diff --git a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites.md b/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites.md index ce014c9c4f2f..54f485a44eb3 100644 --- a/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites.md +++ b/content/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-codeql-query-suites.md @@ -38,7 +38,7 @@ When creating a query suite, you first need to specify the locations of the queries that you want to select. You can define the location of one or more queries using: -* A `query` instruction—tells {% data variables.product.prodname_codeql %} to look for one or more specified `.ql` +* A `query` instruction: Tells {% data variables.product.prodname_codeql %} to look for one or more specified `.ql` files: ```yaml @@ -48,7 +48,7 @@ files: The argument must be one or more file paths, relative to the {% data variables.product.prodname_codeql %} pack containing the suite definition. -* A `queries` instruction—tells {% data variables.product.prodname_codeql %} to recursively scan a directory +* A `queries` instruction: Tells {% data variables.product.prodname_codeql %} to recursively scan a directory for `.ql` files: ```yaml @@ -68,7 +68,7 @@ for `.ql` files: The `version` field is optional and specifies a range of compatible versions of this {% data variables.product.prodname_codeql %} pack. If you don’t specify a version, then the most recent version of the pack is used. -* A `qlpack` instruction—tells {% data variables.product.prodname_codeql %} to resolve queries in the default suite of the +* A `qlpack` instruction: Tells {% data variables.product.prodname_codeql %} to resolve queries in the default suite of the named {% data variables.product.prodname_codeql %} pack: ```yaml @@ -136,12 +136,12 @@ For more information about query metadata properties, see In addition to metadata tags, the keys in the constraint block can also be: -* `query filename`—matches on the last path component of the query file name. -* `query path`—matches on the path to the query file relative to its +* `query filename`: Matches on the last path component of the query file name. +* `query path`: Matches on the path to the query file relative to its enclosing {% data variables.product.prodname_codeql %} pack. -* `tags contain`—one of the given match strings must match +* `tags contain`: One of the given match strings must match one of the space-separated components of the value of the `@tags` metadata property. -* `tags contain all`—each of the given match strings must match one of the +* `tags contain all`: Each of the given match strings must match one of the components of the `@tags` metadata property. ### Examples of filtering which queries are run @@ -245,7 +245,7 @@ use: Existing query suite definitions can be reused by specifying: -* An `import` instruction—adds the queries selected by a +* An `import` instruction: Adds the queries selected by a previously defined `.qls` file to the current suite: ```yaml @@ -268,7 +268,7 @@ previously defined `.qls` file to the current suite: Queries added using an `import` instruction can be filtered using subsequent `exclude` instructions. -* An `apply` instruction—adds all of the instructions from a +* An `apply` instruction: Adds all of the instructions from a previously defined `.qls` file to the current suite. The instructions in the applied `.qls` file are executed as if they appear in place of `apply`. Any `include` and `exclude` instructions from the applied suite also act on diff --git a/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md b/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md index b2de5e9321ef..ea3fc1925b8c 100644 --- a/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md +++ b/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md @@ -278,11 +278,11 @@ updates: Use the `allow` option to customize which dependencies are updated. This applies to both version and security updates. You can use the following options: -* `dependency-name`—use to allow updates for dependencies with matching names, optionally using `*` to match zero or more characters. +* `dependency-name`: Use to allow updates for dependencies with matching names, optionally using `*` to match zero or more characters. * For Java dependencies, the format of the `dependency-name` attribute is: `groupId:artifactId`; for example: `org.kohsuke:github-api`. * For Docker image tags, the format is the full name of the repository; for example, for an image tag of `.dkr.ecr.us-west-2.amazonaws.com/base/foo/bar/ruby:3.1.0-focal-jemalloc`, use `base/foo/bar/ruby`. -* `dependency-type`—use to allow updates for dependencies of specific types. +* `dependency-type`: Use to allow updates for dependencies of specific types. | Dependency types | Supported by package managers | Allow updates | |------------------|-------------------------------|--------| diff --git a/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md b/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md index 564b5eacd145..48fbce04da2a 100644 --- a/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md +++ b/content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md @@ -256,8 +256,8 @@ If you continue to see CI failures, you should remove the group configuration so If you unblock {% data variables.product.prodname_dependabot %}, you can manually trigger a fresh attempt to create a pull request. -* **Security updates**—display the {% data variables.product.prodname_dependabot %} alert that shows the error you have fixed and click **Create {% data variables.product.prodname_dependabot %} security update**. -* **Version updates**—on the **Insights** tab for the repository click **Dependency graph**, and then click the **Dependabot** tab. Click **Last checked _TIME_ ago** to see the