenAI-compatible Azure AI Foundry endpoint +provider: { + type: "openai", + baseUrl: "https://YOUR-RESOURCE.openai.azure.com/openai/v1/", +} +``` + +### Connection refused (Ollama) + +Ensure Ollama is running and accessible: + +```bash copy +# Check Ollama is running +curl http://localhost:11434/v1/models + +# Start Ollama if not running +ollama serve +``` + +### Connection refused (Foundry Local) + +Foundry Local uses a dynamic port that may change between restarts. Confirm the active port: + +```bash copy +foundry service status +``` + +Update your `baseUrl` to match the port shown in the output. If the service is not running, start a model to launch it: + +```bash copy +foundry model run phi-4-mini +``` + +### Authentication failed + +1. Verify your API key is correct and not expired. +1. Check that the `baseUrl` matches your provider's expected format. +1. For bearer tokens, ensure the full token is provided, not just a prefix. diff --git a/content/copilot/how-tos/copilot-sdk/authenticate-copilot-sdk/index.md b/content/copilot/how-tos/copilot-sdk/authenticate-copilot-sdk/index.md new file mode 100644 index 000000000000..61b9e6c428d2 --- /dev/null +++ b/content/copilot/how-tos/copilot-sdk/authenticate-copilot-sdk/index.md @@ -0,0 +1,11 @@ +--- +title: Authenticating with the Copilot SDK +shortTitle: Authentication +intro: 'Choose the authentication method that best fits your deployment scenario for {% data variables.copilot.copilot_sdk %}.' +versions: + feature: copilot +children: + - /authenticate-copilot-sdk + - /bring-your-own-key +contentType: how-tos +--- diff --git a/content/copilot/how-tos/copilot-sdk/index.md b/content/copilot/how-tos/copilot-sdk/index.md index bdc39d7332fa..ed2b37f992f0 100644 --- a/content/copilot/how-tos/copilot-sdk/index.md +++ b/content/copilot/how-tos/copilot-sdk/index.md @@ -6,6 +6,7 @@ versions: feature: copilot children: - /sdk-getting-started + - /authenticate-copilot-sdk - /use-copilot-sdk - /use-hooks - /observability diff --git a/content/copilot/how-tos/copilot-sdk/observability/opentelemetry.md b/content/copilot/how-tos/copilot-sdk/observability/opentelemetry.md index d4ec3c9a9c50..ae63fb4aa904 100644 --- a/content/copilot/how-tos/copilot-sdk/observability/opentelemetry.md +++ b/content/copilot/how-tos/copilot-sdk/observability/opentelemetry.md @@ -10,8 +10,7 @@ category: - Author and optimize with Copilot --- -> [!NOTE] -> {% data variables.copilot.copilot_sdk_short %} is currently in {% data variables.release-phases.technical_preview %}. Functionality and availability are subject to change. +{% data reusables.copilot.copilot-sdk.technical-preview-note %} {% data variables.copilot.copilot_sdk %} has built-in support for configuring OpenTelemetry on the CLI process and propagating W3C Trace Context between the SDK and CLI. From 5de5b74532a74468da0e55258c44785384d4cf8c Mon Sep 17 00:00:00 2001 From: Brendan Scott-Smith <117171930+bss-mc@users.noreply.github.com> Date: Wed, 1 Apr 2026 14:55:10 +0900 Subject: [PATCH 02/13] Add that some names are reserved with ghe.com (#60585) Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- ...erview-for-github-enterprise-cloud-with-data-residency.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/content/admin/data-residency/feature-overview-for-github-enterprise-cloud-with-data-residency.md b/content/admin/data-residency/feature-overview-for-github-enterprise-cloud-with-data-residency.md index 7819f0f2fa4d..2fc8f44cf811 100644 --- a/content/admin/data-residency/feature-overview-for-github-enterprise-cloud-with-data-residency.md +++ b/content/admin/data-residency/feature-overview-for-github-enterprise-cloud-with-data-residency.md @@ -47,6 +47,7 @@ The following features are either specific to {% data variables.enterprise.data_ * [API access](#api-access) * [URL differences](#url-differences) +* [Organization names and usernames](#organization-names-and-usernames) * [{% data variables.product.prodname_actions %} workflows from {% data variables.product.prodname_marketplace %}](#github-actions-workflows-from-github-marketplace) * [Retirement of namespaces for actions accessed on {% data variables.product.prodname_dotcom_the_website %}](#retirement-of-namespaces-for-actions-accessed-on-githubcom) * [GitHub Connect](#github-connect) @@ -75,6 +76,10 @@ The following examples are not exhaustive. {% endrowheaders %} +### Organization names and usernames + +{% data variables.enterprise.data_residency_site %} reserves certain usernames and organization names for internal use. If you try to create a user or organization with one of these names, you'll get an error stating the name is unavailable. + ### {% data variables.product.prodname_actions %} workflows from {% data variables.product.prodname_marketplace %} {% data variables.product.prodname_actions %} workflows from the {% data variables.product.prodname_marketplace %} may not work as users expect. From 40eecfba74fb0ae5df9b533a217751a723ec676f Mon Sep 17 00:00:00 2001 From: docs-bot <77750099+docs-bot@users.noreply.github.com> Date: Tue, 31 Mar 2026 22:56:33 -0700 Subject: [PATCH 03/13] Sync secret scanning data (#60564) Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- .../data/pattern-docs/fpt/public-docs.yml | 12 ++++++------ .../data/pattern-docs/ghec/public-docs.yml | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/src/secret-scanning/data/pattern-docs/fpt/public-docs.yml b/src/secret-scanning/data/pattern-docs/fpt/public-docs.yml index 183fabf78941..dea0b0e8dec3 100644 --- a/src/secret-scanning/data/pattern-docs/fpt/public-docs.yml +++ b/src/secret-scanning/data/pattern-docs/fpt/public-docs.yml @@ -2057,7 +2057,7 @@ secretType: figma_scim_token isPublic: true isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false hasExtendedMetadata: false base64Supported: false @@ -2281,7 +2281,7 @@ secretType: google_gcp_api_key_bound_service_account isPublic: true isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false hasExtendedMetadata: false base64Supported: false @@ -2721,7 +2721,7 @@ secretType: langsmith_license_key isPublic: false isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false hasExtendedMetadata: false base64Supported: false @@ -2731,7 +2731,7 @@ secretType: langsmith_scim_bearer_token isPublic: false isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false hasExtendedMetadata: false base64Supported: false @@ -3441,7 +3441,7 @@ secretType: openvsx_access_token isPublic: false isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false hasExtendedMetadata: false base64Supported: false @@ -3791,7 +3791,7 @@ secretType: posthog_personal_api_key isPublic: true isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false hasExtendedMetadata: false base64Supported: false diff --git a/src/secret-scanning/data/pattern-docs/ghec/public-docs.yml b/src/secret-scanning/data/pattern-docs/ghec/public-docs.yml index 183fabf78941..dea0b0e8dec3 100644 --- a/src/secret-scanning/data/pattern-docs/ghec/public-docs.yml +++ b/src/secret-scanning/data/pattern-docs/ghec/public-docs.yml @@ -2057,7 +2057,7 @@ secretType: figma_scim_token isPublic: true isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false hasExtendedMetadata: false base64Supported: false @@ -2281,7 +2281,7 @@ secretType: google_gcp_api_key_bound_service_account isPublic: true isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false hasExtendedMetadata: false base64Supported: false @@ -2721,7 +2721,7 @@ secretType: langsmith_license_key isPublic: false isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false hasExtendedMetadata: false base64Supported: false @@ -2731,7 +2731,7 @@ secretType: langsmith_scim_bearer_token isPublic: false isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false hasExtendedMetadata: false base64Supported: false @@ -3441,7 +3441,7 @@ secretType: openvsx_access_token isPublic: false isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false hasExtendedMetadata: false base64Supported: false @@ -3791,7 +3791,7 @@ secretType: posthog_personal_api_key isPublic: true isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false hasExtendedMetadata: false base64Supported: false From dc2471b6306e06e27ae2a274ee11cc02c9036eb6 Mon Sep 17 00:00:00 2001 From: Brendan Scott-Smith <117171930+bss-mc@users.noreply.github.com> Date: Wed, 1 Apr 2026 15:34:31 +0900 Subject: [PATCH 04/13] Update disabling EMU authentication document (#60584) Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- ...entication-and-provisioning-for-enterprise-managed-users.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/disabling-authentication-and-provisioning-for-enterprise-managed-users.md b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/disabling-authentication-and-provisioning-for-enterprise-managed-users.md index 6eec6fa24a58..de08eddc059e 100644 --- a/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/disabling-authentication-and-provisioning-for-enterprise-managed-users.md +++ b/content/admin/managing-iam/configuring-authentication-for-enterprise-managed-users/disabling-authentication-and-provisioning-for-enterprise-managed-users.md @@ -27,7 +27,8 @@ After you disable SAML or OIDC authentication for your enterprise, the following If you later reconfigure authentication for the enterprise, external groups must be reprovisioned via SCIM, and {% data variables.enterprise.prodname_managed_users %} must be reprovisioned before users can sign in. > [!NOTE] -> When a {% data variables.enterprise.prodname_managed_user %} is suspended, the user's avatar is permanently deleted. If you reprovision the user, the user will need to reupload their avatar. +> * The authentication disabling process can require substantial time to complete for enterprises with a large number of members. +> * Avatar data for {% data variables.enterprise.prodname_managed_users %} is permanently removed upon suspension. Reprovisioned users will need to reupload their avatar. If you want to migrate to a new identity provider (IdP) or tenant rather than disabling authentication entirely, see [AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/migrating-your-enterprise-to-a-new-identity-provider-or-tenant). From 494809cc637242793f8bb204717de122ba85f718 Mon Sep 17 00:00:00 2001 From: Thom Wong <101249231+supergranular@users.noreply.github.com> Date: Wed, 1 Apr 2026 09:24:36 +0200 Subject: [PATCH 05/13] WIP look at replacing "procedural" with "how-to" (#59790) Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: Melanie Yarbrough <11952755+myarb@users.noreply.github.com> Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .../how-to-content-type.md | 48 +++++++++++++++++++ .../style-guide-and-content-model/index.md | 2 +- .../procedural-content-type.md | 39 --------------- 3 files changed, 49 insertions(+), 40 deletions(-) create mode 100644 content/contributing/style-guide-and-content-model/how-to-content-type.md delete mode 100644 content/contributing/style-guide-and-content-model/procedural-content-type.md diff --git a/content/contributing/style-guide-and-content-model/how-to-content-type.md b/content/contributing/style-guide-and-content-model/how-to-content-type.md new file mode 100644 index 000000000000..722ad951f5b7 --- /dev/null +++ b/content/contributing/style-guide-and-content-model/how-to-content-type.md @@ -0,0 +1,48 @@ +--- +title: How-to content type +intro: Explain how to complete a task using {% data variables.product.github %} products and features. +versions: + fpt: '*' + ghec: '*' + ghes: '*' +category: + - Follow the style guide and content model +allowTitleToDifferFromFilename: true +redirect_from: + - /contributing/style-guide-and-content-model/procedural-content-type +--- + +How-tos contain numbered steps that describe how to use {% data variables.product.prodname_dotcom %} products to accomplish a task. Generally, they are necessary to get the most from using {% data variables.product.prodname_dotcom %}. + +How-to articles focus on the minimum essential steps for completing a task. They may link to other content types as prerequisites (especially concepts or reference) or next steps (especially tutorials). In keeping with our linking strategy, these should be used only when explicitly useful and necessary. + +Generally including 1-2 brief introductory sentences before the steps is fine. If more explanation beyond a couple of sentences is needed, consider adding the information instead as a conceptual article. + +Troubleshooting is its own content type, but how-to articles can include short troubleshooting sections where this helps people complete the task. + +## Titles for how-to articles + +How-to article titles and sections within articles are task-based and begin with a gerund. +* Use: "Applying for a student developer pack" +Use active and specific verbs (brainstorm or use a thesaurus when needed). +Titles specifically describe the task contained within the article or header, but are general enough to reflect all of the content. + +How-to article short titles use short, non-gerund verb phrases. Short titles appear in the sidebar navigation. +* Use: “Manage your plan” or “Create issues with Copilot” + +## How-to considerations + +For the how-to content template, see [AUTOTITLE](/contributing/writing-for-github-docs/templates#procedural-article-template). + +* Follow the style guidelines for procedural steps in [AUTOTITLE](/contributing/style-guide-and-content-model/style-guide#procedural-steps). +* How-to content can get repetitive––look for opportunities to group related content into a single longer article. + * Group multiple related how-tos into a single article unless there's a compelling reason not to. + * If disabling a setting or undoing a task requires the same steps and has no special implications, do not write a separate how-to. + * If disabling a setting or undoing a task requires different steps or has important or special implications, create a longer article to contain both how-tos. +* Always include the intended outcome of the how-to (generally this will be the title). +* Include troubleshooting tips in known pain points. + +## Examples of how-to content + +{% ifversion fpt or ghec %}* [AUTOTITLE](/copilot/how-tos/provide-context/use-copilot-spaces/create-copilot-spaces){% endif %} +* [AUTOTITLE](/actions/using-workflows/using-starter-workflows) diff --git a/content/contributing/style-guide-and-content-model/index.md b/content/contributing/style-guide-and-content-model/index.md index 0e422c886e96..0eb48b6eee14 100644 --- a/content/contributing/style-guide-and-content-model/index.md +++ b/content/contributing/style-guide-and-content-model/index.md @@ -11,7 +11,7 @@ children: - /contents-of-a-github-docs-article - /conceptual-content-type - /referential-content-type - - /procedural-content-type + - /how-to-content-type - /troubleshooting-content-type - /release-note-content-type - /quickstart-content-type diff --git a/content/contributing/style-guide-and-content-model/procedural-content-type.md b/content/contributing/style-guide-and-content-model/procedural-content-type.md deleted file mode 100644 index 0d0e44221db1..000000000000 --- a/content/contributing/style-guide-and-content-model/procedural-content-type.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: Procedural content type -intro: Procedural content gives context on how a task fits into someone's larger goal. -versions: - fpt: '*' - ghec: '*' - ghes: '*' -category: - - Follow the style guide and content model ---- - -Procedural content helps people complete a task from start to finish while they are using {% data variables.product.prodname_dotcom %}. - -We create procedural articles and procedural sections within larger articles. - -## How to write procedural articles - -For the procedural content template, see [AUTOTITLE](/contributing/writing-for-github-docs/templates#procedural-article-template). - -* Follow the style guidelines for procedural steps in [AUTOTITLE](/contributing/style-guide-and-content-model/style-guide#procedural-steps). -* Procedural content can get repetitive––look for opportunities to group related content into a single longer article. - * Group multiple related procedures into a single article unless there's a reason not to. - * If disabling a setting or undoing a task requires the same steps and has no special implications, do not write a separate procedure. - * If disabling a setting or undoing a task requires different steps or has important or special implications, create a longer article to contain both procedures. Use an agnostic title. -* Tell readers the expected outcome of the procedure. -* Include troubleshooting tips as frequently as possible. - -## Titles for procedural content - -* Procedural articles or procedural sections within articles are task-based and begin with a gerund. - * Use: "Applying for a student developer pack" -* Use active and specific verbs (brainstorm or use a thesaurus when needed). -* Titles specifically describe the task contained within the article or header, but are general enough to reflect all of the content. -* Article title length: maximum 80 characters, 60 if possible. - -## Examples of procedural content - -* [AUTOTITLE](/enterprise-cloud@latest/admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise) -* [AUTOTITLE](/actions/using-workflows/using-starter-workflows) From 6acea5bebf1534236ce009f79bb0f4ed834fc44a Mon Sep 17 00:00:00 2001 From: docs-bot <77750099+docs-bot@users.noreply.github.com> Date: Wed, 1 Apr 2026 01:16:52 -0700 Subject: [PATCH 06/13] GraphQL schema update (#60565) Co-authored-by: github-merge-queue <118344674+github-merge-queue@users.noreply.github.com> --- src/graphql/data/fpt/changelog.json | 13 +++++++++++++ src/graphql/data/fpt/schema.docs.graphql | 5 +++++ src/graphql/data/fpt/schema.json | 8 ++++++++ src/graphql/data/ghec/schema.docs.graphql | 5 +++++ src/graphql/data/ghec/schema.json | 8 ++++++++ 5 files changed, 39 insertions(+) diff --git a/src/graphql/data/fpt/changelog.json b/src/graphql/data/fpt/changelog.json index 6c904563e578..0acf8a3887ab 100644 --- a/src/graphql/data/fpt/changelog.json +++ b/src/graphql/data/fpt/changelog.json @@ -1,4 +1,17 @@ [ + { + "schemaChanges": [ + { + "title": "The GraphQL schema includes these changes:", + "changes": [ + "

Field value was added to object type IssueFieldSingleSelectValue

" + ] + } + ], + "previewChanges": [], + "upcomingChanges": [], + "date": "2026-03-31" + }, { "schemaChanges": [ { diff --git a/src/graphql/data/fpt/schema.docs.graphql b/src/graphql/data/fpt/schema.docs.graphql index 3174578914ad..58783f9d0e27 100644 --- a/src/graphql/data/fpt/schema.docs.graphql +++ b/src/graphql/data/fpt/schema.docs.graphql @@ -21047,6 +21047,11 @@ type IssueFieldSingleSelectValue implements IssueFieldValueCommon & Node { The selected option's global relay ID. """ optionId: String + + """ + The option's name text (alias for `name`, for consistency with other field value types). + """ + value: String! } """ diff --git a/src/graphql/data/fpt/schema.json b/src/graphql/data/fpt/schema.json index 32bfab79acc6..a3091e632e60 100644 --- a/src/graphql/data/fpt/schema.json +++ b/src/graphql/data/fpt/schema.json @@ -32863,6 +32863,14 @@ "id": "string", "kind": "scalars", "href": "/graphql/reference/scalars#string" + }, + { + "name": "value", + "description": "

The option's name text (alias for name, for consistency with other field value types).

", + "type": "String!", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" } ] }, diff --git a/src/graphql/data/ghec/schema.docs.graphql b/src/graphql/data/ghec/schema.docs.graphql index 3174578914ad..58783f9d0e27 100644 --- a/src/graphql/data/ghec/schema.docs.graphql +++ b/src/graphql/data/ghec/schema.docs.graphql @@ -21047,6 +21047,11 @@ type IssueFieldSingleSelectValue implements IssueFieldValueCommon & Node { The selected option's global relay ID. """ optionId: String + + """ + The option's name text (alias for `name`, for consistency with other field value types). + """ + value: String! } """ diff --git a/src/graphql/data/ghec/schema.json b/src/graphql/data/ghec/schema.json index 32bfab79acc6..a3091e632e60 100644 --- a/src/graphql/data/ghec/schema.json +++ b/src/graphql/data/ghec/schema.json @@ -32863,6 +32863,14 @@ "id": "string", "kind": "scalars", "href": "/graphql/reference/scalars#string" + }, + { + "name": "value", + "description": "

The option's name text (alias for name, for consistency with other field value types).

