Skip to content

Commit

Permalink
Fix articles that don't start with an H2 (github#34278)
Browse files Browse the repository at this point in the history
  • Loading branch information
@lecoursen
lecoursen authored Jan 31, 2023
1 parent 437c51e commit 42a172b
Show file tree
Hide file tree
Showing 12 changed files with 88 additions and 91 deletions.
4 changes: 2 additions & 2 deletions ...ctions/monitoring-and-troubleshooting-workflows/viewing-workflow-run-history.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ versions:

{% data reusables.cli.cli-learn-more %}

### Viewing recent workflow runs
## Viewing recent workflow runs

To list the recent workflow runs, use the `run list` subcommand.

Expand All @@ -49,7 +49,7 @@ To only return runs for the specified workflow, you can use the `-w` or `--workf
gh run list --workflow WORKFLOW
```

### Viewing details for a specific workflow run
## Viewing details for a specific workflow run

To display details for a specific workflow run, use the `run view` subcommand. Replace `run-id` with the ID of the run that you want to view. If you don't specify a `run-id`, {% data variables.product.prodname_cli %} returns an interactive menu for you to choose a recent run.

Expand Down
26 changes: 13 additions & 13 deletions ...-advanced-security-at-scale/phase-1-align-on-your-rollout-strategy-and-goals.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,50 +17,50 @@ This article is part of a series on adopting {% data variables.product.prodname_

{% endnote %}

### Set clear goals for your company’s rollout
## Set clear goals for your company’s rollout

To build a foundation for the direction of your company's rollout, outline goals for GHAS within your company, and communicate those goals to your team. Your goals can be simple or complex, as long as your team is aligned. If you need assistance with your goals, {% data variables.product.prodname_professional_services %} can provide recommendations based on our experience with your company and other customers.

Here are some high-level examples of what your goals for rolling out GHAS might look like:

- **Reducing the number of vulnerabilities**: This may be in general, or because your company was recently impacted by a significant vulnerability that you believe could have been prevented by a tool like GHAS.
- **Identifying high-risk repositories**: Some companies simply want to target repositories that contain the most risk, enabling them to reduce risk by remediating vulnerabilities.
- **Increasing remediation rates**: To prevent the accumulation of security debt, you may wish to drive developer adoption of findings and ensure these vulnerabilities are remediated in a timely manner.
- **Increasing remediation rates**: To prevent the accumulation of security debt, you may wish to drive developer adoption of findings and ensure these vulnerabilities are remediated in a timely manner.
- **Meeting compliance requirements**: For example, many healthcare companies use GHAS to prevent the exposure of PHI (Personal Health Information).
- **Preventing secrets leakage**: Many companies want to prevent critical information from being leaked, such as software keys or financial data.

### Lead your rollout with both your security and development groups
## Lead your rollout with both your security and development groups

Companies that involve both their security and development teams in their GHAS rollouts tend to be more successful than companies who only involve their security group, waiting to include development teams once the pilot has concluded.
Companies that involve both their security and development teams in their GHAS rollouts tend to be more successful than companies who only involve their security group, waiting to include development teams once the pilot has concluded.

GHAS takes a developer-centered approach to software security by integrating seamlessly into the developer workflow. Having key representation from your development group early in the process decreases the risk of your rollout and encourages organizational buy-in.

Involving development groups earlier, ideally from the time of purchase, helps companies utilize GHAS to address security concerns earlier in the development process. When both groups work together, they achieve alignment early in the process, remove silos, build and strengthen their working relationships, and take more responsibility for the rollout.
Involving development groups earlier, ideally from the time of purchase, helps companies utilize GHAS to address security concerns earlier in the development process. When both groups work together, they achieve alignment early in the process, remove silos, build and strengthen their working relationships, and take more responsibility for the rollout.


### Learn about GHAS
## Learn about GHAS

To set realistic expectations for the rollout, ensure that all stakeholders understand the following key facts about how GHAS works.

#### 1. GHAS is a suite of security tools that require action to protect your code
### 1. GHAS is a suite of security tools that require action to protect your code

GHAS is a suite of tools that increases with value when configured, maintained, used in daily workflows, and in combination with other tools.
GHAS is a suite of tools that increases with value when configured, maintained, used in daily workflows, and in combination with other tools.

#### 2. GHAS will require adjustment out of the box
### 2. GHAS will require adjustment out of the box

After GHAS is set up on your repositories, you'll need to configure GHAS to meet your company’s needs. Code scanning in particular requires further customization, such as evaluating initial results and making adjustments for future scans. Many customers find that initial scans return limited or irrelevant results until code scanning is adjusted based on the application's threat model.

#### 3. GHAS tools are most effective when used together and integrated into your application security program
### 3. GHAS tools are most effective when used together and integrated into your application security program

GHAS is most effective when all of the tools are used together. The effectiveness of your application security program is further improved by integrating GHAS with other tools and activities, such as penetration testing and dynamic scans. We recommend always utilizing multiple layers of protection.

#### 4. Custom {% data variables.product.prodname_codeql %} queries are used by some companies to customize and target scan results
### 4. Custom {% data variables.product.prodname_codeql %} queries are used by some companies to customize and target scan results

Code scanning is powered by {% data variables.product.prodname_codeql %}, the world’s most powerful code analysis engine. For many of our customers, the base query set and additional queries available in the community are more than sufficient. However, other companies may require custom {% data variables.product.prodname_codeql %} queries to target different results or reduce false positives.

If your company is interested in custom {% data variables.product.prodname_codeql %} queries, we recommend completing your rollout and implementation of GHAS first. Then, when your company is ready, {% data variables.product.prodname_professional_services %} can help you navigate your requirements and ensure your company needs custom queries.
If your company is interested in custom {% data variables.product.prodname_codeql %} queries, we recommend completing your rollout and implementation of GHAS first. Then, when your company is ready, {% data variables.product.prodname_professional_services %} can help you navigate your requirements and ensure your company needs custom queries.

#### 5. {% data variables.product.prodname_codeql %} scans the whole codebase, not just the changes made in a pull request
### 5. {% data variables.product.prodname_codeql %} scans the whole codebase, not just the changes made in a pull request

When code scanning is run from a pull request, the scan will include the full codebase and not just the changes made in the pull request. Scanning the entire codebase is an important step to ensure the change has been reviewed against all interactions in the codebase.

Expand Down
6 changes: 3 additions & 3 deletions ...ng-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ This article is part of a series on adopting {% data variables.product.prodname_

{% endnote %}

### Enabling code scanning
## Enabling code scanning

Using the data you collated in [Phase 2](/code-security/adopting-github-advanced-security-at-scale/phase-2-preparing-to-enable-at-scale), you can begin to enable GHAS and then {% data variables.product.prodname_code_scanning %} on your repositories, one language at a time. The step-by-step process for enabling GHAS should look like this:

Expand All @@ -33,11 +33,11 @@ There is a publicly available tool that completes the first two steps called the

{% endnote %}

It is important to not just push the `codeql-analysis.yml` file the repository's default branch. Using a pull request puts ownership on the development team to review and merge, allowing the development team to learn about {% data variables.product.prodname_code_scanning %} and involving the team in the process.
It is important to not just push the `codeql-analysis.yml` file the repository's default branch. Using a pull request puts ownership on the development team to review and merge, allowing the development team to learn about {% data variables.product.prodname_code_scanning %} and involving the team in the process.

You should capture the pull request URLs created by automation, and check each week for any activity and see which ones are closed. After a few weeks, it may be worth creating another issue or sending internal emails if the pull request remains unmerged.

### Creating subject matter experts
## Creating subject matter experts

You can then proceed to the next stage of enablement, which is creating internal subject matter experts (or SMEs) and arranging company meetings. Opening pull requests and issues in repositories will likely tackle a large percentage of your adoption, but this doesn’t tackle one-off use cases where a specific build process, framework, or library needs specific feature flags to be enabled. A more personalized and hands-on approach is required to push high adoption, especially for Java, C, and C++.

Expand Down
34 changes: 17 additions & 17 deletions ...-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,9 @@ This article is part of a series on adopting {% data variables.product.prodname_

You can enable secret scanning for individual repositories or for all repositories in an organization. For more information, see "[Managing security and analysis settings for your repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)" or "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)."

This article explains a high-level process focusing on enabling {% data variables.product.prodname_secret_scanning %} for all repositories in an organization. The principles described in this article can still be applied even if you take a more staggered approach of enabling {% data variables.product.prodname_secret_scanning %} for individual repositories.
This article explains a high-level process focusing on enabling {% data variables.product.prodname_secret_scanning %} for all repositories in an organization. The principles described in this article can still be applied even if you take a more staggered approach of enabling {% data variables.product.prodname_secret_scanning %} for individual repositories.

### 1. Focus on newly committed secrets
## 1. Focus on newly committed secrets

When you enable {% data variables.product.prodname_secret_scanning %}, you should focus on remediating any newly committed credentials detected by secret scanning. If you focus on cleaning up committed credentials, developers could continue to accidentally push new credentials, which means your total secret count will stay around the same level, not decrease as intended. This is why it is essential to stop new credentials being leaked before focusing on revoking any current secrets.

Expand All @@ -31,10 +31,10 @@ There are a few approaches for tackling newly committed credentials, but one exa
2. **Follow Up**: Create a high-level remediation process that works for all secret types. For example, you could contact the developer who committed the secret and their technical lead on that project, highlighting the dangers of committing secrets to GitHub, and asking the them to revoke, and update the detected secret.

{% note %}

**Note:** You can automate this step. For large enterprises and organizations with hundreds of repositories, manually following up is unsustainable. You could incorporate automation into the webhook process defined in the first step. The webhook payload contains repository and organization information about the leaked secret. Using this information, you can contact the current maintainers on the repository and create an email/message to the responsible people or open an issue.
{% endnote %}

{% endnote %}
3. **Educate**: Create an internal training document assigned to the developer who committed the secret. Within this training document, you can explain the risks created by committing secrets and direct them to your best practice information about using secrets securely in development. If the a developer doesn't learn from the experience and continues to commit secrets, you could create an escalation process, but education usually works well.

Repeat the last two steps for any new secrets leaked. This process encourages developers to take responsibility for managing the secrets used in their code securely, and allows you to measure the reduction in newly committed secrets.
Expand All @@ -45,7 +45,7 @@ Repeat the last two steps for any new secrets leaked. This process encourages de

{% endnote %}

### 2. Remediate previously committed secrets, starting with the most critical
## 2. Remediate previously committed secrets, starting with the most critical

After you have established a process to monitor, notify and remediate newly published secrets, you can start work on secrets committed before {% data variables.product.prodname_GH_advanced_security %} was introduced.

Expand All @@ -54,38 +54,38 @@ How you define your most critical secrets will depend on your organization's pro
Once you have decided on the secret types, you can do the following:

1. Define a process for remediating each type of secret. The actual procedure for each secret type is often drastically different. Write down the process for each type of secret in a document or internal knowledge base.

{% note %}

**Note:** When you create the process for revoking secrets, try and give the responsibility for revoking secrets to the team maintaining the repository instead of a central team. One of the principles of GHAS is developers taking ownership of security and having the responsibility of fixing security issues, especially if they have created them.

{% endnote %}

2. When you have created the process that teams will follow for revoking credentials, you can collate information about the types of secrets and other metadata associated with the leaked secrets so you can discern who to communicate the new process to.

{% ifversion not ghae %}

You can use the security overview to collect this information. For more information about using the security overview, see "[Filtering alerts in the security overview](/code-security/security-overview/filtering-alerts-in-the-security-overview)."

{% endif %}

Some information you may want to collect includes:

- Organization
- Repository
- Secret type
- Secret value
- Maintainers on repository to contact

{% note %}

**Note:** Use the UI if you have few secrets leaked of that type. If you have hundreds of leaked secrets, use the API to collect information. For more information, see "[Secret scanning REST API](/rest/reference/secret-scanning)."

