diff --git a/content/code-security/secret-scanning/enabling-secret-scanning-features/index.md b/content/code-security/secret-scanning/enabling-secret-scanning-features/index.md index 8041ca6b4529..9a8b41397f84 100644 --- a/content/code-security/secret-scanning/enabling-secret-scanning-features/index.md +++ b/content/code-security/secret-scanning/enabling-secret-scanning-features/index.md @@ -1,6 +1,6 @@ --- title: Enabling secret scanning features -shortTitle: Enable secret scanning features +shortTitle: Enable features allowTitleToDifferFromFilename: true intro: 'Learn how to enable {% data variables.product.prodname_secret_scanning %} to detect secrets that are already visible in a repository, as well as push protection to proactively secure you against leaking additional secrets by blocking pushes containing secrets.' product: '{% data reusables.gated-features.secret-scanning %}' diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/index.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/index.md index 6dd0553b9b8c..8397f42bf3a5 100644 --- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/index.md +++ b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/index.md @@ -16,7 +16,7 @@ topics: - Advanced Security - Alerts - Repositories -shortTitle: Managing alerts +shortTitle: Manage alerts children: - /about-alerts - /viewing-alerts diff --git a/content/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/index.md b/content/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/index.md index 8cbdd7d96ba4..5144b122f615 100644 --- a/content/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/index.md +++ b/content/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/index.md @@ -1,6 +1,6 @@ --- title: Troubleshooting secret scanning and push protection -shortTitle: Troubleshoot secret scanning +shortTitle: Troubleshoot intro: 'If you have problems with {% data variables.product.prodname_secret_scanning %} or push protection, you can use these tips to help resolve issues.' product: '{% data reusables.gated-features.secret-scanning %}' versions: diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection.md index e63738b1921c..09dba6e19c7e 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection.md @@ -10,27 +10,33 @@ topics: - Advanced Security - Alerts - Repositories -shortTitle: Delegated bypass +shortTitle: About delegated bypass --- ## About delegated bypass for push protection {% data reusables.secret-scanning.push-protection-delegate-bypass-beta-note %} -{% data reusables.secret-scanning.push-protection-delegated-bypass-intro %} +By default, when push protection is enabled for a repository, anyone with write access can still push a secret to the repository, provided that they specify a reason for bypassing push protection. -When you enable push protection, by default, anyone with write access to the repository can choose to bypass the protection by specifying a reason for allowing the push containing a secret. With delegated bypass, only specific roles and teams can bypass push protection. All other contributors are instead obligated to make a request for "bypass privileges", which is sent to a designated group of reviewers who either approve or deny the request to bypass push protection. +With delegated bypass for push protection, you can: -If the request to bypass push protection is approved, the contributor can push the commit containing the secret. If the request is denied, the contributor must remove the secret from the commit (or commits) containing the secret before pushing again. +* **Choose** which individuals, roles, and teams can bypass push protection. +* Introduce a **review and approval** cycle for pushes containing secrets from all other contributors. -To configure delegated bypass, organization owners or repository administrators must change the "Who can bypass push protection for {% data variables.product.prodname_secret_scanning %}" setting in the UI from **Anyone with write access** to **Specific roles and teams**. +{% ifversion push-protection-delegated-bypass-file-upload-support %}Delegated bypass applies to files created, edited, and uploaded on {% data variables.product.prodname_dotcom %}.{% endif %} -Organization owners or repository administrators are then prompted to create a "bypass list". The bypass list comprises the specific roles and teams, such as the security team or repository administrators, who oversee requests from non-members to bypass push protection. For more information, see "[Configuring delegated bypass for an organization](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#configuring-delegated-bypass-for-an-organization)" and "[Configuring delegated bypass for a repository](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#configuring-delegated-bypass-for-a-repository)." +To set up delegated bypass, organization owners or repository administrators create a list of users with bypass privileges. This designated list of users can then: +* Bypass push protection, by specifying a reason for bypassing the block. +* Manage (approve or deny) bypass requests coming from all other contributors. These requests are located in the "Push protection bypass" page in the **Security** tab of the repository. -{% ifversion push-protection-bypass-fine-grained-permissions %} Alternatively, instead of creating a bypass list, you can grant specific organization members the ability to review and manage bypass requests using fine-grained permissions. For more information, see "[Using fine-grained permissions to control who can review and manage bypass requests](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#using-fine-grained-permissions-to-control-who-can-review-and-manage-bypass-requests)."