Merge pull request #34502 from github/repo-sync

Repo sync

content/actions/about-github-actions/understanding-github-actions.md

@@ -9,14 +9,14 @@ redirect_from:
   - /actions/learn-github-actions/introduction-to-github-actions
   - /actions/learn-github-actions/understanding-github-actions
   - /actions/learn-github-actions/essential-features-of-github-actions
+  - /articles/getting-started-with-github-actions
 versions:
   fpt: '*'
   ghes: '*'
   ghec: '*'
 type: overview
 topics:
   - Fundamentals
-layout: inline
 ---
 
 {% data reusables.actions.enterprise-github-hosted-runners %}

content/code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md

@@ -76,6 +76,12 @@ For {% data variables.product.prodname_code_scanning %} alerts from {% data vari
 
 {% endif %}
 
+{% ifversion copilot-chat-ghas-alerts %}
+
+With a {% data variables.product.prodname_copilot_enterprise %} license, you can also ask {% data variables.product.prodname_copilot_chat %} for help to better understand {% data variables.product.prodname_code_scanning %} alerts in repositories in your organization. For more information, see "[AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-questions-about-alerts-from-github-advanced-security-features)."
+
+{% endif %}
+
 {% note %}
 
 For the next article in this series, see "[AUTOTITLE](/code-security/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning)."

content/code-security/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md

@@ -27,6 +27,12 @@ You can enable secret scanning for individual repositories or for all repositori
 
 This article explains a high-level process focusing on enabling {% data variables.product.prodname_secret_scanning %} for all repositories in an organization. The principles described in this article can still be applied even if you take a more staggered approach of enabling {% data variables.product.prodname_secret_scanning %} for individual repositories.
 
+{% ifversion copilot-chat-ghas-alerts %}
+
+With a {% data variables.product.prodname_copilot_enterprise %} license, you can also ask {% data variables.product.prodname_copilot_chat %} for help to better understand {% data variables.product.prodname_secret_scanning %} alerts in repositories in your organization. For more information, see "[AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-questions-about-alerts-from-github-advanced-security-features)."
+
+{% endif %}
+
 ## 1. Focus on newly committed secrets
 
 When you enable {% data variables.product.prodname_secret_scanning %}, you should focus on remediating any newly committed credentials detected by secret scanning. If you focus on cleaning up committed credentials, developers could continue to accidentally push new credentials, which means your total secret count will stay around the same level, not decrease as intended. This is why it is essential to stop new credentials being leaked before focusing on revoking any current secrets.

content/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts.md

@@ -29,6 +29,12 @@ You can use {% data variables.product.prodname_copilot_autofix %} to generate fi
 
 {% endif %}
 
+{% ifversion copilot-chat-ghas-alerts %}
+
+With a {% data variables.product.prodname_copilot_enterprise %} license, you can also ask {% data variables.product.prodname_copilot_chat %} for help to better understand {% data variables.product.prodname_code_scanning %} alerts in repositories in your organization. For more information, see "[AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-questions-about-alerts-from-github-advanced-security-features)."
+
+{% endif %}
+
 {% ifversion security-overview-org-codeql-pr-alerts %}
 
 For {% data variables.product.prodname_code_scanning %} alerts from {% data variables.product.prodname_codeql %} analysis, you can use security overview to see how {% data variables.product.prodname_codeql %} is performing in pull requests in repositories across your organization, and to identify repositories where you may need to take action. For more information, see "[AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts)."

content/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository.md

@@ -55,6 +55,14 @@ For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-cod
 
 {% endnote %}
 
+{% ifversion copilot-chat-ghas-alerts %}
+
+## Asking {% data variables.product.prodname_copilot_chat %} about {% data variables.product.prodname_code_scanning %} alerts
+
+With a {% data variables.product.prodname_copilot_enterprise %} license, you can ask {% data variables.product.prodname_copilot_chat_short %} for help to better understand security alerts, including {% data variables.product.prodname_code_scanning %} alerts, in repositories in your organization. For more information, see "[AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-questions-about-alerts-from-github-advanced-security-features)."
+
+{% endif %}
+
 {% ifversion security-overview-org-codeql-pr-alerts %}
 
 ## Viewing metrics for {% data variables.product.prodname_codeql %} pull request alerts for an organization

content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md

@@ -54,6 +54,12 @@ In repositories where {% data variables.product.prodname_code_scanning %} is con
 
 If your pull request targets a protected branch that uses {% data variables.product.prodname_code_scanning %}, and the repository owner has configured required status checks, then the "{% data variables.product.prodname_code_scanning_caps %} results" check must pass before you can merge the pull request. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging)."
 
