From 532b0782c941128415b50e5113ac4a5063d73128 Mon Sep 17 00:00:00 2001 From: Belal Taher Date: Mon, 9 Mar 2026 19:18:09 -0400 Subject: [PATCH 01/20] Add `model` to custom agent config docs (#60011) Co-authored-by: Joe Clark <31087804+jc-clark@users.noreply.github.com> --- content/copilot/reference/custom-agents-configuration.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/copilot/reference/custom-agents-configuration.md b/content/copilot/reference/custom-agents-configuration.md index 4b5e46a0654a..8379d1428710 100644 --- a/content/copilot/reference/custom-agents-configuration.md +++ b/content/copilot/reference/custom-agents-configuration.md @@ -25,6 +25,7 @@ The following table outlines the properties that you can configure for {% data v | `description` | **Required** string | Description of the {% data variables.copilot.copilot_custom_agent_short %}'s purpose and capabilities | | `target` | string | Target environment or context for the {% data variables.copilot.copilot_custom_agent_short %} (`vscode` or `github-copilot`). If unset, defaults to both environments. | | `tools` | list of strings, string | List of tool names the {% data variables.copilot.copilot_custom_agent_short %} can use. Supports both a comma separated string and yaml string array. If unset, defaults to all tools. See [Tools](#tools). | +| `model` | string | Model to use when this {% data variables.copilot.copilot_custom_agent_short %} executes. If unset, inherits the default model. | | `disable-model-invocation` | boolean | Disables {% data variables.copilot.copilot_coding_agent %} from automatically using this {% data variables.copilot.copilot_custom_agent_short %} based on task context. When `true`, the agent must be manually selected. Setting `disable-model-invocation: true` is equivalent to `infer: false`. If both are set, `disable-model-invocation` takes precedence. If unset, defaults to `false`. | | `user-invocable` | boolean | Controls whether this {% data variables.copilot.copilot_custom_agent_short %} can be selected by a user. When `false`, the agent cannot be manually selected and can only be accessed programmatically. If unset, defaults to `true`. | | `infer` | boolean | **{% data variables.release-phases.retired_caps %}**. Use `disable-model-invocation` and `user-invocable` instead. Enables {% data variables.copilot.copilot_coding_agent %} to automatically use this {% data variables.copilot.copilot_custom_agent_short %} based on task context. When `false`, the agent must be manually selected. If unset, defaults to `true`. | @@ -37,7 +38,7 @@ Define the agent's behavior, expertise, and instructions in the Markdown content > [!NOTE] > -> * The `model`, `argument-hint`, and `handoffs` properties from {% data variables.product.prodname_vscode_shortname %} and other IDE {% data variables.copilot.custom_agents_short %} are currently not supported for {% data variables.copilot.copilot_coding_agent %} on {% data variables.product.prodname_dotcom_the_website %}. They are ignored to ensure compatibility. +> * The `argument-hint` and `handoffs` properties from {% data variables.product.prodname_vscode_shortname %} and other IDE {% data variables.copilot.custom_agents_short %} are currently not supported for {% data variables.copilot.copilot_coding_agent %} on {% data variables.product.prodname_dotcom_the_website %}. They are ignored to ensure compatibility. > * For more information on {% data variables.copilot.copilot_custom_agent_short %} file structure in {% data variables.product.prodname_vscode_shortname %}, see [{% data variables.copilot.custom_agents_caps_short %} in {% data variables.product.prodname_vscode_shortname %}](https://code.visualstudio.com/docs/copilot/customization/custom-agents#_custom-agent-file-structure) in the {% data variables.product.prodname_vscode_shortname %} documentation. ## Tools From 977934e42b1b8f0cc90203792c11048790a492e5 Mon Sep 17 00:00:00 2001 From: docs-bot <77750099+docs-bot@users.noreply.github.com> Date: Tue, 10 Mar 2026 00:28:57 -0700 Subject: [PATCH 02/20] Sync secret scanning data (#60105) Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- .../data/pattern-docs/fpt/public-docs.yml | 32 ++++++++++++++++++- .../data/pattern-docs/ghec/public-docs.yml | 32 ++++++++++++++++++- 2 files changed, 62 insertions(+), 2 deletions(-) diff --git a/src/secret-scanning/data/pattern-docs/fpt/public-docs.yml b/src/secret-scanning/data/pattern-docs/fpt/public-docs.yml index 6f52f9c4f55b..0aff6b371184 100644 --- a/src/secret-scanning/data/pattern-docs/fpt/public-docs.yml +++ b/src/secret-scanning/data/pattern-docs/fpt/public-docs.yml @@ -2066,7 +2066,7 @@ supportedSecret: Figma SCIM API Token secretType: figma_scim_token isPublic: true - isPrivateWithGhas: false + isPrivateWithGhas: true hasPushProtection: false hasValidityCheck: false hasExtendedMetadata: false @@ -2092,6 +2092,16 @@ hasExtendedMetadata: false base64Supported: false isduplicate: false +- provider: Flickr + supportedSecret: Flickr API Key + secretType: flickr_api_key + isPublic: false + isPrivateWithGhas: true + hasPushProtection: false + hasValidityCheck: false + hasExtendedMetadata: false + base64Supported: false + isduplicate: false - provider: Flutterwave supportedSecret: Flutterwave Live API Secret Key secretType: flutterwave_live_api_secret_key @@ -2706,6 +2716,26 @@ hasExtendedMetadata: false base64Supported: false isduplicate: false +- provider: Langchain + supportedSecret: LangSmith License Key + secretType: langsmith_license_key + isPublic: false + isPrivateWithGhas: true + hasPushProtection: false + hasValidityCheck: false + hasExtendedMetadata: false + base64Supported: false + isduplicate: false +- provider: Langchain + supportedSecret: LangSmith SCIM Bearer Token + secretType: langsmith_scim_bearer_token + isPublic: false + isPrivateWithGhas: true + hasPushProtection: false + hasValidityCheck: false + hasExtendedMetadata: false + base64Supported: false + isduplicate: false - provider: Lark supportedSecret: Lark APaaS Client Secret secretType: lark_apaas_client_id,
lark_apaas_client_secret diff --git a/src/secret-scanning/data/pattern-docs/ghec/public-docs.yml b/src/secret-scanning/data/pattern-docs/ghec/public-docs.yml index 6f52f9c4f55b..0aff6b371184 100644 --- a/src/secret-scanning/data/pattern-docs/ghec/public-docs.yml +++ b/src/secret-scanning/data/pattern-docs/ghec/public-docs.yml @@ -2066,7 +2066,7 @@ supportedSecret: Figma SCIM API Token secretType: figma_scim_token isPublic: true - isPrivateWithGhas: false + isPrivateWithGhas: true hasPushProtection: false hasValidityCheck: false hasExtendedMetadata: false @@ -2092,6 +2092,16 @@ hasExtendedMetadata: false base64Supported: false isduplicate: false +- provider: Flickr + supportedSecret: Flickr API Key + secretType: flickr_api_key + isPublic: false + isPrivateWithGhas: true + hasPushProtection: false + hasValidityCheck: false + hasExtendedMetadata: false + base64Supported: false + isduplicate: false - provider: Flutterwave supportedSecret: Flutterwave Live API Secret Key secretType: flutterwave_live_api_secret_key @@ -2706,6 +2716,26 @@ hasExtendedMetadata: false base64Supported: false isduplicate: false +- provider: Langchain + supportedSecret: LangSmith License Key + secretType: langsmith_license_key + isPublic: false + isPrivateWithGhas: true + hasPushProtection: false + hasValidityCheck: false + hasExtendedMetadata: false + base64Supported: false + isduplicate: false +- provider: Langchain + supportedSecret: LangSmith SCIM Bearer Token + secretType: langsmith_scim_bearer_token + isPublic: false + isPrivateWithGhas: true + hasPushProtection: false + hasValidityCheck: false + hasExtendedMetadata: false + base64Supported: false + isduplicate: false - provider: Lark supportedSecret: Lark APaaS Client Secret secretType: lark_apaas_client_id,
lark_apaas_client_secret From 39d0b77ec89805042e1c030b6853d7b3e047d333 Mon Sep 17 00:00:00 2001 From: mc <42146119+mchammer01@users.noreply.github.com> Date: Tue, 10 Mar 2026 07:33:45 +0000 Subject: [PATCH 03/20] [EDI] Enabling delegated bypass for push protection (#60089) Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com> --- ...creating-a-custom-security-configuration.md | 2 +- ...ing-delegated-bypass-for-push-protection.md | 18 ++++++------------ 2 files changed, 7 insertions(+), 13 deletions(-) diff --git a/content/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/creating-a-custom-security-configuration.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/creating-a-custom-security-configuration.md index 046809b1dde6..afc7a4451487 100644 --- a/content/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/creating-a-custom-security-configuration.md +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/creating-a-custom-security-configuration.md @@ -142,7 +142,7 @@ With {% data variables.product.prodname_custom_security_configurations %}, you c * Non-provider patterns. To learn more about scanning for non-provider patterns, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#non-provider-patterns) and [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts).{% endif %} * Push protection. To learn about push protection, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection). {% ifversion push-protection-delegated-bypass-configurations %} -1. Optionally, under "Push protection", choose whether you want to assign bypass privileges to selected actors in your organization. By assigning bypass privileges, selected organization members can bypass push protection, and there is a review and approval process for all other contributors. For further guidance on how to configure this setting, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#configuring-delegated-bypass-for-an-organization). +1. Optionally, under "Push protection", choose whether you want to assign bypass privileges to selected actors in your organization. By assigning bypass privileges, selected organization members can bypass push protection, and there is a review and approval process for all other contributors. For further guidance on how to configure this setting, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#enabling-delegated-bypass-for-an-organization). {% endif %} 1. Optionally, in the "Policy" section, you can choose to automatically apply the {% data variables.product.prodname_security_configuration %} to newly created repositories depending on their visibility. Select the **None** {% octicon "triangle-down" aria-hidden="true" aria-label="triangle-down" %} dropdown menu, then click **Public**, or **Private and internal**, or **All repositories**. diff --git a/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/enabling-delegated-bypass-for-push-protection.md b/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/enabling-delegated-bypass-for-push-protection.md index 1dffc63abd78..c8c4b507010b 100644 --- a/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/enabling-delegated-bypass-for-push-protection.md +++ b/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/enabling-delegated-bypass-for-push-protection.md @@ -1,6 +1,6 @@ --- title: Enabling delegated bypass for push protection -intro: You can use delegated bypass for your organization or repository to control who can push commits that contain secrets identified by {% data variables.product.prodname_secret_scanning %}. +intro: Control who can push code containing secrets by requiring bypass approval from designated reviewers. permissions: '{% data reusables.permissions.delegated-bypass %}' versions: fpt: '*' @@ -17,19 +17,13 @@ redirect_from: - /code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection --- -## About enabling delegated bypass for push protection - {% data reusables.secret-scanning.push-protection-delegate-bypass-beta-note %} -{% data reusables.secret-scanning.push-protection-delegated-bypass-intro %} - -For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection). - -When you enable this feature, you will create a bypass list of roles and teams who can manage requests to bypass push protection. If you don't already have appropriate teams or roles to use, you should create additional teams before you start. +Delegated bypass for push protection lets you define who can push commits containing secrets and adds an approval process for other contributors. See [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection). -{% ifversion push-protection-bypass-fine-grained-permissions %}Alternatively, you can grant specific organization members the ability to review and manage bypass requests using fine-grained permissions, which give you more refined control over which individuals and teams can approve and deny bypass requests. For more information, see [Using fine-grained permissions to control who can review and manage bypass requests](#using-fine-grained-permissions-to-control-who-can-review-and-manage-bypass-requests).{% endif %} +To enable delegated bypass, create the teams or roles that will manage bypass requests.{% ifversion push-protection-bypass-fine-grained-permissions %} Alternatively, use fine-grained permissions for more granular control. See [Using fine-grained permissions to control who can review and manage bypass requests](#using-fine-grained-permissions-to-control-who-can-review-and-manage-bypass-requests).{% endif %} -## Configuring delegated bypass for a repository +## Enabling delegated bypass for a repository >[!NOTE] If an organization owner configures delegated bypass at the organization-level, the repository-level settings are disabled. @@ -48,7 +42,7 @@ When you enable this feature, you will create a bypass list of roles and teams w 1. In the dialog box, select the roles and teams that you want to add to the bypass list, then click **Add selected**. -## Configuring delegated bypass for an organization +## Enabling delegated bypass for an organization {% ifversion push-protection-delegated-bypass-configurations %} @@ -125,7 +119,7 @@ When you apply the configuration, delegated bypass settings are enforced for the You can grant specific individuals or teams in your organization the ability to review and manage bypass requests using fine-grained permissions. -1. Ensure that delegated bypass is enabled for the organization. For more information, follow steps 1-3 in [Configuring delegated bypass for your organization](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#configuring-delegated-bypass-for-an-organization) and ensure you have saved and applied the security configuration to your selected repositories. +1. Ensure that delegated bypass is enabled for the organization. For more information, follow steps 1-3 in [Enabling delegated bypass for your organization](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#enabling-delegated-bypass-for-an-organization) and ensure you have saved and applied the security configuration to your selected repositories. 1. Create (or edit) a custom organization role. For information on creating and editing custom roles, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-organization-roles#creating-a-custom-role). 1. When choosing which permissions to add to the custom role, select the "Review and manage {% data variables.product.prodname_secret_scanning %} bypass requests" permission. 1. Assign the custom role to individual members or teams in your organization. For more information on assigning custom roles, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/using-organization-roles#assigning-an-organization-role). From f8b6f071647eef2ad52528b6b7827690796e0cab Mon Sep 17 00:00:00 2001 From: mc <42146119+mchammer01@users.noreply.github.com> Date: Tue, 10 Mar 2026 08:21:55 +0000 Subject: [PATCH 04/20] [EDI] Reviewing requests to bypass push protection (#60091) --- .../reviewing-requests-to-bypass-push-protection.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/reviewing-requests-to-bypass-push-protection.md b/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/reviewing-requests-to-bypass-push-protection.md index 616e6bc857f8..8c5f4b56ad5e 100644 --- a/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/reviewing-requests-to-bypass-push-protection.md +++ b/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/reviewing-requests-to-bypass-push-protection.md @@ -1,7 +1,7 @@ --- title: Reviewing requests to bypass push protection shortTitle: Review bypass requests -intro: You can use security overview to review requests to bypass push protection from contributors pushing to repositories across your organization. +intro: Approve or deny requests from contributors who need to push commits containing secrets to your organization's repositories. permissions: '{% data reusables.permissions.security-overview %}' product: '{% data reusables.gated-features.security-overview-fpt-sp-only %}' contentType: how-tos @@ -18,13 +18,11 @@ redirect_from: - /code-security/security-overview/reviewing-requests-to-bypass-push-protection --- -## About bypass requests +## Prerequisites -If your organization has configured delegated bypass for push protection, a designated team of reviewers controls which organization members can push secrets to repositories in your organization, and which members must first make a "bypass request" in order to push the secret. +Before you can review bypass requests, delegated bypass must be enabled for your organization or repositories. See [AUTOTITLE](/code-security/how-tos/secure-your-secrets/manage-bypass-requests/enabling-delegated-bypass-for-push-protection). -On the "Push protection bypass" page in security overview, reviewers can find, review (approve or deny) and manage these requests. - -For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection). +You can review and manage these requests in security overview. ## Reviewing bypass requests for an organization From 8ac7cd9bf7e4c4ce901d34d5f9b653169bde69cd Mon Sep 17 00:00:00 2001 From: Sophie <29382425+sophietheking@users.noreply.github.com> Date: Tue, 10 Mar 2026 10:16:47 +0100 Subject: [PATCH 05/20] Add "Example schema for Copilot usage metrics" reference article (#60057) Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com> --- .../concepts/copilot-usage-metrics/index.md | 1 + .../copilot-usage-metrics.md | 4 +- .../copilot-usage-metrics/example-schema.md | 248 ++++++++++++++++++ .../reference/copilot-usage-metrics/index.md | 1 + 4 files changed, 253 insertions(+), 1 deletion(-) create mode 100644 content/copilot/reference/copilot-usage-metrics/example-schema.md diff --git a/content/copilot/concepts/copilot-usage-metrics/index.md b/content/copilot/concepts/copilot-usage-metrics/index.md index 4a3ec95aa3ad..702c4a413658 100644 --- a/content/copilot/concepts/copilot-usage-metrics/index.md +++ b/content/copilot/concepts/copilot-usage-metrics/index.md @@ -19,6 +19,7 @@ children: - /content/copilot/reference/copilot-usage-metrics/lines-of-code-metrics - /content/copilot/tutorials/roll-out-at-scale/measure-success - /content/copilot/tutorials/roll-out-at-scale/assign-licenses/track-usage-and-adoption + - /content/copilot/reference/copilot-usage-metrics/example-schema includedCategories: - Get started with metrics - Understand metrics diff --git a/content/copilot/reference/copilot-usage-metrics/copilot-usage-metrics.md b/content/copilot/reference/copilot-usage-metrics/copilot-usage-metrics.md index fce6ecf89672..4c829b5b2949 100644 --- a/content/copilot/reference/copilot-usage-metrics/copilot-usage-metrics.md +++ b/content/copilot/reference/copilot-usage-metrics/copilot-usage-metrics.md @@ -64,6 +64,8 @@ These metrics appear in the code generation dashboard and provide a breakdown of These fields appear in the exported NDJSON reports and in the {% data variables.product.prodname_copilot_short %} usage metrics APIs. They provide daily records at the enterprise, organization, or user scope, depending on the metric. +For example schemas of the data returned by the APIs, see [AUTOTITLE](/copilot/reference/copilot-usage-metrics/example-schema). + | Field | Description | |:--|:--| | `agent_edit` | Captures lines added and deleted when {% data variables.product.prodname_copilot_short %} (in agent and edit mode) writes changes directly into your files in the IDE. `agent_edit` is not included in suggestion-based metrics and may not populate suggestion-style fields (for example, `user_initiated_interaction_count`). Counts edits from custom agents as well. | @@ -98,7 +100,7 @@ These fields appear in the exported NDJSON reports and in the {% data variables. ### {% data variables.copilot.copilot_cli_short %} metrics fields (API only) -The `totals_by_cli` object contains the following nested fields when CLI usage is present. These metrics are currently only available in the enterprise-level and user-level reports. +The `totals_by_cli` object contains the following nested fields when CLI usage is present. These metrics are currently only available in the enterprise-level and user-level reports. | Field | Description | |:--|:--| diff --git a/content/copilot/reference/copilot-usage-metrics/example-schema.md b/content/copilot/reference/copilot-usage-metrics/example-schema.md new file mode 100644 index 000000000000..95b4cb8bd426 --- /dev/null +++ b/content/copilot/reference/copilot-usage-metrics/example-schema.md @@ -0,0 +1,248 @@ +--- +title: Example schema for Copilot usage metrics +shortTitle: Example schema +intro: See an example schema of the data returned by the {% data variables.product.prodname_copilot_short %} usage metrics API. +permissions: '{% data reusables.copilot.usage-metrics-permissions %}' +versions: + feature: copilot +contentType: reference +category: + - Copilot usage metrics + - Understand available data + - Track Copilot usage +allowTitleToDifferFromFilename: true +--- + +The following are example schemas for the user-level and enterprise-level data returned by the {% data variables.product.prodname_copilot_short %} usage metrics endpoints. The actual data returned may vary based on the specific metrics being tracked and the level of aggregation. You can use these examples as a reference for understanding the structure of the data and how to interpret the various fields and metrics included in the API response. + +## User-level schema example + +```json copy +[{ + "code_acceptance_activity_count": 1, + "code_generation_activity_count": 1, + "day": "2025-10-01", + "enterprise_id": "1", + "loc_added_sum": 8, + "loc_deleted_sum": 0, + "loc_suggested_to_add_sum": 10, + "loc_suggested_to_delete_sum": 0, + "totals_by_cli": { + "last_known_cli_version": { + "cli_version": "1.0.8", + "sampled_at": "2025-10-01T00:01:43.000Z" + }, + "prompt_count": 2, + "request_count": 2, + "session_count": 2, + "token_usage": { + "avg_tokens_per_request": 4400.0, + "output_tokens_sum": 5000, + "prompt_tokens_sum": 3800 + } + }, + "totals_by_feature": [{ + "code_acceptance_activity_count": 1, + "code_generation_activity_count": 1, + "feature": "code_completion", + "loc_added_sum": 8, + "loc_deleted_sum": 0, + "loc_suggested_to_add_sum": 10, + "loc_suggested_to_delete_sum": 0, + "user_initiated_interaction_count": 0 + }], + "totals_by_ide": [{ + "code_acceptance_activity_count": 1, + "code_generation_activity_count": 1, + "ide": "vscode", + "last_known_ide_version": { + "ide_version": "1.85.0", + "sampled_at": "2025-10-01T00:00:02.000Z" + }, + "last_known_plugin_version": { + "plugin": "", + "plugin_version": "", + "sampled_at": "2025-10-01T00:00:02.000Z" + }, + "loc_added_sum": 8, + "loc_deleted_sum": 0, + "loc_suggested_to_add_sum": 10, + "loc_suggested_to_delete_sum": 0, + "user_initiated_interaction_count": 0 + }], + "totals_by_language_feature": [{ + "code_acceptance_activity_count": 1, + "code_generation_activity_count": 1, + "feature": "code_completion", + "language": "unknown", + "loc_added_sum": 8, + "loc_deleted_sum": 0, + "loc_suggested_to_add_sum": 10, + "loc_suggested_to_delete_sum": 0 + }], + "totals_by_language_model": [], + "totals_by_model_feature": [], + "used_agent": false, + "used_chat": false, + "used_cli": true, + "user_id": 1, + "user_login": "login1", + "user_initiated_interaction_count": 0, + "etl_id": "green", + "day_partition": "2025-10-01", + "entity_id_partition": 1 +}] +``` + +## Enterprise-level schema example + +```json copy +[ { + "day_totals" : [ { + "code_acceptance_activity_count" : 2, + "code_generation_activity_count" : 2, + "daily_active_cli_users" : 2, + "daily_active_users" : 2, + "day" : "2025-10-01", + "enterprise_id" : "1", + "loc_added_sum" : 30, + "loc_deleted_sum" : 0, + "loc_suggested_to_add_sum" : 35, + "loc_suggested_to_delete_sum" : 0, + "monthly_active_agent_users" : 0, + "monthly_active_chat_users" : 0, + "monthly_active_users" : 2, + "pull_requests" : { + "median_minutes_to_merge" : 2.5, + "median_minutes_to_merge_copilot_authored" : 2.5, + "total_applied_suggestions" : 1, + "total_copilot_applied_suggestions" : 1, + "total_copilot_suggestions" : 1, + "total_created" : 2, + "total_created_by_copilot" : 1, + "total_merged" : 2, + "total_merged_created_by_copilot" : 1, + "total_reviewed" : 1, + "total_reviewed_by_copilot" : 1, + "total_suggestions" : 1 + }, + "totals_by_cli" : { + "prompt_count" : 3, + "request_count" : 3, + "session_count" : 3, + "token_usage" : { + "avg_tokens_per_request" : 4100.0, + "output_tokens_sum" : 7000, + "prompt_tokens_sum" : 5300 + } + }, + "totals_by_feature" : [ { + "code_acceptance_activity_count" : 2, + "code_generation_activity_count" : 2, + "feature" : "code_completion", + "loc_added_sum" : 30, + "loc_deleted_sum" : 0, + "loc_suggested_to_add_sum" : 35, + "loc_suggested_to_delete_sum" : 0, + "user_initiated_interaction_count" : 0 + } ], + "totals_by_ide" : [ { + "code_acceptance_activity_count" : 2, + "code_generation_activity_count" : 2, + "ide" : "vscode", + "loc_added_sum" : 30, + "loc_deleted_sum" : 0, + "loc_suggested_to_add_sum" : 35, + "loc_suggested_to_delete_sum" : 0, + "user_initiated_interaction_count" : 0 + } ], + "totals_by_language_feature" : [ { + "code_acceptance_activity_count" : 2, + "code_generation_activity_count" : 2, + "feature" : "code_completion", + "language" : "unknown", + "loc_added_sum" : 30, + "loc_deleted_sum" : 0, + "loc_suggested_to_add_sum" : 35, + "loc_suggested_to_delete_sum" : 0 + } ], + "totals_by_language_model" : [ ], + "totals_by_model_feature" : [ ], + "user_initiated_interaction_count" : 0, + "weekly_active_users" : 2 + } ], + "enterprise_id" : "1", + "report_end_day" : "2025-10-01", + "report_start_day" : "2025-09-04", + "etl_id" : "green", + "day_partition" : "2025-10-01", + "entity_id_partition" : 1 +}, { + "day_totals" : [ { + "code_acceptance_activity_count" : 1, + "code_generation_activity_count" : 2, + "daily_active_users" : 2, + "day" : "2025-10-01", + "enterprise_id" : "2", + "loc_added_sum" : 38, + "loc_deleted_sum" : 0, + "loc_suggested_to_add_sum" : 40, + "loc_suggested_to_delete_sum" : 0, + "monthly_active_agent_users" : 0, + "monthly_active_chat_users" : 0, + "monthly_active_users" : 2, + "pull_requests" : { + "total_applied_suggestions" : 0, + "total_copilot_applied_suggestions" : 0, + "total_copilot_suggestions" : 0, + "total_created" : 1, + "total_created_by_copilot" : 0, + "total_merged" : 0, + "total_merged_created_by_copilot" : 0, + "total_reviewed" : 1, + "total_reviewed_by_copilot" : 0, + "total_suggestions" : 1 + }, + "totals_by_feature" : [ { + "code_acceptance_activity_count" : 1, + "code_generation_activity_count" : 2, + "feature" : "code_completion", + "loc_added_sum" : 38, + "loc_deleted_sum" : 0, + "loc_suggested_to_add_sum" : 40, + "loc_suggested_to_delete_sum" : 0, + "user_initiated_interaction_count" : 0 + } ], + "totals_by_ide" : [ { + "code_acceptance_activity_count" : 1, + "code_generation_activity_count" : 2, + "ide" : "vscode", + "loc_added_sum" : 38, + "loc_deleted_sum" : 0, + "loc_suggested_to_add_sum" : 40, + "loc_suggested_to_delete_sum" : 0, + "user_initiated_interaction_count" : 0 + } ], + "totals_by_language_feature" : [ { + "code_acceptance_activity_count" : 1, + "code_generation_activity_count" : 2, + "feature" : "code_completion", + "language" : "unknown", + "loc_added_sum" : 38, + "loc_deleted_sum" : 0, + "loc_suggested_to_add_sum" : 40, + "loc_suggested_to_delete_sum" : 0 + } ], + "totals_by_language_model" : [ ], + "totals_by_model_feature" : [ ], + "user_initiated_interaction_count" : 0, + "weekly_active_users" : 2 + } ], + "enterprise_id" : "2", + "report_end_day" : "2025-10-01", + "report_start_day" : "2025-09-04", + "etl_id" : "green", + "day_partition" : "2025-10-01", + "entity_id_partition" : 2 +} ] +``` diff --git a/content/copilot/reference/copilot-usage-metrics/index.md b/content/copilot/reference/copilot-usage-metrics/index.md index bd703828b742..4b5786ee2bdf 100644 --- a/content/copilot/reference/copilot-usage-metrics/index.md +++ b/content/copilot/reference/copilot-usage-metrics/index.md @@ -9,4 +9,5 @@ children: - /interpret-copilot-metrics - /reconciling-usage-metrics - /lines-of-code-metrics + - /example-schema --- From 582d431f6a803f8703c3bfa82cd88cb01f5de50f Mon Sep 17 00:00:00 2001 From: docs-bot <77750099+docs-bot@users.noreply.github.com> Date: Tue, 10 Mar 2026 03:50:58 -0700 Subject: [PATCH 06/20] Delete orphaned files (2026-03-09-16-39) (#60104) --- data/reusables/cli/preview-note-cli-body.md | 1 - .../supported-package-ecosystems.md | 51 ------------------- .../repository-security-advisory-evaluate.md | 3 -- ...rivate-vulnerability-reporting-disabled.md | 2 - .../delegated-alert-dismissal-intro.md | 13 ----- 5 files changed, 70 deletions(-) delete mode 100644 data/reusables/cli/preview-note-cli-body.md delete mode 100644 data/reusables/dependency-graph/supported-package-ecosystems.md delete mode 100644 data/reusables/permissions/repository-security-advisory-evaluate.md delete mode 100644 data/reusables/security-advisory/private-vulnerability-reporting-disabled.md delete mode 100644 data/reusables/security/delegated-alert-dismissal-intro.md diff --git a/data/reusables/cli/preview-note-cli-body.md b/data/reusables/cli/preview-note-cli-body.md deleted file mode 100644 index 7afa16d21ed5..000000000000 --- a/data/reusables/cli/preview-note-cli-body.md +++ /dev/null @@ -1 +0,0 @@ -{% data variables.copilot.copilot_cli %} is in {% data variables.release-phases.public_preview_dpa %} and subject to change. diff --git a/data/reusables/dependency-graph/supported-package-ecosystems.md b/data/reusables/dependency-graph/supported-package-ecosystems.md deleted file mode 100644 index faba07342cea..000000000000 --- a/data/reusables/dependency-graph/supported-package-ecosystems.md +++ /dev/null @@ -1,51 +0,0 @@ -| Package manager | Languages | Static transitive dependencies | Automatic dependency submission | Recommended files | Additional files | -| --- | --- | --- | --- | --- | ---| -| {% ifversion dependabot-bazel-support %} | -| Bazel | Starlark | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `MODULE.bazel`, `WORKSPACE` | `MODULE.bazel.lock`, `maven_install.json`, `*.MODULE.bazel` | -| {% endif %} | -| Cargo | Rust | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `Cargo.lock` | `Cargo.toml` | -| Composer | PHP | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `composer.lock` | `composer.json` | -| NuGet | .NET languages (C#, F#, VB), C++ | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | `.csproj`, `.vbproj`, `.nuspec`, `.vcxproj`, `.fsproj` | `packages.config` | -| {% data variables.product.prodname_actions %} workflows | YAML | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `.yml`, `.yaml` | {% octicon "x" aria-label="None" %} | -| Go modules | Go | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `go.mod`| {% octicon "x" aria-label="None" %} | -| Gradle | Java | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="None" %} | {% octicon "x" aria-label="None" %} | -| {% ifversion dependabot-julia-support %} | -| Julia | Julia | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `Manifest.toml` | `Project.toml` | -| {% endif %} | -| Maven | Java, Scala | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | `pom.xml` | {% octicon "x" aria-label="None" %} | -| npm | JavaScript | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | `package-lock.json` | `package.json`| -| {% ifversion dependabot-opentofu-support %} | -| OpenTofu | HCL | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `.terraform.lock.hcl` | `.tf`, `.tofu` | -| {% endif %} | -| pip | Python | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | `requirements.txt`, `pipfile.lock` | `pipfile`, `setup.py` | -| pnpm | JavaScript | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | `pnpm-lock.yaml` | `package.json` | -| pub | Dart | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `pubspec.lock` | `pubspec.yaml` | -| Poetry | Python | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `poetry.lock` | `pyproject.toml` | -| RubyGems | Ruby | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `Gemfile.lock` | `Gemfile`, `*.gemspec` | -| Swift Package Manager | Swift | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `Package.resolved` | {% octicon "x" aria-label="None" %} | -| Yarn | JavaScript | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | `yarn.lock` | `package.json` | - -> [!NOTE]{% ifversion transitive-dependency-labeling-npm %} -> -> * The **Static transitive dependencies** column indicates whether static analysis will add `direct` and `transitive` labels for dependent packages in that ecosystem. Dependency submission actions (automatic or manually configured) can add transitive information for ecosystems where static analysis cannot. {% endif %} -> * If you list your Python dependencies within a `setup.py` file, we may not be able to parse and list every dependency in your project. -> * {% data variables.product.prodname_actions %} workflows must be located in the `.github/workflows/` directory of a repository to be recognized as manifests. Any actions or workflows referenced using the syntax `jobs[*].steps[*].uses` or `jobs..uses` will be parsed as dependencies. For more information, see [AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions). -> * {% data reusables.dependabot.dependabot-alert-actions-semver %} For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts) and [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates). - -{% ifversion dependabot-community-ecosystems %} - -### Community-maintained ecosystems - -{% data reusables.dependabot.community-maintained-intro %} - -| Ecosystem | Maintained by | -| --- | --- | -| {% ifversion dependabot-julia-support %} | -| Julia | Julia community | -| {% endif %} | -| {% ifversion dependabot-opentofu-support %} | -| OpenTofu | OpenTofu community | -| {% endif %} | -| pub | Dart community | - -{% endif %} diff --git a/data/reusables/permissions/repository-security-advisory-evaluate.md b/data/reusables/permissions/repository-security-advisory-evaluate.md deleted file mode 100644 index d1d1a935309b..000000000000 --- a/data/reusables/permissions/repository-security-advisory-evaluate.md +++ /dev/null @@ -1,3 +0,0 @@ -**Anyone** can: - * View a public repository's security settings. - * Contact the repository maintainers regarding a security issue. diff --git a/data/reusables/security-advisory/private-vulnerability-reporting-disabled.md b/data/reusables/security-advisory/private-vulnerability-reporting-disabled.md deleted file mode 100644 index d8b3775cc185..000000000000 --- a/data/reusables/security-advisory/private-vulnerability-reporting-disabled.md +++ /dev/null @@ -1,2 +0,0 @@ -> [!NOTE] -> If the repository doesn't have private vulnerability reporting enabled, you need to initiate the reporting process by following the instructions in the security policy for the repository, or create an issue asking the maintainers for a preferred security contact. For more information, see [AUTOTITLE](/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/about-coordinated-disclosure-of-security-vulnerabilities#about-reporting-and-disclosing-vulnerabilities-in-projects-on-github). diff --git a/data/reusables/security/delegated-alert-dismissal-intro.md b/data/reusables/security/delegated-alert-dismissal-intro.md deleted file mode 100644 index 257d6b93e895..000000000000 --- a/data/reusables/security/delegated-alert-dismissal-intro.md +++ /dev/null @@ -1,13 +0,0 @@ -Delegated alert dismissal lets you restrict which users can directly dismiss an alert. When the feature is enabled: -* Users with write access to a repository must request to dismiss alerts in that repository. -* Organization owners and security managers can approve or deny dismissal requests, as well as dismiss alerts directly themselves. - -You can also use custom roles with the following permissions to let other team members manage requests and dismiss alerts directly: - -* For {% data variables.product.prodname_code_scanning %}: "Review {% data variables.product.prodname_code_scanning %} alert dismissal requests" and "Bypass {% data variables.product.prodname_code_scanning %} alert dismissal requests" -* For {% data variables.product.prodname_secret_scanning %}: "Review and manage {% data variables.product.prodname_secret_scanning %} alert dismissal requests" -* For {% data variables.product.prodname_dependabot %}: "Review {% data variables.product.prodname_dependabot %} alert dismissal requests" and "Bypass {% data variables.product.prodname_dependabot %} alert dismissal requests" - -Reviewers are notified of dismissal requests via email, and can either approve the request to dismiss the alert, or deny the request to leave the alert open. After a request is reviewed, the requester is notified of the outcome via email. - ->[!NOTE] The implementation of this approval process can potentially cause some friction, so it's important to ensure that the team of security managers has adequate coverage to review dismissal requests regularly before proceeding. From ab2f4f2a524f3a2f93a0626e0566efda3f90afe6 Mon Sep 17 00:00:00 2001 From: docs-bot <77750099+docs-bot@users.noreply.github.com> Date: Tue, 10 Mar 2026 04:55:22 -0700 Subject: [PATCH 07/20] Delete orphaned features (2026-03-09-16-41) (#60108) --- data/features/code-search-code-view.yml | 6 ------ 1 file changed, 6 deletions(-) delete mode 100644 data/features/code-search-code-view.yml diff --git a/data/features/code-search-code-view.yml b/data/features/code-search-code-view.yml deleted file mode 100644 index 2f7d7c4f9b7c..000000000000 --- a/data/features/code-search-code-view.yml +++ /dev/null @@ -1,6 +0,0 @@ -# Reference: #6672 -# Documentation for GitHub Code Search limited public beta -# Now in public beta, see CD plan for #9287 -versions: - fpt: '*' - ghec: '*' From 0c6cc0b42eb2ad8292993f67e65131c291a0dc9e Mon Sep 17 00:00:00 2001 From: docs-bot <77750099+docs-bot@users.noreply.github.com> Date: Tue, 10 Mar 2026 04:58:03 -0700 Subject: [PATCH 08/20] Update audit log event data (#60106) Co-authored-by: Felix Guntrip --- src/audit-logs/data/fpt/organization.json | 10 +++++----- src/audit-logs/data/ghec/enterprise.json | 10 +++++----- src/audit-logs/data/ghec/organization.json | 10 +++++----- src/audit-logs/data/ghes-3.14/organization.json | 10 +++++----- src/audit-logs/data/ghes-3.15/organization.json | 10 +++++----- src/audit-logs/data/ghes-3.16/organization.json | 10 +++++----- src/audit-logs/data/ghes-3.17/organization.json | 10 +++++----- src/audit-logs/data/ghes-3.18/organization.json | 10 +++++----- src/audit-logs/data/ghes-3.19/organization.json | 10 +++++----- src/audit-logs/data/ghes-3.20/organization.json | 10 +++++----- src/audit-logs/lib/config.json | 2 +- 11 files changed, 51 insertions(+), 51 deletions(-) diff --git a/src/audit-logs/data/fpt/organization.json b/src/audit-logs/data/fpt/organization.json index 05ead0d39103..a04fa9eda168 100644 --- a/src/audit-logs/data/fpt/organization.json +++ b/src/audit-logs/data/fpt/organization.json @@ -13484,7 +13484,7 @@ "operation_type", "actor_is_bot" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.create", @@ -13521,7 +13521,7 @@ "operation_type", "actor_is_bot" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.destroy", @@ -13557,7 +13557,7 @@ "created_at", "operation_type" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.revoke", @@ -13591,7 +13591,7 @@ "created_at", "operation_type" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.update", @@ -13630,7 +13630,7 @@ "actor_is_bot", "old_base_role" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_wide_project_base_role.update", diff --git a/src/audit-logs/data/ghec/enterprise.json b/src/audit-logs/data/ghec/enterprise.json index 53ef131d4913..25bc7132b688 100644 --- a/src/audit-logs/data/ghec/enterprise.json +++ b/src/audit-logs/data/ghec/enterprise.json @@ -18836,7 +18836,7 @@ "operation_type", "actor_is_bot" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.create", @@ -18873,7 +18873,7 @@ "operation_type", "actor_is_bot" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.destroy", @@ -18909,7 +18909,7 @@ "created_at", "operation_type" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.revoke", @@ -18943,7 +18943,7 @@ "created_at", "operation_type" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.update", @@ -18982,7 +18982,7 @@ "actor_is_bot", "old_base_role" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_wide_project_base_role.update", diff --git a/src/audit-logs/data/ghec/organization.json b/src/audit-logs/data/ghec/organization.json index 05ead0d39103..a04fa9eda168 100644 --- a/src/audit-logs/data/ghec/organization.json +++ b/src/audit-logs/data/ghec/organization.json @@ -13484,7 +13484,7 @@ "operation_type", "actor_is_bot" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.create", @@ -13521,7 +13521,7 @@ "operation_type", "actor_is_bot" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.destroy", @@ -13557,7 +13557,7 @@ "created_at", "operation_type" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.revoke", @@ -13591,7 +13591,7 @@ "created_at", "operation_type" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.update", @@ -13630,7 +13630,7 @@ "actor_is_bot", "old_base_role" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_wide_project_base_role.update", diff --git a/src/audit-logs/data/ghes-3.14/organization.json b/src/audit-logs/data/ghes-3.14/organization.json index 489dcc450f7f..e9ef1d885c72 100644 --- a/src/audit-logs/data/ghes-3.14/organization.json +++ b/src/audit-logs/data/ghes-3.14/organization.json @@ -11631,7 +11631,7 @@ "operation_type", "actor_is_bot" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.create", @@ -11668,7 +11668,7 @@ "operation_type", "actor_is_bot" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.destroy", @@ -11704,7 +11704,7 @@ "created_at", "operation_type" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.revoke", @@ -11738,7 +11738,7 @@ "created_at", "operation_type" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.update", @@ -11777,7 +11777,7 @@ "actor_is_bot", "old_base_role" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "packages.package_deleted", diff --git a/src/audit-logs/data/ghes-3.15/organization.json b/src/audit-logs/data/ghes-3.15/organization.json index d9be92aea738..aa68d362f1bf 100644 --- a/src/audit-logs/data/ghes-3.15/organization.json +++ b/src/audit-logs/data/ghes-3.15/organization.json @@ -11804,7 +11804,7 @@ "operation_type", "actor_is_bot" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.create", @@ -11841,7 +11841,7 @@ "operation_type", "actor_is_bot" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.destroy", @@ -11877,7 +11877,7 @@ "created_at", "operation_type" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.revoke", @@ -11911,7 +11911,7 @@ "created_at", "operation_type" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.update", @@ -11950,7 +11950,7 @@ "actor_is_bot", "old_base_role" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "packages.package_deleted", diff --git a/src/audit-logs/data/ghes-3.16/organization.json b/src/audit-logs/data/ghes-3.16/organization.json index 7c945881903c..3b403bd3b95e 100644 --- a/src/audit-logs/data/ghes-3.16/organization.json +++ b/src/audit-logs/data/ghes-3.16/organization.json @@ -12106,7 +12106,7 @@ "operation_type", "actor_is_bot" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.create", @@ -12143,7 +12143,7 @@ "operation_type", "actor_is_bot" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.destroy", @@ -12179,7 +12179,7 @@ "created_at", "operation_type" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.revoke", @@ -12213,7 +12213,7 @@ "created_at", "operation_type" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.update", @@ -12252,7 +12252,7 @@ "actor_is_bot", "old_base_role" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_wide_project_base_role.update", diff --git a/src/audit-logs/data/ghes-3.17/organization.json b/src/audit-logs/data/ghes-3.17/organization.json index 579c2327cfb1..46000a2a87d0 100644 --- a/src/audit-logs/data/ghes-3.17/organization.json +++ b/src/audit-logs/data/ghes-3.17/organization.json @@ -12408,7 +12408,7 @@ "operation_type", "actor_is_bot" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.create", @@ -12445,7 +12445,7 @@ "operation_type", "actor_is_bot" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.destroy", @@ -12481,7 +12481,7 @@ "created_at", "operation_type" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.revoke", @@ -12515,7 +12515,7 @@ "created_at", "operation_type" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.update", @@ -12554,7 +12554,7 @@ "actor_is_bot", "old_base_role" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_wide_project_base_role.update", diff --git a/src/audit-logs/data/ghes-3.18/organization.json b/src/audit-logs/data/ghes-3.18/organization.json index 3d8cd114ddae..6374bf9e95ba 100644 --- a/src/audit-logs/data/ghes-3.18/organization.json +++ b/src/audit-logs/data/ghes-3.18/organization.json @@ -12688,7 +12688,7 @@ "operation_type", "actor_is_bot" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.create", @@ -12725,7 +12725,7 @@ "operation_type", "actor_is_bot" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.destroy", @@ -12761,7 +12761,7 @@ "created_at", "operation_type" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.revoke", @@ -12795,7 +12795,7 @@ "created_at", "operation_type" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.update", @@ -12834,7 +12834,7 @@ "actor_is_bot", "old_base_role" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_wide_project_base_role.update", diff --git a/src/audit-logs/data/ghes-3.19/organization.json b/src/audit-logs/data/ghes-3.19/organization.json index 76c4dd8d3706..4b223e75f40e 100644 --- a/src/audit-logs/data/ghes-3.19/organization.json +++ b/src/audit-logs/data/ghes-3.19/organization.json @@ -13401,7 +13401,7 @@ "operation_type", "actor_is_bot" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.create", @@ -13438,7 +13438,7 @@ "operation_type", "actor_is_bot" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.destroy", @@ -13474,7 +13474,7 @@ "created_at", "operation_type" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.revoke", @@ -13508,7 +13508,7 @@ "created_at", "operation_type" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.update", @@ -13547,7 +13547,7 @@ "actor_is_bot", "old_base_role" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_wide_project_base_role.update", diff --git a/src/audit-logs/data/ghes-3.20/organization.json b/src/audit-logs/data/ghes-3.20/organization.json index 4c7245c78379..241699dbb74e 100644 --- a/src/audit-logs/data/ghes-3.20/organization.json +++ b/src/audit-logs/data/ghes-3.20/organization.json @@ -13338,7 +13338,7 @@ "operation_type", "actor_is_bot" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.create", @@ -13375,7 +13375,7 @@ "operation_type", "actor_is_bot" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.destroy", @@ -13411,7 +13411,7 @@ "created_at", "operation_type" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.revoke", @@ -13445,7 +13445,7 @@ "created_at", "operation_type" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_role.update", @@ -13484,7 +13484,7 @@ "actor_is_bot", "old_base_role" ], - "docs_reference_titles": "About custom organization roles" + "docs_reference_titles": "Permissions of custom organization roles" }, { "action": "organization_wide_project_base_role.update", diff --git a/src/audit-logs/lib/config.json b/src/audit-logs/lib/config.json index c33925ade3ed..71530e9b4e1a 100644 --- a/src/audit-logs/lib/config.json +++ b/src/audit-logs/lib/config.json @@ -9,5 +9,5 @@ "git": "Note: Git events have special access requirements and retention policies that differ from other audit log events. For GitHub Enterprise Cloud, access Git events via the REST API only with 7-day retention. For GitHub Enterprise Server, Git events must be enabled in audit log configuration and are not included in search results.", "sso_redirect": "Note: Automatically redirecting users to sign in is currently in beta for Enterprise Managed Users and subject to change." }, - "sha": "cf5a23d9a51d5f395ce6d7ab89e8d78bb464efc0" + "sha": "445de99b5e725af436de2338b8033761dd090b3f" } \ No newline at end of file From 03d3b6c2a3cc2b6d6e0a432e8858b0cd60ea6f68 Mon Sep 17 00:00:00 2001 From: docs-bot <77750099+docs-bot@users.noreply.github.com> Date: Tue, 10 Mar 2026 05:07:17 -0700 Subject: [PATCH 09/20] docs: update copilot-cli content from source docs (#60107) Co-authored-by: github-actions[bot] Co-authored-by: Felix Guntrip --- src/content-pipelines/state/copilot-cli.sha | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content-pipelines/state/copilot-cli.sha b/src/content-pipelines/state/copilot-cli.sha index 9eb6766b7479..5daa10eea00a 100644 --- a/src/content-pipelines/state/copilot-cli.sha +++ b/src/content-pipelines/state/copilot-cli.sha @@ -1 +1 @@ -632be5c3f07cff2d1b3de6e9215997d2c7d97a08 +939b44065d747eced9cbeb2d745988bdce61f0e0 From 92d6c0c9efbcc9356f9519a8d2d69f874652b0f8 Mon Sep 17 00:00:00 2001 From: Kevin Heis Date: Tue, 10 Mar 2026 05:37:45 -0700 Subject: [PATCH 10/20] Add content linter rule for curly quotes in frontmatter (GHD034) (#60001) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- ...izing-or-hiding-organization-membership.md | 2 +- .../workflows-and-actions/metadata-syntax.md | 2 +- ...lities-in-your-code-and-in-dependencies.md | 2 +- .../manage-your-coverage/index.md | 2 +- .../manage-your-coverage/index.md | 2 +- .../analyze-organization-data/index.md | 2 +- ...or-participating-in-a-security-campaign.md | 2 +- content/communities/index.md | 2 +- .../create-copilot-spaces.md | 2 +- .../use-copilot-spaces/index.md | 2 +- .../use-copilot-spaces/use-copilot-spaces.md | 2 +- .../coding-agent/improve-a-project.md | 2 + .../copilot/tutorials/copilot-cli-hooks.md | 2 +- .../about-github-campus-experts.md | 2 +- .../applying-to-be-a-github-campus-expert.md | 2 +- ...-archive-of-your-personal-accounts-data.md | 2 +- .../faq-about-changes-to-githubs-plans.md | 2 +- ...tering-for-a-github-certifications-exam.md | 2 +- .../about-your-organizations-news-feed.md | 2 +- .../index.md | 2 +- ...access-to-an-organization-project-board.md | 2 +- ...t-board-permissions-for-an-organization.md | 2 +- ...-a-team-in-your-organizations-hierarchy.md | 2 +- .../requesting-to-add-a-child-team.md | 2 +- .../working-with-forks/about-forks.md | 2 +- .../index.md | 4 +- .../contacting-github-support/index.md | 2 +- .../contributing/content-linter-rules.md | 1 + .../linting-rules/frontmatter-curly-quotes.ts | 52 +++++++++++ src/content-linter/lib/linting-rules/index.ts | 2 + .../liquid-ifversion-versions.ts | 1 + src/content-linter/style/github-docs.ts | 6 ++ .../tests/unit/frontmatter-curly-quotes.ts | 93 +++++++++++++++++++ 33 files changed, 184 insertions(+), 27 deletions(-) create mode 100644 src/content-linter/lib/linting-rules/frontmatter-curly-quotes.ts create mode 100644 src/content-linter/tests/unit/frontmatter-curly-quotes.ts diff --git a/content/account-and-profile/how-tos/organization-membership/publicizing-or-hiding-organization-membership.md b/content/account-and-profile/how-tos/organization-membership/publicizing-or-hiding-organization-membership.md index 1424dd6c1cfd..c7b5665a4de2 100644 --- a/content/account-and-profile/how-tos/organization-membership/publicizing-or-hiding-organization-membership.md +++ b/content/account-and-profile/how-tos/organization-membership/publicizing-or-hiding-organization-membership.md @@ -1,6 +1,6 @@ --- title: Publicizing or hiding organization membership -intro: Show avatars for organizations where you’re an organization member. +intro: Show avatars for organizations where you're an organization member. redirect_from: - /articles/publicizing-or-concealing-organization-membership - /articles/publicizing-or-hiding-organization-membership diff --git a/content/actions/reference/workflows-and-actions/metadata-syntax.md b/content/actions/reference/workflows-and-actions/metadata-syntax.md index d07bd710d1e0..274c12617f19 100644 --- a/content/actions/reference/workflows-and-actions/metadata-syntax.md +++ b/content/actions/reference/workflows-and-actions/metadata-syntax.md @@ -1,7 +1,7 @@ --- title: Metadata syntax reference shortTitle: Metadata syntax -intro: You can create actions to perform tasks in your repository. If you’re making a custom action, it will require a metadata file that uses YAML syntax. +intro: You can create actions to perform tasks in your repository. If you're making a custom action, it will require a metadata file that uses YAML syntax. redirect_from: - /articles/metadata-syntax-for-github-actions - /github/automating-your-workflow-with-github-actions/metadata-syntax-for-github-actions diff --git a/content/code-security/concepts/vulnerability-reporting-and-management/about-your-exposure-to-vulnerabilities-in-your-code-and-in-dependencies.md b/content/code-security/concepts/vulnerability-reporting-and-management/about-your-exposure-to-vulnerabilities-in-your-code-and-in-dependencies.md index 5a3c84153f08..65ebf5caa461 100644 --- a/content/code-security/concepts/vulnerability-reporting-and-management/about-your-exposure-to-vulnerabilities-in-your-code-and-in-dependencies.md +++ b/content/code-security/concepts/vulnerability-reporting-and-management/about-your-exposure-to-vulnerabilities-in-your-code-and-in-dependencies.md @@ -1,7 +1,7 @@ --- title: About exposure to vulnerabilities in your code and in dependencies shortTitle: Vulnerability exposure -intro: Understand how vulnerabilities in your own code and in third-party dependencies contribute to your organization’s overall security exposure, and how to measure and reduce that risk. +intro: Understand how vulnerabilities in your own code and in third-party dependencies contribute to your organization's overall security exposure, and how to measure and reduce that risk. allowTitleToDifferFromFilename: true product: '{% data reusables.gated-features.ghas-billing %}' versions: diff --git a/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/manage-your-coverage/index.md b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/manage-your-coverage/index.md index cacb8f94f2f5..f68413ce9aaf 100644 --- a/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/manage-your-coverage/index.md +++ b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/manage-your-coverage/index.md @@ -1,6 +1,6 @@ --- title: Manage your coverage -intro: Review and manage your enterprise’s repository security coverage by adjusting which repositories are included in your custom security configurations and removing unneeded configurations. +intro: Review and manage your enterprise's repository security coverage by adjusting which repositories are included in your custom security configurations and removing unneeded configurations. versions: fpt: '*' ghes: '*' diff --git a/content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-your-coverage/index.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-your-coverage/index.md index b2e2925ab35d..372d5389c47e 100644 --- a/content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-your-coverage/index.md +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-your-coverage/index.md @@ -1,6 +1,6 @@ --- title: Manage your coverage -intro: Review and adjust your organization’s security coverage by managing which repositories are included in security configurations and updating or removing configurations as needed. +intro: Review and adjust your organization's security coverage by managing which repositories are included in security configurations and updating or removing configurations as needed. versions: fpt: '*' ghes: '*' diff --git a/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/index.md b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/index.md index 83c5b040396c..5bdf097a12c3 100644 --- a/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/index.md +++ b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/index.md @@ -1,7 +1,7 @@ --- title: How-tos for analyzing security data for an organization shortTitle: Analyze organization data -intro: Learn how to assess security risks, track feature adoption, view key metrics, and export data to analyze your organization’s security posture. +intro: Learn how to assess security risks, track feature adoption, view key metrics, and export data to analyze your organization's security posture. versions: fpt: '*' ghes: '*' diff --git a/content/code-security/tutorials/manage-security-alerts/best-practices-for-participating-in-a-security-campaign.md b/content/code-security/tutorials/manage-security-alerts/best-practices-for-participating-in-a-security-campaign.md index eaa314dc4d55..4fe31a44d9ad 100644 --- a/content/code-security/tutorials/manage-security-alerts/best-practices-for-participating-in-a-security-campaign.md +++ b/content/code-security/tutorials/manage-security-alerts/best-practices-for-participating-in-a-security-campaign.md @@ -1,7 +1,7 @@ --- title: Participating in a code security campaign shortTitle: Participate in campaigns -intro: If you’ve been assigned alerts as part of a security campaign, this guide explains what campaigns are, what to expect, and how to resolve alerts effectively. +intro: If you've been assigned alerts as part of a security campaign, this guide explains what campaigns are, what to expect, and how to resolve alerts effectively. allowTitleToDifferFromFilename: true permissions: '{% data reusables.permissions.code-scanning-all-alerts %}' product: '{% data reusables.gated-features.security-campaigns %}' diff --git a/content/communities/index.md b/content/communities/index.md index 340f15dffcf6..72c7da29bd2a 100644 --- a/content/communities/index.md +++ b/content/communities/index.md @@ -1,7 +1,7 @@ --- title: Building communities documentation shortTitle: Building communities -intro: 'Learn best practices for moderating and setting up collaborative, safe, and effective communities using GitHub’s community-tested tools.' +intro: "Learn best practices for moderating and setting up collaborative, safe, and effective communities using GitHub's community-tested tools." redirect_from: - /categories/building-a-strong-community - /github/building-a-strong-community diff --git a/content/copilot/how-tos/provide-context/use-copilot-spaces/create-copilot-spaces.md b/content/copilot/how-tos/provide-context/use-copilot-spaces/create-copilot-spaces.md index 8a0637c2609d..057e19285cea 100644 --- a/content/copilot/how-tos/provide-context/use-copilot-spaces/create-copilot-spaces.md +++ b/content/copilot/how-tos/provide-context/use-copilot-spaces/create-copilot-spaces.md @@ -1,7 +1,7 @@ --- title: Creating GitHub Copilot Spaces shortTitle: Create Copilot Spaces -intro: 'Create spaces to organize and centralize relevant content that grounds {% data variables.product.prodname_copilot_short %}’s responses in the right context for a specific task.' +intro: "Create spaces to organize and centralize relevant content that grounds {% data variables.product.prodname_copilot_short %}'s responses in the right context for a specific task." permissions: 'Anyone with a {% data variables.product.prodname_copilot_short %} license can use {% data variables.copilot.copilot_spaces_short %}.' versions: feature: copilot diff --git a/content/copilot/how-tos/provide-context/use-copilot-spaces/index.md b/content/copilot/how-tos/provide-context/use-copilot-spaces/index.md index a9e88eceae39..80315fc609d3 100644 --- a/content/copilot/how-tos/provide-context/use-copilot-spaces/index.md +++ b/content/copilot/how-tos/provide-context/use-copilot-spaces/index.md @@ -1,7 +1,7 @@ --- title: GitHub Copilot Spaces shortTitle: Use Copilot Spaces -intro: 'Organize and centralize relevant content into {% data variables.copilot.copilot_spaces_short %} that ground {% data variables.product.prodname_copilot_short %}’s responses in the right context for a specific task.' +intro: "Organize and centralize relevant content into {% data variables.copilot.copilot_spaces_short %} that ground {% data variables.product.prodname_copilot_short %}'s responses in the right context for a specific task." versions: feature: copilot children: diff --git a/content/copilot/how-tos/provide-context/use-copilot-spaces/use-copilot-spaces.md b/content/copilot/how-tos/provide-context/use-copilot-spaces/use-copilot-spaces.md index 011c3242b2d3..01ce28ac5f09 100644 --- a/content/copilot/how-tos/provide-context/use-copilot-spaces/use-copilot-spaces.md +++ b/content/copilot/how-tos/provide-context/use-copilot-spaces/use-copilot-spaces.md @@ -1,7 +1,7 @@ --- title: Using GitHub Copilot Spaces shortTitle: Use Copilot Spaces -intro: 'Use spaces to ground {% data variables.product.prodname_copilot_short %}’s responses in the right context for a specific task.' +intro: "Use spaces to ground {% data variables.product.prodname_copilot_short %}'s responses in the right context for a specific task." permissions: 'Anyone with a {% data variables.product.prodname_copilot_short %} license can use {% data variables.copilot.copilot_spaces_short %}.' versions: feature: copilot diff --git a/content/copilot/tutorials/coding-agent/improve-a-project.md b/content/copilot/tutorials/coding-agent/improve-a-project.md index 19290fb14f72..d66bd4daba1b 100644 --- a/content/copilot/tutorials/coding-agent/improve-a-project.md +++ b/content/copilot/tutorials/coding-agent/improve-a-project.md @@ -122,6 +122,7 @@ Creating this file is optional but is a good idea if you use {% data variables.c ## 3. Let {% data variables.product.prodname_copilot_short %} find technical debt Now that {% data variables.product.prodname_copilot_short %} has the right context and (optionally) a ready-to-use environment, you can use it to surface and prioritize technical debt in your repository. + 1. Click the **{% octicon "copilot" aria-label="Run this prompt in Copilot Chat" %}** button in the following prompt box to send this prompt to {% data variables.copilot.copilot_chat_short %} on {% data variables.product.prodname_dotcom_the_website %}. ```copilot copy prompt @@ -161,6 +162,7 @@ Now that {% data variables.product.prodname_copilot_short %} has the right conte ## 4. Get {% data variables.product.prodname_copilot_short %} to fix an issue Now that you have created issues, the next step is to delegate an issue to {% data variables.product.prodname_copilot_short %} and review the resulting pull request. + 1. Open one of the issues that {% data variables.product.prodname_copilot_short %} created for you in the previous section. 