", + "type": "String!", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" } ] }, From 30a4f09fafc34e771f5bb48116d1dcfa04d3270b Mon Sep 17 00:00:00 2001 From: Stephanie Lincoln <86328983+slincoln75@users.noreply.github.com> Date: Wed, 1 Apr 2026 01:27:24 -0700 Subject: [PATCH 07/13] Remove Software Underground from fiscal host list (#60569) Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- .../using-a-fiscal-host-to-receive-github-sponsors-payouts.md | 1 - 1 file changed, 1 deletion(-) diff --git a/content/sponsors/receiving-sponsorships-through-github-sponsors/using-a-fiscal-host-to-receive-github-sponsors-payouts.md b/content/sponsors/receiving-sponsorships-through-github-sponsors/using-a-fiscal-host-to-receive-github-sponsors-payouts.md index 3007268aa3d4..a77f91bbb1e0 100644 --- a/content/sponsors/receiving-sponsorships-through-github-sponsors/using-a-fiscal-host-to-receive-github-sponsors-payouts.md +++ b/content/sponsors/receiving-sponsorships-through-github-sponsors/using-a-fiscal-host-to-receive-github-sponsors-payouts.md @@ -25,7 +25,6 @@ When you sign up for a {% data variables.product.prodname_sponsors %} profile so * [Python Software Foundation](https://www.python.org/psf-landing/) * [Radiant Earth](https://radiant.earth/) * [Software in the Public Interest](https://www.spi-inc.org/) -* [Software Underground](https://softwareunderground.org/) ## Choosing to use a fiscal host From f484701e9f11fc5d758a2f1763681f2a6e641025 Mon Sep 17 00:00:00 2001 From: Sam Browning <106113886+sabrowning1@users.noreply.github.com> Date: Wed, 1 Apr 2026 08:50:50 -0400 Subject: [PATCH 08/13] Add a reference article with agent session filters (#60546) --- .../manage-agents/monitor-agentic-activity.md | 8 +------ .../reference/agent-session-filters.md | 22 +++++++++++++++++++ content/copilot/reference/index.md | 1 + 3 files changed, 24 insertions(+), 7 deletions(-) create mode 100644 content/copilot/reference/agent-session-filters.md diff --git a/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/monitor-agentic-activity.md b/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/monitor-agentic-activity.md index 9ac7ab7979ae..a03d8e0bbf2a 100644 --- a/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/monitor-agentic-activity.md +++ b/content/copilot/how-tos/administer-copilot/manage-for-enterprise/manage-agents/monitor-agentic-activity.md @@ -15,13 +15,7 @@ category: {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.ai-controls-tab %} 1. Towards the top of the page, in the "Agent sessions" section, you will see the three most recent agent sessions in your enterprise. To view all agent sessions from the last 24 hours, click **View all**. -1. To filter agent sessions, click the search bar at the top of the list, then press Space. From the dropdown menu that appears, select your filter criteria. The following filters are available: - - * **Agent**: Filter sessions by the agent used, including third-party coding agents and {% data variables.copilot.copilot_coding_agent %}. - * **Organization**: Filter sessions by the organization in which the session took place. - * **Status**: Filter sessions by their current status, such as queued, in progress, completed, failed, idle waiting for user, timed out, or cancelled. - * **Repository**: Filter sessions by the repository in which the session took place. - * **User**: Filter sessions by the user who initiated the session. +1. To filter agent sessions, click the search bar at the top of the list, then press Space. From the dropdown menu that appears, select your filter criteria. For a list of available filters, see [AUTOTITLE](/copilot/reference/agent-session-filters). ## Tracking agentic activity in your enterprise through the audit log diff --git a/content/copilot/reference/agent-session-filters.md b/content/copilot/reference/agent-session-filters.md new file mode 100644 index 000000000000..ad46a7e06eed --- /dev/null +++ b/content/copilot/reference/agent-session-filters.md @@ -0,0 +1,22 @@ +--- +title: Available filters for agent sessions +shortTitle: Agent session filters +intro: 'Search agentic activity in your enterprise with filters for agent sessions.' +permissions: Enterprise owners +versions: + feature: copilot +contentType: reference +category: + - Track Copilot usage +--- + +The following filters are available for the "Agent sessions" view in your enterprise's AI Controls: + +| Filter | Description | Example value | +| --- | --- | --- | +| `agent` | Displays activity from a specific agent. | `agent:copilot-coding-agent` | +| `organization` | Displays activity within a specific organization. | `organization:octocat-org` | +| `repository` | Displays activity within a specific repository. | `repository:octocat-repo` | +| `status` | Displays agent sessions with a specific status. | `status:in_progress` | +| `timeframe` | Displays agent sessions that started within a specific timeframe. | `timeframe:7d` | +| `user` | Displays agent activity initiated by a specific user. | `user:octocat` | diff --git a/content/copilot/reference/index.md b/content/copilot/reference/index.md index e456fb0c7a7c..23c0dd821150 100644 --- a/content/copilot/reference/index.md +++ b/content/copilot/reference/index.md @@ -20,6 +20,7 @@ children: - /metrics-data - /copilot-billing - /agentic-audit-log-events + - /agent-session-filters - /review-excluded-files - /copilot-usage-metrics contentType: reference From d693808c140dc9840c955330149c3b6ba2e04a17 Mon Sep 17 00:00:00 2001 From: Laura Coursen Date: Wed, 1 Apr 2026 07:51:06 -0500 Subject: [PATCH 09/13] Remove GitHub Actions content from enterprise onboarding docset (#60216) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .../get-started/understand-github-actions.md | 2 + .../about-github-actions-for-enterprises.md | 1 + ...hub-actions-for-github-enterprise-cloud.md | 1 + .../index.md | 1 + ...ucing-github-actions-to-your-enterprise.md | 3 + ...ating-your-enterprise-to-github-actions.md | 1 + .../about-github-actions-for-enterprises.md | 35 ------ .../actions-components.md | 66 ----------- ...hub-actions-for-github-enterprise-cloud.md | 29 ----- .../index.md | 14 --- ...ating-your-enterprise-to-github-actions.md | 87 -------------- .../planning-a-rollout-of-github-actions.md | 108 ------------------ .../github-apps/install-enterprise-apps.md | 4 - content/enterprise-onboarding/index.md | 11 +- 14 files changed, 10 insertions(+), 353 deletions(-) delete mode 100644 content/enterprise-onboarding/github-actions-for-your-enterprise/about-github-actions-for-enterprises.md delete mode 100644 content/enterprise-onboarding/github-actions-for-your-enterprise/actions-components.md delete mode 100644 content/enterprise-onboarding/github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud.md delete mode 100644 content/enterprise-onboarding/github-actions-for-your-enterprise/index.md delete mode 100644 content/enterprise-onboarding/github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions.md delete mode 100644 content/enterprise-onboarding/github-actions-for-your-enterprise/planning-a-rollout-of-github-actions.md diff --git a/content/actions/get-started/understand-github-actions.md b/content/actions/get-started/understand-github-actions.md index 4cce521f7c39..6a003186b963 100644 --- a/content/actions/get-started/understand-github-actions.md +++ b/content/actions/get-started/understand-github-actions.md @@ -12,6 +12,8 @@ redirect_from: - /articles/getting-started-with-github-actions - /actions/about-github-actions/understanding-github-actions - /actions/get-started/understanding-github-actions + - /enterprise-onboarding/github-actions-for-your-enterprise/actions-components + - /enterprise-onboarding/github-actions-for-your-enterprise/understanding-github-actions versions: fpt: '*' ghes: '*' diff --git a/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md index bde99019e368..7668a24a6c8d 100644 --- a/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md +++ b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises.md @@ -7,6 +7,7 @@ versions: ghes: '*' redirect_from: - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/about-github-actions-for-enterprises + - /enterprise-onboarding/github-actions-for-your-enterprise/about-github-actions-for-enterprises contentType: concepts category: - Enable GitHub features for your enterprise diff --git a/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud.md b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud.md index ac1cba5e462c..a4670766e301 100644 --- a/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud.md +++ b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud.md @@ -7,6 +7,7 @@ versions: ghec: '*' redirect_from: - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud + - /enterprise-onboarding/github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud contentType: how-tos category: - Enable GitHub features for your enterprise diff --git a/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/index.md b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/index.md index c262a9e3536a..11782f16b759 100644 --- a/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/index.md +++ b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/index.md @@ -14,5 +14,6 @@ children: shortTitle: Get started redirect_from: - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise + - /enterprise-onboarding/github-actions-for-your-enterprise --- diff --git a/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md index 93f86d738202..7e8f8bed2e9e 100644 --- a/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md +++ b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md @@ -7,6 +7,9 @@ versions: ghes: '*' redirect_from: - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise + - /enterprise-onboarding/github-actions-for-your-enterprise/planning-a-rollout-of-github-actions + - /enterprise-onboarding/github-actions-for-your-enterprise/security-hardening-for-github-actions + - /enterprise-onboarding/github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise contentType: how-tos category: - Enable GitHub features for your enterprise diff --git a/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions.md b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions.md index 6e30574dd4eb..150f224c04a6 100644 --- a/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions.md +++ b/content/admin/managing-github-actions-for-your-enterprise/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions.md @@ -7,6 +7,7 @@ versions: ghes: '*' redirect_from: - /admin/github-actions/getting-started-with-github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions + - /enterprise-onboarding/github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions contentType: how-tos category: - Enable GitHub features for your enterprise diff --git a/content/enterprise-onboarding/github-actions-for-your-enterprise/about-github-actions-for-enterprises.md b/content/enterprise-onboarding/github-actions-for-your-enterprise/about-github-actions-for-enterprises.md deleted file mode 100644 index 22ca5491ede5..000000000000 --- a/content/enterprise-onboarding/github-actions-for-your-enterprise/about-github-actions-for-enterprises.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: About GitHub Actions for enterprises -shortTitle: About GitHub Actions -intro: '{% data variables.product.prodname_actions %} can improve developer productivity by automating your enterprise''s software development cycle.' -versions: - ghec: '*' -allowTitleToDifferFromFilename: true -contentType: concepts ---- - -## About {% data variables.product.prodname_actions %} for enterprises - -{% data reusables.actions.about-actions-for-enterprises %} - -| Task | More information | -| ---- | ---------------- | -| Automatically test and build your application | [AUTOTITLE](/actions/automating-builds-and-tests/about-continuous-integration) | -| Deploy your application | [AUTOTITLE](/actions/deployment/about-deployments/about-continuous-deployment) | -| Automatically and securely package code into artifacts and containers | [AUTOTITLE](/actions/publishing-packages/about-packaging-with-github-actions) | - -{% data variables.product.prodname_actions %} helps your team work faster at scale. When large repositories start using {% data variables.product.prodname_actions %}, pull requests are typically merged faster, allowing teams to merge more pull requests per day. - -You can create your own unique automations, or you can use and adapt workflows from our ecosystem of over 10,000 actions built by industry leaders and the open source community. For more information, see [AUTOTITLE](/actions/learn-github-actions/finding-and-customizing-actions). - -{% data variables.product.prodname_actions %} is developer friendly, because it's integrated directly into the familiar {% data variables.product.github %} experience. - -You can enjoy the convenience of {% data variables.product.company_short %}-hosted runners, which are maintained and upgraded by {% data variables.product.company_short %}, or you can control your own private CI/CD infrastructure by using self-hosted runners. Self-hosted runners allow you to determine the exact environment and resources that complete your builds, testing, and deployments, without exposing your software development cycle to the internet. For more information, see [AUTOTITLE](/actions/using-github-hosted-runners/about-github-hosted-runners) and [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners). - -{% data variables.product.prodname_actions %} provides greater control over deployments. For example, you can use environments to require approval for a job to proceed, restrict which branches can trigger a workflow, or limit access to secrets. If your workflows need to access resources from a cloud provider that supports OpenID Connect (OIDC), you can configure your workflows to authenticate directly to the cloud provider. OIDC provides security benefits such as eliminating the need to store credentials as long-lived secrets. For more information, see [AUTOTITLE](/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect). - -{% data variables.product.prodname_actions %} also includes tools to govern your enterprise's software development cycle and meet compliance obligations. For more information, see [AUTOTITLE](/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise). - -## Next steps - -Learn about the basics of writing a {% data variables.product.prodname_actions %} workflow. See [AUTOTITLE](/enterprise-onboarding/github-actions-for-your-enterprise/actions-components). diff --git a/content/enterprise-onboarding/github-actions-for-your-enterprise/actions-components.md b/content/enterprise-onboarding/github-actions-for-your-enterprise/actions-components.md deleted file mode 100644 index 64f67dfdc17b..000000000000 --- a/content/enterprise-onboarding/github-actions-for-your-enterprise/actions-components.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: Understanding the components of GitHub Actions -shortTitle: Actions components -intro: Understand the basics of {% data variables.product.prodname_actions %}, including core concepts and essential terminology. -versions: - ghec: '*' -allowTitleToDifferFromFilename: true -redirect_from: - - /enterprise-onboarding/github-actions-for-your-enterprise/understanding-github-actions -contentType: concepts ---- - -{% data reusables.actions.enterprise-github-hosted-runners %} - -You can configure a {% data variables.product.prodname_actions %} **workflow** to be triggered when an **event** occurs in your repository, such as a pull request being opened or an issue being created. Your workflow contains one or more **jobs** which can run in sequential order or in parallel. Each job will run inside its own virtual machine **runner**, or inside a container, and has one or more **steps** that either run a script that you define or run an **action**, which is a reusable extension that can simplify your workflow. - -![Diagram of an event triggering Runner 1 to run Job 1, which triggers Runner 2 to run Job 2. Each of the jobs is broken into multiple steps.](/assets/images/help/actions/overview-actions-simple.png) - -## Workflows - -{% data reusables.actions.about-workflows-long %} - -You can reference a workflow within another workflow. For more information, see [AUTOTITLE](/actions/using-workflows/reusing-workflows). - -For more information, see [AUTOTITLE](/actions/using-workflows). - -## Events - -An **event** is a specific activity in a repository that triggers a **workflow** run. For example, an activity can originate from {% data variables.product.prodname_dotcom %} when someone creates a pull request, opens an issue, or pushes a commit to a repository. You can also trigger a workflow to run on a [schedule](/actions/using-workflows/events-that-trigger-workflows#schedule), by [posting to a REST API](/rest/repos/repos#create-a-repository-dispatch-event), or manually. - -For a complete list of events that can be used to trigger workflows, see [Events that trigger workflows](/actions/using-workflows/events-that-trigger-workflows). - -## Jobs - -A **job** is a set of **steps** in a workflow that is executed on the same **runner**. Each step is either a shell script that will be executed, or an **action** that will be run. Steps are executed in order and are dependent on each other. Since each step is executed on the same runner, you can share data from one step to another. For example, you can have a step that builds your application followed by a step that tests the application that was built. - -You can configure a job's dependencies with other jobs; by default, jobs have no dependencies and run in parallel. When a job takes a dependency on another job, it waits for the dependent job to complete before running. - -For example, you might configure multiple build jobs for different architectures without any job dependencies and a packaging job that depends on those builds. The build jobs run in parallel, and once they complete successfully, the packaging job runs. - -For more information, see [AUTOTITLE](/actions/using-jobs). - -## Actions - -An **action** is a custom application for the {% data variables.product.prodname_actions %} platform that performs a complex but frequently repeated task. Use an action to help reduce the amount of repetitive code that you write in your **workflow** files. An action can pull your Git repository from {% data variables.product.prodname_dotcom %}, set up the correct toolchain for your build environment, or set up the authentication to your cloud provider. - -You can write your own actions, or you can find actions to use in your workflows in the {% data variables.product.prodname_marketplace %}. - -{% data reusables.actions.internal-actions-summary %} - -For more information on actions, see [AUTOTITLE](/actions/creating-actions). - -## Runners - -A **runner** is a server that runs your workflows when they're triggered. Each runner can run a single **job** at a time. -{% data variables.product.company_short %} provides Ubuntu Linux, Microsoft Windows, and macOS runners to run your **workflows**. Each workflow run executes in a fresh, newly-provisioned virtual machine. - -{% data variables.product.prodname_dotcom %} also offers {% data variables.actions.hosted_runner %}s, which are available in larger configurations. For more information, see [AUTOTITLE](/actions/using-github-hosted-runners/using-larger-runners). - -If you need a different operating system or require a specific hardware configuration, you can host your own runners. - -For more information about self-hosted runners, see [AUTOTITLE](/actions/how-tos/managing-self-hosted-runners). - -## Next steps - -Next, learn about planning a rollout of {% data variables.product.prodname_actions %} in your enterprise. See [AUTOTITLE](/enterprise-onboarding/github-actions-for-your-enterprise/planning-a-rollout-of-github-actions). diff --git a/content/enterprise-onboarding/github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud.md b/content/enterprise-onboarding/github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud.md deleted file mode 100644 index fc62debf4d89..000000000000 --- a/content/enterprise-onboarding/github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -title: Getting started with GitHub Actions for GitHub Enterprise Cloud -shortTitle: Get started -intro: Configure {% data variables.product.prodname_actions %} on {% data variables.product.prodname_ghe_cloud %}. -versions: - ghec: '*' -allowTitleToDifferFromFilename: true -contentType: how-tos ---- - -{% data variables.product.prodname_actions %} is enabled for your enterprise by default. To get started using {% data variables.product.prodname_actions %} within your enterprise, you can manage the policies that control how enterprise members use {% data variables.product.prodname_actions %} and optionally add self-hosted runners to run workflows. - -## Managing policies for {% data variables.product.prodname_actions %} - -You can use policies to control how enterprise members use {% data variables.product.prodname_actions %}. For example, you can restrict which actions are allowed and configure artifact and log retention. For more information, see [AUTOTITLE](/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise). - -## Adding runners - -To run {% data variables.product.prodname_actions %} workflows, you need to use runners. {% data reusables.actions.about-runners %} If you use {% data variables.product.company_short %}-hosted runners, you will be billed based on consumption after exhausting the minutes included in your plan, whereas self-hosted runners are free. For more information, see [AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions). - -If you choose self-hosted runners, you can add runners at the enterprise, organization, or repository levels. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners). - -## Provisioning fine-grained permissions for {% data variables.product.prodname_actions %} - -Organization owners and users with the "Manage custom organization roles" permission can provision fine-grained permissions for users and teams in your organization. Provisioning fine-grained permissions for {% data variables.product.prodname_actions %} allows you to practice the principle of least privilege to secure settings in your {% data variables.product.prodname_actions %} CI/CD pipeline. - -{% data reusables.actions.org-roles-for-gh-actions %} - -For more information, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles). diff --git a/content/enterprise-onboarding/github-actions-for-your-enterprise/index.md b/content/enterprise-onboarding/github-actions-for-your-enterprise/index.md deleted file mode 100644 index a7c8bf06f17f..000000000000 --- a/content/enterprise-onboarding/github-actions-for-your-enterprise/index.