Skip to content

Commit

Permalink
Merge pull request github#34656 from github/repo-sync
Browse files Browse the repository at this point in the history
Repo sync
  • Loading branch information
docs-bot authored Sep 19, 2024
2 parents 77cd1d0 + 2d4bde6 commit a621868
Show file tree
Hide file tree
Showing 16 changed files with 234 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,8 @@ There are some additional features that can help you to evaluate alerts in order

* Check the validity of a secret, to see if the secret is still active. {% ifversion fpt or ghes %}**Applies to {% data variables.product.company_short %} tokens only**.{% endif %} For more information, see "[Checking a secret's validity](#checking-a-secrets-validity)."{% ifversion secret-scanning-validity-check-partner-patterns %}
* Perform an "on-demand" validity check, to get the most up to date validation status. For more information, see "[Performing an on-demand-validity-check](#performing-an-on-demand-validity-check)."{% endif %}{% ifversion secret-scanning-github-token-metadata %}
* Review a token's metadata. **Applies to {% data variables.product.company_short %} tokens only**. For example, to see when the token was last used. For more information, see "[Reviewing {% data variables.product.company_short %} token metadata](#reviewing-github-token-metadata)."{% endif %}
* Review a token's metadata. **Applies to {% data variables.product.company_short %} tokens only**. For example, to see when the token was last used. For more information, see "[Reviewing {% data variables.product.company_short %} token metadata](#reviewing-github-token-metadata)."{% endif %}{% ifversion secret-scanning-multi-repo-public-leak %}
* Review the labels assigned to the alert. For more information, see "[Reviewing alert labels](#reviewing-alert-labels)."{% endif %}

## Checking a secret's validity

Expand Down Expand Up @@ -95,6 +96,21 @@ Tokens, like {% data variables.product.pat_generic %} and other credentials, are

{% endif %}

{% ifversion secret-scanning-multi-repo-public-leak %}

## Reviewing alert labels

In the alert view, you can review any labels assigned to the alert. The labels provide additional details about the alert, which can inform the approach you take for remediation.

{% data variables.product.prodname_secret_scanning_caps %} alerts can have the following labels assigned to them:

|Label|Description|
|-------------------------|--------------------------------------------------------------------------------|
|`public leak`| The secret detected in your repository has also been found as publicly leaked by at least one of {% data variables.product.github %}'s scans of code, discussions, gists, issues, pull requests, and wikis. This may require you to address the alert with greater urgency, or remediate the alert differently compared to a privately exposed token.|
|`multi-repo`| The secret detected in your repository has been found across multiple repositories in your organization{% ifversion ghec or ghes %} or enterprise{% endif %}. This information may help you more easily dedupe the alert across your organization{% ifversion ghec or ghes %} or enterprise{% endif %}. |

