Skip to content

Commit

Permalink
[Improvement]: Update supported GHES versions for GHAS configurations #…
Browse files Browse the repository at this point in the history
…15768 (#52213)
  • Loading branch information
am-stead authored Sep 20, 2024
1 parent a41f657 commit bdb43a5
Show file tree
Hide file tree
Showing 49 changed files with 89 additions and 242 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,6 @@ redirect_from:

You can use {% data variables.product.prodname_advanced_security %} features to harden security for the organizations in your enterprise. {% ifversion security-configurations %}{% data reusables.security-configurations.enable-security-features-with-gh-config %}

{% data reusables.security-configurations.security-configurations-beta-note-short %}

To manage individual {% data variables.product.prodname_GH_advanced_security %} features, {% else %}To streamline management of {% data variables.product.prodname_advanced_security %}, {% endif %}you can enable or disable each feature for all existing and/or new repositories within the organizations owned by your enterprise.

{% ifversion secret-scanning-enterprise-level-api %}{% data reusables.secret-scanning.secret-scanning-enterprise-level-api %}{% endif %}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -60,8 +60,6 @@ If you want to use {% data variables.product.prodname_GH_advanced_security %} fe
{% ifversion security-configurations %}
{% data reusables.security-configurations.managing-GHAS-licenses %}

{% data reusables.security-configurations.security-configurations-beta-note-short %}

{% endif %}

{% data reusables.advanced-security.ghas-trial-availability %} For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security)."
Expand All @@ -77,8 +75,6 @@ You can make extra features for code security available to users by buying and u
{% ifversion security-configurations %}
{% data reusables.security-configurations.managing-GHAS-licenses %}

{% data reusables.security-configurations.security-configurations-beta-note-short %}

{% endif %}

{% endif %}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ Each license for {% data variables.product.prodname_GH_advanced_security %} spec
{% ifversion security-configurations %}

{% data reusables.security-configurations.managing-GHAS-licenses %}
{% data reusables.security-configurations.security-configurations-beta-note-short %}

{% endif %}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ Each license for {% data variables.product.prodname_GH_advanced_security %} spec
You can estimate the number of licenses your enterprise would need to purchase {% data variables.product.prodname_GH_advanced_security %} or to enable {% data variables.product.prodname_GH_advanced_security %} for additional organizations and repositories. For more information, see "[AUTOTITLE](/billing/managing-billing-for-github-advanced-security/viewing-committer-information-for-github-advanced-security)."
{% endif %}

{% ifversion security-configurations-ga %}
{% ifversion security-configurations %}

{% data reusables.security-configurations.managing-GHAS-licenses %}

Expand All @@ -54,7 +54,6 @@ You can view the enterprise account's current {% ifversion ghas-billing-UI-updat

{% ifversion security-configurations %}
{% data reusables.security-configurations.managing-GHAS-licenses %}
{% data reusables.security-configurations.security-configurations-beta-note-short %}
{% endif %}

{% elsif ghes %}
Expand Down Expand Up @@ -86,7 +85,6 @@ You can view the enterprise account's current {% ifversion ghas-billing-UI-updat
{% ifversion security-configurations %}

{% data reusables.security-configurations.managing-GHAS-licenses %}
> {% data reusables.security-configurations.security-configurations-beta-note-short %}

{% endif %}
{% endif %}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,16 +29,12 @@ If you haven't already enabled GHAS for your {% data variables.product.prodname_

{% endif %}

You need to enable GHAS for each pilot project, either by enabling the GHAS features for each repository or for all repositories in any organizations taking part in the pilot. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)" or "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)"

{% ifversion security-configurations %}

## Piloting all {% data variables.product.prodname_GH_advanced_security %} features {% ifversion security-configurations-beta-and-pre-beta %}(beta){% endif %}
## Piloting all {% data variables.product.prodname_GH_advanced_security %} features

{% data reusables.security-configurations.enable-security-features-with-gh-config %}

{% data reusables.security-configurations.security-configurations-beta-note-short %}

{% endif %}

## Piloting {% data variables.product.prodname_code_scanning %}
Expand Down Expand Up @@ -82,18 +78,18 @@ To enable secret scanning for your {% data variables.product.prodname_ghe_server

{% endif %}

{% ifversion security-configurations-ga %}
{% ifversion security-configurations %}

You need to enable {% data variables.product.prodname_secret_scanning %} for each pilot project. You can do this with the {% data variables.product.prodname_github_security_configuration %}, or you can create a {% data variables.product.prodname_custom_security_configuration %}. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)" and "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration)."
You need to enable {% data variables.product.prodname_secret_scanning %} and push protection for each pilot project. You can do this with the {% data variables.product.prodname_github_security_configuration %}, or you can create a {% data variables.product.prodname_custom_security_configuration %}. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)" and "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration)."

