pull base content,head:MicrosoftDocs:main,into:wwlpublishsync

Author: wwlpublish

learn-pr/github/configure-use-secret-scanning-github-repository/1-introduction.yml

@@ -4,7 +4,7 @@ title: Introduction
 metadata:
   title: Introduction
   description: An introduction to the topics you'll learn about in this module.
-  ms.date: 04/30/2024
+  ms.date: 06/05/2025
   author: rmcmurray
   ms.author: robmcm
   ms.topic: unit

learn-pr/github/configure-use-secret-scanning-github-repository/2-what-is-secret-scanning.yml

@@ -4,7 +4,7 @@ title: What is secret scanning?
 metadata:
   title: What is secret scanning?
   description: Overview of how secret scanning works and who it available to
-  ms.date: 04/30/2024
+  ms.date: 06/05/2025
   author: rmcmurray
   ms.author: robmcm
   ms.topic: unit

learn-pr/github/configure-use-secret-scanning-github-repository/3-configure-secret-scanning.yml

@@ -4,7 +4,7 @@ title: Configure secret scanning
 metadata:
   title: Configure secret scanning
   description: Overview of how to enable and configure secret scanning
-  ms.date: 04/30/2024
+  ms.date: 06/05/2025
   author: rmcmurray
   ms.author: robmcm
   ms.topic: unit

learn-pr/github/configure-use-secret-scanning-github-repository/4-use-secret-scanning.yml

@@ -4,7 +4,7 @@ title: Use secret scanning
 metadata:
   title: Use secret scanning
   description: Overview of how to respond to an alert and create a custom pattern
-  ms.date: 04/30/2024
+  ms.date: 06/05/2025
   author: rmcmurray
   ms.author: robmcm
   ms.topic: unit

learn-pr/github/configure-use-secret-scanning-github-repository/5-exercise.yml

@@ -4,8 +4,8 @@ title: Exercise
 metadata:
   unitType: exercise
   title: Exercise - Exclude files from secret scanning
-  description: This exercise checks your knowledge on excluding files from being scanned by secret scanning. It's automatically graded via a workflow once you have completed the instructions.
-  ms.date: 04/30/2024
+  description: This exercise checks your knowledge on excluding files from secret scanning. It's automatically graded via a workflow once you have completed the instructions.
+  ms.date: 06/05/2025
   author: rmcmurray
   ms.author: robmcm
   ms.topic: unit

learn-pr/github/configure-use-secret-scanning-github-repository/6-knowledge-check.yml

@@ -5,7 +5,7 @@ metadata:
   unitType: knowledge_check
   title: Module assessment
   description: Knowledge check for configuring and using secret scanning in GitHub.
-  ms.date: 04/30/2024
+  ms.date: 06/05/2025
   author: rmcmurray
   ms.author: robmcm
   ms.topic: unit
@@ -28,9 +28,9 @@ quiz:
       explanation: "This answer is incorrect. Secret scanning is automatically enabled with default settings on public repositories. You can't change secret scanning settings on a public repository no matter what permissions you have on the repository."
   - content: "Where can you configure the recipients of secret scanning alerts?"
     choices:
-    - content: "In the Code security and analysis settings of a repository"
+    - content: "In the Advanced Security settings of a repository"
       isCorrect: true
-      explanation: "Correct! You can configure the recipients of secret scanning alerts in the Access to alerts section of repository Code security and analysis settings."
+      explanation: "Correct! You can configure the recipients of secret scanning alerts in the Access to alerts section of repository Advanced Security settings."
     - content: "In the Manage Access settings of a repository"
       isCorrect: false
       explanation: "This answer is incorrect. The Manage Access settings of a repository enable you to manage user permissions over the repository."

learn-pr/github/configure-use-secret-scanning-github-repository/7-summary.yml

@@ -4,7 +4,7 @@ title: Summary
 metadata:
   title: Summary
   description: A recap on what you learned about secret scanning in this module.
-  ms.date: 04/30/2024
+  ms.date: 06/05/2025
   author: rmcmurray
   ms.author: robmcm
   ms.topic: unit

learn-pr/github/configure-use-secret-scanning-github-repository/includes/1-introduction.md

@@ -2,7 +2,7 @@ GitHub's security features help keep code and secrets secure in repositories and
 
 Imagine that you're the administrator of a GitHub project involving several repositories that communicate with multiple external services. You'd like to make sure that no authentication credentials for these services get committed in the repositories of the project. Luckily, your company just purchased a GitHub Advanced Security license that includes secret scanning, a GitHub feature that does just that!
 
-To configure and use secret scanning for your project, you really need to understand what secret scanning is, how it works and the options available to you according to your use case.
+To configure and use secret scanning for your project, you really need to understand what secret scanning is, how it works, and the options available to you according to your use case.
 
 In this module, you'll learn about:
 

learn-pr/github/configure-use-secret-scanning-github-repository/includes/3-configure-secret-scanning.md

@@ -6,29 +6,20 @@ This unit walks you through the necessary steps to enable secret scanning at the
 
 Follow these steps to enable secret scanning and push protection on a private repository:
 
-1. In your repository, navigate to **Settings > Code security and analysis**.
-1. Select the **Enable** button next to **GitHub Advanced Security**
-1. Review the impact of enabling Advanced Security and select **Enable GitHub Advanced Security for this repository**.
-1. Select the **Enable** button next to **Secret scanning**. If you see a **Disable** button, it means that secret scanning was already enabled at organization level.
+1. In your repository, navigate to **Settings**.
+1. In the **Security** section, select **Advanced Security**.
+1. Select the **Enable** button next to **Secret Protection**
+1. Review the impact of enabling and select **Enable Secret Protection**.
+1. If you see a **Disable** button, it means that secret scanning was already enabled at organization level.
 1. Select the **Enable** button next to **Push protection**.
 