1. Check that the issue contains acceptance criteria that {% data variables.product.prodname_copilot_short %} can use to verify it has completed the task. 1. Make any changes you feel are necessary to accurately describe the problem that needs to be fixed, and the expected outcome of the work on this issue. diff --git a/content/copilot/tutorials/copilot-cli-hooks.md b/content/copilot/tutorials/copilot-cli-hooks.md index 4af6d0f561bf..4e823ff8f814 100644 --- a/content/copilot/tutorials/copilot-cli-hooks.md +++ b/content/copilot/tutorials/copilot-cli-hooks.md @@ -1,7 +1,7 @@ --- title: Using hooks with Copilot CLI for predictable, policy-compliant execution shortTitle: Use hooks with Copilot CLI -intro: Use hooks to log user prompts and control which tools {% data variables.copilot.copilot_cli_short %} can run in a repository, so teams can automate safely within your organization’s security and compliance requirements. +intro: Use hooks to log user prompts and control which tools {% data variables.copilot.copilot_cli_short %} can run in a repository, so teams can automate safely within your organization's security and compliance requirements. versions: feature: copilot contentType: tutorials diff --git a/content/education/about-github-education/use-github-at-your-educational-institution/about-github-campus-experts.md b/content/education/about-github-education/use-github-at-your-educational-institution/about-github-campus-experts.md index 72b86e931642..9ff5c999bfac 100644 --- a/content/education/about-github-education/use-github-at-your-educational-institution/about-github-campus-experts.md +++ b/content/education/about-github-education/use-github-at-your-educational-institution/about-github-campus-experts.md @@ -1,6 +1,6 @@ --- title: About GitHub Campus Experts -intro: 'Enrich your college’s technical community by becoming a {% data variables.product.prodname_student_leader_program_singular %}.' +intro: "Enrich your college's technical community by becoming a {% data variables.product.prodname_student_leader_program_singular %}." redirect_from: - /education/teach-and-learn-with-github-education/about-campus-experts - /github/teaching-and-learning-with-github-education/about-campus-experts diff --git a/content/education/about-github-education/use-github-at-your-educational-institution/applying-to-be-a-github-campus-expert.md b/content/education/about-github-education/use-github-at-your-educational-institution/applying-to-be-a-github-campus-expert.md index 4445f386c773..474361c8392f 100644 --- a/content/education/about-github-education/use-github-at-your-educational-institution/applying-to-be-a-github-campus-expert.md +++ b/content/education/about-github-education/use-github-at-your-educational-institution/applying-to-be-a-github-campus-expert.md @@ -1,6 +1,6 @@ --- title: Applying to be a GitHub Campus Expert -intro: 'As a student, you can apply to be a {% data variables.product.prodname_student_leader_program_singular %} to gain new skills and grow your college’s technical community.' +intro: "As a student, you can apply to be a {% data variables.product.prodname_student_leader_program_singular %} to gain new skills and grow your college's technical community." versions: fpt: '*' shortTitle: Apply to Campus Experts diff --git a/content/get-started/archiving-your-github-personal-account-and-public-repositories/requesting-an-archive-of-your-personal-accounts-data.md b/content/get-started/archiving-your-github-personal-account-and-public-repositories/requesting-an-archive-of-your-personal-accounts-data.md index e9e099e90f4e..37a99973b5be 100644 --- a/content/get-started/archiving-your-github-personal-account-and-public-repositories/requesting-an-archive-of-your-personal-accounts-data.md +++ b/content/get-started/archiving-your-github-personal-account-and-public-repositories/requesting-an-archive-of-your-personal-accounts-data.md @@ -1,5 +1,5 @@ --- -title: Requesting an archive of your personal account’s data +title: Requesting an archive of your personal account's data redirect_from: - /articles/requesting-an-archive-of-your-personal-account-s-data - /articles/requesting-an-archive-of-your-personal-accounts-data diff --git a/content/get-started/learning-about-github/faq-about-changes-to-githubs-plans.md b/content/get-started/learning-about-github/faq-about-changes-to-githubs-plans.md index 777f0ed83730..2c5568b6029b 100644 --- a/content/get-started/learning-about-github/faq-about-changes-to-githubs-plans.md +++ b/content/get-started/learning-about-github/faq-about-changes-to-githubs-plans.md @@ -1,5 +1,5 @@ --- -title: FAQ about changes to GitHub’s plans +title: FAQ about changes to GitHub's plans intro: 'As of April 14, 2020, GitHub announced that all of the core GitHub features are now free for everyone.' versions: fpt: '*' diff --git a/content/get-started/showcase-your-expertise-with-github-certifications/registering-for-a-github-certifications-exam.md b/content/get-started/showcase-your-expertise-with-github-certifications/registering-for-a-github-certifications-exam.md index 2d5faed477dd..91e4e987ade8 100644 --- a/content/get-started/showcase-your-expertise-with-github-certifications/registering-for-a-github-certifications-exam.md +++ b/content/get-started/showcase-your-expertise-with-github-certifications/registering-for-a-github-certifications-exam.md @@ -1,6 +1,6 @@ --- title: 'Registering for a {% data variables.product.prodname_certifications %} exam' -intro: 'When you’re prepared and ready, you can register for the exam.' +intro: "When you're prepared and ready, you can register for the exam." allowTitleToDifferFromFilename: true versions: feature: github-certification diff --git a/content/organizations/collaborating-with-groups-in-organizations/about-your-organizations-news-feed.md b/content/organizations/collaborating-with-groups-in-organizations/about-your-organizations-news-feed.md index f1458bbd5852..54f886cc6f61 100644 --- a/content/organizations/collaborating-with-groups-in-organizations/about-your-organizations-news-feed.md +++ b/content/organizations/collaborating-with-groups-in-organizations/about-your-organizations-news-feed.md @@ -1,5 +1,5 @@ --- -title: About your organization’s news feed +title: About your organization's news feed intro: You can use your organization's news feed to keep up with recent activity on repositories owned by that organization. redirect_from: - /articles/news-feed diff --git a/content/organizations/managing-access-to-your-organizations-project-boards/index.md b/content/organizations/managing-access-to-your-organizations-project-boards/index.md index 23acea35b5ab..1b766adba059 100644 --- a/content/organizations/managing-access-to-your-organizations-project-boards/index.md +++ b/content/organizations/managing-access-to-your-organizations-project-boards/index.md @@ -1,5 +1,5 @@ --- -title: 'Managing access to your organization’s {% data variables.product.prodname_projects_v1 %}' +title: "Managing access to your organization's {% data variables.product.prodname_projects_v1 %}" intro: 'As an organization owner or {% data variables.projects.projects_v1_board %} admin, you can give organization members, teams, and outside collaborators different levels of access to {% data variables.projects.projects_v1_boards %} owned by your organization.' redirect_from: - /articles/managing-access-to-your-organization-s-project-boards diff --git a/content/organizations/managing-access-to-your-organizations-project-boards/managing-an-individuals-access-to-an-organization-project-board.md b/content/organizations/managing-access-to-your-organizations-project-boards/managing-an-individuals-access-to-an-organization-project-board.md index 95233d0f8158..a38e90a30492 100644 --- a/content/organizations/managing-access-to-your-organizations-project-boards/managing-an-individuals-access-to-an-organization-project-board.md +++ b/content/organizations/managing-access-to-your-organizations-project-boards/managing-an-individuals-access-to-an-organization-project-board.md @@ -1,5 +1,5 @@ --- -title: 'Managing an individual’s access to an organization {% data variables.product.prodname_project_v1 %}' +title: "Managing an individual's access to an organization {% data variables.product.prodname_project_v1 %}" intro: 'As an organization owner or {% data variables.projects.projects_v1_board %} admin, you can manage an individual member''s access to a {% data variables.projects.projects_v1_board %} owned by your organization.' redirect_from: - /articles/managing-an-individual-s-access-to-an-organization-project-board diff --git a/content/organizations/managing-access-to-your-organizations-project-boards/project-board-permissions-for-an-organization.md b/content/organizations/managing-access-to-your-organizations-project-boards/project-board-permissions-for-an-organization.md index 5a318ca7e7d5..7d363d03f8c8 100644 --- a/content/organizations/managing-access-to-your-organizations-project-boards/project-board-permissions-for-an-organization.md +++ b/content/organizations/managing-access-to-your-organizations-project-boards/project-board-permissions-for-an-organization.md @@ -1,6 +1,6 @@ --- title: '{% data variables.product.prodname_project_v1_caps %} permissions for an organization' -intro: 'Organization owners and people with {% data variables.projects.projects_v1_board %} admin permissions can customize who has read, write, and admin permissions to your organization’s {% data variables.projects.projects_v1_boards %}.' +intro: "Organization owners and people with {% data variables.projects.projects_v1_board %} admin permissions can customize who has read, write, and admin permissions to your organization's {% data variables.projects.projects_v1_boards %}." redirect_from: - /articles/project-board-permissions-for-an-organization - /github/setting-up-and-managing-organizations-and-teams/project-board-permissions-for-an-organization diff --git a/content/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy.md b/content/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy.md index 464369091d9c..cd3088d980e8 100644 --- a/content/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy.md +++ b/content/organizations/organizing-members-into-teams/moving-a-team-in-your-organizations-hierarchy.md @@ -1,5 +1,5 @@ --- -title: Moving a team in your organization’s hierarchy +title: Moving a team in your organization's hierarchy intro: 'Team maintainers and organization owners can nest a team under a parent team, or change or remove a nested team''s parent.' redirect_from: - /articles/changing-a-team-s-parent diff --git a/content/organizations/organizing-members-into-teams/requesting-to-add-a-child-team.md b/content/organizations/organizing-members-into-teams/requesting-to-add-a-child-team.md index 7e23d351609a..66009aee130f 100644 --- a/content/organizations/organizing-members-into-teams/requesting-to-add-a-child-team.md +++ b/content/organizations/organizing-members-into-teams/requesting-to-add-a-child-team.md @@ -1,6 +1,6 @@ --- title: Requesting to add a child team -intro: 'If you have maintainer permissions in a team, you can request to nest an existing team under your team in your organization’s hierarchy.' +intro: "If you have maintainer permissions in a team, you can request to nest an existing team under your team in your organization's hierarchy." redirect_from: - /articles/requesting-to-add-a-child-team - /github/setting-up-and-managing-organizations-and-teams/requesting-to-add-a-child-team diff --git a/content/pull-requests/collaborating-with-pull-requests/working-with-forks/about-forks.md b/content/pull-requests/collaborating-with-pull-requests/working-with-forks/about-forks.md index d1e6b8776dc4..f93515f1b8c6 100644 --- a/content/pull-requests/collaborating-with-pull-requests/working-with-forks/about-forks.md +++ b/content/pull-requests/collaborating-with-pull-requests/working-with-forks/about-forks.md @@ -1,6 +1,6 @@ --- title: About forks -intro: A fork is a new repository that shares code and visibility settings with the original “upstream” repository. +intro: A fork is a new repository that shares code and visibility settings with the original "upstream" repository. redirect_from: - /github/collaborating-with-issues-and-pull-requests/working-with-forks/about-forks - /articles/about-forks diff --git a/content/repositories/managing-your-repositorys-settings-and-features/index.md b/content/repositories/managing-your-repositorys-settings-and-features/index.md index 082b0e4ba283..0309a8e73ce8 100644 --- a/content/repositories/managing-your-repositorys-settings-and-features/index.md +++ b/content/repositories/managing-your-repositorys-settings-and-features/index.md @@ -1,6 +1,6 @@ --- -title: Managing your repository’s settings and features -intro: You can customize your repository, enable or disable optional features for your repository, and manage your repository’s settings. +title: Managing your repository's settings and features +intro: You can customize your repository, enable or disable optional features for your repository, and manage your repository's settings. redirect_from: - /categories/administering-a-repository - /articles/managing-repository-settings diff --git a/content/support/contacting-github-support/index.md b/content/support/contacting-github-support/index.md index 7b37122b322a..34b2ea91479c 100644 --- a/content/support/contacting-github-support/index.md +++ b/content/support/contacting-github-support/index.md @@ -1,7 +1,7 @@ --- title: Contacting GitHub Support shortTitle: Contacting support -intro: “Use the {% data variables.contact.landing_page_portal %} to contact GitHub Support when you need help troubleshooting issues.” +intro: "Use the {% data variables.contact.landing_page_portal %} to contact GitHub Support when you need help troubleshooting issues." versions: fpt: '*' ghec: '*' diff --git a/data/reusables/contributing/content-linter-rules.md b/data/reusables/contributing/content-linter-rules.md index 0926b595f71f..7a25fe2c0a7a 100644 --- a/data/reusables/contributing/content-linter-rules.md +++ b/data/reusables/contributing/content-linter-rules.md @@ -44,6 +44,7 @@ | GHD031 | image-alt-text-exclude-words | Alternate text for images should not begin with words like "image" or "graphic" | error | accessibility, images | | GHD032 | image-alt-text-end-punctuation | Alternate text for images should end with punctuation | error | accessibility, images | | GHD033 | incorrect-alt-text-length | Images alternate text should be between 40-150 characters | error | accessibility, images | +| GHD034 | frontmatter-curly-quotes | Frontmatter title and intro should not contain curly quotes | error | frontmatter, format | | GHD035 | rai-reusable-usage | RAI articles and reusables can only reference reusable content in the data/reusables/rai directory | error | feature, rai | | GHD036 | image-no-gif | Image must not be a gif, styleguide reference: contributing/style-guide-and-content-model/style-guide.md#images | error | images | | GHD038 | expired-content | Expired content must be remediated. | warning | expired | diff --git a/src/content-linter/lib/linting-rules/frontmatter-curly-quotes.ts b/src/content-linter/lib/linting-rules/frontmatter-curly-quotes.ts new file mode 100644 index 000000000000..9821c439ff18 --- /dev/null +++ b/src/content-linter/lib/linting-rules/frontmatter-curly-quotes.ts @@ -0,0 +1,52 @@ +import { addError } from 'markdownlint-rule-helpers' + +import { getFrontmatterLines } from '../helpers/utils' +import type { RuleParams, RuleErrorCallback, Rule } from '@/content-linter/types' + +const CURLY_QUOTE_PATTERN = /[\u2018\u2019\u201c\u201d]/g +const CURLY_QUOTE_MAP: Record = { + '\u2018': "'", + '\u2019': "'", + '\u201c': '"', + '\u201d': '"', +} + +const CHECKED_FIELDS = ['title', 'intro'] + +export const frontmatterCurlyQuotes: Rule = { + names: ['GHD034', 'frontmatter-curly-quotes'], + description: 'Frontmatter title and intro should not contain curly quotes', + tags: ['frontmatter', 'format'], + function: (params: RuleParams, onError: RuleErrorCallback) => { + const fmLines = getFrontmatterLines(params.lines) + if (fmLines.length === 0) return + + const fmStart = params.lines.indexOf('---') + + for (const field of CHECKED_FIELDS) { + const idx = fmLines.findIndex((ln: string) => ln.trim().startsWith(`${field}:`)) + if (idx === -1) continue + + const line = fmLines[idx] + if (!CURLY_QUOTE_PATTERN.test(line)) continue + CURLY_QUOTE_PATTERN.lastIndex = 0 + + const lineNumber = fmStart + idx + 1 + const fixedLine = line.replace(CURLY_QUOTE_PATTERN, (ch) => CURLY_QUOTE_MAP[ch] || ch) + + addError( + onError, + lineNumber, + `Curly quotes in '${field}' cause mojibake in plain-text contexts like llms.txt. Use straight quotes instead.`, + line, + [1, line.length], + { + lineNumber, + editColumn: 1, + deleteCount: line.length, + insertText: fixedLine, + }, + ) + } + }, +} diff --git a/src/content-linter/lib/linting-rules/index.ts b/src/content-linter/lib/linting-rules/index.ts index f4b3a76293ff..ec04747929e5 100644 --- a/src/content-linter/lib/linting-rules/index.ts +++ b/src/content-linter/lib/linting-rules/index.ts @@ -54,6 +54,7 @@ import { journeyTracksUniqueIds } from './journey-tracks-unique-ids' import { frontmatterHeroImage } from './frontmatter-hero-image' import { frontmatterIntroLinks } from './frontmatter-intro-links' import { frontmatterChildren } from './frontmatter-children' +import { frontmatterCurlyQuotes } from './frontmatter-curly-quotes' import { raiAppCardStructure } from '@/content-linter/lib/linting-rules/rai-app-card-structure' // Using any type because @github/markdownlint-github doesn't provide TypeScript declarations @@ -98,6 +99,7 @@ export const gitHubDocsMarkdownlint = { imageAltTextExcludeStartWords, // GHD031 imageAltTextEndPunctuation, // GHD032 incorrectAltTextLength, // GHD033 + frontmatterCurlyQuotes, // GHD034 raiReusableUsage, // GHD035 imageNoGif, // GHD036 expiredContent, // GHD038 diff --git a/src/content-linter/lib/linting-rules/liquid-ifversion-versions.ts b/src/content-linter/lib/linting-rules/liquid-ifversion-versions.ts index 96b7b70e6962..664368357c86 100644 --- a/src/content-linter/lib/linting-rules/liquid-ifversion-versions.ts +++ b/src/content-linter/lib/linting-rules/liquid-ifversion-versions.ts @@ -41,6 +41,7 @@ export const liquidIfversionVersions = { | string | Record | undefined) + if (!fileVersionsFm) return // This will only contain valid (non-deprecated) and future versions const fileVersions = getApplicableVersions(fileVersionsFm, '', { doNotThrow: true, diff --git a/src/content-linter/style/github-docs.ts b/src/content-linter/style/github-docs.ts index 6b038548b5d2..323ff4e6077d 100644 --- a/src/content-linter/style/github-docs.ts +++ b/src/content-linter/style/github-docs.ts @@ -297,6 +297,12 @@ export const githubDocsFrontmatterConfig = { 'partial-markdown-files': false, 'yml-files': false, }, + 'frontmatter-curly-quotes': { + // GHD034 + severity: 'error', + 'partial-markdown-files': false, + 'yml-files': false, + }, } // Configures rules from the `github/markdownlint-github` repo diff --git a/src/content-linter/tests/unit/frontmatter-curly-quotes.ts b/src/content-linter/tests/unit/frontmatter-curly-quotes.ts new file mode 100644 index 000000000000..f40da3d6b942 --- /dev/null +++ b/src/content-linter/tests/unit/frontmatter-curly-quotes.ts @@ -0,0 +1,93 @@ +import { describe, expect, test } from 'vitest' + +import { runRule } from '../../lib/init-test' +import { frontmatterCurlyQuotes } from '../../lib/linting-rules/frontmatter-curly-quotes' + +const fmOptions = { markdownlintOptions: { frontMatter: null } } + +describe(frontmatterCurlyQuotes.names.join(' - '), () => { + test('curly single quotes in title triggers warning', async () => { + const strings = { + test: [ + '---', + 'title: Managing your repository\u2019s settings', + 'intro: Learn about settings.', + '---', + '', + 'Some content.', + ].join('\n'), + } + const result = await runRule(frontmatterCurlyQuotes, { strings, ...fmOptions }) + const errors = result.test + expect(errors.length).toBe(1) + expect(errors[0].ruleNames).toContain('GHD034') + expect(errors[0].lineNumber).toBe(2) + expect(errors[0].fixInfo).toBeTruthy() + expect(errors[0].fixInfo!.insertText).toContain("repository's") + }) + + test('curly double quotes in intro triggers warning', async () => { + const strings = { + test: [ + '---', + 'title: A normal title', + 'intro: Learn about the \u201cupstream\u201d repository.', + '---', + '', + 'Some content.', + ].join('\n'), + } + const result = await runRule(frontmatterCurlyQuotes, { strings, ...fmOptions }) + const errors = result.test + expect(errors.length).toBe(1) + expect(errors[0].lineNumber).toBe(3) + }) + + test('straight quotes pass', async () => { + const strings = { + test: [ + '---', + "title: Managing your repository's settings", + 'intro: Learn about the "upstream" repository.', + '---', + '', + 'Some content.', + ].join('\n'), + } + const result = await runRule(frontmatterCurlyQuotes, { strings, ...fmOptions }) + const errors = result.test + expect(errors.length).toBe(0) + }) + + test('curly quotes in body are ignored', async () => { + const strings = { + test: [ + '---', + 'title: A normal title', + 'intro: A normal intro.', + '---', + '', + 'The cat\u2019s out of the bag.', + ].join('\n'), + } + const result = await runRule(frontmatterCurlyQuotes, { strings, ...fmOptions }) + const errors = result.test + expect(errors.length).toBe(0) + }) + + test('both title and intro with curly quotes triggers two warnings', async () => { + const strings = { + test: [ + '---', + 'title: Your organization\u2019s settings', + 'intro: About the \u201cupstream\u201d repo.', + '---', + '', + 'Some content.', + ].join('\n'), + } + const result = await runRule(frontmatterCurlyQuotes, { strings, ...fmOptions }) + const errors = result.test + expect(errors.length).toBe(2) + }) +}) From 09438af04a8fce545eee58ebb34e45c64d60b715 Mon Sep 17 00:00:00 2001 From: Sam Browning <106113886+sabrowning1@users.noreply.github.com> Date: Tue, 10 Mar 2026 09:42:59 -0400 Subject: [PATCH 11/20] [EDI] Viewing metrics for pull request alerts + push protection (#60113) --- .../about-code-scanning-alerts.md | 2 +- .../concepts/code-scanning/index.md | 1 + .../pull-request-alert-metrics.md | 59 +++++++++++++++++++ .../concepts/secret-security/index.md | 1 + .../push-protection-metrics.md | 44 ++++++++++++++ ...ode-scanning-alerts-for-your-repository.md | 2 +- ...viewing-metrics-for-pull-request-alerts.md | 32 +--------- ...ics-for-secret-scanning-push-protection.md | 30 +--------- .../phase-3-pilot-programs.md | 2 +- ...phase-5-rollout-and-scale-code-scanning.md | 2 +- ...ase-6-rollout-and-scale-secret-scanning.md | 2 +- 11 files changed, 113 insertions(+), 64 deletions(-) create mode 100644 content/code-security/concepts/code-scanning/pull-request-alert-metrics.md create mode 100644 content/code-security/concepts/secret-security/push-protection-metrics.md diff --git a/content/code-security/concepts/code-scanning/about-code-scanning-alerts.md b/content/code-security/concepts/code-scanning/about-code-scanning-alerts.md index a602d3763c8a..0ff0f8c9809e 100644 --- a/content/code-security/concepts/code-scanning/about-code-scanning-alerts.md +++ b/content/code-security/concepts/code-scanning/about-code-scanning-alerts.md @@ -40,7 +40,7 @@ With a {% data variables.copilot.copilot_enterprise %} license, you can also ask {% ifversion security-overview-org-codeql-pr-alerts %} -For {% data variables.product.prodname_code_scanning %} alerts from {% data variables.product.prodname_codeql %} analysis, you can use security overview to see how {% data variables.product.prodname_codeql %} is performing in pull requests in repositories across your organization, and to identify repositories where you may need to take action. For more information, see [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts). +For {% data variables.product.prodname_code_scanning %} alerts from {% data variables.product.prodname_codeql %} analysis, you can use security overview to see how {% data variables.product.prodname_codeql %} is performing in pull requests in repositories across your organization, and to identify repositories where you may need to take action. For more information, see [AUTOTITLE](/code-security/concepts/code-scanning/pull-request-alert-metrics). {% endif %} diff --git a/content/code-security/concepts/code-scanning/index.md b/content/code-security/concepts/code-scanning/index.md index 09dddbc7bc44..46a756ff81ab 100644 --- a/content/code-security/concepts/code-scanning/index.md +++ b/content/code-security/concepts/code-scanning/index.md @@ -23,4 +23,5 @@ children: - /multi-repository-variant-analysis - /codeql - /tool-status-page + - /pull-request-alert-metrics --- diff --git a/content/code-security/concepts/code-scanning/pull-request-alert-metrics.md b/content/code-security/concepts/code-scanning/pull-request-alert-metrics.md new file mode 100644 index 000000000000..cc58b2ce9d38 --- /dev/null +++ b/content/code-security/concepts/code-scanning/pull-request-alert-metrics.md @@ -0,0 +1,59 @@ +--- +title: CodeQL pull request alert metrics +shortTitle: Pull request alert metrics +intro: Understand {% data variables.product.prodname_codeql %}'s performance in pull requests across your organizations. +permissions: '{% data reusables.permissions.security-overview %}' +product: '{% data reusables.gated-features.security-overview-fpt-cs-only %}' +topics: + - Security overview + - Code Security + - Code scanning + - CodeQL + - Organizations + - Teams +contentType: concepts +versions: + feature: security-overview-org-codeql-pr-alerts +--- + +## Overview + +The metrics overview for {% data variables.product.prodname_codeql %} pull request alerts on security overview helps you understand how well {% data variables.product.prodname_codeql %} is preventing vulnerabilities in pull requests in your organization or across organizations in your enterprise. You can view the entire dataset or filter for specific criteria, making it easy to identify repositories where you may need to take action to find and reduce security risks. + +## Available metrics + +The overview shows you a summary of how many vulnerabilities prevented by {% data variables.product.prodname_codeql %} have been caught in pull requests. The metrics are only tracked for pull requests that have been merged into the default branches of repositories in your organizations. + +You can also find more granular metrics, such as how many alerts were fixed{% ifversion code-scanning-autofix %} with and without {% data variables.copilot.copilot_autofix_short %} suggestions{% endif %}, how many were unresolved and merged, and how many were dismissed as false positive or risk accepted. + +You can also view: + +* The rules that are causing the most alerts, and how many alerts each rule is associated with. + +* The number of alerts that were merged into the default branch without resolution, and the number of alerts dismissed as an acceptable risk. + +{% ifversion code-scanning-autofix %} +* The number of alerts that were fixed with an accepted {% data variables.copilot.copilot_autofix_short %} suggestion, displayed as a fraction of how many total {% data variables.copilot.copilot_autofix_short %} suggestions were available. + +* Remediation rates, in a graph showing the percentage of alerts that were remediated with an available {% data variables.copilot.copilot_autofix_short %} suggestion, and the percentage of alerts that were remediated without a {% data variables.copilot.copilot_autofix_short %} suggestion. + +* Mean time to remediate, in a graph showing the average age of closed alerts that were remediated with an available {% data variables.copilot.copilot_autofix_short %} suggestion, and the average age of closed alerts that were remediated without a {% data variables.copilot.copilot_autofix_short %} suggestion. +{% endif %} + +{% ifversion code-scanning-autofix %} +> [!NOTE] Metrics for {% data variables.copilot.copilot_autofix_short %} will be shown only for repositories where {% data variables.copilot.copilot_autofix_short %} is enabled. +{% else %} +> [!NOTE] Metrics for {% data variables.copilot.copilot_autofix_short %} are omitted because {% data variables.copilot.copilot_autofix_short %} is available only on {% data variables.product.github %} cloud platforms. +{% endif %} + +## Visibility + +You can see {% data variables.product.prodname_code_scanning %} metrics for a repository if you have: + +* The `admin` role for the repository +* A custom repository role with the "View {% data variables.product.prodname_code_scanning %} alerts" fine-grained permissions for the repository +* Access to alerts for the repository + +## Next steps + +To find your pull request alert metrics, see [AUTOTITLE](/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-metrics-for-pull-request-alerts). diff --git a/content/code-security/concepts/secret-security/index.md b/content/code-security/concepts/secret-security/index.md index e478706d6779..d0f4f1bfd42a 100644 --- a/content/code-security/concepts/secret-security/index.md +++ b/content/code-security/concepts/secret-security/index.md @@ -21,6 +21,7 @@ children: - /about-bypass-requests-for-push-protection - /about-secret-scanning-for-partners - /github-secret-types + - /push-protection-metrics - /push-protection-from-the-command-line - /working-with-push-protection-and-the-github-mcp-server - /working-with-push-protection-from-the-rest-api diff --git a/content/code-security/concepts/secret-security/push-protection-metrics.md b/content/code-security/concepts/secret-security/push-protection-metrics.md new file mode 100644 index 000000000000..ec2227f899c4 --- /dev/null +++ b/content/code-security/concepts/secret-security/push-protection-metrics.md @@ -0,0 +1,44 @@ +--- +title: Secret scanning push protection metrics +shortTitle: Push protection metrics +intro: 'Understand push protection''s performance across your organizations.' +permissions: '{% data reusables.permissions.security-overview %}' +product: '{% data reusables.gated-features.security-overview-fpt-sp-only %}' +versions: + fpt: '*' + ghes: '*' + ghec: '*' +topics: + - Security overview + - Secret Protection + - Secret scanning + - Organizations + - Teams +contentType: concepts +--- + +## Overview + +The metrics overview for {% data variables.product.prodname_secret_scanning %} push protection on security overview helps you understand how well you are preventing secret leaks in your organization or across organizations in your enterprise. You can view the entire dataset or filter for specific criteria, making it easy to identify repositories where you may need to take action to prevent future leaks. + +## Available metrics + +The overview shows you a summary of how many pushes containing secrets have been successfully blocked by push protection, as well as how many times push protection was bypassed. + +You can also find more granular metrics, such as: +* The secret types that have been blocked or bypassed the most +* The repositories that have had the most pushes blocked +* The repositories that are bypassing push protection the most +* The percentage distribution of reasons that users give when they bypass the protection + +## Visibility + +You can see {% data variables.product.prodname_secret_scanning %} metrics for a repository if you have: + +* The `admin` role for the repository +* A custom repository role with the "View {% data variables.product.prodname_secret_scanning %} alerts" fine-grained permissions for the repository +* Access to alerts for the repository + +## Next steps + +To find your push protection metrics, see [AUTOTITLE](/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-metrics-for-secret-scanning-push-protection). diff --git a/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository.md b/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository.md index e0d8a003b040..d5af68f440fa 100644 --- a/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository.md +++ b/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository.md @@ -58,7 +58,7 @@ With a {% data variables.copilot.copilot_enterprise %} license, you can ask {% d ## Viewing metrics for {% data variables.product.prodname_codeql %} pull request alerts for an organization -For {% data variables.product.prodname_code_scanning %} alerts from {% data variables.product.prodname_codeql %} analysis, you can use security overview to see how {% data variables.product.prodname_codeql %} is performing in pull requests in repositories where you have write access across your organization, and to identify repositories where you may need to take action. For more information, see [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts). +For {% data variables.product.prodname_code_scanning %} alerts from {% data variables.product.prodname_codeql %} analysis, you can use security overview to see how {% data variables.product.prodname_codeql %} is performing in pull requests in repositories where you have write access across your organization, and to identify repositories where you may need to take action. For more information, see [AUTOTITLE](/code-security/concepts/code-scanning/pull-request-alert-metrics). {% endif %} diff --git a/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-metrics-for-pull-request-alerts.md b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-metrics-for-pull-request-alerts.md index 87b223d04f30..6f05d4761fdd 100644 --- a/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-metrics-for-pull-request-alerts.md +++ b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-metrics-for-pull-request-alerts.md @@ -2,7 +2,7 @@ title: Viewing metrics for pull request alerts shortTitle: View PR alert metrics allowTitleToDifferFromFilename: true -intro: You can use security overview to see how {% data variables.product.prodname_codeql %} is performing in pull requests for repositories across your organizations, and to identify repositories where you may need to take action. +intro: Monitor {% data variables.product.prodname_codeql %}'s performance in pull requests across your organizations to identify repositories where you may need to take action. permissions: '{% data reusables.permissions.security-overview %}' product: '{% data reusables.gated-features.security-overview-fpt-cs-only %}' contentType: how-tos @@ -19,36 +19,6 @@ redirect_from: - /code-security/security-overview/viewing-metrics-for-pull-request-alerts --- -## About {% data variables.product.prodname_codeql %} pull request alerts metrics - -The metrics overview for {% data variables.product.prodname_codeql %} pull request alerts helps you to understand how well {% data variables.product.prodname_codeql %} is preventing vulnerabilities in your organizations. You can use the metrics to assess how {% data variables.product.prodname_codeql %} is performing in pull requests, and to easily identify the repositories where you may need to take action in order to identify and reduce security risks. - -The overview shows you a summary of how many vulnerabilities prevented by {% data variables.product.prodname_codeql %} have been caught in pull requests. The metrics are only tracked for pull requests that have been merged into the default branches of repositories in your organizations. - -You can also find more granular metrics, such as how many alerts were fixed{% ifversion code-scanning-autofix %} with and without {% data variables.copilot.copilot_autofix_short %} suggestions{% endif %}, how many were unresolved and merged, and how many were dismissed as false positive or as risk accepted. - -You can also view: - -* The rules that are causing the most alerts, and how many alerts each rule is associated with. - -* The number of alerts that were merged into the default branch without resolution, and the number of alerts dismissed as an acceptable risk. - -{% ifversion code-scanning-autofix %} -* The number of alerts that were fixed with an accepted {% data variables.copilot.copilot_autofix_short %} suggestion, displayed as a fraction of how many total {% data variables.copilot.copilot_autofix_short %} suggestions were available. - -* Remediation rates, in a graph showing the percentage of alerts that were remediated with an available {% data variables.copilot.copilot_autofix_short %} suggestion, and the percentage of alerts that were remediated without a {% data variables.copilot.copilot_autofix_short %} suggestion. - -* Mean time to remediate, in a graph showing the average age of closed alerts that were remediated with an available {% data variables.copilot.copilot_autofix_short %} suggestion, and the average age of closed alerts that were remediated without a {% data variables.copilot.copilot_autofix_short %} suggestion. -{% endif %} - -You can apply filters to the data. The metrics are based on activity from the default period or your selected period. - -{% ifversion code-scanning-autofix %} -> [!NOTE] Metrics for {% data variables.copilot.copilot_autofix_short %} will be shown only for repositories where {% data variables.copilot.copilot_autofix_short %} is enabled. -{% else %} -> [!NOTE] Metrics for {% data variables.copilot.copilot_autofix_short %} are omitted because {% data variables.copilot.copilot_autofix_short %} is available only on {% data variables.product.github %} cloud platforms. -{% endif %} - ## Viewing {% data variables.product.prodname_codeql %} pull request alerts metrics for an organization {% data reusables.organizations.navigate-to-org %} diff --git a/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-metrics-for-secret-scanning-push-protection.md b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-metrics-for-secret-scanning-push-protection.md index f5f913549f23..a3bba598d1b4 100644 --- a/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-metrics-for-secret-scanning-push-protection.md +++ b/content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-metrics-for-secret-scanning-push-protection.md @@ -2,7 +2,7 @@ title: Viewing metrics for secret scanning push protection shortTitle: View secret scanning metrics allowTitleToDifferFromFilename: true -intro: You can use security overview to see how {% data variables.product.prodname_secret_scanning %} push protection is performing in repositories across your organization{% ifversion security-overview-enterprise-secret-scanning-metrics %} or enterprise{% endif %}, and to identify repositories where you may need to take action. +intro: Monitor push protection's performance across your organization{% ifversion security-overview-enterprise-secret-scanning-metrics %} or enterprise{% endif %} to identify repositories where you may need to take action. permissions: '{% data reusables.permissions.security-overview %}' product: '{% data reusables.gated-features.security-overview-fpt-sp-only %}' contentType: how-tos @@ -23,28 +23,6 @@ versions: {% data reusables.secret-scanning.push-protection-org-metrics-beta %} -## About metrics for {% data variables.product.prodname_secret_scanning %} push protection - -The metrics overview for {% data variables.product.prodname_secret_scanning %} push protection helps you to understand how well you are preventing security leaks in your organization{% ifversion security-overview-enterprise-secret-scanning-metrics %} or across organizations in your enterprise{% endif %}. You can use the metrics to assess how push protection is performing, and to easily identify the repositories where you may need to take action in order to prevent leaks of sensitive information. - -The overview shows you a summary of how many pushes containing secrets have been successfully blocked by push protection, as well as how many times push protection was bypassed. - -You can also find more granular metrics, such as: -* The secret types that have been blocked or bypassed the most -* The repositories that have had the most pushes blocked -* The repositories that are bypassing push protection the most -* The percentage distribution of reasons that users give when they bypass the protection - -Use the date picker to set the time range that you want to view alert activity and metrics for, and click in the search box to add further filters on the alerts and metrics displayed. For more information, see [AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview#additional-filters-for-secret-scanning-alert-views). - -You can see {% data variables.product.prodname_secret_scanning %} metrics if you have: - -* The `admin` role for the repository. -* A custom repository role with the "View {% data variables.product.prodname_secret_scanning %} results" fine-grained permissions for the repository. For more information, see [AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/about-custom-repository-roles#security). -* Access to alerts for the repository. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts). - -The metrics are based on activity from the default period or your selected period. - ## Viewing metrics for {% data variables.product.prodname_secret_scanning %} push protection for an organization {% data reusables.organizations.navigate-to-org %} @@ -53,18 +31,14 @@ The metrics are based on activity from the default period or your selected perio 1. Click on an individual secret type or repository to see the associated {% data variables.secret-scanning.alerts %} for your organization. {% data reusables.security-overview.filter-secret-scanning-metrics %} -{% ifversion security-overview-enterprise-secret-scanning-metrics %} - ## Viewing metrics for {% data variables.product.prodname_secret_scanning %} push protection for an enterprise You can view metrics for {% data variables.product.prodname_secret_scanning %} push protection across organizations in an enterprise. {% data reusables.security-overview.information-varies-GHAS %} -{% ifversion ghes %}{% data reusables.enterprise-accounts.access-enterprise-ghes %}{% else %}{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}{% endif %} +{% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.code-scanning.click-code-security-enterprise %} 1. In the sidebar, click **{% data variables.product.prodname_secret_scanning_caps %} metrics**. 1. Click on an individual secret type or repository to see the associated {% data variables.secret-scanning.alerts %} for your enterprise. {% data reusables.security-overview.filter-secret-scanning-metrics %} {% data reusables.security-overview.enterprise-filters-tip %} - -{% endif %} diff --git a/content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-3-pilot-programs.md b/content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-3-pilot-programs.md index 787f5716b39c..6b315f82eca0 100644 --- a/content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-3-pilot-programs.md +++ b/content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-3-pilot-programs.md @@ -86,7 +86,7 @@ Next, enable push protection for each pilot project. If you plan to configure a link to a resource in the message that's displayed when a developer attempts to push a blocked secret, now would be a good time to test and start to refine the guidance that you plan to make available. -Start to review activity using the push protection metrics page in security overview. For more information, see [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection). +Start to review activity using the push protection metrics page in security overview. For more information, see [AUTOTITLE](/code-security/concepts/secret-security/push-protection-metrics). If you have collated any custom patterns specific to your enterprise, especially any related to the projects piloting {% data variables.product.prodname_secret_scanning %}, you can configure those. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning). diff --git a/content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md b/content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md index 8d79e782de21..490c30769afc 100644 --- a/content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md +++ b/content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md @@ -40,7 +40,7 @@ You'll also need SMEs if you need to use advanced setup for {% data variables.pr {% ifversion security-overview-org-codeql-pr-alerts %} -For {% data variables.product.prodname_code_scanning %} alerts from {% data variables.product.prodname_codeql %} analysis, you can use security overview to see how {% data variables.product.prodname_codeql %} is performing in pull requests in repositories across your organization, and to identify repositories where you may need to take action. For more information, see [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts). +For {% data variables.product.prodname_code_scanning %} alerts from {% data variables.product.prodname_codeql %} analysis, you can use security overview to see how {% data variables.product.prodname_codeql %} is performing in pull requests in repositories across your organization, and to identify repositories where you may need to take action. For more information, see [AUTOTITLE](/code-security/concepts/code-scanning/pull-request-alert-metrics). {% endif %} diff --git a/content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md b/content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md index 57ba27fdec09..1a80c6c8b462 100644 --- a/content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md +++ b/content/code-security/tutorials/adopting-github-advanced-security-at-scale/phase-6-rollout-and-scale-secret-scanning.md @@ -63,7 +63,7 @@ Once enabled, you can do the following: 1. **Notify:** Define a webhook that specifically tracks {% data variables.secret-scanning.alerts %} created when someone bypasses push protection by using the alert property `"push_protection_bypassed": true`. Or, use the API to get updates on which {% data variables.secret-scanning.alerts %} were the result of a push protection bypass by filtering the list of results for `"push_protection_bypassed": true`. For more information, see [AUTOTITLE](/code-security/getting-started/auditing-security-alerts). -1. **Monitor:** Use security overview to view metrics on how push protection is performing in repositories across your organization, so you can quickly identify any repositories where you might need to take action. For more information, see [AUTOTITLE](/enterprise-cloud@latest/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection). +1. **Monitor:** Use security overview to view metrics on how push protection is performing in repositories across your organization, so you can quickly identify any repositories where you might need to take action. For more information, see [AUTOTITLE](/code-security/concepts/secret-security/push-protection-metrics). ## 3. Remediate previously committed secrets, starting with the most critical From 20290965acd91340f5a926df0e3524b69b24cdf7 Mon Sep 17 00:00:00 2001 From: Sam Browning <106113886+sabrowning1@users.noreply.github.com> Date: Tue, 10 Mar 2026 11:44:20 -0400 Subject: [PATCH 12/20] [EDI] Push protection for users (#59319) --- .../secret-security/about-push-protection.md | 119 +++++++++--------- .../customize-leak-detection/index.md | 2 +- .../detect-secret-leaks/index.md | 2 +- .../manage-bypass-requests/index.md | 3 +- .../prevent-future-leaks/index.md | 7 +- .../manage-user-push-protection.md | 24 ++++ .../push-protection-for-users.md | 41 ------ .../work-with-leak-prevention/index.md | 6 +- data/learning-tracks/code-security.yml | 2 +- .../push-protection-for-users.md | 4 +- .../bypass-reasons-and-alerts.md | 2 +- .../secret-scanning/push-protection-bypass.md | 8 +- 12 files changed, 96 insertions(+), 124 deletions(-) create mode 100644 content/code-security/how-tos/secure-your-secrets/prevent-future-leaks/manage-user-push-protection.md delete mode 100644 content/code-security/how-tos/secure-your-secrets/prevent-future-leaks/push-protection-for-users.md diff --git a/content/code-security/concepts/secret-security/about-push-protection.md b/content/code-security/concepts/secret-security/about-push-protection.md index 5e2b86f23b02..6ba5c1dd8d92 100644 --- a/content/code-security/concepts/secret-security/about-push-protection.md +++ b/content/code-security/concepts/secret-security/about-push-protection.md @@ -1,7 +1,6 @@ --- title: About push protection -intro: Push protection blocks contributors from pushing secrets to a repository and generates an alert whenever a contributor bypasses the block.{% ifversion secret-scanning-push-protection-for-users %} Push protection can be applied at the repository, organization, and user account level{% else %} You can apply push protection at repository or organization level{% endif %}. -product: '{% data reusables.gated-features.push-protection-for-repos %}' +intro: Secure your secrets by stopping them from ever reaching your repository with push protection. versions: fpt: '*' ghes: '*' @@ -20,96 +19,90 @@ shortTitle: Push protection contentType: concepts --- -## About push protection +## What is push protection? -Push protection is a {% data variables.product.prodname_secret_scanning %} feature that is designed to prevent sensitive information, such as secrets or tokens, from being pushed to your repository in the first place. Unlike {% data variables.product.prodname_secret_scanning %}, which detects secrets after they have been committed, push protection proactively scans your code for secrets during the push process and blocks the push if any are detected. +Push protection is a {% data variables.product.prodname_secret_scanning %} feature designed to prevent sensitive information, such as secrets or tokens, from ever being pushed to your repository. Unlike {% data variables.product.prodname_secret_scanning %}, which detects secrets after they have been committed, push protection proactively scans your code for secrets during the push process, then blocks the push if any are detected. -Push protection helps you avoid the risks associated with exposed secrets, like unauthorized access to resources or services. With this feature, developers get immediate feedback and can address potential issues before they become a security concern. +## How push protection works -{% ifversion secret-scanning-push-protection-for-users %} +Push protection blocks secrets detected in: -You can enable push protection: +* Pushes from the command line +* Commits made in the {% data variables.product.prodname_dotcom %} UI{% ifversion push-protection-delegated-bypass-file-upload-support %} +* File uploads to a repository on {% data variables.product.github %}{% endif %}{% ifversion secret-scanning-push-protection-content-endpoints %} +* Requests to the REST API{% endif %} +* Interactions with the {% data variables.product.github %} MCP server (public repositories only) -* At repository/organization level, if you are a repository administrator or an organization owner. You will see alerts in the **Security** tab of your repository when a contributor to the repository bypasses push protection. -* For your account on {% data variables.product.prodname_dotcom %}, as a user. This type of push protection is referred to as "push protection for users." It protects you from pushing secrets to _any_ public repository on {% data variables.product.prodname_dotcom %}, but no alerts are generated. +When push protection detects a potential secret during a push attempt, it will block the push and provide a detailed message explaining the reason for the block. You will need to review the code in question, remove any sensitive information, and reattempt the push. -{% endif %} +## Types of push protection -{% ifversion ghas-products %}{% ifversion secret-risk-assessment %} +There are two types of push protection: -> [!TIP] -> Regardless of the enablement status of push protection, organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %} can run a free report to scan the code in the organization for leaked secrets. The report also tells you how many secret leaks in your organization could have been prevented by push protection. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment).{% endif %}{% else %} +* [Push protection for repositories](#push-protection-for-repositories) +* [Push protection for users](#push-protection-for-users) -{% endif %} - -For information about the secrets and service providers supported by push protection, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets). +### Push protection for repositories -Push protection has some limitations. For more information, see [AUTOTITLE](/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/troubleshooting-secret-scanning#push-protection-limitations). +You can enable push protection for repositories at the repository, organization, or enterprise level. This form of push protection: +* Requires {% data variables.product.prodname_GH_secret_protection_always %} to be enabled +* Is disabled by default, and can be enabled by a repository administrator, organization owner, security manager, or enterprise owner +* Blocks pushes containing secrets from reaching specific protected repositories +* Generates alerts for push protection bypasses in the **Security** tab of the repository, organization, and enterprise -## How push protection works +{% ifversion secret-risk-assessment %} -Push protection blocks secrets detected in: +> [!TIP] +> Regardless of the enablement status of push protection, organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %} can run a free report to scan their code for leaked secrets. The report also shows how many secret leaks could have been prevented by push protection. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment). -* Pushes from the command line. See [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line). -* Commits made in the {% data variables.product.prodname_dotcom %} UI. See [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui).{% ifversion push-protection-delegated-bypass-file-upload-support %} -* File uploads to a repository on {% data variables.product.prodname_dotcom %}.{% endif %}{% ifversion secret-scanning-push-protection-content-endpoints %} -* Requests to the REST API. See [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-rest-api).{% endif %} -* Interactions with the {% data variables.product.github %} MCP server (public repositories only). See [AUTOTITLE](/enterprise-cloud@latest/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-and-the-github-mcp-server). +{% endif %} -Once enabled, if push protection detects a potential secret during a push attempt, it will block the push and provide a detailed message explaining the reason for the block. You will need to review the code in question, remove any sensitive information, and reattempt the push. +### Push protection for users -By default, anyone with write access to the repository can choose to bypass push protection by specifying one of the bypass reasons outlined in the table. {% data reusables.secret-scanning.push-protection-bypass %} +Push protection for users is only available on {% data variables.product.prodname_dotcom_the_website %}, and is specific to your {% data variables.product.github %} account. This form of push protection: +* Is enabled by default +* Stops you from pushing secrets to public repositories on {% data variables.product.github %} +* Does not generate alerts when you bypass push protection unless push protection is also enabled at the repository level -{% data reusables.secret-scanning.bypass-reasons-and-alerts %} +## Push protection bypass and alerts - If you want greater control over which contributors can bypass push protection and which pushes containing secrets should be allowed, you can enable delegated bypass for push protection. Delegated bypass lets you configure a designated group of reviewers to oversee and manage requests to bypass push protection from contributors pushing to the repository. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection). +For push protection for repositories, by default, anyone with write access to the repository can bypass push protection by specifying a bypass reason. {% data reusables.secret-scanning.push-protection-bypass %} -{% ifversion secret-scanning-push-protection-content-endpoints %}You can also bypass push protection using the REST API. For more information, see [AUTOTITLE](/rest/secret-scanning/secret-scanning?apiVersion=2022-11-28#create-a-push-protection-bypass).