log file that {% data variables.product.prodname_dependabot %} generated during the last check for version updates. Click **Check for updates**. +* **Security updates**: Display the {% data variables.product.prodname_dependabot %} alert that shows the error you have fixed and click **Create {% data variables.product.prodname_dependabot %} security update**. +* **Version updates**: On the **Insights** tab for the repository click **Dependency graph**, and then click the **Dependabot** tab. Click **Last checked _TIME_ ago** to see the log file that {% data variables.product.prodname_dependabot %} generated during the last check for version updates. Click **Check for updates**. ## Further reading diff --git a/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md b/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md index 67410ddce1b1..88e4241c1029 100644 --- a/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md +++ b/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md @@ -72,8 +72,8 @@ No matter how well you tighten your organization to prevent data leaks, some may {% ifversion fpt or ghec %} There are two forms of {% data variables.product.prodname_secret_scanning %} available: **{% data variables.secret-scanning.partner_alerts_caps %}** and **{% data variables.secret-scanning.user_alerts_caps %}**. -* {% data variables.secret-scanning.partner_alerts_caps %}—These are enabled by default and automatically run on all public repositories and public npm packages. -* {% data variables.secret-scanning.user_alerts_caps %}—To get additional scanning capabilities for your organization, you need to enable {% data variables.secret-scanning.user_alerts %}. +* {% data variables.secret-scanning.partner_alerts_caps %}: These are enabled by default and automatically run on all public repositories and public npm packages. +* {% data variables.secret-scanning.user_alerts_caps %}: To get additional scanning capabilities for your organization, you need to enable {% data variables.secret-scanning.user_alerts %}. When enabled, {% data variables.secret-scanning.user_alerts %} can be detected on the following types of repository:{% ifversion fpt %} * Public repositories owned by personal accounts on {% data variables.product.prodname_dotcom_the_website %} diff --git a/content/code-security/getting-started/dependabot-quickstart-guide.md b/content/code-security/getting-started/dependabot-quickstart-guide.md index f7fa67784405..c0c786b00223 100644 --- a/content/code-security/getting-started/dependabot-quickstart-guide.md +++ b/content/code-security/getting-started/dependabot-quickstart-guide.md @@ -76,11 +76,11 @@ If {% data variables.product.prodname_dependabot_alerts %} are enabled for a rep 1. Optionally, you can also explore the information on the right-side of the page. Some of the information shown in the screenshot may not apply to every alert. * Severity - * CVSS metrics—we use CVSS levels to assign severity levels. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-cvss-levels)." + * CVSS metrics: We use CVSS levels to assign severity levels. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-cvss-levels)." * Tags - * Weaknesses—list of CWEs related to the vulnerability, if applicable - * CVE ID—unique CVE identifier for the vulnerability, if applicable - * GHSA ID—unique identifier of the corresponding advisory on the {% data variables.product.prodname_advisory_database %}. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-ghsa-ids)." + * Weaknesses: List of CWEs related to the vulnerability, if applicable + * CVE ID: Unique CVE identifier for the vulnerability, if applicable + * GHSA ID: Unique identifier of the corresponding advisory on the {% data variables.product.prodname_advisory_database %}. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-ghsa-ids)." * Option to navigate to the advisory on the {% data variables.product.prodname_advisory_database %} * Option to see all of your repositories that are affected by this vulnerability * Option to suggest improvements for this advisory on the {% data variables.product.prodname_advisory_database %} diff --git a/content/code-security/secret-scanning/introduction/about-secret-scanning.md b/content/code-security/secret-scanning/introduction/about-secret-scanning.md index 505b99163c74..ef6afa7c951d 100644 --- a/content/code-security/secret-scanning/introduction/about-secret-scanning.md +++ b/content/code-security/secret-scanning/introduction/about-secret-scanning.md @@ -68,27 +68,27 @@ Below is a typical workflow that explains how {% data variables.product.prodname ## About the benefits of {% data variables.product.prodname_secret_scanning %} -* **Enhanced security**—{% data variables.product.prodname_secret_scanning_caps %} scans your repositories for sensitive information like API keys, passwords, tokens, and other secrets. By detecting these early, you can mitigate potential security risks before they are exploited by malicious actors. +* **Enhanced security**: {% data variables.product.prodname_secret_scanning_caps %} scans your repositories for sensitive information like API keys, passwords, tokens, and other secrets. By detecting these early, you can mitigate potential security risks before they are exploited by malicious actors. -* **Automated detection**—The feature automatically scans your codebase, including commits, issues, and pull requests, ensuring continuous protection without requiring manual intervention. This automation helps in maintaining security even as your repository evolves. +* **Automated detection**: The feature automatically scans your codebase, including commits, issues, and pull requests, ensuring continuous protection without requiring manual intervention. This automation helps in maintaining security even as your