From f87b59f87656807b63bbe2b4b08617069cd503e4 Mon Sep 17 00:00:00 2001 From: Artur Kordowski <9746197+akordowski@users.noreply.github.com> Date: Mon, 18 Nov 2024 14:22:42 +0100 Subject: [PATCH 1/4] Fix "Code security" feature description --- ...-analysis-settings-for-your-personal-account.md | 4 ++-- .../enabling-dependabot-for-your-enterprise.md | 2 +- ...de-security-and-analysis-for-your-enterprise.md | 2 +- ...configuring-advanced-setup-for-code-scanning.md | 2 +- ...ing-default-setup-for-code-scanning-at-scale.md | 2 +- .../configuring-default-setup-for-code-scanning.md | 2 +- .../editing-your-configuration-of-default-setup.md | 4 ++-- .../configuring-dependabot-alerts.md | 14 +++++++------- ...preset-rules-to-prioritize-dependabot-alerts.md | 2 +- .../configuring-dependabot-security-updates.md | 6 +++--- .../configuring-dependabot-version-updates.md | 4 ++-- .../getting-started/dependabot-quickstart-guide.md | 2 +- ...enabling-push-protection-for-your-repository.md | 2 +- ...enabling-secret-scanning-for-your-repository.md | 4 ++-- ...defining-custom-patterns-for-secret-scanning.md | 4 ++-- .../custom-patterns/managing-custom-patterns.md | 4 ++-- ...nabling-delegated-bypass-for-push-protection.md | 2 +- .../push-protection-for-users.md | 2 +- ...obal-security-settings-for-your-organization.md | 2 +- ...ate-vulnerability-reporting-for-a-repository.md | 4 ++-- .../security-overview/about-security-overview.md | 2 +- .../configuring-dependency-review.md | 2 +- .../exploring-the-dependencies-of-a-repository.md | 2 +- ...-and-analysis-settings-for-your-organization.md | 4 ++-- ...ty-and-analysis-settings-for-your-repository.md | 4 ++-- .../click-code-security-enterprise.md | 2 +- .../organizations/security-and-analysis.md | 2 +- .../navigate-to-code-security-and-analysis.md | 2 +- .../view-configurations-page.md | 2 +- data/reusables/user-settings/security-analysis.md | 2 +- 30 files changed, 47 insertions(+), 47 deletions(-) diff --git a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-security-and-analysis-settings-for-your-personal-account.md b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-security-and-analysis-settings-for-your-personal-account.md index 200c74cbe3ef..a5a55ee899a3 100644 --- a/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-security-and-analysis-settings-for-your-personal-account.md +++ b/content/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/managing-security-and-analysis-settings-for-your-personal-account.md @@ -32,7 +32,7 @@ For an overview of repository-level security, see "[AUTOTITLE](/code-security/ge {% data reusables.user-settings.access_settings %} {% data reusables.user-settings.security-analysis %} -1. Under "Code security and analysis", to the right of the feature, click **Disable all** or **Enable all**. +1. Under "Code security", to the right of the feature, click **Disable all** or **Enable all**. 1. Optionally, enable the feature by default for new repositories that you own.{% ifversion not ghes %} ![Screenshot of the "Enable FEATURE" modal dialog, with the "Enable by default for new private repositories" option highlighted with a dark orange outline.](/assets/images/help/settings/security-and-analysis-enable-by-default-in-modal.png){% endif %} @@ -45,7 +45,7 @@ For an overview of repository-level security, see "[AUTOTITLE](/code-security/ge {% data reusables.user-settings.access_settings %} {% data reusables.user-settings.security-analysis %} -1. Under "Code security and analysis", to the right of the feature, enable or disable the feature by default for new repositories that you own. +1. Under "Code security", to the right of the feature, enable or disable the feature by default for new repositories that you own. ## Further reading diff --git a/content/admin/configuring-settings/configuring-github-connect/enabling-dependabot-for-your-enterprise.md b/content/admin/configuring-settings/configuring-github-connect/enabling-dependabot-for-your-enterprise.md index e2cdee276458..13125e4e38e8 100644 --- a/content/admin/configuring-settings/configuring-github-connect/enabling-dependabot-for-your-enterprise.md +++ b/content/admin/configuring-settings/configuring-github-connect/enabling-dependabot-for-your-enterprise.md @@ -85,7 +85,7 @@ Before you can enable {% data variables.product.prodname_dependabot_alerts %}, y > [!TIP] > We recommend configuring {% data variables.product.prodname_dependabot_alerts %} without notifications for the first few days to avoid an overload of realtime notifications. After a few days, you can enable notifications to receive {% data variables.product.prodname_dependabot_alerts %} as usual. -You can now enable {% data variables.product.prodname_dependabot_alerts %} for all existing or new private and internal repositories in the enterprise settings page for "Code security and analysis." Alternatively, repository administrators and organization owners can enable {% data variables.product.prodname_dependabot_alerts %} for each repository and organization. Public repositories are always enabled by default. For more information, see "[AUTOTITLE](/enterprise-server@latest/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts)." +You can now enable {% data variables.product.prodname_dependabot_alerts %} for all existing or new private and internal repositories in the enterprise settings page for "Code security". Alternatively, repository administrators and organization owners can enable {% data variables.product.prodname_dependabot_alerts %} for each repository and organization. Public repositories are always enabled by default. For more information, see "[AUTOTITLE](/enterprise-server@latest/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts)." {% ifversion dependabot-updates-github-connect %} diff --git a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise.md index 96e2d57854d9..d037c421c890 100644 --- a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise.md +++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise.md @@ -55,7 +55,7 @@ Across all organizations owned by your enterprise, you can control whether organ {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.policies-tab %} -1. Under "{% octicon "law" aria-hidden="true" %} Policies", click **Code security and analysis**. +1. Under "{% octicon "law" aria-hidden="true" %} Policies", click **{% octicon "codescan" aria-hidden="true" %} Code security**. 1. Under "Dependency insights", review the information about changing the setting. 1. {% data reusables.enterprise-accounts.view-current-policy-config-orgs %} 1. Under "Dependency insights", select the dropdown menu and click a policy. diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md index 915aa87a5c68..7d6f37a3fb68 100644 --- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md +++ b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md @@ -71,7 +71,7 @@ You can customize your {% data variables.product.prodname_codeql %} analysis by > [!NOTE] > If you are switching from default setup to advanced setup, in the "{% data variables.product.prodname_code_scanning_caps %}" section, select {% octicon "kebab-horizontal" aria-label="Menu" %}, then click **{% octicon "workflow" aria-hidden="true" %} Switch to advanced**. In the pop-up window that appears, click **Disable {% data variables.product.prodname_codeql %}**. - ![Screenshot of the "{% data variables.product.prodname_code_scanning_caps %}" section of "Code security and analysis" settings. The "Advanced setup" button is highlighted with an orange outline.](/assets/images/help/security/advanced-code-scanning-setup.png) + ![Screenshot of the "{% data variables.product.prodname_code_scanning_caps %}" section of "Code security" settings. The "Advanced setup" button is highlighted with an orange outline.](/assets/images/help/security/advanced-code-scanning-setup.png) 1. To customize how {% data variables.product.prodname_code_scanning %} scans your code, edit the workflow. diff --git a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md b/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md index cec2d49f25d9..06d126a244fb 100644 --- a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md +++ b/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md @@ -76,7 +76,7 @@ If the code in a repository changes to include {% ifversion code-scanning-defaul {% ifversion security-configurations %} You can enable default setup for all eligible repositories in your organization. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale)." {% else %} -Through the "Code security and analysis" page of your organization's settings, you can enable default setup for all eligible repositories in your organization. For more information on repository eligibility, see "[Eligible repositories for {% data variables.product.prodname_codeql %} default setup at scale](#eligible-repositories-default-setup)." +Through the "Code security" page of your organization's settings, you can enable default setup for all eligible repositories in your organization. For more information on repository eligibility, see "[Eligible repositories for {% data variables.product.prodname_codeql %} default setup at scale](#eligible-repositories-default-setup)." {% data reusables.code-scanning.beta-org-enable-all %} diff --git a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md b/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md index c1ba167f0ebb..6e07af05cc14 100644 --- a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md +++ b/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md @@ -102,7 +102,7 @@ When you initially configure default setup for {% data variables.product.prodnam {% data reusables.user-settings.security-analysis %} 1. In the "{% data variables.product.prodname_code_scanning_caps %}" section, select **Set up** {% octicon "triangle-down" aria-hidden="true" %}, then click **Default**. - ![Screenshot of the "{% data variables.product.prodname_code_scanning_caps %}" section of "Code security and analysis" settings. The "Default setup" button is highlighted with an orange outline.](/assets/images/help/security/default-code-scanning-setup.png) + ![Screenshot of the "{% data variables.product.prodname_code_scanning_caps %}" section of "Code security" settings. The "Default setup" button is highlighted with an orange outline.](/assets/images/help/security/default-code-scanning-setup.png) You will then see a "{% data variables.product.prodname_codeql %} default configuration" dialog summarizing the {% data variables.product.prodname_code_scanning %} configuration automatically created by default setup. diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md index a036449c1622..b1a779031c79 100644 --- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md +++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md @@ -104,9 +104,9 @@ For more information about {% data variables.product.prodname_codeql %} model pa {% data reusables.profile.access_org %} {% data reusables.organizations.org_settings %} {% ifversion security-configurations %} -1. Click **Code security** then **Global settings**. +1. Click **{% octicon "codescan" aria-hidden="true" %} Code security** then **Global settings**. {% else %} -1. Click **Code security and analysis**. +1. Click **{% octicon "codescan" aria-hidden="true" %} Code security**. {% endif %} 1. Find the "{% data variables.product.prodname_code_scanning_caps %}" section. 1. Next to "Expand {% data variables.product.prodname_codeql %} analysis", click **Configure**. diff --git a/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md b/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md index f5a668b64784..86cada6dd33b 100644 --- a/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md +++ b/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md @@ -47,7 +47,7 @@ You can enable or disable {% data variables.product.prodname_dependabot_alerts % {% data reusables.user-settings.access_settings %} {% data reusables.user-settings.security-analysis %} -1. Under "Code security and analysis", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Disable all** or **Enable all**. +1. Under "Code security", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Disable all** or **Enable all**. 1. Optionally, to enable {% data variables.product.prodname_dependabot_alerts %} by default for new repositories that you create, in the dialog box, select "Enable by default for new repositories". 1. Click **Disable {% data variables.product.prodname_dependabot_alerts %}** or **Enable {% data variables.product.prodname_dependabot_alerts %}** to disable or enable {% data variables.product.prodname_dependabot_alerts %} for all the repositories you own. @@ -57,7 +57,7 @@ When you enable {% data variables.product.prodname_dependabot_alerts %} for exis {% data reusables.user-settings.access_settings %} {% data reusables.user-settings.security-analysis %} -1. Under "Code security and analysis", to the right of {% data variables.product.prodname_dependabot_alerts %}, select **Automatically enable for new repositories**. +1. Under "Code security", to the right of {% data variables.product.prodname_dependabot_alerts %}, select **Automatically enable for new repositories**. {% else %} {% data variables.product.prodname_dependabot_alerts %} for your repositories can be enabled or disabled by your enterprise owner. For more information, see "[AUTOTITLE](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)." @@ -80,7 +80,7 @@ An enterprise owner must first set up {% data variables.product.prodname_dependa {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %} -1. Under "Code security and analysis", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Enable** to enable alerts or **Disable** to disable alerts. +1. Under "Code security", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Enable** to enable alerts or **Disable** to disable alerts. ## Managing {% data variables.product.prodname_dependabot_alerts %} for your organization @@ -98,15 +98,15 @@ An enterprise owner must first set up {% data variables.product.prodname_dependa {% ifversion code-security-multi-repo-enablement %} You can use security overview to find a set of repositories and enable or disable {% data variables.product.prodname_dependabot_alerts %} for them all at the same time. For more information, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)." -You can also use the organization settings page for "Code security and analysis" to enable or disable {% data variables.product.prodname_dependabot_alerts %} for all existing repositories in an organization. +You can also use the organization settings page for "Code security" to enable or disable {% data variables.product.prodname_dependabot_alerts %} for all existing repositories in an organization. {% else %} -You can use the organization settings page for "Code security and analysis" to enable {% data variables.product.prodname_dependabot_alerts %} for all existing repositories in an organization. +You can use the organization settings page for "Code security" to enable {% data variables.product.prodname_dependabot_alerts %} for all existing repositories in an organization. {% endif %} {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} -1. Under "Code security and analysis", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Disable all** or **Enable all**. +1. Under "Code security", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Disable all** or **Enable all**. 1. Optionally, to enable {% data variables.product.prodname_dependabot_alerts %} by default for new repositories in your organization, in the dialog box, select "Enable by default for new repositories". 1. Click **Disable {% data variables.product.prodname_dependabot_alerts %}** or **Enable {% data variables.product.prodname_dependabot_alerts %}** to disable or enable {% data variables.product.prodname_dependabot_alerts %} for all the repositories in your organization. @@ -130,7 +130,7 @@ You can enable or disable {% data variables.product.prodname_dependabot_alerts % {% ifversion dependabot-alerts-enterprise-enablement or ghes %} {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} -1. In the left sidebar, click **Code security and analysis**. +1. In the left sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security**. 1. In the "{% data variables.product.prodname_dependabot %}" section, to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Disable all** or **Enable all**. 