{% endif %} +The following types of users can always bypass push protection without having to request bypass privileges: +* Organization owners +* Security managers +* Users in teams, default roles, or custom roles that have been added to the bypass list.{% ifversion push-protection-bypass-fine-grained-permissions %} +* Users who are assigned (either directly or via a team) a custom role with the "review and manage secret scanning bypass requests" fine-grained permission.{% endif %} -Members {% ifversion push-protection-bypass-fine-grained-permissions %}with permission to review (approve or deny) bypass requests can manage these {% else %}of the bypass list can review and manage {% endif %}requests through the "Push protection bypass" page in the **Security** tab of the repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection)." +## Next steps -{% data reusables.secret-scanning.push-protection-delegated-bypass-note %} - -For information about enabling delegated bypass, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection)." +* "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection)" +* "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection)" diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/index.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/index.md index 6546c4d8f392..8736fdd06d6d 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/index.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/index.md @@ -6,7 +6,7 @@ intro: 'You can control the ability to bypass push protection by setting up a re product: '{% data reusables.gated-features.secret-scanning %}' versions: fpt: '*' - ghes: '*' + ghes: '>=3.14' ghec: '*' topics: - Secret scanning diff --git a/content/code-security/security-overview/about-security-overview.md b/content/code-security/security-overview/about-security-overview.md index e20c9ff27145..cea74e023434 100644 --- a/content/code-security/security-overview/about-security-overview.md +++ b/content/code-security/security-overview/about-security-overview.md @@ -1,7 +1,6 @@ --- title: About security overview intro: 'You can gain insights into the overall security landscape of your organization or enterprise and identify repositories that require intervention using security overview.' -permissions: '{% data reusables.security-overview.permissions %}' product: '{% data reusables.gated-features.security-overview %}' redirect_from: - /code-security/security-overview/exploring-security-alerts diff --git a/content/code-security/security-overview/assessing-adoption-code-security.md b/content/code-security/security-overview/assessing-adoption-code-security.md index 944c6183c1cf..c475b80effc5 100644 --- a/content/code-security/security-overview/assessing-adoption-code-security.md +++ b/content/code-security/security-overview/assessing-adoption-code-security.md @@ -3,8 +3,7 @@ title: Assessing adoption of code security features shortTitle: Assess adoption of features allowTitleToDifferFromFilename: true intro: 'You can use security overview to see which teams and repositories have already enabled code security features, and identify any that are not yet protected.' -permissions: '{% data reusables.security-overview.permissions %}' -product: '{% data reusables.gated-features.security-overview %}' +permissions: '{% data reusables.permissions.security-overview %}' type: how_to topics: - Security overview @@ -22,7 +21,7 @@ versions: You can use security overview to see which repositories and teams have already enabled each code security feature, and where people need more encouragement to adopt these features. The "Security coverage" view shows a summary and detailed information on feature enablement for an organization. You can filter the view to show a subset of repositories using the "enabled" and "not enabled" links, the "Teams" dropdown menu, and a search field in the page header. -![Screenshot of the header section of the "Security coverage" view on the "Security" tab for an organization. The options for filtering are outlined in dark orange, including "enabled" and "not enabled" links, "Teams" selector, and search field.](/assets/images/help/security-overview/security-coverage-view-summary.png) +![Screenshot of the header section of the "Security coverage" view on the "Security" tab for an organization.](/assets/images/help/security-overview/security-coverage-view-summary.png) >[!NOTE] "Pull request