diff --git a/content/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-firewall.md b/content/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-firewall.md index 1765590fb492..bb28708dbdd0 100644 --- a/content/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-firewall.md +++ b/content/copilot/how-tos/use-copilot-agents/coding-agent/customize-the-agent-firewall.md @@ -25,12 +25,31 @@ By default, {% data variables.product.prodname_copilot_short %}'s access to the Limiting access to the internet helps to manage data exfiltration risks, where surprising behavior from {% data variables.product.prodname_copilot_short %}, or malicious instructions given to it, could lead to code or other sensitive information being leaked to remote locations. -The default firewall rules allow access to a number of hosts that {% data variables.product.prodname_copilot_short %} uses to interact with {% data variables.product.github %} or to download dependencies. +The firewall always allows access to a number of hosts that {% data variables.product.prodname_copilot_short %} uses to interact with {% data variables.product.github %}. By default, a recommended allowlist is also enabled to allow the agent to download dependencies. If {% data variables.product.prodname_copilot_short %} tries to make a request which is blocked by the firewall, a warning is added to the pull request body (if {% data variables.product.prodname_copilot_short %} is creating a pull request for the first time) or to a comment (if {% data variables.product.prodname_copilot_short %} is responding to a pull request comment). The warning shows the blocked address and the command that tried to make the request. ![Screenshot of a warning from {% data variables.product.prodname_copilot_short %} about being blocked by the firewall.](/assets/images/help/copilot/coding-agent/firewall-warning.png) +## Managing the recommended firewall allowlist + +The recommended allowlist, enabled by default, allows access to: + +* Common operating system package repositories (for example, Debian, Ubuntu, Red Hat). +* Common container registries (for example, Docker Hub, Azure Container Registry, AWS Elastic Container Registry). +* Packages registries used by popular programming languages (C#, Dart, Go, Haskell, Java, JavaScript, Perl, PHP, Python, Ruby, Rust, Swift). +* Common certificate authorities (to allow SSL certificates to be validated). +* Hosts used to download web browsers for the Playwright MCP server. + +You can choose to turn off the recommended allowlist. + +{% data reusables.repositories.navigate-to-repo %} +{% data reusables.repositories.sidebar-settings %} +1. In the "Code & automation" section of the sidebar, click **{% data variables.product.prodname_copilot_short %}** then **{% data variables.copilot.copilot_coding_agent_short %}**. +1. Toggle the **Recommended allowlist** setting **off**. + +To use the recommended allowlist in addition to your own allowlist, keep the **Recommended allowlist** setting **on**, and add your additional addresses in the **Custom allowlist** page. + ## Allowlisting additional hosts in the agent's firewall You can allowlist additional addresses in the agent's firewall. @@ -39,7 +58,7 @@ You can allowlist additional addresses in the agent's firewall. {% data reusables.repositories.sidebar-settings %} 1. In the "Code & automation" section of the sidebar, click **{% data variables.product.prodname_copilot_short %}** then **{% data variables.copilot.copilot_coding_agent_short %}**. 1. Click **Custom allowlist** -1. Add the addresses you want to include in the allow list. You can include: +1. Add the addresses you want to include in the allowlist. You can include: * **Domains** (for example, `packages.contoso.corp`). Traffic will be allowed to the specified domain and any subdomains. @@ -52,14 +71,6 @@ You can allowlist additional addresses in the agent's firewall. 1. Click **Add Rule**. 