{% endif %} +{% data reusables.secret-scanning.bypass-reasons-and-alerts %} -## About the benefits of push protection + If you want greater control over which contributors can bypass push protection and which pushes containing secrets should be allowed, you can configure a designated group of reviewers to oversee and manage bypass requests. -* **Preventative security:** Push protection acts as a frontline defense mechanism by scanning code for secrets at the time of the push. This preventative approach helps to catch potential issues before they are merged into your repository. +## Benefits of push protection +* **Preventative security:** Push protection acts as a frontline defense mechanism by scanning code for secrets at the time of the push. This preventative approach helps to catch potential issues before they are merged into a repository. * **Immediate feedback:** Developers receive instant feedback if a potential secret is detected during a push attempt. This immediate notification allows for quick remediation, reducing the likelihood of sensitive information being exposed. - * **Reduced risk of data leaks:** By blocking commits that contain sensitive information, push protection significantly reduces the risk of accidental data leaks. This helps in safeguarding against unauthorized access to your infrastructure, services, and data. - * **Efficient secret management:** Instead of retrospectively dealing with exposed secrets, developers can address issues at the source. This makes secret management more efficient and less time-consuming. +* **Bypass functionality for flexibility:** For cases where false positives occur or when certain patterns are necessary, you can bypass push protection for users, and designated users can use the delegated bypass feature to bypass push protection for repositories. This provides flexibility without compromising overall security. +* **Ability to detect custom patterns (for repositories in organizations):** Organizations can define custom patterns for detecting secrets unique to their environment. This customization ensures that push protection can effectively identify and block even non-standard secrets. -* **Ability to detect custom patterns:** Organizations can define custom patterns for detecting secrets unique to their environment. This customization ensures that push Protection can effectively identify and block even non-standard secrets. +## Customization -* **Delegated bypass for flexibility:** For cases where false positives occur or when certain patterns are necessary, the delegated bypass feature allows designated users to approve specific pushes. This provides flexibility without compromising overall security. +After you enable push protection for repositories, you can customize it by: -{% ifversion secret-scanning-push-protection-for-users %} +* Defining custom patterns to block pushes containing unique secret patterns +* Designating contributors who can bypass push protection and approve bypass requests for other contributors{% ifversion push-protected-pattern-configuration %} +* Configuring which secret patterns are included in push protection at the enterprise or organization level{% endif %} -Every user across {% data variables.product.prodname_dotcom %} can also enable push protection for themselves within their individual settings. Enabling push protection for your user account means that your pushes are protected whenever you push to a public repository on {% data variables.product.prodname_dotcom %}, without relying on that repository to have push protection enabled. For more information, see [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users). +## Next steps +{% ifversion security-configurations %} +To enable push protection: +* **For a repository**, see [AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository). +{% ifversion security-configurations-cloud -%} +* **For an organization or enterprise**, you need to apply a {% data variables.product.prodname_security_configuration %}. See [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/applying-the-github-recommended-security-configuration-in-your-organization) and [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/applying-the-github-recommended-security-configuration-to-your-enterprise). +{% elsif security-configuration-enterprise-level -%} +* **For an organization or enterprise**, you need to apply a {% data variables.product.prodname_security_configuration %}. See [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/creating-a-custom-security-configuration) and [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/creating-a-custom-security-configuration-for-your-enterprise). +{% else -%} +* **For an organization**, you need to apply a {% data variables.product.prodname_security_configuration %}. See [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/creating-a-custom-security-configuration). {% endif %} - -## Customizing push protection - -Once push protection is enabled, you can customize it further: - -{% ifversion push-protected-pattern-configuration %} - -### Configure push protected patterns - -Customize which secret patterns are included in push protection at the enterprise or organization level. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise#specifying-patterns-to-include-in-push-protection-for-your-enterprise) and [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization#specifying-patterns-to-include-in-push-protection). - +{% else %} +To get started with push protection, see [AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository). {% endif %} -### Define custom patterns - -Define custom patterns that push protection can use to identify secrets and block pushes containing these secrets. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning). - -### Configure delegated bypass - -Define contributors who can bypass push protection and add an approval process for other contributors. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection). - -## Further reading - -* [AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository) -* [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line) -* [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui) -* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning) -* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection) +For a list of secrets and service providers supported by push protection, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets). diff --git a/content/code-security/how-tos/secure-your-secrets/customize-leak-detection/index.md b/content/code-security/how-tos/secure-your-secrets/customize-leak-detection/index.md index 5492bf35afc7..bc7d2f2729a1 100644 --- a/content/code-security/how-tos/secure-your-secrets/customize-leak-detection/index.md +++ b/content/code-security/how-tos/secure-your-secrets/customize-leak-detection/index.md @@ -1,6 +1,6 @@ --- title: How-tos for customizing secret leak detection -shortTitle: Detection customization +shortTitle: Customize leak detection intro: Learn how to customize {% data variables.product.github %}'s secret leak detection tools. versions: fpt: '*' diff --git a/content/code-security/how-tos/secure-your-secrets/detect-secret-leaks/index.md b/content/code-security/how-tos/secure-your-secrets/detect-secret-leaks/index.md index 63ec3f163859..102bdec45689 100644 --- a/content/code-security/how-tos/secure-your-secrets/detect-secret-leaks/index.md +++ b/content/code-security/how-tos/secure-your-secrets/detect-secret-leaks/index.md @@ -1,6 +1,6 @@ --- title: How-tos for detecting secret leaks -shortTitle: Leak detection +shortTitle: Detect secret leaks intro: Learn how to use {% data variables.product.github %}'s tools to detect secret leaks. versions: fpt: '*' diff --git a/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/index.md b/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/index.md index 261f68f37691..ed0f1a7dcb9c 100644 --- a/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/index.md +++ b/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/index.md @@ -1,6 +1,6 @@ --- title: How-tos for bypass requests -shortTitle: Bypass requests +shortTitle: Manage bypass requests intro: Learn how to use the delegated bypass feature. versions: fpt: '*' @@ -15,4 +15,3 @@ children: - /managing-requests-to-bypass-push-protection - /reviewing-requests-to-bypass-push-protection --- - diff --git a/content/code-security/how-tos/secure-your-secrets/prevent-future-leaks/index.md b/content/code-security/how-tos/secure-your-secrets/prevent-future-leaks/index.md index d8e374f8d745..258edc3e2aa0 100644 --- a/content/code-security/how-tos/secure-your-secrets/prevent-future-leaks/index.md +++ b/content/code-security/how-tos/secure-your-secrets/prevent-future-leaks/index.md @@ -1,7 +1,7 @@ --- title: How-tos for leak prevention -shortTitle: Leak prevention -intro: Learn how to prevent future secret leaks with {% data variables.product.github %}'s tools. +shortTitle: Prevent future leaks +intro: Learn how to prevent future secret leaks with {% data variables.product.github %}'s push protection. versions: fpt: '*' ghes: '*' @@ -12,6 +12,5 @@ topics: contentType: how-tos children: - /enabling-push-protection-for-your-repository - - /push-protection-for-users + - /manage-user-push-protection --- - diff --git a/content/code-security/how-tos/secure-your-secrets/prevent-future-leaks/manage-user-push-protection.md b/content/code-security/how-tos/secure-your-secrets/prevent-future-leaks/manage-user-push-protection.md new file mode 100644 index 000000000000..762de2e331a2 --- /dev/null +++ b/content/code-security/how-tos/secure-your-secrets/prevent-future-leaks/manage-user-push-protection.md @@ -0,0 +1,24 @@ +--- +title: Managing push protection for users +shortTitle: Manage user push protection +intro: You can control {% data variables.product.github %}'s ability to block your pushes that may contain secrets. +versions: + feature: secret-scanning-push-protection-for-users +product: '{% data reusables.gated-features.push-protection-for-users %}' +contentType: how-tos +topics: + - Secret scanning + - Secret Protection + - Alerts + - User account +redirect_from: + - /code-security/secret-scanning/push-protection-for-users + - /code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users + - /code-security/how-tos/secure-your-secrets/prevent-future-leaks/push-protection-for-users +--- + +{% data reusables.user-settings.access_settings %} +{% data reusables.user-settings.security-analysis %} +1. Under "User", to the right of "Push protection for yourself", update your settings. + + ![Screenshot of the "User" section of the "Code security and analysis" settings page. A button labeled "Disable" is outlined in dark orange.](/assets/images/help/security/push-protection-for-yourself.png) diff --git a/content/code-security/how-tos/secure-your-secrets/prevent-future-leaks/push-protection-for-users.md b/content/code-security/how-tos/secure-your-secrets/prevent-future-leaks/push-protection-for-users.md deleted file mode 100644 index 22319c1294cf..000000000000 --- a/content/code-security/how-tos/secure-your-secrets/prevent-future-leaks/push-protection-for-users.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: Push protection for users -shortTitle: Push protection for users -intro: With push protection for users, you are automatically protected on all pushes to public repositories across {% data variables.product.github %}. -versions: - feature: secret-scanning-push-protection-for-users -product: '{% data reusables.gated-features.push-protection-for-users %}' -contentType: how-tos -topics: - - Secret scanning - - Secret Protection - - Alerts - - User account -redirect_from: - - /code-security/secret-scanning/push-protection-for-users - - /code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users ---- - -## About push protection for users - -Push protection for users automatically protects you from accidentally committing secrets to public repositories across {% data variables.product.github %}. - -When you try to push a secret to a public repository, {% data variables.product.github %} blocks the push. If you believe it's safe to allow the secret, you have the option to bypass the block. Otherwise, you must remove the secret from the commit before pushing again. For more information on how to resolve a blocked push, see [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui) or [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line), depending on whether you use the {% data variables.product.github %} UI or the command line. - -Push protection for users is always on by default. You can disable the feature at any time through your personal account settings. This may cause secrets to be accidentally leaked. For more information, see [Disabling push protection for users](#disabling-push-protection-for-users). - -Push protection for users is different from _push protection for repositories and organizations_, which is a {% data variables.product.prodname_secret_scanning %} feature that must be enabled by a repository administrator or organization owner. With push protection for repositories and organizations, {% data variables.product.prodname_secret_scanning %} blocks contributors from pushing secrets to a repository and generates an alert whenever a contributor bypasses the protection. For more information, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection). - -With push protection for users, {% data variables.product.github %} won't create an alert when you bypass the protection and push a secret to a public repository, unless the repository itself has {% data variables.product.prodname_secret_scanning %} enabled. However, if the bypassed secret is a {% data variables.product.github %} token, the token will be revoked and you will be notified by email. - -For information on the secrets and service providers supported for push protection, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets). - -## Disabling push protection for users - -You can disable push protection for users through your personal account settings. - -{% data reusables.user-settings.access_settings %} -{% data reusables.user-settings.security-analysis %} -1. Under "User", to the right of "Push protection for yourself", click **Disable**. - - ![Screenshot of the "User" section of the "Code security and analysis" settings page. A button labeled "Disable" is outlined in dark orange.](/assets/images/help/security/push-protection-for-yourself.png) diff --git a/content/code-security/how-tos/secure-your-secrets/work-with-leak-prevention/index.md b/content/code-security/how-tos/secure-your-secrets/work-with-leak-prevention/index.md index d69c827dacd5..49b1ae868314 100644 --- a/content/code-security/how-tos/secure-your-secrets/work-with-leak-prevention/index.md +++ b/content/code-security/how-tos/secure-your-secrets/work-with-leak-prevention/index.md @@ -1,7 +1,7 @@ --- -title: How-tos for push protection -shortTitle: Push protection -intro: Learn how to use {% data variables.product.github %}'s push protection. +title: How-tos for working with leak prevention +shortTitle: Work with leak prevention +intro: Learn how to work with {% data variables.product.github %}'s push protection in different environments. versions: fpt: '*' ghes: '*' diff --git a/data/learning-tracks/code-security.yml b/data/learning-tracks/code-security.yml index a28897ba7886..e895090d861c 100644 --- a/data/learning-tracks/code-security.yml +++ b/data/learning-tracks/code-security.yml @@ -127,7 +127,7 @@ secret_scanning: endif %} - >- {% ifversion secret-scanning-push-protection-for-users - %}/code-security/how-tos/secure-your-secrets/prevent-future-leaks/push-protection-for-users{% + %}/code-security/how-tos/secure-your-secrets/prevent-future-leaks/manage-user-push-protection{% endif %} - >- {% ifversion secret-scanning-push-protection diff --git a/data/reusables/gated-features/push-protection-for-users.md b/data/reusables/gated-features/push-protection-for-users.md index 3187800b594a..d294f450de87 100644 --- a/data/reusables/gated-features/push-protection-for-users.md +++ b/data/reusables/gated-features/push-protection-for-users.md @@ -1,3 +1 @@ -Push protection for users is on by default on the following repository types: - -* Public repositories +Push protection for users is on by default for public repositories diff --git a/data/reusables/secret-scanning/bypass-reasons-and-alerts.md b/data/reusables/secret-scanning/bypass-reasons-and-alerts.md index 82c68dc9bbec..71d5bb1b47f0 100644 --- a/data/reusables/secret-scanning/bypass-reasons-and-alerts.md +++ b/data/reusables/secret-scanning/bypass-reasons-and-alerts.md @@ -1,4 +1,4 @@ -This table shows the behavior of alerts for each way a user can bypass a push protection block. +This table shows the behavior of alerts for each bypass reason a user can specify. | Bypass reason | Alert behavior | |-----------------------|------------------------------------------------------| diff --git a/data/reusables/secret-scanning/push-protection-bypass.md b/data/reusables/secret-scanning/push-protection-bypass.md index 1aef281bc85d..b095a59743e8 100644 --- a/data/reusables/secret-scanning/push-protection-bypass.md +++ b/data/reusables/secret-scanning/push-protection-bypass.md @@ -1,4 +1,4 @@ -If a contributor bypasses a push protection block for a secret, {% data variables.product.prodname_dotcom %}: -* Creates an alert in the **Security** tab of the repository. -* Adds the bypass event to the audit log. -* Sends an email alert to organization or personal account owners, security managers, and repository administrators who are watching the repository, with a link to the secret and the reason why it was allowed. +When a contributor bypasses a push protection block, {% data variables.product.prodname_dotcom %}: +* Creates an alert in the **Security** tab of the repository, organization, and enterprise +* Adds the bypass event to the audit log +* Sends an email alert to personal account, organization, and enterprise owners, security managers, and repository administrators who are watching the repository, with a link to the secret and the reason it was allowed From 2c92c49ec53866e55e2d9448efd9f7bc9f4060d8 Mon Sep 17 00:00:00 2001 From: Jenny Sharps Date: Tue, 10 Mar 2026 08:49:21 -0700 Subject: [PATCH 13/20] Expose document type for articles in API (#60109) --- src/article-api/README.md | 6 ++- .../middleware/article-pageinfo.ts | 5 ++- src/article-api/middleware/article.ts | 6 ++- src/article-api/tests/pageinfo.ts | 41 +++++++++++++++++++ 4 files changed, 52 insertions(+), 6 deletions(-) diff --git a/src/article-api/README.md b/src/article-api/README.md index 68ad97d2e00a..93188ad44d0a 100644 --- a/src/article-api/README.md +++ b/src/article-api/README.md @@ -68,7 +68,8 @@ Get article metadata and content in a single object. Equivalent to calling `/art "meta": { "title": "About GitHub and Git", "intro": "You can use GitHub and Git to collaborate on work.", - "product": "Get started" + "product": "Get started", + "documentType": "article" }, "body": "## About GitHub\n\nGitHub is a cloud-based platform where you can store, share, and work together with others to write code.\n\nStoring your code in a \"repository\" on GitHub allows you to:\n\n* **Showcase or share** your work.\n [...]" } @@ -111,7 +112,7 @@ Get metadata about an article. **Parameters**: - **pathname** (string) - Article path (e.g. '/en/get-started/article-name') -**Returns**: (object) - JSON object containing article metadata with title, intro, and product information. +**Returns**: (object) - JSON object containing article metadata with title, intro, product, and documentType information. **Throws**: - (Error): 400 - If pathname parameter is invalid. @@ -124,6 +125,7 @@ Get metadata about an article. "title": "About GitHub and Git", "intro": "You can use GitHub and Git to collaborate on work.", "product": "Get started", + "documentType": "article", "breadcrumbs": [ { "href": "/en/get-started", diff --git a/src/article-api/middleware/article-pageinfo.ts b/src/article-api/middleware/article-pageinfo.ts index 87f648821792..c3670cd782bc 100644 --- a/src/article-api/middleware/article-pageinfo.ts +++ b/src/article-api/middleware/article-pageinfo.ts @@ -135,13 +135,14 @@ export async function getMetadata(req: ExtendedRequestWithPageInfo) { // So by the time we get here, the pathname should be one of the // page's valid permalinks. const { page, pathname, archived } = req.pageinfo + const documentType = page?.documentType ?? null if (archived && archived.isArchived) { const { requestedVersion } = archived const title = `GitHub Enterprise Server ${requestedVersion} Help Documentation` const intro = '' const product = 'GitHub Enterprise Server' - return { meta: { intro, title, product } } + return { meta: { intro, title, product, documentType } } } if (!page) { @@ -156,5 +157,5 @@ export async function getMetadata(req: ExtendedRequestWithPageInfo) { const fromCache = await getPageInfoFromCache(page, pathname) const { cacheInfo, ...meta } = fromCache - return { meta, cacheInfo } + return { meta: { ...meta, documentType }, cacheInfo } } diff --git a/src/article-api/middleware/article.ts b/src/article-api/middleware/article.ts index b9eb40a97e55..3fa09499cf94 100644 --- a/src/article-api/middleware/article.ts +++ b/src/article-api/middleware/article.ts @@ -39,7 +39,8 @@ const router = express.Router() * "meta": { * "title": "About GitHub and Git", * "intro": "You can use GitHub and Git to collaborate on work.", - * "product": "Get started" + * "product": "Get started", + * "documentType": "article" * }, * "body": "## About GitHub\n\nGitHub is a cloud-based platform where you can store, share, and work together with others to write code.\n\nStoring your code in a \"repository\" on GitHub allows you to:\n\n* **Showcase or share** your work.\n [...]" * } @@ -112,7 +113,7 @@ router.get( * Get metadata about an article. * @route GET /api/article/meta * @param {string} pathname - Article path (e.g. '/en/get-started/article-name') - * @returns {object} JSON object containing article metadata with title, intro, and product information. + * @returns {object} JSON object containing article metadata with title, intro, product, and documentType information. * @throws {Error} 400 - If pathname parameter is invalid. * @throws {Error} 404 - If the path is valid, but the page couldn't be resolved. * @example @@ -121,6 +122,7 @@ router.get( * "title": "About GitHub and Git", * "intro": "You can use GitHub and Git to collaborate on work.", * "product": "Get started", + * "documentType": "article", * "breadcrumbs": [ * { * "href": "/en/get-started", diff --git a/src/article-api/tests/pageinfo.ts b/src/article-api/tests/pageinfo.ts index 7fe9a63c6b17..ed70757237b2 100644 --- a/src/article-api/tests/pageinfo.ts +++ b/src/article-api/tests/pageinfo.ts @@ -11,6 +11,7 @@ interface PageMetadata { product: string title: string intro: string + documentType: string | null } interface ErrorResponse { @@ -44,6 +45,7 @@ describe('pageinfo api', () => { expect(meta.intro).toBe( 'Get started using HubGit to manage Git repositories and collaborate with others.', ) + expect(meta.documentType).toBe('category') // Check that it can be cached at the CDN expect(res.headers['set-cookie']).toBeUndefined() expect(res.headers['cache-control']).toContain('public') @@ -170,6 +172,44 @@ describe('pageinfo api', () => { } }) + test('documentType for different page types', async () => { + // Homepage + { + const res = await get(makeURL('/en')) + expect(res.statusCode).toBe(200) + const meta = JSON.parse(res.body) as PageMetadata + expect(meta.documentType).toBe('homepage') + } + // Product + { + const res = await get(makeURL('/en/get-started')) + expect(res.statusCode).toBe(200) + const meta = JSON.parse(res.body) as PageMetadata + expect(meta.documentType).toBe('product') + } + // Category + { + const res = await get(makeURL('/en/get-started/start-your-journey')) + expect(res.statusCode).toBe(200) + const meta = JSON.parse(res.body) as PageMetadata + expect(meta.documentType).toBe('category') + } + // Subcategory + { + const res = await get(makeURL('/en/actions/category/subcategory')) + expect(res.statusCode).toBe(200) + const meta = JSON.parse(res.body) as PageMetadata + expect(meta.documentType).toBe('subcategory') + } + // Article + { + const res = await get(makeURL('/en/get-started/start-your-journey/hello-world')) + expect(res.statusCode).toBe(200) + const meta = JSON.parse(res.body) as PageMetadata + expect(meta.documentType).toBe('article') + } + }) + test('archived enterprise versions', async () => { // For example /en/enterprise-server@3.8 is a valid Page in the // site tree, but /en/enterprise-server@2.6 is not. Yet we can @@ -182,6 +222,7 @@ describe('pageinfo api', () => { expect(res.statusCode).toBe(200) const meta = JSON.parse(res.body) as PageMetadata expect(meta.title).toMatch('GitHub Enterprise Server 3.2 Help Documentation') + expect(meta.documentType).toBeNull() } // The oldest known archived version that we proxy From ef1b934fda0c0a452153855d06d95668b943be81 Mon Sep 17 00:00:00 2001 From: Kevin Heis Date: Tue, 10 Mar 2026 09:48:34 -0700 Subject: [PATCH 14/20] Remove model field from dependabot-triage-agent (default to claude-sonnet-4.6) (#60133) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/aw/actions-lock.json | 6 ++--- .../dependabot-triage-agent.lock.yml | 26 +++++++++---------- .github/workflows/dependabot-triage-agent.md | 1 - 3 files changed, 16 insertions(+), 17 deletions(-) diff --git a/.github/aw/actions-lock.json b/.github/aw/actions-lock.json index 8ce15cf5bba8..78d0a1059153 100644 --- a/.github/aw/actions-lock.json +++ b/.github/aw/actions-lock.json @@ -5,10 +5,10 @@ "version": "v8", "sha": "ed597411d8f924073f98dfc5c65a23a2325f34cd" }, - "github/gh-aw/actions/setup@v0.57.0": { + "github/gh-aw/actions/setup@v0.57.1": { "repo": "github/gh-aw/actions/setup", - "version": "v0.57.0", - "sha": "902845080df391b1f71845fcd7c303dfc0ac90b3" + "version": "v0.57.1", + "sha": "36e5751f7c3d40ec9df8f44c0252b7bfabfc4dd6" } } } diff --git a/.github/workflows/dependabot-triage-agent.lock.yml b/.github/workflows/dependabot-triage-agent.lock.yml index 28940ce2c73b..4fcaa9756f6e 100644 --- a/.github/workflows/dependabot-triage-agent.lock.yml +++ b/.github/workflows/dependabot-triage-agent.lock.yml @@ -13,7 +13,7 @@ # \ /\ / (_) | | | | ( | | | | (_) \ V V /\__ \ # \/ \/ \___/|_| |_|\_\|_| |_|\___/ \_/\_/ |___/ # -# This file was automatically generated by gh-aw (v0.57.0). DO NOT EDIT. +# This file was automatically generated by gh-aw (v0.57.1). DO NOT EDIT. # # To update this file, edit the corresponding .md file and run: # gh aw compile @@ -23,7 +23,7 @@ # # Analyzes Dependabot PRs and posts a structured triage comment # -# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"fcd8446177f28f1cc7c920956c5868327d4d20fb40434891b428e04fd842c480","compiler_version":"v0.57.0","strict":true} +# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"4b68d876574e7d7506341bd43017df62e6d8a002e9b4168f0e022712b9a86437","compiler_version":"v0.57.1","strict":true} name: 'Dependabot PR Triage Agent' 'on': @@ -62,7 +62,7 @@ jobs: title: ${{ steps.sanitized.outputs.title }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@902845080df391b1f71845fcd7c303dfc0ac90b3 # v0.57.0 + uses: github/gh-aw/actions/setup@36e5751f7c3d40ec9df8f44c0252b7bfabfc4dd6 # v0.57.1 with: destination: /opt/gh-aw/actions - name: Generate agentic run info @@ -70,10 +70,10 @@ jobs: env: GH_AW_INFO_ENGINE_ID: 'copilot' GH_AW_INFO_ENGINE_NAME: 'GitHub Copilot CLI' - GH_AW_INFO_MODEL: 'claude-opus-4.6' + GH_AW_INFO_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || '' }} GH_AW_INFO_VERSION: '' GH_AW_INFO_AGENT_VERSION: 'latest' - GH_AW_INFO_CLI_VERSION: 'v0.57.0' + GH_AW_INFO_CLI_VERSION: 'v0.57.1' GH_AW_INFO_WORKFLOW_NAME: 'Dependabot PR Triage Agent' GH_AW_INFO_EXPERIMENTAL: 'false' GH_AW_INFO_SUPPORTS_TOOLS_ALLOWLIST: 'true' @@ -97,12 +97,12 @@ jobs: - name: Checkout .github and .agents folders uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: + persist-credentials: false sparse-checkout: | .github .agents sparse-checkout-cone-mode: true fetch-depth: 1 - persist-credentials: false - name: Check workflow file timestamps uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8 env: @@ -282,7 +282,7 @@ jobs: output_types: ${{ steps.collect_output.outputs.output_types }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@902845080df391b1f71845fcd7c303dfc0ac90b3 # v0.57.0 + uses: github/gh-aw/actions/setup@36e5751f7c3d40ec9df8f44c0252b7bfabfc4dd6 # v0.57.1 with: destination: /opt/gh-aw/actions - name: Checkout repository @@ -751,7 +751,7 @@ jobs: env: COPILOT_AGENT_RUNNER_TYPE: STANDALONE COPILOT_GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_COPILOT }} - COPILOT_MODEL: claude-opus-4.6 + COPILOT_MODEL: ${{ vars.GH_AW_MODEL_AGENT_COPILOT || '' }} GH_AW_MCP_CONFIG: /home/runner/.copilot/mcp-config.json GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GH_AW_SAFE_OUTPUTS: ${{ env.GH_AW_SAFE_OUTPUTS }} @@ -986,7 +986,7 @@ jobs: env: COPILOT_AGENT_RUNNER_TYPE: STANDALONE COPILOT_GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_COPILOT }} - COPILOT_MODEL: claude-opus-4.6 + COPILOT_MODEL: ${{ vars.GH_AW_MODEL_DETECTION_COPILOT || '' }} GH_AW_PROMPT: /tmp/gh-aw/aw-prompts/prompt.txt GITHUB_API_URL: ${{ github.api_url }} GITHUB_HEAD_REF: ${{ github.head_ref }} @@ -1058,7 +1058,7 @@ jobs: total_count: ${{ steps.missing_tool.outputs.total_count }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@902845080df391b1f71845fcd7c303dfc0ac90b3 # v0.57.0 + uses: github/gh-aw/actions/setup@36e5751f7c3d40ec9df8f44c0252b7bfabfc4dd6 # v0.57.1 with: destination: /opt/gh-aw/actions - name: Download agent output artifact @@ -1116,6 +1116,7 @@ jobs: GH_AW_CODE_PUSH_FAILURE_ERRORS: ${{ needs.safe_outputs.outputs.code_push_failure_errors }} GH_AW_CODE_PUSH_FAILURE_COUNT: ${{ needs.safe_outputs.outputs.code_push_failure_count }} GH_AW_GROUP_REPORTS: 'false' + GH_AW_FAILURE_REPORT_AS_ISSUE: 'true' GH_AW_TIMEOUT_MINUTES: '90' with: github-token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }} @@ -1150,7 +1151,7 @@ jobs: matched_command: '' steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@902845080df391b1f71845fcd7c303dfc0ac90b3 # v0.57.0 + uses: github/gh-aw/actions/setup@36e5751f7c3d40ec9df8f44c0252b7bfabfc4dd6 # v0.57.1 with: destination: /opt/gh-aw/actions - name: Check team membership for workflow @@ -1194,7 +1195,6 @@ jobs: env: GH_AW_CALLER_WORKFLOW_ID: '${{ github.repository }}/dependabot-triage-agent' GH_AW_ENGINE_ID: 'copilot' - GH_AW_ENGINE_MODEL: 'claude-opus-4.6' GH_AW_WORKFLOW_ID: 'dependabot-triage-agent' GH_AW_WORKFLOW_NAME: 'Dependabot PR Triage Agent' outputs: @@ -1210,7 +1210,7 @@ jobs: push_commit_url: ${{ steps.process_safe_outputs.outputs.push_commit_url }} steps: - name: Setup Scripts - uses: github/gh-aw/actions/setup@902845080df391b1f71845fcd7c303dfc0ac90b3 # v0.57.0 + uses: github/gh-aw/actions/setup@36e5751f7c3d40ec9df8f44c0252b7bfabfc4dd6 # v0.57.1 with: destination: /opt/gh-aw/actions - name: Download agent output artifact diff --git a/.github/workflows/dependabot-triage-agent.md b/.github/workflows/dependabot-triage-agent.md index b7f82e3f5058..b587770c21b8 100644 --- a/.github/workflows/dependabot-triage-agent.md +++ b/.github/workflows/dependabot-triage-agent.md @@ -14,7 +14,6 @@ permissions: timeout-minutes: 90 engine: id: copilot - model: claude-opus-4.6 env: COPILOT_GITHUB_TOKEN: ${{ secrets.DOCS_BOT_PAT_COPILOT }} tools: From 6d236d54c6dce7ff17713779afc420a987ba69f6 Mon Sep 17 00:00:00 2001 From: docs-bot <77750099+docs-bot@users.noreply.github.com> Date: Tue, 10 Mar 2026 09:55:21 -0700 Subject: [PATCH 15/20] GraphQL schema update (#60132) Co-authored-by: github-merge-queue <118344674+github-merge-queue@users.noreply.github.com> --- src/graphql/data/fpt/changelog.json | 14 ++++++++++++++ src/graphql/data/fpt/schema.docs.graphql | 10 ++++++++++ src/graphql/data/fpt/schema.json | 16 ++++++++++++++++ src/graphql/data/ghec/schema.docs.graphql | 10 ++++++++++ src/graphql/data/ghec/schema.json | 16 ++++++++++++++++ 5 files changed, 66 insertions(+) diff --git a/src/graphql/data/fpt/changelog.json b/src/graphql/data/fpt/changelog.json index 0f3b9bb2201e..23621458a2cc 100644 --- a/src/graphql/data/fpt/changelog.json +++ b/src/graphql/data/fpt/changelog.json @@ -1,4 +1,18 @@ [ + { + "schemaChanges": [ + { + "title": "The GraphQL schema includes these changes:", + "changes": [ + "