repository evolves. -* **Real-time alerts**—When a secret is detected, {% data variables.product.prodname_secret_scanning %} provides real-time alerts to repository administrators and contributors. This immediate feedback allows for swift remediation actions. +* **Real-time alerts**: When a secret is detected, {% data variables.product.prodname_secret_scanning %} provides real-time alerts to repository administrators and contributors. This immediate feedback allows for swift remediation actions. {% ifversion fpt or ghec %} -* **Integration with service providers**—{% data variables.product.prodname_dotcom %} partners with various service providers to validate detected secrets. When a secret is identified, {% data variables.product.prodname_dotcom %} notifies the corresponding service provider to take appropriate actions, such as revoking the exposed credential. For more information, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program)." +* **Integration with service providers**: {% data variables.product.prodname_dotcom %} partners with various service providers to validate detected secrets. When a secret is identified, {% data variables.product.prodname_dotcom %} notifies the corresponding service provider to take appropriate actions, such as revoking the exposed credential. For more information, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program)." {% endif %} {% ifversion ghec or ghes %} -* **Custom pattern support**—Organizations can define custom patterns to detect proprietary or unique types of secrets that may not be covered by default patterns. This flexibility allows for tailored security measures specific to your environment. +* **Custom pattern support**: Organizations can define custom patterns to detect proprietary or unique types of secrets that may not be covered by default patterns. This flexibility allows for tailored security measures specific to your environment. {% endif %} {% ifversion secret-scanning-non-provider-patterns %} -* **Ability to detect non-provider patterns**—You can expand the detection to include non-provider patterns such as connection strings, authentication headers, and private keys, for your repository or organization. +* **Ability to detect non-provider patterns**: You can expand the detection to include non-provider patterns such as connection strings, authentication headers, and private keys, for your repository or organization. {% endif %} diff --git a/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md b/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md index 4c594a53ceef..86a5216596ec 100644 --- a/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md +++ b/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md @@ -33,19 +33,19 @@ If you believe that {% data variables.product.prodname_secret_scanning %} should This table lists the secrets supported by {% data variables.product.prodname_secret_scanning %}. You can see the types of alert that get generated for each token, as well as whether a validity check is performed on the token. -* **Provider**—name of the token provider.{% ifversion fpt or ghec %} -* **Partner**—token for which leaks are reported to the relevant token partner. Applies to public repositories only. -* **User**—token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}.{% ifversion secret-scanning-non-provider-patterns %} +* **Provider**: Name of the token provider.{% ifversion fpt or ghec %} +* **Partner**: Token for which leaks are reported to the relevant token partner. Applies to public repositories only. +* **User**: Token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}.{% ifversion secret-scanning-non-provider-patterns %} * Applies to public repositories, and to private repositories where {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_secret_scanning %} are enabled. * Includes {% ifversion secret-scanning-alert-experimental-list %}default{% else %}high confidence{% endif %} tokens, which relate to supported patterns and specified custom patterns, as well as non-provider tokens such as private keys, which usually have a higher ratio of false positives. * For {% data variables.product.prodname_secret_scanning %} to scan for non-provider patterns, the detection of non-provider patterns must be enabled for the repository or the organization. For more information, see "[AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository)." {% data reusables.secret-scanning.non-provider-patterns-beta %}{% endif %}{% endif %}{% ifversion ghes %} -* **{% data variables.product.prodname_secret_scanning_caps %} alert**—token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}.{% ifversion secret-scanning-non-provider-patterns %} +* **{% data variables.product.prodname_secret_scanning_caps %} alert**: Token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}.{% ifversion secret-scanning-non-provider-patterns %} * Applies to private repositories where {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_secret_scanning %} are enabled. * Includes {% ifversion secret-scanning-alert-experimental-list %}default{% else %}high confidence{% endif %} tokens, which relate to supported patterns and specified custom patterns, as well as non-provider tokens such as private keys, which often result in false positives.{% else %} Applies to private repositories where {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_secret_scanning %} enabled.