This commit is contained in:
Artur Kordowski 2024-11-20 08:39:48 +01:00
Родитель 42fc18661f
Коммит c4687ff7c2
Не найден ключ, соответствующий данной подписи
10 изменённых файлов: 67 добавлений и 67 удалений

Просмотреть файл

@ -38,7 +38,7 @@ When creating a query suite, you first need to specify the locations of the
queries that you want to select. You can define the location of one or more queries that you want to select. You can define the location of one or more
queries using: queries using:
* A `query` instruction—tells {% data variables.product.prodname_codeql %} to look for one or more specified `.ql` * A `query` instruction: Tells {% data variables.product.prodname_codeql %} to look for one or more specified `.ql`
files: files:
```yaml ```yaml
@ -48,7 +48,7 @@ files:
The argument must be one or more file paths, relative to the {% data variables.product.prodname_codeql %} pack containing The argument must be one or more file paths, relative to the {% data variables.product.prodname_codeql %} pack containing
the suite definition. the suite definition.
* A `queries` instruction—tells {% data variables.product.prodname_codeql %} to recursively scan a directory * A `queries` instruction: Tells {% data variables.product.prodname_codeql %} to recursively scan a directory
for `.ql` files: for `.ql` files:
```yaml ```yaml
@ -68,7 +68,7 @@ for `.ql` files:
The `version` field is optional and specifies a range of compatible versions of this {% data variables.product.prodname_codeql %} pack. The `version` field is optional and specifies a range of compatible versions of this {% data variables.product.prodname_codeql %} pack.
If you dont specify a version, then the most recent version of the pack is used. If you dont specify a version, then the most recent version of the pack is used.
* A `qlpack` instruction—tells {% data variables.product.prodname_codeql %} to resolve queries in the default suite of the * A `qlpack` instruction: Tells {% data variables.product.prodname_codeql %} to resolve queries in the default suite of the
named {% data variables.product.prodname_codeql %} pack: named {% data variables.product.prodname_codeql %} pack:
```yaml ```yaml
@ -136,12 +136,12 @@ For more information about query metadata properties, see
In addition to metadata tags, the keys in the constraint block can also be: In addition to metadata tags, the keys in the constraint block can also be:
* `query filename`—matches on the last path component of the query file name. * `query filename`: Matches on the last path component of the query file name.
* `query path`—matches on the path to the query file relative to its * `query path`: Matches on the path to the query file relative to its
enclosing {% data variables.product.prodname_codeql %} pack. enclosing {% data variables.product.prodname_codeql %} pack.
* `tags contain`—one of the given match strings must match * `tags contain`: One of the given match strings must match
one of the space-separated components of the value of the `@tags` metadata property. one of the space-separated components of the value of the `@tags` metadata property.
* `tags contain all`—each of the given match strings must match one of the * `tags contain all`: Each of the given match strings must match one of the
components of the `@tags` metadata property. components of the `@tags` metadata property.
### Examples of filtering which queries are run ### Examples of filtering which queries are run
@ -245,7 +245,7 @@ use:
Existing query suite definitions can be reused by specifying: Existing query suite definitions can be reused by specifying:
* An `import` instruction—adds the queries selected by a * An `import` instruction: Adds the queries selected by a
previously defined `.qls` file to the current suite: previously defined `.qls` file to the current suite:
```yaml ```yaml
@ -268,7 +268,7 @@ previously defined `.qls` file to the current suite:
Queries added using an `import` instruction can be filtered using subsequent Queries added using an `import` instruction can be filtered using subsequent
`exclude` instructions. `exclude` instructions.
* An `apply` instruction—adds all of the instructions from a * An `apply` instruction: Adds all of the instructions from a
previously defined `.qls` file to the current suite. The instructions in the previously defined `.qls` file to the current suite. The instructions in the
applied `.qls` file are executed as if they appear in place of `apply`. applied `.qls` file are executed as if they appear in place of `apply`.
Any `include` and `exclude` instructions from the applied suite also act on Any `include` and `exclude` instructions from the applied suite also act on

Просмотреть файл

@ -278,11 +278,11 @@ updates:
Use the `allow` option to customize which dependencies are updated. This applies to both version and security updates. You can use the following options: Use the `allow` option to customize which dependencies are updated. This applies to both version and security updates. You can use the following options:
* `dependency-name`—use to allow updates for dependencies with matching names, optionally using `*` to match zero or more characters. * `dependency-name`: Use to allow updates for dependencies with matching names, optionally using `*` to match zero or more characters.
* For Java dependencies, the format of the `dependency-name` attribute is: `groupId:artifactId`; for example: `org.kohsuke:github-api`. * For Java dependencies, the format of the `dependency-name` attribute is: `groupId:artifactId`; for example: `org.kohsuke:github-api`.
* For Docker image tags, the format is the full name of the repository; for example, for an image tag of `<account ID>.dkr.ecr.us-west-2.amazonaws.com/base/foo/bar/ruby:3.1.0-focal-jemalloc`, use `base/foo/bar/ruby`. * For Docker image tags, the format is the full name of the repository; for example, for an image tag of `<account ID>.dkr.ecr.us-west-2.amazonaws.com/base/foo/bar/ruby:3.1.0-focal-jemalloc`, use `base/foo/bar/ruby`.
* `dependency-type`—use to allow updates for dependencies of specific types. * `dependency-type`: Use to allow updates for dependencies of specific types.
| Dependency types | Supported by package managers | Allow updates | | Dependency types | Supported by package managers | Allow updates |
|------------------|-------------------------------|--------| |------------------|-------------------------------|--------|