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -title: Setting up CI/CD with GitHub Actions -intro: Plan and implement a rollout of {% data variables.product.prodname_actions %} for your enterprise. -shortTitle: Set up CI/CD with Actions -versions: - ghec: '*' -children: - - /about-github-actions-for-enterprises - - /actions-components - - /planning-a-rollout-of-github-actions - - /migrating-your-enterprise-to-github-actions - - /getting-started-with-github-actions-for-github-enterprise-cloud ---- - diff --git a/content/enterprise-onboarding/github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions.md b/content/enterprise-onboarding/github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions.md deleted file mode 100644 index 506281a0e381..000000000000 --- a/content/enterprise-onboarding/github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions.md +++ /dev/null @@ -1,87 +0,0 @@ ---- -title: Migrating your enterprise to GitHub Actions -shortTitle: Migrate to Actions -intro: Plan a migration to {% data variables.product.prodname_actions %} for your enterprise from another provider. -versions: - ghec: '*' -allowTitleToDifferFromFilename: true -contentType: how-tos ---- - -## About enterprise migrations to {% data variables.product.prodname_actions %} - -To migrate your enterprise to {% data variables.product.prodname_actions %} from an existing system, you can plan the migration, complete the migration, and retire existing systems. - -This guide addresses specific considerations for migrations. For additional information about introducing {% data variables.product.prodname_actions %} to your enterprise, see [AUTOTITLE](/enterprise-cloud@latest/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise). - -## Planning your migration - -Before you begin migrating your enterprise to {% data variables.product.prodname_actions %}, you should identify which workflows will be migrated and how those migrations will affect your teams, then plan how and when you will complete the migrations. - -### Leveraging migration specialists - -{% data variables.product.company_short %} can help with your migration, and you may also benefit from purchasing {% data variables.product.prodname_professional_services %}. For more information, contact your dedicated representative or {% data variables.contact.contact_enterprise_sales %}. - -### Identifying and inventorying migration targets - -Before you can migrate to {% data variables.product.prodname_actions %}, you need to have a complete understanding of the workflows being used by your enterprise in your existing system. - -First, create an inventory of the existing build and release workflows within your enterprise, gathering information about which workflows are being actively used and need to migrated and which can be left behind. - -Next, learn the differences between your current provider and {% data variables.product.prodname_actions %}. This will help you assess any difficulties in migrating each workflow, and where your enterprise might experience differences in features. For more information, see [AUTOTITLE](/actions/migrating-to-github-actions). - -With this information, you'll be able to determine which workflows you can and want to migrate to {% data variables.product.prodname_actions %}. - -### Determine team impacts from migrations - -When you change the tools being used within your enterprise, you influence how your team works. You'll need to consider how moving a workflow from your existing systems to {% data variables.product.prodname_actions %} will affect your developers' day-to-day work. - -Identify any processes, integrations, and third-party tools that will be affected by your migration, and make a plan for any updates you'll need to make. - -Consider how the migration may affect your compliance concerns. For example, will your existing credential scanning and security analysis tools work with {% data variables.product.prodname_actions %}, or will you need to use new tools? - -Identify the gates and checks in your existing system and verify that you can implement them with {% data variables.product.prodname_actions %}. - -### Identifying and validating migration tools - -Automated migration tools can translate your enterprise's workflows from the existing system's syntax to the syntax required by {% data variables.product.prodname_actions %}. Identify third-party tooling or contact your dedicated representative or {% data variables.contact.contact_enterprise_sales %} to ask about tools that {% data variables.product.company_short %} can provide. For example, you can use the {% data variables.product.prodname_actions_importer %} to plan, scope, and migrate your CI pipelines to {% data variables.product.prodname_actions %} from various supported services. For more information, see [AUTOTITLE](/actions/migrating-to-github-actions/automated-migrations/automating-migration-with-github-actions-importer). - -After you've identified a tool to automate your migrations, validate the tool by running the tool on some test workflows and verifying that the results are as expected. - -Automated tooling should be able to migrate the majority of your workflows, but you'll likely need to manually rewrite at least a small percentage. Estimate the amount of manual work you'll need to complete. - -### Deciding on a migration approach - -Determine the migration approach that will work best for your enterprise. Smaller teams may be able to migrate all their workflows at once, with a "rip-and-replace" approach. For larger enterprises, an iterative approach may be more realistic. You can choose to have a central body manage the entire migration or you can ask individual teams to self serve by migrating their own workflows. - -We recommend an iterative approach that combines active management with self service. Start with a small group of early adopters that can act as your internal champions. Identify a handful of workflows that are comprehensive enough to represent the breadth of your business. Work with your early adopters to migrate those workflows to {% data variables.product.prodname_actions %}, iterating as needed. This will give other teams confidence that their workflows can be migrated, too. - -Then, make {% data variables.product.prodname_actions %} available to your larger organization. Provide resources to help these teams migrate their own workflows to {% data variables.product.prodname_actions %}, and inform the teams when the existing systems will be retired. - -Finally, inform any teams that are still using your old systems to complete their migrations within a specific timeframe. You can point to the successes of other teams to reassure them that migration is possible and desirable. - -### Defining your migration schedule - -After you decide on a migration approach, build a schedule that outlines when each of your teams will migrate their workflows to {% data variables.product.prodname_actions %}. - -First, decide the date you'd like your migration to be complete. For example, you can plan to complete your migration by the time your contract with your current provider ends. - -Then, work with your teams to create a schedule that meets your deadline without sacrificing their team goals. Look at your business's cadence and the workload of each individual team you're asking to migrate. Coordinate with each team to understand their delivery schedules and create a plan that allows the team to migrate their workflows at a time that won't impact their ability to deliver. - -## Migrating to {% data variables.product.prodname_actions %} - -When you're ready to start your migration, translate your existing workflows to {% data variables.product.prodname_actions %} using the automated tooling and manual rewriting you planned for above. - -You may also want to maintain old build artifacts from your existing system, perhaps by writing a scripted process to archive the artifacts. - -## Retiring existing systems - -After your migration is complete, you can think about retiring your existing system. - -You may want to run both systems side-by-side for some period of time, while you verify that your {% data variables.product.prodname_actions %} configuration is stable, with no degradation of experience for developers. - -Eventually, decommission and shut off the old systems, and ensure that no one within your enterprise can turn the old systems back on. - -## Next steps - -Next, learn how to configure {% data variables.product.prodname_actions %} on {% data variables.product.prodname_ghe_cloud %}. See [AUTOTITLE](/enterprise-onboarding/github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud). diff --git a/content/enterprise-onboarding/github-actions-for-your-enterprise/planning-a-rollout-of-github-actions.md b/content/enterprise-onboarding/github-actions-for-your-enterprise/planning-a-rollout-of-github-actions.md deleted file mode 100644 index db1d18f59dea..000000000000 --- a/content/enterprise-onboarding/github-actions-for-your-enterprise/planning-a-rollout-of-github-actions.md +++ /dev/null @@ -1,108 +0,0 @@ ---- -title: Planning a rollout of GitHub Actions -shortTitle: Plan a rollout -intro: You can plan how to roll out {% data variables.product.prodname_actions %} in your enterprise. -versions: - ghec: '*' -allowTitleToDifferFromFilename: true -redirect_from: - - /enterprise-onboarding/github-actions-for-your-enterprise/security-hardening-for-github-actions - - /enterprise-onboarding/github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise -contentType: how-tos ---- - -## Governance and compliance - -You should create a plan to govern your enterprise's use of {% data variables.product.prodname_actions %} and meet your compliance obligations. - -Determine which actions and reusable workflows your developers will be allowed to use. First, decide whether you'll allow third-party actions and reusable workflows that were not created by {% data variables.product.company_short %}. You can configure the actions and reusable workflows that are allowed to run at the repository, organization, and enterprise levels and can choose to only allow actions that are created by {% data variables.product.company_short %}. If you do allow third-party actions and reusable workflows, you can limit allowed actions to those created by verified creators or a list of specific actions and reusable workflows. - -For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#managing-github-actions-permissions-for-your-repository), [AUTOTITLE](/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#managing-github-actions-permissions-for-your-organization), and [AUTOTITLE](/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#enforcing-a-policy-to-restrict-the-use-of-github-actions-in-your-enterprise). - -Consider combining OpenID Connect (OIDC) with reusable workflows to enforce consistent deployments across your repository, organization, or enterprise. You can do this by defining trust conditions on cloud roles based on reusable workflows. For more information, see [AUTOTITLE](/actions/deployment/security-hardening-your-deployments/using-openid-connect-with-reusable-workflows). - -You can access information about activity related to {% data variables.product.prodname_actions %} in the audit logs for your enterprise. If your business needs require retaining this information longer than audit log data is retained, plan how you'll export and store this data outside of {% data variables.product.prodname_dotcom %}. For more information, see [AUTOTITLE](/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/exporting-audit-log-activity-for-your-enterprise) and [AUTOTITLE](/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise). - -You can practice the principle of least privilege by administering custom organization roles for access to settings in your {% data variables.product.prodname_actions %} CI/CD pipeline. For more information about custom organization roles, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles). - -## Security - -You should plan your approach to security hardening for {% data variables.product.prodname_actions %}. - -### Security hardening individual workflows and repositories - -Make a plan to enforce good security practices for people using {% data variables.product.prodname_actions %} features within your enterprise. For more information about these practices, see [AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions). - -You can also encourage reuse of workflows that have already been evaluated for security. For more information, see [Innersourcing](#innersourcing). - -### Securing access to secrets and deployment resources - -You should plan where you'll store your secrets. We recommend storing secrets in {% data variables.product.prodname_dotcom %}, but you might choose to store secrets in a cloud provider. - -In {% data variables.product.prodname_dotcom %}, you can store secrets at the repository or organization level. Secrets at the repository level can be limited to workflows in certain environments, such as production or testing. For more information, see [AUTOTITLE](/actions/security-guides/encrypted-secrets). - -You should consider adding manual approval protection for sensitive environments, so that workflows must be approved before getting access to the environments' secrets. For more information, see [AUTOTITLE](/actions/deployment/targeting-different-environments/using-environments-for-deployment). - -### Security considerations for third-party actions - -There is significant risk in sourcing actions from third-party repositories on {% data variables.product.prodname_dotcom %}. If you do allow any third-party actions, you should create internal guidelines that encourage your team to follow best practices, such as pinning actions to the full commit SHA. For more information, see [AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions). - -### Private networking with GitHub-hosted runners - -{% data reusables.actions.azure-vnet-network-configuration-intro %} For more information, see [AUTOTITLE](/enterprise-cloud@latest/admin/configuration/configuring-private-networking-for-hosted-compute-products/about-azure-private-networking-for-github-hosted-runners-in-your-enterprise). - -## Innersourcing - -Think about how your enterprise can use features of {% data variables.product.prodname_actions %} to innersource automation. Innersourcing is a way to incorporate the benefits of open source methodologies into your internal software development cycle. For more information, see [An introduction to innersource](https://resources.github.com/whitepapers/introduction-to-innersource/) in {% data variables.product.company_short %} Resources. - -{% data reusables.actions.internal-actions-summary %} - -With reusable workflows, your team can call one workflow from another workflow, avoiding exact duplication. Reusable workflows promote best practice by helping your team use workflows that are well designed and have already been tested. For more information, see [AUTOTITLE](/actions/using-workflows/reusing-workflows). - -To provide a starting place for developers building new workflows, you can use workflow templates. This not only saves time for your developers, but promotes consistency and best practice across your enterprise. For more information, see [AUTOTITLE](/actions/using-workflows/creating-starter-workflows-for-your-organization). - -## Managing resources - -You should plan for how you'll manage the resources required to use {% data variables.product.prodname_actions %}. - -### Runners - -{% data variables.product.prodname_actions %} workflows require runners. You can choose to use {% data variables.product.prodname_dotcom %}-hosted runners or self-hosted runners. {% data variables.product.company_short %} manages maintenance and upgrades for {% data variables.product.prodname_dotcom %}-hosted runners. For more information, see [AUTOTITLE](/actions/using-github-hosted-runners/about-github-hosted-runners). - -To manage your own resources, configuration, or geographic location of your runner machines, use self hosted runners. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners). - -If you want more control over the networking policies for your runners, use self-hosted runners or private networking options for {% data variables.product.prodname_dotcom %}-hosted runners. For more information about private networking options, see [AUTOTITLE](/actions/using-github-hosted-runners/connecting-to-a-private-network/about-private-networking-with-github-hosted-runners). - -If you are using self-hosted runners, you have to decide whether you want to use physical machines, virtual machines, or containers. Physical machines will retain remnants of previous jobs, and so will virtual machines unless you use a fresh image for each job or clean up the machines after each job run. If you choose containers, you should be aware that the runner auto-updating will shut down the container, which can cause workflows to fail. You should come up with a solution for this by preventing auto-updates or skipping the command to kill the container. - -You also have to decide where to add each runner. You can add a self-hosted runner to an individual repository, or you can make the runner available to an entire organization or your entire enterprise. Adding runners at the organization or enterprise levels allows sharing of runners, which might reduce the size of your runner infrastructure. You can use policies to limit access to self-hosted runners at the organization and enterprise levels by assigning groups of runners to specific repositories or organizations. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/adding-self-hosted-runners) and [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/managing-access-to-self-hosted-runners-using-groups). You can also use policies to prevent people using repository-level self-hosted runners. For more information, see [AUTOTITLE](/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise#disabling-repository-level-self-hosted-runners). - -You should consider using autoscaling to automatically increase or decrease the number of available self-hosted runners. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/autoscaling-with-self-hosted-runners). - -Finally, you should consider security hardening for self-hosted runners. For more information, see [AUTOTITLE](/actions/security-guides/security-hardening-for-github-actions#hardening-for-self-hosted-runners). - -### Storage - -{% data reusables.actions.about-artifacts %} For more information, see [AUTOTITLE](/actions/using-workflows/storing-workflow-data-as-artifacts). - -{% data variables.product.prodname_actions %} also has a caching system that you can use to cache dependencies to speed up workflow runs. For more information, see [AUTOTITLE](/actions/using-workflows/caching-dependencies-to-speed-up-workflows). - -You can use policy settings for {% data variables.product.prodname_actions %} to customize the storage of workflow artifacts, caches, and log retention. For more information, see [AUTOTITLE](/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise). - -Some storage is included in your subscription, but additional storage will affect your bill. You should plan for this cost. For more information, see [AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions). - -## Tracking usage - -You should consider making a plan to track your enterprise's usage of {% data variables.product.prodname_actions %}, such as how often workflows are running, how many of those runs are passing and failing, and which repositories are using which workflows. - -You can see basic details of storage and data transfer usage of {% data variables.product.prodname_actions %} for each organization in your enterprise via your billing settings. For more information, see [AUTOTITLE](/billing/managing-billing-for-github-actions/viewing-your-github-actions-usage#viewing-github-actions-usage-for-your-enterprise-account). - -For more detailed usage data, you can use webhooks to subscribe to information about workflow jobs and workflow runs. For more information, see [AUTOTITLE](/webhooks-and-events/webhooks/about-webhooks). - -Make a plan for how your enterprise can pass the information from these webhooks into a data archiving system. You can consider using "CEDAR.GitHub.Collector", an open source tool that collects and processes webhook data from {% data variables.product.prodname_dotcom %}. For more information, see the [`Microsoft/CEDAR.GitHub.Collector` repository](https://github.com/microsoft/CEDAR.GitHub.Collector/). - -You should also plan how you'll enable your teams to get the data they need from your archiving system. - -## Next steps - -Next, learn how to plan a migration to {% data variables.product.prodname_actions %} for your enterprise from another provider. See [AUTOTITLE](/enterprise-onboarding/github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions). diff --git a/content/enterprise-onboarding/github-apps/install-enterprise-apps.md b/content/enterprise-onboarding/github-apps/install-enterprise-apps.md index 85ae98cdb0f4..c9095e1218e2 100644 --- a/content/enterprise-onboarding/github-apps/install-enterprise-apps.md +++ b/content/enterprise-onboarding/github-apps/install-enterprise-apps.md @@ -8,7 +8,3 @@ contentType: how-tos --- {% data reusables.enterprise-onboarding.install-enterprise-apps %} - -## Next steps - -Now that you're automating processes with {% data variables.product.prodname_github_apps %}, you can broaden your options for automation and CI/CD by introducing {% data variables.product.prodname_actions %} to your enterprise. See [AUTOTITLE](/enterprise-onboarding/github-actions-for-your-enterprise/about-github-actions-for-enterprises). diff --git a/content/enterprise-onboarding/index.md b/content/enterprise-onboarding/index.md index a3410738f72c..92dd5c5c9dbb 100644 --- a/content/enterprise-onboarding/index.md +++ b/content/enterprise-onboarding/index.md @@ -48,15 +48,7 @@ journeyTracks: guides: - href: '/enterprise-onboarding/github-apps/create-enterprise-apps' - href: '/enterprise-onboarding/github-apps/install-enterprise-apps' - - id: 'github_actions_for_your_enterprise' - title: 'Setting up CI/CD with GitHub Actions' - description: 'Explore {% data variables.product.prodname_actions %}, plan your rollout, and get started.' - guides: - - href: '/enterprise-onboarding/github-actions-for-your-enterprise/about-github-actions-for-enterprises' - - href: '/enterprise-onboarding/github-actions-for-your-enterprise/actions-components' - - href: '/enterprise-onboarding/github-actions-for-your-enterprise/planning-a-rollout-of-github-actions' - - href: '/enterprise-onboarding/github-actions-for-your-enterprise/migrating-your-enterprise-to-github-actions' - - href: '/enterprise-onboarding/github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-cloud' + versions: ghec: '*' children: @@ -65,7 +57,6 @@ children: - /support-for-your-enterprise - /govern-people-and-repositories - /github-apps - - /github-actions-for-your-enterprise redirect_from: - /enterprise-onboarding/feature-enhancements --- From 8b00bb47859abbb7e0ee1ea14666e5027565e8bb Mon Sep 17 00:00:00 2001 From: docs-bot <77750099+docs-bot@users.noreply.github.com> Date: Wed, 1 Apr 2026 06:01:12 -0700 Subject: [PATCH 10/13] docs: update copilot-cli content from source docs (#60498) Co-authored-by: github-actions[bot] Co-authored-by: Sarah Schneider --- .../copilot-cli-reference/cli-command-reference.md | 8 +++----- .../copilot-cli-reference/cli-config-dir-reference.md | 3 +-- src/content-pipelines/state/copilot-cli.sha | 2 +- 3 files changed, 5 insertions(+), 8 deletions(-) diff --git a/content/copilot/reference/copilot-cli-reference/cli-command-reference.md b/content/copilot/reference/copilot-cli-reference/cli-command-reference.md index f568d974ec5f..aa5c5936556a 100644 --- a/content/copilot/reference/copilot-cli-reference/cli-command-reference.md +++ b/content/copilot/reference/copilot-cli-reference/cli-command-reference.md @@ -74,7 +74,7 @@ redirect_from: | `/add-dir PATH` | Add a directory to the allowed list for file access. | | `/agent` | Browse and select from available agents (if any). | | `/allow-all`, `/yolo` | Enable all permissions (tools, paths, and URLs). | -| `/clear`, `/new` | Clear the conversation history. | +| `/clear [PROMPT]`, `/new [PROMPT]` | Start a new conversation. | | `/compact` | Summarize the conversation history to reduce context window usage. | | `/context` | Show the context window token usage and visualization. | | `/cwd`, `/cd [PATH]` | Change the working directory or display the current directory. | @@ -125,7 +125,6 @@ For a complete list of available slash commands enter `/help` in the CLI's inter | `--allow-all-urls` | Allow access to all URLs without confirmation. | | `--allow-tool=TOOL ...