{% endif %}{% endif %} -* **Push protection**—token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}. Applies to repositories with {% data variables.product.prodname_secret_scanning %} and push protection enabled. +* **Push protection**: Token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}. Applies to repositories with {% data variables.product.prodname_secret_scanning %} and push protection enabled. -* **Validity check**—token for which a validity check is implemented. {% ifversion secret-scanning-validity-check-partner-patterns %}For partner tokens, {% data variables.product.prodname_dotcom %} sends the token to the relevant partner. Note that not all partners are based in the United States. For more information, see "[{% data variables.product.prodname_advanced_security %}](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security)" in the Site Policy documentation.{% else %} {% ifversion ghes %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens.{% endif %} {% ifversion fpt %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens, and not shown in the table. For more information about validity check support see "[AUTOTITLE](/enterprise-cloud@latest/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}{% endif %} +* **Validity check**: Token for which a validity check is implemented. {% ifversion secret-scanning-validity-check-partner-patterns %}For partner tokens, {% data variables.product.prodname_dotcom %} sends the token to the relevant partner. Note that not all partners are based in the United States. For more information, see "[{% data variables.product.prodname_advanced_security %}](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security)" in the Site Policy documentation.{% else %} {% ifversion ghes %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens.{% endif %} {% ifversion fpt %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens, and not shown in the table. For more information about validity check support see "[AUTOTITLE](/enterprise-cloud@latest/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}{% endif %} {% ifversion secret-scanning-non-provider-patterns %} diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md index e3eaa1580847..a8ce6db98c20 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md @@ -80,10 +80,10 @@ For more information about dependency review, see "[AUTOTITLE](/code-security/su {% data variables.product.prodname_dependabot %} keeps your dependencies up to date by informing you of any security vulnerabilities in your dependencies, and automatically opens pull requests to upgrade your dependencies to the next available secure version when a {% data variables.product.prodname_dependabot %} alert is triggered, or to the latest version when a release is published. The term "{% data variables.product.prodname_dependabot %}" encompasses the following features: -* {% data variables.product.prodname_dependabot_alerts %}—Displayed notification on the **Security** tab for the repository, and in the repository's dependency graph. The alert includes a link to the affected file in the project, and information about a fixed version. +* {% data variables.product.prodname_dependabot_alerts %}: Displayed notification on the **Security** tab for the repository, and in the repository's dependency graph. The alert includes a link to the affected file in the project, and information about a fixed version. * {% data variables.product.prodname_dependabot_updates %}: - * {% data variables.product.prodname_dependabot_security_updates %}—Triggered updates to upgrade your dependencies to a secure version when an alert is triggered. - * {% data variables.product.prodname_dependabot_version_updates %}—Scheduled updates to keep your dependencies up to date with the latest version. + * {% data variables.product.prodname_dependabot_security_updates %}: Triggered updates to upgrade your dependencies to a secure version when an alert is triggered. + * {% data variables.product.prodname_dependabot_version_updates %}: Scheduled updates to keep your dependencies up to date with the latest version. {% ifversion fpt or ghec %}Pull requests opened by {% data variables.product.prodname_dependabot %} can trigger workflows that run actions. For more information, see "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions)."{% endif %} @@ -139,31 +139,31 @@ For more information about {% data variables.product.prodname_dependabot_updates {% ifversion fpt or ghec %} Public repositories: -* **Dependency graph**—enabled by default and cannot be disabled. -* **Dependency review**—enabled by default and cannot be disabled. -* **{% data variables.product.prodname_dependabot_alerts %}**—not enabled by default. {% data variables.product.prodname_dotcom %} detects insecure dependencies and displays information in the dependency graph, but does not generate {% data variables.product.prodname_dependabot_alerts %} by default. Repository owners or people with admin access can enable {% data variables.product.prodname_dependabot_alerts %}. +* **Dependency graph**: Enabled by default and cannot be disabled. +* **Dependency review**: Enabled by default and cannot be disabled. +* **{% data variables.product.prodname_dependabot_alerts %}**: Not enabled by default. {% data variables.product.prodname_dotcom %} detects insecure dependencies and displays information in the dependency graph, but does not generate {% data variables.product.prodname_dependabot_alerts %} by default. Repository owners or people with admin access can enable {% data variables.product.prodname_dependabot_alerts %}. You can also enable or disable Dependabot alerts for all repositories owned by your user account or organization. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-security-and-analysis-settings-for-your-personal-account)" or "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." Private repositories: -* **Dependency graph**—not enabled by default. The feature can be enabled by repository administrators. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)." +* **Dependency graph**: Not enabled by default. The feature can be enabled by repository administrators. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)." {% ifversion fpt %} -* **Dependency review**—available in private repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_advanced_security %}. For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review). +* **Dependency review**: Available in private repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_advanced_security %}. For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review). {% elsif ghec %} -* **Dependency review**—available in private repositories owned by organizations provided you have a license for {% data variables.product.prodname_GH_advanced_security %} and the dependency graph enabled. For more information, see "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)" and "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)." +* **Dependency review**: Available in private repositories owned by organizations provided you have a license for {% data variables.product.prodname_GH_advanced_security %} and the dependency graph enabled. For more information, see "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)" and "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)." {% endif %} -* **{% data variables.product.prodname_dependabot_alerts %}**—not enabled by default. Owners of private repositories, or people with admin access, can enable {% data variables.product.prodname_dependabot_alerts %} by enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} for their repositories. +* **{% data variables.product.prodname_dependabot_alerts %}**: Not enabled by default. Owners of private repositories, or people with admin access, can enable {% data variables.product.prodname_dependabot_alerts %} by enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} for their repositories. You can also enable or disable Dependabot alerts for all repositories owned by your user account or organization. For more information, see "[AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-security-and-analysis-settings-for-your-personal-account)" or "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)." Any repository type: -* **{% data variables.product.prodname_dependabot_security_updates %}**—not enabled by default. You can enable {% data variables.product.prodname_dependabot_security_updates %} for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For information about enabling security updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)." -* **{% data variables.product.prodname_dependabot_version_updates %}**—not enabled by default. People with write permissions to a repository can enable {% data variables.product.prodname_dependabot_version_updates %}. For information about enabling version updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates)." +* **{% data variables.product.prodname_dependabot_security_updates %}**: Not enabled by default. You can enable {% data variables.product.prodname_dependabot_security_updates %} for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For information about enabling security updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)." +* **{% data variables.product.prodname_dependabot_version_updates %}**: Not enabled by default. People with write permissions to a repository can enable {% data variables.product.prodname_dependabot_version_updates %}. For information about enabling version updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates)." {% endif %} {% ifversion ghes %} -* **Dependency graph** and **{% data variables.product.prodname_dependabot_alerts %}**—not enabled by default. Both features are configured at an enterprise level by the enterprise owner. For more information, see {% ifversion ghes %}"[AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise)" and {% endif %}"[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)." -* **Dependency review**—available when dependency graph is enabled for your instance and {% data variables.product.prodname_advanced_security %} is enabled for the organization or repository. For more information, see "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)." +* **Dependency graph** and **{% data variables.product.prodname_dependabot_alerts %}**: Not enabled by default. Both features are configured at an enterprise level by the enterprise owner. For more information, see {% ifversion ghes %}"[AUTOTITLE](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise)" and {% endif %}"[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)." +* **Dependency review**: Available when dependency graph is enabled for your instance and {% data variables.product.prodname_advanced_security %} is enabled for the organization or repository. For more information, see "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)." {% endif %} {% ifversion ghes %} -* **{% data variables.product.prodname_dependabot_security_updates %}**—not enabled by default. You can enable {% data variables.product.prodname_dependabot_security_updates %} for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For information about enabling security updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)." -* **{% data variables.product.prodname_dependabot_version_updates %}**—not enabled by default. People with write permissions to a repository can enable {% data variables.product.prodname_dependabot_version_updates %}. For information about enabling version updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates)." +* **{% data variables.product.prodname_dependabot_security_updates %}**: Not enabled by default. You can enable {% data variables.product.prodname_dependabot_security_updates %} for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For information about enabling security updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)." +* **{% data