diff --git a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md index fcd10b97c232..1834e85defb1 100644 --- a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md +++ b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md @@ -2,7 +2,7 @@ title: Enabling push protection for your repository shortTitle: Enable push protection intro: 'With push protection, {% data variables.product.prodname_secret_scanning %} blocks contributors from pushing secrets to a repository and generates an alert whenever a contributor bypasses the block.' -product: '{% data reusables.gated-features.secret-scanning %}' +permissions: '{% data reusables.permissions.push-protection %}' versions: fpt: '*' ghes: '*' diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection.md index 5d11fd5ce322..e63738b1921c 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection.md @@ -1,7 +1,7 @@ --- title: About delegated bypass for push protection intro: 'You can control which teams or roles have the ability to bypass push protection in your organization or repository.' -product: '{% data reusables.gated-features.push-protection-for-repos %}' +product: '{% data reusables.gated-features.delegated-bypass %}' versions: feature: push-protection-delegated-bypass type: overview diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md index 24736ef06c3c..08c92b4ebeea 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md @@ -1,8 +1,7 @@ --- title: Enabling delegated bypass for push protection intro: 'You can use delegated bypass for your organization or repository to control who can push commits that contain secrets identified by {% data variables.product.prodname_secret_scanning %}.' -product: '{% data reusables.gated-features.push-protection-for-repos %}' -permissions: 'Organization owners and repository administrators can enable delegated bypass for push protection for their organization and repository, respectively.' +permissions: '{% data reusables.permissions.delegated-bypass %}' versions: feature: push-protection-delegated-bypass type: how_to diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection.md index d87a1d55dea9..09bf167bf822 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection.md @@ -1,8 +1,7 @@ --- title: Managing requests to bypass push protection intro: 'As a member of the bypass list for an organization or repository, you can review bypass requests from other members of the organization or repository.' -product: '{% data reusables.gated-features.push-protection-for-repos %}' -permissions: 'Members of the bypass list can process requests from non-members to bypass push protection.' +permissions: '{% data reusables.permissions.delegated-bypass-list %}' versions: feature: push-protection-delegated-bypass type: how_to diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/excluding-folders-and-files-from-secret-scanning.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/excluding-folders-and-files-from-secret-scanning.md index 82e7f4b586e3..b69c704bec11 100644 --- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/excluding-folders-and-files-from-secret-scanning.md +++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/excluding-folders-and-files-from-secret-scanning.md @@ -1,7 +1,7 @@ --- title: Excluding folders and files from secret scanning intro: 'You can customize {% data variables.product.prodname_secret_scanning %} to exclude directories or files from analysis, by configuring a `secret_scanning.yml` file in your repository.' -product: '{% data reusables.gated-features.secret-scanning %}' +permissions: '{% data reusables.permissions.secret-scanning-alerts %}' shortTitle: Exclude folders and files versions: fpt: '*' diff --git a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line.md b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line.md index 1e4a50ff74e9..925115f2d6f7 100644 --- a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line.md +++ b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line.md @@ -2,7 +2,7 @@ title: Working with push protection from the command line shortTitle: Push protection on the command line intro: 'Learn your options for unblocking your push from the command line to {% data variables.product.prodname_dotcom %} if {% data variables.product.prodname_secret_scanning %} detects a secret in your changes.' -product: '{% data reusables.gated-features.secret-scanning %}' +permissions: '{% data reusables.permissions.push-protection %}' versions: fpt: '*' ghes: '*' diff --git a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui.md b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui.md index 1ed152d8172a..54ffea784c08 100644 --- a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui.md +++ b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui.md @@ -2,7 +2,7 @@ title: Working with push protection in the GitHub UI shortTitle: Push protection in the GitHub UI intro: 'Learn your options for unblocking your commit when {% data variables.product.prodname_secret_scanning %} detects a secret in your changes.' -product: '{% data reusables.gated-features.secret-scanning %}' +permissions: '{% data reusables.permissions.push-protection %}' versions: fpt: '*' ghes: '*' diff --git a/data/reusables/gated-features/delegated-bypass.md b/data/reusables/gated-features/delegated-bypass.md new file mode 100644 index 000000000000..dee876fb33bf --- /dev/null +++ b/data/reusables/gated-features/delegated-bypass.md @@ -0,0 +1,13 @@ +Delegated