{% endif %}

## Next steps

* "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts)"
6 changes: 6 additions & 0 deletions data/features/secret-scanning-multi-repo-public-leak.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
# Reference: #15387
# Secret scanning: multi-repo and public leak indicators added to alerts
versions:
fpt: '*'
ghec: '*'
ghes: '>=3.16'
20 changes: 20 additions & 0 deletions src/audit-logs/data/fpt/organization.json
Original file line number Diff line number Diff line change
Expand Up @@ -1004,6 +1004,16 @@
"description": "Autofix for code scanning alerts was enabled for an organization.",
"docs_reference_links": "N/A"
},
{
"action": "org.code_scanning_autofix_third_party_tools_disabled",
"description": "Autofix for third party tools for code scanning alerts was disabled for an organization.",
"docs_reference_links": "N/A"
},
{
"action": "org.code_scanning_autofix_third_party_tools_enabled",
"description": "Autofix for third party tools for code scanning alerts was enabled for an organization.",
"docs_reference_links": "N/A"
},
{
"action": "org.codeql_disabled",
"description": "Code scanning using the default setup was disabled for an organization.",
Expand Down Expand Up @@ -2324,6 +2334,16 @@
"description": "Autofix for code scanning alerts was enabled for a repository.",
"docs_reference_links": "N/A"
},
{
"action": "repo.code_scanning_autofix_third_party_tools_disabled",
"description": "Autofix for third party tools for code scanning alerts was disabled for a repository.",
"docs_reference_links": "N/A"
},
{
"action": "repo.code_scanning_autofix_third_party_tools_enabled",
"description": "Autofix for third party tools for code scanning alerts was enabled for a repository.",
"docs_reference_links": "N/A"
},
{
"action": "repo.code_scanning_configuration_for_branch_deleted",
"description": "A code scanning configuration for a branch of a repository was deleted.",
Expand Down
20 changes: 20 additions & 0 deletions src/audit-logs/data/ghec/enterprise.json
Original file line number Diff line number Diff line change
Expand Up @@ -1804,6 +1804,16 @@
"description": "Autofix for code scanning alerts was enabled for an organization.",
"docs_reference_links": "N/A"
},
{
"action": "org.code_scanning_autofix_third_party_tools_disabled",
"description": "Autofix for third party tools for code scanning alerts was disabled for an organization.",
"docs_reference_links": "N/A"
},
{
"action": "org.code_scanning_autofix_third_party_tools_enabled",
"description": "Autofix for third party tools for code scanning alerts was enabled for an organization.",
"docs_reference_links": "N/A"
},
{
"action": "org.codeql_disabled",
"description": "Code scanning using the default setup was disabled for an organization.",
Expand Down Expand Up @@ -3059,6 +3069,16 @@
"description": "Autofix for code scanning alerts was enabled for a repository.",
"docs_reference_links": "N/A"
},
{
"action": "repo.code_scanning_autofix_third_party_tools_disabled",
"description": "Autofix for third party tools for code scanning alerts was disabled for a repository.",
"docs_reference_links": "N/A"
},
{
"action": "repo.code_scanning_autofix_third_party_tools_enabled",
"description": "Autofix for third party tools for code scanning alerts was enabled for a repository.",
"docs_reference_links": "N/A"
},
{
"action": "repo.code_scanning_configuration_for_branch_deleted",
"description": "A code scanning configuration for a branch of a repository was deleted.",
Expand Down
20 changes: 20 additions & 0 deletions src/audit-logs/data/ghec/organization.json
Original file line number Diff line number Diff line change
Expand Up @@ -1004,6 +1004,16 @@
"description": "Autofix for code scanning alerts was enabled for an organization.",
"docs_reference_links": "N/A"
},
{
"action": "org.code_scanning_autofix_third_party_tools_disabled",
"description": "Autofix for third party tools for code scanning alerts was disabled for an organization.",
"docs_reference_links": "N/A"
},
{
"action": "org.code_scanning_autofix_third_party_tools_enabled",
"description": "Autofix for third party tools for code scanning alerts was enabled for an organization.",
"docs_reference_links": "N/A"
},
{
"action": "org.codeql_disabled",
"description": "Code scanning using the default setup was disabled for an organization.",