variables.product.prodname_dependabot_version_updates %}**: Not enabled by default. People with write permissions to a repository can enable {% data variables.product.prodname_dependabot_version_updates %}. For information about enabling version updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates)." {% endif %} diff --git a/content/site-policy/other-site-policies/guidelines-for-legal-requests-of-user-data.md b/content/site-policy/other-site-policies/guidelines-for-legal-requests-of-user-data.md index c2488ea5886c..26c59ed430dd 100644 --- a/content/site-policy/other-site-policies/guidelines-for-legal-requests-of-user-data.md +++ b/content/site-policy/other-site-policies/guidelines-for-legal-requests-of-user-data.md @@ -43,29 +43,29 @@ Before asking us to disclose data, it may be useful to understand how our system GitHub hosts millions of data repositories using the [Git version control system](https://git-scm.com/video/what-is-version-control). Repositories on GitHub—which may be public or private—are most commonly used for software development projects, but are also often used to work on content of all kinds. -* [**Users**](/get-started/learning-about-github/github-glossary#user) — +* [**Users**](/get-started/learning-about-github/github-glossary#user): Users are represented in our system as personal GitHub accounts. Each user has a personal profile, and can own multiple repositories. Users can create or be invited to join organizations or to collaborate on another user's repository. -* [**Collaborators**](/get-started/learning-about-github/github-glossary#collaborator) — +* [**Collaborators**](/get-started/learning-about-github/github-glossary#collaborator): A collaborator is a user with read and write access to a repository who has been invited to contribute by the repository owner. -* [**Organizations**](/get-started/learning-about-github/github-glossary#organization) — +* [**Organizations**](/get-started/learning-about-github/github-glossary#organization): Organizations are a group of two or more users that typically mirror real-world organizations, such as businesses or projects. They are administered by users and can contain both repositories and teams of users. -* [**Repositories**](/get-started/learning-about-github/github-glossary#repository) — +* [**Repositories**](/get-started/learning-about-github/github-glossary#repository): A repository is one of the most basic GitHub elements. They may be easiest to imagine as a project's folder. A repository contains all of the project files (including documentation), and stores each file's revision history. Repositories can have multiple collaborators and, at its administrators' discretion, may be publicly viewable or not. -* [**Pages**](/pages/getting-started-with-github-pages/about-github-pages) — +* [**Pages**](/pages/getting-started-with-github-pages/about-github-pages): GitHub Pages are public webpages freely hosted by GitHub that users can easily publish through code stored in their repositories. If a user or organization has a GitHub Page, it can usually be found at a URL such as `https://username.github.io` or they may have the webpage mapped to their own custom domain name. -* [**Gists**](/get-started/writing-on-github/editing-and-sharing-content-with-gists/creating-gists) — +* [**Gists**](/get-started/writing-on-github/editing-and-sharing-content-with-gists/creating-gists): Gists are snippets of source code or other text that users can use to store ideas or share with friends. Like regular GitHub repositories, Gists are created with Git, so they are automatically versioned, forkable and downloadable. Gists can either be public or secret (accessible only through a known URL). Public Gists cannot be converted into secret Gists. @@ -75,7 +75,7 @@ Gists can either be public or secret (accessible only through a known URL). Publ Here is a non-exhaustive list of the kinds of data we maintain about users and projects on GitHub. * -**Public account data** — +**Public account data**: There is a variety of information publicly available on GitHub about users and their repositories. User profiles can be found at a URL such as `https://github.com/username`. User profiles display information about when the user created their account as well their public activity on GitHub.com and social interactions. @@ -96,7 +96,7 @@ All user public profiles display: * Organizations to which the user is a member (_depending on either the organizations' or the users' preferences_) * -**Private account data** — +**Private account data**: GitHub also collects and maintains certain private information about users as outlined in our [Privacy Policy](/site-policy/privacy-policies/github-privacy-statement). This may include: * Private email addresses @@ -107,7 +107,7 @@ This may include: To get a sense of the type of private account information that GitHub collects, you can visit your {% data reusables.user-settings.personal_dashboard %} and browse through the sections in the left-hand menubar. * -**Organization account data** — +**Organization account data**: Information about organizations, their administrative users and repositories is publicly available on GitHub. Organization profiles can be found at a URL such as `https://github.com/organization`. Public organization profiles can also include additional information that the owners have chosen to share publicly. @@ -124,7 +124,7 @@ All organization public profiles display: * Collaborators * -**Public repository data** — +**Public repository data**: GitHub is home to millions of public, open-source software projects. You can browse almost any public repository (for example, the [GitHub Docs](https://github.com/github/docs)) to get a sense for the information that GitHub collects and