[December 15, 2022] - Secret Scanning Experience for Free Public Repos (Public Beta) (github#32702)

Co-authored-by: Sophie <[email protected]>
Co-authored-by: github-actions <[email protected]>
Co-authored-by: Aakash Shah <[email protected]>
Co-authored-by: amstead <[email protected]>
Co-authored-by: Mariam <[email protected]>
Co-authored-by: Felicity Chapman <[email protected]>
Co-authored-by: Anne-Marie <[email protected]>

Author: 7 people

Diff for: assets/images/help/repository/enable-secret-scanning-alerts-fpt.png

@@ -118,6 +118,14 @@ Before you can proceed with pilot programs and rolling out {% data variables.pro
 
 ## Preparing to enable {% data variables.product.prodname_secret_scanning %}
 
+{% note %}
+
+**Note:** When {% data variables.product.prodname_secret_scanning %} detects a secret in repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_advanced_security %}, {% data variables.product.prodname_dotcom %} alerts all users with access to security alerts for the repository. {% ifversion ghec %}
+
+Secrets found in public repositories using {% data variables.product.prodname_secret_scanning_partner_alerts%} are reported directly to the partner, without creating an alert on {% data variables.product.product_name %}. For details about the supported partner patterns, see "[Supported secrets for partner alerts](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets-for-partner-alerts)."{% endif %}
+
+{% endnote %}
+
 If a project communicates with an external service, it might use a token or private key for authentication. If you check a secret into a repository, anyone who has read access to the repository can use the secret to access the external service with your privileges. {% data variables.product.prodname_secret_scanning_caps %} will scan your entire Git history on all branches present in your {% data variables.product.prodname_dotcom %} repositories for secrets and alert you{% ifversion secret-scanning-push-protection %} or block the push containing the secret{% endif %}. For more information, see "[About secret scanning](/code-security/secret-scanning/about-secret-scanning)."
 
 ### Considerations when enabling {% data variables.product.prodname_secret_scanning %}

Diff for: assets/images/help/repository/enable-secret-scanning-dotcom.png renamed to assets/images/help/repository/enable-secret-scanning-ghec.png

@@ -68,6 +68,15 @@ The security overview allows you to review security configurations and alerts, m
 The security overview shows which security features are enabled for the repository, and offers you the option of configuring any available security features that are not already enabled.
 {% endif %}
 
+
+{% ifversion fpt or ghec %}
+## Available for free public repositories
+
+### {% data variables.product.prodname_secret_scanning_partner_alerts_caps %}
+
+Automatically detect leaked secrets across all public repositories. {% data variables.product.company_short %} informs the relevant service provider that the secret may be compromised. For details of the supported secrets and service providers, see "[Supported secrets for partner alerts](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets-for-partner-alerts)."
+
+{% endif %}
 ## Available with {% data variables.product.prodname_GH_advanced_security %}
 
 {% ifversion fpt %}
@@ -87,21 +96,18 @@ Many {% data variables.product.prodname_GH_advanced_security %} features are ava
 
 Automatically detect security vulnerabilities and coding errors in new or modified code. Potential problems are highlighted, with detailed information, allowing you to fix the code before it's merged into your default branch. For more information, see "[About code scanning](/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning)."
 
-{% ifversion fpt or ghec %}
-### {% data variables.product.prodname_secret_scanning_partner_caps %}
+### {% data variables.product.prodname_secret_scanning_user_alerts_caps %}
 
-Automatically detect leaked secrets across all public repositories. {% data variables.product.company_short %} informs the relevant service provider that the secret may be compromised. For details of the supported secrets and service providers, see "[{% data variables.product.prodname_secret_scanning_caps %} patterns](/code-security/secret-scanning/secret-scanning-patterns)."
+{% ifversion fpt %}
+{% data reusables.secret-scanning.secret-scanning-alerts-beta %} 
+Limited to free public repositories.
 {% endif %}
 
-{% ifversion ghec or ghes or ghae %}
-### {% data variables.product.prodname_secret_scanning_GHAS_caps %}
-
 {% ifversion ghec %}
 Available only with a license for {% data variables.product.prodname_GH_advanced_security %}.
 {% endif %}
 
-Automatically detect tokens or credentials that have been checked into a repository. You can view alerts for any secrets that {% data variables.product.company_short %} finds in your code, so that you know which tokens or credentials to treat as compromised. For more information, see "[About secret scanning](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-for-advanced-security)."
-{% endif %}
+Automatically detect tokens or credentials that have been checked into a repository. You can view alerts for any secrets that {% data variables.product.company_short %} finds in your code, in the "Security" tab of the repository, so that you know which tokens or credentials to treat as compromised. For more information, see {% ifversion fpt or ghec %}"[About {% data variables.product.prodname_secret_scanning_user_alerts %}](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users)"{% elsif ghes %}"[About {% data variables.product.prodname_secret_scanning_user_alerts %} on {% data variables.product.product_name %}](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-on-github-enterprise-server){% elsif ghae %}"[About {% data variables.product.prodname_secret_scanning_user_alerts %} on {% data variables.product.product_name %}](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-on-github-ae){% endif %}."
 
 ### Dependency review
 

Diff for: assets/images/help/repository/secret-scanning-alerts-click-alert-fpt.png

@@ -122,14 +122,21 @@ You can set up {% data variables.product.prodname_code_scanning %} to automatica
 
 ## Configuring {% data variables.product.prodname_secret_scanning %}
 
-{% data variables.product.prodname_secret_scanning_caps %} is {% ifversion fpt or ghec %}enabled for all public repositories and is available for private repositories owned by organizations that are part of an enterprise with a license for {% else %}available for organization-owned repositories if your enterprise uses {% endif %}{% data variables.product.prodname_GH_advanced_security %}. {% ifversion fpt %}For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/getting-started/securing-your-repository#configuring-secret-scanning).{% else %}{% data variables.product.prodname_secret_scanning_caps %} may already be enabled for your repository, depending upon your organization's settings.
+{% ifversion fpt %}
+{% data variables.product.prodname_secret_scanning_partner_alerts_caps %} runs automatically on public repositories in all products on {% data variables.product.prodname_dotcom_the_website %}. {% data variables.product.prodname_secret_scanning_user_alerts_caps %} are available for public repositories, as well as repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_advanced_security %}. {% data reusables.advanced-security.more-info-ghas %}{% endif %}
+
+{% ifversion ghec or ghes or ghae %}
+
+{% data variables.product.prodname_secret_scanning_caps %} is {% ifversion ghec %}enabled for all public repositories and is available for private repositories owned by organizations that are part of an enterprise with a license for {% else %}available for organization-owned repositories if your enterprise uses {% endif %}{% data variables.product.prodname_GH_advanced_security %}. {% ifversion fpt %}For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/getting-started/securing-your-repository#configuring-secret-scanning).{% else %}{% data variables.product.prodname_secret_scanning_caps %} may already be enabled for your repository, depending upon your organization's settings.
 
 1. From the main page of your repository, click **{% octicon "gear" aria-label="The Settings gear" %}Settings**.
 2. Click **Security & analysis**.
 3. If {% data variables.product.prodname_GH_advanced_security %} is not already enabled, click **Enable**.
 4. Next to {% data variables.product.prodname_secret_scanning_caps %}, click **Enable**. 
 {% endif %}
 
+{% endif %}
+
 ## Next steps
 You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see {% ifversion fpt or ghes or ghec %} "[Viewing and updating {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts),"{% endif %} {% ifversion fpt or ghec or ghes %}"[Managing pull requests for dependency updates](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Managing {% data variables.product.prodname_code_scanning %} for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," and "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."