Merge pull request #15338 from github/repo-sync

repo sync

.github/workflows/azure-preview-env-deploy.yml

@@ -198,6 +198,8 @@ jobs:
             dockerRegistryUrl="${{ secrets.NONPROD_REGISTRY_SERVER }}"
             dockerRegistryUsername="${{ secrets.NONPROD_REGISTRY_USERNAME }}"
             dockerRegistryPassword="${{ secrets.NONPROD_REGISTRY_PASSWORD }}"
+            storageAccountName="${{ secrets.AZURE_STORAGE_ACCOUNT_NAME }}"
+            storageAccountKey="${{ secrets.AZURE_STORAGE_ACCOUNT_KEY }}"
           # this shows warnings in the github actions console, because the flag is passed through a validation run,
           # but it *is* functional during the actual execution
           additionalArguments: --no-wait

azure-preview-env-template.json

@@ -32,6 +32,12 @@
     },
     "dockerRegistryPassword": {
       "type": "SecureString"
+    },
+    "storageAccountName": {
+      "type": "String"
+    },
+    "storageAccountKey": {
+      "type": "SecureString"
     }
   },
   "resources": [
@@ -109,25 +115,21 @@
               },
               "volumeMounts": [
                 {
-                  "name": "data",
+                  "name": "caddy-data",
                   "mountPath": "/data"
-                },
-                {
-                  "name": "config",
-                  "mountPath": "/config"
                 }
               ]
             }
           }
         ],
         "volumes": [
           {
-            "name": "data",
-            "emptyDir": {}
-          },
-          {
-            "name": "config",
-            "emptyDir": {}
+            "name": "caddy-data",
+            "azureFile": {
+                "shareName": "caddy",
+                "storageAccountName": "[parameters('storageAccountName')]",
+                "storageAccountKey": "[parameters('storageAccountKey')]"
+            }
           }
         ],
         "imageRegistryCredentials": [

content/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning.md

@@ -67,7 +67,14 @@ Before defining a custom pattern, you must ensure that {% data variables.product
 {% data reusables.repositories.navigate-to-security-and-analysis %}
 {% data reusables.repositories.navigate-to-ghas-settings %}
 {% data reusables.advanced-security.secret-scanning-new-custom-pattern %}
-{% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}
+{% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5499 %}
+1. When you're ready to test your new custom pattern, to identify matches in the repository without creating alerts, click **Save and dry run**.
+1. When the dry run finishes, you'll see a sample of results (up to 1000) from the repository. Review the results and identify any false positive results.
+   ![Screenshot showing results from dry run](/assets/images/help/repository/secret-scanning-publish-pattern.png)
+1. Edit the new custom pattern to fix any problems with the results, then click **Save and dry run** to test your changes.
+{% indented_data_reference reusables.secret-scanning.beta-dry-runs spaces=3 %}
+{% endif %}
+{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}
 
 After your pattern is created, {% data reusables.secret-scanning.secret-scanning-process %} For more information on viewing {% data variables.product.prodname_secret_scanning %} alerts, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."
 
@@ -116,6 +123,7 @@ Before defining a custom pattern, you must ensure that you enable {% data variab
 {% data reusables.repositories.navigate-to-ghas-settings %}
 {% data reusables.advanced-security.secret-scanning-new-custom-pattern %}
 {% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}
+{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}
 
 After your pattern is created, {% data variables.product.prodname_secret_scanning %} scans for any secrets in {% ifversion fpt or ghec %}private{% endif %} repositories in your organization, including their entire Git history on all branches. Organization owners and repository administrators will be alerted to any secrets found, and can review the alert in the repository where the secret is found. For more information on viewing {% data variables.product.prodname_secret_scanning %} alerts, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."
 
@@ -139,6 +147,7 @@ Before defining a custom pattern, you must ensure that you enable secret scannin
 {% data reusables.enterprise-accounts.advanced-security-security-features %}
 1. Under "Secret scanning custom patterns", click {% ifversion ghes = 3.2 %}**New custom pattern**{% else %}**New pattern**{% endif %}.
 {% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}
+{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}
 
 After your pattern is created, {% data variables.product.prodname_secret_scanning %} scans for any secrets in {% ifversion fpt or ghec %}private{% endif %} repositories within your enterprise's organizations with {% data variables.product.prodname_GH_advanced_security %} enabled, including their entire Git history on all branches. Organization owners and repository administrators will be alerted to any secrets found, and can review the alert in the repository where the secret is found. For more information on viewing {% data variables.product.prodname_secret_scanning %} alerts, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."
 

data/reusables/advanced-security/secret-scanning-add-custom-pattern-details.md

@@ -2,6 +2,8 @@
    1. You must at least provide the name for your pattern, and a regular expression for the format of your secret pattern.
    1. You can click **More options {% octicon "chevron-down" aria-label="down" %}** to provide other surrounding content or additional match requirements for the secret format.
    1. Provide a sample test string to make sure your configuration is matching the patterns you expect.
-
+   {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5499 %}
    ![Create a custom {% data variables.product.prodname_secret_scanning %} pattern form](/assets/images/help/repository/secret-scanning-create-custom-pattern.png)
-1. When you are satisfied with your new custom pattern, click {% ifversion fpt or ghes > 3.2 or ghae or ghec %}**Create pattern**{% elsif ghes = 3.2 %}**Create custom pattern**{% endif %}.
+   {% else %}
+   ![Create a custom {% data variables.product.prodname_secret_scanning %} pattern form](/assets/images/enterprise/3.2/repository/secret-scanning-create-custom-pattern.png)
+   {% endif %}

data/reusables/advanced-security/secret-scanning-create-custom-pattern.md

@@ -0,0 +1 @@
+1. When you're satisfied with your new custom pattern, click {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5499 %}**Publish pattern**{% elsif  ghes > 3.2 or ghae %}**Create pattern**{% elsif ghes = 3.2 %}**Create custom pattern**{% endif %}.

data/reusables/secret-scanning/beta-dry-runs.md

@@ -0,0 +1,6 @@
+
+{% note %}
+
+**Note:** The dry run feature is currently in beta and subject to change.
+
+{% endnote %}