bypass requires push protection to be enabled for the organization or the repository. See "[AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection)." + +Delegated bypass is available for the following repositories: + +{% ifversion ghec %} + +* Private and internal repositories in organizations using {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled + +{% elsif ghes %} + +* Organization-owned repositories with [{% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled + +{% endif %} diff --git a/data/reusables/gated-features/push-protection-for-repos.md b/data/reusables/gated-features/push-protection-for-repos.md index 113be5f27fdd..c2805ef7d6bd 100644 --- a/data/reusables/gated-features/push-protection-for-repos.md +++ b/data/reusables/gated-features/push-protection-for-repos.md @@ -1,6 +1,13 @@ -{%- ifversion fpt or ghec %} +Push protection for repositories and organizations is available for the following repository types: -Push protection for repositories and organizations is available for {% ifversion ghec %}user-owned {% endif %}public repositories for free. Organizations using {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_advanced_security %} can also enable push protection on their private and internal repositories. +{% ifversion fpt or ghec %} -{%- elsif ghes %} -Push protection is available for organization-owned repositories in {% data variables.product.product_name %} if your enterprise has a license for {% data variables.product.prodname_GH_advanced_security %}.{% endif %} +* {% ifversion ghec %}User-owned public{% elsif fpt %}Public{% endif %} repositories for free +* Private and internal repositories in organizations using {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% ifversion ghec %} +* User namespace repositories belonging to {% data variables.product.prodname_emus %}{% endif %} + +{% elsif ghes %} + +* Organization-owned repositories with [{% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled + +{% endif %} diff --git a/data/reusables/gated-features/push-protection-for-users.md b/data/reusables/gated-features/push-protection-for-users.md index 05e2711fedc2..3187800b594a 100644 --- a/data/reusables/gated-features/push-protection-for-users.md +++ b/data/reusables/gated-features/push-protection-for-users.md @@ -1 +1,3 @@ -Push protection for users is on by default and can be disabled in your personal account settings. +Push protection for users is on by default on the following repository types: + +* Public repositories diff --git a/data/reusables/permissions/delegated-bypass-list.md b/data/reusables/permissions/delegated-bypass-list.md new file mode 100644 index 000000000000..69bc63fc1dd6 --- /dev/null +++ b/data/reusables/permissions/delegated-bypass-list.md @@ -0,0 +1,4 @@ +* Organization owners +* Security managers +* Users in teams, default roles, or custom roles that have been added to the bypass list.{% ifversion push-protection-bypass-fine-grained-permissions %} +* Users who are assigned a custom role with the "review and manage {% data variables.product.prodname_secret_scanning %} bypass requests" fine-grained permission. {% endif %} diff --git a/data/reusables/permissions/delegated-bypass.md b/data/reusables/permissions/delegated-bypass.md new file mode 100644 index 000000000000..ad5353b2743c --- /dev/null +++ b/data/reusables/permissions/delegated-bypass.md @@ -0,0 +1 @@ +Repository owners, organization owners, security managers, and users with the **admin** role diff --git a/data/reusables/permissions/push-protection.md b/data/reusables/permissions/push-protection.md new file mode 100644 index 000000000000..ad5353b2743c --- /dev/null +++ b/data/reusables/permissions/push-protection.md @@ -0,0 +1 @@ +Repository owners, organization owners, security managers, and users with the **admin** role diff --git a/data/reusables/secret-scanning/push-protection-delegated-bypass-note.md b/data/reusables/secret-scanning/push-protection-delegated-bypass-note.md index 909f524013dc..19cfc8e94bda 100644 --- a/data/reusables/secret-scanning/push-protection-delegated-bypass-note.md +++ b/data/reusables/secret-scanning/push-protection-delegated-bypass-note.md @@ -1,6 +1 @@ -Members {% ifversion push-protection-bypass-fine-grained-permissions %}with permission to review and manage bypass requests {% else %}of the bypass list{% endif %} are still protected from accidentally pushing secrets to a repository. If they attempt to push a commit containing a secret, their push is still blocked, but they can choose to bypass the block by specifying a reason for allowing the push. The following types of people can bypass push protection without requesting bypass privileges: - -* Organization owners -* Security managers -* Users in teams, default roles, or custom roles that have been added to the bypass list.{% ifversion push-protection-bypass-fine-grained-permissions %} -* Users who are assigned (either directly or via a team) a custom role with the "review and manage secret scanning bypass requests" fine-grained permission.{% endif %} +Members {% ifversion push-protection-bypass-fine-grained-permissions %}with permission to review and manage bypass requests {% else %}of the bypass list{% endif %} are still protected from accidentally pushing secrets to a repository. If they attempt to push a commit containing a secret, their push is still blocked, but they can choose to bypass the block by specifying a reason for allowing the push.