Expand Down Expand Up @@ -2324,6 +2334,16 @@
"description": "Autofix for code scanning alerts was enabled for a repository.",
"docs_reference_links": "N/A"
},
{
"action": "repo.code_scanning_autofix_third_party_tools_disabled",
"description": "Autofix for third party tools for code scanning alerts was disabled for a repository.",
"docs_reference_links": "N/A"
},
{
"action": "repo.code_scanning_autofix_third_party_tools_enabled",
"description": "Autofix for third party tools for code scanning alerts was enabled for a repository.",
"docs_reference_links": "N/A"
},
{
"action": "repo.code_scanning_configuration_for_branch_deleted",
"description": "A code scanning configuration for a branch of a repository was deleted.",
Expand Down
15 changes: 15 additions & 0 deletions src/audit-logs/data/ghes-3.11/enterprise.json
Original file line number Diff line number Diff line change
Expand Up @@ -704,6 +704,21 @@
"description": "A GitHub Actions deployment protection rule was updated via the API.",
"docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules"
},
{
"action": "gist.create",
"description": "A gist was created.",
"docs_reference_links": "N/A"
},
{
"action": "gist.destroy",
"description": "A gist was deleted.",
"docs_reference_links": "N/A"
},
{
"action": "gist.visibility_change",
"description": "The visibility of a gist was updated.",
"docs_reference_links": "N/A"
},
{
"action": "git.clone",
"description": "A repository was cloned.",
Expand Down
15 changes: 15 additions & 0 deletions src/audit-logs/data/ghes-3.11/user.json
Original file line number Diff line number Diff line change
Expand Up @@ -314,6 +314,21 @@
"description": "A GitHub Actions deployment protection rule was updated via the API.",
"docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules"
},
{
"action": "gist.create",
"description": "A gist was created.",
"docs_reference_links": "N/A"
},
{
"action": "gist.destroy",
"description": "A gist was deleted.",
"docs_reference_links": "N/A"
},
{
"action": "gist.visibility_change",
"description": "The visibility of a gist was updated.",
"docs_reference_links": "N/A"
},
{
"action": "git_signing_ssh_public_key.create",
"description": "An SSH key was added to a user account as a Git commit signing key.",
Expand Down
15 changes: 15 additions & 0 deletions src/audit-logs/data/ghes-3.12/enterprise.json
Original file line number Diff line number Diff line change
Expand Up @@ -734,6 +734,21 @@
"description": "A GitHub Actions deployment protection rule was updated via the API.",
"docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules"
},
{
"action": "gist.create",
"description": "A gist was created.",
"docs_reference_links": "N/A"
},
{
"action": "gist.destroy",
"description": "A gist was deleted.",
"docs_reference_links": "N/A"
},
{
"action": "gist.visibility_change",
"description": "The visibility of a gist was updated.",
"docs_reference_links": "N/A"
},
{
"action": "git.clone",
"description": "A repository was cloned.",
Expand Down
15 changes: 15 additions & 0 deletions src/audit-logs/data/ghes-3.12/user.json
Original file line number Diff line number Diff line change
Expand Up @@ -314,6 +314,21 @@
"description": "A GitHub Actions deployment protection rule was updated via the API.",
"docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules"
},
{
"action": "gist.create",
"description": "A gist was created.",
"docs_reference_links": "N/A"
},
{
"action": "gist.destroy",
"description": "A gist was deleted.",
"docs_reference_links": "N/A"
},
{
"action": "gist.visibility_change",
"description": "The visibility of a gist was updated.",
"docs_reference_links": "N/A"
},
{
"action": "git_signing_ssh_public_key.create",
"description": "An SSH key was added to a user account as a Git commit signing key.",
Expand Down
15 changes: 15 additions & 0 deletions src/audit-logs/data/ghes-3.13/enterprise.json
Original file line number Diff line number Diff line change
Expand Up @@ -759,6 +759,21 @@
"description": "A GitHub Actions deployment protection rule was updated via the API.",
"docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules"
},
{
"action": "gist.create",
"description": "A gist was created.",
"docs_reference_links": "N/A"
},
{
"action": "gist.destroy",
"description": "A gist was deleted.",
"docs_reference_links": "N/A"
},
{
"action": "gist.visibility_change",