Field viewerCopilotAgentTaskUpdatesChannel was added to interface Agentic

", + "

Field viewerCopilotAgentTaskUpdatesChannel was added to object type User

" + ] + } + ], + "previewChanges": [], + "upcomingChanges": [], + "date": "2026-03-10" + }, { "schemaChanges": [ { diff --git a/src/graphql/data/fpt/schema.docs.graphql b/src/graphql/data/fpt/schema.docs.graphql index acf6608c6027..586ce5c06c1c 100644 --- a/src/graphql/data/fpt/schema.docs.graphql +++ b/src/graphql/data/fpt/schema.docs.graphql @@ -1462,6 +1462,11 @@ interface Agentic { """ viewerCopilotAgentLogUpdatesChannel: String + """ + Channel value for subscribing to live updates for task updates. + """ + viewerCopilotAgentTaskUpdatesChannel: String + """ Channel value for subscribing to live updates for session updates. """ @@ -68886,6 +68891,11 @@ type User implements Actor & Agentic & Node & PackageOwner & ProfileOwner & Proj """ viewerCopilotAgentLogUpdatesChannel: String + """ + Channel value for subscribing to live updates for task updates. + """ + viewerCopilotAgentTaskUpdatesChannel: String + """ Channel value for subscribing to live updates for session updates. """ diff --git a/src/graphql/data/fpt/schema.json b/src/graphql/data/fpt/schema.json index f234693332bb..d8e856d13e0c 100644 --- a/src/graphql/data/fpt/schema.json +++ b/src/graphql/data/fpt/schema.json @@ -82438,6 +82438,14 @@ "kind": "scalars", "href": "/graphql/reference/scalars#string" }, + { + "name": "viewerCopilotAgentTaskUpdatesChannel", + "description": "

Channel value for subscribing to live updates for task updates.

", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, { "name": "viewerCopilotAgentUpdatesChannel", "description": "

Channel value for subscribing to live updates for session updates.

", @@ -84363,6 +84371,14 @@ "kind": "scalars", "href": "/graphql/reference/scalars#string" }, + { + "name": "viewerCopilotAgentTaskUpdatesChannel", + "description": "

Channel value for subscribing to live updates for task updates.

", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, { "name": "viewerCopilotAgentUpdatesChannel", "description": "

Channel value for subscribing to live updates for session updates.

", diff --git a/src/graphql/data/ghec/schema.docs.graphql b/src/graphql/data/ghec/schema.docs.graphql index acf6608c6027..586ce5c06c1c 100644 --- a/src/graphql/data/ghec/schema.docs.graphql +++ b/src/graphql/data/ghec/schema.docs.graphql @@ -1462,6 +1462,11 @@ interface Agentic { """ viewerCopilotAgentLogUpdatesChannel: String + """ + Channel value for subscribing to live updates for task updates. + """ + viewerCopilotAgentTaskUpdatesChannel: String + """ Channel value for subscribing to live updates for session updates. """ @@ -68886,6 +68891,11 @@ type User implements Actor & Agentic & Node & PackageOwner & ProfileOwner & Proj """ viewerCopilotAgentLogUpdatesChannel: String + """ + Channel value for subscribing to live updates for task updates. + """ + viewerCopilotAgentTaskUpdatesChannel: String + """ Channel value for subscribing to live updates for session updates. """ diff --git a/src/graphql/data/ghec/schema.json b/src/graphql/data/ghec/schema.json index f234693332bb..d8e856d13e0c 100644 --- a/src/graphql/data/ghec/schema.json +++ b/src/graphql/data/ghec/schema.json @@ -82438,6 +82438,14 @@ "kind": "scalars", "href": "/graphql/reference/scalars#string" }, + { + "name": "viewerCopilotAgentTaskUpdatesChannel", + "description": "

Channel value for subscribing to live updates for task updates.

", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, { "name": "viewerCopilotAgentUpdatesChannel", "description": "

Channel value for subscribing to live updates for session updates.

", @@ -84363,6 +84371,14 @@ "kind": "scalars", "href": "/graphql/reference/scalars#string" }, + { + "name": "viewerCopilotAgentTaskUpdatesChannel", + "description": "

Channel value for subscribing to live updates for task updates.

", + "type": "String", + "id": "string", + "kind": "scalars", + "href": "/graphql/reference/scalars#string" + }, { "name": "viewerCopilotAgentUpdatesChannel", "description": "

Channel value for subscribing to live updates for session updates.

