repo sync

components/release-notes/PatchNotes.tsx

@@ -15,6 +15,7 @@ const SectionToLabelMap: Record<string, string> = {
   changes: 'Changes',
   deprecations: 'Deprecations',
   backups: 'Backups',
+  errata: 'Errata',
 }
 
 type Props = {

content/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning.md

@@ -51,18 +51,16 @@ Before defining a custom pattern, you must ensure that {% data variables.product
 {%- ifversion secret-scanning-custom-enterprise-35 %}{% indented_data_reference reusables.secret-scanning.beta-dry-runs spaces=3 %}{% endif %}
 {% endif %}
 {% data reusables.advanced-security.secret-scanning-create-custom-pattern %}{% ifversion secret-scanning-push-protection-custom-patterns %}
-1. Optionally, to enable push protection for your custom pattern, click **Enable**.
-
+1. Optionally, to enable push protection for your custom pattern, click **Enable**.  
    {% note %}
-
-   **Note:**
-
-   - Push protection for custom patterns will only apply to repositories that have {% data variables.product.prodname_secret_scanning %} as push protection enabled. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-a-repository)."
-   - Enabling push protection for commonly found custom patterns can be disruptive to contributors.
-
+
+   **Note**: The "Enable" button isn't available until after the dry run succeeds and you publish the pattern.
+
    {% endnote %}
+
+   For more information about push protection, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)."
 
-   ![Screenshot of the "Push protection" section of the custom pattern page. A button, labeled "Enable", is outlined in dark orange.](/assets/images/help/repository/secret-scanning-custom-pattern-enable-push-protection.png){% endif %}
+{% endif %}
 
 After your pattern is created, {% data reusables.secret-scanning.secret-scanning-process %} For more information on viewing {% data variables.secret-scanning.alerts %}, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)."
 
@@ -120,17 +118,9 @@ Before defining a custom pattern, you must ensure that you enable {% data variab
 {%- ifversion secret-scanning-custom-enterprise-35 %}{% indented_data_reference reusables.secret-scanning.beta-dry-runs spaces=3 %}{% endif %}
 {%- endif %}
 {% data reusables.advanced-security.secret-scanning-create-custom-pattern %}{% ifversion secret-scanning-push-protection-custom-patterns %}
-1. Optionally, to enable push protection for your custom pattern, click **Enable**.
+1. Optionally, to enable push protection for your custom pattern, click **Enable**. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-in-an-organization-for-a-custom-pattern)."
 
-   {% note %}
-
-   **Note:**
-   - Push protection for custom patterns will only apply to repositories in your organization that have {% data variables.product.prodname_secret_scanning %} as push protection enabled. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization)."
-   - Enabling push protection for commonly found custom patterns can be disruptive to contributors.
-
-   {% endnote %}
-
-![Screenshot of the "Push protection" section of the custom pattern page. A button, labeled "Enable", is outlined in dark orange.](/assets/images/help/repository/secret-scanning-custom-pattern-enable-push-protection.png){% endif %}
+{% indented_data_reference reusables.secret-scanning.push-protection-org-notes spaces=3 %}{% endif %}
 
 After your pattern is created, {% data variables.product.prodname_secret_scanning %} scans for any secrets in repositories in your organization, including their entire Git history on all branches. Organization owners and repository administrators will be alerted to any secrets found and can review the alert in the repository where the secret is found. For more information on viewing {% data variables.secret-scanning.alerts %}, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)."
 
@@ -147,7 +137,7 @@ Before defining a custom pattern, you must ensure that you enable secret scannin
 {% ifversion secret-scanning-custom-enterprise-36 or custom-pattern-dry-run-ga %}
 **Notes:**
 - At the enterprise level, only the creator of a custom pattern can edit the pattern, and use it in a dry run.
-- Enterprise owners can only make use of dry runs on repositories that they have access to, and enterprise owners do not necessarily have access to all the organizations or repositories within the enterprise.
+- {% data reusables.secret-scanning.dry-runs-enterprise-permissions %}
 {% else %}
 **Note:** As there is no dry-run functionality, we recommend that you test your custom patterns in a repository before defining them for your entire enterprise. That way, you can avoid creating excess false-positive {% data variables.secret-scanning.alerts %}.
 
