github
diff --git a/‎.github/allowed-actions.js‎
Lines changed: 1 addition & 0 deletions b/‎.github/allowed-actions.js‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/commands/remove.yaml‎
Lines changed: 10 additions & 0 deletions b/‎.github/commands/remove.yaml‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎.github/workflows/remove-from-fr-board.yaml‎
Lines changed: 64 additions & 0 deletions b/‎.github/workflows/remove-from-fr-board.yaml‎
Lines changed: 64 additions & 0 deletions
diff --git a/‎assets/images/enterprise/github-ae/settings/access-token-scopes-for-ghae.png‎
174 KB b/‎assets/images/enterprise/github-ae/settings/access-token-scopes-for-ghae.png‎
174 KB
diff --git a/‎content/admin/enterprise-management/monitoring-using-snmp.md‎
Lines changed: 9 additions & 9 deletions b/‎content/admin/enterprise-management/monitoring-using-snmp.md‎
Lines changed: 9 additions & 9 deletions
diff --git a/‎content/developers/apps/scopes-for-oauth-apps.md‎
Lines changed: 11 additions & 11 deletions b/‎content/developers/apps/scopes-for-oauth-apps.md‎
Lines changed: 11 additions & 11 deletions
diff --git a/‎content/github/administering-a-repository/about-secret-scanning.md‎
Lines changed: 7 additions & 2 deletions b/‎content/github/administering-a-repository/about-secret-scanning.md‎
Lines changed: 7 additions & 2 deletions
diff --git a/‎content/github/authenticating-to-github/connecting-with-third-party-applications.md‎
Lines changed: 3 additions & 3 deletions b/‎content/github/authenticating-to-github/connecting-with-third-party-applications.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎content/github/authenticating-to-github/creating-a-personal-access-token.md‎
Lines changed: 4 additions & 0 deletions b/‎content/github/authenticating-to-github/creating-a-personal-access-token.md‎
Lines changed: 4 additions & 0 deletions
@@ -26,6 +26,7 @@ module.exports = [
   "juliangruber/find-pull-request-action@2fc55e82a6d5d36fe1e7f1848f7e64fd02d99de9",
   "juliangruber/read-file-action@e0a316da496006ffd19142f0fd594a1783f3b512",
   "lee-dohm/close-matching-issues@22002609b2555fe18f52b8e2e7c07cbf5529e8a8",
+  "octokit/graphql-action@5b3e01d42dee4509b0ac6b1cb2cf7778cdce85c2",
   "pascalgn/automerge-action@c9bd1823770819dc8fb8a5db2d11a3a95fbe9b07", //pascalgn/automerge@0.12.0
   "peter-evans/create-issue-from-file@a04ce672e3acedb1f8e416b46716ddfd09905326",
   "peter-evans/create-or-update-comment@5221bf4aa615e5c6e95bb142f9673a9c791be2cd",
 
