Skip to content

Commit dbf039a

Browse files
SiaraMistcourtneycl
SiaraMist
and
courtneycl
authored
Secret scanning validates partner patterns for Azure, AWS, Google - [Public Beta] (#42831)
Co-authored-by: Courtney Claessens <[email protected]>
1 parent 412fe6e commit dbf039a

File tree

3 files changed

+7
-7
lines changed

3 files changed

+7
-7
lines changed

content/code-security/secret-scanning/managing-alerts-from-secret-scanning.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -36,8 +36,8 @@ shortTitle: Manage secret alerts
3636
{% data reusables.repositories.sidebar-security %}
3737
1. In the left sidebar, under "Vulnerability alerts", click **{% data variables.product.prodname_secret_scanning_caps %}**.
3838
1. Under "{% data variables.product.prodname_secret_scanning_caps %}" click the alert you want to view. {% ifversion secret-scanning-validity-check-partner-patterns %}
39-
1. Optionally, to perform a validity check on the token, on the top right-hand side of the alert, click {% octicon "sync" aria-label="Send token to partner for verification" %}. For more information, see "[Validating partner patterns](#validating-partner-patterns)." <br><br>
40-
{% note %}
39+
1. Optionally, to perform a validity check on the token, on the top right-hand side of the alert, click {% octicon "sync" aria-hidden="true" %} **Verify secret**. For more information, see "[Validating partner patterns](#validating-partner-patterns)." <br><br>
40+
{% note %}
4141

4242
**Note:** You can only perform on-demand validity checks for patterns detected in the repository if automatic validity checks have been enabled for the repository. For more information, see "[Allowing validity checks for partner patterns in a repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository)."
4343

@@ -79,7 +79,7 @@ You can enable automatic validity checks for supported partner patterns in the c
7979

8080
For more information on enabling automatic validation checks for partner patterns in your repository, organization, or enterprise, see "[Allowing validity checks for partner patterns in a repository](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#allowing-validity-checks-for-partner-patterns-in-a-repository)," "[Allowing validity checks for partner patterns in an organization](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization)," and "[Managing Advanced Security features](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise#managing-advanced-security-features)."
8181

82-
If your repository has validity checks enabled, you can also perform an on-demand validity check for a secret by clicking {% octicon "sync" aria-label="Send token to partner for verification" %} in the alert view. {% data variables.product.company_short %} will send the pattern to the relevant partner and display the validation status of the secret in the alert view.
82+
If your repository has validity checks enabled, you can also perform an on-demand validity check for a secret by clicking {% octicon "sync" aria-hidden="true" %} **Verify secret** in the alert view. {% data variables.product.company_short %} will send the pattern to the relevant partner and display the validation status of the secret in the alert view.
8383

8484
You can use the validation status of a leaked secret to help prioritize the secrets needing remediation steps.
8585

content/code-security/secret-scanning/secret-scanning-patterns.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,7 @@ This table lists the secrets supported by {% data variables.product.prodname_sec
8585
- **User**—token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}. Applies to public repositories, and to private repositories where {% data variables.product.prodname_GH_advanced_security %} is enabled.{% endif %}{% ifversion ghes or ghae %}
8686
- **{% data variables.product.prodname_secret_scanning_caps %} alert**—token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}. Applies to private repositories where {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_secret_scanning %} enabled.{% endif %}{% ifversion secret-scanning-push-protection %}
8787
- **Push protection**—token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}. Applies to repositories with {% data variables.product.prodname_secret_scanning %} and push protection enabled.{% endif %}{% ifversion secret-scanning-validity-check %}
88-
- **Validity check**—token for which a validity check is implemented. {% ifversion secret-scanning-validity-check-partner-patterns %}For partner tokens, {% data variables.product.prodname_dotcom %} sends the token to the relevant partner. Note that not all partners are based in the United States. For more information, see "[{% data variables.product.prodname_advanced_security %}](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security)" in the Site Policy documentation.{% else %} Currently only applies to {% data variables.product.prodname_dotcom %} tokens.{% endif %}{% endif %}
88+
- **Validity check**—token for which a validity check is implemented. {% ifversion secret-scanning-validity-check-partner-patterns %}For partner tokens, {% data variables.product.prodname_dotcom %} sends the token to the relevant partner. Note that not all partners are based in the United States. For more information, see "[{% data variables.product.prodname_advanced_security %}](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security)" in the Site Policy documentation.{% else %} {% ifversion ghes < 3.12 %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens.{% endif %}{% endif %}{% endif %}
8989

9090
<!-- FPT version of table -->
9191
{% ifversion fpt %}

data/secret-scanning.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -152,7 +152,7 @@
152152
isPublic: true
153153
isPrivateWithGhas: true
154154
hasPushProtection: true
155-
hasValidityCheck: false
155+
hasValidityCheck: '{% ifversion fpt or ghes < 3.12 %}false{% else %}true{% endif %}'
156156

157157
- provider: 'Amazon Web Services (AWS)'
158158
supportedSecret: 'Amazon AWS Session Token with Amazon AWS Temporary Access Key ID and Amazon AWS Secret Access Key'
@@ -165,7 +165,7 @@
165165
isPublic: false
166166
isPrivateWithGhas: true
167167
hasPushProtection: true
168-
hasValidityCheck: false
168+
hasValidityCheck: '{% ifversion fpt or ghes < 3.12 %}false{% else %}true{% endif %}'
169169

170170
- provider: 'Asana'
171171
supportedSecret: 'Asana Personal Access Token'
@@ -2510,7 +2510,7 @@
25102510
isPublic: true
25112511
isPrivateWithGhas: true
25122512
hasPushProtection: true
2513-
hasValidityCheck: false
2513+
hasValidityCheck: '{% ifversion fpt or ghes < 3.12 %}false{% else %}true{% endif %}'
25142514

25152515
- provider: 'Slack'
25162516
supportedSecret: 'Slack Incoming Webhook URL'

0 commit comments

Comments
 (0)