` | Tools the CLI has permission to use. Will not prompt for permission. For multiple tools, use a quoted, comma-separated list. | | `--allow-url=URL ...` | Allow access to specific URLs or domains. For multiple URLs, use a quoted, comma-separated list. | -| `--alt-screen=VALUE` | Use the terminal alternate screen buffer (`on` or `off`). | | `--autopilot` | Enable autopilot continuation in prompt mode. See [AUTOTITLE](/copilot/concepts/agents/copilot-cli/autopilot). | | `--available-tools=TOOL ...` | Only these tools will be available to the model. For multiple tools, use a quoted, comma-separated list. | | `--banner` | Show the startup banner. | @@ -147,7 +146,6 @@ For a complete list of available slash commands enter `/help` in the CLI's inter | `--log-level=LEVEL` | Set the log level (choices: `none`, `error`, `warning`, `info`, `debug`, `all`, `default`). | | `--max-autopilot-continues=COUNT` | Maximum number of continuation messages in autopilot mode (default: unlimited). See [AUTOTITLE](/copilot/concepts/agents/copilot-cli/autopilot). | | `--model=MODEL` | Set the AI model you want to use. | -| `--no-alt-screen` | Disable the terminal alternate screen buffer. | | `--no-ask-user` | Disable the `ask_user` tool (the agent works autonomously without asking questions). | | `--no-auto-update` | Disable downloading CLI updates automatically. | | `--no-bash-env` | Disable `BASH_ENV` support for bash shells. | @@ -282,7 +280,6 @@ Settings cascade from user to repository to local, with more specific scopes ove | Key | Type | Default | Description | |-----|------|---------|-------------| | `allowed_urls` | `string[]` | `[]` | URLs or domains allowed without prompting. | -| `alt_screen` | `boolean` | `true` | Use the terminal alternate screen buffer. | | `auto_update` | `boolean` | `true` | Automatically download CLI updates. | | `banner` | `"always"` \| `"once"` \| `"never"` | `"once"` | Animated banner display frequency. | | `bash_env` | `boolean` | `false` | Enable `BASH_ENV` support for bash shells. | @@ -400,6 +397,8 @@ Prompt hooks auto-submit text as if the user typed it. They are only supported o | `postToolUse` | After each tool completes. | No | | `agentStop` | The main agent finishes a turn. | Yes — can block and force continuation. | | `subagentStop` | A subagent completes. | Yes — can block and force continuation. | +| `subagentStart` | A subagent is spawned (before it runs). Returns `additionalContext` prepended to the subagent's prompt. Supports `matcher` to filter by agent name. | No — cannot block creation. | +| `preCompact` | Context compaction is about to begin (manual or automatic). Supports `matcher` to filter by trigger (`"manual"` or `"auto"`). | No — notification only. | | `errorOccurred` | An error occurs during execution. | No | ### `preToolUse` decision control @@ -536,7 +535,6 @@ Skills are loaded from these locations in priority order (first found wins for d | `~/.copilot/skills/` | Personal | Personal skills for all projects. | | `~/.agents/skills/` | Personal | Agent skills shared across all projects. | | `~/.claude/skills/` | Personal | Claude-compatible personal location. | -| `~/.agents/skills/` | Personal | Alternative personal location. | | Plugin directories | Plugin | Skills from installed plugins. | | `COPILOT_SKILLS_DIRS` | Custom | Additional directories (comma-separated). | diff --git a/content/copilot/reference/copilot-cli-reference/cli-config-dir-reference.md b/content/copilot/reference/copilot-cli-reference/cli-config-dir-reference.md index 6370b51ac6bc..8d9c985f14b9 100644 --- a/content/copilot/reference/copilot-cli-reference/cli-config-dir-reference.md +++ b/content/copilot/reference/copilot-cli-reference/cli-config-dir-reference.md @@ -51,7 +51,6 @@ Common settings include: | `model` | string | AI model to use (e.g., `"gpt-5.2"`, `"claude-sonnet-4.6"`) | | `effortLevel` | string | Reasoning effort level for models that support it | | `theme` | string | Color theme: `"auto"`, `"dark"`, or `"light"` | -| `alt_screen` | boolean | Use the alternate screen buffer (default: `true`) | | `mouse` | boolean | Enable mouse support in alt screen mode (default: `true`) | | `banner` | string | Animated banner frequency: `"always"`, `"once"`, or `"never"` (default: `"once"`) | | `render_markdown` | boolean | Render markdown in responses (default: `true`) | @@ -70,7 +69,7 @@ Common settings include: For a full list of configuration settings, enter `copilot help config` in your terminal. > [!TIP] -> Some settings can also be set using command-line flags. For example, `--alt-screen` and `--no-alt-screen` set the `alt_screen` value and persist it to `config.json`. The `/model` slash command writes your model selection to this file so it persists across sessions. +> Some settings can also be set using command-line flags. For example, the `/model` slash command writes your model selection to this file so it persists across sessions. ### `mcp-config.json` diff --git a/src/content-pipelines/state/copilot-cli.sha b/src/content-pipelines/state/copilot-cli.sha index c6bc8aca3906..741b784371d4 100644 --- a/src/content-pipelines/state/copilot-cli.sha +++ b/src/content-pipelines/state/copilot-cli.sha @@ -1 +1 @@ -990f654fe346f8ee9e49f3aea699a71c01a7814c +220f40fa27593ccceb482a0c5546fc151e3976e8 From 157df28d36b4bae1f0760d071b1c3c341343a3b8 Mon Sep 17 00:00:00 2001 From: Laura Coursen Date: Wed, 1 Apr 2026 08:57:50 -0500 Subject: [PATCH 11/13] Move support content later in enterprise onboarding journey (#60218) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .../github-apps/install-enterprise-apps.md | 4 ++++ content/enterprise-onboarding/index.md | 17 ++++++++--------- .../use-innersource.md | 2 +- .../managing-support-entitlements.md | 4 ---- 4 files changed, 13 insertions(+), 14 deletions(-) diff --git a/content/enterprise-onboarding/github-apps/install-enterprise-apps.md b/content/enterprise-onboarding/github-apps/install-enterprise-apps.md index c9095e1218e2..056c38623ab8 100644 --- a/content/enterprise-onboarding/github-apps/install-enterprise-apps.md +++ b/content/enterprise-onboarding/github-apps/install-enterprise-apps.md @@ -8,3 +8,7 @@ contentType: how-tos --- {% data reusables.enterprise-onboarding.install-enterprise-apps %} + +## Next steps + +Now that you're automating processes with {% data variables.product.prodname_github_apps %}, learn about {% data variables.contact.github_support %} so you can get help when you need it. See [AUTOTITLE](/enterprise-onboarding/support-for-your-enterprise/understanding-support). diff --git a/content/enterprise-onboarding/index.md b/content/enterprise-onboarding/index.md index 92dd5c5c9dbb..1831749d9e0c 100644 --- a/content/enterprise-onboarding/index.md +++ b/content/enterprise-onboarding/index.md @@ -25,13 +25,6 @@ journeyTracks: - href: '/enterprise-onboarding/setting-up-organizations-and-teams/creating-teams' - href: '/enterprise-onboarding/setting-up-organizations-and-teams/assigning-roles-to-teams-and-users' - href: '/enterprise-onboarding/setting-up-organizations-and-teams/use-innersource' - - id: 'support_for_your_enterprise' - title: 'Creating a support model for your enterprise' - description: 'Find out how to get help and choose who will be able to contact Support.' - guides: - - href: '/enterprise-onboarding/support-for-your-enterprise/understanding-support' - - href: '/enterprise-onboarding/support-for-your-enterprise/using-the-support-portal' - - href: '/enterprise-onboarding/support-for-your-enterprise/managing-support-entitlements' - id: 'govern_people_and_repositories' title: 'Governing people and repositories' description: 'Implement policies, custom properties, and rulesets to govern users and repositories across your enterprise.' @@ -48,15 +41,21 @@ journeyTracks: guides: - href: '/enterprise-onboarding/github-apps/create-enterprise-apps' - href: '/enterprise-onboarding/github-apps/install-enterprise-apps' - + - id: 'support_for_your_enterprise' + title: 'Creating a support model for your enterprise' + description: 'Find out how to get help and choose who will be able to contact {% data variables.contact.github_support %}.' + guides: + - href: '/enterprise-onboarding/support-for-your-enterprise/understanding-support' + - href: '/enterprise-onboarding/support-for-your-enterprise/using-the-support-portal' + - href: '/enterprise-onboarding/support-for-your-enterprise/managing-support-entitlements' versions: ghec: '*' children: - /getting-started-with-your-enterprise - /setting-up-organizations-and-teams - - /support-for-your-enterprise - /govern-people-and-repositories - /github-apps + - /support-for-your-enterprise redirect_from: - /enterprise-onboarding/feature-enhancements --- diff --git a/content/enterprise-onboarding/setting-up-organizations-and-teams/use-innersource.md b/content/enterprise-onboarding/setting-up-organizations-and-teams/use-innersource.md index 0d6f2da21a2c..c6fb65a36f29 100644 --- a/content/enterprise-onboarding/setting-up-organizations-and-teams/use-innersource.md +++ b/content/enterprise-onboarding/setting-up-organizations-and-teams/use-innersource.md @@ -12,4 +12,4 @@ allowTitleToDifferFromFilename: true ## Next steps -Now that you've set up organizations and teams, learn about support so you can get help when you need it. See [AUTOTITLE](/enterprise-onboarding/support-for-your-enterprise/understanding-support). +Now that you've set up organizations and teams, learn how to stay compliant and secure by setting up governance policies for your users and repositories. See [AUTOTITLE](/enterprise-onboarding/govern-people-and-repositories/about-enterprise-policies). diff --git a/content/enterprise-onboarding/support-for-your-enterprise/managing-support-entitlements.md b/content/enterprise-onboarding/support-for-your-enterprise/managing-support-entitlements.md index 9d470f9c2b91..8e04c790aa53 100644 --- a/content/enterprise-onboarding/support-for-your-enterprise/managing-support-entitlements.md +++ b/content/enterprise-onboarding/support-for-your-enterprise/managing-support-entitlements.md @@ -33,7 +33,3 @@ To add a support entitlement to a user, the user must already be a member of an You can manually remove support entitlements for enterprise members provided they are not enterprise owners or billing managers. To learn how to remove support entitlements, see [Removing a support entitlement from an enterprise member](/enterprise-cloud@latest/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise#removing-a-support-entitlement-from-an-enterprise-member). - -## Next steps - -Next, learn how to stay compliant and secure by setting up governance policies for your users and repositories. See [AUTOTITLE](/enterprise-onboarding/govern-people-and-repositories/about-enterprise-policies). From 3f23fabf5fae217032da315ae53ece3e086f7c5d Mon Sep 17 00:00:00 2001 From: Kevin Heis Date: Wed, 1 Apr 2026 07:08:07 -0700 Subject: [PATCH 12/13] Extend translation Liquid corruption fixes to {% if %} tags (#60579) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .../lib/correct-translation-content.ts | 36 ++++++++++--------- .../tests/correct-translation-content.ts | 17 +++++++++ 2 files changed, 37 insertions(+), 16 deletions(-) diff --git a/src/languages/lib/correct-translation-content.ts b/src/languages/lib/correct-translation-content.ts index fcf5fa987df4..0060599e3576 100644 --- a/src/languages/lib/correct-translation-content.ts +++ b/src/languages/lib/correct-translation-content.ts @@ -44,15 +44,15 @@ export function correctTranslatedContentStrings( ) content = content.replaceAll('{{ glosario.term }}', '{{ glossary.term }}') content = content.replaceAll('{{ glosario.description }}', '{{ glossary.description }}') - // Catch "o" and "y/o" between any plan names in ifversion/elsif tags + // Catch "o" and "y/o" between any plan names in ifversion/elsif/if tags content = content.replace( - /\{%-? (?:ifversion|elsif) [^%]*?(?:\by\/o\b|\bo\b)[^%]*?%\}/g, + /\{%-? (?:ifversion|elsif|if) [^%]*?(?:\by\/o\b|\bo\b)[^%]*?%\}/g, (match) => { return match.replace(/ y\/o /g, ' or ').replace(/ o /g, ' or ') }, ) - // Spanish "no" for "not" in ifversion tags - content = content.replace(/\{%-? (?:ifversion|elsif) [^%]*?\bno\b[^%]*?%\}/g, (match) => { + // Spanish "no" for "not" in ifversion/elsif/if tags + content = content.replace(/\{%-? (?:ifversion|elsif|if) [^%]*?\bno\b[^%]*?%\}/g, (match) => { return match.replace(/ no /g, ' not ') }) // Translated for-loop keywords @@ -205,8 +205,8 @@ export function correctTranslatedContentStrings( content = content.replaceAll('{% %de dados reusables.', '{% data reusables.') content = content.replaceAll('{% %de dados variables.', '{% data variables.') content = content.replaceAll('{% %móvel }', '{% mobile %}') - // Catch "ou" between any plan names in ifversion/elsif tags - content = content.replace(/\{%-? (?:ifversion|elsif) [^%]*?ou [^%]*?%\}/g, (match) => { + // Catch "ou" between any plan names in ifversion/elsif/if tags + content = content.replace(/\{%-? (?:ifversion|elsif|if) [^%]*?ou [^%]*?%\}/g, (match) => { return match.replace(/ ou /g, ' or ') }) } @@ -225,8 +225,8 @@ export function correctTranslatedContentStrings( // Stray Chinese `,则为` ("then") merged with `{%` before HTML: `,则为 {%` → `` // The regex consumes the `<` to avoid producing a double `<<`. content = content.replace(/,则为 \{% { + // Catch "或" between any plan names in ifversion/elsif/if tags + content = content.replace(/\{%-? (?:ifversion|elsif|if) [^%]*?或[^%]*?%\}/g, (match) => { return match.replace(/ 或 /g, ' or ') }) } @@ -267,8 +267,8 @@ export function correctTranslatedContentStrings( content = content.replaceAll('{% ifversion ghec или fpt %}', '{% ifversion ghec or fpt %}') content = content.replaceAll('{% ghes или ghec %}', '{% ifversion ghes or ghec %}') content = content.replaceAll('{% elsif ghec или ghes %}', '{% elsif ghec or ghes %}') - // Catch remaining "или" between any plan names in ifversion/elsif tags - content = content.replace(/\{%-? (?:ifversion|elsif) [^%]*?или[^%]*?%\}/g, (match) => { + // Catch remaining "или" between any plan names in ifversion/elsif/if tags + content = content.replace(/\{%-? (?:ifversion|elsif|if) [^%]*?или[^%]*?%\}/g, (match) => { return match.replace(/ или /g, ' or ') }) content = content.replaceAll('{% endif _%}', '{% endif %}') @@ -364,10 +364,14 @@ export function correctTranslatedContentStrings( content = content.replaceAll('{% %brut }', '{% raw %}') content = content.replaceAll('{% redessiner %}', '{% endraw %}') content = content.replaceAll('{% données ', '{% data ') - // Catch remaining "ou" between any plan names in ifversion/elsif tags - content = content.replace(/\{%-? (?:ifversion|elsif) [^%]*?ou [^%]*?%\}/g, (match) => { + // Catch remaining "ou" between any plan names in ifversion/elsif/if tags + content = content.replace(/\{%-? (?:ifversion|elsif|if) [^%]*?ou [^%]*?%\}/g, (match) => { return match.replace(/ ou /g, ' or ') }) + // French guillemets «/» → " inside if/ifversion/elsif tags + content = content.replace(/\{%-?\s*(?:if|ifversion|elsif)\s[^%]*?[«»][^%]*?%\}/g, (match) => { + return match.replace(/«\s*/g, '"').replace(/\s*»/g, '"') + }) // French decimal comma in version numbers: `3,16` → `3.16` content = content.replace(/\{%-? (?:ifversion|elsif) [^%]*?%\}/g, (match) => { return match.replace(/(\d),(\d)/g, '$1.$2') @@ -408,8 +412,8 @@ export function correctTranslatedContentStrings( content = content.replaceAll('{% 기타 %}', '{% else %}') content = content.replaceAll('{% 참고 %}', '{% note %}') content = content.replaceAll('{% 원시 %}', '{% raw %}') - // Catch "또는" between any plan names in ifversion/elsif tags - content = content.replace(/\{%-? (?:ifversion|elsif) [^%]*?또는[^%]*?%\}/g, (match) => { + // Catch "또는" between any plan names in ifversion/elsif/if tags + content = content.replace(/\{%-? (?:ifversion|elsif|if) [^%]*?또는[^%]*?%\}/g, (match) => { return match.replace(/ 또는 /g, ' or ') }) @@ -431,8 +435,8 @@ export function correctTranslatedContentStrings( content = content.replaceAll('{%-Daten-variables', '{%- data variables') content = content.replaceAll('{%- ifversion fpt oder ghec %}', '{%- ifversion fpt or ghec %}') content = content.replaceAll('{% ifversion fpt oder ghec %}', '{% ifversion fpt or ghec %}') - // Catch remaining "oder" between any plan names in ifversion/elsif tags - content = content.replace(/\{%-? (?:ifversion|elsif) [^%]*?oder [^%]*?%\}/g, (match) => { + // Catch remaining "oder" between any plan names in ifversion/elsif/if tags + content = content.replace(/\{%-? (?:ifversion|elsif|if) [^%]*?oder [^%]*?%\}/g, (match) => { return match.replace(/ oder /g, ' or ') }) // Translated block tags diff --git a/src/languages/tests/correct-translation-content.ts b/src/languages/tests/correct-translation-content.ts index d2a9bc14019a..282372966786 100644 --- a/src/languages/tests/correct-translation-content.ts +++ b/src/languages/tests/correct-translation-content.ts @@ -270,6 +270,10 @@ describe('correctTranslatedContentStrings', () => { expect(fix('{%- elsif fpt ou ghec %}', 'pt')).toBe('{%- elsif fpt or ghec %}') }) + test('fixes ou → or in if tags', () => { + expect(fix('{% if condition ou other %}', 'pt')).toBe('{% if condition or other %}') + }) + test('fixes fully translated reutilizáveis reusables path', () => { // `reutilizáveis` is Portuguese for "reusables" expect(fix('{% dados reutilizáveis.repositórios.reaction_list %}', 'pt')).toBe( @@ -501,6 +505,19 @@ describe('correctTranslatedContentStrings', () => { expect(fix('{%- elsif fpt ou ghec %}', 'fr')).toBe('{%- elsif fpt or ghec %}') }) + test('fixes ou → or in if tags', () => { + expect( + fix('{% if query.apiVersion == nil ou "2026-03-10" <= query.apiVersion %}', 'fr'), + ).toBe('{% if query.apiVersion == nil or "2026-03-10" <= query.apiVersion %}') + }) + + test('fixes French guillemets « » → " in if/ifversion tags', () => { + expect( + fix('{% if query.apiVersion == nil ou « 2026-03-10 » <= query.apiVersion %}', 'fr'), + ).toBe('{% if query.apiVersion == nil or "2026-03-10" <= query.apiVersion %}') + expect(fix('{% ifversion « ghec » %}', 'fr')).toBe('{% ifversion "ghec" %}') + }) + test('fixes translated block tags', () => { expect(fix('{% remarque %}', 'fr')).toBe('{% note %}') expect(fix('{%- remarque %}', 'fr')).toBe('{%- note %}') From 5b0e6cacc7712b9a23cb78fa6a2efb5f5dd5a169 Mon Sep 17 00:00:00 2001 From: John Clement <70238417+jclement136@users.noreply.github.com> Date: Wed, 1 Apr 2026 10:22:04 -0400 Subject: [PATCH 13/13] [2026-03-31] Rename the Security tab to Security & quality [GA] (#60482) Co-authored-by: Joe Clark <31087804+jc-clark@users.noreply.github.com> Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- content/code-security/concepts/about-code-quality.md | 2 +- .../code-security/concepts/secret-security/about-alerts.md | 2 +- .../concepts/secret-security/about-push-protection.md | 2 +- .../secret-security/about-secret-scanning-for-partners.md | 2 +- .../concepts/secret-security/about-secret-scanning.md | 2 +- .../concepts/security-at-scale/about-security-overview.md | 4 ++-- .../supply-chain-security/about-dependabot-alerts.md | 2 +- .../supply-chain-security/about-supply-chain-security.md | 6 +++--- .../supply-chain-security/dependabot-malware-alerts.md | 2 +- .../getting-started/github-security-features.md | 2 +- .../quickstart-for-securing-your-repository.md | 4 ++-- .../assessing-code-scanning-alerts-for-your-repository.md | 2 +- .../resolving-code-scanning-alerts.md | 2 +- .../triaging-code-scanning-alerts-in-pull-requests.md | 2 +- .../manage-dependabot-alerts/manage-malware-alerts.md | 2 +- .../manage-secret-scanning-alerts/monitoring-alerts.md | 2 +- .../manage-secret-scanning-alerts/viewing-alerts.md | 4 ++-- .../creating-managing-security-campaigns.md | 4 ++-- .../filtering-alerts-in-security-overview.md | 2 +- .../fixing-alerts-in-security-campaign.md | 4 ++-- .../tracking-security-campaigns.md | 2 +- .../configuring-secret-scanning-for-your-appliance.md | 2 +- .../re-run-dependabot-jobs.md | 2 +- .../assessing-adoption-code-security.md | 7 ------- .../assessing-code-security-risk.md | 2 +- .../analyze-organization-data/viewing-security-insights.md | 2 +- .../reference/code-quality/codeql-detection.md | 2 +- .../reference/code-quality/metrics-and-ratings.md | 2 +- .../reference/code-scanning/code-scanning-logs.md | 2 +- .../code-scanning/workflow-configuration-options.md | 4 ++-- .../troubleshoot-dependabot/dependabot-errors.md | 2 +- content/code-security/responsible-use/code-quality.md | 2 +- .../responsible-use/responsible-ai-generic-secrets.md | 2 +- .../uploading-codeql-analysis-results-to-github.md | 2 +- .../tutorials/improve-code-quality/fix-findings-in-prs.md | 2 +- .../improve-code-quality/improve-your-codebase.md | 2 +- .../tutorials/improve-code-quality/quickstart.md | 4 ++-- ...t-practices-for-participating-in-a-security-campaign.md | 4 ++-- .../dependabot-quickstart-guide.md | 2 +- ...tices-for-preventing-data-leaks-in-your-organization.md | 2 +- .../organizing-remediation-efforts-for-leaked-secrets.md | 2 +- .../prioritize-alerts-in-production-code.md | 2 +- .../explore-trial-code-scanning.md | 2 +- .../explore-trial-secret-scanning.md | 4 ++-- content/get-started/accessibility/keyboard-shortcuts.md | 2 +- .../finding-and-fixing-your-first-code-vulnerability.md | 4 ++-- ...nding-and-fixing-your-first-dependency-vulnerability.md | 4 ++-- .../reusing-other-peoples-code-in-your-projects.md | 4 +--- ...g-security-and-analysis-settings-for-your-repository.md | 2 +- data/features/security-and-quality-tab.yml | 5 +++++ data/reusables/code-quality/dashboard-navigation-repo.md | 2 +- .../code-scanning/click-code-security-enterprise.md | 2 +- .../enterprise_site_admin_settings/security-tab.md | 3 +-- data/reusables/organizations/security-overview.md | 4 +--- data/reusables/repositories/sidebar-security.md | 3 +-- data/reusables/secret-scanning/alert-types.md | 6 +++--- .../push-protection-allow-secrets-alerts.md | 2 +- data/reusables/secret-scanning/push-protection-bypass.md | 2 +- .../reusables/secret-scanning/repository-alert-location.md | 2 +- .../security-overview/navigate-to-risk-assessment.md | 2 +- data/variables/product.yml | 1 + 61 files changed, 79 insertions(+), 86 deletions(-) create mode 100644 data/features/security-and-quality-tab.yml diff --git a/content/code-security/concepts/about-code-quality.md b/content/code-security/concepts/about-code-quality.md index 1773e6efce00..bfbf996954ed 100644 --- a/content/code-security/concepts/about-code-quality.md +++ b/content/code-security/concepts/about-code-quality.md @@ -65,7 +65,7 @@ When {% data variables.product.prodname_codeql %} finds rule-based problems on p ### Default branch results -{% data variables.product.prodname_code_quality_short %} findings on the default branch are reported on "{% data variables.code-quality.code_quality_ui %}" pages on the **Security** tab for the repository: +{% data variables.product.prodname_code_quality_short %} findings on the default branch are reported on "{% data variables.code-quality.code_quality_ui %}" pages on the **{% data variables.product.prodname_security_and_quality_tab %}** tab for the repository: * **{% data variables.code-quality.all_findings %}** shows the results of {% data variables.product.prodname_codeql %} quality analysis. See [AUTOTITLE](/code-security/code-quality/tutorials/improve-your-codebase). * **{% data variables.code-quality.recent_suggestions %}** shows the results of AI-powered analysis of the files most recently pushed to the default branch. See [AUTOTITLE](/code-security/code-quality/tutorials/improve-recent-merges). diff --git a/content/code-security/concepts/secret-security/about-alerts.md b/content/code-security/concepts/secret-security/about-alerts.md index 9b07433d7cfd..a653f3ecedbf 100644 --- a/content/code-security/concepts/secret-security/about-alerts.md +++ b/content/code-security/concepts/secret-security/about-alerts.md @@ -76,7 +76,7 @@ For {% data variables.product.company_short %} to scan for non-provider patterns ## About push protection alerts -Push protection scans pushes for supported secrets. If push protection detects a supported secret, it will block the push. When a contributor bypasses push protection to push a secret to the repository, a push protection alert is generated and displayed in the **Security** tab of the repository. To see all push protection alerts for a repository, you must filter by `bypassed: true` on the alerts page. For more information, see [AUTOTITLE](/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/viewing-alerts#filtering-alerts). +Push protection scans pushes for supported secrets. If push protection detects a supported secret, it will block the push. When a contributor bypasses push protection to push a secret to the repository, a push protection alert is generated and displayed in the **{% data variables.product.prodname_security_and_quality_tab %}** tab of the repository. To see all push protection alerts for a repository, you must filter by `bypassed: true` on the alerts page. For more information, see [AUTOTITLE](/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/viewing-alerts#filtering-alerts). {% data reusables.secret-scanning.secret-scanning-pattern-pair-matches %} diff --git a/content/code-security/concepts/secret-security/about-push-protection.md b/content/code-security/concepts/secret-security/about-push-protection.md index e86e2912ed8a..7134a346b52b 100644 --- a/content/code-security/concepts/secret-security/about-push-protection.md +++ b/content/code-security/concepts/secret-security/about-push-protection.md @@ -45,7 +45,7 @@ You can enable push protection for repositories at the repository, organization, * Requires {% data variables.product.prodname_GH_secret_protection_always %} to be enabled * Is disabled by default, and can be enabled by a repository administrator, organization owner, security manager, or enterprise owner * Blocks pushes containing secrets from reaching specific protected repositories -* Generates alerts for push protection bypasses in the **Security** tab of the repository, organization, and enterprise +* Generates alerts for push protection bypasses in the **{% data variables.product.prodname_security_and_quality_tab %}** tab of the repository, organization, and enterprise {% ifversion secret-risk-assessment %} diff --git a/content/code-security/concepts/secret-security/about-secret-scanning-for-partners.md b/content/code-security/concepts/secret-security/about-secret-scanning-for-partners.md index 88db80c8481b..00980d4a6a5b 100644 --- a/content/code-security/concepts/secret-security/about-secret-scanning-for-partners.md +++ b/content/code-security/concepts/secret-security/about-secret-scanning-for-partners.md @@ -23,7 +23,7 @@ category: {% data reusables.secret-scanning.what-is-scanned %} -The reason partner alerts are directly sent to the secret providers whenever a leak is detected for one of their secrets is that this enables the provider to take immediate action to protect you and protect their resources. The notification process for regular alerts is different. Regular alerts are displayed on the repository's **Security** tab on {% data variables.product.prodname_dotcom %} for you to resolve. +The reason partner alerts are directly sent to the secret providers whenever a leak is detected for one of their secrets is that this enables the provider to take immediate action to protect you and protect their resources. The notification process for regular alerts is different. Regular alerts are displayed on the repository's **{% data variables.product.prodname_security_and_quality_tab %}** tab on {% data variables.product.prodname_dotcom %} for you to resolve. {% data reusables.secret-scanning.secret-scanning-pattern-pair-matches %} diff --git a/content/code-security/concepts/secret-security/about-secret-scanning.md b/content/code-security/concepts/secret-security/about-secret-scanning.md index c6e20de180fb..52a5b9e74df8 100644 --- a/content/code-security/concepts/secret-security/about-secret-scanning.md +++ b/content/code-security/concepts/secret-security/about-secret-scanning.md @@ -40,7 +40,7 @@ When credentials like API keys and passwords are committed to repositories, they ### {% data variables.product.prodname_secret_scanning_caps %} alerts and remediation -When {% data variables.product.prodname_secret_scanning %} finds a potential secret, {% data variables.product.github %} generates an alert on your repository's **Security** tab with details about the exposed credential. +When {% data variables.product.prodname_secret_scanning %} finds a potential secret, {% data variables.product.github %} generates an alert on your repository's **{% data variables.product.prodname_security_and_quality_tab %}** tab with details about the exposed credential. When you receive an alert, rotate the affected credential immediately to prevent unauthorized access. While you can also remove secrets from your Git history, this is time-intensive and often unnecessary if you've already revoked the credential. diff --git a/content/code-security/concepts/security-at-scale/about-security-overview.md b/content/code-security/concepts/security-at-scale/about-security-overview.md index 9d5e3a46deac..c20c20697684 100644 --- a/content/code-security/concepts/security-at-scale/about-security-overview.md +++ b/content/code-security/concepts/security-at-scale/about-security-overview.md @@ -65,7 +65,7 @@ There are dedicated views for each type of security alert. You can limit your an The application security team at your company can use the different views for both broad and specific analyses of your organization's security status. For example, the team can use the "Overview" dashboard view to track your organization's security landscape and progression. {% ifversion pre-security-configurations %}You can also use security overview to find a set of repositories and enable or disable security features for them all at the same time. For more information, see [AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories).{% endif %} -You can find security overview on the **Security** tab for any organization. Each view shows a summary of the data that you have access to. As you add filters, all data and metrics across the view change to reflect the repositories or alerts that you've selected. +You can find security overview on the **{% data variables.product.prodname_security_and_quality_tab %}** tab for any organization. Each view shows a summary of the data that you have access to. As you add filters, all data and metrics across the view change to reflect the repositories or alerts that you've selected. Security overview has multiple views that provide different ways to explore enablement and alert data. @@ -85,7 +85,7 @@ You also create and manage security campaigns to remediate alerts from security ## About security overview for enterprises -You can find security overview on the **Security** tab for your enterprise. Each page displays aggregated and repository-specific security information for your enterprise. +You can find security overview on the **{% data variables.product.prodname_security_and_quality_tab %}** tab for your enterprise. Each page displays aggregated and repository-specific security information for your enterprise. Security overview for enterprises has multiple views that provide different ways to explore data, including an overview dashboard that visualizes alert trends. For information about the dashboard, see [AUTOTITLE](/code-security/security-overview/viewing-security-insights) and [AUTOTITLE](/code-security/reference/security-at-scale/security-overview-dashboard-metrics). diff --git a/content/code-security/concepts/supply-chain-security/about-dependabot-alerts.md b/content/code-security/concepts/supply-chain-security/about-dependabot-alerts.md index ac9c00953ca1..099990aba0b3 100644 --- a/content/code-security/concepts/supply-chain-security/about-dependabot-alerts.md +++ b/content/code-security/concepts/supply-chain-security/about-dependabot-alerts.md @@ -34,7 +34,7 @@ For supported ecosystems, see [AUTOTITLE](/code-security/supply-chain-security/u ## Understanding alerts -When {% data variables.product.github %} detects a vulnerable dependency, a {% data variables.product.prodname_dependabot %} alert appears on the repository's **Security** tab and dependency graph. Each alert includes: +When {% data variables.product.github %} detects a vulnerable dependency, a {% data variables.product.prodname_dependabot %} alert appears on the repository's **{% data variables.product.prodname_security_and_quality_tab %}** tab and dependency graph. Each alert includes: * A link to the affected file * Details about the vulnerability and its severity diff --git a/content/code-security/concepts/supply-chain-security/about-supply-chain-security.md b/content/code-security/concepts/supply-chain-security/about-supply-chain-security.md index aad31fa1596a..8aef6795a6e1 100644 --- a/content/code-security/concepts/supply-chain-security/about-supply-chain-security.md +++ b/content/code-security/concepts/supply-chain-security/about-supply-chain-security.md @@ -81,7 +81,7 @@ For more information about dependency review, see [AUTOTITLE](/code-security/sup {% data variables.product.prodname_dependabot %} keeps your dependencies up to date by informing you of any security vulnerabilities in your dependencies and automatically opening pull requests to upgrade your dependencies. {% data variables.product.prodname_dependabot %} pull requests will target the next available secure version when a {% data variables.product.prodname_dependabot %} alert is triggered, or to the latest version when a release is published. The term "{% data variables.product.prodname_dependabot %}" encompasses the following features: -* {% data variables.product.prodname_dependabot_alerts %}: Displayed notification on the **Security** tab for the repository, and in the repository's dependency graph. The alert includes a link to the affected file in the project, and information about a fixed version. +* {% data variables.product.prodname_dependabot_alerts %}: Displayed notification on the **{% data variables.product.prodname_security_and_quality_tab %}** tab for the repository, and in the repository's dependency graph. The alert includes a link to the affected file in the project, and information about a fixed version. * {% data variables.product.prodname_dependabot_updates %}: * {% data variables.product.prodname_dependabot_security_updates %}: Triggered updates to upgrade your dependencies to a secure version when an alert is triggered. * {% data variables.product.prodname_dependabot_version_updates %}: Scheduled updates to keep your dependencies up to date with the latest version. @@ -113,7 +113,7 @@ For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dep * A new advisory is added to the {% data variables.product.prodname_advisory_database %}{% else %} * New advisory data is synchronized to your instance each hour from {% data variables.product.prodname_dotcom_the_website %}. {% data reusables.security-advisory.link-browsing-advisory-db %}{% endif %} * The dependency graph for the repository changes -* {% data variables.product.prodname_dependabot_alerts %} are displayed on the **Security** tab for the repository and in the repository's dependency graph. The alert includes a link to the affected file in the project, and information about a fixed version. +* {% data variables.product.prodname_dependabot_alerts %} are displayed on the **{% data variables.product.prodname_security_and_quality_tab %}** tab for the repository and in the repository's dependency graph. The alert includes a link to the affected file in the project, and information about a fixed version. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts). @@ -129,7 +129,7 @@ For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alert * The dependency graph for a repository changes You can view {% data variables.product.prodname_dependabot_malware_alerts_short %} for a repository: -* From the **Security** tab +* From the **{% data variables.product.prodname_security_and_quality_tab %}** tab * In the dependency graph Each alert includes a link to the affected file in the project, as well as the patch version number for the package (if available). diff --git a/content/code-security/concepts/supply-chain-security/dependabot-malware-alerts.md b/content/code-security/concepts/supply-chain-security/dependabot-malware-alerts.md index add5fdb2b0d0..7beb0be0f074 100644 --- a/content/code-security/concepts/supply-chain-security/dependabot-malware-alerts.md +++ b/content/code-security/concepts/supply-chain-security/dependabot-malware-alerts.md @@ -24,7 +24,7 @@ Alerts are also generated when you push commits that add a known malicious packa ## Alert contents -When {% data variables.product.prodname_dependabot %} detects a malicious dependency, a {% data variables.product.prodname_dependabot_malware_alert_short %} appears on the repository's **Security** tab. Each alert includes: +When {% data variables.product.prodname_dependabot %} detects a malicious dependency, a {% data variables.product.prodname_dependabot_malware_alert_short %} appears on the repository's **{% data variables.product.prodname_security_and_quality_tab %}** tab. Each alert includes: * A link to the affected file * Details about the malicious package, including the package name, affected versions, and the patched version (when available) diff --git a/content/code-security/getting-started/github-security-features.md b/content/code-security/getting-started/github-security-features.md index c4ba2ab15c66..6b60897878a6 100644 --- a/content/code-security/getting-started/github-security-features.md +++ b/content/code-security/getting-started/github-security-features.md @@ -148,7 +148,7 @@ For information about how you can try {% data variables.product.prodname_GH_secr ### {% data variables.secret-scanning.user_alerts_caps %} -Automatically detect tokens or credentials that have been checked into a repository. You can view alerts for any secrets that {% data variables.product.github %} finds in your code, in the **Security** tab of the repository, so that you know which tokens or credentials to treat as compromised. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts#about-user-alerts). +Automatically detect tokens or credentials that have been checked into a repository. You can view alerts for any secrets that {% data variables.product.github %} finds in your code, in the **{% data variables.product.prodname_security_and_quality_tab %}** tab of the repository, so that you know which tokens or credentials to treat as compromised. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts#about-user-alerts). {% data reusables.advanced-security.available-for-public-repos %} diff --git a/content/code-security/getting-started/quickstart-for-securing-your-repository.md b/content/code-security/getting-started/quickstart-for-securing-your-repository.md index 06c691f9af67..bbc88f242bb3 100644 --- a/content/code-security/getting-started/quickstart-for-securing-your-repository.md +++ b/content/code-security/getting-started/quickstart-for-securing-your-repository.md @@ -147,9 +147,9 @@ As an alternative to default setup, you can use advanced setup, which generates ## Setting a security policy -If you are a repository maintainer, it's good practice to specify a security policy for your repository by creating a file named `SECURITY.md` in the repository. This file instructs users about how to best contact you and collaborate with you when they want to report security vulnerabilities in your repository. You can view the security policy of a repository from the repository’s **Security** tab. +If you are a repository maintainer, it's good practice to specify a security policy for your repository by creating a file named `SECURITY.md` in the repository. This file instructs users about how to best contact you and collaborate with you when they want to report security vulnerabilities in your repository. You can view the security policy of a repository from the repository’s **{% data variables.product.prodname_security_and_quality_tab %}** tab. -1. From the main page of your repository, click **{% octicon "shield" aria-hidden="true" aria-label="shield" %} Security**. +1. From the main page of your repository, click **{% data variables.product.prodname_security_and_quality_tab %}**. 1. In the left sidebar, under "Reporting", click **{% octicon "law" aria-hidden="true" aria-label="law" %} Policy**. 1. Click **Start setup**. 