Merge pull request #43030 from github/repo-sync

Repo sync

Author: docs-bot

content/code-security/concepts/secret-security/about-secret-scanning.md

@@ -1,10 +1,6 @@
 ---
 title: About secret scanning
-intro: '{% data variables.product.github %} scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally.'
-product: |
-  {% data reusables.gated-features.secret-scanning %}{% ifversion secret-risk-assessment %}
-
-  {% data variables.secret-scanning.secret-risk-assessment-cta-product %}{% endif %}
+intro: 'Prevent fraudulent use of your secrets by automatically detecting exposed credentials before they can be exploited.'
 redirect_from:
   - /github/administering-a-repository/about-token-scanning
   - /articles/about-token-scanning
@@ -24,107 +20,61 @@ shortTitle: Secret scanning
 contentType: concepts
 ---
 
-## About {% data variables.product.prodname_secret_scanning %}
-
-{% data variables.product.prodname_secret_scanning_caps %} is a security feature that helps detect and prevent the accidental inclusion of sensitive information such as API keys, passwords, tokens, and other secrets in your repository. When enabled, {% data variables.product.prodname_secret_scanning %} scans commits in repositories for known types of secrets and alerts repository administrators upon detection.
-
-{% data variables.product.prodname_secret_scanning_caps %} scans your entire Git history on all branches present in your {% data variables.product.prodname_dotcom %} repository for secrets, even if the repository is archived. {% data variables.product.prodname_dotcom %} will also periodically run a full Git history scan for new secret types in existing content in {% ifversion fpt or ghec %}public repositories{% else %}repositories with {% data variables.product.prodname_GH_secret_protection %} enabled{% endif %} where {% data variables.product.prodname_secret_scanning %} is enabled when new supported secret types are added.
+When credentials like API keys and passwords are committed to repositories, they become targets for unauthorized access. {% data variables.product.prodname_secret_scanning_caps %} automatically detects these exposed secrets so you can secure them before they're exploited.
 
-Additionally, {% data variables.product.prodname_secret_scanning %} scans:
-
-{% data reusables.secret-scanning.what-is-scanned %}
+{% ifversion secret-risk-assessment %}
 
-{% ifversion fpt or ghec %}
-This additional scanning is free for public repositories.
-{% endif %}
-
-{% ifversion ghas-products %}{% ifversion secret-risk-assessment %}
 > [!TIP]
-> Regardless of the enablement status of {% data variables.product.prodname_AS %} features, organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %} can run a free report to scan the code in the organization for leaked secrets.
+> At any time, you can run a free assessment of your organization's code for leaked secrets. 
 >
-> To generate a report, open {% data reusables.security-overview.navigate-to-risk-assessment %}.{% endif %}{% else %}{% endif %}
-
-When a supported secret is leaked, {% data variables.product.github %} generates a {% data variables.product.prodname_secret_scanning %} alert. Alerts are reported on the **Security** tab of repositories on {% data variables.product.github %}, where you can view, evaluate, and resolve them. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning).
+> To generate a report, open {% data reusables.security-overview.navigate-to-risk-assessment %}.
 
-{% ifversion fpt or ghec %}Service providers can partner with {% data variables.product.company_short %} to provide their secret formats for scanning. We automatically run {% data variables.product.prodname_secret_scanning %} for partner patterns on all public repositories and public npm packages.{% data reusables.secret-scanning.partner-program-link %}
-
-Any strings that match patterns that were provided by secret scanning partners are reported directly to the relevant partner, and aren't displayed on {% data variables.product.prodname_dotcom %}. For more information about partner patterns, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts).{% endif %}
-
-For information about the secrets and service providers supported by {% data variables.product.prodname_secret_scanning %}, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets).
-
-You can use the REST API to monitor results from {% data variables.product.prodname_secret_scanning %} across your repositories or organization. For more information about API endpoints, see [AUTOTITLE](/rest/secret-scanning).
-
-You can also use security overview to see an organization-level view of which repositories have enabled {% data variables.product.prodname_secret_scanning %} and the alerts found. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview).
-
-{% data reusables.secret-scanning.audit-secret-scanning-events %}
+{% endif %}
 
-## How {% data variables.product.prodname_secret_scanning %} works
+## How secret scanning protects your code
 
-Below is a typical workflow that explains how {% data variables.product.prodname_secret_scanning %} works:
+{% data variables.product.prodname_secret_scanning_caps %} scans your entire Git history on all branches of your repository for API keys, passwords, tokens, and other known secret types. {% data variables.product.github %} also periodically rescans repositories when new secret types are added.
 
