Skip to content

Commit

Permalink
Merge pull request #35934 from github/repo-sync
Browse files Browse the repository at this point in the history
Repo sync
  • Loading branch information
docs-bot authored Jan 14, 2025
2 parents d2de893 + bd09666 commit ff2fdd8
Show file tree
Hide file tree
Showing 47 changed files with 87 additions and 115 deletions.
Binary file modified assets/images/help/repository/headings-toc.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ If you are provisioning a self-hosted runner for {% data variables.product.prodn

If you are using default setup for {% data variables.product.prodname_code_scanning %}, you can assign self-hosted runners {% ifversion code-scanning-default-setup-customize-labels %}with the default `code-scanning` label, or you can optionally give them custom labels so that individual repositories can use different runners.{% else %}with the `code-scanning` label.{% endif %} See [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#assigning-labels-to-runners).

{% ifversion code-scanning-default-setup-self-hosted-310 or default-setup-self-hosted-runners-GHEC %} For information about using default setup for code scanning analysis of compiled languages, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/codeql-code-scanning-for-compiled-languages).{% endif %}
For information about using default setup for code scanning analysis of compiled languages, see [AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/codeql-code-scanning-for-compiled-languages).

{% endif %}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,9 +39,7 @@ The events listed in your security log are triggered by your actions. Actions ar
| `marketplace_agreement_signature` | Contains all activities related to signing the {% data variables.product.prodname_marketplace %} Developer Agreement. |
| `marketplace_listing`| Contains all activities related to listing apps in {% data variables.product.prodname_marketplace %}. |
| {% endif %} |
| {% ifversion security-log-oauth-access-tokens %} |
| `oauth_access` | Contains all activities related to OAuth access tokens. |
| {% endif %} |
| `oauth_authorization` | Contains all activities related to authorizing {% data variables.product.prodname_oauth_apps %}. For more information, see [AUTOTITLE](/apps/oauth-apps/using-oauth-apps/authorizing-oauth-apps). |
| {% ifversion passkeys %} |
| `passkey` | Contains activities related to your passkeys. See [AUTOTITLE](/authentication/authenticating-with-a-passkey/about-passkeys). |
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -295,7 +295,7 @@ If you added manual build steps for compiled languages and {% data variables.pro

## Autobuild steps for compiled languages

{% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %}-hosted runners are always run with the software required by `autobuild`.{% endif %} If you use self-hosted runners for {% data variables.product.prodname_actions %}, you may need to install additional software to use the `autobuild` process. Additionally, if your repository requires a specific version of a build tool, you may need to install it manually. {% ifversion code-scanning-default-setup-self-hosted-310 or default-setup-self-hosted-runners-GHEC %} For self-hosted runners, you should install dependencies directly in the runners themselves. We provide examples of common dependencies for C/C++, C#, and Java in each of the `autobuild` sections of this article for those languages. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners).{% endif %}
{% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %}-hosted runners are always run with the software required by `autobuild`.{% endif %} If you use self-hosted runners for {% data variables.product.prodname_actions %}, you may need to install additional software to use the `autobuild` process. Additionally, if your repository requires a specific version of a build tool, you may need to install it manually. {% ifversion ghes or default-setup-self-hosted-runners-GHEC %} For self-hosted runners, you should install dependencies directly in the runners themselves. We provide examples of common dependencies for C/C++, C#, and Java in each of the `autobuild` sections of this article for those languages. For more information, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners).{% endif %}

* [Building C/C++](#building-cc)
* [Building C#](#building-c)
Expand Down Expand Up @@ -468,7 +468,7 @@ The `autobuild` process attempts to autodetect a suitable way to install the dep
1. Extract all Go code in the repository, similar to running `go build ./...`.