1. Optionally, select **Automatically enable for new repositories** to enable {% data variables.product.prodname_dependabot_alerts %} by default for your organizations' new repositories. {% endif %} diff --git a/content/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts.md b/content/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts.md index 3d907c260869..64d04dd4d948 100644 --- a/content/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts.md +++ b/content/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts.md @@ -44,7 +44,7 @@ The `Dismiss low impact issues for development-scoped dependencies` rule is enab {% data reusables.repositories.navigate-to-code-security-and-analysis %} 1. Under "{% data variables.product.prodname_dependabot_alerts %}", click {% octicon "gear" aria-label="The Gear icon" %} close to "{% data variables.product.prodname_dependabot %} rules". - ![Screenshot of the "Code security and analysis" page for a repository. The gear icon is highlighted with an orange outline.](/assets/images/help/repository/dependabot-rules-page.png) + ![Screenshot of the "Code security" page for a repository. The gear icon is highlighted with an orange outline.](/assets/images/help/repository/dependabot-rules-page.png) 1. Under "{% data variables.product.company_short %} presets", to the right of "Dismiss low impact issues for development-scoped dependencies", click {% octicon "pencil" aria-label="Edit rule" %}. 1. Under "State", select the dropdown menu, then click "Enabled". diff --git a/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md b/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md index 0a1bd63c5977..63acb0a9bc2d 100644 --- a/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md +++ b/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md @@ -57,7 +57,7 @@ You can also enable or disable {% data variables.product.prodname_dependabot_sec {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %} -1. Under "Code security and analysis", to the right of "{% data variables.product.prodname_dependabot %} security updates", click **Enable** to enable the feature or **Disable** to disable it. {% ifversion fpt or ghec %}For public repositories, the button is disabled if the feature is always enabled.{% endif %} +1. Under "Code security", to the right of "{% data variables.product.prodname_dependabot %} security updates", click **Enable** to enable the feature or **Disable** to disable it. {% ifversion fpt or ghec %}For public repositories, the button is disabled if the feature is always enabled.{% endif %} {% ifversion dependabot-grouped-security-updates-config %} @@ -82,7 +82,7 @@ Repository administrators can enable or disable grouped security updates for the {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %} -1. Under "Code security and analysis", to the right of "Grouped security updates", click **Enable** to enable the feature or **Disable** to disable it. +1. Under "Code security", to the right of "Grouped security updates", click **Enable** to enable the feature or **Disable** to disable it. ### Enabling or disabling grouped {% data variables.product.prodname_dependabot_security_updates %} for an organization @@ -95,7 +95,7 @@ Organization owners can enable or disable grouped security updates for all repos {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% data reusables.organizations.security-and-analysis %} -1. Under "Code security and analysis", to the right of "Grouped security updates", click **Disable all** or **Enable all**. +1. Under "Code security", to the right of "Grouped security updates", click **Disable all** or **Enable all**. 1. Optionally, to enable grouped {% data variables.product.prodname_dependabot_security_updates %} for new repositories in your organization, select **Automatically enable for new repositories**. {% endif %} diff --git a/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md b/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md index ad51159d47f1..dbb04bd9dac5 100644 --- a/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md +++ b/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md @@ -43,7 +43,7 @@ You enable {% data variables.product.prodname_dependabot_version_updates %} by c {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %} -1. Under "Code security and analysis", to the right of "{% data variables.product.prodname_dependabot_version_updates %}", click **Enable** to open a basic `dependabot.yml` configuration file in the `.github` directory of your repository. {% data reusables.dependabot.link-to-yml-config-file %} +1. Under "Code security", to the right of "{% data variables.product.prodname_dependabot_version_updates %}", click **Enable** to open a basic `dependabot.yml` configuration file in the `.github` directory of your repository. {% data reusables.dependabot.link-to-yml-config-file %} {% else %} 1. Create a `dependabot.yml` configuration file in the `.github` directory of your repository. You can use the snippet below as a starting point. {% data reusables.dependabot.link-to-yml-config-file %} {% endif %} @@ -110,7 +110,7 @@ On a fork, you also need to explicitly enable {% data variables.product.prodname {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %} -1. Under "Code security and analysis", to the right of "{% data variables.product.prodname_dependabot_version_updates %}", click **Enable** to allow {% data variables.product.prodname_dependabot %} to initiate version updates. +1. Under "Code security", to the right of "{% data variables.product.prodname_dependabot_version_updates %}", click **Enable** to allow {% data variables.product.prodname_dependabot %} to initiate version updates. ## Checking the status of version updates diff --git a/content/code-security/getting-started/dependabot-quickstart-guide.md b/content/code-security/getting-started/dependabot-quickstart-guide.md index 5d458e0cdf6c..fdab0cbaf531 100644 --- a/content/code-security/getting-started/dependabot-quickstart-guide.md +++ b/content/code-security/getting-started/dependabot-quickstart-guide.md @@ -44,7 +44,7 @@ You need to follow the steps below on the repository you forked in "[Prerequisit {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %} -1. Under "Code security and analysis", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Enable** for {% data variables.product.prodname_dependabot_alerts %}, {% data variables.product.prodname_dependabot_security_updates %}, and {% data variables.product.prodname_dependabot_version_updates %}. +1. Under "Code security", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Enable** for {% data variables.product.prodname_dependabot_alerts %}, {% data variables.product.prodname_dependabot_security_updates %}, and {% data variables.product.prodname_dependabot_version_updates %}. 1. Optionally, if you are interested in experimenting with {% data variables.product.prodname_dependabot_version_updates %}, click **.github/dependabot.yml**. This will create a default `dependabot.yml` configuration file in the `/.github` directory of your repository. To enable {% data variables.product.prodname_dependabot_version_updates %} for your repository, you typically configure this file to suit your needs by editing the default file, and committing your changes. You can refer to the snippet provided in "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#example-dependabotyml-file)" for an example. > [!NOTE] diff --git a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md index d6df2d70c3fb..9e249efc61ca 100644 --- a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md +++ b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md @@ -16,7 +16,7 @@ topics: ## About enabling push protection -To enable push protection for a repository, you must first enable {% data variables.product.prodname_secret_scanning %}. You can then enable push protection in the repository's "Code security and analysis" settings page following the steps outlined in this article. +To enable push protection for a repository, you must first enable {% data variables.product.prodname_secret_scanning %}. You can then enable push protection in the repository's "Code security" settings page following the steps outlined in this article. {% ifversion secret-scanning-push-protection-for-users %} diff --git a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository.md b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository.md index 6f95b840a569..0928991cce22 100644 --- a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository.md +++ b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository.md @@ -51,10 +51,10 @@ If your organization is owned by an enterprise account, an enterprise owner can 1. Review the impact of enabling {% data variables.product.prodname_advanced_security %}, then click **Enable {% data variables.product.prodname_GH_advanced_security %} for this repository**. 