@@ -0,0 +1,10 @@
+trigger: remove-from-fr-board
+title: Remove from FR board
+description: Remove the current issue or pull request from the project board for the docs content first responder
+surfaces:
+  - issue
+  - pull_request
+  - discussion
+steps:
+  - type: repository_dispatch
+    eventType: remove_from_FR_board
@@ -0,0 +1,64 @@
+name: Remove card from FR board
+
+on:
+  repository_dispatch:
+    types: remove_from_FR_board
+
+jobs:
+  remove_from_FR_board:
+    if: github.repository == 'github/docs-internal'
+    runs-on: ubuntu-latest
+    steps:
+      - id: find_project_cards
+        uses: octokit/graphql-action@5b3e01d42dee4509b0ac6b1cb2cf7778cdce85c2
+        with:
+          query: |
+            query($issue_node_id:ID!) {
+              node(id:$issue_node_id) {
+                ... on Issue {
+                  projectCards(first: 10) {
+                    nodes {
+                      id
+                      project {
+                        name
+                        id
+                      }
+                    }
+                  }
+                }
+                ... on PullRequest {
+                  projectCards(first: 10) {
+                    nodes {
+                      id
+                      project {
+                        name
+                        id
+                      }
+                    }
+                  }
+                }
+              }
+            }
+          issue_node_id: ${{ github.event.client_payload.command.resource.id }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
+
+      - run: "echo 'Project cards found: ${{ steps.find_project_cards.outputs.data }}'"
+
+      - name: Get FR card
+        env:
+          QUERY_DATA: ${{ steps.find_project_cards.outputs.data }}
+        run: |
+          echo 'FR_CARDS='$(jq '.node.projectCards.nodes | .[] | select(.project.id == "MDc6UHJvamVjdDQ1NzI0ODI=") | .id' <<< "$QUERY_DATA") >> $GITHUB_ENV
+
+      - name: Delete card
+        id: delete_project_card
+        if: ${{ env.FR_CARDS }}
+        uses: octokit/graphql-action@5b3e01d42dee4509b0ac6b1cb2cf7778cdce85c2
+        with:
+          query: |
+            mutation DeleteCard {
+              deleteProjectCard(input:{cardId:${{ env.FR_CARDS }}}) {deletedCardId}
+            }
+        env:
+          GITHUB_TOKEN: ${{ secrets.DOCUBOT_FR_PROJECT_BOARD_WORKFLOWS_REPO_ORG_READ_SCOPES }}
@@ -66,7 +66,7 @@ If you enable SNMP v3, you can take advantage of increased user based security t
 
 ##### Querying SNMP data
 
-Both hardware and software-level information about your appliance is available with SNMP v3. Due to the lack of encryption and privacy for the `noAuthNoPriv` and `authNoPriv` security levels, we exclude the `hrSWRun` table (1.1.3.6.1.2.1.25.41) from the resulting SNMP reports. We include this table if you're using the `authPriv` security level.
+Both hardware and software-level information about your appliance is available with SNMP v3. Due to the lack of encryption and privacy for the `noAuthNoPriv` and `authNoPriv` security levels, we exclude the `hrSWRun` table (1.3.6.1.2.1.25.4) from the resulting SNMP reports. We include this table if you're using the `authPriv` security level. For more information, see the "[OID reference documentation](http://oidref.com/1.3.6.1.2.1.25.4)." 
 
 With SNMP v2c, only hardware-level information about your appliance is available. The applications and services within {% data variables.product.prodname_enterprise %} do not have OIDs configured to report metrics. Several MIBs are available, which you can see by running `snmpwalk` on a separate workstation with SNMP support in your network:
 
@@ -76,16 +76,16 @@ With SNMP v2c, only hardware-level information about your appliance is available
 $ snmpwalk -v 2c -c <em>community-string</em> -O e <em>hostname</em>
 ```
 
-Of the available MIBs for SNMP, the most useful is `HOST-RESOURCES-MIB` (.1.3.6.1.2.1.25). See the table below for some important objects in this MIB:
+Of the available MIBs for SNMP, the most useful is `HOST-RESOURCES-MIB` (1.3.6.1.2.1.25). See the table below for some important objects in this MIB:
 
 | Name | OID | Description |
 | ---- | --- | ----------- |
-| hrSystemDate.2 | .1.3.6.1.2.1.25.1.2 | The hosts notion of the local date and time of day. |
-| hrSystemUptime.0 |.1.3.6.1.2.1.25.1.1.0 | How long it's been since the host was last initialized. |
-| hrMemorySize.0 | .1.3.6.1.2.1.25.2.2.0 | The amount of RAM on the host. |
-| hrSystemProcesses.0 | .1.3.6.1.2.1.25.1.6.0 | The number of process contexts currently loaded or running on the host. |
-| hrStorageUsed.1 | .1.3.6.1.2.1.25.2.3.1.6.1 | The amount of storage space consumed on the host, in hrStorageAllocationUnits. |
-| hrStorageAllocationUnits.1 | .1.3.6.1.2.1.25.2.3.1.4.1 | The size, in bytes, of an hrStorageAllocationUnit |
+| hrSystemDate.2 | 1.3.6.1.2.1.25.1.2 | The hosts notion of the local date and time of day. |
+| hrSystemUptime.0 | 1.3.6.1.2.1.25.1.1.0 | How long it's been since the host was last initialized. |
+| hrMemorySize.0 | 1.3.6.1.2.1.25.2.2.0 | The amount of RAM on the host. |
+| hrSystemProcesses.0 | 1.3.6.1.2.1.25.1.6.0 | The number of process contexts currently loaded or running on the host. |
+| hrStorageUsed.1 | 1.3.6.1.2.1.25.2.3.1.6.1 | The amount of storage space consumed on the host, in hrStorageAllocationUnits. |
+| hrStorageAllocationUnits.1 | 1.3.6.1.2.1.25.2.3.1.4.1 | The size, in bytes, of an hrStorageAllocationUnit |
 
 For example, to query for `hrMemorySize` with SNMP v3, run the following command on a separate workstation with SNMP support in your network:
 ```shell
@@ -108,7 +108,7 @@ snmpget -v 2c -c <em>community-string</em> <em>hostname</em> HOST-RESOURCES-MIB:
 