> [!NOTE]
> If you use default setup, it will look for a `go.mod` file to automatically install a compatible version of the Go language.{% ifversion code-scanning-default-setup-self-hosted-310 %} If you're using a self-hosted runner with default setup that doesn't have internet access, you can manually install a compatible version of Go.{% endif %}
> If you use default setup, it will look for a `go.mod` file to automatically install a compatible version of the Go language.{% ifversion ghes %} If you're using a self-hosted runner with default setup that doesn't have internet access, you can manually install a compatible version of Go.{% endif %}

### Extractor options for Go

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ Each alert highlights a problem with the code and the name of the tool that iden

{% data reusables.code-scanning.alert-default-branch %}

![Screenshot showing the elements of a {% data variables.product.prodname_code_scanning %} alert, including the title of the alert and relevant lines of code at left and the severity level, affected branches, and weaknesses at right. ](/assets/images/help/repository/code-scanning-alert.png)
![Screenshot of a {% data variables.product.prodname_code_scanning %} alert, includes the alert title, relevant lines of code at the left, metadata at the right.](/assets/images/help/repository/code-scanning-alert.png)

If you configure {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, you can also find data-flow problems in your code. Data-flow analysis finds potential security issues in code, such as: using data insecurely, passing dangerous arguments to functions, and leaking sensitive information.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ You can use more than one issue to track the same {% data variables.product.prod

* The {% data variables.product.prodname_code_scanning %} alerts list page will show which alerts are tracked in issues so that you can view at a glance which alerts still require processing and how many issues they are tracked in.

![Screenshot of the {% data variables.product.prodname_code_scanning %} alerts view. The first entry includes the issue icon followed by the number 2. The third entry includes the issue icon followed by the number 1. Both are outlined in dark orange.](/assets/images/help/repository/code-scanning-alert-list-tracked-issues.png)
![Screenshot of {% data variables.product.prodname_code_scanning %} alerts view. The first and third entries include the issue icon with the issue number.](/assets/images/help/repository/code-scanning-alert-list-tracked-issues.png)

* A "tracked in" section will also show in the corresponding alert page.

Expand All @@ -45,7 +45,7 @@ You can use more than one issue to track the same {% data variables.product.prod
The color of the icon is grey because an alert has a status of "open" or "closed" on every branch. The issue tracks an alert, so the alert cannot have a single open/closed state in the issue. If the alert is closed on one branch, the icon color will not change.

![Screenshot showing an issue that tracks a {% data variables.product.prodname_code_scanning %} alert. The hovercard for the alert is displayed, with a grey security badge icon preceding the title.](/assets/images/help/repository/code-scanning-tracking-issue-hovercard.png)
![Screenshot of an issue that tracks a {% data variables.product.prodname_code_scanning %} alert. The hovercard is displayed, with a grey security badge icon.](/assets/images/help/repository/code-scanning-tracking-issue-hovercard.png)

The status of the tracked alert won't change if you change the checkbox state of the corresponding task list item (checked/unchecked) in the issue.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ When {% data variables.product.prodname_copilot_autofix_short %} is enabled for
Usually, when you suggest changes to a pull request, your comment contains changes for a single file that is changed in the pull request. The following screenshot shows an {% data variables.product.prodname_copilot_autofix_short %} comment that suggests changes to the `index.js` file where the alert is displayed. Since the potential fix requires a new dependency on `escape-html`, the comment also suggests adding this dependency to the `package.json` file, even though the original pull request makes no changes to this file.

![Screenshot of the {% data variables.product.prodname_copilot_autofix_short %} suggestion with explanation and change in the current file. A suggested change in "package.json" is outlined in dark orange.](/assets/images/help/code-scanning/autofix-example.png)
![Screenshot of {% data variables.product.prodname_copilot_autofix_short %} suggestion to edit the current file. A suggested change in "package.json" is outlined in dark orange.](/assets/images/help/code-scanning/autofix-example.png)

### Assessing and committing an {% data variables.product.prodname_copilot_autofix_short %} suggestion

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ If you are on a free, pro, or team plan, you can only use {% data variables.prod
1. If there is an associated and active **Enable** button, {% data variables.product.prodname_GH_advanced_security %} is available for this repository but not yet enabled.
1. If use of {% data variables.product.prodname_GH_advanced_security %} is blocked by a policy, the **Enable** button is inactive and the owner of the policy is listed.

![Screenshot of the "{% data variables.product.prodname_GH_advanced_security %}" setting. The owner of the enterprise policy and the inactive "Enable" button are highlighted with a dark orange outline.](/assets/images/help/repository/ghas-enterprise-policy-block.png)
![Screenshot of the "{% data variables.product.prodname_GH_advanced_security %}" setting. The owner of the enterprise policy and the inactive "Enable" button are outlined in orange.](/assets/images/help/repository/ghas-enterprise-policy-block.png)

## Fixing the problem

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ being interpreted as source-code alerts, use

\[Mandatory] Path to the CodeQL database to query.