", From e22f1571a73e07f1ed7ca27e3267a838b395f988 Mon Sep 17 00:00:00 2001 From: "release-controller[bot]" <110195724+release-controller[bot]@users.noreply.github.com> Date: Tue, 10 Mar 2026 17:07:35 +0000 Subject: [PATCH 16/20] Patch release notes for GitHub Enterprise Server (#60081) Co-authored-by: Release-Controller Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> Co-authored-by: Sophie <29382425+sophietheking@users.noreply.github.com> Co-authored-by: jokego <100397366+jokego@users.noreply.github.com> Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com> Co-authored-by: Tim Reimherr <16481702+timreimherr@users.noreply.github.com> --- .../enterprise-server/3-14/24.yml | 58 +++++++++++ .../enterprise-server/3-15/19.yml | 68 +++++++++++++ .../enterprise-server/3-16/15.yml | 74 ++++++++++++++ .../enterprise-server/3-17/12.yml | 76 ++++++++++++++ .../enterprise-server/3-18/6.yml | 88 +++++++++++++++++ .../enterprise-server/3-19/3.yml | 98 +++++++++++++++++++ 6 files changed, 462 insertions(+) create mode 100644 data/release-notes/enterprise-server/3-14/24.yml create mode 100644 data/release-notes/enterprise-server/3-15/19.yml create mode 100644 data/release-notes/enterprise-server/3-16/15.yml create mode 100644 data/release-notes/enterprise-server/3-17/12.yml create mode 100644 data/release-notes/enterprise-server/3-18/6.yml create mode 100644 data/release-notes/enterprise-server/3-19/3.yml diff --git a/data/release-notes/enterprise-server/3-14/24.yml b/data/release-notes/enterprise-server/3-14/24.yml new file mode 100644 index 000000000000..8e1c230dfdb8 --- /dev/null +++ b/data/release-notes/enterprise-server/3-14/24.yml @@ -0,0 +1,58 @@ +date: '2026-03-10' +sections: + security_fixes: + - | + **HIGH**: An attacker with push access to a repository could execute arbitrary code on the instance by injecting malicious values into Git push options. The push options were not properly sanitized before being included in internal headers used for Git operations, allowing the attacker to override internal metadata fields and achieve remote code execution. GitHub has requested CVE ID [CVE-2026-3854](https://www.cve.org/cverecord?id=CVE-2026-3854) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM**: An attacker with read access to a repository and write access to a project could bypass repository write permissions to modify issue and pull request labels, assignees, and other metadata by adding duplicate items to the project. GitHub has requested CVE ID [CVE-2026-3306](https://www.cve.org/cverecord?id=CVE-2026-3306) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + bugs: + - | + Users experienced delays or failures when performing Git operations over HTTP. The operations could hang indefinitely due to a deadlock in the babeld service. + - | + When administrators applied configuration changes via the Management Console, the state shown would occasionally briefly flicker to a failure before being marked as successful causing confusion as to whether the configuration had succeeded. + - | + After an upgrade, `ghe-config-apply` could fail to remove some pre-upgrade Docker images and report `Error response from daemon: conflict: unable to delete `. + - | + Administrators for instances using the collectd metrics stack saw empty `git fetch caching` graphs on the Management Console monitoring page. + - | + After upgrading, `ghe-config-apply` failed to start services including HAProxy and Redis. Docker images were incorrectly removed during the upgrade process, preventing services from starting. + - | + Users experienced failures when migrating repositories with releases using GitHub Enterprise Importer. Migrations failed to import release assets that were incompletely uploaded at the time of export, as the export archive referenced assets without including the corresponding files. + changes: + - | + To improve performance on large instances, HAProxy automatically scales its thread count based on available CPUs and uses higher connection limits for high-traffic backend services including GitHub Actions, database connections, job queues, and package registry. Administrators can override the thread count using `ghe-config haproxy-nbthread` if needed. + known_issues: + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-web-ui/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + Admin stats REST API endpoints may time out on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + - | + Running `ghe-config-apply` as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps. + - | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} + - | + When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. + - | + An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning. + - | + In the header bar displayed to site administrators, some icons are not available. + - | + When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance. + - | + After a geo-replica is promoted to be a primary by running `ghe-repl-promote`, the Actions workflow of a repository does not have any suggested workflows. + - | + Unexpected elements may appear in the UI on the repository overview page for locked repositories. + - | + On an instance hosted on Azure, commenting on an issue via email means the comment is not added to the issue. diff --git a/data/release-notes/enterprise-server/3-15/19.yml b/data/release-notes/enterprise-server/3-15/19.yml new file mode 100644 index 000000000000..f436e6fbc4ec --- /dev/null +++ b/data/release-notes/enterprise-server/3-15/19.yml @@ -0,0 +1,68 @@ +date: '2026-03-10' +sections: + security_fixes: + - | + **HIGH**: An attacker with push access to a repository could execute arbitrary code on the instance by injecting malicious values into Git push options. The push options were not properly sanitized before being included in internal headers used for Git operations, allowing the attacker to override internal metadata fields and achieve remote code execution. GitHub has requested CVE ID [CVE-2026-3854](https://www.cve.org/cverecord?id=CVE-2026-3854) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM**: An attacker with read access to a repository and write access to a project could bypass repository write permissions to modify issue and pull request labels, assignees, and other metadata by adding duplicate items to the project. GitHub has requested CVE ID [CVE-2026-3306](https://www.cve.org/cverecord?id=CVE-2026-3306) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + bugs: + - | + Users experienced delays or failures when performing Git operations over HTTP. The operations could hang indefinitely due to a deadlock in the babeld service. + - | + When administrators applied configuration changes via the Management Console, the state shown would occasionally briefly flicker to a failure before being marked as successful causing confusion as to whether the configuration had succeeded. + - | + After an upgrade, `ghe-config-apply` could fail to remove some pre-upgrade Docker images and report `Error response from daemon: conflict: unable to delete `. + - | + Administrators for instances using the collectd metrics stack saw empty `git fetch caching` graphs on the Management Console monitoring page. + - | + After upgrading, `ghe-config-apply` failed to start services including HAProxy and Redis. Docker images were incorrectly removed during the upgrade process, preventing services from starting. + - | + On the dependency graph page, users saw a banner promoting automatic dependency submission despite the feature being unavailable on GitHub Enterprise Server. The banner also linked to documentation that was inaccessible. + - | + Users experienced failures when migrating repositories with releases using GitHub Enterprise Importer. Migrations failed to import release assets that were incompletely uploaded at the time of export, as the export archive referenced assets without including the corresponding files. + changes: + - | + To improve performance on large instances, HAProxy automatically scales its thread count based on available CPUs and uses higher connection limits for high-traffic backend services including GitHub Actions, database connections, job queues, and package registry. Administrators can override the thread count using `ghe-config haproxy-nbthread` if needed. + - | + On instances with a license for GitHub Advanced Security, code scanning-specific rate limits have been lifted and aligned with the default GitHub rate limits. Users can access higher limits through an exemption mechanism. + known_issues: + - | + During an upgrade of GitHub Enterprise Server, custom firewall rules are removed. If you use custom firewall rules, you must reapply them after upgrading. + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. See [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-web-ui/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + Admin stats REST API endpoints may time out on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + - | + Running `ghe-config-apply` as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps. + - | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} + - | + When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. + - | + An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning. + - | + In the header bar displayed to site administrators, some icons are not available. + - | + When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + When initializing a new GHES cluster, nodes with the `consul-server` role should be added to the cluster before adding additional nodes. Adding all nodes simultaneously creates a race condition between nomad server registration and nomad client registration. + - | + Administrators setting up cluster high availability (HA) may encounter a spokes error when running `ghe-cluster-repl-status` if a new organization and repositories are created before using the `ghe-cluster-repl-bootstrap` command. To avoid this issue, complete the cluster HA setup with `ghe-cluster-repl-bootstrap` before creating new organizations and repositories. + - | + After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance. + - | + After a geo-replica is promoted to be a primary by running `ghe-repl-promote`, the Actions workflow of a repository does not have any suggested workflows. + - | + Unexpected elements may appear in the UI on the repository overview page for locked repositories. + - | + On an instance hosted on Azure, commenting on an issue via email means the comment is not added to the issue. diff --git a/data/release-notes/enterprise-server/3-16/15.yml b/data/release-notes/enterprise-server/3-16/15.yml new file mode 100644 index 000000000000..e8bd6bdecfa1 --- /dev/null +++ b/data/release-notes/enterprise-server/3-16/15.yml @@ -0,0 +1,74 @@ +date: '2026-03-10' +sections: + security_fixes: + - | + **HIGH**: An attacker with push access to a repository could execute arbitrary code on the instance by injecting malicious values into Git push options. The push options were not properly sanitized before being included in internal headers used for Git operations, allowing the attacker to override internal metadata fields and achieve remote code execution. GitHub has requested CVE ID [CVE-2026-3854](https://www.cve.org/cverecord?id=CVE-2026-3854) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM**: An attacker could use the REST API endpoints `/search/commits` or `/search/issues` with a {% data variables.product.pat_v1 %} that lacks the `repo` scope to retrieve results from private or internal repositories by using the `repo:OWNER/REPO` qualifier. GitHub has requested CVE ID [CVE-2026-3582](https://www.cve.org/cverecord?id=CVE-2026-3582) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM**: An attacker with read access to a repository and write access to a project could bypass repository write permissions to modify issue and pull request labels, assignees, and other metadata by adding duplicate items to the project. GitHub has requested CVE ID [CVE-2026-3306](https://www.cve.org/cverecord?id=CVE-2026-3306) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + bugs: + - | + Users experienced delays or failures when performing Git operations over HTTP. The operations could hang indefinitely due to a deadlock in the babeld service. + - | + After an upgrade, `ghe-config-apply` could fail to remove some pre-upgrade Docker images and report `Error response from daemon: conflict: unable to delete `. + - | + Administrators for instances using the collectd metrics stack saw empty `git fetch caching` graphs on the Management Console monitoring page. + - | + After upgrading, `ghe-config-apply` failed to start services including HAProxy and Redis. Docker images were incorrectly removed during the upgrade process, preventing services from starting. + - | + On the dependency graph page, users saw a banner promoting automatic dependency submission despite the feature being unavailable on GitHub Enterprise Server. The banner also linked to documentation that was inaccessible. + - | + On instances with GitHub Actions enabled, Actions workflow runs could be silently skipped when creating many issues rapidly via the API. Previously, some "issue opened" webhooks were processed before the new issue was saved to the database, causing the event to be dropped and the workflow not to start. + - | + Users experienced failures when migrating repositories with releases using GitHub Enterprise Importer. Migrations failed to import release assets that were incompletely uploaded at the time of export, as the export archive referenced assets without including the corresponding files. + changes: + - | + To improve performance on large instances, HAProxy automatically scales its thread count based on available CPUs and uses higher connection limits for high-traffic backend services including GitHub Actions, database connections, job queues, and package registry. Administrators can override the thread count using `ghe-config haproxy-nbthread` if needed. + - | + On instances with a license for GitHub Advanced Security, code scanning-specific rate limits have been lifted and aligned with the default GitHub rate limits. Users can access higher limits through an exemption mechanism. + known_issues: + - | + During an upgrade of GitHub Enterprise Server, custom firewall rules are removed. If you use custom firewall rules, you must reapply them after upgrading. + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-web-ui/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + - | + Running `ghe-config-apply` as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps. + - | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} + - | + When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. + - | + An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning. + - | + When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + When initializing a new cluster, nodes with the `consul-server` role should be added to the cluster before adding additional nodes. Adding all nodes simultaneously creates a race condition between nomad server registration and nomad client registration. + - | + Admins setting up cluster high availability (HA) may encounter a spokes error when running `ghe-cluster-repl-status` if a new organization and repositories are created before using the `ghe-cluster-repl-bootstrap` command. To avoid this issue, complete the cluster HA setup with `ghe-cluster-repl-bootstrap` before creating new organizations and repositories. + - | + In a cluster, the host running restore requires access the storage nodes via their private IPs. + - | + On an instance hosted on Azure, commenting on an issue via email means the comment is not added to the issue. + - | + After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance. + - | + After a geo-replica is promoted to be a primary by running `ghe-repl-promote`, the Actions workflow of a repository does not have any suggested workflows. + - | + Unexpected elements may appear in the UI on the repository overview page for locked repositories. + - | + Audit log entries for pre-receive hooks that have been rejected may not be recorded. + - | + When applying an enterprise security configuration to all repositories (for example, enabling secret scanning or code scanning across all repositories), the system immediately enqueues enablement jobs for every organization in the enterprise simultaneously. For enterprises with a large number of repositories, this can result in significant system load and potential performance degradation. If you manage a large enterprise with many organizations and repositories, we recommend applying security configurations at the organization level rather than at the enterprise level in the UI. This allows you to enable security features incrementally and monitor system performance as you roll out changes. diff --git a/data/release-notes/enterprise-server/3-17/12.yml b/data/release-notes/enterprise-server/3-17/12.yml new file mode 100644 index 000000000000..a3c369907fe2 --- /dev/null +++ b/data/release-notes/enterprise-server/3-17/12.yml @@ -0,0 +1,76 @@ +date: '2026-03-10' +sections: + security_fixes: + - | + **HIGH**: An attacker with push access to a repository could execute arbitrary code on the instance by injecting malicious values into Git push options. The push options were not properly sanitized before being included in internal headers used for Git operations, allowing the attacker to override internal metadata fields and achieve remote code execution. GitHub has requested CVE ID [CVE-2026-3854](https://www.cve.org/cverecord?id=CVE-2026-3854) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM**: An attacker could use the REST API endpoints `/search/commits` or `/search/issues` with a {% data variables.product.pat_v1 %} that lacks the `repo` scope to retrieve results from private or internal repositories by using the `repo:OWNER/REPO` qualifier. GitHub has requested CVE ID [CVE-2026-3582](https://www.cve.org/cverecord?id=CVE-2026-3582) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM**: An attacker with read access to a repository and write access to a project could bypass repository write permissions to modify issue and pull request labels, assignees, and other metadata by adding duplicate items to the project. GitHub has requested CVE ID [CVE-2026-3306](https://www.cve.org/cverecord?id=CVE-2026-3306) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + bugs: + - | + Users experienced delays or failures when performing Git operations over HTTP. The operations could hang indefinitely due to a deadlock in the babeld service. + - | + For repositories using the Python uv package manager, `uv.lock` files were not included in the dependency graph. This prevented Dependabot from detecting vulnerable dependencies or providing security updates for those files. + - | + After an upgrade, `ghe-config-apply` could fail to remove some pre-upgrade Docker images and report `Error response from daemon: conflict: unable to delete `. + - | + Administrators for instances using the collectd metrics stack saw empty `git fetch caching` graphs on the Management Console monitoring page. + - | + After upgrading, `ghe-config-apply` failed to start services including HAProxy and Redis. Docker images were incorrectly removed during the upgrade process, preventing services from starting. + - | + On the dependency graph page, users saw a banner promoting automatic dependency submission despite the feature being unavailable on GitHub Enterprise Server. The banner also linked to documentation that was inaccessible. + - | + On instances with GitHub actions enabled, Actions workflow runs could be silently skipped when creating many issues rapidly via the API. Previously, some "issue opened" webhooks were processed before the new issue was saved to the database, causing the event to be dropped and the workflow to not start. After this fix, workflow runs start reliably for all rapid issue creations, regardless of timing. + - | + Users experienced failures when migrating repositories with releases using GitHub Enterprise Importer. Migrations failed to import release assets that were incompletely uploaded at the time of export, as the export archive referenced assets without including the corresponding files. + changes: + - | + To improve performance on large instances, HAProxy automatically scales its thread count based on available CPUs and uses higher connection limits for high-traffic backend services including GitHub Actions, database connections, job queues, and package registry. Administrators can override the thread count using `ghe-config haproxy-nbthread` if needed. + - | + On instances with a license for GitHub Advanced Security, code scanning-specific rate limits have been lifted and aligned with the default GitHub rate limits. Users can access higher limits through an exemption mechanism. + known_issues: + - | + During an upgrade of GitHub Enterprise Server, custom firewall rules are removed. If you use custom firewall rules, you must reapply them after upgrading. + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-web-ui/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + Admin stats REST API endpoints may time out on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + - | + Running `ghe-config-apply` as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps. + - | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} + - | + When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. + - | + An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning. + - | + When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + When initializing a new cluster, nodes with the `consul-server` role should be added to the cluster before adding additional nodes. Adding all nodes simultaneously creates a race condition between nomad server registration and nomad client registration. + - | + Admins setting up cluster high availability (HA) may encounter a spokes error when running `ghe-cluster-repl-status` if a new organization and repositories are created before using the `ghe-cluster-repl-bootstrap` command. To avoid this issue, complete the cluster HA setup with `ghe-cluster-repl-bootstrap` before creating new organizations and repositories. + - | + In a cluster, the host running restore requires access the storage nodes via their private IPs. + - | + On an instance hosted on Azure, commenting on an issue via email means the comment is not added to the issue. + - | + After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance. + - | + After a geo-replica is promoted to be a primary by running `ghe-repl-promote`, the Actions workflow of a repository does not have any suggested workflows. + - | + Unexpected elements may appear in the UI on the repository overview page for locked repositories. + - | + When publishing npm packages in a workflow after restoring from a backup to GitHub Enterprise Server 3.13.5.gm4 or 3.14.2.gm3, you may encounter a `401 Unauthorized` error from the GitHub Packages service. This can happen if the restore is from an N-1 or N-2 version and the workflow targets the npm endpoint on the backup instance. To avoid this issue, ensure the access token is valid and includes the correct scopes for publishing to GitHub Packages. + - | + When applying an enterprise security configuration to all repositories (for example, enabling secret scanning or code scanning across all repositories), the system immediately enqueues enablement jobs for every organization in the enterprise simultaneously. For enterprises with a large number of repositories, this can result in significant system load and potential performance degradation. If you manage a large enterprise with many organizations and repositories, we recommend applying security configurations at the organization level rather than at the enterprise level in the UI. This allows you to enable security features incrementally and monitor system performance as you roll out changes. diff --git a/data/release-notes/enterprise-server/3-18/6.yml b/data/release-notes/enterprise-server/3-18/6.yml new file mode 100644 index 000000000000..2242d5c65301 --- /dev/null +++ b/data/release-notes/enterprise-server/3-18/6.yml @@ -0,0 +1,88 @@ +date: '2026-03-10' +sections: + security_fixes: + - | + **HIGH**: An attacker with push access to a repository could execute arbitrary code on the instance by injecting malicious values into Git push options. The push options were not properly sanitized before being included in internal headers used for Git operations, allowing the attacker to override internal metadata fields and achieve remote code execution. GitHub has requested CVE ID [CVE-2026-3854](https://www.cve.org/cverecord?id=CVE-2026-3854) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM**: An attacker could use the REST API endpoints `/search/commits` or `/search/issues` with a {% data variables.product.pat_v1 %} that lacks the `repo` scope to retrieve results from private or internal repositories by using the `repo:OWNER/REPO` qualifier. GitHub has requested CVE ID [CVE-2026-3582](https://www.cve.org/cverecord?id=CVE-2026-3582) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM**: An attacker with read access to a repository and write access to a project could bypass repository write permissions to modify issue and pull request labels, assignees, and other metadata by adding duplicate items to the project. GitHub has requested CVE ID [CVE-2026-3306](https://www.cve.org/cverecord?id=CVE-2026-3306) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **HIGH:** An authenticated attacker could execute arbitrary JavaScript in another users browser session by crafting a malicious task list item in an issue or comment that exploited an HTML-escaping flaw in task list rendering, bypassing Content Security Policy protections. GitHub has requested [CVE ID CVE-2026-2266](https://www.cve.org/cverecord?id=CVE-2026-2266) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + bugs: + - | + Users experienced delays or failures when performing Git operations over HTTP. The operations could hang indefinitely due to a deadlock in the babeld service. + - | + For repositories using the Python uv package manager, `uv.lock` files were not included in the dependency graph. This prevented Dependabot from detecting vulnerable dependencies or providing security updates for those files. + - | + On instances with a cluster configuration, the OpenTelemetry Collector configuration file contained extraneous blank lines in the blackbox exporter section, resulting in improperly formatted YAML. + - | + After an upgrade, `ghe-config-apply` could fail to remove some pre-upgrade Docker images and report `Error response from daemon: conflict: unable to delete `. + - | + Administrators for instances using the collectd metrics stack saw empty `git fetch caching` graphs on the Management Console monitoring page. + - | + After upgrading, `ghe-config-apply` failed to start services including HAProxy and Redis. Docker images were incorrectly removed during the upgrade process, preventing services from starting. + - | + On the dependency graph page, users saw a banner promoting automatic dependency submission despite the feature being unavailable on GitHub Enterprise Server. The banner also linked to documentation that was inaccessible. + - | + On instances with GitHub Actions enabled, Actions workflow runs could be silently skipped when creating many issues rapidly via the API. Previously, some "issue opened" webhooks were processed before the new issue was saved to the database, causing the event to be dropped and the workflow to not start. After this fix, workflow runs start reliably for all rapid issue creations, regardless of timing. + - | + Enterprise owners experienced slow loading and timeouts when updating {% data variables.product.pat_generic %} lifetime policies for enterprises with many organizations." + - | + Users experienced failures when migrating repositories with releases using GitHub Enterprise Importer. Migrations failed to import release assets that were incompletely uploaded at the time of export, as the export archive referenced assets without including the corresponding files. + changes: + - | + To improve performance on large instances, HAProxy automatically scales its thread count based on available CPUs and uses higher connection limits for high-traffic backend services including GitHub Actions, database connections, job queues, and package registry. Administrators can override the thread count using `ghe-config haproxy-nbthread` if needed. + - | + API consumers can update issues via the REST API (PATCH) or the GraphQL `updateIssue` mutation using fine-grained permissions for closing and reopening issues, and for setting milestones. + - | + The "In-product messages" notification toggle no longer appears in user notification settings as GitHub Enterprise Server does not use in-product messages. + known_issues: + - | + During an upgrade of GitHub Enterprise Server, custom firewall rules are removed. If you use custom firewall rules, you must reapply them after upgrading. + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-web-ui/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). + - | + On an instance with the HTTP `X-Forwarded-For` header configured for use behind a load balancer, all client IP addresses in the instance's audit log erroneously appear as 127.0.0.1. + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + Admin stats REST API endpoints may timeout on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + - | + Running `ghe-config-apply` as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps. + - | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} + - | + When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. + - | + An organization-level code scanning configuration page is displayed on instances that do not use GitHub Advanced Security or code scanning. + - | + When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + When initializing a new cluster, nodes with the `consul-server` role should be added to the cluster before adding additional nodes. Adding all nodes simultaneously creates a race condition between nomad server registration and nomad client registration. + - | + Admins setting up cluster high availability (HA) may encounter a spokes error when running `ghe-cluster-repl-status` if a new organization and repositories are created before using the `ghe-cluster-repl-bootstrap` command. To avoid this issue, complete the cluster HA setup with `ghe-cluster-repl-bootstrap` before creating new organizations and repositories. + - | + In a cluster, the host running restore requires access the storage nodes via their private IPs. + - | + On an instance hosted on Azure, commenting on an issue via email means the comment is not added to the issue. + - | + After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance. + - | + After