Update versioning for FPT/GHEC in secret scanning articles (github#24513

)
samiepaige91 · Jan 25, 2022 · a6d1796 · a6d1796
1 parent f0d2cde
commit a6d1796
Show file tree

Hide file tree

Showing 15 changed files with 177 additions and 106 deletions.
diff --git a/content/admin/advanced-security/configuring-secret-scanning-for-your-appliance.md b/content/admin/advanced-security/configuring-secret-scanning-for-your-appliance.md
@@ -20,7 +20,7 @@ topics:
 
 ## About {% data variables.product.prodname_secret_scanning %}
 
-{% data reusables.secret-scanning.about-secret-scanning %} For more information, see "[About {% data variables.product.prodname_secret_scanning %}](/github/administering-a-repository/about-secret-scanning)."
+If someone checks a secret with a known pattern into a repository, {% data variables.product.prodname_secret_scanning %} catches the secret as it's checked in, and helps you mitigate the impact of the leak. Repository administrators are notified about any commit that contains a secret, and they can quickly view all detected secrets in the Security tab for the repository. For more information, see "[About {% data variables.product.prodname_secret_scanning %}](/code-security/secret-scanning/about-secret-scanning)."
 
 ## Checking whether your license includes {% data variables.product.prodname_GH_advanced_security %}
 

diff --git a/content/code-security/guides.md b/content/code-security/guides.md
@@ -23,27 +23,29 @@ includeGuides:
   - /code-security/getting-started/github-security-features
   - /code-security/getting-started/securing-your-organization
   - /code-security/getting-started/securing-your-repository
-  - /code-security/secret-security/about-secret-scanning
-  - /code-security/secret-security/configuring-secret-scanning-for-your-repositories
-  - /code-security/secret-security/managing-alerts-from-secret-scanning
-  - /code-security/code-scanning//automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists
-  - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning
-  - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning
-  - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages
-  - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository
-  - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/running-codeql-code-scanning-in-a-container
-  - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository
-  - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests
-  - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow
-  - /code-security/secure-coding/integrating-with-code-scanning/about-integration-with-code-scanning
-  - /code-security/secure-coding/integrating-with-code-scanning/sarif-support-for-code-scanning
-  - /code-security/secure-coding/integrating-with-code-scanning/uploading-a-sarif-file-to-github
-  - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/about-codeql-code-scanning-in-your-ci-system
-  - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-cli-in-your-ci-system
-  - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-runner-in-your-ci-system
-  - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/installing-codeql-cli-in-your-ci-system
-  - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-runner-in-your-ci-system
-  - /code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/troubleshooting-codeql-runner-in-your-ci-system
+  - /code-security/secret-scanning/about-secret-scanning
+  - /code-security/secret-scanning/configuring-secret-scanning-for-your-repositories
+  - /code-security/secret-scanning/defining-custom-patterns-for-secret-scanning
+  - /code-security/secret-scanning/managing-alerts-from-secret-scanning
+  - /code-security/secret-scanning/secret-scanning-partners
+  - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists
+  - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning
+  - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning
+  - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages
+  - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository
+  - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/running-codeql-code-scanning-in-a-container
+  - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository
+  - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests
+  - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow
+  - /code-security/code-scanning/integrating-with-code-scanning/about-integration-with-code-scanning
+  - /code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning
+  - /code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github
+  - /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/about-codeql-code-scanning-in-your-ci-system
+  - /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-cli-in-your-ci-system
+  - /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-runner-in-your-ci-system
+  - /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/installing-codeql-cli-in-your-ci-system
+  - /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/running-codeql-runner-in-your-ci-system
+  - /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/troubleshooting-codeql-runner-in-your-ci-system
   - /code-security/security-advisories/about-coordinated-disclosure-of-security-vulnerabilities
   - /code-security/security-advisories/about-github-security-advisories
   - /code-security/security-advisories/adding-a-collaborator-to-a-security-advisory

diff --git a/content/code-security/secret-scanning/about-secret-scanning.md b/content/code-security/secret-scanning/about-secret-scanning.md
@@ -2,7 +2,6 @@
 title: About secret scanning
 intro: '{% data variables.product.product_name %} scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally.'
 product: '{% data reusables.gated-features.secret-scanning %}'
-miniTocMaxHeadingLevel: 3
 redirect_from:
   - /github/administering-a-repository/about-token-scanning
   - /articles/about-token-scanning
@@ -23,75 +22,78 @@ topics:
 {% data reusables.secret-scanning.beta %}
 {% data reusables.secret-scanning.enterprise-enable-secret-scanning %}
 
+## About {% data variables.product.prodname_secret_scanning %}
+
 If your project communicates with an external service, you might use a token or private key for authentication. Tokens and private keys are examples of secrets that a service provider can issue. If you check a secret into a repository, anyone who has read access to the repository can use the secret to access the external service with your privileges. We recommend that you store secrets in a dedicated, secure location outside of the repository for your project.
 
