Skip to content

Commit fa0cdcd

Browse files
authored
Merge pull request #45018 from github/repo-sync
Repo sync
2 parents 398a300 + e8a29a4 commit fa0cdcd

91 files changed

Lines changed: 78651 additions & 36623 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

content/code-security/concepts/secret-security/index.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ contentType: concepts
1010
children:
1111
- /secret-leakage-risks
1212
- /secret-scanning
13+
- /public-monitoring
1314
- /push-protection
1415
- /secret-security-with-github
1516
- /about-alerts
Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
---
2+
title: Public monitoring for secret scanning
3+
shortTitle: Public monitoring
4+
allowTitleToDifferFromFilename: true
5+
intro: 'Public monitoring detects credentials leaked by your enterprise members in public repositories across {% data variables.product.github %}, giving you visibility into secret exposure beyond your enterprise''s boundaries.'
6+
versions:
7+
feature: secret-scanning-public-monitoring
8+
product: 'Public monitoring is available for enterprises on {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_GH_advanced_security %} or {% data variables.product.prodname_GH_secret_protection %} enabled. Public monitoring is **not available for {% data variables.enterprise.data_residency %}**.'
9+
contentType: concepts
10+
category:
11+
- Protect your secrets
12+
---
13+
14+
{% data reusables.secret-scanning.public-monitoring-public-preview %}
15+
16+
## About public monitoring
17+
18+
{% data variables.product.github %} monitors for secrets leaked across {% data variables.product.github %} in real time. Public monitoring attributes publicly exposed secrets back to your enterprise, based on where your people commit.
19+
20+
{% data variables.product.prodname_secret_scanning_caps %} detects secrets in repositories that your enterprise owns. Public monitoring extends this detection to secrets found in arbitrary public repos across {% data variables.product.github %}.com, regardless of whether or not your enterprise owns the repository where it was leaked.
21+
22+
This gives enterprise security administrators visibility into credential exposure they wouldn't otherwise be aware of, helping identify potential risks and leaked secrets which could be exploited by bad actors.
23+
24+
## How public monitoring works
25+
26+
Public monitoring scans public repositories, including non-code content like issue and pull request comments across {% data variables.product.github %} for secrets associated with your enterprise. When a secret is detected, an alert is surfaced in the enterprise-level security overview.
27+
28+
### Attribution methods
29+
30+
Public monitoring uses two methods to associate detected secrets with your enterprise:
31+
32+
* **Enterprise membership:** Secrets leaked by users who are members of your enterprise
33+
* **Verified domain matching:** Secrets leaked by users whose email address matches a verified domain of your enterprise, even if they are not direct enterprise members
34+
35+
Both attribution methods are active when public monitoring is enabled.
36+
37+
## Requirements
38+
39+
To use public monitoring, your enterprise must:
40+
41+
* Have {% data variables.product.prodname_GH_advanced_security %} or {% data variables.product.prodname_GH_secret_protection %} enabled

content/code-security/concepts/secret-security/secret-scanning.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -77,3 +77,11 @@ Validity checks are separate from {% data variables.product.prodname_secret_scan
7777
## How can I access this feature?
7878

7979
{% data reusables.gated-features.secret-scanning %}
80+
81+
{% ifversion secret-scanning-public-monitoring %}
82+
83+
## Public monitoring
84+
85+
In addition to scanning repositories your enterprise owns, you can enable public monitoring to detect secrets leaked by your enterprise members in public repositories across {% data variables.product.github %}. This extends {% data variables.product.prodname_secret_scanning %} beyond the repositories your enterprise owns to follow your members' activity across the platform. See [AUTOTITLE](/code-security/concepts/secret-security/public-monitoring).
86+
87+
{% endif %}
Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
---
2+
title: Enabling public monitoring for your enterprise
3+
shortTitle: Enable public monitoring
4+
intro: 'Start detecting secrets your enterprise members leak in public repositories outside your enterprise''s boundaries.'
5+
versions:
6+
feature: secret-scanning-public-monitoring
7+
permissions: Enterprise owners can enable public monitoring for their enterprise.
8+
contentType: how-tos
9+
category:
10+
- Secure at scale
11+
---
12+
13+
{% data reusables.secret-scanning.public-monitoring-public-preview %}
14+
15+
## Prerequisites
16+
17+
Before enabling public monitoring, ensure your enterprise has:
18+
19+
* {% data variables.product.prodname_GH_advanced_security %} or {% data variables.product.prodname_GH_secret_protection %} enabled
20+
* While not necessary, we recommend having at one verified domain configured (see [AUTOTITLE](/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise)) in order to get the full value for the feature.
21+
22+
## Enabling public monitoring
23+
24+
{% data reusables.enterprise-accounts.access-enterprise %}
25+
{% data reusables.enterprise-accounts.settings-tab %}
26+
{% data reusables.enterprise-accounts.advanced-security-tab %}
27+
1. Under "Additional Settings," toggle **Public monitoring**.