{% else %}

You need to enable {% data variables.product.prodname_secret_scanning %} for each pilot project, either by enabling the feature for each repository or for all repositories in any organizations taking part in the project. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)" or "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."

{% endif %}

Next, enable push protection for each pilot project.

{% endif %}

If you plan to configure a link to a resource in the message that's displayed when a developer attempts to push a blocked secret, now would be a good time to test and start to refine the guidance that you plan to make available.

{%- ifversion security-overview-push-protection-metrics-page %}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,6 @@ This article is part of a series on adopting {% data variables.product.prodname_

{% data reusables.security-configurations.enable-security-features-with-gh-config %}

{% data reusables.security-configurations.security-configurations-beta-note-short %}

{% endif %}

## Enabling code scanning
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,6 @@ You can enable secret scanning for individual repositories or for all repositori

{% data reusables.security-configurations.enable-security-features-with-gh-config %}

{% data reusables.security-configurations.security-configurations-beta-note-short %}

{% endif %}

This article explains a high-level process focusing on enabling {% data variables.product.prodname_secret_scanning %} for all repositories in an organization. The principles described in this article can still be applied even if you take a more staggered approach of enabling {% data variables.product.prodname_secret_scanning %} for individual repositories.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -74,20 +74,15 @@ If the code in a repository changes to include {% ifversion code-scanning-defaul

## Configuring default setup for all eligible repositories in an organization

{% ifversion security-configurations-ga %} You can enable default setup for all eligible repositories in your organization. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)."
{% elsif security-configurations-beta-and-pre-beta %}
{% ifversion security-configurations %} You can enable default setup for all eligible repositories in your organization. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)."
{% else %}
Through the "Code security and analysis" page of your organization's settings, you can enable default setup for all eligible repositories in your organization. For more information on repository eligibility, see "[Eligible repositories for {% data variables.product.prodname_codeql %} default setup at scale](#eligible-repositories-default-setup)."

{% data reusables.code-scanning.beta-org-enable-all %}

{% data reusables.profile.access_org %}
{% data reusables.profile.org_settings %}
{% data reusables.organizations.security-and-analysis %}

{% ifversion security-configurations %}
{% data reusables.security-configurations.changed-org-settings-security-configurations-callout %} For next steps on enabling {% data variables.product.prodname_code_scanning %} and other security features for all eligible repositories with {% data variables.product.prodname_security_configurations %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)."
{% endif %}

1. Click **Enable all** next to "{% data variables.product.prodname_code_scanning_caps %}".{% ifversion bulk-code-scanning-query-suite%}
1. In the "Query suites" section of the "Enable {% data variables.product.prodname_code_scanning %} default setup" dialog box displayed, select the query suite your configuration of default setup will run. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites)."
1. To enable your configuration of default setup, click **Enable for eligible repositories**.
Expand All @@ -109,14 +104,14 @@ Through the "Code security and analysis" page of your organization's settings, y

### Extending {% data variables.product.prodname_codeql %} coverage in default setup

Through the "Code security and analysis" page of your organization's settings, you can extend coverage in default setup using model packs for all eligible repositories in your organization. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#extending-coverage-for-all-repositories-in-an-organization)."
Through your organization's security settings page, you can extend coverage in default setup using model packs for all eligible repositories in your organization. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#extending-coverage-for-all-repositories-in-an-organization)."
{% endif %}

{% ifversion code-security-multi-repo-enablement %}

## Configuring default setup for a subset of repositories in an organization

{% ifversion security-configurations-ga %}
{% ifversion security-configurations %}

You can filter for specific repositories you would like to configure default setup for. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/applying-a-custom-security-configuration)."

Expand Down Expand Up @@ -151,7 +146,7 @@ Through security overview for your organization, you can find eligible repositor
- The repositories do not have {% data variables.product.prodname_GH_advanced_security %} enabled.
{%- endif %}

{% ifversion security-configurations-beta-and-pre-beta %}
{% ifversion pre-security-configurations %}

You can select all of the displayed repositories, or a subset of them, and enable or disable default setup for {% data variables.product.prodname_code_scanning %} for them all at the same time. For more information, see step 5 of "[Configuring default setup at scale for multiple repositories in an organization](#configuring-default-setup-at-scale-for-multiple-repositories-in-an-organization)."

