Skip to content
2 changes: 1 addition & 1 deletion content/admin/overview/system-overview.md
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ For more information, see [AUTOTITLE](/admin/configuration/configuring-your-ente

{% data variables.product.prodname_ghe_server %} is provided as an appliance, and many of the operating system packages are modified compared to the usual Ubuntu distribution. We do not support modifying the underlying operating system for this reason (including operating system upgrades), which is aligned with the [{% data variables.product.prodname_ghe_server %} license and support agreement](https://enterprise.github.com/license), under section 11.3 Exclusions.

Currently, the base operating system for {% data variables.product.prodname_ghe_server %} is Ubuntu 20 (Focal Fossa). Although Ubuntu 20 (Focal Fossa) will reach the end of standard support by May 2025, we will be able to use extended security maintenance and get security support beyond 2025.
Currently, the base operating system for {% data variables.product.prodname_ghe_server %} is Ubuntu 20.04 LTS (Focal Fossa). Although Ubuntu 20.04 LTS reached the end of standard support in May 2025, we use Expanded Security Maintenance (ESM), which provides security updates through May 2030.

Regular patch updates are released on the {% data variables.product.prodname_ghe_server %} [releases](https://enterprise.github.com/releases) page, and the [release notes](/admin/release-notes) page provides more information. These patches typically contain upstream vendor and project security patches after they've been tested and quality approved by our engineering team. There can be a slight time delay from when the upstream update is released to when it's tested and bundled in an upcoming {% data variables.product.prodname_ghe_server %} patch release.

Expand Down
2 changes: 1 addition & 1 deletion content/billing/reference/cost-center-allocation.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ This article contains reference information for how spending is assigned to cost
| {% data variables.product.prodname_enterprise %} | The user who receives the license (priority), or the organization that is billed for the license. |
| Git Large File Storage | The repository or organization where Git LFS is used. |
| {% data variables.product.prodname_registry %} | The repository or organization that owns the package. |
| {% data variables.product.prodname_prus_caps %} | The user who triggered {% data variables.product.prodname_pru %} usage (priority), or the organization that granted the user's {% data variables.product.prodname_copilot_short %} license. |
| {% data variables.product.prodname_ai_credits_short %} | The user who triggered {% data variables.product.prodname_ai_credit_singular %} usage (priority), or the organization that granted the user's {% data variables.product.prodname_copilot_short %} license. |
| {% data variables.product.prodname_GHAS %} | A user who uses a license (priority), or the organization that is billed for the license. |

## Details for license-based products
Expand Down
10 changes: 5 additions & 5 deletions content/code-security/concepts/secret-security/about-alerts.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,16 +33,16 @@ The default alerts list displays alerts that relate to supported patterns and sp

### Generic alerts list

The generic alerts list displays alerts that relate to non-provider patterns (such as private keys){% ifversion secret-scanning-ai-generic-secret-detection %}, or generic secrets detected using AI (such as passwords){% endif %}. These types of alerts can have a higher rate of false positives or secrets used in tests. You can toggle to the generic alerts list from the default alerts list.
The generic alerts list displays alerts that relate to generic secrets detected with patterns and deterministic methods (such as private keys){% ifversion secret-scanning-ai-generic-secret-detection %}, as well as secrets detected with AI (such as passwords){% endif %}. These types of alerts can have a higher rate of false positives or secrets used in tests. You can toggle to the generic alerts list from the default alerts list.

{% data variables.product.github %} will continue to release new patterns and secret types to the generic alerts list and will promote them to the default list when feature-complete (that is, when they have an appropriately low volume and false positive rate).
{% data variables.product.github %} will continue to release new patterns and secret types to the generic alerts list.

In addition, alerts that fall into this category:
* Are limited in quantity to 5000 alerts per repository (this includes open and closed alerts).
* Are not shown in the summary views for security overview, only in the "{% data variables.product.prodname_secret_scanning_caps %}" view.
* Only have the first five detected locations shown on {% data variables.product.prodname_dotcom %} for non-provider patterns{% ifversion secret-scanning-ai-generic-secret-detection %}, and only the first detected location shown for AI-detected generic secrets{% endif %}.
* Only have the first five detected locations shown on {% data variables.product.prodname_dotcom %} for generic patterns{% ifversion secret-scanning-ai-generic-secret-detection %}, and only the first detected location shown for AI-detected secrets{% endif %}.