Просмотреть файл

@ -256,8 +256,8 @@ If you continue to see CI failures, you should remove the group configuration so
If you unblock {% data variables.product.prodname_dependabot %}, you can manually trigger a fresh attempt to create a pull request. If you unblock {% data variables.product.prodname_dependabot %}, you can manually trigger a fresh attempt to create a pull request.
* **Security updates**—display the {% data variables.product.prodname_dependabot %} alert that shows the error you have fixed and click **Create {% data variables.product.prodname_dependabot %} security update**. * **Security updates**: Display the {% data variables.product.prodname_dependabot %} alert that shows the error you have fixed and click **Create {% data variables.product.prodname_dependabot %} security update**.
* **Version updates**—on the **Insights** tab for the repository click **Dependency graph**, and then click the **Dependabot** tab. Click **Last checked _TIME_ ago** to see the log file that {% data variables.product.prodname_dependabot %} generated during the last check for version updates. Click **Check for updates**. * **Version updates**: On the **Insights** tab for the repository click **Dependency graph**, and then click the **Dependabot** tab. Click **Last checked _TIME_ ago** to see the log file that {% data variables.product.prodname_dependabot %} generated during the last check for version updates. Click **Check for updates**.
## Further reading ## Further reading

Просмотреть файл

@ -72,8 +72,8 @@ No matter how well you tighten your organization to prevent data leaks, some may
{% ifversion fpt or ghec %} {% ifversion fpt or ghec %}
There are two forms of {% data variables.product.prodname_secret_scanning %} available: **{% data variables.secret-scanning.partner_alerts_caps %}** and **{% data variables.secret-scanning.user_alerts_caps %}**. There are two forms of {% data variables.product.prodname_secret_scanning %} available: **{% data variables.secret-scanning.partner_alerts_caps %}** and **{% data variables.secret-scanning.user_alerts_caps %}**.
* {% data variables.secret-scanning.partner_alerts_caps %}These are enabled by default and automatically run on all public repositories and public npm packages. * {% data variables.secret-scanning.partner_alerts_caps %}: These are enabled by default and automatically run on all public repositories and public npm packages.
* {% data variables.secret-scanning.user_alerts_caps %}To get additional scanning capabilities for your organization, you need to enable {% data variables.secret-scanning.user_alerts %}. * {% data variables.secret-scanning.user_alerts_caps %}: To get additional scanning capabilities for your organization, you need to enable {% data variables.secret-scanning.user_alerts %}.
When enabled, {% data variables.secret-scanning.user_alerts %} can be detected on the following types of repository:{% ifversion fpt %} When enabled, {% data variables.secret-scanning.user_alerts %} can be detected on the following types of repository:{% ifversion fpt %}
* Public repositories owned by personal accounts on {% data variables.product.prodname_dotcom_the_website %} * Public repositories owned by personal accounts on {% data variables.product.prodname_dotcom_the_website %}

Просмотреть файл

@ -76,11 +76,11 @@ If {% data variables.product.prodname_dependabot_alerts %} are enabled for a rep
1. Optionally, you can also explore the information on the right-side of the page. Some of the information shown in the screenshot may not apply to every alert. 1. Optionally, you can also explore the information on the right-side of the page. Some of the information shown in the screenshot may not apply to every alert.
* Severity * Severity
* CVSS metrics—we use CVSS levels to assign severity levels. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-cvss-levels)." * CVSS metrics: We use CVSS levels to assign severity levels. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-cvss-levels)."
* Tags * Tags
* Weaknesses—list of CWEs related to the vulnerability, if applicable * Weaknesses: List of CWEs related to the vulnerability, if applicable
* CVE ID—unique CVE identifier for the vulnerability, if applicable * CVE ID: Unique CVE identifier for the vulnerability, if applicable
* GHSA ID—unique identifier of the corresponding advisory on the {% data variables.product.prodname_advisory_database %}. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-ghsa-ids)." * GHSA ID: Unique identifier of the corresponding advisory on the {% data variables.product.prodname_advisory_database %}. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-ghsa-ids)."
* Option to navigate to the advisory on the {% data variables.product.prodname_advisory_database %} * Option to navigate to the advisory on the {% data variables.product.prodname_advisory_database %}
* Option to see all of your repositories that are affected by this vulnerability * Option to see all of your repositories that are affected by this vulnerability
* Option to suggest improvements for this advisory on the {% data variables.product.prodname_advisory_database %} * Option to suggest improvements for this advisory on the {% data variables.product.prodname_advisory_database %}

