Merge pull request github#33928 from github/repo-sync

Repo sync
janbrasna · Jul 10, 2024 · 305bc50 · 305bc50
2 parents a5e9ddb + 9621536
commit 305bc50
Show file tree

Hide file tree

Showing 10 changed files with 301 additions and 133 deletions.
diff --git a/content/code-security/secret-scanning/working-with-push-protection.md b/content/code-security/secret-scanning/working-with-push-protection.md
@@ -104,7 +104,9 @@ For a blocked commit, you can remove the secret from the file using the web UI.
 
 Organization owners can provide a custom link that will be displayed when a push is blocked. This custom link can contain resources and advice specific to your organization. For example, the custom link can point to a README file with information about the organization's secret vault, which teams and individuals to escalate questions to, or the organization's approved policy for working with secrets and rewriting commit history.
 
-You can bypass the block by specifying a reason for allowing the secret. For more information on how to bypass push protection and commit the blocked secret, see "[Bypassing push protection when working with the web UI](#bypassing-push-protection-when-working-with-the-web-ui)."
+You may be able to bypass the block by specifying a reason for allowing the secret. For more information on how to bypass push protection and commit the blocked secret, see "[Bypassing push protection when working with the web UI](#bypassing-push-protection-when-working-with-the-web-ui)."
+
+{% ifversion push-protection-delegated-bypass %} Alternatively, you may be required to submit a request for "bypass privileges" in order to commit your changes. For information on how to request permission to bypass push protection and allow the commit containing the secret, see "[Requesting bypass privileges when working with the web UI](#requesting-bypass-privileges-when-working-with-the-web-ui)."{% endif %}
 
 ### Bypassing push protection when working with the web UI
 
@@ -118,11 +120,41 @@ If {% data variables.product.prodname_dotcom %} blocks a secret that you believe
 
 {% data reusables.secret-scanning.push-protection-allow-email %}
 
+{% ifversion push-protection-delegated-bypass %}
+
+If you don't see the option to bypass the block, the repository administrator or organization owner has configured tighter controls around push protection. Instead, you should remove the secret from the commit, or submit a request for "bypass privileges" in order to commit your changes. For more information, see "[Requesting bypass privileges when working with the web UI](#requesting-bypass-privileges-when-working-with-the-web-ui)."
+
+{% endif %}
+
 1. In dialog box that appeared when {% data variables.product.prodname_dotcom %} blocked your commit, review the name and location of the secret.
 {% data reusables.secret-scanning.push-protection-choose-allow-secret-options %}
 {% data reusables.secret-scanning.push-protection-public-repos-bypass %}
 1. Click **Allow secret**.
 
+{% ifversion push-protection-delegated-bypass %}
+
+### Requesting bypass privileges when working with the web UI
+
+{% data reusables.secret-scanning.push-protection-delegate-bypass-beta-note %}
+
+If your commit has been blocked by push protection, you can request permission to bypass the block. The request is sent to a designated group of reviewers, who will either approve or deny the request.
+
+Requests expire after 7 days.
+
+1. In dialog box that appeared when {% data variables.product.prodname_dotcom %} blocked your commit, review the name and location of the secret.
+1. Click **Start request**. The request will open in a new tab.
+{% data reusables.secret-scanning.push-protection-bypass-request-add-comment %}
+{% data reusables.secret-scanning.push-protection-submit-bypass-request %}
+{% data reusables.secret-scanning.push-protection-bypass-request-check-email %}
+
+{% data reusables.secret-scanning.push-protection-bypass-request-decision-email %}
+
+If your request is approved, you can commit the changes containing the secret to the file. You can also commit any future changes that contain the same secret.
+
+If your request is denied, you will need to remove the secret from the file before you can commit your changes.
+
+{% endif %}
+
 ## Further reading
 
 * "[AUTOTITLE](/code-security/secret-scanning/pushing-a-branch-blocked-by-push-protection)"