1. After validating your list, click **Save changes**. -## Overwriting the recommended firewall allowlist - -By default, the firewall allows access to a number of hosts that are commonly used to download dependencies or that {% data variables.product.prodname_copilot_short %} uses to interact with {% data variables.product.github %}. - -To disable this, toggle the **Recommended allowlist** setting **off**. - -To use the recommended allowlist in addition to your own allowlist, keep the **Recommended allowlist** setting **on**, and add your additional addresses in the **Custom allowlist** page. - ### Disabling the firewall > [!WARNING] diff --git a/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/accessing-your-migration-logs-for-github-enterprise-importer.md b/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/accessing-your-migration-logs-for-github-enterprise-importer.md index 61bb625ba39b..9b381fed413e 100644 --- a/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/accessing-your-migration-logs-for-github-enterprise-importer.md +++ b/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/accessing-your-migration-logs-for-github-enterprise-importer.md @@ -23,7 +23,7 @@ The migration log lists the steps that were completed as part of the migration a * How long the migration took > [!IMPORTANT] -> Issues should be enabled in the target repository for the migration log to be created. +> Issues should be enabled in the target repository for the migration log to be created. You can access the migration log for a repository migration in multiple ways. diff --git a/src/audit-logs/data/fpt/user.json b/src/audit-logs/data/fpt/user.json index acdd9c866999..1476221d55d7 100644 --- a/src/audit-logs/data/fpt/user.json +++ b/src/audit-logs/data/fpt/user.json @@ -7782,7 +7782,7 @@ "operation_type", "request_access_security_header" ], - "docs_reference_titles": "Showing your private contributions on your profile" + "docs_reference_titles": "Manage visibility settings for private contributions" }, { "action": "user.login", @@ -8000,7 +8000,7 @@ "created_at", "request_access_security_header" ], - "docs_reference_titles": "Showing your private contributions on your profile" + "docs_reference_titles": "Manage visibility settings for private contributions" }, { "action": "user.sign_in_from_unrecognized_device", diff --git a/src/audit-logs/data/ghec/user.json b/src/audit-logs/data/ghec/user.json index acdd9c866999..1476221d55d7 100644 --- a/src/audit-logs/data/ghec/user.json +++ b/src/audit-logs/data/ghec/user.json @@ -7782,7 +7782,7 @@ "operation_type", "request_access_security_header" ], - "docs_reference_titles": "Showing your private contributions on your profile" + "docs_reference_titles": "Manage visibility settings for private contributions" }, { "action": "user.login", @@ -8000,7 +8000,7 @@ "created_at", "request_access_security_header" ], - "docs_reference_titles": "Showing your private contributions on your profile" + "docs_reference_titles": "Manage visibility settings for private contributions" }, { "action": "user.sign_in_from_unrecognized_device", diff --git a/src/audit-logs/data/ghes-3.14/enterprise.json b/src/audit-logs/data/ghes-3.14/enterprise.json index db31554ef139..6f9666ee55fa 100644 --- a/src/audit-logs/data/ghes-3.14/enterprise.json +++ b/src/audit-logs/data/ghes-3.14/enterprise.json @@ -15154,7 +15154,7 @@ "operation_type", "request_access_security_header" ], - "docs_reference_titles": "Showing your private contributions on your profile" + "docs_reference_titles": "Manage visibility settings for private contributions" }, { "action": "user.login", @@ -15464,7 +15464,7 @@ "created_at", "request_access_security_header" ], - "docs_reference_titles": "Showing your private contributions on your profile" + "docs_reference_titles": "Manage visibility settings for private contributions" }, { "action": "user.sign_in_from_unrecognized_device", diff --git a/src/audit-logs/data/ghes-3.14/user.json b/src/audit-logs/data/ghes-3.14/user.json index bc6410b50862..8b506d1c4f05 100644 --- a/src/audit-logs/data/ghes-3.14/user.json +++ b/src/audit-logs/data/ghes-3.14/user.json @@ -7340,7 +7340,7 @@ "operation_type", "request_access_security_header" ], - "docs_reference_titles": "Showing your private contributions on your profile" + "docs_reference_titles": "Manage visibility settings for private contributions" }, { "action": "user.login", @@ -7558,7 +7558,7 @@ "created_at", "request_access_security_header" ], - "docs_reference_titles": "Showing your private contributions on your profile" + "docs_reference_titles": "Manage visibility settings for private contributions" }, { "action": "user.sign_in_from_unrecognized_device", diff --git a/src/audit-logs/data/ghes-3.15/enterprise.json b/src/audit-logs/data/ghes-3.15/enterprise.json index 4d19359238db..30d1de1c0f45 100644 --- a/src/audit-logs/data/ghes-3.15/enterprise.json +++ b/src/audit-logs/data/ghes-3.15/enterprise.json @@ -15353,7 +15353,7 @@ "operation_type", "request_access_security_header" ], - "docs_reference_titles": "Showing your private contributions on your profile" + "docs_reference_titles": "Manage visibility settings for private contributions" }, { "action": "user.login", @@ -15663,7 +15663,7 @@ "created_at", "request_access_security_header" ], - "docs_reference_titles": "Showing your private contributions on your profile" + "docs_reference_titles": "Manage visibility settings for private contributions" }, { "action": "user.sign_in_from_unrecognized_device", diff --git a/src/audit-logs/data/ghes-3.15/user.json b/src/audit-logs/data/ghes-3.15/user.json index 2cbcf2094d7a..cfb0080e0a93 100644 --- a/src/audit-logs/data/ghes-3.15/user.json +++ b/src/audit-logs/data/ghes-3.15/user.json @@ -7539,7 +7539,7 @@ "operation_type", "request_access_security_header" ], - "docs_reference_titles": "Showing your private contributions on your profile" + "docs_reference_titles": "Manage visibility settings for private contributions" }, { "action": "user.login", @@ -7757,7 +7757,7 @@ "created_at", "request_access_security_header" ], - "docs_reference_titles": "Showing your private contributions on your profile" + "docs_reference_titles": "Manage visibility settings for private contributions" }, { "action": "user.sign_in_from_unrecognized_device", diff --git a/src/audit-logs/data/ghes-3.16/enterprise.json b/src/audit-logs/data/ghes-3.16/enterprise.json index 35e8cd2660b2..18f1f2ad3a8f 100644 --- a/src/audit-logs/data/ghes-3.16/enterprise.json +++ b/src/audit-logs/data/ghes-3.16/enterprise.json @@ -16067,7 +16067,7 @@ "operation_type", "request_access_security_header" ], - "docs_reference_titles": "Showing your private contributions on your profile" + "docs_reference_titles": "Manage visibility settings for private contributions" }, { "action": "user.login", @@ -16377,7 +16377,7 @@ "created_at", "request_access_security_header" ], - "docs_reference_titles": "Showing your private contributions on your profile" + "docs_reference_titles": "Manage visibility settings for private contributions" }, { "action": "user.sign_in_from_unrecognized_device", diff --git a/src/audit-logs/data/ghes-3.16/user.json b/src/audit-logs/data/ghes-3.16/user.json index 1e4227ef90e7..da7a07bee2e2 100644 --- a/src/audit-logs/data/ghes-3.16/user.json +++ b/src/audit-logs/data/ghes-3.16/user.json @@ -7693,7 +7693,7 @@ "operation_type", "request_access_security_header" ], - "docs_reference_titles": "Showing your private contributions on your profile" + "docs_reference_titles": "Manage visibility settings for private contributions" }, { "action": "user.login", @@ -7911,7 +7911,7 @@ "created_at", "request_access_security_header" ], - "docs_reference_titles": "Showing your private contributions on your profile" + "docs_reference_titles": "Manage visibility settings for private contributions" }, { "action": "user.sign_in_from_unrecognized_device", diff --git a/src/audit-logs/data/ghes-3.17/enterprise.json b/src/audit-logs/data/ghes-3.17/enterprise.json index 60b4c837fe87..ec958b05c3bb 100644 --- a/src/audit-logs/data/ghes-3.17/enterprise.json +++ b/src/audit-logs/data/ghes-3.17/enterprise.json @@ -16514,7 +16514,7 @@ "operation_type", "request_access_security_header" ], - "docs_reference_titles": "Showing your private contributions on your profile" + "docs_reference_titles": "Manage visibility settings for private contributions" }, { "action": "user.login", @@ -16824,7 +16824,7 @@ "created_at", "request_access_security_header" ], - "docs_reference_titles": "Showing your private contributions on your profile" + "docs_reference_titles": "Manage visibility settings for private contributions" }, { "action": "user.sign_in_from_unrecognized_device", diff --git a/src/audit-logs/data/ghes-3.17/user.json b/src/audit-logs/data/ghes-3.17/user.json index 04d91d523758..6dd03cca704b 100644 --- a/src/audit-logs/data/ghes-3.17/user.json +++ b/src/audit-logs/data/ghes-3.17/user.json @@ -7756,7 +7756,7 @@ "operation_type", "request_access_security_header" ], - "docs_reference_titles": "Showing your private contributions on your profile" + "docs_reference_titles": "Manage visibility settings for private contributions" }, { "action": "user.login", @@ -7974,7 +7974,7 @@ "created_at", "request_access_security_header" ], - "docs_reference_titles": "Showing your private contributions on your profile" + "docs_reference_titles": "Manage visibility settings for private contributions" }, { "action": "user.sign_in_from_unrecognized_device", diff --git a/src/audit-logs/data/ghes-3.18/enterprise.json b/src/audit-logs/data/ghes-3.18/enterprise.json index 4e922be5859b..37e61c45eff8 100644 --- a/src/audit-logs/data/ghes-3.18/enterprise.json +++ b/src/audit-logs/data/ghes-3.18/enterprise.json @@ -16617,7 +16617,7 @@ "operation_type", "request_access_security_header" ], - "docs_reference_titles": "Showing your