Просмотреть файл

@ -68,27 +68,27 @@ Below is a typical workflow that explains how {% data variables.product.prodname
## About the benefits of {% data variables.product.prodname_secret_scanning %} ## About the benefits of {% data variables.product.prodname_secret_scanning %}
* **Enhanced security**{% data variables.product.prodname_secret_scanning_caps %} scans your repositories for sensitive information like API keys, passwords, tokens, and other secrets. By detecting these early, you can mitigate potential security risks before they are exploited by malicious actors. * **Enhanced security**: {% data variables.product.prodname_secret_scanning_caps %} scans your repositories for sensitive information like API keys, passwords, tokens, and other secrets. By detecting these early, you can mitigate potential security risks before they are exploited by malicious actors.
* **Automated detection**The feature automatically scans your codebase, including commits, issues, and pull requests, ensuring continuous protection without requiring manual intervention. This automation helps in maintaining security even as your repository evolves. * **Automated detection**: The feature automatically scans your codebase, including commits, issues, and pull requests, ensuring continuous protection without requiring manual intervention. This automation helps in maintaining security even as your repository evolves.
* **Real-time alerts**When a secret is detected, {% data variables.product.prodname_secret_scanning %} provides real-time alerts to repository administrators and contributors. This immediate feedback allows for swift remediation actions. * **Real-time alerts**: When a secret is detected, {% data variables.product.prodname_secret_scanning %} provides real-time alerts to repository administrators and contributors. This immediate feedback allows for swift remediation actions.
{% ifversion fpt or ghec %} {% ifversion fpt or ghec %}
* **Integration with service providers**{% data variables.product.prodname_dotcom %} partners with various service providers to validate detected secrets. When a secret is identified, {% data variables.product.prodname_dotcom %} notifies the corresponding service provider to take appropriate actions, such as revoking the exposed credential. For more information, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program)." * **Integration with service providers**: {% data variables.product.prodname_dotcom %} partners with various service providers to validate detected secrets. When a secret is identified, {% data variables.product.prodname_dotcom %} notifies the corresponding service provider to take appropriate actions, such as revoking the exposed credential. For more information, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program)."
{% endif %} {% endif %}
{% ifversion ghec or ghes %} {% ifversion ghec or ghes %}
* **Custom pattern support**Organizations can define custom patterns to detect proprietary or unique types of secrets that may not be covered by default patterns. This flexibility allows for tailored security measures specific to your environment. * **Custom pattern support**: Organizations can define custom patterns to detect proprietary or unique types of secrets that may not be covered by default patterns. This flexibility allows for tailored security measures specific to your environment.
{% endif %} {% endif %}
{% ifversion secret-scanning-non-provider-patterns %} {% ifversion secret-scanning-non-provider-patterns %}
* **Ability to detect non-provider patterns**You can expand the detection to include non-provider patterns such as connection strings, authentication headers, and private keys, for your repository or organization. * **Ability to detect non-provider patterns**: You can expand the detection to include non-provider patterns such as connection strings, authentication headers, and private keys, for your repository or organization.
{% endif %} {% endif %}

