Merge branch 'main' into rachmari-patch-1

content/developers/apps/scopes-for-oauth-apps.md

@@ -71,7 +71,7 @@ Name | Description
 **`admin:gpg_key`** | Fully manage GPG keys.
  `write:gpg_key`| Create, list, and view details for GPG keys.
  `read:gpg_key`| List and view details for GPG keys.{% if currentVersion == "free-pro-team@latest" %}
-**`workflow`** | Grants the ability to add and update {% data variables.product.prodname_actions %} workflow files. Workflow files can be committed without this scope if the same file (with both the same path and contents) exists on another branch in the same repository.{% endif %}
+**`workflow`** | Grants the ability to add and update {% data variables.product.prodname_actions %} workflow files. Workflow files can be committed without this scope if the same file (with both the same path and contents) exists on another branch in the same repository. Workflow files can expose `GITHUB_TOKEN` which may have a different set of scopes, see https://docs.github.com/en/free-pro-team@latest/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token for details.{% endif %}
 
 {% note %}
 

content/github/customizing-your-github-workflow/github-extensions-and-integrations.md

@@ -10,7 +10,7 @@ versions:
 
 ### Editor tools
 
-To streamline your workflow, you can connect to {% data variables.product.product_name %} repositories within third-party editor tools, such as Atom, Unity, and Visual Studio.
+You can connect to {% data variables.product.product_name %} repositories within third-party editor tools, such as Atom, Unity, and Visual Studio.
 
 #### {% data variables.product.product_name %} for Atom
 
@@ -30,8 +30,12 @@ With the {% data variables.product.prodname_dotcom %} for Visual Studio Code ext
 
 ### Project management tools
 
-To streamline your workflow, you can integrate your {% data variables.product.product_name %} personal account or organization with third-party project management tools, such as Jira.
+You can integrate your {% data variables.product.product_name %} personal account or organization with third-party project management tools, such as Jira or Slack.
 
 #### Jira Cloud and {% data variables.product.product_name %}.com integration
 
-You can integrate Jira Cloud with your personal or organization account to scan commits and pull requests, creating relevant metadata and hyperlinks in any mentioned Jira issues.
+You can integrate Jira Cloud with your personal or organization account to scan commits and pull requests, creating relevant metadata and hyperlinks in any mentioned Jira issues. For more information, visit the [Jira integration app](https://github.com/marketplace/jira-software-github) in the marketplace.
+
+#### Slack and {% data variables.product.product_name %} integration
+
+You can integrate Slack with your personal or organization account to subscribe for notifications, close or open issues, and provide rich references to issues and pull requests without leaving Slack. For more information, visit the [Slack integration app](https://github.com/marketplace/slack-github) in the marketplace.

content/github/finding-security-vulnerabilities-and-errors-in-your-code/index.md

@@ -18,6 +18,7 @@ versions:
     {% link_in_list /configuring-code-scanning %}
     {% link_in_list /configuring-the-codeql-workflow-for-compiled-languages %}
     {% link_in_list /troubleshooting-the-codeql-workflow %}
+    {% link_in_list /running-codeql-code-scanning-in-a-container %}
 {% topic_link_in_list /integrating-with-code-scanning %}
     {% link_in_list /about-integration-with-code-scanning %}
     {% link_in_list /uploading-a-sarif-file-to-github %}

content/github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-a-container.md