1. Add information about supported versions of your project and how to report vulnerabilities. diff --git a/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository.md b/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository.md index 106996a5a478..a1c56db15d5c 100644 --- a/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository.md +++ b/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository.md @@ -18,7 +18,7 @@ Anyone with read permission for a repository can see {% data variables.product.p ## Viewing the alerts for a repository -You need write permission to view a summary of all the alerts for a repository on the **Security** tab. +You need write permission to view a summary of all the alerts for a repository on the **{% data variables.product.prodname_security_and_quality_tab %}** tab. By default, the {% data variables.product.prodname_code_scanning %} alerts page is filtered to show alerts for the default branch of the repository only. diff --git a/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/resolving-code-scanning-alerts.md b/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/resolving-code-scanning-alerts.md index a37f21bbff01..89357d4e8e5c 100644 --- a/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/resolving-code-scanning-alerts.md +++ b/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/resolving-code-scanning-alerts.md @@ -95,7 +95,7 @@ Alerts may be fixed in one branch but not in another. You can use the "branch" f There are two ways of closing an alert. You can fix the problem in the code, or you can dismiss the alert. -Dismissing an alert is a way of closing an alert that you don't think needs to be fixed. {% data reusables.code-scanning.close-alert-examples %} You can dismiss alerts from {% data variables.product.prodname_code_scanning %} annotations in code, or from the summary list within the **Security** tab. +Dismissing an alert is a way of closing an alert that you don't think needs to be fixed. {% data reusables.code-scanning.close-alert-examples %} You can dismiss alerts from {% data variables.product.prodname_code_scanning %} annotations in code, or from the summary list within the **{% data variables.product.prodname_security_and_quality_tab %}** tab. When you dismiss an alert: diff --git a/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md b/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md index 6b09cde0ff0d..06a88413dad9 100644 --- a/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md +++ b/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md @@ -53,7 +53,7 @@ You can see any {% data variables.product.prodname_code_scanning %} alerts that You can also view all {% data variables.product.prodname_code_scanning %} alerts that are inside the diff of the changes introduced in the pull request in the **Files changed** tab. -If you add a new code scanning configuration in your pull request, you will see a comment on your pull request directing you to the **Security** tab of the repository so you can view all the alerts on the pull request branch. For more information about viewing the alerts for a repository, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository). +If you add a new code scanning configuration in your pull request, you will see a comment on your pull request directing you to the **{% data variables.product.prodname_security_and_quality_tab %}** tab of the repository so you can view all the alerts on the pull request branch. For more information about viewing the alerts for a repository, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository). If you have write permission for the repository, some annotations contain links with extra context for the alert. In the example above, from {% data variables.product.prodname_codeql %} analysis, you can click **user-provided value** to see where the untrusted data enters the data flow (this is referred to as the source). In this case you can also view the full path from the source to the code that uses the data (the sink) by clicking **Show paths**. This makes it easy to check whether the data is untrusted or if the analysis failed to recognize a data sanitization step between the source and the sink. For information about analyzing data flow using {% data variables.product.prodname_codeql %}, see [About data flow analysis](https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/). diff --git a/content/code-security/how-tos/manage-security-alerts/manage-dependabot-alerts/manage-malware-alerts.md b/content/code-security/how-tos/manage-security-alerts/manage-dependabot-alerts/manage-malware-alerts.md index 8e897c7eb146..4b28969278b5 100644 --- a/content/code-security/how-tos/manage-security-alerts/manage-dependabot-alerts/manage-malware-alerts.md +++ b/content/code-security/how-tos/manage-security-alerts/manage-dependabot-alerts/manage-malware-alerts.md @@ -28,7 +28,7 @@ category: ## Viewing {% data variables.product.prodname_dependabot_malware_alerts_short %} for your enterprise {% data reusables.enterprise-accounts.access-enterprise %} -1. At the top of the page, click the {% octicon "shield" aria-hidden="true" aria-label="shield" %} **Security** tab. +1. At the top of the page, click the **{% data variables.product.prodname_security_and_quality_tab %}** tab. {% data reusables.dependabot.view-malware-alerts %} {% data reusables.dependabot.filter-alerts-step %} diff --git a/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/monitoring-alerts.md b/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/monitoring-alerts.md index 26134159e228..396fa177f746 100644 --- a/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/monitoring-alerts.md +++ b/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/monitoring-alerts.md @@ -21,7 +21,7 @@ You can also audit responses to {% data variables.product.prodname_secret_scanni ## Configuring notifications for {% data variables.secret-scanning.alerts %} -In addition to displaying an alert in the **Security** tab of the repository, {% data variables.product.github %} can also send email notifications for alerts. These notifications are different for incremental scans and historical scans. +In addition to displaying an alert in the **{% data variables.product.prodname_security_and_quality_tab %}** tab of the repository, {% data variables.product.github %} can also send email notifications for alerts. These notifications are different for incremental scans and historical scans. ### Incremental scans diff --git a/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/viewing-alerts.md b/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/viewing-alerts.md index 2b81e1416912..b6127f16ade9 100644 --- a/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/viewing-alerts.md +++ b/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/viewing-alerts.md @@ -15,11 +15,11 @@ category: - Protect your secrets --- -You can find and filter {% data variables.secret-scanning.user_alerts %} through your repository's **Security** tab. To learn more about alerts and the different types you may encounter, see [AUTOTITLE](/code-security/concepts/secret-security/about-alerts). +You can find and filter {% data variables.secret-scanning.user_alerts %} through your repository's **{% data variables.product.prodname_security_and_quality_tab %}** tab. To learn more about alerts and the different types you may encounter, see [AUTOTITLE](/code-security/concepts/secret-security/about-alerts). ## Viewing alerts -Alerts for {% data variables.product.prodname_secret_scanning %} are displayed under the **Security** tab of the repository. +Alerts for {% data variables.product.prodname_secret_scanning %} are displayed under the **{% data variables.product.prodname_security_and_quality_tab %}** tab of the repository. {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-security %} diff --git a/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/creating-managing-security-campaigns.md b/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/creating-managing-security-campaigns.md index 4e9d57871530..d5b944a03f41 100644 --- a/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/creating-managing-security-campaigns.md +++ b/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/creating-managing-security-campaigns.md @@ -21,7 +21,7 @@ category: ## Creating a security campaign -Security campaigns are created and managed from the **Security** tab for your organization. +Security campaigns are created and managed from the **{% data variables.product.prodname_security_and_quality_tab %}** tab for your organization. You choose the alerts that you want to include in the campaign by using either: @@ -114,7 +114,7 @@ When you create a code campaign, all the alerts are automatically submitted to { {% ifversion security-campaigns-secrets %} -The new campaign is shown in the sidebar of the "Security" tab for each repository included. +The new campaign is shown in the sidebar of the **{% data variables.product.prodname_security_and_quality_tab %}** tab for each repository included. * **Code campaigns**: Anyone with **write** access to a repository included in the campaign is notified. * **Secret campaigns**: Anyone with access to see the alert list view for a repository included in the campaign is notified. diff --git a/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/filtering-alerts-in-security-overview.md b/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/filtering-alerts-in-security-overview.md index d007b75598e7..df6f24294f60 100644 --- a/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/filtering-alerts-in-security-overview.md +++ b/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/filtering-alerts-in-security-overview.md @@ -43,7 +43,7 @@ All security views have features to help you define filters. These provide an ea ## Accessing security overview for your enterprise {% data reusables.enterprise-accounts.access-enterprise %} -1. Click the **Security** tab. The "Overview" dashboard of security overview is displayed. +1. Click the **{% data variables.product.prodname_security_and_quality_tab %}** tab. The "Overview" dashboard of security overview is displayed. ## Applying simple filters diff --git a/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/fixing-alerts-in-security-campaign.md b/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/fixing-alerts-in-security-campaign.md index 45306f45047e..9028ac5bc600 100644 --- a/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/fixing-alerts-in-security-campaign.md +++ b/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/fixing-alerts-in-security-campaign.md @@ -18,8 +18,8 @@ category: When a campaign targets security alerts in a repository that you have write access to, you can navigate to the list of repository alerts in the campaign. -* Display the **Security** tab for the repository and click one of the campaigns under "Campaigns" in the sidebar. -* If you have write access to more than one repository in the organization, display the **Security** tab for the organization and click one of the campaigns under "Campaigns" in the sidebar. +* Display the **{% data variables.product.prodname_security_and_quality_tab %}** tab for the repository and click one of the campaigns under "Campaigns" in the sidebar. +* If you have write access to more than one repository in the organization, display the **{% data variables.product.prodname_security_and_quality_tab %}** tab for the organization and click one of the campaigns under "Campaigns" in the sidebar. * Alternatively, click **View security campaign** in the campaign's email notification. This view shows the alerts in the current repository for a campaign called "SQL injection (CWE-89)" (highlighted gray) that is managed by "octocat" (outlined in dark orange). diff --git a/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/tracking-security-campaigns.md b/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/tracking-security-campaigns.md index 061f7fb821e0..c9245e1d44b8 100644 --- a/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/tracking-security-campaigns.md +++ b/content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/tracking-security-campaigns.md @@ -22,7 +22,7 @@ category: The tracking view helps you quickly assess the health of your organization’s campaigns. You can use it to identify campaigns with a high number of open alerts, check whether work has started, and determine whether campaigns are on track to meet their due dates. -To display the campaign tracking view, navigate to the **Security** tab for the organization, then in the left sidebar click **{% octicon "goal" aria-hidden="true" aria-label="goal" %} Campaigns**. {% ifversion security-campaigns-secrets %}To display campaigns for secrets, click the **Secrets** tab at the top of the page. +To display the campaign tracking view, navigate to the **{% data variables.product.prodname_security_and_quality_tab %}** tab for the organization, then in the left sidebar click **{% octicon "goal" aria-hidden="true" aria-label="goal" %} Campaigns**. {% ifversion security-campaigns-secrets %}To display campaigns for secrets, click the **Secrets** tab at the top of the page. ![Screenshot of the security campaigns overview page. The "Secrets" campaign tab is outlined in orange.](/assets/images/help/security/security-campaigns-tracking-overview-2tabs.png) diff --git a/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/configuring-secret-scanning-for-your-appliance.md b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/configuring-secret-scanning-for-your-appliance.md index 328bf8932b5c..268e88b3db95 100644 --- a/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/configuring-secret-scanning-for-your-appliance.md +++ b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/configuring-secret-scanning-for-your-appliance.md @@ -16,7 +16,7 @@ category: ## About {% data variables.product.prodname_secret_scanning %} -If someone checks a secret with a known pattern into a repository, {% data variables.product.prodname_secret_scanning %} catches the secret as it's checked in, and helps you mitigate the impact of the leak. Repository administrators are notified about any commit that contains a secret, and they can quickly view all detected secrets in the **Security** tab for the repository. See [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning). +If someone checks a secret with a known pattern into a repository, {% data variables.product.prodname_secret_scanning %} catches the secret as it's checked in, and helps you mitigate the impact of the leak. Repository administrators are notified about any commit that contains a secret, and they can quickly view all detected secrets in the **{% data variables.product.prodname_security_and_quality_tab %}** tab for the repository. See [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning). ## Availability diff --git a/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/re-run-dependabot-jobs.md b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/re-run-dependabot-jobs.md index ffb4b1d5e939..2152ad75d991 100644 --- a/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/re-run-dependabot-jobs.md +++ b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/re-run-dependabot-jobs.md @@ -22,7 +22,7 @@ category: ## Re-running a {% data variables.product.prodname_dependabot_security_updates %} job {% data reusables.repositories.navigate-to-repo %} -1. Under your repository name, click **{% octicon "shield-lock" aria-hidden="true" aria-label="shield-lock" %} Security**. +1. Under your repository name, click **{% data variables.product.prodname_security_and_quality_tab %}**. 1. In the left sidebar, under "Vulnerability alerts", click **{% data variables.product.prodname_dependabot %}**. 1. Under "{% data variables.product.prodname_dependabot %}", click the alert you want to view. 1. In the section displaying the error details for the alert, click **Try again** to re-run the {% data variables.product.prodname_dependabot_security_updates %} job. diff --git a/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/assessing-adoption-code-security.md b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/assessing-adoption-code-security.md index 7ca043cdc9f3..ed878a2abb76 100644 --- a/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/assessing-adoption-code-security.md +++ b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/assessing-adoption-code-security.md @@ -18,13 +18,6 @@ category: You can use security overview to see which repositories and teams have already enabled each security feature, and where people need more encouragement to adopt these features. -{% ifversion security-configurations %} -![Screenshot of the header section of the "Security coverage" view on the "Security" tab for an organization.](/assets/images/help/security-overview/security-coverage-view-summary.png) - -{% else %} -![Screenshot of the header section of the "Security coverage" view on the "Security" tab for an organization.](/assets/images/help/security-overview/security-coverage-view-summary-pre-config.png) -{% endif %} - >[!NOTE] "Pull request alerts" are reported as enabled only when {% data variables.product.prodname_code_scanning %} has analyzed at least one pull request since alerts were enabled for the repository. ## Viewing the enablement of security features for an organization diff --git a/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/assessing-code-security-risk.md b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/assessing-code-security-risk.md index 20d331dd2d7c..c6ae8764098a 100644 --- a/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/assessing-code-security-risk.md +++ b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/assessing-code-security-risk.md @@ -19,7 +19,7 @@ category: ## Exploring the security risks in your code -You can use the different views on your **Security** tab to explore the security risks in your code. +You can use the different views on your **{% data variables.product.prodname_security_and_quality_tab %}** tab to explore the security risks in your code. * **Overview:** use to explore trends in **Detection**, **Remediation**, and **Prevention** of security alerts. * **Risk:** use to explore the current state of repositories, across all alert types.{% ifversion secret-risk-assessment %} diff --git a/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-security-insights.md b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-security-insights.md index e8381c83a17d..57cae6d795bc 100644 --- a/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-security-insights.md +++ b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-security-insights.md @@ -30,7 +30,7 @@ You can download a CSV file of the overview dashboard data for your organization {% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.security-overview %} -1. The overview page is the primary view that you will see after clicking on the "Security" tab. To get to the dashboard from another security overview page, in the sidebar, click **{% octicon "graph" aria-hidden="true" aria-label="graph" %} Overview**.{% ifversion security-overview-3-tab-dashboard %} +1. The overview page is the primary view that you will see after clicking on the **{% data variables.product.prodname_security_and_quality_tab %}** tab. To get to the dashboard from another security overview page, in the sidebar, click **{% octicon "graph" aria-hidden="true" aria-label="graph" %} Overview**.{% ifversion security-overview-3-tab-dashboard %} 1. By default, the **Detection** tab is displayed. If you want to switch to another tab to see other metrics, click **Remediation** or **Prevention**.{% endif %} {% data reusables.security-overview.filter-and-toggle %} diff --git a/content/code-security/reference/code-quality/codeql-detection.md b/content/code-security/reference/code-quality/codeql-detection.md index f3f5942f193e..6efa4d18eff5 100644 --- a/content/code-security/reference/code-quality/codeql-detection.md +++ b/content/code-security/reference/code-quality/codeql-detection.md @@ -18,7 +18,7 @@ category: {% data variables.product.prodname_code_quality_short %} uses {% data variables.product.prodname_codeql %} to perform rule-based analysis of pull requests and your default branch. -* Findings for your **default branch** appear under the "{% data variables.code-quality.all_findings %}" dashboard under your repository's Security tab. +* Findings for your **default branch** appear under the "{% data variables.code-quality.all_findings %}" dashboard under your repository's **{% data variables.product.prodname_security_and_quality_tab %}** tab. * Findings **on pull requests** appear as comments made by `{% data variables.code-quality.pr_commenter %}`. diff --git a/content/code-security/reference/code-quality/metrics-and-ratings.md b/content/code-security/reference/code-quality/metrics-and-ratings.md index a36ff2408a61..3c0937a013b2 100644 --- a/content/code-security/reference/code-quality/metrics-and-ratings.md +++ b/content/code-security/reference/code-quality/metrics-and-ratings.md @@ -15,7 +15,7 @@ category: This article provides definitions for the metrics and ratings used by {% data variables.product.prodname_code_quality_short %}. -You can see the rule-based results for your repository on your **Security** tab, in the **{% data variables.code-quality.all_findings %}** tab under "{% data variables.code-quality.code_quality_ui_views %}". +You can see the rule-based results for your repository on your **{% data variables.product.prodname_security_and_quality_tab %}** tab, in the **{% data variables.code-quality.all_findings %}** tab under "{% data variables.code-quality.code_quality_ui_views %}". ## Metric definitions diff --git a/content/code-security/reference/code-scanning/code-scanning-logs.md b/content/code-security/reference/code-scanning/code-scanning-logs.md index c733fae6335f..5ec7f04375b5 100644 --- a/content/code-security/reference/code-scanning/code-scanning-logs.md +++ b/content/code-security/reference/code-scanning/code-scanning-logs.md @@ -11,7 +11,7 @@ category: - Find and fix code vulnerabilities --- -The log and diagnostic information available to you depends on the method you use for {% data variables.product.prodname_code_scanning %} in your repository. You can check the type of {% data variables.product.prodname_code_scanning %} you're using in the **Security** tab of your repository, by using the **Tool** drop-down menu in the alert list. To access this page, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository). +The log and diagnostic information available to you depends on the method you use for {% data variables.product.prodname_code_scanning %} in your repository. You can check the type of {% data variables.product.prodname_code_scanning %} you're using in the **{% data variables.product.prodname_security_and_quality_tab %}** tab of your repository, by using the **Tool** drop-down menu in the alert list. To access this page, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository). ## Logs on {% data variables.product.github %} diff --git a/content/code-security/reference/code-scanning/workflow-configuration-options.md b/content/code-security/reference/code-scanning/workflow-configuration-options.md index 5993ad3c9a2d..ac6f39b74d51 100644 --- a/content/code-security/reference/code-scanning/workflow-configuration-options.md +++ b/content/code-security/reference/code-scanning/workflow-configuration-options.md @@ -42,7 +42,7 @@ Scanning code when someone pushes a change, and whenever a pull request is creat By default, the {% data variables.code-scanning.codeql_workflow %} uses the `on:push` event to trigger a code scan on every push to the default branch of the repository and any protected branches. For {% data variables.product.prodname_code_scanning %} to be triggered on a specified branch, the workflow must exist in that branch. For more information, see [AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#on). -If you scan on push, then the results appear in the **Security** tab for your repository. For more information, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository). +If you scan on push, then the results appear in the **{% data variables.product.prodname_security_and_quality_tab %}** tab for your repository. For more information, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository). Additionally, when an `on:push` scan returns results that can be mapped to an open pull request, these alerts will automatically appear on the pull request in the same places as other pull request alerts. The alerts are identified by comparing the existing analysis of the head