Просмотреть файл

@ -33,19 +33,19 @@ If you believe that {% data variables.product.prodname_secret_scanning %} should
This table lists the secrets supported by {% data variables.product.prodname_secret_scanning %}. You can see the types of alert that get generated for each token, as well as whether a validity check is performed on the token. This table lists the secrets supported by {% data variables.product.prodname_secret_scanning %}. You can see the types of alert that get generated for each token, as well as whether a validity check is performed on the token.
* **Provider**—name of the token provider.{% ifversion fpt or ghec %} * **Provider**: Name of the token provider.{% ifversion fpt or ghec %}
* **Partner**—token for which leaks are reported to the relevant token partner. Applies to public repositories only. * **Partner**: Token for which leaks are reported to the relevant token partner. Applies to public repositories only.
* **User**—token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}.{% ifversion secret-scanning-non-provider-patterns %} * **User**: Token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}.{% ifversion secret-scanning-non-provider-patterns %}
* Applies to public repositories, and to private repositories where {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_secret_scanning %} are enabled. * Applies to public repositories, and to private repositories where {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_secret_scanning %} are enabled.
* Includes {% ifversion secret-scanning-alert-experimental-list %}default{% else %}high confidence{% endif %} tokens, which relate to supported patterns and specified custom patterns, as well as non-provider tokens such as private keys, which usually have a higher ratio of false positives. * Includes {% ifversion secret-scanning-alert-experimental-list %}default{% else %}high confidence{% endif %} tokens, which relate to supported patterns and specified custom patterns, as well as non-provider tokens such as private keys, which usually have a higher ratio of false positives.
* For {% data variables.product.prodname_secret_scanning %} to scan for non-provider patterns, the detection of non-provider patterns must be enabled for the repository or the organization. For more information, see "[AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository)." * For {% data variables.product.prodname_secret_scanning %} to scan for non-provider patterns, the detection of non-provider patterns must be enabled for the repository or the organization. For more information, see "[AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository)."
{% data reusables.secret-scanning.non-provider-patterns-beta %}{% endif %}{% endif %}{% ifversion ghes %} {% data reusables.secret-scanning.non-provider-patterns-beta %}{% endif %}{% endif %}{% ifversion ghes %}
* **{% data variables.product.prodname_secret_scanning_caps %} alert**—token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}.{% ifversion secret-scanning-non-provider-patterns %} * **{% data variables.product.prodname_secret_scanning_caps %} alert**: Token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}.{% ifversion secret-scanning-non-provider-patterns %}
* Applies to private repositories where {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_secret_scanning %} are enabled. * Applies to private repositories where {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_secret_scanning %} are enabled.
* Includes {% ifversion secret-scanning-alert-experimental-list %}default{% else %}high confidence{% endif %} tokens, which relate to supported patterns and specified custom patterns, as well as non-provider tokens such as private keys, which often result in false positives.{% else %} Applies to private repositories where {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_secret_scanning %} enabled.{% endif %}{% endif %} * Includes {% ifversion secret-scanning-alert-experimental-list %}default{% else %}high confidence{% endif %} tokens, which relate to supported patterns and specified custom patterns, as well as non-provider tokens such as private keys, which often result in false positives.{% else %} Applies to private repositories where {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_secret_scanning %} enabled.{% endif %}{% endif %}
* **Push protection**—token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}. Applies to repositories with {% data variables.product.prodname_secret_scanning %} and push protection enabled. * **Push protection**: Token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}. Applies to repositories with {% data variables.product.prodname_secret_scanning %} and push protection enabled.
* **Validity check**—token for which a validity check is implemented. {% ifversion secret-scanning-validity-check-partner-patterns %}For partner tokens, {% data variables.product.prodname_dotcom %} sends the token to the relevant partner. Note that not all partners are based in the United States. For more information, see "[{% data variables.product.prodname_advanced_security %}](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security)" in the Site Policy documentation.{% else %} {% ifversion ghes %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens.{% endif %} {% ifversion fpt %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens, and not shown in the table. For more information about validity check support see "[AUTOTITLE](/enterprise-cloud@latest/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}{% endif %} * **Validity check**: Token for which a validity check is implemented. {% ifversion secret-scanning-validity-check-partner-patterns %}For partner tokens, {% data variables.product.prodname_dotcom %} sends the token to the relevant partner. Note that not all partners are based in the United States. For more information, see "[{% data variables.product.prodname_advanced_security %}](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security)" in the Site Policy documentation.{% else %} {% ifversion ghes %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens.{% endif %} {% ifversion fpt %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens, and not shown in the table. For more information about validity check support see "[AUTOTITLE](/enterprise-cloud@latest/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}{% endif %}
{% ifversion secret-scanning-non-provider-patterns %} {% ifversion secret-scanning-non-provider-patterns %}