diff --git a/...configurations/a-repository-has-an-existing-advanced-setup-for-code-scanning.md b/...configurations/a-repository-has-an-existing-advanced-setup-for-code-scanning.md
diff --git a/...curity-configurations/a-repository-is-using-advanced-setup-for-code-scanning.md b/...curity-configurations/a-repository-is-using-advanced-setup-for-code-scanning.md
@@ -0,0 +1,42 @@
+---
+title: A repository is using advanced setup for code scanning
+shortTitle: Active advanced setup
+intro: 'You cannot attach a {% data variables.product.prodname_security_configuration %} with code scanning enabled to repositories that are using advanced setup for code scanning.'
+permissions: '{% data reusables.security-configurations.security-configurations-permissions %}'
+versions:
+  feature: security-configurations
+redirect_from:
+  - /code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-has-an-existing-advanced-setup-for-code-scanning
+topics:
+  - Advanced Security
+  - Organizations
+  - Security
+---
+
+## About the problem
+
+You cannot successfully apply a {% data variables.product.prodname_security_configuration %} with {% data variables.product.prodname_code_scanning %} default setup enabled to a target repository that uses advanced setup for {% data variables.product.prodname_code_scanning %}. Advanced setups are tailored to the specific security needs of their repositories, so they are not intended to be overridden at scale.
+
+If you try to attach a {% data variables.product.prodname_security_configuration %} with {% data variables.product.prodname_code_scanning %} enabled to a repository already using advanced setup, security settings will be applied as follows:
+
+* **{% data variables.product.prodname_code_scanning_caps %} default setup will not be enabled**, and advanced setup will continue to run as normal.
+* **All other security features enabled in the configuration will be enabled.**
+* **The {% data variables.product.prodname_security_configuration %} will not be attached** to the repository, since only some features from the configuration are enabled.
+
+For all repositories without an active advanced setup, the {% data variables.product.prodname_security_configuration %} will be applied as expected, and {% data variables.product.prodname_code_scanning %} default setup will be enabled.
+
+{% note %}
+
+**Note:** If advanced setup is considered inactive for a repository, default setup _will_ still be enabled for that repository. Advanced setup is considered inactive for a repository if the repository meets any of the following criteria:
+* The latest {% data variables.product.prodname_codeql %} analysis is more than 90 days old
+* All {% data variables.product.prodname_codeql %} configurations have been deleted
+* The workflow file has been deleted or disabled (exclusively for YAML-based advanced setup)
+
+{% endnote %}
+
+## Solving the problem
+
+There are two ways you can solve this problem:
+
+1. **Update the affected repositories to use default setup** for {% data variables.product.prodname_code_scanning %} at the repository level and then reapply your {% data variables.product.prodname_security_configuration %} to the repositories. For more information, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)."
+1. **Create a new custom {% data variables.product.prodname_security_configuration %}** that does not include a setting for {% data variables.product.prodname_code_scanning %} and apply this {% data variables.product.prodname_security_configuration %} to repositories that use advanced setup. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration)."
diff --git a/...ity/securing-your-organization/troubleshooting-security-configurations/index.md b/...ity/securing-your-organization/troubleshooting-security-configurations/index.md
@@ -9,6 +9,6 @@ topics:
   - Organizations
   - Security
 children:
-  - /a-repository-has-an-existing-advanced-setup-for-code-scanning
+  - /a-repository-is-using-advanced-setup-for-code-scanning
   - /not-enough-github-advanced-security-licenses
 ---
diff --git a/content/copilot/index.md b/content/copilot/index.md
@@ -11,12 +11,13 @@ introLinks:
   quickstart: /copilot/quickstart
 featuredLinks:
   startHere:
-    - /copilot/using-github-copilot/getting-code-suggestions-in-your-ide-with-github-copilot
+    - /copilot/about-github-copilot/what-is-github-copilot
+    - /copilot/quickstart
   popular:
     - /copilot/using-github-copilot/prompt-engineering-for-github-copilot
-    - /billing/managing-billing-for-github-copilot/about-billing-for-github-copilot
-    - /copilot/managing-copilot/configure-personal-settings/configuring-github-copilot-in-your-environment
-    - /copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-copilot-policies-as-an-individual-subscriber
+    - /copilot/using-github-copilot/getting-code-suggestions-in-your-ide-with-github-copilot
+    - /copilot/using-github-copilot/asking-github-copilot-questions-in-your-ide
+    - /copilot/using-github-copilot/using-github-copilot-in-the-command-line
 layout: product-landing
 versions:
   feature: copilot

diff --git a/...iewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request.md b/...iewing-changes-in-pull-requests/reviewing-proposed-changes-in-a-pull-request.md
@@ -34,7 +34,7 @@ You can change the format of the diff view in this tab by clicking {% octicon "g
    You can also choose to hide whitespace differences. The choice you make only applies to this pull request and will be remembered the next time you visit this page.
 1. Optionally, filter the files to show only the files you want to review{% ifversion pr-tree-view %} or use the file tree to navigate to a specific file{% endif %}. For more information, see "[AUTOTITLE](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/filtering-files-in-a-pull-request)."
 {%- ifversion ghec %}
-1. Optionally, if you have access to {% data variables.product.prodname_copilot_enterprise %}, you can ask {% data variables.product.prodname_copilot_short %} about the changes in a file in a pull request by clicking {% octicon "kebab-horizontal" aria-label="Show options" %} at the top right of the file, clicking **Ask {% data variables.product.prodname_copilot_short %} about this diff**, then typing a request such as "Explain these changes." For more information, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-chat/copilot-chat-in-github/using-github-copilot-chat-in-githubcom#finding-out-about-the-changes-in-a-pull-request)."
+1. Optionally, if you have access to {% data variables.product.prodname_copilot_enterprise %}, you can ask {% data variables.product.prodname_copilot_short %} about the changes in a file in a pull request by clicking {% octicon "kebab-horizontal" aria-label="Show options" %} at the top right of the file, clicking **Ask {% data variables.product.prodname_copilot_short %} about this diff**, then typing a request such as "Explain these changes." For more information, see "[AUTOTITLE](/enterprise-cloud@latest/copilot/github-copilot-chat/copilot-chat-in-github/using-github-copilot-chat-in-githubcom#asking-questions-about-a-specific-pull-request)."
 {%- endif %}
 {% data reusables.repositories.start-line-comment %}
 {% data reusables.repositories.multiple-lines-comment %}