Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

repo sync #15338

Merged
merged 3 commits into from
Feb 10, 2022
Merged

repo sync #15338

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8ccd2a8
Minimum changes for secret scanning dry-runs (#24548)
felicitymay Feb 10, 2022
749149e
Add persistent caddy storage (#25242)
mikesurowiec Feb 10, 2022
933a806
Merge branch 'main' into repo-sync
Octomerger Feb 10, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .github/workflows/azure-preview-env-deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -198,6 +198,8 @@ jobs:
dockerRegistryUrl="${{ secrets.NONPROD_REGISTRY_SERVER }}"
dockerRegistryUsername="${{ secrets.NONPROD_REGISTRY_USERNAME }}"
dockerRegistryPassword="${{ secrets.NONPROD_REGISTRY_PASSWORD }}"
storageAccountName="${{ secrets.AZURE_STORAGE_ACCOUNT_NAME }}"
storageAccountKey="${{ secrets.AZURE_STORAGE_ACCOUNT_KEY }}"
# this shows warnings in the github actions console, because the flag is passed through a validation run,
# but it *is* functional during the actual execution
additionalArguments: --no-wait
Binary file added assets/images/enterprise/3.2/repository/secret-scanning-create-custom-pattern.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified assets/images/help/repository/secret-scanning-create-custom-pattern.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/images/help/repository/secret-scanning-publish-pattern.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
24 changes: 13 additions & 11 deletions azure-preview-env-template.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,12 @@
},
"dockerRegistryPassword": {
"type": "SecureString"
},
"storageAccountName": {
"type": "String"
},
"storageAccountKey": {
"type": "SecureString"
}
},
"resources": [
Expand Down Expand Up @@ -109,25 +115,21 @@
},
"volumeMounts": [
{
"name": "data",
"name": "caddy-data",
"mountPath": "/data"
},
{
"name": "config",
"mountPath": "/config"
}
]
}
}
],
"volumes": [
{
"name": "data",
"emptyDir": {}
},
{
"name": "config",
"emptyDir": {}
"name": "caddy-data",
"azureFile": {
"shareName": "caddy",
"storageAccountName": "[parameters('storageAccountName')]",
"storageAccountKey": "[parameters('storageAccountKey')]"
}
}
],
"imageRegistryCredentials": [
Expand Down
11 changes: 10 additions & 1 deletion ...t/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,14 @@ Before defining a custom pattern, you must ensure that {% data variables.product
{% data reusables.repositories.navigate-to-security-and-analysis %}
{% data reusables.repositories.navigate-to-ghas-settings %}
{% data reusables.advanced-security.secret-scanning-new-custom-pattern %}
{% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}
{% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5499 %}
1. When you're ready to test your new custom pattern, to identify matches in the repository without creating alerts, click **Save and dry run**.
1. When the dry run finishes, you'll see a sample of results (up to 1000) from the repository. Review the results and identify any false positive results.
![Screenshot showing results from dry run](/assets/images/help/repository/secret-scanning-publish-pattern.png)
1. Edit the new custom pattern to fix any problems with the results, then click **Save and dry run** to test your changes.
{% indented_data_reference reusables.secret-scanning.beta-dry-runs spaces=3 %}
{% endif %}
{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}

After your pattern is created, {% data reusables.secret-scanning.secret-scanning-process %} For more information on viewing {% data variables.product.prodname_secret_scanning %} alerts, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."

Expand Down Expand Up @@ -116,6 +123,7 @@ Before defining a custom pattern, you must ensure that you enable {% data variab
{% data reusables.repositories.navigate-to-ghas-settings %}
{% data reusables.advanced-security.secret-scanning-new-custom-pattern %}
{% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}
{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}

After your pattern is created, {% data variables.product.prodname_secret_scanning %} scans for any secrets in {% ifversion fpt or ghec %}private{% endif %} repositories in your organization, including their entire Git history on all branches. Organization owners and repository administrators will be alerted to any secrets found, and can review the alert in the repository where the secret is found. For more information on viewing {% data variables.product.prodname_secret_scanning %} alerts, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."

Expand All @@ -139,6 +147,7 @@ Before defining a custom pattern, you must ensure that you enable secret scannin
{% data reusables.enterprise-accounts.advanced-security-security-features %}
1. Under "Secret scanning custom patterns", click {% ifversion ghes = 3.2 %}**New custom pattern**{% else %}**New pattern**{% endif %}.
{% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}
{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}

After your pattern is created, {% data variables.product.prodname_secret_scanning %} scans for any secrets in {% ifversion fpt or ghec %}private{% endif %} repositories within your enterprise's organizations with {% data variables.product.prodname_GH_advanced_security %} enabled, including their entire Git history on all branches. Organization owners and repository administrators will be alerted to any secrets found, and can review the alert in the repository where the secret is found. For more information on viewing {% data variables.product.prodname_secret_scanning %} alerts, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."

Expand Down
6 changes: 4 additions & 2 deletions data/reusables/advanced-security/secret-scanning-add-custom-pattern-details.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@
1. You must at least provide the name for your pattern, and a regular expression for the format of your secret pattern.
1. You can click **More options {% octicon "chevron-down" aria-label="down" %}** to provide other surrounding content or additional match requirements for the secret format.
1. Provide a sample test string to make sure your configuration is matching the patterns you expect.

{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5499 %}
![Create a custom {% data variables.product.prodname_secret_scanning %} pattern form](/assets/images/help/repository/secret-scanning-create-custom-pattern.png)
1. When you are satisfied with your new custom pattern, click {% ifversion fpt or ghes > 3.2 or ghae or ghec %}**Create pattern**{% elsif ghes = 3.2 %}**Create custom pattern**{% endif %}.
{% else %}
![Create a custom {% data variables.product.prodname_secret_scanning %} pattern form](/assets/images/enterprise/3.2/repository/secret-scanning-create-custom-pattern.png)
{% endif %}
1 change: 1 addition & 0 deletions data/reusables/advanced-security/secret-scanning-create-custom-pattern.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
1. When you're satisfied with your new custom pattern, click {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5499 %}**Publish pattern**{% elsif ghes > 3.2 or ghae %}**Create pattern**{% elsif ghes = 3.2 %}**Create custom pattern**{% endif %}.
6 changes: 6 additions & 0 deletions data/reusables/secret-scanning/beta-dry-runs.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@

{% note %}

**Note:** The dry run feature is currently in beta and subject to change.

{% endnote %}