Просмотреть файл

@ -80,10 +80,10 @@ For more information about dependency review, see "[AUTOTITLE](/code-security/su
{% data variables.product.prodname_dependabot %} keeps your dependencies up to date by informing you of any security vulnerabilities in your dependencies, and automatically opens pull requests to upgrade your dependencies to the next available secure version when a {% data variables.product.prodname_dependabot %} alert is triggered, or to the latest version when a release is published. {% data variables.product.prodname_dependabot %} keeps your dependencies up to date by informing you of any security vulnerabilities in your dependencies, and automatically opens pull requests to upgrade your dependencies to the next available secure version when a {% data variables.product.prodname_dependabot %} alert is triggered, or to the latest version when a release is published.
The term "{% data variables.product.prodname_dependabot %}" encompasses the following features: The term "{% data variables.product.prodname_dependabot %}" encompasses the following features:
* {% data variables.product.prodname_dependabot_alerts %}Displayed notification on the **Security** tab for the repository, and in the repository's dependency graph. The alert includes a link to the affected file in the project, and information about a fixed version. * {% data variables.product.prodname_dependabot_alerts %}: Displayed notification on the **Security** tab for the repository, and in the repository's dependency graph. The alert includes a link to the affected file in the project, and information about a fixed version.
* {% data variables.product.prodname_dependabot_updates %}: * {% data variables.product.prodname_dependabot_updates %}:
* {% data variables.product.prodname_dependabot_security_updates %}Triggered updates to upgrade your dependencies to a secure version when an alert is triggered. * {% data variables.product.prodname_dependabot_security_updates %}: Triggered updates to upgrade your dependencies to a secure version when an alert is triggered.
* {% data variables.product.prodname_dependabot_version_updates %}Scheduled updates to keep your dependencies up to date with the latest version. * {% data variables.product.prodname_dependabot_version_updates %}: Scheduled updates to keep your dependencies up to date with the latest version.
{% ifversion fpt or ghec %}Pull requests opened by {% data variables.product.prodname_dependabot %} can trigger workflows that run actions. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions)."{% endif %} {% ifversion fpt or ghec %}Pull requests opened by {% data variables.product.prodname_dependabot %} can trigger workflows that run actions. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions)."{% endif %}
@ -139,31 +139,31 @@ For more information about {% data variables.product.prodname_dependabot_updates
{% ifversion fpt or ghec %} {% ifversion fpt or ghec %}
Public repositories: Public repositories:
* **Dependency graph**—enabled by default and cannot be disabled. * **Dependency graph**: Enabled by default and cannot be disabled.
* **Dependency review**—enabled by default and cannot be disabled. * **Dependency review**: Enabled by default and cannot be disabled.
* **{% data variables.product.prodname_dependabot_alerts %}**—not enabled by default. {% data variables.product.prodname_dotcom %} detects insecure dependencies and displays information in the dependency graph, but does not generate {% data variables.product.prodname_dependabot_alerts %} by default. Repository owners or people with admin access can enable {% data variables.product.prodname_dependabot_alerts %}. * **{% data variables.product.prodname_dependabot_alerts %}**: Not enabled by default. {% data variables.product.prodname_dotcom %} detects insecure dependencies and displays information in the dependency graph, but does not generate {% data variables.product.prodname_dependabot_alerts %} by default. Repository owners or people with admin access can enable {% data variables.product.prodname_dependabot_alerts %}.
You can also enable or disable Dependabot alerts for all repositories owned by your user account or organization. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-security-and-analysis-settings-for-your-personal-account)" or "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." You can also enable or disable Dependabot alerts for all repositories owned by your user account or organization. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-security-and-analysis-settings-for-your-personal-account)" or "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."
Private repositories: Private repositories:
* **Dependency graph**—not enabled by default. The feature can be enabled by repository administrators. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)." * **Dependency graph**: Not enabled by default. The feature can be enabled by repository administrators. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)."
{% ifversion fpt %} {% ifversion fpt %}
* **Dependency review**—available in private repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_advanced_security %}. For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review). * **Dependency review**: Available in private repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_advanced_security %}. For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).
{% elsif ghec %} {% elsif ghec %}
* **Dependency review**—available in private repositories owned by organizations provided you have a license for {% data variables.product.prodname_GH_advanced_security %} and the dependency graph enabled. For more information, see "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)" and "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)." * **Dependency review**: Available in private repositories owned by organizations provided you have a license for {% data variables.product.prodname_GH_advanced_security %} and the dependency graph enabled. For more information, see "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)" and "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)."
{% endif %} {% endif %}
* **{% data variables.product.prodname_dependabot_alerts %}**—not enabled by default. Owners of private repositories, or people with admin access, can enable {% data variables.product.prodname_dependabot_alerts %} by enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} for their repositories. * **{% data variables.product.prodname_dependabot_alerts %}**: Not enabled by default. Owners of private repositories, or people with admin access, can enable {% data variables.product.prodname_dependabot_alerts %} by enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} for their repositories.
You can also enable or disable Dependabot alerts for all repositories owned by your user account or organization. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-security-and-analysis-settings-for-your-personal-account)" or "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." You can also enable or disable Dependabot alerts for all repositories owned by your user account or organization. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-security-and-analysis-settings-for-your-personal-account)" or "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."
Any repository type: Any repository type:
* **{% data variables.product.prodname_dependabot_security_updates %}**—not enabled by default. You can enable {% data variables.product.prodname_dependabot_security_updates %} for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For information about enabling security updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)." * **{% data variables.product.prodname_dependabot_security_updates %}**: Not enabled by default. You can enable {% data variables.product.prodname_dependabot_security_updates %} for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For information about enabling security updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)."
* **{% data variables.product.prodname_dependabot_version_updates %}**—not enabled by default. People with write permissions to a repository can enable {% data variables.product.prodname_dependabot_version_updates %}. For information about enabling version updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates)." * **{% data variables.product.prodname_dependabot_version_updates %}**: Not enabled by default. People with write permissions to a repository can enable {% data variables.product.prodname_dependabot_version_updates %}. For information about enabling version updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates)."
{% endif %} {% endif %}
{% ifversion ghes %} {% ifversion ghes %}
* **Dependency graph** and **{% data variables.product.prodname_dependabot_alerts %}**—not enabled by default. Both features are configured at an enterprise level by the enterprise owner. For more information, see {% ifversion ghes %}"[AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise)" and {% endif %}"[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)." * **Dependency graph** and **{% data variables.product.prodname_dependabot_alerts %}**: Not enabled by default. Both features are configured at an enterprise level by the enterprise owner. For more information, see {% ifversion ghes %}"[AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise)" and {% endif %}"[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."
* **Dependency review**—available when dependency graph is enabled for your instance and {% data variables.product.prodname_advanced_security %} is enabled for the organization or repository. For more information, see "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)." * **Dependency review**: Available when dependency graph is enabled for your instance and {% data variables.product.prodname_advanced_security %} is enabled for the organization or repository. For more information, see "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)."
{% endif %} {% endif %}
{% ifversion ghes %} {% ifversion ghes %}
* **{% data variables.product.prodname_dependabot_security_updates %}**—not enabled by default. You can enable {% data variables.product.prodname_dependabot_security_updates %} for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For information about enabling security updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)." * **{% data variables.product.prodname_dependabot_security_updates %}**: Not enabled by default. You can enable {% data variables.product.prodname_dependabot_security_updates %} for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For information about enabling security updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)."
* **{% data variables.product.prodname_dependabot_version_updates %}**—not enabled by default. People with write permissions to a repository can enable {% data variables.product.prodname_dependabot_version_updates %}. For information about enabling version updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates)." * **{% data variables.product.prodname_dependabot_version_updates %}**: Not enabled by default. People with write permissions to a repository can enable {% data variables.product.prodname_dependabot_version_updates %}. For information about enabling version updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates)."
{% endif %} {% endif %}