content/code-security/how-tos/secure-at-scale/configure-enterprise-security/manage-your-coverage/index.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,5 +9,6 @@ contentType: how-tos
99
children:
1010
- /edit-custom-configuration
1111
- /delete-custom-configuration
12+
- /enabling-public-monitoring-for-your-enterprise
1213
---
1314

content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/protect-your-secrets.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,3 +31,10 @@ Before you configure {% data variables.product.prodname_GH_secret_protection %}:
3131
* **For all repositories**: Click to see an estimated cost for {% data variables.product.prodname_GH_secret_protection %} for all repositories in your organization.
3232
* If you are satisfied with the pricing estimate, to enable {% data variables.product.prodname_secret_scanning %} alerts and push protection across your organization, click **Enable {% data variables.product.prodname_secret_protection %}**.
3333
* Alternatively, click **Configure in settings** to customize which repositories you want to enable {% data variables.product.prodname_secret_protection %} for. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration).
34+
35+
{% ifversion secret-scanning-public-monitoring %}
36+
37+
> [!TIP]
38+
> To extend secret detection beyond repositories your enterprise owns, enterprise owners can enable public monitoring. Public monitoring detects secrets leaked by enterprise members in public repositories across {% data variables.product.github %}. For more information, see [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-enterprise-security/manage-your-coverage/enabling-public-monitoring-for-your-enterprise).
39+
40+
{% endif %}

content/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enable-secret-scanning.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,14 @@ If your organization is owned by an enterprise account, an enterprise owner can
4545

4646
A repository administrator can choose to disable {% data variables.product.prodname_secret_scanning %} for a repository at any time. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository).
4747

48+
{% ifversion secret-scanning-public-monitoring %}
49+
50+
## Extending detection with public monitoring
51+
52+
The enablement steps above configure {% data variables.product.prodname_secret_scanning %} for repositories your organization or enterprise owns. To detect secrets leaked by your enterprise members in public repositories across {% data variables.product.github %}, you can enable public monitoring at the enterprise level. See [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-enterprise-security/manage-your-coverage/enabling-public-monitoring-for-your-enterprise).
53+
54+
{% endif %}
55+
4856
## Next steps
4957

5058
* [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts)

content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/index.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ children:
1616
- /viewing-security-insights
1717
- /viewing-metrics-for-pull-request-alerts
1818
- /viewing-metrics-for-secret-scanning-push-protection
19+
- /viewing-public-monitoring-alerts
1920
- /viewing-metrics-for-dependabot-alerts
2021
- /export-risk-report-csv
2122
---
Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
---
2+
title: Viewing public monitoring alerts
3+
shortTitle: View public monitoring alerts
4+
allowTitleToDifferFromFilename: true
5+
intro: 'Find out which credentials your enterprise members have exposed in public repositories across {% data variables.product.github %}.'
6+
permissions: 'Enterprise owners can access the public monitoring page in security overview.'
7+
versions:
8+
feature: secret-scanning-public-monitoring
9+
contentType: how-tos
10+
category:
11+
- Secure at scale
12+
---
13+
14+
{% data reusables.secret-scanning.public-monitoring-public-preview %}
15+
16+
## About the public monitoring page
17+
18+
The **Public monitoring** page is a dedicated view within the enterprise-level security overview. It displays alerts for secrets detected in public repositories across {% data variables.product.github %} that are attributed to your enterprise members or users with an email matching your enterprise's verified domain.
19+
20+
> [!NOTE]
21+
> The Public monitoring page is available at the enterprise level only. It is not available at the organization level.
22+
23+
## Prerequisites
24+
25+
Public monitoring must be enabled for your enterprise. See [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-enterprise-security/manage-your-coverage/enabling-public-monitoring-for-your-enterprise).
26+
27+
## Viewing public monitoring alerts
28+
29+
{% data reusables.enterprise-accounts.access-enterprise %}
30+
{% data reusables.enterprise-accounts.security-and-code-quality-tab %}
31+
1. In the left sidebar, click **{% octicon "key" aria-hidden="true" aria-label="key" %} Public monitoring**.
32+
33+
The alert list shows each detected secret with the following details:
34+
35+
* The type of secret detected (for example, "Google API Key")
36+
* A partial secret value
37+
* Who the leak is attributed to and in which public repository
38+
* How long ago the secret was detected
39+
40+
1. Click an alert to open the detail panel. The panel includes:
41+
* The date the secret was committed
42+
* The full secret literal
43+
* Attribution details, including the committer's username and email
44+
* The file location where the secret was detected, with the secret highlighted in context
45+
* A **Recommendations** tab with suggested remediation steps

content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-security-insights.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,10 @@ You can download a CSV file of the overview dashboard data for your organization
4545

4646
{% data reusables.security-overview.enterprise-filters-tip %}
4747

48+
{% ifversion secret-scanning-public-monitoring %}
49+
The enterprise security overview also includes a **Public monitoring** page, where you can view alerts for secrets leaked by enterprise members in public repositories outside your enterprise. See [AUTOTITLE](/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-public-monitoring-alerts).
50+
{% endif %}
51+
4852
{% endif %}
4953

5054
## Next steps

0 commit comments

Comments
 (0)