+{% ifversion copilot-chat-ghas-alerts %}
+
+With a {% data variables.product.prodname_copilot_enterprise %} license, you can also ask {% data variables.product.prodname_copilot_chat %} for help to better understand {% data variables.product.prodname_code_scanning %} alerts in repositories in your organization. For more information, see "[AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-questions-about-alerts-from-github-advanced-security-features)."
+
+{% endif %}
+
 ## About {% data variables.product.prodname_code_scanning %} as a pull request check
 
 There are many options for configuring {% data variables.product.prodname_code_scanning %} as a pull request check, so the exact configuration of each repository will vary and some will have more than one check.

content/code-security/dependabot/dependabot-alerts/about-dependabot-alerts.md

@@ -108,6 +108,14 @@ By default, we notify people with {% ifversion dependabot-alerts-permissions-wri
 
 You can also see all the {% data variables.product.prodname_dependabot_alerts %} that correspond to a particular advisory in the {% data variables.product.prodname_advisory_database %}. {% data reusables.security-advisory.link-browsing-advisory-db %}
 
+{% ifversion copilot-chat-ghas-alerts %}
+
+## Asking {% data variables.product.prodname_copilot_chat %} about {% data variables.product.prodname_dependabot_alerts %}
+
+With a {% data variables.product.prodname_copilot_enterprise %} license, you can ask {% data variables.product.prodname_copilot_chat_short %} for help to better understand security alerts, including {% data variables.product.prodname_dependabot_alerts %}, in repositories in your organization. For more information, see "[AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-questions-about-alerts-from-github-advanced-security-features)."
+
+{% endif %}
+
 ## Further reading
 
 * "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)"

content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md

@@ -137,6 +137,12 @@ For supported languages, {% data variables.product.prodname_dependabot %} detect
 
 {% endif %}
 
+{% ifversion copilot-chat-ghas-alerts %}
+
+With a {% data variables.product.prodname_copilot_enterprise %} license, you can also ask {% data variables.product.prodname_copilot_chat %} for help to better understand {% data variables.product.prodname_dependabot_alerts %} in repositories in your organization. For more information, see "[AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-questions-about-alerts-from-github-advanced-security-features)."
+
+{% endif %}
+
 ### Fixing vulnerable dependencies
 
 1. View the details for an alert. For more information, see "[Viewing {% data variables.product.prodname_dependabot_alerts %}](#viewing-dependabot-alerts)" (above).

content/code-security/getting-started/github-security-features.md

@@ -106,6 +106,12 @@ Many {% data variables.product.prodname_GH_advanced_security %} features are ava
 
 {% endif %}
 
+{% ifversion copilot-chat-ghas-alerts %}
+
+With a {% data variables.product.prodname_copilot_enterprise %} license, you can also ask {% data variables.product.prodname_copilot_chat %} for help to better understand security alerts in repositories in your organization from {% data variables.product.prodname_GH_advanced_security %} features ({% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_secret_scanning %}, and {% data variables.product.prodname_dependabot_alerts %}). For more information, see "[AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-questions-about-alerts-from-github-advanced-security-features)."
+
+{% endif %}
+
 {% data reusables.advanced-security.ghas-trial %}
 
 ### {% data variables.product.prodname_code_scanning_caps %}

content/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts.md

@@ -49,6 +49,14 @@ For information on how to enable validity checks for partner patterns, see "[AUT
 
 You can use the REST API to retrieve a list of the most recent validation status for each of your tokens. For more information, see "[AUTOTITLE](/rest/secret-scanning)" in the REST API documentation. You can also use webhooks to be notified of activity relating to a {% data variables.product.prodname_secret_scanning %} alert. For more information, see the `secret_scanning_alert` event in "[AUTOTITLE](/webhooks/webhook-events-and-payloads?actionType=created#secret_scanning_alert)."
 