-{% data variables.product.prodname_secret_scanning_caps %} will scan your entire Git history on all branches present in your {% data variables.product.prodname_dotcom %} repository for any secrets. Service providers can partner with {% data variables.product.company_short %} to provide their secret formats for scanning.{% ifversion fpt or ghec %} For more information, see "[Secret scanning partner program](/developers/overview/secret-scanning-partner-program)."
-{% endif %}
+{% data variables.product.prodname_secret_scanning_caps %} will scan your entire Git history on all branches present in your {% data variables.product.prodname_dotcom %} repository for any secrets. Service providers can partner with {% data variables.product.company_short %} to provide their secret formats for scanning. For details of the supported secrets and service providers, see "[{% data variables.product.prodname_secret_scanning_caps %} partners](/code-security/secret-scanning/secret-scanning-partners)."
 
-{% data reusables.secret-scanning.about-secret-scanning %}
+{% data reusables.secret-scanning.partner-program-link %}
 
 {% ifversion fpt or ghec %}
 ## About {% data variables.product.prodname_secret_scanning %} for public repositories
 
-{% data variables.product.prodname_secret_scanning_caps %} is automatically enabled on public repositories. When you push to a public repository, {% data variables.product.product_name %} scans the content of the commits for secrets. If you switch a private repository to public, {% data variables.product.product_name %} scans the entire repository for secrets.
+{% data variables.product.prodname_secret_scanning_caps %} is automatically enabled on public repositories. When you push to a public repository, {% data variables.product.product_name %} scans the content of the commits for secrets.
 
-When {% data variables.product.prodname_secret_scanning %} detects a set of credentials, we notify the service provider who issued the secret. The service provider validates the credential and then decides whether they should revoke the secret, issue a new secret, or reach out to you directly, which will depend on the associated risks to you or the service provider. For an overview of how we work with token-issuing partners, see "[Secret scanning partner program](/developers/overview/secret-scanning-partner-program)."
+When {% data variables.product.prodname_secret_scanning %} detects a potential secret, we notify the service provider who issued the secret. The service provider validates the string and then decides whether they should revoke the secret, issue a new secret, or contact you directly. Their action will depend on the associated risks to you or them.
 
-### List of supported secrets for public repositories
+You cannot change the configuration of {% data variables.product.prodname_secret_scanning %} on public repositories.
 
-{% data variables.product.product_name %} currently scans public repositories for secrets issued by the following service providers.
-
-{% data reusables.secret-scanning.partner-secret-list-public-repo %}
+{% ifversion fpt %}
+Organizations using {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_GH_advanced_security %} can configure {% data variables.product.prodname_secret_scanning %} to run on private repositories. For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/secret-security/about-secret-scanning).
+{% endif %}
 
-## About {% data variables.product.prodname_secret_scanning %} for private repositories
 {% endif %}
 
-{% ifversion ghes or ghae %}
+{% ifversion not fpt %}
+
+{% ifversion ghec %}
+## About {% data variables.product.prodname_secret_scanning %} for private repositories
+{% elsif ghes or ghae %}
 ## About {% data variables.product.prodname_secret_scanning %} on {% data variables.product.product_name %}
 
 {% data variables.product.prodname_secret_scanning_caps %} is available on all organization-owned repositories as part of {% data variables.product.prodname_GH_advanced_security %}. It is not available on user-owned repositories.
 {% endif %}
 
-If you're a repository administrator or an organization owner, you can enable {% data variables.product.prodname_secret_scanning %} for {% ifversion fpt or ghec %} private{% endif %} repositories that are owned by organizations. You can enable  {% data variables.product.prodname_secret_scanning %} for all your repositories, or for all new repositories within your organization.{% ifversion fpt or ghec %} {% data variables.product.prodname_secret_scanning_caps %} is not available for user-owned private repositories.{% endif %} For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)" and "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)."
+If you're a repository administrator or an organization owner, you can enable {% data variables.product.prodname_secret_scanning %} for {% ifversion ghec %} private{% endif %} repositories that are owned by organizations. You can enable {% data variables.product.prodname_secret_scanning %} for all your organization's repositories, or for all new repositories within your organization.{% ifversion ghec %} {% data variables.product.prodname_secret_scanning_caps %} is not available for private repositories owned by user accounts.{% endif %} For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)" and "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)."
 
-{% ifversion fpt or ghes > 3.1 or ghae or ghec %}You can also define custom {% data variables.product.prodname_secret_scanning %} patterns that only apply to your repository or organization. For more information, see "[Defining custom patterns for {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/defining-custom-patterns-for-secret-scanning)."{% endif %}
+{% ifversion ghes > 3.1 or ghae or ghec %}You can also define custom {% data variables.product.prodname_secret_scanning %} patterns for a repository, organization, or enterprise. For more information, see "[Defining custom patterns for {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/defining-custom-patterns-for-secret-scanning)."
+{% elsif ghes < 3.2 %}
+Versions 3.1 and lower of {% data variables.product.product_name %} do not allow you to define your own patterns for detecting secrets.
+{% endif %}
+
+### About {% data variables.product.prodname_secret_scanning %} alerts
 
-When you push commits to a{% ifversion fpt or ghec %} private{% endif %} repository with {% data variables.product.prodname_secret_scanning %} enabled, {% data variables.product.prodname_dotcom %} scans the contents of the commits for secrets.
+When you push commits to a{% ifversion ghec %} private{% endif %} repository with {% data variables.product.prodname_secret_scanning %} enabled, {% data variables.product.prodname_dotcom %} scans the contents of the commits for secrets.
 
