From 535dcafbfbc0668ca910359d30a8b9999dc5a456 Mon Sep 17 00:00:00 2001 From: Usha N Date: Wed, 15 Jan 2025 09:41:24 -0600 Subject: [PATCH 1/3] Update emu-cap-public-preview.md to remove 1000 user Iimitation (#53918) Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: marichinn <37083639+marichinn@users.noreply.github.com> Co-authored-by: Felicity Chapman --- data/reusables/enterprise-accounts/emu-cap-public-preview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/reusables/enterprise-accounts/emu-cap-public-preview.md b/data/reusables/enterprise-accounts/emu-cap-public-preview.md index 585c6a5b06eb..cdcfd00b36a2 100644 --- a/data/reusables/enterprise-accounts/emu-cap-public-preview.md +++ b/data/reusables/enterprise-accounts/emu-cap-public-preview.md @@ -1,4 +1,4 @@ >[!NOTE] CAP protection for web sessions is currently in {% data variables.release-phases.public_preview %} and may change. > -> If IdP CAP support is already enabled for your enterprise, you can opt into extended protection for web sessions from your enterprise's "Authentication security" settings. To enable this feature, your enterprise must have 1,000 or fewer members, active or suspended. +> If IdP CAP support is already enabled for your enterprise, you can opt into extended protection for web sessions from your enterprise's "Authentication security" settings. > When web session protection is enabled and a user's IP conditions are not satisfied, they can view and filter all user-owned resources but cannot view the details of the results for notifications, searches, personal dashboards, or starred repositories. From de5505791ed0dacfdcfac112733e4d583a824ad5 Mon Sep 17 00:00:00 2001 From: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com> Date: Wed, 15 Jan 2025 17:21:04 +0000 Subject: [PATCH 2/3] Data residency available in Australia (#53869) Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Felicity Chapman --- .../network-details-for-ghecom.md | 89 +++++++++++++++++-- .../when-you-adopt-data-residency.md | 7 +- .../ip-ranges-ghecom.md | 26 ++---- 3 files changed, 93 insertions(+), 29 deletions(-) diff --git a/content/admin/data-residency/network-details-for-ghecom.md b/content/admin/data-residency/network-details-for-ghecom.md index 5e23538a79ba..09739b6c5b12 100644 --- a/content/admin/data-residency/network-details-for-ghecom.md +++ b/content/admin/data-residency/network-details-for-ghecom.md @@ -30,9 +30,13 @@ To access your enterprise on {% data variables.enterprise.data_residency_site %} ## {% data variables.product.github %}'s IP addresses -These are {% data variables.product.company_short %}'s IP address ranges for enterprises on {% data variables.enterprise.data_residency_site %}. +{% data variables.product.company_short %}'s IP address ranges for enterprises on {% data variables.enterprise.data_residency_site %} depend on your chosen region. -### Ranges for egress traffic +### The EU + +These are {% data variables.product.company_short %}'s IP address ranges for enterprises hosted in the EU. + +#### Ranges for egress traffic * 108.143.221.96/28 * 20.61.46.32/28 @@ -41,7 +45,7 @@ These are {% data variables.product.company_short %}'s IP address ranges for ent * 74.241.131.48/28 * 20.240.211.176/28 -### Ranges for ingress traffic +#### Ranges for ingress traffic * 108.143.197.176/28 * 20.123.213.96/28 @@ -50,12 +54,83 @@ These are {% data variables.product.company_short %}'s IP address ranges for ent * 20.240.220.192/28 * 20.240.211.208/28 +### Australia + +These are {% data variables.product.company_short %}'s IP address ranges for enterprises hosted in Australia. + +#### Ranges for egress traffic + +* 20.5.34.240/28 +* 20.5.146.128/28 +* 68.218.155.16/28 + +#### Ranges for ingress traffic + +* 4.237.73.192/28 +* 20.5.226.112/28 +* 20.248.163.176/28 + ## Supported regions for Azure private networking If you use Azure private networking for {% data variables.product.company_short %}-hosted runners, the supported Azure regions on {% data variables.enterprise.data_residency_site %} differ from those on {% data variables.product.prodname_dotcom_the_website %}. -The following regions are available: +### Supported regions in the EU + +| Runner type | Supported regions | +| ----------- | ----------------- | +| x64 | `francecentral`, `swedencentral` | +| arm64 | `francecentral`, `northeurope` | +| GPU | `italynorth`, `swedencentral` | + +### Supported regions in Australia + +| Runner type | Supported regions | +| ----------- | ----------------- | +| x64 | `australiaeast`, `australiacentral` | +| arm64 | `australiaeast`, `australiacentral` | +| GPU | N/A | + +## IP ranges for {% data variables.product.prodname_importer_proper_name %} + +If you're running a migration to your enterprise with {% data variables.product.prodname_importer_proper_name %}, you may need to add certain ranges to an IP allow list. See [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products#configuring-ip-allow-lists-for-migrations). + +You must allow: + +* Ranges required for everyone +* Additional ranges that depend on your data residency region + +### Required for everyone + +* 192.30.252.0/22 +* 185.199.108.0/22 +* 140.82.112.0/20 +* 143.55.64.0/20 +* 2a0a:a440::/29 +* 2606:50c0::/32 + +### Required in the EU + +* 4.231.155.80/29 +* 4.225.9.96/29 +* 51.12.152.184/29 +* 20.199.6.80/29 +* 51.12.144.32/29 +* 20.199.1.232/29 +* 51.12.152.240/29 +* 20.19.101.136/29 +* 74.241.131.48/28 +* 51.12.252.16/28 +* 20.240.211.176/28 +* 108.143.221.96/28 +* 20.61.46.32/28 +* 20.224.62.160/28 + +### Required in Australia -* x64: `francecentral`, `swedencentral` -* arm64: `francecentral`, `northeurope` -* GPU: `italynorth`, `swedencentral` +* 20.213.236.72/29 +* 20.53.178.216/29 +* 20.213.241.72/29 +* 20.11.90.48/29 +* 20.5.34.240/28 +* 20.5.146.128/28 +* 68.218.155.16/28 diff --git a/data/reusables/data-residency/when-you-adopt-data-residency.md b/data/reusables/data-residency/when-you-adopt-data-residency.md index b5f6954ed7ae..4a577a273a1e 100644 --- a/data/reusables/data-residency/when-you-adopt-data-residency.md +++ b/data/reusables/data-residency/when-you-adopt-data-residency.md @@ -1,3 +1,8 @@ When you adopt {% data variables.enterprise.data_residency %}, you can choose where your company's code and data are stored. Your enterprise will be hosted on a dedicated subdomain of {% data variables.enterprise.data_residency_site %}. -Currently, you can store code and data in the **EU**. In the future, {% data variables.product.github %} plans to offer {% data variables.enterprise.data_residency_short %} in more regions. +The available regions are: + +* The EU +* Australia + +In the future, {% data variables.product.github %} plans to offer {% data variables.enterprise.data_residency_short %} in more regions. diff --git a/data/reusables/enterprise-migration-tool/ip-ranges-ghecom.md b/data/reusables/enterprise-migration-tool/ip-ranges-ghecom.md index efa74d0ce7a2..46656313777e 100644 --- a/data/reusables/enterprise-migration-tool/ip-ranges-ghecom.md +++ b/data/reusables/enterprise-migration-tool/ip-ranges-ghecom.md @@ -1,22 +1,6 @@ -You'll need to add the following IP ranges to your IP allow list(s): +You must allow: -* 192.30.252.0/22 -* 185.199.108.0/22 -* 140.82.112.0/20 -* 143.55.64.0/20 -* 2a0a:a440::/29 -* 2606:50c0::/32 -* 4.231.155.80/29 -* 4.225.9.96/29 -* 51.12.144.32/29 -* 20.199.1.232/29 -* 51.12.152.184/29 -* 20.199.6.80/29 -* 51.12.152.240/29 -* 20.19.101.136/29 -* 51.12.252.16/28 -* 74.241.131.48/28 -* 20.240.211.176/28 -* 108.143.221.96/28 -* 20.61.46.32/28 -* 20.224.62.160/28 +* Ranges required for everyone +* Additional ranges that depend on your data residency region + +For the ranges to add, see [AUTOTITLE](/enterprise-cloud@latest/admin/data-residency/network-details-for-ghecom#ip-ranges-for-github-enterprise-importer). From a3faa41c38b0597c26f8846662fc02ae7752be4c Mon Sep 17 00:00:00 2001 From: docs-bot <77750099+docs-bot@users.noreply.github.com> Date: Wed, 15 Jan 2025 09:55:30 -0800 Subject: [PATCH 3/3] Sync secret scanning data (#53936) Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- src/secret-scanning/data/public-docs.yml | 33 ++++++++++++++++++++++++ src/secret-scanning/lib/config.json | 4 +-- 2 files changed, 35 insertions(+), 2 deletions(-) diff --git a/src/secret-scanning/data/public-docs.yml b/src/secret-scanning/data/public-docs.yml index 998da2a329c5..259dc3a0fc53 100644 --- a/src/secret-scanning/data/public-docs.yml +++ b/src/secret-scanning/data/public-docs.yml @@ -2928,6 +2928,39 @@ hasPushProtection: true hasValidityCheck: false isduplicate: false +- provider: Ramp + supportedSecret: Ramp OAuth Client ID + secretType: ramp_client_id + versions: + fpt: '*' + ghec: '*' + isPublic: true + isPrivateWithGhas: true + hasPushProtection: false + hasValidityCheck: false + isduplicate: false +- provider: Ramp + supportedSecret: Ramp OAuth Client Secret + secretType: ramp_client_secret + versions: + fpt: '*' + ghec: '*' + isPublic: true + isPrivateWithGhas: true + hasPushProtection: false + hasValidityCheck: false + isduplicate: false +- provider: Ramp + supportedSecret: Ramp OAuth Access or Refresh Token + secretType: ramp_oauth_token + versions: + fpt: '*' + ghec: '*' + isPublic: true + isPrivateWithGhas: true + hasPushProtection: false + hasValidityCheck: false + isduplicate: false - provider: ReadMe supportedSecret: ReadMe API Key secretType: readmeio_api_access_token diff --git a/src/secret-scanning/lib/config.json b/src/secret-scanning/lib/config.json index 042130d0a061..966ea7b9599d 100644 --- a/src/secret-scanning/lib/config.json +++ b/src/secret-scanning/lib/config.json @@ -1,5 +1,5 @@ { - "sha": "cbe3e18d7f44192a2834d7fa44ff85bd1427050d", - "blob-sha": "8dd5008bd4587fef156083689b4063392949d52c", + "sha": "069c13554f6b1fdc9281b631113e4515192b14f3", + "blob-sha": "4eb010ed9f73b9e744147d53dbc0ce506f95cb40", "targetFilename": "code-security/secret-scanning/introduction/supported-secret-scanning-patterns" } \ No newline at end of file