From d6838593f16c4b800e83cac82f6d398a14f7516d Mon Sep 17 00:00:00 2001
From: Sophie <29382425+sophietheking@users.noreply.github.com>
Date: Fri, 14 Oct 2022 02:35:24 +0200
Subject: [PATCH] [2022-10-13]: Secret scanning: Backfill scans for new token
 types - [GA] (#31561)

---
 .../code-security/secret-scanning/about-secret-scanning.md  | 4 ++--
 data/features/secret-scanning-backfills.yml                 | 6 ++++++
 2 files changed, 8 insertions(+), 2 deletions(-)
 create mode 100644 data/features/secret-scanning-backfills.yml

diff --git a/content/code-security/secret-scanning/about-secret-scanning.md b/content/code-security/secret-scanning/about-secret-scanning.md
index e785be75ea..519e8b2ba2 100644
--- a/content/code-security/secret-scanning/about-secret-scanning.md
+++ b/content/code-security/secret-scanning/about-secret-scanning.md
@@ -68,7 +68,7 @@ You cannot change the configuration of {% data variables.product.prodname_secret
 ## About {% data variables.product.prodname_secret_scanning %} on {% data variables.product.product_name %}
 {% endif %}
 
-{% data variables.product.prodname_secret_scanning_GHAS_caps %} is available on all organization-owned repositories as part of {% data variables.product.prodname_GH_advanced_security %}. It is not available on user-owned repositories. When you enable {% data variables.product.prodname_secret_scanning %} for a repository, {% data variables.product.prodname_dotcom %} scans the code for patterns that match secrets used by many service providers. For more information, see "{% ifversion ghec %}[Supported secrets for advanced security](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets-for-advanced-security){% else %}[{% data variables.product.prodname_secret_scanning_caps %} patterns](/code-security/secret-scanning/secret-scanning-patterns){% endif %}."
+{% data variables.product.prodname_secret_scanning_GHAS_caps %} is available on all organization-owned repositories as part of {% data variables.product.prodname_GH_advanced_security %}. It is not available on user-owned repositories. When you enable {% data variables.product.prodname_secret_scanning %} for a repository, {% data variables.product.prodname_dotcom %} scans the code for patterns that match secrets used by many service providers. {% ifversion secret-scanning-backfills %}{% data variables.product.prodname_dotcom %} will also periodically run a full git history scan of existing content in {% data variables.product.prodname_GH_advanced_security %} repositories where {% data variables.product.prodname_secret_scanning %} is enabled, and send alert notifications following the {% data variables.product.prodname_secret_scanning %} alert notification settings. {% endif %}For more information, see "{% ifversion ghec %}[Supported secrets for advanced security](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets-for-advanced-security){% else %}[{% data variables.product.prodname_secret_scanning_caps %} patterns](/code-security/secret-scanning/secret-scanning-patterns){% endif %}."
 
 If you're a repository administrator you can enable {% data variables.product.prodname_secret_scanning_GHAS %} for any repository{% ifversion ghec or ghes > 3.4 or ghae > 3.4 %}, including archived repositories{% endif %}. Organization owners can also enable {% data variables.product.prodname_secret_scanning_GHAS %} for all repositories or for all new repositories within an organization. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)" and "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)."
 
@@ -76,7 +76,7 @@ If you're a repository administrator you can enable {% data variables.product.pr
 {% endif %}
 ### About {% data variables.product.prodname_secret_scanning %} alerts
 
-When you push commits to a repository with {% data variables.product.prodname_secret_scanning %} enabled, {% data variables.product.prodname_dotcom %} scans the contents of those commits for secrets that match patterns defined by service providers{% ifversion ghes or ghae or ghec %} and any custom patterns defined in your enterprise, organization, or repository{% endif %}. 
+When you enable {% data variables.product.prodname_secret_scanning %} for a repository or push commits to a repository with {% data variables.product.prodname_secret_scanning %} enabled, {% data variables.product.prodname_dotcom %} scans the contents of those commits for secrets that match patterns defined by service providers{% ifversion ghes or ghae or ghec %} and any custom patterns defined in your enterprise, organization, or repository{% endif %}. {% ifversion secret-scanning-backfills %}{% data variables.product.prodname_dotcom %} also periodically runs a scan of all historical content in repositories with {% data variables.product.prodname_secret_scanning %} enabled.{% endif%}
 
 If {% data variables.product.prodname_secret_scanning %} detects a secret, {% data variables.product.prodname_dotcom %} generates an alert.
 
diff --git a/data/features/secret-scanning-backfills.yml b/data/features/secret-scanning-backfills.yml
new file mode 100644
index 0000000000..a83c4454dd
--- /dev/null
+++ b/data/features/secret-scanning-backfills.yml
@@ -0,0 +1,6 @@
+# Reference: #7525.
+# Documentation for secret scanning: backfill scans for new tokens types.
+versions:
+  ghec: '*'
+  ghes: '>=3.8'
+  ghae: '>= 3.8'