maintains about repositories. This can include: @@ -139,11 +139,11 @@ This can include: * Statistics and graphs showing contributions to the project and the network of contributors * -**Private repository data** — +**Private repository data**: GitHub collects and maintains the same type of data for private repositories that can be seen for public repositories, except only specifically invited users may access private repository data. * -**Other data** — +**Other data**: Additionally, GitHub collects analytics data such as page visits and information occasionally volunteered by our users (such as communications with our support team, survey information and/or site registrations). ## We will notify any affected account owners @@ -158,11 +158,11 @@ Where GitHub agrees to produce non-public information in response to a lawful re Here are the kinds of information we will agree to produce, depending on the kind of legal process we are served with: * -**With user consent** — +**With user consent**: GitHub will provide private account information, if requested, directly to the user (or an owner, in the case of an organization account), or to a designated third party with the user's written consent once GitHub is satisfied that the user has verified his or her identity. * -**With a subpoena** — +**With a subpoena**: If served with a valid subpoena, civil investigative demand, or similar legal process issued in connection with an official criminal or civil investigation, we can provide certain non-public account information, which may include: * Name(s) associated with the account @@ -177,7 +177,7 @@ In the case of organization accounts, we can provide the name(s) and email addre Please note that the information available will vary from case to case. Some of the information is optional for users to provide. In other cases, we may not have collected or retained the information. * -**With a court order _or_ a search warrant** — We will not disclose account access logs unless compelled to do so by either +**With a court order _or_ a search warrant**: We will not disclose account access logs unless compelled to do so by either (i) a court order issued under 18 U.S.C. Section 2703(d), upon a showing of specific and articulable facts showing that there are reasonable grounds to believe that the information sought is relevant and material to an ongoing criminal investigation; or (ii) a search warrant issued under the procedures described in the Federal Rules of Criminal Procedure or equivalent state warrant procedures, upon a showing of probable cause. In addition to the non-public account information listed above, we can provide account access logs in response to a court order or search warrant, which may include: @@ -188,7 +188,7 @@ In addition to the non-public account information listed above, we can provide a * Security access logs other than account creation or for a specific time and date * -**Only with a search warrant** — +**Only with a search warrant**: We will not disclose the private contents of any account unless compelled to do so under a search warrant issued under the procedures described in the Federal Rules of Criminal Procedure or equivalent state warrant procedures upon a showing of probable cause. In addition to the non-public account information and account access logs mentioned above, we will also provide private account contents in response to a search warrant, which may include: @@ -199,7 +199,7 @@ In addition to the non-public account information and account access logs mentio * Any security keys used for authentication or encryption * -**Under exigent circumstances** — +**Under exigent circumstances**: If we receive a request for information under certain exigent circumstances (where we believe the disclosure is necessary to prevent an emergency involving danger of death or serious physical injury to a person), we may disclose limited information that we determine necessary to enable law enforcement to address the emergency. For any information beyond that, we would require a subpoena, search warrant, or court order, as described above. For example, we will not disclose contents of private repositories without a search warrant. Before disclosing information, we confirm that the request came from a law enforcement agency, an authority sent an official notice summarizing the emergency, and how the information requested will assist in addressing the emergency. ## Cost reimbursement diff --git a/data/reusables/dependabot/dependabot-overview.md b/data/reusables/dependabot/dependabot-overview.md index 0d732e50ff0b..e70fd398031c 100644 --- a/data/reusables/dependabot/dependabot-overview.md +++ b/data/reusables/dependabot/dependabot-overview.md @@ -1,5 +1,5 @@ {% data variables.product.prodname_dependabot %} consists of three different features that help you manage your dependencies: -* {% data variables.product.prodname_dependabot_alerts %}—inform you about vulnerabilities in the dependencies that you use in your repository. -* {% data variables.product.prodname_dependabot_security_updates %}—automatically raise pull requests to update the dependencies you use that have known security vulnerabilities. -* {% data variables.product.prodname_dependabot_version_updates %}—automatically raise pull requests to keep your dependencies up-to-date. +* {% data variables.product.prodname_dependabot_alerts %}: Inform you about vulnerabilities in the dependencies that you use in your repository. +* {% data variables.product.prodname_dependabot_security_updates %}: Automatically raise pull requests to update the dependencies you use that have known security vulnerabilities. +* {% data variables.product.prodname_dependabot_version_updates %}: Automatically raise pull requests to keep your dependencies up-to-date.