For {% data variables.product.company_short %} to scan for non-provider patterns{% ifversion secret-scanning-ai-generic-secret-detection %} and generic secrets{% endif %}, you must first enable the feature{% ifversion secret-scanning-ai-generic-secret-detection %}s{% endif %} for your repository or organization. For more information, see [AUTOTITLE](/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-secret-scanning-for-non-provider-patterns){% ifversion secret-scanning-ai-generic-secret-detection %} and [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/enabling-ai-powered-generic-secret-detection){% endif %}.
For {% data variables.product.company_short %} to scan for generic patterns{% ifversion secret-scanning-ai-generic-secret-detection %} and AI-detected secrets{% endif %}, you must first enable the feature{% ifversion secret-scanning-ai-generic-secret-detection %}s{% endif %} for your repository or organization. For more information, see [AUTOTITLE](/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-secret-scanning-for-generic-patterns){% ifversion secret-scanning-ai-generic-secret-detection %} and [AUTOTITLE](/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-secret-scanning-for-ai-detected-secrets){% endif %}.

{% data reusables.secret-scanning.secret-scanning-pattern-pair-matches %}

Expand Down Expand Up @@ -70,4 +70,4 @@ Partner alerts are not sent to repository administrators, so you do not need to
## Further reading

* [AUTOTITLE](/code-security/reference/secret-security/supported-secret-scanning-patterns)
* [AUTOTITLE](/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-secret-scanning-for-non-provider-patterns)
* [AUTOTITLE](/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-secret-scanning-for-generic-patterns)
Original file line number Diff line number Diff line change
Expand Up @@ -79,10 +79,10 @@ Exposed secrets can cost your organization money in several ways.

### 1. Prevent new secrets from being committed

Enable **Push protection** to scan code during `git push` operations and block commits containing detected secrets before they enter your repository. This prevents hardcoded credentials from being added to your codebase and provides real-time feedback to developers at the point of risk, covering both provider patterns for known services and non-provider patterns such as private keys and generic API keys.
Enable **Push protection** to scan code during `git push` operations and block commits containing detected secrets before they enter your repository. This prevents hardcoded credentials from being added to your codebase and provides real-time feedback to developers at the point of risk, covering both provider patterns for known services and generic patterns such as private keys and generic API keys. Please note, not all secret types are push protected by default and must be configured by your organization, based on your tolerance for risk vs. noise.

Encourage individual developers to enable push protection for their personal accounts to protect all their pushes across {% data variables.product.github %}, regardless of organization policies. This helps prevent secret sprawl by catching leaked credentials before they reach your repositories.

### 2. Detect existing secrets

Use **{% data variables.product.prodname_secret_scanning %}** to continuously monitor your repositories for hardcoded secrets and generate alerts when credentials are detected, enabling you to revoke and rotate compromised credentials quickly. Beyond default detection of provider patterns, you can expand scanning to non-provider patterns and define custom patterns for organization-specific secrets. This helps you gain visibility into secret sprawl across your organization.
Use **{% data variables.product.prodname_secret_scanning %}** to continuously monitor your repositories for hardcoded secrets and generate alerts when credentials are detected, enabling you to revoke and rotate compromised credentials quickly. Beyond default detection of provider patterns, you can expand scanning to generic patterns and define custom patterns for organization-specific secrets. This helps you gain visibility into secret sprawl across your organization.
Original file line number Diff line number Diff line change
Expand Up @@ -57,11 +57,11 @@ When you receive an alert, rotate the affected credential immediately to prevent

Beyond the default detection of partner and provider secrets, you can expand and customize {% data variables.product.prodname_secret_scanning %} to fit your needs.

* **Non-provider patterns.** Expand detection to secrets that aren't tied to a specific service provider, such as private keys, connection strings, and generic API keys.
* **Generic patterns.** Expand detection to secrets that aren't tied to a specific service provider, such as private keys, connection strings, and generic API keys.
* **Custom patterns.** Define your own regular expressions to detect organization-specific secrets that aren't covered by default patterns.
* **Validity checks.** Prioritize remediation by checking whether detected secrets are still active.
{% ifversion secret-scanning-ai-generic-secret-detection %}
* **{% data variables.secret-scanning.copilot-secret-scanning %}.** Use AI to detect unstructured secrets like passwords, or to generate regular expressions for custom patterns.
* **{% data variables.secret-scanning.ai-detected-secrets-caps %}.** Use AI to detect unstructured secrets like passwords, or to generate regular expressions for custom patterns.
{% endif %}

{% ifversion secret-scanning-validity-check-partner-patterns %}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ The assessment report includes:
- **Total secrets detected**: The aggregate count of exposed secrets in your organization.
- **Public leaks**: Secrets found in public repositories that are accessible to anyone.
- **Preventable leaks**: Secrets that could have been blocked with push protection enabled.
- **Secret categories**: The distribution of secret types (such as AWS keys, {% data variables.product.github %} tokens, or generic passwords).
- **Secret categories**: The distribution of secret types (such as AWS keys, {% data variables.product.github %} tokens, or AI-detected secrets).