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -103,10 +103,10 @@ For more information about {% data variables.product.prodname_codeql %} model pa
{% data reusables.profile.access_org %}
{% data reusables.organizations.org_settings %}
{% ifversion security-configurations-beta-and-pre-beta %}
1. Click **Code security and analysis**.
{% else %}
{% ifversion security-configurations %}
1. Click **Code security** then **Global settings**.
{% else %}
1. Click **Code security and analysis**.
{% endif %}
1. Find the "{% data variables.product.prodname_code_scanning_caps %}" section.
1. Next to "Expand {% data variables.product.prodname_codeql %} analysis", click **Configure**.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -83,9 +83,9 @@ An enterprise owner must first set up {% data variables.product.prodname_dependa

## Managing {% data variables.product.prodname_dependabot_alerts %} for your organization

{% ifversion security-configurations-ga %} You can enable {% data variables.product.prodname_dependabot_alerts %} for all eligible repositories in your organization. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)."
{% ifversion security-configurations %} You can enable {% data variables.product.prodname_dependabot_alerts %} for all eligible repositories in your organization. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)."

{% elsif security-configurations-beta-and-pre-beta %}
{% else %}

You can enable or disable {% data variables.product.prodname_dependabot_alerts %} for some or all repositories owned by your organization. {% data reusables.security.note-securing-your-org %}

Expand All @@ -105,11 +105,6 @@ You can use the organization settings page for "Code security and analysis" to e
{% data reusables.profile.access_org %}
{% data reusables.profile.org_settings %}
{% data reusables.organizations.security-and-analysis %}

{% ifversion security-configurations-beta-only %}
{% data reusables.security-configurations.changed-org-settings-security-configurations-callout %} For next steps on enabling {% data variables.product.prodname_dependabot_alerts %} and other security features at scale with {% data variables.product.prodname_security_configurations %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)."
{% endif %}

1. Under "Code security and analysis", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Disable all** or **Enable all**.
1. Optionally, to enable {% data variables.product.prodname_dependabot_alerts %} by default for new repositories in your organization, in the dialog box, select "Enable by default for new repositories".
1. Click **Disable {% data variables.product.prodname_dependabot_alerts %}** or **Enable {% data variables.product.prodname_dependabot_alerts %}** to disable or enable {% data variables.product.prodname_dependabot_alerts %} for all the repositories in your organization.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -79,9 +79,9 @@ For more information about enabling or disabling {% data variables.product.prodn

## Adding {% data variables.dependabot.custom_rules %} to your organization

{% ifversion security-configurations-ga %} You can add {% data variables.dependabot.custom_rules %} for all eligible repositories in your organization. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#creating-and-managing-dependabot-auto-triage-rules)."
{% ifversion security-configurations %} You can add {% data variables.dependabot.custom_rules %} for all eligible repositories in your organization. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#creating-and-managing-dependabot-auto-triage-rules)."

{% elsif security-configurations-beta-and-pre-beta %}
{% else %}

{% note %}

Expand All @@ -92,11 +92,6 @@ For more information about enabling or disabling {% data variables.product.prodn
{% data reusables.profile.access_org %}
{% data reusables.profile.org_settings %}
{% data reusables.organizations.security-and-analysis %}

{% ifversion security-configurations-beta-only %}
{% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For next steps on adding {% data variables.dependabot.auto_triage_rules %} to your organization with {% data variables.product.prodname_global_settings %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#creating-and-managing-dependabot-auto-triage-rules)."
{% endif %}

{% data reusables.dependabot.navigate-to-org-level-dependabot-alert-rules %}
{% data reusables.dependabot.click-new-alert-rule %}
{% data reusables.dependabot.dependabot-alert-rule-set-name %}
Expand Down Expand Up @@ -124,18 +119,13 @@ For more information about enabling or disabling {% data variables.product.prodn

## Editing or deleting {% data variables.dependabot.custom_rules %} for your organization

{% ifversion security-configurations-ga %} You can edit or delete {% data variables.dependabot.custom_rules %} for all eligible repositories in your organization. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#creating-and-managing-dependabot-auto-triage-rules)."
{% ifversion security-configurations %} You can edit or delete {% data variables.dependabot.custom_rules %} for all eligible repositories in your organization. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#creating-and-managing-dependabot-auto-triage-rules)."

{% elsif security-configurations-beta-and-pre-beta %}
{% else %}

{% data reusables.profile.access_org %}
{% data reusables.profile.org_settings %}
{% data reusables.organizations.security-and-analysis %}

{% ifversion security-configurations-beta-only %}
{% data reusables.security-configurations.changed-org-settings-global-settings-callout %} For next steps on editing or deleting {% data variables.dependabot.auto_triage_rules %} in your organization with {% data variables.product.prodname_global_settings %}, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#creating-and-managing-dependabot-auto-triage-rules)."
{% endif %}

{% data reusables.dependabot.navigate-to-org-level-dependabot-alert-rules %}
1. Under "Organization rules", to the right of the rule that you want to edit or delete, click {% octicon "pencil" aria-label="Edit custom rule" %}.
{% data reusables.dependabot.custom-alert-rules-edit-rule %}
Expand Down
Loading

0 comments on commit bdb43a5

Please sign in to comment.