+{% ifversion copilot-chat-ghas-alerts %}
+
+## Asking {% data variables.product.prodname_copilot_chat %} about {% data variables.product.prodname_secret_scanning %} alerts
+
+With a {% data variables.product.prodname_copilot_enterprise %} license, you can ask {% data variables.product.prodname_copilot_chat_short %} for help to better understand security alerts, including {% data variables.product.prodname_secret_scanning %} alerts, in repositories in your organization. For more information, see "[AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-questions-about-alerts-from-github-advanced-security-features)."
+
+{% endif %}
+
 {% ifversion secret-scanning-validity-check-partner-patterns %}
 
 ## Performing an on-demand validity check

content/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom.md

@@ -63,6 +63,7 @@ The skills you can use in {% data variables.product.prodname_copilot_chat_dotcom
 | **Issue details** | Retrieves a specific {% data variables.product.prodname_dotcom %} issue, including the issue's title, number, author, status, body, linked pull requests, comments, and timestamps. | Yes | _Summarize the conversation on this issue and suggest next steps_ |
 | **File details** | Retrieves a specific file in the default branch of the Git repository, allowing you to ask questions about the file and the recent changes made to it. This skill is useful when you provide the exact path of a file in the repository. | Yes | _What logic does user_auth.js encapsulate?_ <br> <br> _What is the file history of user_auth.js?_ |
 | **Pull request details** | Retrieves a specific pull request. This allows you to ask questions about the pull request, including getting a summary of the pull request, its comments, or the code it changes. | Yes | _Summarize this PR for me_ <br><br> _Summarize the changes in this PR_ |
+| **{% data variables.product.prodname_GH_advanced_security %}** | Retrieves information about security alerts within your organization from {% data variables.product.prodname_GH_advanced_security %} features ({% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_secret_scanning %}, and {% data variables.product.prodname_dependabot_alerts %}). | Yes | _How would I fix this {% data variables.product.prodname_code_scanning %} alert?_ |
 | **Release details** | Retrieves the latest, or specified, release. This allows you to find out who created a release, when it happened, and information included in the release notes. | Yes | _When was the latest release?_ |
 | **Repository details** | Retrieves a specific {% data variables.product.prodname_dotcom %} repository. This is useful for finding out details such as the repository owner and the main language used. | Yes | _Tell me about this repo_ |
 | **Symbol definition** | Retrieves the lines of code that define a specific code symbol (function, class, or struct) in the default branch of the Git repository. This skill is useful when you have the exact name of a symbol, and want to understand it. | Yes | _Write unit tests for the AuthUser method_ |
@@ -259,6 +260,38 @@ You can chat with {% data variables.product.prodname_copilot_short %} about a fi
 
    ![Screenshot of the immersive mode button at the top right of the {% data variables.product.prodname_copilot_short %} panel. The button is highlighted with a dark orange outline.](/assets/images/help/copilot/copilot-immersive-view-button.png)
 
+## Asking questions about {% data variables.product.prodname_GH_advanced_security %} alerts
+
+{% data variables.product.prodname_copilot_short %} allows you to use natural language questions to ask about security alerts in repositories in your organization when these alerts are generated by {% data variables.product.prodname_GH_advanced_security %} features ({% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_secret_scanning %}, and {% data variables.product.prodname_dependabot_alerts %}).
+
+{% data reusables.copilot.go-to-copilot-page %}
+
+1. If the "Ask {% data variables.product.prodname_copilot_short %}" page is not displayed in the panel, click **All repositories**.
+
+   ![Screenshot of the {% data variables.product.prodname_copilot_short %} chat panel page with "All repositories" highlighted with a dark orange outline.](/assets/images/help/copilot/copilot-chat-all-repositories.png)
+
+1. On the "Ask {% data variables.product.prodname_copilot_short %}" page, select a repository to provide a context for your question.
+
+   For example, you could choose a repository with security alerts you want to understand better.
+
+   You can search for a repository if you don't see one you want to use.
+
+1. In the "Ask {% data variables.product.prodname_copilot_short %}" box, type a question and press <kbd>Enter</kbd>.
+
+   For example, you could ask:
+
+   * How would I fix this alert?
+   * How many alerts do I have on this pull request?
+   * Which line of code is this {% data variables.product.prodname_code_scanning %} alert referencing?
+   * What library is affected by this {% data variables.product.prodname_dependabot %} alert?
+
+   {% data variables.product.prodname_copilot_short %} replies in the chat panel.
+
+   <a id="repo-indexing-note"></a>
+
+{% data reusables.copilot.stop-response-generation %}
+{% data reusables.copilot.chat-conversation-buttons %}
+
 ## Asking questions about a specific pull request
 