of the branch to the analysis for the target branch. For more information on {% data variables.product.prodname_code_scanning %} alerts in pull requests, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests). @@ -465,7 +465,7 @@ query-filters: id: js/useless-assignment-to-local ``` -To find the id of a query, you can click the alert in the list of alerts in the **Security** tab. This opens the alert details page. The `Rule ID` field contains the query id. For more information about the alert details page, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-details). +To find the id of a query, you can click the alert in the list of alerts in the **{% data variables.product.prodname_security_and_quality_tab %}** tab. This opens the alert details page. The `Rule ID` field contains the query id. For more information about the alert details page, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-details). > [!TIP] > * The order of the filters is important. The first filter instruction that appears after the instructions about the queries and query packs determines whether the queries are included or excluded by default. diff --git a/content/code-security/reference/supply-chain-security/troubleshoot-dependabot/dependabot-errors.md b/content/code-security/reference/supply-chain-security/troubleshoot-dependabot/dependabot-errors.md index a13605cad456..b51ea24a6456 100644 --- a/content/code-security/reference/supply-chain-security/troubleshoot-dependabot/dependabot-errors.md +++ b/content/code-security/reference/supply-chain-security/troubleshoot-dependabot/dependabot-errors.md @@ -26,7 +26,7 @@ When {% data variables.product.prodname_dependabot %} encounters errors while up ### Security update errors -When {% data variables.product.prodname_dependabot %} is blocked from creating a pull request to fix a {% data variables.product.prodname_dependabot %} alert, it posts the error message on the alert. The {% data variables.product.prodname_dependabot_alerts %} view shows a list of any alerts that have not been resolved yet. To access the alerts view, click **{% data variables.product.prodname_dependabot_alerts %}** on the **Security** tab for the repository. Where a pull request that will fix the vulnerable dependency has been generated, the alert includes a link to that pull request. +When {% data variables.product.prodname_dependabot %} is blocked from creating a pull request to fix a {% data variables.product.prodname_dependabot %} alert, it posts the error message on the alert. The {% data variables.product.prodname_dependabot_alerts %} view shows a list of any alerts that have not been resolved yet. To access the alerts view, click **{% data variables.product.prodname_dependabot_alerts %}** on the **{% data variables.product.prodname_security_and_quality_tab %}** tab for the repository. Where a pull request that will fix the vulnerable dependency has been generated, the alert includes a link to that pull request. ![Screenshot of the {% data variables.product.prodname_dependabot_alerts %} view. To the right of one alert, a link to a pull request, titled "#353," is outlined in orange.](/assets/images/help/dependabot/dependabot-alert-pr-link.png) diff --git a/content/code-security/responsible-use/code-quality.md b/content/code-security/responsible-use/code-quality.md index 251972c26f36..3826f39f862f 100644 --- a/content/code-security/responsible-use/code-quality.md +++ b/content/code-security/responsible-use/code-quality.md @@ -23,7 +23,7 @@ When you enable {% data variables.product.prodname_code_quality_short %}, two ty * **{% data variables.product.prodname_codeql %} quality queries** run using {% data variables.product.prodname_code_scanning %} analysis and identify problems with the maintainability, reliability, or style of code. This runs on changed code in all pull requests against the default branch. It also runs periodically on the full default branch. -* **Large Language Model (LLM)-powered analysis** provides additional insights into potential quality concerns beyond what is covered by deterministic engines like {% data variables.product.prodname_codeql %}. This runs automatically on files changed in recent pushes to the default branch. These findings are displayed in {% data variables.product.prodname_code_quality_short %}'s **{% data variables.code-quality.recent_suggestions %}** dashboard, under the Security tab of the repository. +* **Large Language Model (LLM)-powered analysis** provides additional insights into potential quality concerns beyond what is covered by deterministic engines like {% data variables.product.prodname_codeql %}. This runs automatically on files changed in recent pushes to the default branch. These findings are displayed in {% data variables.product.prodname_code_quality_short %}'s **{% data variables.code-quality.recent_suggestions %}** dashboard, under the **{% data variables.product.prodname_security_and_quality_tab %}** tab of the repository. When a quality issue is detected by either type of analysis, **{% data variables.copilot.copilot_autofix_short %}** suggests a relevant fix that can be reviewed and applied by developers. diff --git a/content/code-security/responsible-use/responsible-ai-generic-secrets.md b/content/code-security/responsible-use/responsible-ai-generic-secrets.md index fcd8757321f9..56fee89d126a 100644 --- a/content/code-security/responsible-use/responsible-ai-generic-secrets.md +++ b/content/code-security/responsible-use/responsible-ai-generic-secrets.md @@ -28,7 +28,7 @@ category: {% data variables.product.prodname_GH_secret_protection %} users can already receive {% data variables.secret-scanning.alerts %} for partner or custom patterns found in their source code, but unstructured secrets are not easily discoverable. {% data variables.secret-scanning.copilot-secret-scanning %} uses large language models (LLMs) to identify this type of secret. -When a password is detected, an alert is displayed in the "Generic" list of {% data variables.product.prodname_secret_scanning %} alerts (under the **Security** tab of the repository, organization, or enterprise), so that maintainers and security managers can review the alert and, where necessary, remove the credential or implement a fix. +When a password is detected, an alert is displayed in the "Generic" list of {% data variables.product.prodname_secret_scanning %} alerts (under the **{% data variables.product.prodname_security_and_quality_tab %}** tab of the repository, organization, or enterprise), so that maintainers and security managers can review the alert and, where necessary, remove the credential or implement a fix. {% data reusables.rai.secret-scanning.generic-secret-detection-policy-note %} The feature must then be enabled for repositories and organizations. diff --git a/content/code-security/tutorials/customize-code-scanning/uploading-codeql-analysis-results-to-github.md b/content/code-security/tutorials/customize-code-scanning/uploading-codeql-analysis-results-to-github.md index 898975b74995..515617dd16fe 100644 --- a/content/code-security/tutorials/customize-code-scanning/uploading-codeql-analysis-results-to-github.md +++ b/content/code-security/tutorials/customize-code-scanning/uploading-codeql-analysis-results-to-github.md @@ -83,7 +83,7 @@ codeql github upload-results \ {% endif %} ``` -There is no output from this command unless the upload was unsuccessful. The command prompt returns when the upload is complete and data processing has begun. On smaller codebases, you should be able to explore the {% data variables.product.prodname_code_scanning %} alerts in {% data variables.product.github %} shortly afterward. You can see alerts directly in the pull request or on the **Security** tab for branches, depending on the code you checked out. +There is no output from this command unless the upload was unsuccessful. The command prompt returns when the upload is complete and data processing has begun. On smaller codebases, you should be able to explore the {% data variables.product.prodname_code_scanning %} alerts in {% data variables.product.github %} shortly afterward. You can see alerts directly in the pull request or on the **{% data variables.product.prodname_security_and_quality_tab %}** tab for branches, depending on the code you checked out. ## Uploading diagnostic information to {% data variables.product.github %} if the analysis fails diff --git a/content/code-security/tutorials/improve-code-quality/fix-findings-in-prs.md b/content/code-security/tutorials/improve-code-quality/fix-findings-in-prs.md index eeecf7ea21e8..bd77e49e2f3f 100644 --- a/content/code-security/tutorials/improve-code-quality/fix-findings-in-prs.md +++ b/content/code-security/tutorials/improve-code-quality/fix-findings-in-prs.md @@ -67,7 +67,7 @@ After fixing or dismissing findings, push your changes to the branch associated Anyone with write access can view the overall code quality ratings for a repository, which summarize the state of the code's reliability and maintainability across the default branch. -To view your repository's ratings, navigate to the **Security** tab of your repository, expand **{% data variables.code-quality.code_quality_ui_views %}** in the sidebar, then click **{% data variables.code-quality.all_findings %}**. +To view your repository's ratings, navigate to the **{% data variables.product.prodname_security_and_quality_tab %}** tab of your repository, expand **{% data variables.code-quality.code_quality_ui_views %}** in the sidebar, then click **{% data variables.code-quality.all_findings %}**. By resolving issues before merging your pull request, you've directly contributed to maintaining these ratings. diff --git a/content/code-security/tutorials/improve-code-quality/improve-your-codebase.md b/content/code-security/tutorials/improve-code-quality/improve-your-codebase.md index 6ec86d5fe7fe..3fed3fe772d1 100644 --- a/content/code-security/tutorials/improve-code-quality/improve-your-codebase.md +++ b/content/code-security/tutorials/improve-code-quality/improve-your-codebase.md @@ -26,7 +26,7 @@ This tutorial guides you through using {% data variables.product.prodname_code_q ## 1. Assess your repository's overall code health -1. Navigate to the "Security" tab of your repository, then under "{% data variables.code-quality.code_quality_ui_views %}", click **{% data variables.code-quality.all_findings %}**. +1. Navigate to the **{% data variables.product.prodname_security_and_quality_tab %}** tab of your repository, then under "{% data variables.code-quality.code_quality_ui_views %}", click **{% data variables.code-quality.all_findings %}**. 1. The overview on the "{% data variables.code-quality.all_findings %}" dashboard gives you an immediate assessment of the state of your default branch today: * **Maintainability rating** reflects the presence and severity of findings for dead code, duplication, complexity, missing documentation, and failure to follow best practices. diff --git a/content/code-security/tutorials/improve-code-quality/quickstart.md b/content/code-security/tutorials/improve-code-quality/quickstart.md index a533914970b1..a16c4e9381e6 100644 --- a/content/code-security/tutorials/improve-code-quality/quickstart.md +++ b/content/code-security/tutorials/improve-code-quality/quickstart.md @@ -28,7 +28,7 @@ In this tutorial, you’ll learn how to identify and fix a code quality finding ## Review scan results for your default branch -In your repository, go to the **Security** tab, click **{% data variables.code-quality.code_quality_ui_views %}** in the left sidebar, then click **{% data variables.code-quality.all_findings %}** to open the repository dashboard. +In your repository, go to the **{% data variables.product.prodname_security_and_quality_tab %}** tab, click **{% data variables.code-quality.code_quality_ui_views %}** in the left sidebar, then click **{% data variables.code-quality.all_findings %}** to open the repository dashboard. Here you'll see: @@ -69,7 +69,7 @@ Carefully review the draft pull request. If you're satisfied with the proposed c ## Observe the metrics change -Return to the {% data variables.product.prodname_code_quality_short %} dashboard (**Security** tab, then **{% data variables.code-quality.code_quality_ui_views %}**, then **{% data variables.code-quality.all_findings %}**). +Return to the {% data variables.product.prodname_code_quality_short %} dashboard (**{% data variables.product.prodname_security_and_quality_tab %}** tab, then **{% data variables.code-quality.code_quality_ui_views %}**, then **{% data variables.code-quality.all_findings %}**). Wait a few minutes for the next scan to complete — {% data variables.product.prodname_code_quality_short %} scans automatically re-run after every push to the default branch. diff --git a/content/code-security/tutorials/manage-security-alerts/best-practices-for-participating-in-a-security-campaign.md b/content/code-security/tutorials/manage-security-alerts/best-practices-for-participating-in-a-security-campaign.md index 932fe2433f5f..331b6de69d47 100644 --- a/content/code-security/tutorials/manage-security-alerts/best-practices-for-participating-in-a-security-campaign.md +++ b/content/code-security/tutorials/manage-security-alerts/best-practices-for-participating-in-a-security-campaign.md @@ -45,7 +45,7 @@ You'll automatically receive email updates about security campaigns for any repo ### View campaign details -When you open the **Security** tab for a repository with one or more campaign alerts, you can see the campaign name in the sidebar of the view. Click the campaign name to see the list of alerts included in the campaign and summary information on how the campaign is progressing. +When you open the **{% data variables.product.prodname_security_and_quality_tab %}** tab for a repository with one or more campaign alerts, you can see the campaign name in the sidebar of the view. Click the campaign name to see the list of alerts included in the campaign and summary information on how the campaign is progressing. ### Campaign-generated {% data variables.product.prodname_github_issues %} @@ -78,7 +78,7 @@ A security campaign will generally include a contact URL, which might link you t To find the contact URL: -1. Open the **Security** tab for your repository. +1. Open the **{% data variables.product.prodname_security_and_quality_tab %}** tab for your repository. 1. On the left sidebar, click the name of the campaign you are participating in. 1. On the campaign tracking page, to the right of the campaign manager's name, click **{% octicon "comment" aria-hidden="true" aria-label="comment" %}**. diff --git a/content/code-security/tutorials/secure-your-dependencies/dependabot-quickstart-guide.md b/content/code-security/tutorials/secure-your-dependencies/dependabot-quickstart-guide.md index ea12522a9a3a..c0868814fe6e 100644 --- a/content/code-security/tutorials/secure-your-dependencies/dependabot-quickstart-guide.md +++ b/content/code-security/tutorials/secure-your-dependencies/dependabot-quickstart-guide.md @@ -53,7 +53,7 @@ For more information about configuring each of these {% data variables.product.p ## Viewing {% data variables.product.prodname_dependabot_alerts %} for your repository -If {% data variables.product.prodname_dependabot_alerts %} are enabled for a repository, you can view {% data variables.product.prodname_dependabot_alerts %} on the "Security" tab for the repository. You can use the forked repository that you enabled {% data variables.product.prodname_dependabot_alerts %} on in the previous section. +If {% data variables.product.prodname_dependabot_alerts %} are enabled for a repository, you can view {% data variables.product.prodname_dependabot_alerts %} on the **{% data variables.product.prodname_security_and_quality_tab %}** tab for the repository. You can use the forked repository that you enabled {% data variables.product.prodname_dependabot_alerts %} on in the previous section. {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-security %} diff --git a/content/code-security/tutorials/secure-your-organization/best-practices-for-preventing-data-leaks-in-your-organization.md b/content/code-security/tutorials/secure-your-organization/best-practices-for-preventing-data-leaks-in-your-organization.md index b067e0f72991..b2ac79055959 100644 --- a/content/code-security/tutorials/secure-your-organization/best-practices-for-preventing-data-leaks-in-your-organization.md +++ b/content/code-security/tutorials/secure-your-organization/best-practices-for-preventing-data-leaks-in-your-organization.md @@ -66,7 +66,7 @@ No matter how well you tighten your organization to prevent data leaks, some may ### Use {% data variables.product.prodname_secret_scanning %} -{% data variables.product.prodname_secret_scanning_caps %} helps secure code and keep secrets safe across organizations and repositories by scanning and detecting secrets that were accidentally committed over the full Git history of every branch in {% data variables.product.prodname_dotcom %} repositories. Any strings that match patterns {% ifversion fpt or ghec %}provided by secret scanning partners, by other service providers, or {% endif %}defined by you or your organization, are reported as alerts in the **Security** tab of repositories. +{% data variables.product.prodname_secret_scanning_caps %} helps secure code and keep secrets safe across organizations and repositories by scanning and detecting secrets that were accidentally committed over the full Git history of every branch in {% data variables.product.prodname_dotcom %} repositories. Any strings that match patterns {% ifversion fpt or ghec %}provided by secret scanning partners, by other service providers, or {% endif %}defined by you or your organization, are reported as alerts in the **{% data variables.product.prodname_security_and_quality_tab %}** tab of repositories. {% ifversion fpt or ghec %} There are two forms of {% data variables.product.prodname_secret_scanning %} available: **{% data variables.secret-scanning.partner_alerts_caps %}** and **{% data variables.secret-scanning.user_alerts_caps %}**. diff --git a/content/code-security/tutorials/secure-your-organization/organizing-remediation-efforts-for-leaked-secrets.md b/content/code-security/tutorials/secure-your-organization/organizing-remediation-efforts-for-leaked-secrets.md index 7ad688244cb0..1c53765bac07 100644 --- a/content/code-security/tutorials/secure-your-organization/organizing-remediation-efforts-for-leaked-secrets.md +++ b/content/code-security/tutorials/secure-your-organization/organizing-remediation-efforts-for-leaked-secrets.md @@ -52,7 +52,7 @@ Before taking action, you need to understand the current state of your organizat You can set up a security campaign to organize and track your remediation work across repositories. -1. Navigate to your organization and click **{% octicon "shield" aria-hidden="true" aria-label="shield" %} Security**. +1. Navigate to your organization and click **{% data variables.product.prodname_security_and_quality_tab %}**. 1. On the left panel, select **{% octicon "goal" aria-hidden="true" aria-label="goal" %} Campaigns**. 1. Click **Create campaign {% octicon "triangle-down" aria-hidden="true" %}**, then either: * Select a pre-defined Secrets campaign template. diff --git a/content/code-security/tutorials/secure-your-organization/prioritize-alerts-in-production-code.md b/content/code-security/tutorials/secure-your-organization/prioritize-alerts-in-production-code.md index a05a78892d03..b664b7cae8e1 100644 --- a/content/code-security/tutorials/secure-your-organization/prioritize-alerts-in-production-code.md +++ b/content/code-security/tutorials/secure-your-organization/prioritize-alerts-in-production-code.md @@ -31,7 +31,7 @@ For more information on updating records, see [AUTOTITLE](/code-security/how-tos ## 2. Use production context filters -Production context filters are made available in alert views and security campaign views under the **Security** tab. +Production context filters are made available in alert views and security campaign views under the **{% data variables.product.prodname_security_and_quality_tab %}** tab. * **{% data variables.product.prodname_dependabot_alerts %} view**: See [Viewing {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts#viewing-dependabot-alerts). * **{% data variables.product.prodname_code_scanning_caps %} alerts view**: See [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository). diff --git a/content/code-security/tutorials/trialing-github-advanced-security/explore-trial-code-scanning.md b/content/code-security/tutorials/trialing-github-advanced-security/explore-trial-code-scanning.md index e46ba9fa7cf3..a3344bef4b64 100644 --- a/content/code-security/tutorials/trialing-github-advanced-security/explore-trial-code-scanning.md +++ b/content/code-security/tutorials/trialing-github-advanced-security/explore-trial-code-scanning.md @@ -39,7 +39,7 @@ By default, only the repository administrator and the organization owner can vie The default setup for {% data variables.product.prodname_code_scanning %} runs a set of high confidence queries. These are chosen to ensure that, when you roll out {% data variables.product.prodname_code_scanning %} across your whole codebase, developers see a limited set of high quality results, with few false positive results. -You can see a summary of any results found in the organizations in your trial enterprise in the **{% octicon "shield" aria-hidden="true" aria-label="shield" %} Security** tab for the enterprise. There are also separate views for each type of security alert. See [AUTOTITLE](/code-security/security-overview/viewing-security-insights). +You can see a summary of any results found in the organizations in your trial enterprise in the **{% data variables.product.prodname_security_and_quality_tab %}** tab for the enterprise. There are also separate views for each type of security alert. See [AUTOTITLE](/code-security/security-overview/viewing-security-insights). If you don't see the results you expect for {% data variables.product.prodname_code_scanning %}, you can update default setup to run an extended query suite for repositories where you expected to find more results. This is controlled at the repository level, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup). diff --git a/content/code-security/tutorials/trialing-github-advanced-security/explore-trial-secret-scanning.md b/content/code-security/tutorials/trialing-github-advanced-security/explore-trial-secret-scanning.md index 53874205d56c..2b424dab0ff5 100644 --- a/content/code-security/tutorials/trialing-github-advanced-security/explore-trial-secret-scanning.md +++ b/content/code-security/tutorials/trialing-github-advanced-security/explore-trial-secret-scanning.md @@ -28,7 +28,7 @@ This guide assumes that you have planned and started a trial of {% data variable To find out how to run a free secret risk assessment, see [Generating an initial secret risk assessment](/enterprise-cloud@latest/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization#generating-an-initial-secret-risk-assessment){% ifversion fpt or ghes %} in the {% data variables.product.prodname_ghe_cloud %} documentation{% endif %}. -If you have already scanned the code in your organization for leaked secrets using the free secret risk assessment, you will also want to explore that data more completely using the additional views on the **{% octicon "shield" aria-hidden="true" aria-label="shield" %} Security** tab for the organization. +If you have already scanned the code in your organization for leaked secrets using the free secret risk assessment, you will also want to explore that data more completely using the additional views on the **{% data variables.product.prodname_security_and_quality_tab %}** tab for the organization. For full details of the features available, see [{% data variables.product.prodname_GH_secret_protection_always %}](/get-started/learning-about-github/about-github-advanced-security#github-secret-protection). @@ -40,7 +40,7 @@ Most enterprises choose to enable {% data variables.product.prodname_secret_prot By default, only the repository administrator and the organization owner can view all {% data variables.product.prodname_secret_scanning %} alerts in their area. You should assign the predefined security manager role to all organization teams and users who you want to access the alerts found during the trial. You may also want to give the enterprise account owner this role for each organization in the trial. For more information, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization). -You can see a summary of any results found in the organizations in your trial enterprise in the **{% octicon "shield" aria-hidden="true" aria-label="shield" %} Security** tab for the enterprise. There are also separate views for each type of security alert. See [AUTOTITLE](/code-security/security-overview/viewing-security-insights). +You can see a summary of any results found in the organizations in your trial enterprise in the **{% data variables.product.prodname_security_and_quality_tab %}** tab for the enterprise. There are also separate views for each type of security alert. See [AUTOTITLE](/code-security/security-overview/viewing-security-insights). ## Identify additional access tokens diff --git a/content/get-started/accessibility/keyboard-shortcuts.md b/content/get-started/accessibility/keyboard-shortcuts.md index b27352c7be33..0bc2efe90ea8 100644 --- a/content/get-started/accessibility/keyboard-shortcuts.md +++ b/content/get-started/accessibility/keyboard-shortcuts.md @@ -51,7 +51,7 @@ The following sections list some of the available keyboard shortcuts, organized | {% endif %} | |G W | Go to the **Wiki** tab. For more information, see [AUTOTITLE](/communities/documenting-your-project-with-wikis/about-wikis). | |G G | Go to the **Discussions** tab. For more information, see [AUTOTITLE](/discussions/collaborating-with-your-community-using-discussions/about-discussions). -|G S | Go to the repository's **Security** tab. For more information, see [AUTOTITLE](/code-security/getting-started/github-security-features). +|G S | Go to the repository's **{% data variables.product.prodname_security_and_quality_tab %}** tab. For more information, see [AUTOTITLE](/code-security/getting-started/github-security-features). ## Source code editing diff --git a/content/get-started/learning-to-code/finding-and-fixing-your-first-code-vulnerability.md b/content/get-started/learning-to-code/finding-and-fixing-your-first-code-vulnerability.md index 28388d2f7106..45aba1b9759a 100644 --- a/content/get-started/learning-to-code/finding-and-fixing-your-first-code-vulnerability.md +++ b/content/get-started/learning-to-code/finding-and-fixing-your-first-code-vulnerability.md @@ -24,12 +24,12 @@ Let's get started by forking a demo project with a security vulnerability. This Now that we've set up the project, let's turn on {% data variables.product.prodname_code_scanning %} for your fork to check for vulnerabilities in the code. -1. Back on {% data variables.product.github %}, on the home page of your repository, click {% octicon "shield" aria-hidden="true" %} **Security**. +1. Back on {% data variables.product.github %}, on the home page of your repository, click **{% data variables.product.prodname_security_and_quality_tab %}**. 1. In the "{% data variables.product.prodname_code_scanning_caps %} alerts" row, click **Set up {% data variables.product.prodname_code_scanning %}**. 1. In the "Tools" section, next to "{% data variables.product.prodname_codeql %} analysis", select **Set up**, then click **Default**. 1. In the pop up that appears, click **Enable {% data variables.product.prodname_codeql %}**. This will trigger a {% data variables.product.prodname_actions %} workflow that scans your code for vulnerabilities. 1. To check the status of your workflow, in the navigation bar, click {% octicon "play" aria-hidden="true" %} **Actions**. -1. Once the workflow is complete, in the navigation bar, click {% octicon "shield" aria-hidden="true" %} **Security**. +1. Once the workflow is complete, in the navigation bar, click **{% data variables.product.prodname_security_and_quality_tab %}**. 1. To view the {% data variables.product.prodname_code_scanning %} alert discovered by the workflow, in the side navigation, click {% octicon "codescan" aria-hidden="true" %} **{% data variables.product.prodname_code_scanning_caps %}**, then click **Reflected cross-site scripting**. ## Understanding a {% data variables.product.prodname_code_scanning %} alert diff --git a/content/get-started/learning-to-code/finding-and-fixing-your-first-dependency-vulnerability.md b/content/get-started/learning-to-code/finding-and-fixing-your-first-dependency-vulnerability.md index e62859e9b03c..1d72fdbf1b64 100644 --- a/content/get-started/learning-to-code/finding-and-fixing-your-first-dependency-vulnerability.md +++ b/content/get-started/learning-to-code/finding-and-fixing-your-first-dependency-vulnerability.md @@ -24,7 +24,7 @@ Let's get started by forking a demo project with some dependency vulnerabilities Now that we've set up the project, let's configure {% data variables.product.prodname_dependabot %} to find and create fixes for insecure dependencies. -1. In the navigation bar for your repository, click {% octicon "shield" aria-hidden="true" %} **Security**. +1. In the navigation bar for your repository, click **{% data variables.product.prodname_security_and_quality_tab %}**. 1. In the "{% data variables.product.prodname_dependabot_alerts %}" row, click **Enable {% data variables.product.prodname_dependabot_alerts %}**. 1. In the "{% data variables.product.prodname_dependabot %}" section, next to "{% data variables.product.prodname_dependabot_alerts %}", click **Enable**. 1. In the pop up that appears, read the statement about enabling the dependency graph, then click **Enable**. @@ -34,7 +34,7 @@ Now that we've set up the project, let's configure {% data variables.product.pro With {% data variables.product.prodname_dependabot %} configured, let's find out which of our dependencies contain vulnerabilities. -1. In the navigation bar for your repository, click {% octicon "shield" aria-hidden="true" %} **Security**. +1. In the navigation bar for your repository, click **{% data variables.product.prodname_security_and_quality_tab %}**. 1. To see the {% data variables.product.prodname_dependabot_alerts %} for your repository, in the side navigation, click {% octicon "dependabot" aria-hidden="true" %} **{% data variables.product.prodname_dependabot %}**. 1. To see detailed information about an alert, click the alert title. For this exercise, click **Command Injection in hot-formula-parser**. diff --git a/content/get-started/learning-to-code/reusing-other-peoples-code-in-your-projects.md b/content/get-started/learning-to-code/reusing-other-peoples-code-in-your-projects.md index 474c990f14e5..b1a754cbb45a 100644 --- a/content/get-started/learning-to-code/reusing-other-peoples-code-in-your-projects.md +++ b/content/get-started/learning-to-code/reusing-other-peoples-code-in-your-projects.md @@ -156,9 +156,7 @@ Find the GitHub repository containing the code for the math module in Python. When enabled, {% data variables.product.prodname_dependabot_alerts %} are automatically generated when {% data variables.product.prodname_dependabot %} detects a security issue in your dependencies, helping you quickly fix vulnerabilities. {% data variables.product.prodname_dependabot %} is available for **free** on all open source {% data variables.product.github %} repositories. -Turn {% data variables.product.prodname_dependabot_alerts %} on for your repository now. Click the **Security** tab for your project's {% data variables.product.github %} repository. Next to {% data variables.product.prodname_dependabot_alerts %}, click **Enable {% data variables.product.prodname_dependabot_alerts %}**. You can access {% data variables.product.prodname_dependabot_alerts %} from the **{% data variables.product.prodname_dependabot %}** tab of the sidebar. - - ![Screenshot of the "Security" page of a repository. The "Security" tab, "{% data variables.product.prodname_dependabot %}" tab, and "Enable {% data variables.product.prodname_dependabot_alerts %}" button are outlined in orange.](/assets/images/help/dependabot/learners-enable-dependabot.png) +Turn {% data variables.product.prodname_dependabot_alerts %} on for your repository now. Click the **{% data variables.product.prodname_security_and_quality_tab %}** tab for your project's {% data variables.product.github %} repository. Next to {% data variables.product.prodname_dependabot_alerts %}, click **Enable {% data variables.product.prodname_dependabot_alerts %}**. You can access {% data variables.product.prodname_dependabot_alerts %} from the **{% data variables.product.prodname_dependabot %}** tab of the sidebar. ### 3. Implementing code from a library diff --git a/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository.md b/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository.md index 6c3d2e40eab3..84230e5964ce 100644 --- a/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository.md +++ b/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository.md @@ -71,7 +71,7 @@ You can manage the security and analysis features for your {% ifversion fpt or g {% data variables.product.github %} security alerts are automated notifications that inform you when vulnerabilities are found in your repository's dependencies or code. They prompt you to review and remediate these issues, helping to keep your project secure. -You can find security alerts from {% data variables.product.prodname_dependabot %}, {% data variables.product.prodname_secret_scanning_caps %}, and {% data variables.product.prodname_code_scanning_caps %} under your repository's **Security** tab. +You can find security alerts from {% data variables.product.prodname_dependabot %}, {% data variables.product.prodname_secret_scanning_caps %}, and {% data variables.product.prodname_code_scanning_caps %} under your repository's **{% data variables.product.prodname_security_and_quality_tab %}** tab. Security alerts for a repository are visible to people with write, maintain, or admin access to the repository and, when the repository is owned by an organization, organization owners. You can give additional teams and people access to the alerts. diff --git a/data/features/security-and-quality-tab.yml b/data/features/security-and-quality-tab.yml new file mode 100644 index 000000000000..e44d6999799b --- /dev/null +++ b/data/features/security-and-quality-tab.yml @@ -0,0 +1,5 @@ +# Reference: #60482. +# Documentation for renaming the Security tab to "Security and quality". +versions: + fpt: '*' + ghec: '*' diff --git a/data/reusables/code-quality/dashboard-navigation-repo.md b/data/reusables/code-quality/dashboard-navigation-repo.md index 867c7ad48b66..b191c7a27d40 100644 --- a/data/reusables/code-quality/dashboard-navigation-repo.md +++ b/data/reusables/code-quality/dashboard-navigation-repo.md @@ -1 +1 @@ -1. Navigate to the "Security" tab of your repository. +1. Navigate to the **{% data variables.product.prodname_security_and_quality_tab %}** tab of your repository. diff --git a/data/reusables/code-scanning/click-code-security-enterprise.md b/data/reusables/code-scanning/click-code-security-enterprise.md index 5d1b5d6b274a..ee42c8a40d4d 100644 --- a/data/reusables/code-scanning/click-code-security-enterprise.md +++ b/data/reusables/code-scanning/click-code-security-enterprise.md @@ -1 +1 @@ -1. {% ifversion horizontal-nav %}At the top of the page, click **{% octicon "shield" aria-hidden="true" aria-label="shield" %} Security**.{% else %}On the left side of the page, in the enterprise account sidebar, click **{% octicon "shield" aria-hidden="true" aria-label="shield" %} Code Security**.{% endif %} +1. {% ifversion horizontal-nav %}At the top of the page, click the **{% data variables.product.prodname_security_and_quality_tab %}** tab.{% else %}On the left side of the page, in the enterprise account sidebar, click **{% octicon "shield" aria-hidden="true" aria-label="shield" %} Code Security**.{% endif %} diff --git a/data/reusables/enterprise_site_admin_settings/security-tab.md b/data/reusables/enterprise_site_admin_settings/security-tab.md index 0e965e2c3d4d..7589fec217ab 100644 --- a/data/reusables/enterprise_site_admin_settings/security-tab.md +++ b/data/reusables/enterprise_site_admin_settings/security-tab.md @@ -1,2 +1 @@ -1. In the upper-right corner of the page, click **{% octicon "shield" aria-hidden="true" aria-label="shield" %} Security**. -![Screenshot of the header of the "Site admin" page for a user or repository. The "Security" tab is highlighted with an orange outline.](/assets/images/enterprise/site-admin-settings/repo/repo-security-top-tab.png) +1. In the upper-right corner of the page, click the **{% data variables.product.prodname_security_and_quality_tab %}** tab. diff --git a/data/reusables/organizations/security-overview.md b/data/reusables/organizations/security-overview.md index c5114d77e64d..c146f87a2b66 100644 --- a/data/reusables/organizations/security-overview.md +++ b/data/reusables/organizations/security-overview.md @@ -1,3 +1 @@ -1. Under your organization name, click **{% octicon "shield" aria-hidden="true" aria-label="shield" %} Security**. - - ![Screenshot of the horizontal navigation bar for an organization. A tab, labeled with a shield icon and "Security," is outlined in dark orange.](/assets/images/help/organizations/organization-security-tab.png) +1. Under your organization name, click the **{% data variables.product.prodname_security_and_quality_tab %}** tab. diff --git a/data/reusables/repositories/sidebar-security.md b/data/reusables/repositories/sidebar-security.md index fca36539bcdc..6384165c4a5f 100644 --- a/data/reusables/repositories/sidebar-security.md +++ b/data/reusables/repositories/sidebar-security.md @@ -1,2 +1 @@ -1. Under the repository name, click **{% octicon "shield" aria-hidden="true" aria-label="shield" %} Security**. If you cannot see the "Security" tab, select the **{% octicon "kebab-horizontal" aria-hidden="true" aria-label="kebab-horizontal" %}** dropdown menu, and then click **Security**. -![Screenshot of a repository header showing the tabs. The "Security" tab is highlighted by a dark orange outline.](/assets/images/help/repository/security-tab.png) +1. Under the repository name, click the **{% data variables.product.prodname_security_and_quality_tab %}** tab. If you cannot see the "{% data variables.product.prodname_security_and_quality_tab %}" tab, select the **{% octicon "kebab-horizontal" aria-hidden="true" aria-label="kebab-horizontal" %}** dropdown menu, and then click **{% data variables.product.prodname_security_and_quality_tab %}**. diff --git a/data/reusables/secret-scanning/alert-types.md b/data/reusables/secret-scanning/alert-types.md index 1f8ab4d7dbcd..d8d0f340e43a 100644 --- a/data/reusables/secret-scanning/alert-types.md +++ b/data/reusables/secret-scanning/alert-types.md @@ -1,5 +1,5 @@ There are {% ifversion fpt or ghec %}three{% else %}two{% endif %} types of {% data variables.secret-scanning.alerts %}: -* **{% ifversion fpt or ghec %}User alerts{% else %}{% data variables.secret-scanning.alerts_caps %}{% endif %}:** Reported to users in the **Security** tab of the repository, when a supported secret is detected in the repository. -* **Push protection alerts:** Reported to users in the **Security** tab of the repository, when a contributor bypasses push protection. {% ifversion fpt or ghec %} -* **Partner alerts:** Reported directly to secret providers that are part of {% data variables.product.prodname_secret_scanning %}'s partner program. These alerts are not reported in the **Security** tab of the repository.{% endif %} +* **{% ifversion fpt or ghec %}User alerts{% else %}{% data variables.secret-scanning.alerts_caps %}{% endif %}:** Reported to users in the **{% data variables.product.prodname_security_and_quality_tab %}** tab of the repository, when a supported secret is detected in the repository. +* **Push protection alerts:** Reported to users in the **{% data variables.product.prodname_security_and_quality_tab %}** tab of the repository, when a contributor bypasses push protection. {% ifversion fpt or ghec %} +* **Partner alerts:** Reported directly to secret providers that are part of {% data variables.product.prodname_secret_scanning %}'s partner program. These alerts are not reported in the **{% data variables.product.prodname_security_and_quality_tab %}** tab of the repository.{% endif %} diff --git a/data/reusables/secret-scanning/push-protection-allow-secrets-alerts.md b/data/reusables/secret-scanning/push-protection-allow-secrets-alerts.md index 35ed2f133385..1740965fcde6 100644 --- a/data/reusables/secret-scanning/push-protection-allow-secrets-alerts.md +++ b/data/reusables/secret-scanning/push-protection-allow-secrets-alerts.md @@ -1 +1 @@ -When you allow a secret to be pushed, an alert is created in the **Security** tab. {% data variables.product.prodname_dotcom %} closes the alert and doesn't send a notification if you specify that the secret is a false positive or used only in tests. If you specify that the secret is real and that you will fix it later, {% data variables.product.prodname_dotcom %} keeps the security alert open and sends notifications to the author of the commit, as well as to repository administrators. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning). +When you allow a secret to be pushed, an alert is created in the **{% data variables.product.prodname_security_and_quality_tab %}** tab. {% data variables.product.prodname_dotcom %} closes the alert and doesn't send a notification if you specify that the secret is a false positive or used only in tests. If you specify that the secret is real and that you will fix it later, {% data variables.product.prodname_dotcom %} keeps the security alert open and sends notifications to the author of the commit, as well as to repository administrators. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning). diff --git a/data/reusables/secret-scanning/push-protection-bypass.md b/data/reusables/secret-scanning/push-protection-bypass.md index b095a59743e8..4d2fda6a98f6 100644 --- a/data/reusables/secret-scanning/push-protection-bypass.md +++ b/data/reusables/secret-scanning/push-protection-bypass.md @@ -1,4 +1,4 @@ When a contributor bypasses a push protection block, {% data variables.product.prodname_dotcom %}: -* Creates an alert in the **Security** tab of the repository, organization, and enterprise +* Creates an alert in the **{% data variables.product.prodname_security_and_quality_tab %}** tab of the repository, organization, and enterprise * Adds the bypass event to the audit log * Sends an email alert to personal account, organization, and enterprise owners, security managers, and repository administrators who are watching the repository, with a link to the secret and the reason it was allowed diff --git a/data/reusables/secret-scanning/repository-alert-location.md b/data/reusables/secret-scanning/repository-alert-location.md index 3658ad9addd5..0987879733a4 100644 --- a/data/reusables/secret-scanning/repository-alert-location.md +++ b/data/reusables/secret-scanning/repository-alert-location.md @@ -1 +1 @@ -{% data variables.product.prodname_dotcom %} displays an alert in the **Security** tab of the repository. +{% data variables.product.prodname_dotcom %} displays an alert in the **{% data variables.product.prodname_security_and_quality_tab %}** tab of the repository. diff --git a/data/reusables/security-overview/navigate-to-risk-assessment.md b/data/reusables/security-overview/navigate-to-risk-assessment.md index 44a37b716d68..628733984790 100644 --- a/data/reusables/security-overview/navigate-to-risk-assessment.md +++ b/data/reusables/security-overview/navigate-to-risk-assessment.md @@ -1 +1 @@ -the **{% octicon "shield" aria-hidden="true" aria-label="shield" %} Security** tab for your organization, display the **{% octicon "key" aria-hidden="true" aria-label="key" %} Assessments** page, then click **Scan your organization** +the **{% data variables.product.prodname_security_and_quality_tab %}** tab for your organization, display the **{% octicon "key" aria-hidden="true" aria-label="key" %} Assessments** page, then click **Scan your organization** diff --git a/data/variables/product.yml b/data/variables/product.yml index 3daeb5e2f1d8..bbfb45ebf74f 100644 --- a/data/variables/product.yml +++ b/data/variables/product.yml @@ -269,6 +269,7 @@ prodname_security_advisories: 'GitHub Security Advisories' prodname_advisory_database: 'GitHub Advisory Database' # Security configurations and organization-level security settings +prodname_security_and_quality_tab: '{% octicon "shield" aria-hidden="true" aria-label="shield" %} {% ifversion security-and-quality-tab %}Security and quality{% else %}Security{% endif %}' prodname_security_configurations: 'security configurations' prodname_security_configurations_caps: 'Security configurations' prodname_security_configuration: 'security configuration'