#### `<querysuite|pack>...`
#### `<query|dir|suite|pack>...`

Queries to execute. Each argument is in the form `scope/name@range:path`
where:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ directory using [codeql database run-queries](/code-security/codeql-cli/codeql-c

\[Mandatory] Path to the CodeQL database that has been queried.

#### `<filesuite>...`
#### `<file|dir|suite>...`

Repeat the specification of which queries were executed here.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ Alternatively, if you have only a single query to run, you might prefer

\[Mandatory] Path to the CodeQL database to query.

#### `<querysuite|pack>...`
#### `<query|dir|suite|pack>...`

Queries to execute. Each argument is in the form `scope/name@range:path`
where:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ This command should not normally be invoked directly. Instead use either

\[Mandatory] Path to the raw QL dataset to query.

#### `<querysuite|pack>...`
#### `<query|dir|suite|pack>...`

\[Mandatory] Queries to execute. Each argument is in the form
`scope/name@range:path` where:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ Generate end-user query help from .qhelp files.

### Primary Options

#### `<qhelpquerysuite>...`
#### `<qhelp|mdhelp|query|dir|suite>...`

\[Mandatory] Query help files to render. Each argument is one of:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ specifiers passed in as command line arguments.

### Primary Options

#### `<querysuite|pack>...`
#### `<query|dir|suite|pack>...`

\[Mandatory] Queries to execute. Each argument is in the form
`scope/name@range:path` where:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ It now returns an empty list of machine learning models.

### Primary Options

#### `<querysuite|pack>...`
#### `<query|dir|suite|pack>...`

\[Mandatory] Queries to execute. Each argument is in the form
`scope/name@range:path` where:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ list of queries.

### Primary Options

#### `<querysuite|pack>...`
#### `<query|dir|suite|pack>...`

\[Mandatory] Queries to execute. Each argument is in the form
`scope/name@range:path` where:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -61,11 +61,11 @@ This section uses an open source Java project called "sofa-jraft" as an example.

1. Display the {% data variables.product.prodname_codeql %} model editor. By default the editor runs in application mode, so the list of external APIs used by the selected codebase is shown.

![Screenshot of the "Application mode" view of the CodeQL model pack editor in Visual Studio Code showing two of the external Java frameworks used by the "sofa-jraft" codebase.](/assets/images/help/security/codeql-for-vs-code-model-application-mode.png)
![Screenshot of the "Application mode" view showing two of the external Java frameworks used by the "sofa-jraft" codebase.](/assets/images/help/security/codeql-for-vs-code-model-application-mode.png)

1. Click to expand an external API and view the list of calls from the codebase to the external dependency.

![Screenshot of the "Application mode" view of the CodeQL model pack editor in Visual Studio Code showing the calls to the "rocksdbjni" framework ready for modeling. The "View" option for the first call is highlighted with a dark orange outline.](/assets/images/help/security/codeql-for-vs-code-model-application-mode-expanded.png)
![Screenshot of "Application mode" showing the calls to the "rocksdbjni" framework. The "View" option for the first call is outlined in orange.](/assets/images/help/security/codeql-for-vs-code-model-application-mode-expanded.png)

1. Click **View** associated with an API call or method to show where it is used in your codebase.

Expand Down Expand Up @@ -104,13 +104,13 @@ This section uses an open source Java project called "sofa-jraft" as an example.

1. Display the {% data variables.product.prodname_codeql %} model editor. By default the editor runs in application mode. Click **Model as dependency** to display dependency mode. The screen changes to show the public API of the framework or library.

![Screenshot of the "Dependency mode" view of the CodeQL model pack editor in Visual Studio Code showing three of the packages published by the "sofa-jraft" codebase.](/assets/images/help/security/codeql-for-vs-code-model-dependency-mode.png)
![Screenshot of the "Dependency mode" view showing three of the packages published by the "sofa-jraft" codebase.](/assets/images/help/security/codeql-for-vs-code-model-dependency-mode.png)

1. Click to expand a package and view the list of available methods.

1. Click **View** associated with a method to show its definition.

![Screenshot of the "Dependency mode" view of the CodeQL model pack editor in Visual Studio Code showing one model for the "com.alipay.sofa.jraft.option.BallotBoxOptions.getClosureQueue()" method. The "+" button is outlined in dark orange. Click this button to create a second model for the method.](/assets/images/help/security/codeql-for-vs-code-model-dependency-mode-expanded.png)
![Screenshot of "Dependency mode" with one model for "com.alipay.sofa.jraft.option.BallotBoxOptions.getClosureQueue()". The "+" button is outlined.](/assets/images/help/security/codeql-for-vs-code-model-dependency-mode-expanded.png)

1. When you have determined how to model the method, define the "Model type".

Expand Down Expand Up @@ -141,7 +141,7 @@ The editor will create a separate model file for each package that you model.