alerts" are reported as enabled only when {% data variables.product.prodname_code_scanning %} has analyzed at least one pull request since alerts were enabled for the repository. @@ -38,18 +37,14 @@ You can use the "Enablement trends" view to see enablement status and enablement ## Viewing the enablement of code security features for an organization -You can view data to assess the enablement of code security features across organizations in an enterprise. {% data reusables.security-overview.information-varies-GHAS %} - -{% ifversion dependabot-updates-paused-enterprise-orgs %} - -In the list of repositories, the "Paused" label under "{% data variables.product.prodname_dependabot %}" indicates repositories for which {% data variables.product.prodname_dependabot_updates %} are paused. For information about inactivity criteria, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates)" and "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates)," for security and version updates, respectively.{% endif %} +You can view data to assess the enablement of code security features across repositories in an organization. {% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.security-overview %} 1. To display the "Security coverage" view, in the sidebar, click **{% octicon "meter" aria-hidden="true" %} Coverage**. {% data reusables.code-scanning.using-security-overview-coverage %} - ![Screenshot of the header section of the "Security coverage" view on the "Security" tab for an organization. The options for filtering are outlined in dark orange, including "enabled" and "not enabled" links, "Teams" selector, archived repositories, and search field.](/assets/images/help/security-overview/security-coverage-view-highlights.png) + ![Screenshot of the "Security coverage" view. The options for filtering are outlined in dark orange.](/assets/images/help/security-overview/security-coverage-view-highlights.png) {% ifversion pre-security-configurations %} 1. Optionally, click **{% octicon "gear" aria-hidden="true" %} Security settings** to enable code security features for a repository and click **Save security settings** to confirm the changes. If a feature is not shown, it has more complex configuration requirements and you need to use the repository settings dialog. For more information, see "[AUTOTITLE](/code-security/getting-started/securing-your-repository)." @@ -59,24 +54,26 @@ In the list of repositories, the "Paused" label under "{% data variables.product {% endif %} -{% ifversion security-overview-org-risk-coverage-enterprise %} +{% ifversion dependabot-updates-paused-enterprise-orgs %} + +In the list of repositories, a "Paused" label under "{% data variables.product.prodname_dependabot %}" indicates repositories for which {% data variables.product.prodname_dependabot_updates %} are paused. For information about inactivity criteria, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates#about-automatic-deactivation-of-dependabot-updates)" and "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates#about-automatic-deactivation-of-dependabot-updates)," for security and version updates, respectively.{% endif %} ## Viewing the enablement of code security features for an enterprise -You can view data to assess the enablement of code security features across organizations in an enterprise. {% data reusables.security-overview.information-varies-GHAS %} - -In the enterprise-level view, you can view data about the enablement of features, but you cannot enable or disable features. For more information about enabling features, see {% ifversion security-configurations %}"[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization){% else %}"[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories){% endif %}." +You can view data to assess the enablement of code security features across organizations in an enterprise. -{% data reusables.security-overview.enterprise-filters-tip %} +{% ifversion pre-security-configurations %} +In the enterprise-level view, you can view data about the enablement of features, but you cannot enable or disable features. +{% endif %} {% data reusables.enterprise-accounts.access-enterprise-on-dotcom %} {% data reusables.code-scanning.click-code-security-enterprise %} 1. To display the "Security coverage" view, in the sidebar, click **Coverage**. {% data reusables.code-scanning.using-security-overview-coverage %} - ![Screenshot of the header section of the "Security coverage" view for an enterprise. The options for filtering are outlined in dark orange, including "enabled" and "not enabled" links, "Teams" selector, archived repositories, and search field.](/assets/images/help/security-overview/security-coverage-view-highlights-enterprise.png) + ![Screenshot of the header section of the "Security coverage" view. The options for filtering are outlined in dark orange.](/assets/images/help/security-overview/security-coverage-view-highlights-enterprise.png) -{% endif %} +{% data reusables.security-overview.enterprise-filters-tip %} {% ifversion security-overview-tool-adoption %} @@ -114,8 +111,6 @@ You can view data to assess the enablement status and enablement status trends o You can view data to assess the enablement status and enablement status trends of code security features across organizations in an enterprise. ->[!TIP] You can use the `owner:` filter in the search field to filter the data by organization. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)." - {% data reusables.enterprise-accounts.access-enterprise-on-dotcom %} {% data reusables.code-scanning.click-code-security-enterprise %} 1. To display the "Enablement trends" view, in the sidebar, click **Enablement trends**. @@ -124,6 +119,8 @@ You can view data to assess the enablement status and enablement status trends o * Use the date picker to set the time range that you want to view enablement trends for. * Click in the search box to add further filters on the enablement trends displayed. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)." +>[!TIP] You can use the `owner:` filter in the search field to filter the data by organization. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)." + {% endif %} ## Interpreting and acting on the enablement data diff --git a/content/code-security/security-overview/assessing-code-security-risk.md b/content/code-security/security-overview/assessing-code-security-risk.md index 47a463d00070..92ce508626fe 100644 --- a/content/code-security/security-overview/assessing-code-security-risk.md +++ b/content/code-security/security-overview/assessing-code-security-risk.md @@ -3,8 +3,7 @@ title: Assessing your code security risk shortTitle: Assess security risk to code allowTitleToDifferFromFilename: true intro: 'You can use security overview to see which teams and repositories are affected by security alerts, and identify repositories for urgent remedial action.' -permissions: '{% data reusables.security-overview.permissions %}' -product: '{% data reusables.gated-features.security-overview %}' +permissions: '{% data reusables.permissions.security-overview %}' type: how_to topics: - Security overview @@ -41,8 +40,6 @@ For information about the **Overview**, see "[AUTOTITLE](/code-security/security ## Viewing organization-level code security risks -{% data reusables.security-overview.information-varies-GHAS %} - {% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.security-overview %} {% data reusables.security-overview.open-security-risk-view %} @@ -59,7 +56,7 @@ For information about the **Overview**, see "[AUTOTITLE](/code-security/security ## Viewing enterprise-level code security risks -You can view data for security alerts across organizations in an enterprise. {% data reusables.security-overview.information-varies-GHAS %} +You can view data for security alerts across organizations in an enterprise. {% data reusables.security-overview.enterprise-filters-tip %} diff --git a/content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md b/content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md index 9dd03190d3d1..92a30a235aed 100644 --- a/content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md +++ b/content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md @@ -2,8 +2,7 @@ title: Enabling security features for multiple repositories shortTitle: Enable security features intro: You can use security overview to select a subset of repositories and enable security features for them all. -permissions: '{% data reusables.security-overview.permissions %}' -product: '{% data reusables.gated-features.security-overview %}' +permissions: '{% data reusables.permissions.security-org-enable %}' allowTitleToDifferFromFilename: true versions: feature: security-configurations-beta-and-pre-beta diff --git a/content/code-security/security-overview/exporting-data-from-security-overview.md b/content/code-security/security-overview/exporting-data-from-security-overview.md index 7b977bcc8bfa..996a7329f025 100644 --- a/content/code-security/security-overview/exporting-data-from-security-overview.md +++ b/content/code-security/security-overview/exporting-data-from-security-overview.md @@ -2,8 +2,7 @@ title: Exporting data from security overview shortTitle: Export data intro: You can export CSV files of your organization's{% ifversion security-overview-export-dashboard-data %} overview,{% endif %} risk and coverage data from security overview. -permissions: '{% data reusables.security-overview.permissions %}' -product: '{% data reusables.gated-features.security-overview %}' +permissions: '{% data reusables.permissions.security-overview %}' versions: feature: security-overview-export-data type: how_to diff --git a/content/code-security/security-overview/filtering-alerts-in-security-overview.md b/content/code-security/security-overview/filtering-alerts-in-security-overview.md index 7b24d4e06cb5..391fec24a8fa 100644 --- a/content/code-security/security-overview/filtering-alerts-in-security-overview.md +++ b/content/code-security/security-overview/filtering-alerts-in-security-overview.md @@ -1,8 +1,7 @@ --- title: Filtering alerts in security overview intro: Use filters to view