 {% tip %}
 
-**Note:** To prevent leaking information about services running on your appliance, we exclude the `hrSWRun` table (1.1.3.6.1.2.1.25.41) from the resulting SNMP reports unless you're using the `authPriv` security level with SNMP v3. If you're using the `authPriv` security level, we include the `hrSWRun` table.
+**Note:** To prevent leaking information about services running on your appliance, we exclude the `hrSWRun` table (1.3.6.1.2.1.25.4) from the resulting SNMP reports unless you're using the `authPriv` security level with SNMP v3. If you're using the `authPriv` security level, we include the `hrSWRun` table.
 
 {% endtip %}
 
 
@@ -38,19 +38,19 @@ X-Accepted-OAuth-Scopes: user
 ### Available scopes
 
 Name | Description
------|-----------|
-**`(no scope)`** | Grants read-only access to public information (includes public user profile info, public repository info, and gists){% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %}
+-----|-----------|{% if currentVersion != "github-ae@latest" %}
+**`(no scope)`** | Grants read-only access to public information (including user profile info, repository info, and gists){% endif %}{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %}
 **`site_admin`** | Grants site administrators access to [{% data variables.product.prodname_ghe_server %} Administration API endpoints](/rest/reference/enterprise-admin).{% endif %}
-**`repo`** | Grants full access to private and public repositories. That includes read/write access to code, commit statuses, repository and organization projects, invitations, collaborators, adding team memberships, deployment statuses, and repository webhooks for public and private repositories and organizations. Also grants ability to manage user projects.
-&emsp;`repo:status`| Grants read/write access to public and private repository commit statuses. This scope is only necessary to grant other users or services access to private repository commit statuses *without* granting access to the code.
-&emsp;`repo_deployment`| Grants access to [deployment statuses](/rest/reference/repos#deployments) for public and private repositories. This scope is only necessary to grant other users or services access to deployment statuses, *without* granting access to the code.
-&emsp;`public_repo`| Limits access to public repositories. That includes read/write access to code, commit statuses, repository projects, collaborators, and deployment statuses for public repositories and organizations. Also required for starring public repositories.
+**`repo`** | Grants full access to repositories, including private repositories. That includes read/write access to code, commit statuses, repository and organization projects, invitations, collaborators, adding team memberships, deployment statuses, and repository webhooks for repositories and organizations. Also grants ability to manage user projects.
+&emsp;`repo:status`| Grants read/write access to {% if currentVersion != "github-ae@latest" %}public{% else %}internal{% endif %} and private repository commit statuses. This scope is only necessary to grant other users or services access to private repository commit statuses *without* granting access to the code.
+&emsp;`repo_deployment`| Grants access to [deployment statuses](/rest/reference/repos#deployments) for {% if currentVersion != "github-ae@latest" %}public{% else %}internal{% endif %} and private repositories. This scope is only necessary to grant other users or services access to deployment statuses, *without* granting access to the code.{% if currentVersion != "github-ae@latest" %}
+&emsp;`public_repo`| Limits access to public repositories. That includes read/write access to code, commit statuses, repository projects, collaborators, and deployment statuses for public repositories and organizations. Also required for starring public repositories.{% endif %}
