Secret scanning push protection for free public repos (#35986)

content/code-security/secret-scanning/protecting-pushes-with-secret-scanning.md

@@ -17,7 +17,6 @@ shortTitle: Enable push protection
 
 {% data reusables.secret-scanning.beta %}
 {% data reusables.secret-scanning.enterprise-enable-secret-scanning %}
-{% data reusables.secret-scanning.push-protection-beta %}
 
 ## About push protection for secrets
 
@@ -26,7 +25,7 @@ Up to now, {% data variables.product.prodname_secret_scanning %} checks for secr
 If a contributor bypasses a push protection block for a secret, {% data variables.product.prodname_dotcom %}:
 - creates an alert in the **Security** tab of the repository in the state described in the table below.
 - adds the bypass event to the audit log.{% ifversion secret-scanning-push-protection-email %}
-- sends an email alert to organization owners, security managers, and repository administrators who are watching the repository, with a link to the secret and the reason why it was allowed.{% endif %}
+- sends an email alert to organization or personal account owners, security managers, and repository administrators who are watching the repository, with a link to the secret and the reason why it was allowed.{% endif %}
 
 You can monitor security alerts to discover when users are bypassing push protections and creating alerts. For more information, see "[AUTOTITLE](/code-security/getting-started/auditing-security-alerts)".
 
@@ -36,7 +35,7 @@ For information on the secrets and service providers supported for push protecti
 
 ## Enabling {% data variables.product.prodname_secret_scanning %} as a push protection
 
-For you to use {% data variables.product.prodname_secret_scanning %} as a push protection, the {% ifversion secret-scanning-enterprise-level %}enterprise,{% endif %} organization{% ifversion secret-scanning-enterprise-level %},{% endif %} or repository needs to have both {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_secret_scanning %} enabled. For more information, see {% ifversion secret-scanning-enterprise-level %}"[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise),"{% endif %} "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)," "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)," and "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)."
+For you to use {% data variables.product.prodname_secret_scanning %} as a push protection in public repositories, the {% ifversion secret-scanning-enterprise-level %}enterprise,{% endif %} organization{% ifversion secret-scanning-enterprise-level %},{% endif %} or repository needs to have {% data variables.product.prodname_secret_scanning %} enabled.{% ifversion secret-scanning-push-protection-private-internal %} To use {% data variables.product.prodname_secret_scanning %} as a push protection in private or internal repositories, the enterprise or organization also needs to have {% data variables.product.prodname_GH_advanced_security %} enabled.{% endif %} For more information, see {% ifversion secret-scanning-enterprise-level %}"[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise),"{% endif %} "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)," "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)," and "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)."
 
 Organization owners, security managers, and repository administrators can enable push protection for {% data variables.product.prodname_secret_scanning %} via the UI and API. For more information, see "[AUTOTITLE](/rest/repos#update-a-repository)" and expand the "Properties of the `security_and_analysis` object" section in the REST API documentation.
 

content/code-security/secret-scanning/secret-scanning-patterns.md

@@ -85,10 +85,10 @@ This table lists the secrets supported by {% data variables.product.prodname_sec
 <!-- FPT version of table -->
 {% ifversion fpt %}
 
-| Provider | Token | Partner | User | Validity check |
+| Provider | Token | Partner | User | Push protection | Validity check |
 |----|:----|:----:|:----:|:----:|
 {%- for entry in secretScanningData %}
-| {{ entry.provider }} | {{ entry.secretType }} | {% if entry.isPublic %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Unsupported" %}{% endif %} | {% if entry.isPrivateWithGhas %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Unsupported" %}{% endif %} | {% if entry.hasValidityCheck %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Unsupported" %}{% endif %} |
+| {{ entry.provider }} | {{ entry.secretType }} | {% if entry.isPublic %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Unsupported" %}{% endif %} | {% if entry.isPrivateWithGhas %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Unsupported" %}{% endif %} | {% if entry.hasPushProtection %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Unsupported" %}{% endif %} | {% if entry.hasValidityCheck %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Unsupported" %}{% endif %} |
 {%- endfor %}
 
 {% endif %}

data/features/secret-scanning-enterprise-level-api.yml

@@ -1,7 +1,6 @@
 # Reference: #7526.
 # Secret scanning: Enable at Enterprise level with REST API
 versions:
-  fpt: '*'
   ghec: '*'
   ghes: '>=3.8'
   ghae: '>=3.8'

data/features/secret-scanning-push-protection-bypasses.yml

@@ -1,6 +1,7 @@
 # Reference: #7298.
 # Documentation for new events related to secret scanning push protection bypasses, e.g. audit log.
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>=3.6'
   ghae: '>= 3.6'

data/features/secret-scanning-push-protection-email.yml

@@ -1,6 +1,7 @@
 # Reference: #7511.
 # When developers bypass a block by push protection for a detected secret, administrators will receive an email notification of that bypass.
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>=3.7'
   ghae: '>= 3.7'

data/features/secret-scanning-push-protection-private-internal.yml

@@ -0,0 +1,3 @@
+versions:
+  ghes: '>=3.10'
+  ghec: '*'

data/features/secret-scanning-push-protection-web-ui.yml

@@ -1,6 +1,7 @@
 # Reference: #6788.
 # Documentation for secret scanning as a push protection in the web ui (as opposed to command line)
 versions:
+  fpt: '*'
   ghes: '>=3.6'
   ghae: '>= 3.6'
   ghec: '*'

data/features/secret-scanning-push-protection.yml

@@ -1,6 +1,7 @@
 # Reference: #5620.
 # Documentation for secret scanning as a push protection
 versions:
+  fpt: '*'
   ghes: '>=3.5'
   ghae: '>= 3.5'
   ghec: '*'

tests/fixtures/versionless-redirects.txt

@@ -407,9 +407,6 @@
 - /code-security/secret-security/defining-custom-patterns-for-secret-scanning
 - /code-security/secret-scanning/defining-custom-patterns-for-secret-scanning
 
-/enterprise-cloud@latest/code-security/secret-scanning/protecting-pushes-with-secret-scanning
-- /code-security/secret-scanning/protecting-pushes-with-secret-scanning
-
 /enterprise-cloud@latest/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators
 - /articles/restricting-the-ability-to-add-outside-collaborators-to-organization-repositories
 - /articles/setting-permissions-for-adding-outside-collaborators