Some methods support more than one data flow. It is important to model all the data flows for a method, otherwise you cannot detect all the potential problems associated with using the method. First you model one data flow for the method, and then use the **+** button in the method row to specify a second data flow model.

![Screenshot of the "Dependency mode" view of the CodeQL model pack editor in Visual Studio Code showing the public methods available in the "com.alipay.soft.jraft.option" package ready for modeling. The "View" option for the first method is highlighted with a dark orange outline.](/assets/images/help/security/codeql-for-vs-code-model-dependency-mode-plus.png)
![Screenshot of the "Dependency mode" view with public methods available in "com.alipay.soft.jraft.option". A "View" option is outlined in orange.](/assets/images/help/security/codeql-for-vs-code-model-dependency-mode-plus.png)

## Testing {% data variables.product.prodname_codeql %} model packs in {% data variables.product.prodname_vscode_shortname %}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ You can configure notification settings for yourself or your organization from t
{% data reusables.notifications.vulnerable-dependency-notification-options %}

{% ifversion update-notification-settings-22 %}
![Screenshot of the notification options for {% data variables.product.prodname_dependabot_alerts %}. A dropdown menu, showing notification frequency options, is highlighted with an orange outline.](/assets/images/help/dependabot/dependabot-notification-frequency.png){% endif %}{% ifversion ghes %}
![Screenshot of the notification options for {% data variables.product.prodname_dependabot_alerts %}. A dropdown menu with frequency options is outlined in orange.](/assets/images/help/dependabot/dependabot-notification-frequency.png){% endif %}{% ifversion ghes %}
![Screenshot of the notification options for {% data variables.product.prodname_dependabot_alerts %}.](/assets/images/help/enterprises/dependabot-alerts-options-no-ui.png){% endif %}

> [!NOTE]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ Many of the events in the timeline also create an event in the audit log, which

Security overview consolidates information about security alerts and provides high-level summaries of the security status of your enterprise or organization.

In security overview you can see repositories with open security alerts{% ifversion security-overview-org-risk-coverage %}, as well as which repositories have enabled specific security features{% endif %}. You can also use security overview to filter and sort security alerts using interactive views.
In security overview you can see repositories with open security alerts{% ifversion ghec or ghes %}, as well as which repositories have enabled specific security features{% endif %}. You can also use security overview to filter and sort security alerts using interactive views.

For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview).

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ You can choose to enable a security feature automatically in all new repositorie
1. In the left sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security and analysis**.
1. Below the name of the feature, select the option for automatically enabling the feature in applicable future repositories.

![Screenshot of "Code security and analysis" page. Below "Dependabot alerts", a checkbox to enable the feature in future repositories is highlighted in orange.](/assets/images/help/security/enable-for-new-repos.png)
![Screenshot of "Code security and analysis" page. Below "Dependabot alerts", the checkbox to enable alerts in new repositories is outlined in orange.](/assets/images/help/security/enable-for-new-repos.png)

## Monitoring the impact of security features

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ In addition to displaying an alert in the **Security** tab of the repository, {%
1. On your notification settings page, under "Subscriptions", then under "Watching", select the **Notify me** dropdown.
1. Select "Email" as a notification option, then click **Save**.

![Screenshot of the notification settings for a user account. An element header, titled "Subscriptions", and a sub-header, titled "Watching", are shown. A checkbox, titled "Email", is highlighted with an orange outline.](/assets/images/help/notifications/repository-watching-notification-options.png)
![Screenshot of the notification settings for a user account. Under "Subscriptions" and "Watching" a checkbox, titled "Email", is outlined in orange.](/assets/images/help/notifications/repository-watching-notification-options.png)

{% data reusables.notifications.watch-settings %}

Expand Down
Loading

0 comments on commit ff2fdd8

Please sign in to comment.