private contributions on your profile" + "docs_reference_titles": "Manage visibility settings for private contributions" }, { "action": "user.login", @@ -16927,7 +16927,7 @@ "created_at", "request_access_security_header" ], - "docs_reference_titles": "Showing your private contributions on your profile" + "docs_reference_titles": "Manage visibility settings for private contributions" }, { "action": "user.sign_in_from_unrecognized_device", diff --git a/src/audit-logs/data/ghes-3.18/user.json b/src/audit-logs/data/ghes-3.18/user.json index acdd9c866999..1476221d55d7 100644 --- a/src/audit-logs/data/ghes-3.18/user.json +++ b/src/audit-logs/data/ghes-3.18/user.json @@ -7782,7 +7782,7 @@ "operation_type", "request_access_security_header" ], - "docs_reference_titles": "Showing your private contributions on your profile" + "docs_reference_titles": "Manage visibility settings for private contributions" }, { "action": "user.login", @@ -8000,7 +8000,7 @@ "created_at", "request_access_security_header" ], - "docs_reference_titles": "Showing your private contributions on your profile" + "docs_reference_titles": "Manage visibility settings for private contributions" }, { "action": "user.sign_in_from_unrecognized_device", diff --git a/src/audit-logs/lib/config.json b/src/audit-logs/lib/config.json index 227c7edf01e9..6db36cc38448 100644 --- a/src/audit-logs/lib/config.json +++ b/src/audit-logs/lib/config.json @@ -9,5 +9,5 @@ "git": "Note: Git events have special access requirements and retention policies that differ from other audit log events. For GitHub Enterprise Cloud, access Git events via the REST API only with 7-day retention. For GitHub Enterprise Server, Git events must be enabled in audit log configuration and are not included in search results.", "sso_redirect": "Note: Automatically redirecting users to sign in is currently in beta for Enterprise Managed Users and subject to change." }, - "sha": "702197225c7719a9451017b7efcf672693a020e0" + "sha": "1fd7e8dc57f677be202bb6e7024a2ec4b16fd469" } \ No newline at end of file diff --git a/src/secret-scanning/data/public-docs.yml b/src/secret-scanning/data/public-docs.yml index 8c5e1dbdc91a..b2922192e0e5 100644 --- a/src/secret-scanning/data/public-docs.yml +++ b/src/secret-scanning/data/public-docs.yml @@ -109,7 +109,7 @@ ghec: '*' isPublic: false isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false base64Supported: false isduplicate: false @@ -133,7 +133,7 @@ ghec: '*' isPublic: false isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false base64Supported: false isduplicate: false @@ -1513,7 +1513,7 @@ ghec: '*' isPublic: true isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false base64Supported: false isduplicate: false @@ -1525,7 +1525,7 @@ ghec: '*' isPublic: true isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false base64Supported: false isduplicate: false @@ -1537,7 +1537,7 @@ ghec: '*' isPublic: true isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false base64Supported: false isduplicate: false @@ -1561,7 +1561,7 @@ ghec: '*' isPublic: true isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false base64Supported: false isduplicate: false @@ -1573,7 +1573,7 @@ ghec: '*' isPublic: true isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false base64Supported: false isduplicate: false @@ -1585,7 +1585,7 @@ ghec: '*' isPublic: true isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false base64Supported: false isduplicate: false @@ -2828,7 +2828,7 @@ ghec: '*' isPublic: true isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false base64Supported: false isduplicate: false @@ -2840,7 +2840,7 @@ ghec: '*' isPublic: true isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: false base64Supported: false isduplicate: false @@ -5454,7 +5454,7 @@ ghec: '*' isPublic: true isPrivateWithGhas: true - hasPushProtection: false + hasPushProtection: true hasValidityCheck: '{% ifversion fpt or ghes %}false{% else %}true{% endif %}' base64Supported: false isduplicate: false diff --git a/src/secret-scanning/lib/config.json b/src/secret-scanning/lib/config.json index fe90868fff4e..e71d10fd73a3 100644 --- a/src/secret-scanning/lib/config.json +++ b/src/secret-scanning/lib/config.json @@ -1,5 +1,5 @@ { - "sha": "ae0af3739bfc23949e0cf24101edb7952cbdf8a8", - "blob-sha": "ec6452075cc3fa2334a2677e3492d59c1bfa4cdf", + "sha": "8169480d878c6b1f1697f6281d9b9d8715dc1fb5", + "blob-sha": "3c81b74365d7beab8e483b7c8b54557cdf02ed56", "targetFilename": "code-security/secret-scanning/introduction/supported-secret-scanning-patterns" } \ No newline at end of file