 &emsp;`repo:invite` | Grants accept/decline abilities for invitations to collaborate on a repository. This scope is only necessary to grant other users or services access to invites *without* granting access to the code.{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}
 &emsp;`security_events` | Grants: <br/> read and write access to security events in the [{% data variables.product.prodname_code_scanning %} API](/rest/reference/code-scanning) <br/> read and write access to security events in the [{% data variables.product.prodname_secret_scanning %} API](/rest/reference/secret-scanning) <br/> This scope is only necessary to grant other users or services access to security events *without* granting access to the code.{% endif %}{% if currentVersion ver_gt "enterprise-server@2.21" and currentVersion ver_lt "enterprise-server@3.1" %}
 &emsp;`security_events` | Grants read and write access to security events in the [{% data variables.product.prodname_code_scanning %} API](/rest/reference/code-scanning). This scope is only necessary to grant other users or services access to security events *without* granting access to the code.{% endif %}
-**`admin:repo_hook`** | Grants read, write, ping, and delete access to repository hooks in public and private repositories. The `repo` and `public_repo` scopes grants full access to repositories, including repository hooks. Use the `admin:repo_hook` scope to limit access to only repository hooks.
-&emsp;`write:repo_hook` | Grants read, write, and ping access to hooks in public or private repositories.
-&emsp;`read:repo_hook`| Grants read and ping access to hooks in public or private repositories.
+**`admin:repo_hook`** | Grants read, write, ping, and delete access to repository hooks in {% if currentVersion != "github-ae@latest" %}public{% else %}internal{% endif %} and private repositories. The `repo` {% if currentVersion != "github-ae@latest" %}and `public_repo` scopes grant{% else %}scope grants{% endif %} full access to repositories, including repository hooks. Use the `admin:repo_hook` scope to limit access to only repository hooks.
+&emsp;`write:repo_hook` | Grants read, write, and ping access to hooks in {% if currentVersion != "github-ae@latest" %}public{% else %}internal{% endif %} or private repositories.
+&emsp;`read:repo_hook`| Grants read and ping access to hooks in {% if currentVersion != "github-ae@latest" %}public{% else %}internal{% endif %} or private repositories.
 **`admin:org`** | Fully manage the organization and its teams, projects, and memberships.
 &emsp;`write:org`| Read and write access to organization membership, organization projects, and team membership.
 &emsp;`read:org`| Read-only access to organization membership, organization projects, and team membership.
@@ -78,11 +78,11 @@ Name | Description
 {% note %}
 
 **Note:** Your OAuth App can request the scopes in the initial redirection. You
-can specify multiple scopes by separating them with a space:
+can specify multiple scopes by separating them with a space using `%20`:
 
     https://github.com/login/oauth/authorize?
       client_id=...&
-      scope=user%20public_repo
+      scope=user%20repo_deployment
 
 {% endnote %}
 
 
@@ -46,11 +46,16 @@ If you're a repository administrator or an organization owner, you can enable {%
 
 When you push commits to a{% if currentVersion == "free-pro-team@latest" %} private{% endif %} repository with {% data variables.product.prodname_secret_scanning %} enabled, {% data variables.product.prodname_dotcom %} scans the contents of the commits for secrets.
 
-When {% data variables.product.prodname_secret_scanning %} detects a secret in a{% if currentVersion == "free-pro-team@latest" %} private{% endif %} repository, {% data variables.product.prodname_dotcom %} sends alerts.
+When {% data variables.product.prodname_secret_scanning %} detects a secret in a{% if currentVersion == "free-pro-team@latest" %} private{% endif %} repository, {% data variables.product.prodname_dotcom %} generates an alert.
 