{% endnote %}

3. After you collect information about leaked secrets, create a targeted communication plan for the users who maintain the repositories affected by each secret type. You could use email, messaging, or even create GitHub issues in the affected repositories. If you can use APIs provided by these tools to send out the communications in an automated manner, this will make it easier for you to scale across multiple secret types.

### 3. Expand the program to include more secret types and custom patterns
## 3. Expand the program to include more secret types and custom patterns

You can now expand beyond the five most critical secret types into a more comprehensive list, with an additional focus on education. You can repeat the previous step, remediating previously committed secrets, for the different secret types you have targeted.

Expand Down
2 changes: 0 additions & 2 deletions ...-with-your-existing-ci-system/migrating-from-the-codeql-runner-to-codeql-cli.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,6 @@ topics:
- CodeQL
---

# Migrating from the {% data variables.code-scanning.codeql_runner %} to the {% data variables.product.prodname_codeql_cli %}

The {% data variables.code-scanning.codeql_runner %} is being deprecated. You can use the {% data variables.product.prodname_codeql_cli %} version 2.6.2 and greater instead.
This document describes how to migrate common workflows from the {% data variables.code-scanning.codeql_runner %} to the {% data variables.product.prodname_codeql_cli %}.

Expand Down
6 changes: 3 additions & 3 deletions ...erview-of-github-copilot/enabling-and-setting-up-github-copilot-for-business.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ shortTitle: Enabling GitHub Copilot for Business

{% data reusables.copilot.enabling-github-copilot-for-business %}

### Enabling {% data variables.product.prodname_copilot_for_business %} for your enterprise
## Enabling {% data variables.product.prodname_copilot_for_business %} for your enterprise

{% note %}

Expand All @@ -26,11 +26,11 @@ Your enterprise owner can enable {% data variables.product.prodname_copilot_for_

{% data variables.product.prodname_copilot %} includes a filter which detects code suggestions matching public code on {% data variables.product.prodname_dotcom %}. Your enterprise owner can choose whether to enable or disable the filter at the enterprise-level, or allow organization administrators to decide at the organization-level. For more information, see "[Enforcing a policy to manage the use of {% data variables.product.prodname_copilot %} suggestions that match public code in your enterprise](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-copilot-in-your-enterprise#enforcing-a-policy-to-manage-the-use-of-github-copilot-suggestions-that-match-public-code-in-your-enterprise)."

### Configuring {% data variables.product.prodname_copilot %} settings in your organization
## Configuring {% data variables.product.prodname_copilot %} settings in your organization

Once an enterprise owner has enabled {% data variables.product.prodname_copilot_for_business %} for an organization, organization administrators and members with admin permissions can configure {% data variables.product.prodname_copilot %} access for their organization. Depending on the policy settings configured at the enterprise-level, an organization administrator may also be able to determine whether to allow or block {% data variables.product.prodname_copilot %} suggestions that match public code. For more information, see "[Configuring {% data variables.product.prodname_copilot %} settings in your organization](/copilot/configuring-github-copilot/configuring-github-copilot-settings-in-your-organization)."

### Assigning {% data variables.product.prodname_copilot %} seats
## Assigning {% data variables.product.prodname_copilot %} seats

To give people or teams within your organization access to {% data variables.product.prodname_copilot %}, you need to assign them a {% data variables.product.prodname_copilot %} seat. Once a {% data variables.product.prodname_ghe_cloud %} admin enables a {% data variables.product.prodname_copilot_business_short %} subscription in your organization, you can assign {% data variables.product.prodname_copilot %} seats to individuals and teams in your organization. To enable access for all current and future users in your organization, or specific users in your organization, follow the steps in "[Configuring access to {% data variables.product.prodname_copilot %} in your organization](/copilot/configuring-github-copilot/configuring-github-copilot-settings-in-your-organization#configuring-access-to-github-copilot-in-your-organization)."

Expand Down
4 changes: 2 additions & 2 deletions content/get-started/quickstart/github-glossary.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,9 @@ versions:
ghec: '*'
---
{% for glossary in glossaries %}
### {{ glossary.term }}
## {{ glossary.term }}
{{ glossary.description }}
---

{% endfor %}

---
Expand Down
Loading

0 comments on commit 42a172b

Please sign in to comment.