 You can ask {% data variables.product.prodname_copilot_short %} to summarize a pull request, or explain what has changed within specific files or lines of code in a pull request.

content/copilot/using-github-copilot/example-use-cases/example-prompts-for-copilot-chat.md

@@ -49,6 +49,15 @@ You can ask {% data variables.product.prodname_copilot_short %} to write code fo
 
 When {% data variables.product.prodname_copilot_short %} returns a code block, the response includes options to copy the code, or to insert the code at your cursor, into a new file, or into the terminal.
 
+## Ask questions about alerts from {% data variables.product.prodname_GH_advanced_security %} features
+
+You can ask {% data variables.product.prodname_copilot_short %} about security alerts in repositories in your organization from {% data variables.product.prodname_GH_advanced_security %} features ({% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_secret_scanning %}, and {% data variables.product.prodname_dependabot_alerts %}). For example:
+
+* `How would I fix this alert?`
+* `How many alerts do I have on this pull request?`
+* `Which line of code is this {% data variables.product.prodname_code_scanning %} alert referencing?`
+* `What library is affected by this {% data variables.product.prodname_dependabot %} alert?`
+
 ## Set up a new project
 
 Use the `/new` slash command to set up a new project. For example:
@@ -135,6 +144,15 @@ You can ask {% data variables.product.prodname_copilot_short %} to write code fo
 
 When {% data variables.product.prodname_copilot_short %} returns a code block, the response includes options to copy the code, insert the code into a new file, or preview the code output.
 
+## Ask questions about alerts from {% data variables.product.prodname_GH_advanced_security %} features
+
+You can ask {% data variables.product.prodname_copilot_short %} about security alerts in repositories in your organization from {% data variables.product.prodname_GH_advanced_security %} features ({% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_secret_scanning %}, and {% data variables.product.prodname_dependabot_alerts %}). For example:
+
+* `How would I fix this alert?`
+* `How many alerts do I have on this pull request?`
+* `Which line of code is this {% data variables.product.prodname_code_scanning %} alert referencing?`
+* `What library is affected by this {% data variables.product.prodname_dependabot %} alert?`
+
 ## Fix, improve, and refactor code
 
 If your active file contains an error, use the `/fix` slash command to ask {% data variables.product.prodname_copilot_short %} to fix the error.

content/get-started/learning-about-github/about-github-advanced-security.md

@@ -48,6 +48,12 @@ A {% data variables.product.prodname_GH_advanced_security %} license provides th
 
 * **Dependency review** - Show the full impact of changes to dependencies and see details of any vulnerable versions before you merge a pull request. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)."
 
+{% ifversion copilot-chat-ghas-alerts %}
+
+With a {% data variables.product.prodname_copilot_enterprise %} license, you can also ask {% data variables.product.prodname_copilot_chat %} for help to better understand security alerts in repositories in your organization ({% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_secret_scanning %}, and {% data variables.product.prodname_dependabot_alerts %}. For more information, see "[AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-questions-about-alerts-from-github-advanced-security-features)."
+
+{% endif %}
+
 {% ifversion fpt or ghec %}
 The table below summarizes the availability of {% data variables.product.prodname_GH_advanced_security %} features for public and private repositories.
 

data/features/copilot-chat-ghas-alerts.yml

@@ -0,0 +1,3 @@
+# Reference: #15479
+versions:
+  ghec: '*'

src/github-apps/lib/config.json

@@ -60,5 +60,5 @@
       "2022-11-28"
     ]
   },
-  "sha": "38baa7aebf29fe927aac6aa0ae769b7a8d3204ca"
+  "sha": "272a391f5bfe7d533f35ecfb65adfcf137162fb3"
 }

src/links/lib/excluded-links.yml

@@ -73,3 +73,5 @@
 - is: https://github.com/actions/runner/pkgs/container/actions-runner
 - is: https://github.com/Codertocat/hello-world-npm/pkgs/npm/hello-world-npm
 - is: https://jsonformatter.org/
+- is: https://mvnrepository.com/artifact/org.xwiki.platform/xwiki-platform-oldcore
+- is: https://mvnrepository.com/artifact/com.google.guava/guava