@@ -0,0 +1,69 @@
+---
+title: 'Running CodeQL code scanning in a container'
+shortTitle: '{% data variables.product.prodname_code_scanning_capc %} in a container'
+intro: 'You can run {% data variables.product.prodname_code_scanning %} in a container by ensuring that all processes run in the same container.'
+product: '{% data reusables.gated-features.code-scanning %}'
+versions:
+  free-pro-team: '*'
+  enterprise-server: '>=2.22'
+---
+
+{% data reusables.code-scanning.beta %}
+
+### About {% data variables.product.prodname_code_scanning %} with a containerized build
+
+If you're setting up {% data variables.product.prodname_code_scanning %} for a compiled language, and you're building the code in a containerized environment, the analysis may fail with the error message "No source code was seen during the build." This indicates that {% data variables.product.prodname_codeql %} was unable to monitor your code as it was compiled.
+
+You must run {% data variables.product.prodname_codeql %} in the same container in which you build your code. This applies whether you are using the {% data variables.product.prodname_codeql_runner %}, or {% data variables.product.prodname_actions %}. If you're using the {% data variables.product.prodname_codeql_runner %}, run it in the container where your code builds. For more information about the {% data variables.product.prodname_codeql_runner %}, see "[Running {% data variables.product.prodname_codeql %} in your CI system](/github/finding-security-vulnerabilities-and-errors-in-your-code/running-code-scanning-in-your-ci-system)." If you're using {% data variables.product.prodname_actions %}, configure your workflow to run all the actions in the same container. For more information, see "[Example workflow](#example-workflow)."
+
+### Dependencies
+
+You may have difficulty running {% data variables.product.prodname_code_scanning %} if the container you're using is missing certain dependencies (for example, Git must be installed and added to the PATH variable). If you encounter dependency issues, review the list of software typically included on {% data variables.product.prodname_dotcom %}'s virtual environments. For more information, see the version-specific `readme` files in these locations:
+
+* Linux: https://github.com/actions/virtual-environments/tree/main/images/linux
+* MacOS: https://github.com/actions/virtual-environments/tree/main/images/macos
+* Windows: https://github.com/actions/virtual-environments/tree/main/images/win
+
+### Example workflow
+
+This sample workflow uses {% data variables.product.prodname_actions %} to run {% data variables.product.prodname_codeql %} analysis in a containerized environment. The value of `container.image` identifies the container to use. In this example the image is named `codeql-container`, with a tag of `f0f91db`. For more information, see "[Workflow syntax for {% data variables.product.prodname_actions %}](/actions/reference/workflow-syntax-for-github-actions#jobsjob_idcontainer)."
+
+``` yaml
+name: "{% data variables.product.prodname_codeql %}"
+
+on: 
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  schedule:
+    - cron: '0 0 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest 
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [java]
+
+    # Specify the container in which actions will run
+    container:
+      image: codeql-container:f0f91db
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+    - name: Initialize {% data variables.product.prodname_codeql %}
+      uses: github/codeql-action/init@v1
+      with:
+        languages: {% raw %}${{ matrix.language }}{% endraw %}
+    - name: Build
+      run: |
+        ./configure
+        make
+    - name: Perform {% data variables.product.prodname_codeql %} Analysis
+      uses: github/codeql-action/analyze@v1
+```

content/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-codeql-code-scanning-in-your-ci-system.md

@@ -50,4 +50,4 @@ If the `analyze` command for the {% data variables.product.prodname_codeql_runne
 
    {% endnote %}
 
-1. The code is built in a container or on a separate machine. If you use a containerized build or if you outsource the build to another machine, make sure to run the {% data variables.product.prodname_codeql_runner %} in the container or on the machine where your build task takes place.
+1. The code is built in a container or on a separate machine. If you use a containerized build or if you outsource the build to another machine, make sure to run the {% data variables.product.prodname_codeql_runner %} in the container or on the machine where your build task takes place. For more information, see "[Running CodeQL code scanning in a container](/github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-a-container)."

content/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-the-codeql-workflow.md