 - {% data variables.product.prodname_dotcom %} sends an email alert to the repository administrators and organization owners.
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" or currentVersion == 'github-ae@next' %}
+- {% data variables.product.prodname_dotcom %} sends an email alert to the contributor who committed the secret to the repository, with a link to the related {% data variables.product.prodname_secret_scanning %} alert. The commit author can then view the alert in the repository, and resolve the alert.
+{% endif %}
+- {% data variables.product.prodname_dotcom %} displays an alert in the repository.{% if currentVersion == "enterprise-server@3.0" %} For more information, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/github/administering-a-repository/managing-alerts-from-secret-scanning)."{% endif %}
 
-- {% data variables.product.prodname_dotcom %} displays an alert in the repository. For more information, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/github/administering-a-repository/managing-alerts-from-secret-scanning)."
+{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" or currentVersion == 'github-ae@next' %}
+For more information about viewing and resolving {% data variables.product.prodname_secret_scanning %} alerts, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/github/administering-a-repository/managing-alerts-from-secret-scanning)."{% endif %}
 
 Repository administrators and organization owners can grant users and teams access to {% data variables.product.prodname_secret_scanning %} alerts. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)."
 
 
@@ -55,13 +55,13 @@ There are several types of data that applications can request.
 | Type of data | Description |
 | --- | --- |
 | Commit status | You can grant access for a third-party application to report your commit status. Commit status access allows applications to determine if a build is a successful against a specific commit. Applications won't have access to your code, but they <em>can</em> read and write status information against a specific commit. |
-| Deployments | Deployment status access allows applications to determine if a deployment is successful against a specific commit for public and private repositories. Applications won't have access to your code. |
-| Gists | [Gist](https://gist.github.com) access allows applications to read or write to both your public and secret Gists. |
+| Deployments | Deployment status access allows applications to determine if a deployment is successful against a specific commit for a repository. Applications won't have access to your code. |
+| Gists | [Gist](https://gist.github.com) access allows applications to read or write to {% if currentVersion != "github-ae@latest" %}both your public and{% else %}both your internal and{% endif %} secret Gists. |
 | Hooks | [Webhooks](/webhooks) access allows applications to read or write hook configurations on repositories you manage. |
 | Notifications | Notification access allows applications to read your {% data variables.product.product_name %} notifications, such as comments on issues and pull requests. However, applications remain unable to access anything in your repositories. |
 | Organizations and teams | Organization and teams access allows apps to access and manage organization and team membership. |
 | Personal user data | User data includes information found in your user profile, like your name, e-mail address, and location. |
-| Repositories | Repository information includes the names of contributors, the branches you've created, and the actual files within your repository. Applications can request access for either public or private repositories on a user-wide level. |
+| Repositories | Repository information includes the names of contributors, the branches you've created, and the actual files within your repository. Applications can request access for either {% if currentVersion != "github-ae@latest" %}public{% else %}internal{% endif %} or private repositories on a user-wide level. |
 | Repository delete | Applications can request to delete repositories that you administer, but they won't have access to your code. |
 
 ### Requesting updated permissions
 
@@ -29,7 +29,11 @@ Personal access tokens (PATs) are an alternative to using passwords for authenti
 5. Give your token a descriptive name.
    ![Token description field](/assets/images/help/settings/token_description.png)
 6. Select the scopes, or permissions, you'd like to grant this token. To use your token to access repositories from the command line, select **repo**.
+   {% if currentVersion == "free-pro-team@latest" or enterpriseServerVersions contains currentVersion %}
    ![Selecting token scopes](/assets/images/help/settings/token_scopes.gif)
+   {% elsif currentVersion == "github-ae@latest" %}
+   ![Selecting token scopes](/assets/images/enterprise/github-ae/settings/access-token-scopes-for-ghae.png)
+   {% endif %}
 7. Click **Generate token**.
    ![Generate token button](/assets/images/help/settings/generate_token.png)
 8. Click {% octicon "clippy" aria-label="The copy to clipboard icon" %} to copy the token to your clipboard. For security reasons, after you navigate off the page, you will not be able to see the token again.{% if currentVersion == "free-pro-team@latest" %}