1. When you enable {% data variables.product.prodname_advanced_security %}, {% data variables.product.prodname_secret_scanning %} may automatically be enabled for the repository due to the organization's settings. If "{% data variables.product.prodname_secret_scanning_caps %}" is shown with an **Enable** button, you still need to enable {% data variables.product.prodname_secret_scanning %} by clicking **Enable**. If you see a **Disable** button, {% data variables.product.prodname_secret_scanning %} is already enabled. - ![Screenshot of the "{% data variables.product.prodname_secret_scanning_caps %}" section of the "Code security and analysis" page, with the "Enable" button highlighted in a dark orange outline.](/assets/images/help/repository/enable-secret-scanning-alerts.png){% endif %}{% ifversion fpt %} + ![Screenshot of the "{% data variables.product.prodname_secret_scanning_caps %}" section of the "Code security" page, with the "Enable" button highlighted in a dark orange outline.](/assets/images/help/repository/enable-secret-scanning-alerts.png){% endif %}{% ifversion fpt %} 1. Scroll down to the bottom of the page, and click **Enable** for {% data variables.product.prodname_secret_scanning %}. If you see a **Disable** button, it means that {% data variables.product.prodname_secret_scanning %} is already enabled for the repository. - ![Screenshot of the "{% data variables.product.prodname_secret_scanning_caps %}" section of the "Code security and analysis" page, with the "Enable" button highlighted in a dark orange outline.](/assets/images/help/repository/enable-secret-scanning-alerts.png){% endif %} + ![Screenshot of the "{% data variables.product.prodname_secret_scanning_caps %}" section of the "Code security" page, with the "Enable" button highlighted in a dark orange outline.](/assets/images/help/repository/enable-secret-scanning-alerts.png){% endif %} A repository administrator can choose to disable {% data variables.product.prodname_secret_scanning %} for a repository at any time. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)." diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md index efc601953068..abf1538c8449 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md @@ -114,7 +114,7 @@ To enable {% data variables.product.prodname_secret_scanning %} on all repositor {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% ifversion security-configurations %} -1. In the "Security" section of the sidebar, select the **Code security** dropdown menu, then click **{% data variables.product.prodname_global_settings_caps %}**. +1. In the "Security" section of the sidebar, select the **{% octicon "codescan" aria-hidden="true" %} Code security** dropdown menu, then click **{% data variables.product.prodname_global_settings_caps %}**. {% else %} {% data reusables.organizations.security-and-analysis %} {% data reusables.repositories.navigate-to-ghas-settings %} @@ -148,7 +148,7 @@ Before defining a custom pattern, you must ensure that you enable secret scannin {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.policies-tab %}{% ifversion security-feature-enablement-policies %} {% data reusables.enterprise-accounts.code-security-and-analysis-policies %} -1. Under "Code security and analysis", click **Security features**.{% else %} +1. Under "Code security", click **Security features**.{% else %} {% data reusables.enterprise-accounts.advanced-security-policies %} {% data reusables.enterprise-accounts.advanced-security-security-features %}{% endif %} 1. Under "Secret scanning custom patterns", click **New pattern**. diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md index 1d386e31ceed..98b7a05db823 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md @@ -57,7 +57,7 @@ Before enabling push protection for a custom pattern at enterprise level, you mu {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.policies-tab %}{% ifversion security-feature-enablement-policies %} {% data reusables.enterprise-accounts.code-security-and-analysis-policies %} -1. Under "Code security and analysis", click **Security features**.{% else %} +1. Under "Code security", click **Security features**.{% else %} {% data reusables.enterprise-accounts.advanced-security-policies %} {% data reusables.enterprise-accounts.advanced-security-security-features %}{% endif %} {% data reusables.advanced-security.secret-scanning-edit-custom-pattern %} @@ -81,7 +81,7 @@ Before enabling push protection for a custom pattern at organization level, you {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} {% ifversion security-configurations %} -1. In the "Security" section of the sidebar, select the **Code security** dropdown menu, then click **{% data variables.product.prodname_global_settings_caps %}**. +1. In the "Security" section of the sidebar, select the **{% octicon "codescan" aria-hidden="true" %} Code security** dropdown menu, then click **{% data variables.product.prodname_global_settings_caps %}**. 1. Under "Custom patterns", click {% octicon "pencil" aria-label="Edit custom pattern" %} for the pattern of interest. {% else %} {% data reusables.organizations.security-and-analysis %} diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md index 049d80601fa9..b1c2107e6dce 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md @@ -73,7 +73,7 @@ To learn more about security configurations, see "[AUTOTITLE](/code-security/sec {% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.org_settings %} {% ifversion security-configurations %} -1. In the "Security" section of the sidebar, select the **Code security** dropdown menu, then click **{% data variables.product.prodname_global_settings_caps %}**. +1. In the "Security" section of the sidebar, select the **{% octicon "codescan" aria-hidden="true" %} Code security** dropdown menu, then click **{% data variables.product.prodname_global_settings_caps %}**. {% else %} {% data reusables.organizations.security-and-analysis %} {% data reusables.repositories.navigate-to-ghas-settings %} diff --git a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users.md b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users.md index 4884500b35c0..79ab47313b08 100644 --- a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users.md +++ b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users.md @@ -36,4 +36,4 @@ You can disable push protection for users through your personal account settings {% data reusables.user-settings.security-analysis %} 1. Under "User", to the right of "Push protection for yourself", click **Disable**. - ![Screenshot of the "User" section of the "Code security and analysis" settings page. A button labeled "Disable" is outlined in dark orange.](/assets/images/help/security/push-protection-for-yourself.png) + ![Screenshot of the "User" section of the "Code security" settings page. A button labeled "Disable" is outlined in dark orange.](/assets/images/help/security/push-protection-for-yourself.png) diff --git a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md index 0f4b75fc3179..edd8649fbfb6 100644 --- a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md +++ b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md @@ -19,7 +19,7 @@ Alongside {% data variables.product.prodname_security_configurations %}, which d {% data reusables.profile.access_org %} {% data reusables.organizations.org_settings %} -1. In the "Security" section of the sidebar, select the **Code security** dropdown menu, then click **{% data variables.product.prodname_global_settings_caps %}**. +1. In the "Security" section of the sidebar, select the **{% octicon "codescan" aria-hidden="true" %} Code security** dropdown menu, then click **{% data variables.product.prodname_global_settings_caps %}**. ## Configuring global {% data variables.product.prodname_dependabot %} settings diff --git a/content/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository.md b/content/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository.md index 3c03c53dbaff..779cf13aab28 100644 --- a/content/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository.md +++ b/content/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository.md @@ -30,8 +30,8 @@ The instructions in this article refer to enablement at repository level. For in {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %} -1. Under "Code security and