 :::image type="content" source="../media/enable-secret-scanning-repo-settings.png" alt-text="Screenshot of secret scanning enabled in repository settings.":::
 
 ## Enable secret scanning for an organization
 
-Enabling secret scanning at the organization level ensures that secret scanning is enabled by default on all private repositories where GitHub Advanced Security is enabled.
+Enabling secret scanning at the organization level ensures that secret scanning is enabled by default on all private repositories where GitHub Advanced Security is enabled. In order to configure, you'll need to set up [GitHub Advanced Security](https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security).
 
-Follow these steps to enable secret scanning and push protection for an organization:
-
-1. In your organization, navigate to **Settings > Code security and analysis**.
-2. Select the **Enable all** button next to **GitHub Advanced Security**.
-3. Review the impact of enabling Advanced Security on all repositories and select **Enable all**.
-4. Select the **Enable all** button next to **Secret scanning** and select **Enable for eligible repositories**.
-   - (Optional) Select **Automatically enable for new public repositories and repositories with GitHub Advanced Security enabled**.
-5. Select the **Enable all** button next to **Push protection** and select **Enable for eligible repositories**.
-   - (Optional) Select **Automatically enable for repositories added to secret scanning**.
-
-:::image type="content" source="../media/enable-secret-scanning-org-settings.png" alt-text="Screenshot of enabling secret scanning in organization settings.":::
+Once set up, you can configure [Global Secret Scanning settings](https://docs.github.com/en/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#configuring-global-secret-scanning-settings).
 
 ## Exclude files from being scanned
 
@@ -57,17 +48,17 @@ When a new secret is detected, GitHub notifies all users with access to security
 - Organization owners and enterprise owners, if they're administrators of repositories where secrets were leaked
 
 > [!NOTE]
-> Commit authors who've accidentally committed secrets will be notified, regardless of their notification preferences.
+> Commit authors who have accidentally committed secrets will be notified, regardless of their notification preferences.
 
 You'll receive an email notification if:
 
 - You're watching the repository.
 - You've enabled notifications for **All Activity** or for custom **Security alerts** on the repository.
-- In your notification settings, under "Subscriptions", then under "Watching", you have selected to receive notifications by email.
+- In your notification settings, under "Subscriptions," then under "Watching," you have selected to receive notifications by email.
 
 ## Configure recipients of secret scanning alerts
 
-Repository and organization administrators can give view access to security alerts to people or teams who have write access to the repository under **Settings > Code security and analysis > Access to alerts**:
+Repository and organization administrators can give view access to security alerts to people or teams who have write access to the repository under **Settings > Security > Advanced Security > Access to Alerts**:
 
 :::image type="content" source="../media/access-to-alerts.png" alt-text="Screenshot of Access to alerts section with Search for people or teams field highlighted.":::
 

learn-pr/github/configure-use-secret-scanning-github-repository/includes/4-use-secret-scanning.md

@@ -38,13 +38,13 @@ The following sections cover how to create custom patterns for organizations and
 
 Follow these steps to create a custom pattern for a private repository:
 
-1. In your repository, navigate to **Settings > Code security and analysis**.
-1. Under **Secret scanning > Custom patterns**, select **New pattern**.
+1. In your repository, navigate to **Settings > Advanced Security**.
+1. Under **Secret protection**, select **New pattern**.
 1. Provide the following details for your custom pattern:
-    - The name of the pattern
-    - The pattern of the secret specified as Hyperscan regex
-    - (Optional) **More options** provide other surrounding content or additional match requirements for the secret format
-    - A sample test string to make sure your configuration is matching the patterns you expect
+    - The name of the pattern.
+    - The pattern of the secret specified as Hyperscan regex.
+    - (Optional) **More options** provide other surrounding content or additional match requirements for the secret format.
+    - A sample test string to make sure your configuration is matching the patterns you expect.
 
     :::image type="content" source="../media/new-custom-pattern-octocat.png" alt-text="Screenshot of creating a new custom pattern for octocat token.":::
 
@@ -55,15 +55,15 @@ Follow these steps to create a custom pattern for a private repository:
 
 ### For an organization
 
-Follow the steps below to create a custom pattern for an organization:
+Follow the steps listed to create a custom pattern for an organization:
 
-1. In your organization, navigate to **Settings > Code security and analysis**.
-1. Under **Secret scanning > Custom patterns**, select **New pattern**.
+1. In your organization, navigate to **Settings > Advanced Security > Global Settings**.
+1. Under **Custom patterns**, select **New pattern**.
 1. Provide the following details for your custom pattern:
-    - The name of the pattern
-    - The pattern of the secret specified as Hyperscan regex
-    - (Optional) **More options** provide other surrounding content or additional match requirements for the secret format
-    - A sample test string to make sure your configuration is matching the patterns you expect
+    - The name of the pattern.
+    - The pattern of the secret specified as Hyperscan regex.
+    - (Optional) **More options** provide other surrounding content or additional match requirements for the secret format.
+    - A sample test string to make sure your configuration is matching the patterns you expect.
 1. When you're ready to test your new custom pattern, to identify matches in the repository without creating alerts, select **Save and dry run**.
 1. Select the repositories where you want to perform the dry run.
     - To perform the dry run across the entire organization, select **All repositories in the organization**.