### Why assess your risk

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -136,9 +136,9 @@ Automatically detect hardcoded credentials that have been checked into a reposit

{% ifversion secret-scanning-ai-generic-secret-detection %}

### {% data variables.secret-scanning.copilot-secret-scanning %}
### {% data variables.secret-scanning.ai-detected-secrets-caps %}

{% data variables.secret-scanning.copilot-secret-scanning %}'s generic secret detection is an AI-powered expansion of {% data variables.product.prodname_secret_scanning %} that identifies unstructured secrets (passwords) in your source code and then generates an alert. For more information, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).
{% data variables.secret-scanning.ai-detected-secrets-caps %}'s generic secret detection is an AI-powered expansion of {% data variables.product.prodname_secret_scanning %} that identifies unstructured secrets (passwords) in your source code and then generates an alert. For more information, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).

{% endif %}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,7 @@ As an alternative to default setup, you can use advanced setup, which generates
1. Click **{% data variables.product.UI_advanced_security %}**.
1. If "{% data variables.product.prodname_secret_protection %}" or "{% data variables.product.prodname_GHAS %}" is not already enabled, click **Enable**.
1. If the option "{% data variables.product.prodname_secret_scanning_caps %}" is shown, click **Enable**.
1. Choose whether you want to enable additional features, such as scanning for non-provider patterns and push protection.
1. Choose whether you want to enable additional features, such as scanning for generic patterns and push protection.

## Setting a security policy

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ Alerts for {% data variables.product.prodname_secret_scanning %} are displayed u
{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.sidebar-security %}
1. In the left sidebar, under "Vulnerability alerts", click **{% data variables.product.prodname_secret_scanning_caps %}**.
1. Optionally, toggle to "Generic" to see alerts for non-provider patterns{% ifversion secret-scanning-ai-generic-secret-detection %} or generic secrets detected using AI{% endif %}.
1. Optionally, toggle to "Generic" to see alerts for generic patterns{% ifversion secret-scanning-ai-generic-secret-detection %} or secrets detected with AI{% endif %}.
1. Under "{% data variables.product.prodname_secret_scanning_caps %}", click the alert you want to view.
{% ifversion secret-scanning-user-owned-repos %}

Expand All @@ -47,9 +47,9 @@ You can apply various filters to the alerts list to help you find the alerts you
|`repo`|Display alerts detected in a specified repository (`REPOSITORY-NAME`), for example: `repo:octo-repository`.|
|`resolution`|Display alerts closed as "false positive" (`false-positive`), "hidden by config" (`hidden-by-config`), "pattern deleted" (`pattern-deleted`), "pattern edited" (`pattern-edited`), "revoked" (`revoked`), "used in tests" (`used-in-tests`), or "won't fix" (`wont-fix`).|
|{% ifversion fpt or ghec %}|
|`results`|Display alerts for supported secrets and custom patterns (`default`), or for non-provider patterns (`generic`) such as private keys, and AI-detected generic secrets such as passwords. See [AUTOTITLE](/code-security/reference/secret-security/supported-secret-scanning-patterns), and for more information about AI-detected generic secrets, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).|
|`results`|Display alerts for supported secrets and custom patterns (`default`), or for generic patterns (`generic`) such as private keys, and AI-detected generic secrets such as passwords. See [AUTOTITLE](/code-security/reference/secret-security/supported-secret-scanning-patterns), and for more information about AI-detected generic secrets, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).|
|{% elsif ghes %}|
|`results`|Display alerts for supported secrets and custom patterns (`default`), or non-provider patterns such as private keys (`generic`). See [AUTOTITLE](/code-security/reference/secret-security/supported-secret-scanning-patterns).|
|`results`|Display alerts for supported secrets and custom patterns (`default`), or generic patterns such as private keys (`generic`). See [AUTOTITLE](/code-security/reference/secret-security/supported-secret-scanning-patterns).|
|{% endif %}|
|`secret-type`|Display alerts for a specific secret type (`SECRET-NAME`), for example, `secret-type:github_personal_access_token`. For a list of supported secret types, see [AUTOTITLE](/code-security/reference/secret-security/supported-secret-scanning-patterns#supported-secrets).|
|`sort`|Display alerts from newest to oldest (`created-desc`), oldest to newest (`created-asc`), most recently updated (`updated-desc`), or least recently updated (`updated-asc`).|
Expand Down
Loading
Loading