analysis", to the right of "Private vulnerability reporting", click **Enable** or **Disable**, to enable or disable the feature, respectively. - ![Screenshot of the "Code security and analysis" page, showing the "Private vulnerability reporting" setting. The "Enable" button is outlined in dark orange.](/assets/images/help/security/private-vulnerability-reporting-enable-or-disable-repo.png) +1. Under "Code security", to the right of "Private vulnerability reporting", click **Enable** or **Disable**, to enable or disable the feature, respectively. + ![Screenshot of the "Code security" page, showing the "Private vulnerability reporting" setting. The "Enable" button is outlined in dark orange.](/assets/images/help/security/private-vulnerability-reporting-enable-or-disable-repo.png) {% data reusables.security-advisory.private-vulnerability-reporting-security-researcher %} diff --git a/content/code-security/security-overview/about-security-overview.md b/content/code-security/security-overview/about-security-overview.md index 102477df6983..a7efdaff5c0c 100644 --- a/content/code-security/security-overview/about-security-overview.md +++ b/content/code-security/security-overview/about-security-overview.md @@ -70,7 +70,7 @@ You also create and manage security campaigns to remediate alerts from security ## About security overview for enterprises -You can find security overview on the **Code Security** tab for your enterprise. Each page displays aggregated and repository-specific security information for your enterprise. +You can find security overview on the **{% octicon "codescan" aria-hidden="true" %} Code security** tab for your enterprise. Each page displays aggregated and repository-specific security information for your enterprise. As with security overview for organizations, security overview for enterprises has multiple views that provide different ways to explore data. diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md index ced05270835f..2099949d035a 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review.md @@ -44,7 +44,7 @@ Dependency review is available when dependency graph is enabled for the instance {% data reusables.repositories.navigate-to-code-security-and-analysis %} 1. Under "Configure security and analysis features", check if the dependency graph is enabled. 1. If dependency graph is enabled, click **Enable** next to "{% data variables.product.prodname_GH_advanced_security %}" to enable {% data variables.product.prodname_advanced_security %}, including dependency review. The enable button is disabled if your enterprise has no available licenses for {% data variables.product.prodname_advanced_security %}.{% ifversion ghes %} - ![Screenshot of "Code security and analysis features".](/assets/images/enterprise/3.4/repository/code-security-and-analysis-enable-ghas-3.4.png){% endif %} + ![Screenshot of "Code security" feature.](/assets/images/enterprise/3.4/repository/code-security-and-analysis-enable-ghas-3.4.png){% endif %} {% endif %} diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md index 4ae6c4b68d12..928d4182b530 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md @@ -100,7 +100,7 @@ The "Used by" section represents a single package from the repository. If you ha {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %} -1. Under "Code security and analysis", click the drop-down menu in the "Used by counter" section and choose a package. +1. Under "Code security", click the drop-down menu in the "Used by counter" section and choose a package. {% endif %} diff --git a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md index 55be3b1c4ec8..b8bb8763c824 100644 --- a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md +++ b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md @@ -62,7 +62,7 @@ You can use security overview to find a set of repositories and enable or disabl {% endif %} 1. Go to the security and analysis settings for your organization. For more information, see "[Displaying the security and analysis settings](#displaying-the-security-and-analysis-settings)." -1. Under "Code security and analysis", to the right of the feature, click **Disable all** or **Enable all** to display a confirmation dialog box. The control for "{% data variables.product.prodname_GH_advanced_security %}" is disabled if you have no available {% ifversion ghas-billing-UI-update %}licenses{% else %}seats{% endif %} for {% data variables.product.prodname_GH_advanced_security %}. +1. Under "Code security", to the right of the feature, click **Disable all** or **Enable all** to display a confirmation dialog box. The control for "{% data variables.product.prodname_GH_advanced_security %}" is disabled if you have no available {% ifversion ghas-billing-UI-update %}licenses{% else %}seats{% endif %} for {% data variables.product.prodname_GH_advanced_security %}. 1. Review the information in the dialog box. 1. Optionally, if you are enabling private vulnerability reporting, dependency graph, or {% data variables.product.prodname_dependabot %}, select **Enable by default for new repositories**. @@ -82,7 +82,7 @@ You can use security overview to find a set of repositories and enable or disabl ## Enabling or disabling a feature automatically when new repositories are added 1. Go to the security and analysis settings for your organization. For more information, see "[Displaying the security and analysis settings](#displaying-the-security-and-analysis-settings)." -1. Under "Code security and analysis", locate the feature, enable or disable the feature by default for new repositories in your organization. +1. Under "Code security", locate the feature, enable or disable the feature by default for new repositories in your organization. {% endif %} diff --git a/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository.md b/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository.md index be4c7de78ce7..ee63032a716e 100644 --- a/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository.md +++ b/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository.md @@ -40,7 +40,7 @@ You can manage a subset of security and analysis features for public repositorie {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %} -1. Under "Code security and analysis", to the right of the feature, click **Disable** or **Enable**. +1. Under "Code security", to the right of the feature, click **Disable** or **Enable**. {% endif %} ## Enabling or disabling security and analysis features{% ifversion fpt or ghec %} for private repositories{% endif %} @@ -54,7 +54,7 @@ You can manage the security and analysis features for your {% ifversion fpt or g {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.repositories.navigate-to-code-security-and-analysis %} -1. Under "Code security and analysis", to the right of the feature, click **Disable** or **Enable**. {% ifversion not fpt %}The control for "{% data variables.product.prodname_GH_advanced_security %}" is disabled if your enterprise has no available licenses for {% data variables.product.prodname_advanced_security %}.{% endif %} +1. Under "Code security", to the right of the feature, click **Disable** or **Enable**. {% ifversion not fpt %}The control for "{% data variables.product.prodname_GH_advanced_security %}" is disabled if your enterprise has no available licenses for {% data variables.product.prodname_advanced_security %}.