@@ -170,18 +160,8 @@ Before defining a custom pattern, you must ensure that you enable secret scannin
 {%- ifversion secret-scanning-custom-enterprise-36 %}{% indented_data_reference reusables.secret-scanning.beta-dry-runs spaces=3 %}{% endif %}
 {%- endif %}
 {% data reusables.advanced-security.secret-scanning-create-custom-pattern %}{% ifversion secret-scanning-push-protection-custom-patterns %}
-1. Optionally, to enable push protection for your custom pattern, click **Enable**.
-
-   {% note %}
-
-   **Note:**
-
-   - To enable push protection for custom patterns, {% data variables.product.prodname_secret_scanning %} as push protection needs to be enabled at the enterprise level. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-your-enterprise)."
-   - Enabling push protection for commonly found custom patterns can be disruptive to contributors.
-
-   {% endnote %}
-
-![Screenshot of the custom pattern page with the button to enable push protection highlighted with a dark orange outline.](/assets/images/help/repository/secret-scanning-custom-pattern-enable-push-protection.png){% endif %}
+1. Optionally, to enable push protection for your custom pattern, click **Enable**. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)."
+{% indented_data_reference reusables.secret-scanning.push-protection-enterprise-note spaces=3 %}{% endif %}
 
 After your pattern is created, {% data variables.product.prodname_secret_scanning %} scans for any secrets in repositories within your enterprise's organizations with {% data variables.product.prodname_GH_advanced_security %} enabled, including their entire Git history on all branches. Organization owners and repository administrators will be alerted to any secrets found, and can review the alert in the repository where the secret is found. For more information on viewing {% data variables.secret-scanning.alerts %}, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)."
 

content/code-security/secret-scanning/protecting-pushes-with-secret-scanning.md

@@ -74,6 +74,67 @@ You can use the organization settings page for "Code security and analysis" to e
 {% data reusables.repositories.navigate-to-ghas-settings %}
 {% data reusables.advanced-security.secret-scanning-push-protection-repo %}
 
+{% ifversion secret-scanning-push-protection %}
+
+## Enabling push protection for a custom pattern
+
+You can enable {% data variables.product.prodname_secret_scanning %} as a push protection for custom patterns stored at {% ifversion ghec or ghes or ghae %}the enterprise, organization, or repository level{% else%} the organization or repository level{% endif %}.
+
+{% ifversion ghec or ghes or ghae %}
+### Enabling push protection for a custom pattern stored in an enterprise
+
+{% data reusables.secret-scanning.push-protection-enterprise-note %}
+
+Before enabling push protection for a custom pattern at enterprise level, you must also{% ifversion secret-scanning-custom-enterprise-36 or custom-pattern-dry-run-ga %} test your custom patterns using dry runs. {% data reusables.secret-scanning.dry-runs-enterprise-permissions %}{% else %} test your custom patterns in a repository before defining them for your entire enterprise, as there is no dry-run functionality. That way, you can avoid creating excess false-positive {% data variables.secret-scanning.alerts %}.{% endif %}
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}{% ifversion security-feature-enablement-policies %}
+{% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
+1. Under "Code security and analysis", click **Security features**.{% else %}
+{% data reusables.enterprise-accounts.advanced-security-policies %}
+{% data reusables.enterprise-accounts.advanced-security-security-features %}{% endif %}
+{% data reusables.advanced-security.secret-scanning-edit-custom-pattern %}
+{% ifversion secret-scanning-custom-enterprise-36 or custom-pattern-dry-run-ga %}
+   {% note %}
+
+   **Note**: At the enterprise level, you can only edit and enable push protection for custom patterns that you created.
+
+   {% endnote %}
+{%- endif %}
+1. To enable push protection for your custom pattern, scroll down to "Push Protection", and click **Enable**.
+
+   ![Screenshot of the custom pattern page with the button to enable push protection highlighted with a dark orange outline.](/assets/images/help/repository/secret-scanning-custom-pattern-enable-push-protection.png)
+
+{% endif %}
+### Enabling {% data variables.product.prodname_secret_scanning %} as a push protection in an organization for a custom pattern 
+
+Before enabling push protection for a custom pattern at organization level, you must ensure that you enable {% data variables.product.prodname_secret_scanning %} for the repositories that you want to scan in your organization. To enable {% data variables.product.prodname_secret_scanning %} on all repositories in your organization, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+{% data reusables.organizations.security-and-analysis %}
+{% data reusables.repositories.navigate-to-ghas-settings %}
+{% data reusables.advanced-security.secret-scanning-edit-custom-pattern %}
+1. To enable push protection for your custom pattern, scroll down to "Push Protection", and click **Enable**.
+{% indented_data_reference reusables.secret-scanning.push-protection-org-notes spaces=3 %}
+
+   ![Screenshot of the "Push protection" section of the custom pattern page. A button, labeled "Enable", is outlined in dark orange.](/assets/images/help/repository/secret-scanning-custom-pattern-enable-push-protection.png)
+
+### Enabling {% data variables.product.prodname_secret_scanning %} as a push protection in a repository for a custom pattern 
+
+Before enabling push protection for a custom pattern at repository level, you must define the custom pattern for the repository, and test it in the repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository)."
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+{% data reusables.repositories.navigate-to-ghas-settings %}
+{% data reusables.advanced-security.secret-scanning-edit-custom-pattern %}
+1. To enable push protection for your custom pattern, scroll down to "Push Protection", and click **Enable**. 
+
+   ![Screenshot of the "Push protection" section of the custom pattern page. A button, labeled "Enable", is outlined in dark orange.](/assets/images/help/repository/secret-scanning-custom-pattern-enable-push-protection.png)
+
+{% endif %}
+
 ## Using secret scanning as a push protection from the command line
 