Просмотреть файл

@ -43,29 +43,29 @@ Before asking us to disclose data, it may be useful to understand how our system
GitHub hosts millions of data repositories using the [Git version control system](https://git-scm.com/video/what-is-version-control). GitHub hosts millions of data repositories using the [Git version control system](https://git-scm.com/video/what-is-version-control).
Repositories on GitHub—which may be public or private—are most commonly used for software development projects, but are also often used to work on content of all kinds. Repositories on GitHub—which may be public or private—are most commonly used for software development projects, but are also often used to work on content of all kinds.
* [**Users**](/get-started/learning-about-github/github-glossary#user) * [**Users**](/get-started/learning-about-github/github-glossary#user):
Users are represented in our system as personal GitHub accounts. Users are represented in our system as personal GitHub accounts.
Each user has a personal profile, and can own multiple repositories. Each user has a personal profile, and can own multiple repositories.
Users can create or be invited to join organizations or to collaborate on another user's repository. Users can create or be invited to join organizations or to collaborate on another user's repository.
* [**Collaborators**](/get-started/learning-about-github/github-glossary#collaborator) * [**Collaborators**](/get-started/learning-about-github/github-glossary#collaborator):
A collaborator is a user with read and write access to a repository who has been invited to contribute by the repository owner. A collaborator is a user with read and write access to a repository who has been invited to contribute by the repository owner.
* [**Organizations**](/get-started/learning-about-github/github-glossary#organization) * [**Organizations**](/get-started/learning-about-github/github-glossary#organization):
Organizations are a group of two or more users that typically mirror real-world organizations, such as businesses or projects. Organizations are a group of two or more users that typically mirror real-world organizations, such as businesses or projects.
They are administered by users and can contain both repositories and teams of users. They are administered by users and can contain both repositories and teams of users.
* [**Repositories**](/get-started/learning-about-github/github-glossary#repository) * [**Repositories**](/get-started/learning-about-github/github-glossary#repository):
A repository is one of the most basic GitHub elements. A repository is one of the most basic GitHub elements.
They may be easiest to imagine as a project's folder. They may be easiest to imagine as a project's folder.
A repository contains all of the project files (including documentation), and stores each file's revision history. A repository contains all of the project files (including documentation), and stores each file's revision history.
Repositories can have multiple collaborators and, at its administrators' discretion, may be publicly viewable or not. Repositories can have multiple collaborators and, at its administrators' discretion, may be publicly viewable or not.
* [**Pages**](/pages/getting-started-with-github-pages/about-github-pages) * [**Pages**](/pages/getting-started-with-github-pages/about-github-pages):
GitHub Pages are public webpages freely hosted by GitHub that users can easily publish through code stored in their repositories. GitHub Pages are public webpages freely hosted by GitHub that users can easily publish through code stored in their repositories.
If a user or organization has a GitHub Page, it can usually be found at a URL such as `https://username.github.io` or they may have the webpage mapped to their own custom domain name. If a user or organization has a GitHub Page, it can usually be found at a URL such as `https://username.github.io` or they may have the webpage mapped to their own custom domain name.
* [**Gists**](/get-started/writing-on-github/editing-and-sharing-content-with-gists/creating-gists) * [**Gists**](/get-started/writing-on-github/editing-and-sharing-content-with-gists/creating-gists):
Gists are snippets of source code or other text that users can use to store ideas or share with friends. Gists are snippets of source code or other text that users can use to store ideas or share with friends.
Like regular GitHub repositories, Gists are created with Git, so they are automatically versioned, forkable and downloadable. Like regular GitHub repositories, Gists are created with Git, so they are automatically versioned, forkable and downloadable.
Gists can either be public or secret (accessible only through a known URL). Public Gists cannot be converted into secret Gists. Gists can either be public or secret (accessible only through a known URL). Public Gists cannot be converted into secret Gists.
@ -75,7 +75,7 @@ Gists can either be public or secret (accessible only through a known URL). Publ
Here is a non-exhaustive list of the kinds of data we maintain about users and projects on GitHub. Here is a non-exhaustive list of the kinds of data we maintain about users and projects on GitHub.
* <a name="public-account-data"></a> * <a name="public-account-data"></a>
**Public account data** **Public account data**:
There is a variety of information publicly available on GitHub about users and their repositories. There is a variety of information publicly available on GitHub about users and their repositories.
User profiles can be found at a URL such as `https://github.com/username`. User profiles can be found at a URL such as `https://github.com/username`.
User profiles display information about when the user created their account as well their public activity on GitHub.com and social interactions. User profiles display information about when the user created their account as well their public activity on GitHub.com and social interactions.
@ -96,7 +96,7 @@ All user public profiles display:
* Organizations to which the user is a member (_depending on either the organizations' or the users' preferences_) * Organizations to which the user is a member (_depending on either the organizations' or the users' preferences_)
* <a name="private-account-data"></a> * <a name="private-account-data"></a>
**Private account data** **Private account data**:
GitHub also collects and maintains certain private information about users as outlined in our [Privacy Policy](/site-policy/privacy-policies/github-privacy-statement). GitHub also collects and maintains certain private information about users as outlined in our [Privacy Policy](/site-policy/privacy-policies/github-privacy-statement).
This may include: This may include:
* Private email addresses * Private email addresses
@ -107,7 +107,7 @@ This may include:
To get a sense of the type of private account information that GitHub collects, you can visit your {% data reusables.user-settings.personal_dashboard %} and browse through the sections in the left-hand menubar. To get a sense of the type of private account information that GitHub collects, you can visit your {% data reusables.user-settings.personal_dashboard %} and browse through the sections in the left-hand menubar.
* <a name="organization-account-data"></a> * <a name="organization-account-data"></a>
**Organization account data** **Organization account data**:
Information about organizations, their administrative users and repositories is publicly available on GitHub. Information about organizations, their administrative users and repositories is publicly available on GitHub.
Organization profiles can be found at a URL such as `https://github.com/organization`. Organization profiles can be found at a URL such as `https://github.com/organization`.
Public organization profiles can also include additional information that the owners have chosen to share publicly. Public organization profiles can also include additional information that the owners have chosen to share publicly.
@ -124,7 +124,7 @@ All organization public profiles display:
* Collaborators * Collaborators
* <a name="public-repository-data"></a> * <a name="public-repository-data"></a>
**Public repository data** **Public repository data**:
GitHub is home to millions of public, open-source software projects. GitHub is home to millions of public, open-source software projects.
You can browse almost any public repository (for example, the [GitHub Docs](https://github.com/github/docs)) to get a sense for the information that GitHub collects and maintains about repositories. You can browse almost any public repository (for example, the [GitHub Docs](https://github.com/github/docs)) to get a sense for the information that GitHub collects and maintains about repositories.
This can include: This can include:
@ -139,11 +139,11 @@ This can include:
* Statistics and graphs showing contributions to the project and the network of contributors * Statistics and graphs showing contributions to the project and the network of contributors
* <a name="private-repository-data"></a> * <a name="private-repository-data"></a>
**Private repository data** **Private repository data**:
GitHub collects and maintains the same type of data for private repositories that can be seen for public repositories, except only specifically invited users may access private repository data. GitHub collects and maintains the same type of data for private repositories that can be seen for public repositories, except only specifically invited users may access private repository data.
* <a name="other-data"></a> * <a name="other-data"></a>
**Other data** **Other data**:
Additionally, GitHub collects analytics data such as page visits and information occasionally volunteered by our users (such as communications with our support team, survey information and/or site registrations). Additionally, GitHub collects analytics data such as page visits and information occasionally volunteered by our users (such as communications with our support team, survey information and/or site registrations).
## We will notify any affected account owners ## We will notify any affected account owners
@ -158,11 +158,11 @@ Where GitHub agrees to produce non-public information in response to a lawful re
Here are the kinds of information we will agree to produce, depending on the kind of legal process we are served with: Here are the kinds of information we will agree to produce, depending on the kind of legal process we are served with:
* <a name="with-user-consent"></a> * <a name="with-user-consent"></a>
**With user consent** **With user consent**:
GitHub will provide private account information, if requested, directly to the user (or an owner, in the case of an organization account), or to a designated third party with the user's written consent once GitHub is satisfied that the user has verified his or her identity. GitHub will provide private account information, if requested, directly to the user (or an owner, in the case of an organization account), or to a designated third party with the user's written consent once GitHub is satisfied that the user has verified his or her identity.
* <a name="with-a-subpoena"></a> * <a name="with-a-subpoena"></a>
**With a subpoena** **With a subpoena**:
If served with a valid subpoena, civil investigative demand, or similar legal process issued in connection with an official criminal or civil investigation, we can provide certain non-public account information, which may include: If served with a valid subpoena, civil investigative demand, or similar legal process issued in connection with an official criminal or civil investigation, we can provide certain non-public account information, which may include:
* Name(s) associated with the account * Name(s) associated with the account
@ -177,7 +177,7 @@ In the case of organization accounts, we can provide the name(s) and email addre
Please note that the information available will vary from case to case. Some of the information is optional for users to provide. In other cases, we may not have collected or retained the information. Please note that the information available will vary from case to case. Some of the information is optional for users to provide. In other cases, we may not have collected or retained the information.