-* **Detection:** {% data variables.product.prodname_secret_scanning_caps %} automatically scans your repository's contents for sensitive data, such as API keys, passwords, tokens, and other secrets. It looks for patterns and heuristics that match known types of secrets.
+{% data variables.product.github %} also automatically scans:
 
-* **Alerts:** When a potential secret is detected, {% data variables.product.prodname_dotcom %} generates an alert and notifies the relevant repository administrators and users. This notification includes details about the detected secret, such as its location in the repository. For more information about alert types and alert details, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts).
+{% data reusables.secret-scanning.what-is-scanned %}
 
-* **Review:** When a secret is detected, you'll need to review the alert details provided.
+### {% data variables.product.prodname_secret_scanning_caps %} alerts and remediation
 
-* **Remediation:** You then need to take appropriate action to remediate the exposure. This should always include rotating the affected credential to ensure it is no longer usable.  It may also include removing the secret from the repository's history (using tools like `git-filter-repo`; see [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository) for more details) though this will likely involve a heavy cost in time and effort, and is usually unnecessary if the credentials have been revoked.
+When {% data variables.product.prodname_secret_scanning %} finds a potential secret, {% data variables.product.github %} generates an alert on your repository's **Security** tab with details about the exposed credential.
 
-* **Monitoring:** It's good practice to regularly audit and monitor your repositories to ensure no other secrets are exposed.
+Review the alert and rotate the affected credential immediately to ensure it can no longer be used. While you can also remove secrets from your Git history, this is time-intensive and often unnecessary if you've already revoked the credential.
 
 {% ifversion fpt or ghec %}
 
-* **Integration with partners:** {% data variables.product.prodname_dotcom %} works with various service providers to validate secrets. When a partner secret is detected, {% data variables.product.prodname_dotcom %} notifies the provider so they can take appropriate action, such as revoking the credential. For more information about the partnership program, see [AUTOTITLE](/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program).
-
-{% endif %}
-
-## About the benefits of {% data variables.product.prodname_secret_scanning %}
-
-* **Enhanced security:** {% data variables.product.prodname_secret_scanning_caps %} scans your repositories for sensitive information like API keys, passwords, tokens, and other secrets. By detecting these early, you can mitigate potential security risks before they are exploited by malicious actors.
+### Partner integration
 
-* **Automated detection:** The feature automatically scans your codebase, including commits, issues, and pull requests, ensuring continuous protection without requiring manual intervention. This automation helps in maintaining security even as your repository evolves.
-
-* **Real-time alerts:** When a secret is detected, {% data variables.product.prodname_secret_scanning %} provides real-time alerts to repository administrators and contributors. This immediate feedback allows for swift remediation actions.
-
-{% ifversion fpt or ghec %}
-
-* **Integration with service providers:** {% data variables.product.prodname_dotcom %} partners with various service providers to validate detected secrets. When a secret is identified, {% data variables.product.prodname_dotcom %} notifies the corresponding service provider to take appropriate actions, such as revoking the exposed credential. For more information, see [AUTOTITLE](/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program).
+{% data variables.product.company_short %} partners with a large variety of service providers to validate detected secrets. When a partner secret is detected, we notify the provider so they can take action, such as revoking the credential. Partner secrets are reported directly to the provider and aren't displayed in your repository alerts. For more information, see [AUTOTITLE](/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program).
 
 {% endif %}
 
-* **Custom pattern support:** Organizations can define custom patterns to detect proprietary or unique types of secrets that may not be covered by default patterns. This flexibility allows for tailored security measures specific to your environment.
-
-* **Ability to detect non-provider patterns:** You can expand the detection to include non-provider patterns such as connection strings, authentication headers, and private keys, for your repository or organization.
-
-## Customizing {% data variables.product.prodname_secret_scanning %}
+## Customizability
 
-Once {% data variables.product.prodname_secret_scanning %} is enabled, you can customize it further:
-
-### Detection of non-provider patterns
-
-Scan for and detect secrets that are not specific to a service provider, such as private keys and generic API keys. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns).
-
-### Performing validity checks
-
-Validity checks help you prioritize alerts by telling you which secrets are `active` or `inactive`. For more information, see{% ifversion secret-scanning-validity-check-partner-patterns %} [AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository) and{% endif %} [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity).
-
-### Defining custom patterns
-
-Define your own patterns for secrets used by your organization that {% data variables.product.prodname_secret_scanning %} can scan for and detect. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning).
+Beyond the default detection of partner and provider secrets, you can expand and customize {% data variables.product.prodname_secret_scanning %} to fit your needs.
 
+* **Non-provider patterns.** Expand detection to secrets that aren't tied to a specific service provider, such as private keys, connection strings, and generic API keys.
+* **Custom patterns.** Define your own regular expressions to detect organization-specific secrets that aren't covered by default patterns.
+* **Validity checks.** Prioritize remediation by checking whether detected secrets are still active.
 {% ifversion secret-scanning-ai-generic-secret-detection %}
+* **{% data variables.secret-scanning.copilot-secret-scanning %}.** Use AI to detect unstructured secrets like passwords, or to generate regular expressions for custom patterns.
+{% endif %}
+
+## How can I access this feature?
 
