Repo sync

content/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts.md

@@ -22,8 +22,9 @@
 There are some additional features that can help you to evaluate alerts in order to better prioritize and manage them. You can:
 
 * Check the validity of a secret, to see if the secret is still active. {% ifversion fpt or ghes %}**Applies to {% data variables.product.company_short %} tokens only**.{% endif %} For more information, see "[Checking a secret's validity](#checking-a-secrets-validity)."{% ifversion secret-scanning-validity-check-partner-patterns %}
 * Perform an "on-demand" validity check, to get the most up to date validation status. For more information, see "[Performing an on-demand-validity-check](#performing-an-on-demand-validity-check)."{% endif %}{% ifversion secret-scanning-github-token-metadata %}
-* Review a token's metadata. **Applies to {% data variables.product.company_short %} tokens only**. For example, to see when the token was last used. For more information, see "[Reviewing {% data variables.product.company_short %} token metadata](#reviewing-github-token-metadata)."{% endif %}
+* Review a token's metadata. **Applies to {% data variables.product.company_short %} tokens only**. For example, to see when the token was last used. For more information, see "[Reviewing {% data variables.product.company_short %} token metadata](#reviewing-github-token-metadata)."{% endif %}{% ifversion secret-scanning-multi-repo-public-leak %}
+* Review the labels assigned to the alert. For more information, see "[Reviewing alert labels](#reviewing-alert-labels)."{% endif %}
 
 ## Checking a secret's validity
 
@@ -67,7 +68,7 @@
 
 {% endif %}
 
 {% ifversion secret-scanning-github-token-metadata %}
 
 ## Reviewing {% data variables.product.company_short %} token metadata
 
@@ -95,6 +96,21 @@
 
 {% endif %}
 
+{% ifversion secret-scanning-multi-repo-public-leak %}
+
+## Reviewing alert labels
+
+In the alert view, you can review any labels assigned to the alert. The labels provide additional details about the alert, which can inform the approach you take for remediation.
+
+{% data variables.product.prodname_secret_scanning_caps %} alerts can have the following labels assigned to them:
+
+|Label|Description|
+|-------------------------|--------------------------------------------------------------------------------|
+|`public leak`| The secret detected in your repository has also been found as publicly leaked by at least one of {% data variables.product.github %}'s scans of code, discussions, gists, issues, pull requests, and wikis. This may require you to address the alert with greater urgency, or remediate the alert differently compared to a privately exposed token.|
+|`multi-repo`| The secret detected in your repository has been found across multiple repositories in your organization{% ifversion ghec or ghes %} or enterprise{% endif %}. This information may help you more easily dedupe the alert across your organization{% ifversion ghec or ghes %} or enterprise{% endif %}. |
+
+{% endif %}
+
 ## Next steps
 
 * "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts)"

data/features/secret-scanning-multi-repo-public-leak.yml

@@ -0,0 +1,6 @@
+# Reference: #15387
+# Secret scanning: multi-repo and public leak indicators added to alerts
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>=3.16'

src/audit-logs/data/fpt/organization.json

@@ -1004,6 +1004,16 @@
     "description": "Autofix for code scanning alerts was enabled for an organization.",
     "docs_reference_links": "N/A"
   },
+  {
+    "action": "org.code_scanning_autofix_third_party_tools_disabled",
+    "description": "Autofix for third party tools for code scanning alerts was disabled for an organization.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "org.code_scanning_autofix_third_party_tools_enabled",
+    "description": "Autofix for third party tools for code scanning alerts was enabled for an organization.",
+    "docs_reference_links": "N/A"
+  },
   {
     "action": "org.codeql_disabled",
     "description": "Code scanning using the default setup was disabled for an organization.",
@@ -2324,6 +2334,16 @@
     "description": "Autofix for code scanning alerts was enabled for a repository.",
     "docs_reference_links": "N/A"
   },
+  {
+    "action": "repo.code_scanning_autofix_third_party_tools_disabled",
+    "description": "Autofix for third party tools for code scanning alerts was disabled for a repository.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "repo.code_scanning_autofix_third_party_tools_enabled",
+    "description": "Autofix for third party tools for code scanning alerts was enabled for a repository.",
+    "docs_reference_links": "N/A"
+  },
   {
     "action": "repo.code_scanning_configuration_for_branch_deleted",
     "description": "A code scanning configuration for a branch of a repository was deleted.",

src/audit-logs/data/ghec/enterprise.json

@@ -1804,6 +1804,16 @@
     "description": "Autofix for code scanning alerts was enabled for an organization.",
     "docs_reference_links": "N/A"
   },
+  {
+    "action": "org.code_scanning_autofix_third_party_tools_disabled",
+    "description": "Autofix for third party tools for code scanning alerts was disabled for an organization.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "org.code_scanning_autofix_third_party_tools_enabled",
+    "description": "Autofix for third party tools for code scanning alerts was enabled for an organization.",
+    "docs_reference_links": "N/A"
+  },
   {
     "action": "org.codeql_disabled",
     "description": "Code scanning using the default setup was disabled for an organization.",
@@ -3059,6 +3069,16 @@
     "description": "Autofix for code scanning alerts was enabled for a repository.",
     "docs_reference_links": "N/A"
   },
+  {
+    "action": "repo.code_scanning_autofix_third_party_tools_disabled",
+    "description": "Autofix for third party tools for code scanning alerts was disabled for a repository.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "repo.code_scanning_autofix_third_party_tools_enabled",
+    "description": "Autofix for third party tools for code scanning alerts was enabled for a repository.",
+    "docs_reference_links": "N/A"
+  },
   {
     "action": "repo.code_scanning_configuration_for_branch_deleted",
     "description": "A code scanning configuration for a branch of a repository was deleted.",

src/audit-logs/data/ghec/organization.json

@@ -1004,6 +1004,16 @@
     "description": "Autofix for code scanning alerts was enabled for an organization.",
     "docs_reference_links": "N/A"
   },
+  {
+    "action": "org.code_scanning_autofix_third_party_tools_disabled",
+    "description": "Autofix for third party tools for code scanning alerts was disabled for an organization.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "org.code_scanning_autofix_third_party_tools_enabled",
+    "description": "Autofix for third party tools for code scanning alerts was enabled for an organization.",
+    "docs_reference_links": "N/A"
+  },
   {
     "action": "org.codeql_disabled",
     "description": "Code scanning using the default setup was disabled for an organization.",
@@ -2324,6 +2334,16 @@
     "description": "Autofix for code scanning alerts was enabled for a repository.",
     "docs_reference_links": "N/A"
   },
+  {
+    "action": "repo.code_scanning_autofix_third_party_tools_disabled",
+    "description": "Autofix for third party tools for code scanning alerts was disabled for a repository.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "repo.code_scanning_autofix_third_party_tools_enabled",
+    "description": "Autofix for third party tools for code scanning alerts was enabled for a repository.",
+    "docs_reference_links": "N/A"
+  },
   {
     "action": "repo.code_scanning_configuration_for_branch_deleted",
     "description": "A code scanning configuration for a branch of a repository was deleted.",

src/audit-logs/data/ghes-3.11/enterprise.json

@@ -704,6 +704,21 @@
     "description": "A GitHub Actions deployment protection rule was updated via the API.",
     "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules"
   },
+  {
+    "action": "gist.create",
+    "description": "A gist was created.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "gist.destroy",
+    "description": "A gist was deleted.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "gist.visibility_change",
+    "description": "The visibility of a gist was updated.",
+    "docs_reference_links": "N/A"
+  },
   {
     "action": "git.clone",
     "description": "A repository was cloned.",

src/audit-logs/data/ghes-3.11/user.json

@@ -314,6 +314,21 @@
     "description": "A GitHub Actions deployment protection rule was updated via the API.",
     "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules"
   },
+  {
+    "action": "gist.create",
+    "description": "A gist was created.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "gist.destroy",
+    "description": "A gist was deleted.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "gist.visibility_change",
+    "description": "The visibility of a gist was updated.",
+    "docs_reference_links": "N/A"
+  },
   {
     "action": "git_signing_ssh_public_key.create",
     "description": "An SSH key was added to a user account as a Git commit signing key.",

src/audit-logs/data/ghes-3.12/enterprise.json

@@ -734,6 +734,21 @@
     "description": "A GitHub Actions deployment protection rule was updated via the API.",
     "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules"
   },
+  {
+    "action": "gist.create",
+    "description": "A gist was created.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "gist.destroy",
+    "description": "A gist was deleted.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "gist.visibility_change",
+    "description": "The visibility of a gist was updated.",
+    "docs_reference_links": "N/A"
+  },
   {
     "action": "git.clone",
     "description": "A repository was cloned.",