specific categories of alerts -permissions: '{% data reusables.security-overview.permissions %}' -product: '{% data reusables.gated-features.security-overview %}' +permissions: '{% data reusables.permissions.security-overview %}' allowTitleToDifferFromFilename: true versions: ghes: '*' diff --git a/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md b/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md index 78d33e46af1c..87f7aaade665 100644 --- a/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md +++ b/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md @@ -2,8 +2,7 @@ title: Reviewing requests to bypass push protection shortTitle: Review bypass requests intro: 'You can use security overview to review requests to bypass push protection from contributors pushing to repositories across your organization.' -permissions: '{% data reusables.security-overview.permissions %}' -product: '{% data reusables.gated-features.security-overview %}' +permissions: '{% data reusables.permissions.security-overview %}' type: how_to topics: - Security overview diff --git a/content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md b/content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md index f03999e92cab..041b03424482 100644 --- a/content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md +++ b/content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md @@ -3,8 +3,7 @@ title: Viewing metrics for pull request alerts shortTitle: View PR alert metrics allowTitleToDifferFromFilename: true intro: 'You can use security overview to see how {% data variables.product.prodname_codeql %} is performing in pull requests for repositories across your organization, and to identify repositories where you may need to take action.' -permissions: '{% data reusables.security-overview.permissions %}' -product: '{% data reusables.gated-features.security-overview %}' +permissions: '{% data reusables.permissions.security-overview %}' type: how_to topics: - Security overview diff --git a/content/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection.md b/content/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection.md index 0e7786b87e1d..5fbaf4fad0f9 100644 --- a/content/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection.md +++ b/content/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection.md @@ -3,8 +3,7 @@ title: Viewing metrics for secret scanning push protection shortTitle: View secret scanning metrics allowTitleToDifferFromFilename: true intro: 'You can use security overview to see how {% data variables.product.prodname_secret_scanning %} push protection is performing in repositories across your organization{% ifversion security-overview-enterprise-secret-scanning-metrics %} or enterprise{% endif %}, and to identify repositories where you may need to take action.' -permissions: '{% data reusables.security-overview.permissions %}' -product: '{% data reusables.gated-features.security-overview %}' +permissions: '{% data reusables.permissions.security-overview %}' type: how_to redirect_from: - /code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection-in-your-organization diff --git a/content/code-security/security-overview/viewing-security-insights.md b/content/code-security/security-overview/viewing-security-insights.md index 31225a10139d..dbcadacf9f44 100644 --- a/content/code-security/security-overview/viewing-security-insights.md +++ b/content/code-security/security-overview/viewing-security-insights.md @@ -2,8 +2,7 @@ title: Viewing security insights shortTitle: View security insights intro: 'You can use the overview dashboard in security overview to monitor the security landscape of the repositories in your organization{% ifversion security-overview-dashboard-enterprise %} or enterprise{% endif %}.' -permissions: '{% data reusables.security-overview.permissions %}' -product: '{% data reusables.gated-features.security-overview %}' +permissions: '{% data reusables.permissions.security-overview %}' versions: feature: security-overview-dashboard type: how_to @@ -76,13 +75,13 @@ Keep in mind that the overview page tracks changes over time for security alert ## Viewing the security overview dashboard for your enterprise -{% data reusables.security-overview.enterprise-filters-tip %} - {% data reusables.enterprise-accounts.access-enterprise-on-dotcom %} {% data reusables.code-scanning.click-code-security-enterprise %}{% ifversion security-overview-3-tab-dashboard %} 1. By default, the **Detection** tab is displayed. If you want to switch to another tab to see other metrics, click **Remediation** or **Prevention**.{% endif %} {% data reusables.security-overview.filter-and-toggle %} +{% data reusables.security-overview.enterprise-filters-tip %} + {% endif %} ## Understanding the overview dashboard diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/excluding-content-from-github-copilot.