* <a name="with-a-court-order-or-a-search-warrant"></a> * <a name="with-a-court-order-or-a-search-warrant"></a>
**With a court order _or_ a search warrant** We will not disclose account access logs unless compelled to do so by either **With a court order _or_ a search warrant**: We will not disclose account access logs unless compelled to do so by either
(i) a court order issued under 18 U.S.C. Section 2703(d), upon a showing of specific and articulable facts showing that there are reasonable grounds to believe that the information sought is relevant and material to an ongoing criminal investigation; or (i) a court order issued under 18 U.S.C. Section 2703(d), upon a showing of specific and articulable facts showing that there are reasonable grounds to believe that the information sought is relevant and material to an ongoing criminal investigation; or
(ii) a search warrant issued under the procedures described in the Federal Rules of Criminal Procedure or equivalent state warrant procedures, upon a showing of probable cause. (ii) a search warrant issued under the procedures described in the Federal Rules of Criminal Procedure or equivalent state warrant procedures, upon a showing of probable cause.
In addition to the non-public account information listed above, we can provide account access logs in response to a court order or search warrant, which may include: In addition to the non-public account information listed above, we can provide account access logs in response to a court order or search warrant, which may include:
@ -188,7 +188,7 @@ In addition to the non-public account information listed above, we can provide a
* Security access logs other than account creation or for a specific time and date * Security access logs other than account creation or for a specific time and date
* <a name="only-with-a-search-warrant"></a> * <a name="only-with-a-search-warrant"></a>
**Only with a search warrant** **Only with a search warrant**:
We will not disclose the private contents of any account unless compelled to do so under a search warrant issued under the procedures described in the Federal Rules of Criminal Procedure or equivalent state warrant procedures upon a showing of probable cause. We will not disclose the private contents of any account unless compelled to do so under a search warrant issued under the procedures described in the Federal Rules of Criminal Procedure or equivalent state warrant procedures upon a showing of probable cause.
In addition to the non-public account information and account access logs mentioned above, we will also provide private account contents in response to a search warrant, which may include: In addition to the non-public account information and account access logs mentioned above, we will also provide private account contents in response to a search warrant, which may include:
@ -199,7 +199,7 @@ In addition to the non-public account information and account access logs mentio
* Any security keys used for authentication or encryption * Any security keys used for authentication or encryption
* <a name="in-exigent-circumstances"></a> * <a name="in-exigent-circumstances"></a>
**Under exigent circumstances** **Under exigent circumstances**:
If we receive a request for information under certain exigent circumstances (where we believe the disclosure is necessary to prevent an emergency involving danger of death or serious physical injury to a person), we may disclose limited information that we determine necessary to enable law enforcement to address the emergency. For any information beyond that, we would require a subpoena, search warrant, or court order, as described above. For example, we will not disclose contents of private repositories without a search warrant. Before disclosing information, we confirm that the request came from a law enforcement agency, an authority sent an official notice summarizing the emergency, and how the information requested will assist in addressing the emergency. If we receive a request for information under certain exigent circumstances (where we believe the disclosure is necessary to prevent an emergency involving danger of death or serious physical injury to a person), we may disclose limited information that we determine necessary to enable law enforcement to address the emergency. For any information beyond that, we would require a subpoena, search warrant, or court order, as described above. For example, we will not disclose contents of private repositories without a search warrant. Before disclosing information, we confirm that the request came from a law enforcement agency, an authority sent an official notice summarizing the emergency, and how the information requested will assist in addressing the emergency.
## Cost reimbursement ## Cost reimbursement

Просмотреть файл

@ -1,5 +1,5 @@
{% data variables.product.prodname_dependabot %} consists of three different features that help you manage your dependencies: {% data variables.product.prodname_dependabot %} consists of three different features that help you manage your dependencies:
* {% data variables.product.prodname_dependabot_alerts %}—inform you about vulnerabilities in the dependencies that you use in your repository. * {% data variables.product.prodname_dependabot_alerts %}: Inform you about vulnerabilities in the dependencies that you use in your repository.
* {% data variables.product.prodname_dependabot_security_updates %}—automatically raise pull requests to update the dependencies you use that have known security vulnerabilities. * {% data variables.product.prodname_dependabot_security_updates %}: Automatically raise pull requests to update the dependencies you use that have known security vulnerabilities.
* {% data variables.product.prodname_dependabot_version_updates %}—automatically raise pull requests to keep your dependencies up-to-date. * {% data variables.product.prodname_dependabot_version_updates %}: Automatically raise pull requests to keep your dependencies up-to-date.