src/audit-logs/data/ghes-3.12/user.json

@@ -314,6 +314,21 @@
     "description": "A GitHub Actions deployment protection rule was updated via the API.",
     "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules"
   },
+  {
+    "action": "gist.create",
+    "description": "A gist was created.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "gist.destroy",
+    "description": "A gist was deleted.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "gist.visibility_change",
+    "description": "The visibility of a gist was updated.",
+    "docs_reference_links": "N/A"
+  },
   {
     "action": "git_signing_ssh_public_key.create",
     "description": "An SSH key was added to a user account as a Git commit signing key.",

src/audit-logs/data/ghes-3.13/enterprise.json

@@ -759,6 +759,21 @@
     "description": "A GitHub Actions deployment protection rule was updated via the API.",
     "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules"
   },
+  {
+    "action": "gist.create",
+    "description": "A gist was created.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "gist.destroy",
+    "description": "A gist was deleted.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "gist.visibility_change",
+    "description": "The visibility of a gist was updated.",
+    "docs_reference_links": "N/A"
+  },
   {
     "action": "git.clone",
     "description": "A repository was cloned.",

src/audit-logs/data/ghes-3.13/user.json

@@ -319,6 +319,21 @@
     "description": "A GitHub Actions deployment protection rule was updated via the API.",
     "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules"
   },
+  {
+    "action": "gist.create",
+    "description": "A gist was created.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "gist.destroy",
+    "description": "A gist was deleted.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "gist.visibility_change",
+    "description": "The visibility of a gist was updated.",
+    "docs_reference_links": "N/A"
+  },
   {
     "action": "git_signing_ssh_public_key.create",
     "description": "An SSH key was added to a user account as a Git commit signing key.",

src/audit-logs/data/ghes-3.14/enterprise.json

@@ -904,6 +904,21 @@
     "description": "An external identity was updated.",
     "docs_reference_links": "N/A"
   },
+  {
+    "action": "gist.create",
+    "description": "A gist was created.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "gist.destroy",
+    "description": "A gist was deleted.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "gist.visibility_change",
+    "description": "The visibility of a gist was updated.",
+    "docs_reference_links": "N/A"
+  },
   {
     "action": "git.clone",
     "description": "A repository was cloned.",

src/audit-logs/data/ghes-3.14/user.json

@@ -319,6 +319,21 @@
     "description": "A GitHub Actions deployment protection rule was updated via the API.",
     "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules"
   },
+  {
+    "action": "gist.create",
+    "description": "A gist was created.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "gist.destroy",
+    "description": "A gist was deleted.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "gist.visibility_change",
+    "description": "The visibility of a gist was updated.",
+    "docs_reference_links": "N/A"
+  },
   {
     "action": "git_signing_ssh_public_key.create",
     "description": "An SSH key was added to a user account as a Git commit signing key.",

src/audit-logs/data/ghes-3.15/enterprise.json

@@ -904,6 +904,21 @@
     "description": "An external identity was updated.",
     "docs_reference_links": "N/A"
   },
+  {
+    "action": "gist.create",
+    "description": "A gist was created.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "gist.destroy",
+    "description": "A gist was deleted.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "gist.visibility_change",
+    "description": "The visibility of a gist was updated.",
+    "docs_reference_links": "N/A"
+  },
   {
     "action": "git.clone",
     "description": "A repository was cloned.",

src/audit-logs/data/ghes-3.15/user.json

@@ -319,6 +319,21 @@
     "description": "A GitHub Actions deployment protection rule was updated via the API.",
     "docs_reference_links": "/actions/deployment/targeting-different-environments/using-environments-for-deployment#deployment-protection-rules"
   },
+  {
+    "action": "gist.create",
+    "description": "A gist was created.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "gist.destroy",
+    "description": "A gist was deleted.",
+    "docs_reference_links": "N/A"
+  },
+  {
+    "action": "gist.visibility_change",
+    "description": "The visibility of a gist was updated.",
+    "docs_reference_links": "N/A"
+  },
   {
     "action": "git_signing_ssh_public_key.create",
     "description": "An SSH key was added to a user account as a Git commit signing key.",

src/audit-logs/lib/config.json

@@ -3,5 +3,5 @@
     "apiOnlyEvents": "This event is not available in the web interface, only via the REST API, audit log streaming, or JSON/CSV exports.",
     "apiRequestEvent": "This event is only available via audit log streaming."
   },
-  "sha": "b31fcffae9cdc4ebb8e4a2542da3ccf3dcab5b07"
+  "sha": "218fadadb5342f3d6c49bf661619afe7e47f6b21"
 }