-When {% data variables.product.prodname_secret_scanning %} detects a secret in a{% ifversion fpt or ghec %} private{% endif %} repository, {% data variables.product.prodname_dotcom %} generates an alert.
+When {% data variables.product.prodname_secret_scanning %} detects a secret in a{% ifversion ghec %} private{% endif %} repository, {% data variables.product.prodname_dotcom %} generates an alert.
 
 - {% data variables.product.prodname_dotcom %} sends an email alert to the repository administrators and organization owners.
-{% ifversion fpt or ghes > 3.0 or ghae or ghec %}
+{% ifversion ghes > 3.0 or ghae or ghec %}
 - {% data variables.product.prodname_dotcom %} sends an email alert to the contributor who committed the secret to the repository, with a link to the related {% data variables.product.prodname_secret_scanning %} alert. The commit author can then view the alert in the repository, and resolve the alert.
 {% endif %}
 - {% data variables.product.prodname_dotcom %} displays an alert in the repository.{% ifversion ghes = 3.0 %} For more information, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/github/administering-a-repository/managing-alerts-from-secret-scanning)."{% endif %}
 
-{% ifversion fpt or ghes > 3.0 or ghae or ghec %}
+{% ifversion ghes > 3.0 or ghae or ghec %}
 For more information about viewing and resolving {% data variables.product.prodname_secret_scanning %} alerts, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/github/administering-a-repository/managing-alerts-from-secret-scanning)."{% endif %}
 
 Repository administrators and organization owners can grant users and teams access to {% data variables.product.prodname_secret_scanning %} alerts. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)."
 
-{% ifversion fpt or ghes > 3.0 or ghec %}
-To monitor results from {% data variables.product.prodname_secret_scanning %} across your {% ifversion fpt or ghec %}private {% endif %}repositories{% ifversion ghes > 3.1 %} or your organization{% endif %}, you can use the {% data variables.product.prodname_secret_scanning %} API. For more information about API endpoints, see "[{% data variables.product.prodname_secret_scanning_caps %}](/rest/reference/secret-scanning)."{% endif %}
-
-{% ifversion ghes or ghae %}
-## List of supported secrets{% else %}
-### List of supported secrets for private repositories
+{% ifversion ghec or ghes > 3.1 %}
+You can use the security overview to see an organization-level view of which repositories have enabled {% data variables.product.prodname_secret_scanning %} and the alerts found. For more information, see "[Viewing the security overview](/code-security/security-overview/viewing-the-security-overview)."
 {% endif %}
 
-{% data variables.product.prodname_dotcom %}  currently scans{% ifversion fpt or ghec %} private{% endif %} repositories for secrets issued by the following service providers.
-
-{% data reusables.secret-scanning.partner-secret-list-private-repo %}
-
-{% ifversion ghes < 3.2 or ghae %}
-{% note %}
-
-**Note:** {% data variables.product.prodname_secret_scanning_caps %} does not currently allow you to define your own patterns for detecting secrets.
+{%- ifversion ghec or ghes > 3.1 %}You can also use the REST API to {% elsif ghes = 3.1 %}You can use the REST API to {% endif %}
+{%- ifversion ghec or ghes > 3.0 %}monitor results from {% data variables.product.prodname_secret_scanning %} across your {% ifversion ghec %}private {% endif %}repositories{% ifversion ghes > 3.1 %} or your organization{% endif %}. For more information about API endpoints, see "[{% data variables.product.prodname_secret_scanning_caps %}](/rest/reference/secret-scanning)."{% endif %}
 
-{% endnote %}
 {% endif %}
 
 ## Further reading
 
 - "[Securing your repository](/code-security/getting-started/securing-your-repository)"
 - "[Keeping your account and data secure](/github/authenticating-to-github/keeping-your-account-and-data-secure)"
+{%- ifversion fpt or ghec %}
+- "[Managing encrypted secrets for your codespaces](/codespaces/managing-your-codespaces/managing-encrypted-secrets-for-your-codespaces)"{% endif %}
+{%- ifversion fpt or ghec or ghes > 3.2 %}
+- "[Managing encrypted secrets for Dependabot](/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/managing-encrypted-secrets-for-dependabot)"{% endif %}
+- "[Encrypted secrets](/actions/security-guides/encrypted-secrets)"
diff --git a/...e-security/secret-scanning/configuring-secret-scanning-for-your-repositories.md b/...e-security/secret-scanning/configuring-secret-scanning-for-your-repositories.md
@@ -8,7 +8,6 @@ redirect_from:
   - /code-security/secret-security/configuring-secret-scanning-for-your-repositories
 product: '{% data reusables.gated-features.secret-scanning %}'
 versions:
-  fpt: '*'
   ghes: '*'
   ghae: '*'
   ghec: '*'