@@ -60,7 +60,11 @@ For more information, see the workflow extract in "[Automatic build for a compil
 1. Your {% data variables.product.prodname_code_scanning %} workflow is analyzing a compiled language (C, C++, C#, or Java), but the code was not compiled. By default, the {% data variables.product.prodname_codeql %} analysis workflow contains an `autobuild` step, however, this step represents a best effort process, and may not succeed in building your code, depending on your specific build environment. Compilation may also fail if you have removed the `autobuild` step and did not include build steps manually.  For more information about specifying build steps, see "[Configuring the {% data variables.product.prodname_codeql %} workflow for compiled languages](/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language)."
 1. Your workflow is analyzing a compiled language (C, C++, C#, or Java), but portions of your build are cached to improve performance (most likely to occur with build systems like Gradle or Bazel). Since {% data variables.product.prodname_codeql %} observes the activity of the compiler to understand the data flows in a repository, {% data variables.product.prodname_codeql %} requires a complete build to take place in order to perform analysis. 
 1. Your workflow is analyzing a compiled language (C, C++, C#, or Java), but compilation does not occur between the `init` and `analyze` steps in the workflow. {% data variables.product.prodname_codeql %} requires that your build happens in between these two steps in order to observe the activity of the compiler and perform analysis. 
-1. Your compiled code (in C, C++, C#, or Java) was compiled successfully, but {% data variables.product.prodname_codeql %} was unable to detect the compiler invocations. The most common causes are certain configuration options like running your build process in a container, if you're building using a distributed build system external to {% data variables.product.prodname_actions %} using a daemon process, or if {% data variables.product.prodname_codeql %} isn't aware of the specific compiler you are using. 
+1. Your compiled code (in C, C++, C#, or Java) was compiled successfully, but {% data variables.product.prodname_codeql %} was unable to detect the compiler invocations. The most common causes are:
+
+   * Running your build process in a separate container to {% data variables.product.prodname_codeql %}. For more information, see "[Running CodeQL code scanning in a container](/github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-a-container)."
+   * Building using a distributed build system external to GitHub Actions, using a daemon process.
+   * {% data variables.product.prodname_codeql %} isn't aware of the specific compiler you are using.
 
   For C# projects using either `dotnet build` or `msbuild` which target .NET Core 2, you should specify `/p:UseSharedCompilation=false` in your workflow's `run` step, when you build your code. The `UseSharedCompilation` flag isn't necessary for .NET Core 3.0 and later.
   

content/github/site-policy/github-sensitive-data-removal-policy.md

@@ -75,7 +75,7 @@ These guidelines are designed to make the processing of requests to remove sensi
 
 ### How to Submit Your Request
 
-You can submit your request to remove sensitive data via our [contact form](https://support.github.com/contact). Please include a plain-text version of your request in the body of your message. Sending your request in an attachment may result in processing delays.
+You can submit your request to remove sensitive data via our [contact form](https://support.github.com/contact?tags=docs-sensitive-data). Please include a plain-text version of your request in the body of your message. Sending your request in an attachment may result in processing delays.
 
 ### Disputes
 

content/github/site-policy/github-trademark-policy.md

@@ -22,7 +22,7 @@ When we receive reports of trademark policy violations from holders of federal o
 
 ### How Do I Report a Trademark Policy Violation?
 
-Holders of registered trademarks can report possible trademark policy violations to GitHub via our [contact form](https://support.github.com/contact). Please submit trademark-related requests using your company email address and include all the information requested below to help expedite our response. Also be sure to clearly describe to us why the account may cause confusion with your mark or how the account may dilute or tarnish your mark.
+Holders of registered trademarks can report possible trademark policy violations to GitHub via our [contact form](https://support.github.com/contact?tags=docs-trademark). Please submit trademark-related requests using your company email address and include all the information requested below to help expedite our response. Also be sure to clearly describe to us why the account may cause confusion with your mark or how the account may dilute or tarnish your mark.
 
 ### What Information is Required When Reporting Trademark Policy Violations?
 

data/reusables/github-actions/usage-matrix-limits.md

@@ -1 +1 @@
-- **Job matrix** - A job matrix can generate a maximum of 256 jobs per workflow run. This limit also applies to self-hosted runners.
+A job matrix can generate a maximum of 256 jobs per workflow run. This limit also applies to self-hosted runners.