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/excluding-content-from-github-copilot.md index a840adb44601..d2cda32f49ad 100644 --- a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/excluding-content-from-github-copilot.md +++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/excluding-content-from-github-copilot.md @@ -181,7 +181,14 @@ git@gitlab.com:gitlab-org/gitlab-runner.git: As an enterprise owner, you can use the enterprise settings to specify files that {% data variables.product.prodname_copilot %} should ignore. The files can be within a Git repository or anywhere on the file system that is not under Git control. -You apply rules in the same way as described in the previous section "[Configuring content exclusions for your organization](#configuring-content-exclusions-for-your-organization)" but from the settings for your enterprise. The key difference is that rules set at the enterprise level apply to all {% data variables.product.prodname_copilot_short %} users in the enterprise, whereas the rules set by organization owners only apply to users who are assigned a {% data variables.product.prodname_copilot_short %} seat by that organization. +{% data reusables.enterprise-accounts.access-enterprise %} +{% data reusables.enterprise-accounts.policies-tab %} +{% data reusables.enterprise-accounts.copilot-tab %} +1. Click the **Content exclusion** tab. +1. Use paths to specify which content to exclude. See the previous section, "[Configuring content exclusions for your organization](#configuring-content-exclusions-for-your-organization)." + +> [!NOTE] +> The key difference between setting content exclusion at the enterprise level and the organization level is that rules set at the enterprise level apply to all {% data variables.product.prodname_copilot_short %} users in the enterprise, whereas the rules set by organization owners only apply to users who are assigned a {% data variables.product.prodname_copilot_short %} seat by that organization. {% endif %} diff --git a/data/reusables/gated-features/security-overview.md b/data/reusables/gated-features/security-overview.md index c4f4109a29a8..df0121b48c97 100644 --- a/data/reusables/gated-features/security-overview.md +++ b/data/reusables/gated-features/security-overview.md @@ -1,5 +1,7 @@ {% ifversion fpt %} -Security overview is available for organizations that use {% data variables.product.prodname_enterprise %}. For more information, see "[AUTOTITLE](/get-started/learning-about-github/githubs-plans)." -{% elsif security-overview-displayed-alerts %} -All enterprises and their organizations have a security overview. If you use {% data variables.product.prodname_GH_advanced_security %} features{% ifversion ghec %}, which are free for public repositories,{% endif %} you will see additional information. {% data reusables.advanced-security.more-info-ghas %} +Organizations that use {% data variables.product.prodname_enterprise %} +{% elsif ghec %} +Enterprises and their organizations +{% elsif ghes %} +Organizations {% endif %} diff --git a/data/reusables/permissions/security-overview.md b/data/reusables/permissions/security-overview.md new file mode 100644 index 000000000000..6aefa0841259 --- /dev/null +++ b/data/reusables/permissions/security-overview.md @@ -0,0 +1,3 @@ +Access requires: +* Organization views: **write** access to repositories in the organization +* Enterprise views: organization owners and security managers diff --git a/data/reusables/secret-scanning/what-is-scanned.md b/data/reusables/secret-scanning/what-is-scanned.md index 57d883051026..2ea2839fcd47 100644 --- a/data/reusables/secret-scanning/what-is-scanned.md +++ b/data/reusables/secret-scanning/what-is-scanned.md @@ -7,7 +7,7 @@ Additionally, {% data variables.product.prodname_secret_scanning %} scans:{% ifv * Titles, descriptions, and comments in {% data variables.product.prodname_discussions %}{% endif %}{% ifversion secret-scanning-enhancements-wikis %} * Wikis{% endif %} -{% ifversion fpt or ghec %} +{% ifversion ghec %} This additional scanning is free for public repositories. {% endif %} diff --git a/data/reusables/security-overview/information-varies-GHAS.md b/data/reusables/security-overview/information-varies-GHAS.md index 28a17ce878c2..b9d2d67fe56d 100644 --- a/data/reusables/security-overview/information-varies-GHAS.md +++ b/data/reusables/security-overview/information-varies-GHAS.md @@ -1 +1 @@ -The information shown by security overview varies according to your access to repositories{% ifversion security-overview-org-risk-coverage-enterprise %} and organizations{% endif %}, and according to whether {% data variables.product.prodname_GH_advanced_security %} is used by those repositories {% ifversion security-overview-org-risk-coverage-enterprise %} and organizations{% endif %}. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview#permission-to-view-data-in-security-overview)." +The information shown by security overview varies according to your access to repositories and organizations, and according to whether {% data variables.product.prodname_GH_advanced_security %} is used by those repositories and organizations. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview#permission-to-view-data-in-security-overview)."