{% endif %} {% ifversion not fpt %} > [!NOTE] diff --git a/data/reusables/code-scanning/click-code-security-enterprise.md b/data/reusables/code-scanning/click-code-security-enterprise.md index 58eb176233c7..a3f224b8028b 100644 --- a/data/reusables/code-scanning/click-code-security-enterprise.md +++ b/data/reusables/code-scanning/click-code-security-enterprise.md @@ -1 +1 @@ -1. On the left side of the page, in the enterprise account sidebar, click **{% octicon "shield" aria-hidden="true" %} Code Security**. +1. On the left side of the page, in the enterprise account sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security**. diff --git a/data/reusables/organizations/security-and-analysis.md b/data/reusables/organizations/security-and-analysis.md index 64e48bcb6ca6..457daa1c00c5 100644 --- a/data/reusables/organizations/security-and-analysis.md +++ b/data/reusables/organizations/security-and-analysis.md @@ -1 +1 @@ -1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security and analysis**. +1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security**. diff --git a/data/reusables/repositories/navigate-to-code-security-and-analysis.md b/data/reusables/repositories/navigate-to-code-security-and-analysis.md index 64e48bcb6ca6..457daa1c00c5 100644 --- a/data/reusables/repositories/navigate-to-code-security-and-analysis.md +++ b/data/reusables/repositories/navigate-to-code-security-and-analysis.md @@ -1 +1 @@ -1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security and analysis**. +1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security**. diff --git a/data/reusables/security-configurations/view-configurations-page.md b/data/reusables/security-configurations/view-configurations-page.md index 400953e1632a..163100f7451c 100644 --- a/data/reusables/security-configurations/view-configurations-page.md +++ b/data/reusables/security-configurations/view-configurations-page.md @@ -1 +1 @@ -1. In the "Security" section of the sidebar, select the **Code security** dropdown menu, then click **Configurations**. +1. In the "Security" section of the sidebar, select the **{% octicon "codescan" aria-hidden="true" %} Code security** dropdown menu, then click **Configurations**. diff --git a/data/reusables/user-settings/security-analysis.md b/data/reusables/user-settings/security-analysis.md index 28ee4bdd3c8e..457daa1c00c5 100644 --- a/data/reusables/user-settings/security-analysis.md +++ b/data/reusables/user-settings/security-analysis.md @@ -1 +1 @@ -1. In the "Security" section of the sidebar, click **{% octicon "shield-lock" aria-hidden="true" %} Code security and analysis**. +1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security**. From 8744ca09c1e5b39059fc2409fd10e087d0ef937d Mon Sep 17 00:00:00 2001 From: Artur Kordowski <9746197+akordowski@users.noreply.github.com> Date: Mon, 18 Nov 2024 15:42:10 +0100 Subject: [PATCH 2/4] Fix docs, unify descriptions --- ...ng-a-security-policy-to-your-repository.md | 2 +- ...quickstart-for-securing-your-repository.md | 28 +++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/content/code-security/getting-started/adding-a-security-policy-to-your-repository.md b/content/code-security/getting-started/adding-a-security-policy-to-your-repository.md index a88201555ba2..d1ccc167fe8a 100644 --- a/content/code-security/getting-started/adding-a-security-policy-to-your-repository.md +++ b/content/code-security/getting-started/adding-a-security-policy-to-your-repository.md @@ -43,7 +43,7 @@ For an example of a real `SECURITY.md` file, see [https://github.com/electron/el {% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-security %} -1. In the left sidebar, under "Reporting", click **{% octicon "law" aria-hidden="true" %} Policy**. +1. In the "Reporting" section of the sidebar, click **{% octicon "law" aria-hidden="true" %} Policy**. 1. Click **Start setup**. 1. In the new `SECURITY.md` file, add information about supported versions of your project and how to report a vulnerability. {% data reusables.files.write_commit_message %} diff --git a/content/code-security/getting-started/quickstart-for-securing-your-repository.md b/content/code-security/getting-started/quickstart-for-securing-your-repository.md index 84fb9a45a2aa..d459dcd29466 100644 --- a/content/code-security/getting-started/quickstart-for-securing-your-repository.md +++ b/content/code-security/getting-started/quickstart-for-securing-your-repository.md @@ -31,7 +31,7 @@ Your security needs are unique to your repository, so you may not need to enable The first step to securing a repository is to establish who can see and modify your code. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features)." -From the main page of your repository, click **{% octicon "gear" aria-label="The Settings gear" %} Settings**, then scroll down to the "Danger Zone." +From the main page of your repository, click **{% octicon "gear" aria-hidden="true" %} Settings**, then scroll down to the "Danger Zone." * To change who can view your repository, click **Change visibility**. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility)." * To change who can access your repository and adjust permissions, click **Manage access**. For more information, see"[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-teams-and-people-with-access-to-your-repository)." @@ -41,8 +41,8 @@ From the main page of your repository, click **{% octicon "gear" aria-label="The {% ifversion fpt or ghec %} {% data reusables.dependency-graph.feature-availability %} The dependency graph interprets manifest and lock files in a repository to identify dependencies. -1. From the main page of your repository, click **{% octicon "gear" aria-label="The Settings gear" %} Settings**. -1. Click **Security & analysis**. +1. From the main page of your repository, click **{% octicon "gear" aria-hidden="true" %} Settings**. +1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security**. 1. Next to Dependency graph, click **Enable** or **Disable**. {% endif %} @@ -64,7 +64,7 @@ For more information, see "[AUTOTITLE](/code-security/supply-chain-security/unde {% ifversion fpt or ghec %} 1. Click your profile photo, then click **Settings**. -1. Click **Security & analysis**. +1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security**. 1. Click **Enable all** next to {% data variables.product.prodname_dependabot_alerts %}. {% endif %} @@ -82,8 +82,8 @@ Dependency review lets you visualize dependency changes in pull requests before Dependency review is a {% data variables.product.prodname_GH_advanced_security %} feature. {% ifversion fpt or ghec %}Dependency review is already enabled for all public repositories. {% ifversion fpt %}Organizations that use {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_advanced_security %} can additionally enable dependency review for private and internal repositories. For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/getting-started/quickstart-for-securing-your-repository#managing-dependency-review). {% endif %}{% endif %}{% ifversion ghec or ghes %}To enable dependency review for a {% ifversion ghec %}private or internal {% endif %}repository, ensure that the dependency graph is enabled and enable {% data variables.product.prodname_GH_advanced_security %}. -1. From the main page of your repository, click **{% octicon "gear" aria-label="The Settings gear" %}Settings**. -1. Click **Security & analysis**. +1. From the main page of your repository, click **{% octicon "gear" aria-hidden="true" %} Settings**. +1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security**. 1. {% ifversion ghec %}If dependency graph is not already enabled, click **Enable**.{% elsif ghes %}Check that dependency graph is configured for your enterprise.{% endif %} 1. If {% data variables.product.prodname_GH_advanced_security %} is not already enabled, click **Enable**. @@ -93,8 +93,8 @@ Dependency review is a {% data variables.product.prodname_GH_advanced_security % For any repository that uses {% data variables.product.prodname_dependabot_alerts %}, you can enable {% data variables.product.prodname_dependabot_security_updates %} to raise pull requests with security updates when vulnerabilities are detected. -1. From the main page of your repository, click **{% octicon "gear" aria-label="The Settings gear" %}Settings**. -1. Click **Security & analysis**. +1. From the main page of your repository, click **{% octicon "gear" aria-hidden="true" %} Settings**. +1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security**. 1. Next to {% data variables.product.prodname_dependabot_security_updates %}, click **Enable**. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)" and "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)." @@ -104,8 +104,8 @@ For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-secu You can enable {% data variables.product.prodname_dependabot %} to automatically raise pull requests to keep your dependencies up-to-date. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates)." {% ifversion dependabot-settings-update-37 %} -1. From the main page of your repository, click **{% octicon "gear" aria-label="The Settings gear" %} Settings**. -1. Click **Security & analysis**. +1. From the main page of your repository, click **{% octicon "gear" aria-hidden="true" %} Settings**. +1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security**. 