 {% data reusables.secret-scanning.push-protection-command-line-choice %}

data/features/GH-advisory-db-erlang-support.yml

@@ -3,5 +3,5 @@
 versions:
   fpt: '*'
   ghec: '*'
-  ghes: '>=3.7'
-  ghae: '>= 3.7'
+  ghes: '>=3.10'
+  ghae: '>=3.10'

data/release-notes/enterprise-server/3-7/0.yml

@@ -138,13 +138,11 @@ sections:
         - |
           Organization owners can manage teams of security managers using the REST API. For more information, see "[Security Managers](/rest/orgs/security-managers)" in the REST API documentation.
 
-        # https://github.com/github/releases/issues/2042
         # https://github.com/github/releases/issues/2295
         # https://github.com/github/releases/issues/2307
         - |
           Users can take advantage of the following improvements to the [GitHub Advisory Database](https://github.com/advisories).
 
-          - The database displays advisories for for Elixir, Erlang's Hex package manager, and more.
           - Users can find malware advisories by searching for `type:malware`.
           - The database displays advisories for GitHub Actions vulnerabilities.
 
@@ -372,3 +370,8 @@ sections:
     # https://github.com/github/releases/issues/2480
     - |
       Package registries on the new GitHub Packages architecture, including Container registry and npm packages, no longer expose data through the GraphQL API. In a coming release, other GitHub Packages registries will migrate to the new architecture, which will deprecate the GraphQL API for those registries as well.
+
+  errata:
+    # https://github.com/github/releases/issues/2042
+    - |
+      "[Features](#3.7.0-features)" incorrectly indicated that users of the GitHub Advisory Database can see advisories for Elixir, Erlang's Hex package manager, and more. This feature is unavailable in GitHub Enterprise Server 3.7, and will be available in a future release. [Updated 2023-06-01]

data/reusables/advanced-security/secret-scanning-edit-custom-pattern.md

@@ -0,0 +1 @@
+1. Under "{% data variables.product.prodname_secret_scanning_caps %}", under "Custom patterns", click {% octicon "pencil" aria-label="Edit custom pattern" %} for the pattern of interest.

data/reusables/secret-scanning/dry-runs-enterprise-permissions.md

@@ -0,0 +1 @@
+You can only perform a dry run on repositories that you have administration access to. If an enterprise owner wants access to perform dry runs on any repository in an organization, they must be assigned the organization owner role. For more information, see "[AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise)."

data/reusables/secret-scanning/push-protection-enterprise-note.md

@@ -0,0 +1,8 @@
+{% note %}
+
+**Notes:**
+
+- To enable push protection for custom patterns, {% data variables.product.prodname_secret_scanning %} as push protection needs to be enabled at the enterprise level. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-your-enterprise)."
+- Enabling push protection for commonly found custom patterns can be disruptive to contributors.
+
+{% endnote %}

data/reusables/secret-scanning/push-protection-org-notes.md

@@ -0,0 +1,7 @@
+{% note %}
+
+**Notes:**
+- Push protection for custom patterns will only apply to repositories in your organization that have {% data variables.product.prodname_secret_scanning %} as push protection enabled. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization)."
+- Enabling push protection for commonly found custom patterns can be disruptive to contributors.
+
+{% endnote %}

data/reusables/secret-scanning/push-protection-repo-notes.md

@@ -0,0 +1,8 @@
+{% note %}
+
+**Notes:**
+
+- Push protection for custom patterns will only apply to repositories that have {% data variables.product.prodname_secret_scanning %} as push protection enabled. For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-a-repository)."
+- Enabling push protection for commonly found custom patterns can be disruptive to contributors.
+
+{% endnote %}

src/content-linter/lib/release-notes-schema.js

@@ -58,6 +58,7 @@ export default {
         'deprecations',
         'security_fixes',
         'backups',
+        'errata',
       ].reduce((prev, curr) => ({ ...prev, [curr]: section }), {}),
     },
   },