"description": "The visibility of a gist was updated.",
"docs_reference_links": "N/A"
},
{
"action": "git.clone",
"description": "A repository was cloned.",
Expand Down
15 changes: 15 additions & 0 deletions src/audit-logs/data/ghes-3.13/user.json
Original file line number Diff line number Diff line change
Expand Up @@ -319,6 +319,21 @@
"description": "A GitHub Actions deployment protection rule was updated via the API.",
"docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules"
},
{
"action": "gist.create",
"description": "A gist was created.",
"docs_reference_links": "N/A"
},
{
"action": "gist.destroy",
"description": "A gist was deleted.",
"docs_reference_links": "N/A"
},
{
"action": "gist.visibility_change",
"description": "The visibility of a gist was updated.",
"docs_reference_links": "N/A"
},
{
"action": "git_signing_ssh_public_key.create",
"description": "An SSH key was added to a user account as a Git commit signing key.",
Expand Down
15 changes: 15 additions & 0 deletions src/audit-logs/data/ghes-3.14/enterprise.json
Original file line number Diff line number Diff line change
Expand Up @@ -904,6 +904,21 @@
"description": "An external identity was updated.",
"docs_reference_links": "N/A"
},
{
"action": "gist.create",
"description": "A gist was created.",
"docs_reference_links": "N/A"
},
{
"action": "gist.destroy",
"description": "A gist was deleted.",
"docs_reference_links": "N/A"
},
{
"action": "gist.visibility_change",
"description": "The visibility of a gist was updated.",
"docs_reference_links": "N/A"
},
{
"action": "git.clone",
"description": "A repository was cloned.",
Expand Down
15 changes: 15 additions & 0 deletions src/audit-logs/data/ghes-3.14/user.json
Original file line number Diff line number Diff line change
Expand Up @@ -319,6 +319,21 @@
"description": "A GitHub Actions deployment protection rule was updated via the API.",
"docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules"
},
{
"action": "gist.create",
"description": "A gist was created.",
"docs_reference_links": "N/A"
},
{
"action": "gist.destroy",
"description": "A gist was deleted.",
"docs_reference_links": "N/A"
},
{
"action": "gist.visibility_change",
"description": "The visibility of a gist was updated.",
"docs_reference_links": "N/A"
},
{
"action": "git_signing_ssh_public_key.create",
"description": "An SSH key was added to a user account as a Git commit signing key.",
Expand Down
15 changes: 15 additions & 0 deletions src/audit-logs/data/ghes-3.15/enterprise.json
Original file line number Diff line number Diff line change
Expand Up @@ -904,6 +904,21 @@
"description": "An external identity was updated.",
"docs_reference_links": "N/A"
},
{
"action": "gist.create",
"description": "A gist was created.",
"docs_reference_links": "N/A"
},
{
"action": "gist.destroy",
"description": "A gist was deleted.",
"docs_reference_links": "N/A"
},
{
"action": "gist.visibility_change",
"description": "The visibility of a gist was updated.",
"docs_reference_links": "N/A"
},
{
"action": "git.clone",
"description": "A repository was cloned.",
Expand Down
15 changes: 15 additions & 0 deletions src/audit-logs/data/ghes-3.15/user.json
Original file line number Diff line number Diff line change
Expand Up @@ -319,6 +319,21 @@
"description": "A GitHub Actions deployment protection rule was updated via the API.",
"docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules"
},
{
"action": "gist.create",
"description": "A gist was created.",
"docs_reference_links": "N/A"
},
{
"action": "gist.destroy",
"description": "A gist was deleted.",
"docs_reference_links": "N/A"
},
{
"action": "gist.visibility_change",
"description": "The visibility of a gist was updated.",
"docs_reference_links": "N/A"
},
{
"action": "git_signing_ssh_public_key.create",
"description": "An SSH key was added to a user account as a Git commit signing key.",
Expand Down
2 changes: 1 addition & 1 deletion src/audit-logs/lib/config.json
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,5 @@
"apiOnlyEvents": "This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.",
"apiRequestEvent": "This event is only available via audit log streaming."
},
"sha": "b31fcffae9cdc4ebb8e4a2542da3ccf3dcab5b07"
"sha": "218fadadb5342f3d6c49bf661619afe7e47f6b21"
}

0 comments on commit a621868

Please sign in to comment.