1. Next to {% data variables.product.prodname_dependabot_version_updates %}, click **Enable** to create a basic `dependabot.yml` configuration file. 1. Specify the dependencies to update and any associated configuration options, then commit the file to the repository. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#enabling-dependabot-version-updates)." @@ -131,8 +131,8 @@ Alternatively, you can use advanced setup, which generates a workflow file you c {% data reusables.gated-features.secret-scanning %} -1. From the main page of your repository, click **{% octicon "gear" aria-label="The Settings gear" %}Settings**. -1. Click **Code security & analysis**. +1. From the main page of your repository, click **{% octicon "gear" aria-hidden="true" %} Settings**. +1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security**. {% ifversion ghec or ghes %} 1. If {% data variables.product.prodname_GH_advanced_security %} is not already enabled, click **Enable**.{% endif %} 1. Next to {% data variables.product.prodname_secret_scanning_caps %}, click **Enable**. @@ -141,8 +141,8 @@ Alternatively, you can use advanced setup, which generates a workflow file you c If you are a repository maintainer, it's good practice to specify a security policy for your repository by creating a file named `SECURITY.md` in the repository. This file instructs users about how to best contact you and collaborate with you when they want to report security vulnerabilities in your repository. You can view the security policy of a repository from the repository’s **Security** tab. -1. From the main page of your repository, click **{% octicon "shield" aria-label="The shield symbol" %} Security**. -1. Click **Security policy**. +1. From the main page of your repository, click **{% octicon "shield" aria-hidden="true" %} Security**. +1. In the "Reporting" section of the sidebar, click **{% octicon "law" aria-hidden="true" %} Policy**. 1. Click **Start setup**. 1. Add information about supported versions of your project and how to report vulnerabilities. From c8ee8fa11d69e552a14e4c5b5106836dadd2fbd4 Mon Sep 17 00:00:00 2001 From: Artur Kordowski <9746197+akordowski@users.noreply.github.com> Date: Mon, 18 Nov 2024 16:28:03 +0100 Subject: [PATCH 3/4] Fix icon and docs --- .../quickstart-for-securing-your-repository.md | 4 ++-- .../reusables/code-scanning/click-code-security-enterprise.md | 2 +- data/reusables/user-settings/security-analysis.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/content/code-security/getting-started/quickstart-for-securing-your-repository.md b/content/code-security/getting-started/quickstart-for-securing-your-repository.md index d459dcd29466..8808c9598aa6 100644 --- a/content/code-security/getting-started/quickstart-for-securing-your-repository.md +++ b/content/code-security/getting-started/quickstart-for-securing-your-repository.md @@ -63,8 +63,8 @@ For more information, see "[AUTOTITLE](/code-security/supply-chain-security/unde {% data reusables.dependabot.quickstart-link %} {% ifversion fpt or ghec %} -1. Click your profile photo, then click **Settings**. -1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security**. +1. Click your profile photo, then click **{% octicon "gear" aria-hidden="true" %} Settings**. +1. In the "Security" section of the sidebar, click **{% octicon "shield" aria-hidden="true" %} Code security**. 1. Click **Enable all** next to {% data variables.product.prodname_dependabot_alerts %}. {% endif %} diff --git a/data/reusables/code-scanning/click-code-security-enterprise.md b/data/reusables/code-scanning/click-code-security-enterprise.md index a3f224b8028b..a5bc5e850db4 100644 --- a/data/reusables/code-scanning/click-code-security-enterprise.md +++ b/data/reusables/code-scanning/click-code-security-enterprise.md @@ -1 +1 @@ -1. On the left side of the page, in the enterprise account sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security**. +1. On the left side of the page, in the enterprise account sidebar, click **{% octicon "shield" aria-hidden="true" %} Code security**. diff --git a/data/reusables/user-settings/security-analysis.md b/data/reusables/user-settings/security-analysis.md index 457daa1c00c5..88c25533d317 100644 --- a/data/reusables/user-settings/security-analysis.md +++ b/data/reusables/user-settings/security-analysis.md @@ -1 +1 @@ -1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security**. +1. In the "Security" section of the sidebar, click **{% octicon "shield" aria-hidden="true" %} Code security**. From 6b7019d18d445871c1ff568fa8bca892dbbee14e Mon Sep 17 00:00:00 2001 From: Artur Kordowski <9746197+akordowski@users.noreply.github.com> Date: Tue, 19 Nov 2024 20:26:12 +0100 Subject: [PATCH 4/4] Fix conflicts --- .../viewing-your-github-advanced-security-usage.md | 2 +- .../default-setup-fails-with-a-language.md | 2 +- .../enabling-default-setup-takes-too-long.md | 2 +- .../results-different-than-expected.md | 2 +- .../quickstart-for-securing-your-organization.md | 6 +++--- .../quickstart-for-securing-your-repository.md | 2 +- data/reusables/repositories/sidebar-settings.md | 2 +- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md b/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md index 856493611f6b..eb7d3359d11d 100644 --- a/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md +++ b/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md @@ -111,7 +111,7 @@ You can download the {% data variables.product.prodname_advanced_security %} lic {% data reusables.profile.access_org %} {% data reusables.profile.org_settings %} -1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security and analysis**. +1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security**. 1. In the "{% data variables.product.prodname_GH_advanced_security %} repositories" section, next to the repository you want usage information for, select {% octicon "kebab-horizontal" aria-label="GHAS repository actions" %}, then click **Download CSV report**. ![Screenshot of the committers by repository table. The horizontal kebab icon and "Download CSV report" button are highlighted with an orange outline.](/assets/images/help/billing/ghas-billing-table-repository-csv.png) diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/default-setup-fails-with-a-language.md b/content/code-security/code-scanning/troubleshooting-code-scanning/default-setup-fails-with-a-language.md index 228c24dfdeb7..3a677ff414e4 100644 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/default-setup-fails-with-a-language.md +++ b/content/code-security/code-scanning/troubleshooting-code-scanning/default-setup-fails-with-a-language.md @@ -12,7 +12,7 @@ redirect_from: To enable default setup when a language previously failed, you must reconfigure default setup, deselecting all failing languages for analysis. 1. If default setup fails, navigate to the main page of your repository, then click **{% octicon "gear" aria-hidden="true" %} Settings**. -1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security and analysis**. +1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security**. 1. Navigate to the "{% data variables.product.prodname_code_scanning_caps %}" section. Then, in the error message reading "{% data variables.product.prodname_codeql %} default configuration **failed**", click **failed**. 1. In the "Jobs" section of the workflow run summary for default setup, identify any failing jobs associated with specific languages. These jobs will be labeled **{% octicon "x-circle-fill" aria-label="failed" %} Analyze (LANGUAGE)**. 1. Once you have determined which language-specific jobs are failing, configure default setup once more and deselect the failing languages for analysis. For more information, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)." diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/enabling-default-setup-takes-too-long.md b/content/code-security/code-scanning/troubleshooting-code-scanning/enabling-default-setup-takes-too-long.md index 2bd7cb54403e..39889842b209 100644 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/enabling-default-setup-takes-too-long.md +++ b/content/code-security/code-scanning/troubleshooting-code-scanning/enabling-default-setup-takes-too-long.md @@ -13,4 +13,4 @@ When you enable default setup, a workflow is triggered with the automatically ge You can check on the progress of the test run for default setup on the **Actions** tab. If the run is taking too long, try canceling the workflow run and restarting the configuration process. -To restart your configuration, navigate to the main page of your repository, then click **{% octicon "play" aria-hidden="true" %} Actions**. Click the **{% data variables.product.prodname_codeql %}** workflow run that's in progress, then click **Cancel workflow**. Once {% octicon "stop" aria-label="cancelled" %} appears beside the workflow run name, navigate back to the **Code security and analysis** settings and re-enable default setup. If default setup continues to stall, please contact {% data variables.contact.contact_support %} or try enabling advanced setup. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning)." +To restart your configuration, navigate to the main page of your repository, then click **{% octicon "play" aria-hidden="true" %} Actions**. Click the **{% data variables.product.prodname_codeql %}** workflow run that's in progress, then click **Cancel workflow**. Once {% octicon "stop" aria-label="cancelled" %} appears beside the workflow run name, navigate back to the **{% octicon "codescan" aria-hidden="true" %} Code security** settings and re-enable default setup. If default setup continues to stall, please contact {% data variables.contact.contact_support %} or try enabling advanced setup. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning)." diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/results-different-than-expected.md b/content/code-security/code-scanning/troubleshooting-code-scanning/results-different-than-expected.md index 36beff1f8fd5..f7e18022bce3 100644 --- a/content/code-security/code-scanning/troubleshooting-code-scanning/results-different-than-expected.md +++ b/content/code-security/code-scanning/troubleshooting-code-scanning/results-different-than-expected.md @@ -13,7 +13,7 @@ redirect_from: If your {% data variables.product.prodname_code_scanning %} results are different than you expected, you may have both default and advanced setup configured for your repository. When you enable default setup, this disables the existing {% data variables.product.prodname_codeql %} workflow file and blocks any {% data variables.product.prodname_codeql %} API analysis from uploading results. -To check if default setup is enabled, navigate to the main page of the repository, then click **{% octicon "gear" aria-hidden="true" %} Settings**. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security and analysis**. In the "{% data variables.product.prodname_code_scanning_caps %}" section of the page, next to "{% data variables.product.prodname_codeql %} analysis", click {% octicon "kebab-horizontal" aria-label="Menu" %}. If there is a **{% octicon "workflow" aria-hidden="true" %} Switch to advanced** option, you are currently using default setup. +To check if default setup is enabled, navigate to the main page of the repository, then click **{% octicon "gear" aria-hidden="true" %} Settings**. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security**. In the "{% data variables.product.prodname_code_scanning_caps %}" section of the page, next to "{% data variables.product.prodname_codeql %} analysis", click {% octicon "kebab-horizontal" aria-label="Menu" %}. If there is a **{% octicon "workflow" aria-hidden="true" %} Switch to advanced** option, you are currently using default setup. If you want to return to using advanced setup and get {% data variables.product.prodname_code_scanning %} results from your custom workflow file, click **{% octicon "stop" aria-hidden="true" %} Disable {% data variables.product.prodname_codeql %}** to disable default setup. Then you should re-enable your pre-existing workflows to start triggering and uploading results from advanced setup. For more information, see "[AUTOTITLE](/actions/managing-workflow-runs/disabling-and-enabling-a-workflow)" and "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning)." diff --git a/content/code-security/getting-started/quickstart-for-securing-your-organization.md b/content/code-security/getting-started/quickstart-for-securing-your-organization.md index 4b4a282698a2..4e9a66fd89be 100644 --- a/content/code-security/getting-started/quickstart-for-securing-your-organization.md +++ b/content/code-security/getting-started/quickstart-for-securing-your-organization.md @@ -65,7 +65,7 @@ When you're ready to proceed, follow these steps to enable a feature for all rep {% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.org_settings %} -1. In the left sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security and analysis**. +1. In the left sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security**. 1. Locate the feature that you want to enable and use any associated check boxes to fine-tune the options. 1. When you are ready to enable the feature for all repositories in your organization where the feature is supported, next to the name of the feature, click **Enable all**. @@ -101,10 +101,10 @@ You can choose to enable a security feature automatically in all new repositorie {% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.org_settings %} -1. In the left sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security and analysis**. +1. In the left sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security**. 1. Below the name of the feature, select the option for automatically enabling the feature in applicable future repositories. - ![Screenshot of "Code security and analysis" page. Below "Dependabot alerts", a checkbox to enable the feature in future repositories is highlighted in orange.](/assets/images/help/security/enable-for-new-repos.png) + ![Screenshot of "Code security" page. Below "Dependabot alerts", a checkbox to enable the feature in future repositories is highlighted in orange.](/assets/images/help/security/enable-for-new-repos.png) ## Monitoring the impact of security features diff --git a/content/code-security/getting-started/quickstart-for-securing-your-repository.md b/content/code-security/getting-started/quickstart-for-securing-your-repository.md index 8808c9598aa6..d6000cb57831 100644 --- a/content/code-security/getting-started/quickstart-for-securing-your-repository.md +++ b/content/code-security/getting-started/quickstart-for-securing-your-repository.md @@ -121,7 +121,7 @@ To enable {% data variables.product.prodname_dependabot_version_updates %}, you You can configure {% data variables.product.prodname_code_scanning %} to automatically identify vulnerabilities and errors in the code stored in your repository by using a {% data variables.code-scanning.codeql_workflow %} or third-party tool. Depending on the programming languages in your repository, you can configure {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %} using default setup, in which {% data variables.product.prodname_dotcom %} automatically determines the languages to scan, query suites to run, and events that will trigger a new scan. For more information, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)." 1. From the main page of your repository, click **{% octicon "gear" aria-hidden="true" %} Settings**. -1. In the "Security" section of the sidebar, click **{% octicon "shield-lock" aria-hidden="true" %} Code security and analysis**. +1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security**. 1. In the "{% data variables.product.prodname_code_scanning_caps %}" section, select **Set up** {% octicon "triangle-down" aria-hidden="true" %}, then click **Default**. 1. In the pop-up window that appears, review the default configuration settings for your repository, then click **Enable {% data variables.product.prodname_codeql %}**. diff --git a/data/reusables/repositories/sidebar-settings.md b/data/reusables/repositories/sidebar-settings.md index 11b7bb98f936..3d2cce28d9b5 100644 --- a/data/reusables/repositories/sidebar-settings.md +++ b/data/reusables/repositories/sidebar-settings.md @@ -1,3 +1,3 @@ -1. Under your repository name, click **{% octicon "gear" aria-hidden="true" %} Settings**. If you cannot see the "Settings" tab, select the **{% octicon "kebab-horizontal" aria-label="More" %}** dropdown menu, then click **Settings**. +1. Under your repository name, click **{% octicon "gear" aria-hidden="true" %} Settings**. If you cannot see the "Settings" tab, select the **{% octicon "kebab-horizontal" aria-label="More" %}** dropdown menu, then click **{% octicon "gear" aria-hidden="true" %} Settings**. ![Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.](/assets/images/help/repository/repo-actions-settings.png)