-### {% data variables.secret-scanning.copilot-secret-scanning %}
+{% data reusables.gated-features.secret-scanning %}
 
-* **{% data variables.secret-scanning.generic-secret-detection-caps %}:** Leverage {% data variables.product.prodname_secret_scanning %}'s AI capabilities to detect unstructured secrets, such as passwords, in your repository. For more information, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).{% ifversion secret-scanning-custom-pattern-ai-generated %}
-* **{% data variables.secret-scanning.custom-pattern-regular-expression-generator-caps %}:** Leverage {% data variables.product.prodname_secret_scanning %}'s AI capabilities to generate regular expressions that will capture all your custom patterns. For more information, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-regex-generator).{% endif %}
+## Next steps
 
+* **If you've received an alert**, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning) to learn how to review, resolve, and remediate exposed secrets.
+{%- ifversion secret-risk-assessment %}
+* **If you're securing an organization**, see [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/assess-your-secret-risk) to determine your organization's exposure to leaked secrets.
 {% endif %}
 
 ## Further reading
 
-* [AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository)
-* [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection)
-* [AUTOTITLE](/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization)
-* [AUTOTITLE](/code-security/getting-started/securing-your-repository)
-* [AUTOTITLE](/authentication/keeping-your-account-and-data-secure)
+* For a complete list of supported secrets and service providers, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets).

content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/configuring-secret-scanning-for-your-appliance.md

@@ -2,7 +2,6 @@
 title: Configuring secret scanning for your appliance
 shortTitle: Configure secret scanning
 intro: You can enable, configure, and disable {% data variables.product.prodname_secret_scanning %} for {% data variables.product.prodname_ghe_server %}. {% data variables.product.prodname_secret_scanning_caps %} allows users to scan code for accidentally committed secrets.
-product: '{% data reusables.gated-features.secret-scanning %}'
 redirect_from:
   - /admin/configuration/configuring-secret-scanning-for-your-appliance
   - /admin/advanced-security/configuring-secret-scanning-for-your-appliance
@@ -22,10 +21,13 @@ contentType: how-tos
 
 If someone checks a secret with a known pattern into a repository, {% data variables.product.prodname_secret_scanning %} catches the secret as it's checked in, and helps you mitigate the impact of the leak. Repository administrators are notified about any commit that contains a secret, and they can quickly view all detected secrets in the **Security** tab for the repository. See [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning).
 
+## Availability
+
+When the enterprise has [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled, {% data variables.product.prodname_secret_scanning_caps %} is available for organization-owned and user-owned repositories.
+
 ## Checking whether your license includes {% data variables.product.prodname_AS %}
 
 {% data reusables.advanced-security.check-for-ghas-license %}
-
 ## Prerequisites for {% data variables.product.prodname_secret_scanning %}
 
 * The SSSE3 (Supplemental Streaming SIMD Extensions 3) CPU flag needs to be enabled on the VM/KVM that runs {% data variables.product.prodname_ghe_server %}. For more information about SSSE3, see [Intel 64 and IA-32 Architectures Optimization Reference Manual](https://cdrdv2-public.intel.com/671488/248966-Software-Optimization-Manual-R047.pdf) in the Intel documentation.

content/rest/billing/index.md

@@ -14,6 +14,7 @@ children:
   - /budgets
   - /cost-centers
   - /usage
+  - /usage-reports
 autogenerated: rest
 ---
 

content/rest/billing/usage-reports.md

@@ -0,0 +1,13 @@
+---
+title: Usage reports
+shortTitle: Usage reports
+intro: Use the REST API to create and retrieve usage report exports for an enterprise.
+versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖
+  ghec: '*'
+topics:
+  - API
+autogenerated: rest
+allowTitleToDifferFromFilename: true
+---
+
+<!-- Content after this section is automatically generated -->

data/reusables/gated-features/secret-scanning.md

@@ -1,17 +1,5 @@
 {% data variables.product.prodname_secret_scanning_caps %} is available for the following repository types:
 
-{%- ifversion fpt %}
-* Public repositories on {% data variables.product.prodname_dotcom_the_website %}
-* Organization-owned repositories on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled
-
-{%- elsif ghec %}
-* Public repositories on {% data variables.product.prodname_dotcom_the_website %}
-* Organization-owned repositories on {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% ifversion secret-scanning-user-owned-repos %}
-* User-owned repositories for {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_emus %}{% endif %}
-
-{%- elsif ghes %}
-
-* Organization-owned repositories with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% ifversion secret-scanning-user-owned-repos %}
-* User-owned repositories for enterprises with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
-
-{% endif %}
+* **Public repositories**: {% data variables.product.prodname_secret_scanning_caps %} runs automatically for free.
+* **Organization-owned private and internal repositories**: Available with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled on {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %}.
+* **User-owned repositories**: Available on {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_emus %}. Available on {% data variables.product.prodname_ghe_server %} when the enterprise has [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled.