Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix bullet list formatting #35359

Merged
merged 3 commits into from
Nov 22, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ When creating a query suite, you first need to specify the locations of the
queries that you want to select. You can define the location of one or more
queries using:

* A `query` instruction—tells {% data variables.product.prodname_codeql %} to look for one or more specified `.ql`
* A `query` instruction: Tells {% data variables.product.prodname_codeql %} to look for one or more specified `.ql`
files:

```yaml
Expand All @@ -48,7 +48,7 @@ files:
The argument must be one or more file paths, relative to the {% data variables.product.prodname_codeql %} pack containing
the suite definition.

* A `queries` instruction—tells {% data variables.product.prodname_codeql %} to recursively scan a directory
* A `queries` instruction: Tells {% data variables.product.prodname_codeql %} to recursively scan a directory
for `.ql` files:

```yaml
Expand All @@ -68,7 +68,7 @@ for `.ql` files:
The `version` field is optional and specifies a range of compatible versions of this {% data variables.product.prodname_codeql %} pack.
If you don’t specify a version, then the most recent version of the pack is used.

* A `qlpack` instruction—tells {% data variables.product.prodname_codeql %} to resolve queries in the default suite of the
* A `qlpack` instruction: Tells {% data variables.product.prodname_codeql %} to resolve queries in the default suite of the
named {% data variables.product.prodname_codeql %} pack:

```yaml
Expand Down Expand Up @@ -136,12 +136,12 @@ For more information about query metadata properties, see

In addition to metadata tags, the keys in the constraint block can also be:

* `query filename`—matches on the last path component of the query file name.
* `query path`—matches on the path to the query file relative to its
* `query filename`: Matches on the last path component of the query file name.
* `query path`: Matches on the path to the query file relative to its
enclosing {% data variables.product.prodname_codeql %} pack.
* `tags contain`—one of the given match strings must match
* `tags contain`: One of the given match strings must match
one of the space-separated components of the value of the `@tags` metadata property.
* `tags contain all`—each of the given match strings must match one of the
* `tags contain all`: Each of the given match strings must match one of the
components of the `@tags` metadata property.

### Examples of filtering which queries are run
Expand Down Expand Up @@ -245,7 +245,7 @@ use:

Existing query suite definitions can be reused by specifying:

* An `import` instruction—adds the queries selected by a
* An `import` instruction: Adds the queries selected by a
previously defined `.qls` file to the current suite:

```yaml
Expand All @@ -268,7 +268,7 @@ previously defined `.qls` file to the current suite:
Queries added using an `import` instruction can be filtered using subsequent
`exclude` instructions.

* An `apply` instruction—adds all of the instructions from a
* An `apply` instruction: Adds all of the instructions from a
previously defined `.qls` file to the current suite. The instructions in the
applied `.qls` file are executed as if they appear in place of `apply`.
Any `include` and `exclude` instructions from the applied suite also act on
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -278,11 +278,11 @@ updates:

Use the `allow` option to customize which dependencies are updated. This applies to both version and security updates. You can use the following options:

* `dependency-name`—use to allow updates for dependencies with matching names, optionally using `*` to match zero or more characters.
* `dependency-name`: Use to allow updates for dependencies with matching names, optionally using `*` to match zero or more characters.
* For Java dependencies, the format of the `dependency-name` attribute is: `groupId:artifactId`; for example: `org.kohsuke:github-api`.
* For Docker image tags, the format is the full name of the repository; for example, for an image tag of `<account ID>.dkr.ecr.us-west-2.amazonaws.com/base/foo/bar/ruby:3.1.0-focal-jemalloc`, use `base/foo/bar/ruby`.

* `dependency-type`—use to allow updates for dependencies of specific types.
* `dependency-type`: Use to allow updates for dependencies of specific types.

| Dependency types | Supported by package managers | Allow updates |
|------------------|-------------------------------|--------|
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@

When {% data variables.product.prodname_dependabot %} is blocked from creating a pull request to fix a {% data variables.product.prodname_dependabot %} alert, it posts the error message on the alert. The {% data variables.product.prodname_dependabot_alerts %} view shows a list of any alerts that have not been resolved yet. To access the alerts view, click **{% data variables.product.prodname_dependabot_alerts %}** on the **Security** tab for the repository. Where a pull request that will fix the vulnerable dependency has been generated, the alert includes a link to that pull request.

![Screenshot of the {% data variables.product.prodname_dependabot_alerts %} view, showing two alerts. To the right side of one alert, a link to a pull request, titled "#353", is highlighted with an orange outline.](/assets/images/help/dependabot/dependabot-alert-pr-link.png)

Check warning on line 45 in content/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors.md

View workflow job for this annotation

GitHub Actions / lint-content

Images alternate text should be between 40-150 characters

Image alternate text is 173 characters long.

There are several reasons why an alert may have no pull request link:

Expand Down Expand Up @@ -256,8 +256,8 @@

If you unblock {% data variables.product.prodname_dependabot %}, you can manually trigger a fresh attempt to create a pull request.

* **Security updates**—display the {% data variables.product.prodname_dependabot %} alert that shows the error you have fixed and click **Create {% data variables.product.prodname_dependabot %} security update**.
* **Version updates**—on the **Insights** tab for the repository click **Dependency graph**, and then click the **Dependabot** tab. Click **Last checked _TIME_ ago** to see the log file that {% data variables.product.prodname_dependabot %} generated during the last check for version updates. Click **Check for updates**.
* **Security updates**: Display the {% data variables.product.prodname_dependabot %} alert that shows the error you have fixed and click **Create {% data variables.product.prodname_dependabot %} security update**.
* **Version updates**: On the **Insights** tab for the repository click **Dependency graph**, and then click the **Dependabot** tab. Click **Last checked _TIME_ ago** to see the log file that {% data variables.product.prodname_dependabot %} generated during the last check for version updates. Click **Check for updates**.

## Further reading

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -72,8 +72,8 @@ No matter how well you tighten your organization to prevent data leaks, some may
{% ifversion fpt or ghec %}
There are two forms of {% data variables.product.prodname_secret_scanning %} available: **{% data variables.secret-scanning.partner_alerts_caps %}** and **{% data variables.secret-scanning.user_alerts_caps %}**.

* {% data variables.secret-scanning.partner_alerts_caps %}These are enabled by default and automatically run on all public repositories and public npm packages.
* {% data variables.secret-scanning.user_alerts_caps %}To get additional scanning capabilities for your organization, you need to enable {% data variables.secret-scanning.user_alerts %}.
* {% data variables.secret-scanning.partner_alerts_caps %}: These are enabled by default and automatically run on all public repositories and public npm packages.
* {% data variables.secret-scanning.user_alerts_caps %}: To get additional scanning capabilities for your organization, you need to enable {% data variables.secret-scanning.user_alerts %}.

When enabled, {% data variables.secret-scanning.user_alerts %} can be detected on the following types of repository:{% ifversion fpt %}
* Public repositories owned by personal accounts on {% data variables.product.prodname_dotcom_the_website %}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -76,11 +76,11 @@

1. Optionally, you can also explore the information on the right-side of the page. Some of the information shown in the screenshot may not apply to every alert.
* Severity
* CVSS metrics—we use CVSS levels to assign severity levels. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-cvss-levels)."
* CVSS metrics: We use CVSS levels to assign severity levels. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-cvss-levels)."
* Tags
* Weaknesses—list of CWEs related to the vulnerability, if applicable
* CVE ID—unique CVE identifier for the vulnerability, if applicable
* GHSA ID—unique identifier of the corresponding advisory on the {% data variables.product.prodname_advisory_database %}. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-ghsa-ids)."
* Weaknesses: List of CWEs related to the vulnerability, if applicable
* CVE ID: Unique CVE identifier for the vulnerability, if applicable
* GHSA ID: Unique identifier of the corresponding advisory on the {% data variables.product.prodname_advisory_database %}. For more information, see "[AUTOTITLE](/code-security/security-advisories/working-with-global-security-advisories-from-the-github-advisory-database/about-the-github-advisory-database#about-ghsa-ids)."
* Option to navigate to the advisory on the {% data variables.product.prodname_advisory_database %}
* Option to see all of your repositories that are affected by this vulnerability
* Option to suggest improvements for this advisory on the {% data variables.product.prodname_advisory_database %}
Expand Down Expand Up @@ -108,7 +108,7 @@
* Go back to the alert details page.
* On the top-right corner, click **Dismiss alert**.

![Screenshot of the alert details page with the **Dismiss alert** button, dropdown menu options, and dismissal comment box highlighted with a dark orange outline.](/assets/images/help/repository/dismiss-alert-demo-repo.png)

Check warning on line 111 in content/code-security/getting-started/dependabot-quickstart-guide.md

View workflow job for this annotation

GitHub Actions / lint-content

Images alternate text should be between 40-150 characters

Image alternate text is 160 characters long.

* Select a reason for dismissing the alert.
* Optionally, add a dismissal comment. The dismissal comment will be added to the alert timeline and can be used as justification during auditing and reporting.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -68,27 +68,27 @@ Below is a typical workflow that explains how {% data variables.product.prodname

## About the benefits of {% data variables.product.prodname_secret_scanning %}

* **Enhanced security**{% data variables.product.prodname_secret_scanning_caps %} scans your repositories for sensitive information like API keys, passwords, tokens, and other secrets. By detecting these early, you can mitigate potential security risks before they are exploited by malicious actors.
* **Enhanced security**: {% data variables.product.prodname_secret_scanning_caps %} scans your repositories for sensitive information like API keys, passwords, tokens, and other secrets. By detecting these early, you can mitigate potential security risks before they are exploited by malicious actors.

* **Automated detection**The feature automatically scans your codebase, including commits, issues, and pull requests, ensuring continuous protection without requiring manual intervention. This automation helps in maintaining security even as your repository evolves.
* **Automated detection**: The feature automatically scans your codebase, including commits, issues, and pull requests, ensuring continuous protection without requiring manual intervention. This automation helps in maintaining security even as your repository evolves.

* **Real-time alerts**When a secret is detected, {% data variables.product.prodname_secret_scanning %} provides real-time alerts to repository administrators and contributors. This immediate feedback allows for swift remediation actions.
* **Real-time alerts**: When a secret is detected, {% data variables.product.prodname_secret_scanning %} provides real-time alerts to repository administrators and contributors. This immediate feedback allows for swift remediation actions.

{% ifversion fpt or ghec %}

* **Integration with service providers**{% data variables.product.prodname_dotcom %} partners with various service providers to validate detected secrets. When a secret is identified, {% data variables.product.prodname_dotcom %} notifies the corresponding service provider to take appropriate actions, such as revoking the exposed credential. For more information, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program)."
* **Integration with service providers**: {% data variables.product.prodname_dotcom %} partners with various service providers to validate detected secrets. When a secret is identified, {% data variables.product.prodname_dotcom %} notifies the corresponding service provider to take appropriate actions, such as revoking the exposed credential. For more information, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program)."

{% endif %}

{% ifversion ghec or ghes %}

* **Custom pattern support**Organizations can define custom patterns to detect proprietary or unique types of secrets that may not be covered by default patterns. This flexibility allows for tailored security measures specific to your environment.
* **Custom pattern support**: Organizations can define custom patterns to detect proprietary or unique types of secrets that may not be covered by default patterns. This flexibility allows for tailored security measures specific to your environment.

{% endif %}

{% ifversion secret-scanning-non-provider-patterns %}

* **Ability to detect non-provider patterns**You can expand the detection to include non-provider patterns such as connection strings, authentication headers, and private keys, for your repository or organization.
* **Ability to detect non-provider patterns**: You can expand the detection to include non-provider patterns such as connection strings, authentication headers, and private keys, for your repository or organization.

{% endif %}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,19 +33,19 @@ If you believe that {% data variables.product.prodname_secret_scanning %} should

This table lists the secrets supported by {% data variables.product.prodname_secret_scanning %}. You can see the types of alert that get generated for each token, as well as whether a validity check is performed on the token.

* **Provider**—name of the token provider.{% ifversion fpt or ghec %}
* **Partner**—token for which leaks are reported to the relevant token partner. Applies to public repositories only.
* **User**—token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}.{% ifversion secret-scanning-non-provider-patterns %}
* **Provider**: Name of the token provider.{% ifversion fpt or ghec %}
* **Partner**: Token for which leaks are reported to the relevant token partner. Applies to public repositories only.
* **User**: Token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}.{% ifversion secret-scanning-non-provider-patterns %}
* Applies to public repositories, and to private repositories where {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_secret_scanning %} are enabled.
* Includes {% ifversion secret-scanning-alert-experimental-list %}default{% else %}high confidence{% endif %} tokens, which relate to supported patterns and specified custom patterns, as well as non-provider tokens such as private keys, which usually have a higher ratio of false positives.
* For {% data variables.product.prodname_secret_scanning %} to scan for non-provider patterns, the detection of non-provider patterns must be enabled for the repository or the organization. For more information, see "[AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository)."
{% data reusables.secret-scanning.non-provider-patterns-beta %}{% endif %}{% endif %}{% ifversion ghes %}
* **{% data variables.product.prodname_secret_scanning_caps %} alert**—token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}.{% ifversion secret-scanning-non-provider-patterns %}
* **{% data variables.product.prodname_secret_scanning_caps %} alert**: Token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}.{% ifversion secret-scanning-non-provider-patterns %}
* Applies to private repositories where {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_secret_scanning %} are enabled.
* Includes {% ifversion secret-scanning-alert-experimental-list %}default{% else %}high confidence{% endif %} tokens, which relate to supported patterns and specified custom patterns, as well as non-provider tokens such as private keys, which often result in false positives.{% else %} Applies to private repositories where {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_secret_scanning %} enabled.{% endif %}{% endif %}
* **Push protection**—token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}. Applies to repositories with {% data variables.product.prodname_secret_scanning %} and push protection enabled.
* **Push protection**: Token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}. Applies to repositories with {% data variables.product.prodname_secret_scanning %} and push protection enabled.

* **Validity check**—token for which a validity check is implemented. {% ifversion secret-scanning-validity-check-partner-patterns %}For partner tokens, {% data variables.product.prodname_dotcom %} sends the token to the relevant partner. Note that not all partners are based in the United States. For more information, see "[{% data variables.product.prodname_advanced_security %}](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security)" in the Site Policy documentation.{% else %} {% ifversion ghes %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens.{% endif %} {% ifversion fpt %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens, and not shown in the table. For more information about validity check support see "[AUTOTITLE](/enterprise-cloud@latest/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}{% endif %}
* **Validity check**: Token for which a validity check is implemented. {% ifversion secret-scanning-validity-check-partner-patterns %}For partner tokens, {% data variables.product.prodname_dotcom %} sends the token to the relevant partner. Note that not all partners are based in the United States. For more information, see "[{% data variables.product.prodname_advanced_security %}](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security)" in the Site Policy documentation.{% else %} {% ifversion ghes %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens.{% endif %} {% ifversion fpt %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens, and not shown in the table. For more information about validity check support see "[AUTOTITLE](/enterprise-cloud@latest/code-security/secret-scanning/secret-scanning-patterns#supported-secrets)" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}{% endif %}

{% ifversion secret-scanning-non-provider-patterns %}

Expand Down
Loading
Loading