a geo-replica is promoted to be a primary by running `ghe-repl-promote`, the Actions workflow of a repository does not have any suggested workflows. + - | + Unexpected elements may appear in the UI on the repository overview page for locked repositories. + - | + When publishing npm packages in a workflow after restoring from a backup to GitHub Enterprise Server 3.13.5.gm4 or 3.14.2.gm3, you may encounter a `401 Unauthorized` error from the GitHub Packages service. This can happen if the restore is from an N-1 or N-2 version and the workflow targets the npm endpoint on the backup instance. To avoid this issue, ensure the access token is valid and includes the correct scopes for publishing to GitHub Packages. + - | + The setting to define private registries at the organization level for code scanning is only available if Dependabot is also enabled for the instance. + - | + Custom NTP settings are removed during the upgrade process. + - | + When applying an enterprise security configuration to all repositories (for example, enabling secret scanning or code scanning across all repositories), the system immediately enqueues enablement jobs for every organization in the enterprise simultaneously. For enterprises with a large number of repositories, this can result in significant system load and potential performance degradation. If you manage a large enterprise with many organizations and repositories, we recommend applying security configurations at the organization level rather than at the enterprise level in the UI. This allows you to enable security features incrementally and monitor system performance as you roll out changes. diff --git a/data/release-notes/enterprise-server/3-19/3.yml b/data/release-notes/enterprise-server/3-19/3.yml new file mode 100644 index 000000000000..b5eafe7d3c54 --- /dev/null +++ b/data/release-notes/enterprise-server/3-19/3.yml @@ -0,0 +1,98 @@ +date: '2026-03-10' +sections: + security_fixes: + - | + **HIGH**: An attacker with push access to a repository could execute arbitrary code on the instance by injecting malicious values into Git push options. The push options were not properly sanitized before being included in internal headers used for Git operations, allowing the attacker to override internal metadata fields and achieve remote code execution. GitHub has requested CVE ID [CVE-2026-3854](https://www.cve.org/cverecord?id=CVE-2026-3854) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **HIGH:** An authenticated attacker could execute arbitrary JavaScript in another users browser session by crafting a malicious task list item in an issue or comment that exploited an HTML-escaping flaw in task list rendering, bypassing Content Security Policy protections. GitHub has requested [CVE ID CVE-2026-2266](https://www.cve.org/cverecord?id=CVE-2026-2266) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM**: An attacker could use the REST API endpoints `/search/commits` or `/search/issues` with a {% data variables.product.pat_v1 %} that lacks the `repo` scope to retrieve results from private or internal repositories by using the `repo:OWNER/REPO` qualifier. GitHub has requested CVE ID [CVE-2026-3582](https://www.cve.org/cverecord?id=CVE-2026-3582) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + - | + **MEDIUM**: An attacker with read access to a repository and write access to a project could bypass repository write permissions to modify issue and pull request labels, assignees, and other metadata by adding duplicate items to the project. GitHub has requested CVE ID [CVE-2026-3306](https://www.cve.org/cverecord?id=CVE-2026-3306) for this vulnerability, which was reported via the [GitHub Bug Bounty program](https://bounty.github.com/). + bugs: + - | + Users experienced delays or failures when performing Git operations over HTTP. The operations could hang indefinitely due to a deadlock in the babeld service. + - | + For repositories using the Python uv package manager, `uv.lock` files were not included in the dependency graph. This prevented Dependabot from detecting vulnerable dependencies or providing security updates for those files. + - | + On instances with a cluster configuration, the OpenTelemetry Collector configuration file contained extraneous blank lines in the blackbox exporter section, resulting in improperly formatted YAML. + - | + Administrators could not load the Replication page in the Management Console due to an Internal Server Error. + - | + Some metric exporters enabled in the OpenTelemetry observability stack would have an incorrect `instance` label. + - | + After an upgrade, `ghe-config-apply` could fail to remove some pre-upgrade Docker images and report `Error response from daemon: conflict: unable to delete `. + - | + In the Management Console, when an administrator uploaded an invalid license file, the page could fail to display an error notification. + - | + Administrators for instances using the collectd metrics stack saw empty `git fetch caching` graphs on the Management Console monitoring page. + - | + After upgrading, `ghe-config-apply` failed to start services including HAProxy and Redis. Docker images were incorrectly removed during the upgrade process, preventing services from starting. + - | + On the dependency graph page, users saw a banner promoting automatic dependency submission despite the feature being unavailable on GitHub Enterprise Server. The banner also linked to documentation that was inaccessible. + - | + The Copilot Code Review branch rule was unintentionally visible. + - | + On instances with GitHub Actions enabled, Actions workflow runs could be silently skipped when creating many issues rapidly via the API. Previously, some "issue opened" webhooks were processed before the new issue was saved to the database, causing the event to be dropped and the workflow to not start. After this fix, workflow runs start reliably for all rapid issue creations, regardless of timing. + - | + Enterprise owners experienced slow loading and timeouts when updating {% data variables.product.pat_generic %} lifetime policies for enterprises with many organizations. + - | + Users experienced failures when migrating repositories with releases using GitHub Enterprise Importer. Migrations failed to import release assets that were incompletely uploaded at the time of export, as the export archive referenced assets without including the corresponding files. + - | + When a security configuration was applied using the repositories table on any page other than the first, the table temporarily displayed the first page of repositories. + - | + Users saw an option to enable "Push protection for yourself" for public repositories in their user settings. This feature is not applicable to GitHub Enterprise Server. Users who enabled the feature experienced unexpected behavior with push protection in repositories that are visible to the entire enterprise. Push protection remains available at the repository, organization, and enterprise levels. + - | + After upgrading to 3.19, site administrators could not delete users via the Management Console or the REST API. User deletion attempts returned a `500 Internal Server Error`. + changes: + - | + To improve performance on large instances, HAProxy automatically scales its thread count based on available CPUs and uses higher connection limits for high-traffic backend services including GitHub Actions, database connections, job queues, and package registry. Administrators can override the thread count using `ghe-config haproxy-nbthread` if needed. + - | + API consumers can update issues via the REST API (PATCH) using fine-grained permissions for closing and reopening issues, and for setting milestones. + - | + API consumers can update issues via the GraphQL `updateIssue` mutation using fine-grained permissions for closing and reopening issues, and for setting milestones. + - | + The "In-product messages" notification toggle no longer appears in user notification settings as GitHub Enterprise Server does not use in-product messages. + known_issues: + - | + During an upgrade of GitHub Enterprise Server, custom firewall rules are removed. If you use custom firewall rules, you must reapply them after upgrading. + - | + During the validation phase of a configuration run, a `No such object` error may occur for the Notebook and Viewscreen services. This error can be ignored as the services should still correctly start. + - | + If the root site administrator is locked out of the Management Console after failed login attempts, the account does not unlock automatically after the defined lockout time. Someone with administrative SSH access to the instance must unlock the account using the administrative shell. For more information, see [AUTOTITLE](/admin/administering-your-instance/administering-your-instance-from-the-web-ui/troubleshooting-access-to-the-management-console#unlocking-the-root-site-administrator-account). + - | + {% data reusables.release-notes.large-adoc-files-issue %} + - | + Admin stats REST API endpoints may time out on appliances with many users or repositories. Retrying the request until data is returned is advised. + - | + When following the steps for [Replacing the primary MySQL node](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-the-primary-mysql-node), step 14 (running `ghe-cluster-config-apply`) might fail with errors. If this occurs, re-running `ghe-cluster-config-apply` is expected to succeed. + - | + Running `ghe-config-apply` as part of the steps for [Replacing a node in an emergency](/admin/monitoring-managing-and-updating-your-instance/configuring-clustering/replacing-a-cluster-node#replacing-a-node-in-an-emergency) may fail with errors if the node being replaced is still reachable. If this occurs, shutdown the node and repeat the steps. + - | + {% data reusables.release-notes.2024-06-possible-frontend-5-minute-outage-during-hotpatch-upgrade %} + - | + When restoring data originally backed up from a 3.13 or greater appliance version, the Elasticsearch indices need to be reindexed before some of the data will show up. This happens via a nightly scheduled job. It can also be forced by running `/usr/local/share/enterprise/ghe-es-search-repair`. + - | + When enabling automatic update checks for the first time in the Management Console, the status is not dynamically reflected until the "Updates" page is reloaded. + - | + When restoring from a backup snapshot, a large number of `mapper_parsing_exception` errors may be displayed. + - | + When initializing a new cluster, nodes with the `consul-server` role should be added to the cluster before adding additional nodes. Adding all nodes simultaneously creates a race condition between nomad server registration and nomad client registration. + - | + Admins setting up cluster high availability (HA) may encounter a spokes error when running `ghe-cluster-repl-status` if a new organization and repositories are created before using the `ghe-cluster-repl-bootstrap` command. To avoid this issue, complete the cluster HA setup with `ghe-cluster-repl-bootstrap` before creating new organizations and repositories. + - | + In a cluster, the host running restore requires access the storage nodes via their private IPs. + - | + On an instance hosted on Azure, commenting on an issue via email means the comment is not added to the issue. + - | + After a restore, existing outside collaborators cannot be added to repositories in a new organization. This issue can be resolved by running `/usr/local/share/enterprise/ghe-es-search-repair` on the appliance. + - | + After a geo-replica is promoted to be a primary by running `ghe-repl-promote`, the Actions workflow of a repository does not have any suggested workflows. + - | + When publishing npm packages in a workflow after restoring from a backup to GitHub Enterprise Server 3.13.5.gm4 or 3.14.2.gm3, you may encounter a `401 Unauthorized` error from the GitHub Packages service. This can happen if the restore is from an N-1 or N-2 version and the workflow targets the npm endpoint on the backup instance. To avoid this issue, ensure the access token is valid and includes the correct scopes for publishing to GitHub Packages. + - | + The setting to define private registries at the organization level for code scanning is only available if Dependabot is also enabled for the instance. + - | + Upgrading or hotpatching to 3.19.1 may fail on nodes that have been continuously upgraded from versions older than 2021 (for example GHES version 2.17). If this issue occurs, you will see log entries prefixed with `invalid secret` in ghe-config.log. If you are running nodes from these older versions, it is recommended not to upgrade to 3.19.1. + - | + When applying an enterprise security configuration to all repositories (for example, enabling secret scanning or code scanning across all repositories), the system immediately enqueues enablement jobs for every organization in the enterprise simultaneously. For enterprises with a large number of repositories, this can result in significant system load and potential performance degradation. If you manage a large enterprise with many organizations and repositories, we recommend applying security configurations at the organization level rather than at the enterprise level in the UI. This allows you to enable security features incrementally and monitor system performance as you roll out changes. From 221c8250812ef83ea5d23256bd68ade8c2b46926 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Mar 2026 10:34:20 -0700 Subject: [PATCH 17/20] Bump liquidjs from 10.24.0 to 10.25.0 in the npm_and_yarn group across 1 directory (#60124) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Kevin Heis --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 6e7b77e86bca..975565ddfe4b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -59,7 +59,7 @@ "javascript-stringify": "^2.1.0", "js-cookie": "^3.0.5", "js-yaml": "^4.1.1", - "liquidjs": "^10.24.0", + "liquidjs": "^10.25.0", "lodash": "^4.17.23", "lodash-es": "^4.17.23", "lowdb": "7.0.1", @@ -10646,9 +10646,9 @@ } }, "node_modules/liquidjs": { - "version": "10.24.0", - "resolved": "https://registry.npmjs.org/liquidjs/-/liquidjs-10.24.0.tgz", - "integrity": "sha512-TAUNAdgwaAXjjcUFuYVJm9kOVH7zc0mTKxsG9t9Lu4qdWjB2BEblyVIYpjWcmJLMGgiYqnGNJjpNMHx0gp/46A==", + "version": "10.25.0", + "resolved": "https://registry.npmjs.org/liquidjs/-/liquidjs-10.25.0.tgz", + "integrity": "sha512-XpO7AiGULTG4xcTlwkcTI5JreFG7b6esLCLp+aUSh7YuQErJZEoUXre9u9rbdb0057pfWG4l0VursvLd5Q/eAw==", "license": "MIT", "dependencies": { "commander": "^10.0.0" diff --git a/package.json b/package.json index 9ccca0fad8ca..d277d04aa9f5 100644 --- a/package.json +++ b/package.json @@ -210,7 +210,7 @@ "javascript-stringify": "^2.1.0", "js-cookie": "^3.0.5", "js-yaml": "^4.1.1", - "liquidjs": "^10.24.0", + "liquidjs": "^10.25.0", "lodash": "^4.17.23", "lodash-es": "^4.17.23", "lowdb": "7.0.1", From 492ec5071c13997a8d022e090a0a98dc7329605c Mon Sep 17 00:00:00 2001 From: Sunbrye Ly <56200261+sunbrye@users.noreply.github.com> Date: Tue, 10 Mar 2026 11:57:54 -0700 Subject: [PATCH 18/20] Copilot CLI: Add list of supported models (#60115) Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- .../reference/ai-models/supported-models.md | 8 +++--- .../copilot/model-supported-clients.yml | 25 +++++++++++++++++++ 2 files changed, 29 insertions(+), 4 deletions(-) diff --git a/content/copilot/reference/ai-models/supported-models.md b/content/copilot/reference/ai-models/supported-models.md index cec8cd7ff492..c862d2aad984 100644 --- a/content/copilot/reference/ai-models/supported-models.md +++ b/content/copilot/reference/ai-models/supported-models.md @@ -74,11 +74,11 @@ The following table shows which models are available in each client. {% rowheaders %} -| Model | {% data variables.product.prodname_dotcom_the_website %} | {% data variables.product.prodname_vscode %} | {% data variables.product.prodname_vs %} | Eclipse | Xcode | JetBrains IDEs | -|--------|-----------------------------------------------------------|-----------------------------------------------|-------------------------------------------|----------|--------|----------------| +| Model | {% data variables.product.prodname_dotcom_the_website %} | {% data variables.copilot.copilot_cli_short %} | {% data variables.product.prodname_vscode %} | {% data variables.product.prodname_vs %} | Eclipse | Xcode | JetBrains IDEs | +| --- | --- | --- | --- | --- | --- | --- | --- | | {% for model in tables.copilot.model-supported-clients %} | -| {{ model.name }} | {% if model.dotcom == true %}{% octicon "check" aria-label="Included" %}{% else %}{% octicon "x" aria-label="Not included" %}{% endif %} | {% if model.vscode == true %}{% octicon "check" aria-label="Included" %}{% else %}{% octicon "x" aria-label="Not included" %}{% endif %} | {% if model.vs == true %}{% octicon "check" aria-label="Included" %}{% else %}{% octicon "x" aria-label="Not included" %}{% endif %} | {% if model.eclipse == true %}{% octicon "check" aria-label="Included" %}{% else %}{% octicon "x" aria-label="Not included" %}{% endif %} | {% if model.xcode == true %}{% octicon "check" aria-label="Included" %}{% else %}{% octicon "x" aria-label="Not included" %}{% endif %} | {% if model.jetbrains == true %}{% octicon "check" aria-label="Included" %}{% else %}{% octicon "x" aria-label="Not included" %}{% endif %} | -| {% endfor %} | +| {{ model.name }} | {% if model.dotcom == true %}{% octicon "check" aria-label="Included" %}{% else %}{% octicon "x" aria-label="Not included" %}{% endif %} | {% if model.cli == true %}{% octicon "check" aria-label="Included" %}{% else %}{% octicon "x" aria-label="Not included" %}{% endif %} | {% if model.vscode == true %}{% octicon "check" aria-label="Included" %}{% else %}{% octicon "x" aria-label="Not included" %}{% endif %} | {% if model.vs == true %}{% octicon "check" aria-label="Included" %}{% else %}{% octicon "x" aria-label="Not included" %}{% endif %} | {% if model.eclipse == true %}{% octicon "check" aria-label="Included" %}{% else %}{% octicon "x" aria-label="Not included" %}{% endif %} | {% if model.xcode == true %}{% octicon "check" aria-label="Included" %}{% else %}{% octicon "x" aria-label="Not included" %}{% endif %} | {% if model.jetbrains == true %}{% octicon "check" aria-label="Included" %}{% else %}{% octicon "x" aria-label="Not included" %}{% endif %} | +| {% endfor %} | {% endrowheaders %} diff --git a/data/tables/copilot/model-supported-clients.yml b/data/tables/copilot/model-supported-clients.yml index 422ab158b9a1..04c063b7d4a5 100644 --- a/data/tables/copilot/model-supported-clients.yml +++ b/data/tables/copilot/model-supported-clients.yml @@ -7,6 +7,7 @@ # Column keys: # - name: The model name. # - dotcom: Availability on GitHub.com (Copilot Chat in the browser). +# - cli: Availability in the GitHub CLI. # - vscode: Availability in Visual Studio Code. # - vs: Availability in Visual Studio. # - eclipse: Availability in Eclipse. @@ -15,6 +16,7 @@ - name: Claude Haiku 4.5 dotcom: true + cli: true vscode: true vs: true eclipse: true @@ -23,6 +25,7 @@ - name: Claude Opus 4.5 dotcom: true + cli: true vscode: true vs: true eclipse: true @@ -31,6 +34,7 @@ - name: Claude Opus 4.6 dotcom: true + cli: true vscode: true vs: true eclipse: true @@ -39,6 +43,7 @@ - name: Claude Opus 4.6 (fast mode) (preview) dotcom: false + cli: true vscode: true vs: false eclipse: false @@ -47,6 +52,7 @@ - name: Claude Sonnet 4 dotcom: true + cli: true vscode: true vs: true eclipse: true @@ -55,6 +61,7 @@ - name: Claude Sonnet 4.5 dotcom: true + cli: true vscode: true vs: true eclipse: true @@ -63,6 +70,7 @@ - name: Claude Sonnet 4.6 dotcom: true + cli: true vscode: true vs: true eclipse: false @@ -71,6 +79,7 @@ - name: Gemini 2.5 Pro dotcom: true + cli: false vscode: true vs: true eclipse: true @@ -79,6 +88,7 @@ - name: Gemini 3 Flash dotcom: true + cli: false vscode: true vs: true eclipse: true @@ -87,6 +97,7 @@ - name: Gemini 3 Pro dotcom: true + cli: true vscode: true vs: true eclipse: true @@ -95,6 +106,7 @@ - name: Gemini 3.1 Pro dotcom: true + cli: false vscode: true vs: true eclipse: false @@ -103,6 +115,7 @@ - name: GPT-4.1 dotcom: true + cli: true vscode: true vs: true eclipse: true @@ -111,6 +124,7 @@ - name: GPT-5 mini dotcom: true + cli: true vscode: true vs: true eclipse: true @@ -119,6 +133,7 @@ - name: GPT-5.1 dotcom: true + cli: true vscode: true vs: true eclipse: true @@ -127,6 +142,7 @@ - name: GPT-5.1-Codex dotcom: false + cli: true vscode: true vs: false eclipse: true @@ -135,6 +151,7 @@ - name: GPT-5.1-Codex-Mini dotcom: false + cli: true vscode: true vs: false eclipse: true @@ -143,6 +160,7 @@ - name: GPT-5.1-Codex-Max dotcom: true + cli: true vscode: true vs: true eclipse: true @@ -151,6 +169,7 @@ - name: GPT-5.2 dotcom: true + cli: true vscode: true vs: true eclipse: true @@ -159,6 +178,7 @@ - name: GPT-5.2-Codex dotcom: true + cli: true vscode: true vs: true eclipse: true @@ -167,6 +187,7 @@ - name: GPT-5.3-Codex dotcom: true + cli: true vscode: true vs: true eclipse: true @@ -175,6 +196,7 @@ - name: GPT-5.4 dotcom: true + cli: true vscode: true vs: true eclipse: true @@ -183,6 +205,7 @@ - name: Grok Code Fast 1 dotcom: true + cli: false vscode: true vs: true eclipse: true @@ -191,6 +214,7 @@ - name: Raptor mini dotcom: false + cli: false vscode: true vs: false eclipse: false @@ -199,6 +223,7 @@ - name: Goldeneye dotcom: false + cli: false vscode: true vs: false eclipse: false From 8ddbd40feef59b2aec41ba4570c5f4222d361329 Mon Sep 17 00:00:00 2001 From: Kevin Heis Date: Tue, 10 Mar 2026 12:54:41 -0700 Subject: [PATCH 19/20] Fix event validation rejections (#60142) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- src/events/lib/schema.ts | 14 ++++++++------ .../components/article/ViewMarkdownButton.tsx | 2 +- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/src/events/lib/schema.ts b/src/events/lib/schema.ts index 719457cbaa8e..edb79a16e448 100644 --- a/src/events/lib/schema.ts +++ b/src/events/lib/schema.ts @@ -263,29 +263,29 @@ const exit = { exit_render_duration: { type: 'number', description: 'How long the server took to render the page content, in seconds.', - minimum: 0.001, + minimum: 0, }, exit_first_paint: { type: 'number', - minimum: 0.001, + minimum: 0, description: 'The duration until `first-contentful-paint`, in seconds. Informs CSS performance.', }, exit_dom_interactive: { type: 'number', - minimum: 0.001, + minimum: 0, description: 'The duration until `PerformanceNavigationTiming.domInteractive`, in seconds. Informs JavaScript loading performance.', }, exit_dom_complete: { type: 'number', - minimum: 0.001, + minimum: 0, description: 'The duration until `PerformanceNavigationTiming.domComplete`, in seconds. Informs JavaScript execution performance.', }, exit_visit_duration: { type: 'number', - minimum: 0.001, + minimum: 0, description: 'The duration of exit.timestamp - page.timestamp, in seconds. Informs bounce rate.', }, @@ -362,6 +362,8 @@ const link = { 'toc', 'footer', 'static', + 'view-markdown-button', + 'page-source-menu', ], description: 'The part of the page where the user clicked the link.', }, @@ -573,7 +575,7 @@ const clipboard = { clipboard_operation: { type: 'string', description: 'Which clipboard operation the user is performing.', - enum: ['copy', 'paste', 'cut'], + enum: ['copy', 'paste', 'cut', 'share'], }, clipboard_target: { type: 'string', diff --git a/src/frame/components/article/ViewMarkdownButton.tsx b/src/frame/components/article/ViewMarkdownButton.tsx index 1ef21b47f3a2..fd68b61bf00f 100644 --- a/src/frame/components/article/ViewMarkdownButton.tsx +++ b/src/frame/components/article/ViewMarkdownButton.tsx @@ -19,7 +19,7 @@ export const ViewMarkdownButton = ({ currentPath }: ViewMarkdownButtonProps) => const handleClick = () => { sendEvent({ type: EventType.link, - link_url: markdownUrl, + link_url: `${window.location.origin}${markdownUrl}`, link_samesite: false, link_container: 'view-markdown-button', }) From e3d5c0cd378565d1a18f79c9892692f0927ec22a Mon Sep 17 00:00:00 2001 From: Megha Anand <88059806+anandmeg@users.noreply.github.com> Date: Tue, 10 Mar 2026 13:11:50 -0700 Subject: [PATCH 20/20] Update copilot-matrix.yml with support statuses (#59888) Co-authored-by: sunbrye Co-authored-by: Sunbrye Ly <56200261+sunbrye@users.noreply.github.com> --- .../reference/copilot-feature-matrix.md | 17 +- data/tables/copilot/copilot-matrix.yml | 468 +++++------------- 2 files changed, 133 insertions(+), 352 deletions(-) diff --git a/content/copilot/reference/copilot-feature-matrix.md b/content/copilot/reference/copilot-feature-matrix.md index dac773fd9d76..4520d10a82b7 100644 --- a/content/copilot/reference/copilot-feature-matrix.md +++ b/content/copilot/reference/copilot-feature-matrix.md @@ -17,6 +17,7 @@ category: * ✓ = supported * ✗ = not supported * P = under preview +* C = closing down @@ -29,7 +30,7 @@ The following table shows supported {% data variables.product.prodname_copilot_s {%- comment %} This loop generates the "Features by IDE" comparison table: - Outer loop: Iterates through each feature from VS Code's feature list (using VS Code as the canonical source) -- Inner loop: For each feature, iterates through all IDEs to check support in their latest version +- Inner loop: For each feature, iterates through all IDEs to check support in their latest versions - Gets the latest version using ideEntry[1].versions | first - Looks up the support level for that feature in that version - Outputs ✓ (supported), P (preview), or ✗ (not supported) @@ -39,7 +40,7 @@ Example row: | Agent mode | ✓ | ✓ | P | ✗ | ... | | Feature{%- for entry in tables.copilot.copilot-matrix.ides %} | {{ entry[0] }}{%- endfor %} | |:----{%- for entry in tables.copilot.copilot-matrix.ides %}|:----:{%- endfor %}| {%- for featureEntry in tables.copilot.copilot-matrix.ides["VS Code"].features %} -| {{ featureEntry[0] }}{%- for ideEntry in tables.copilot.copilot-matrix.ides %}{%- assign latestVersion = ideEntry[1].versions | first %}{%- assign supportLevel = ideEntry[1].features[featureEntry[0]][latestVersion] %} | {%- case supportLevel -%}{%- when "supported" %}✓{%- when "preview" %}P{%- else %}✗{%- endcase -%}{%- endfor %} | +| {{ featureEntry[0] }}{%- for ideEntry in tables.copilot.copilot-matrix.ides %}{%- assign latestVersion = ideEntry[1].versions | first %}{%- assign supportLevel = ideEntry[1].features[featureEntry[0]][latestVersion] %} | {%- case supportLevel -%}{%- when "supported" %}✓{%- when "preview" %}P{%- when "closing-down" %}C{%- else %}✗{%- endcase -%}{%- endfor %} | {%- endfor %} {% endides %} @@ -62,7 +63,7 @@ The following table shows supported {% data variables.product.prodname_copilot_s | Feature{%- for version in groupVersions %} | {{ version }}{%- endfor %} | |:----{%- for version in groupVersions %}|:----:{%- endfor %}| {%- for featureEntry in ideEntry.features %} -| {{ featureEntry[0] }}{%- for version in groupVersions %}{%- assign supportLevel = featureEntry[1][version] %} | {%- case supportLevel -%}{%- when "supported" %}✓{%- when "preview" %}P{%- else %}✗{%- endcase -%}{%- endfor %} | +| {{ featureEntry[0] }}{%- for version in groupVersions %}{%- assign supportLevel = featureEntry[1][version] %} | {%- case supportLevel -%}{%- when "supported" %}✓{%- when "preview" %}P{%- when "closing-down" %}C{%- else %}✗{%- endcase -%}{%- endfor %} | {%- endfor %} {% endfor %} @@ -87,7 +88,7 @@ The following table shows supported {% data variables.product.prodname_copilot_s | Feature{%- for version in groupVersions %} | {{ version }}{%- endfor %} | |:----{%- for version in groupVersions %}|:----:{%- endfor %}| {%- for featureEntry in ideEntry.features %} -| {{ featureEntry[0] }}{%- for version in groupVersions %}{%- assign supportLevel = featureEntry[1][version] %} | {%- case supportLevel -%}{%- when "supported" %}✓{%- when "preview" %}P{%- else %}✗{%- endcase -%}{%- endfor %} | +| {{ featureEntry[0] }}{%- for version in groupVersions %}{%- assign supportLevel = featureEntry[1][version] %} | {%- case supportLevel -%}{%- when "supported" %}✓{%- when "preview" %}P{%- when "closing-down" %}C{%- else %}✗{%- endcase -%}{%- endfor %} | {%- endfor %} {% endfor %} @@ -112,7 +113,7 @@ The following table shows supported {% data variables.product.prodname_copilot_s | Feature{%- for version in groupVersions %} | {{ version }}{%- endfor %} | |:----{%- for version in groupVersions %}|:----:{%- endfor %}| {%- for featureEntry in ideEntry.features %} -| {{ featureEntry[0] }}{%- for version in groupVersions %}{%- assign supportLevel = featureEntry[1][version] %} | {%- case supportLevel -%}{%- when "supported" %}✓{%- when "preview" %}P{%- else %}✗{%- endcase -%}{%- endfor %} | +| {{ featureEntry[0] }}{%- for version in groupVersions %}{%- assign supportLevel = featureEntry[1][version] %} | {%- case supportLevel -%}{%- when "supported" %}✓{%- when "preview" %}P{%- when "closing-down" %}C{%- else %}✗{%- endcase -%}{%- endfor %} | {%- endfor %} {% endfor %} @@ -137,7 +138,7 @@ The following table shows supported {% data variables.product.prodname_copilot_s | Feature{%- for version in groupVersions %} | {{ version }}{%- endfor %} | |:----{%- for version in groupVersions %}|:----:{%- endfor %}| {%- for featureEntry in ideEntry.features %} -| {{ featureEntry[0] }}{%- for version in groupVersions %}{%- assign supportLevel = featureEntry[1][version] %} | {%- case supportLevel -%}{%- when "supported" %}✓{%- when "preview" %}P{%- else %}✗{%- endcase -%}{%- endfor %} | +| {{ featureEntry[0] }}{%- for version in groupVersions %}{%- assign supportLevel = featureEntry[1][version] %} | {%- case supportLevel -%}{%- when "supported" %}✓{%- when "preview" %}P{%- when "closing-down" %}C{%- else %}✗{%- endcase -%}{%- endfor %} | {%- endfor %} {% endfor %} @@ -162,7 +163,7 @@ The following table shows supported {% data variables.product.prodname_copilot_s | Feature{%- for version in groupVersions %} | {{ version }}{%- endfor %} | |:----{%- for version in groupVersions %}|:----:{%- endfor %}| {%- for featureEntry in ideEntry.features %} -| {{ featureEntry[0] }}{%- for version in groupVersions %}{%- assign supportLevel = featureEntry[1][version] %} | {%- case supportLevel -%}{%- when "supported" %}✓{%- when "preview" %}P{%- else %}✗{%- endcase -%}{%- endfor %} | +| {{ featureEntry[0] }}{%- for version in groupVersions %}{%- assign supportLevel = featureEntry[1][version] %} | {%- case supportLevel -%}{%- when "supported" %}✓{%- when "preview" %}P{%- when "closing-down" %}C{%- else %}✗{%- endcase -%}{%- endfor %} | {%- endfor %} {% endfor %} @@ -187,7 +188,7 @@ The following table shows supported {% data variables.product.prodname_copilot_s | Feature{%- for version in groupVersions %} | {{ version }}{%- endfor %} | |:----{%- for version in groupVersions %}|:----:{%- endfor %}| {%- for featureEntry in ideEntry.features %} -| {{ featureEntry[0] }}{%- for version in groupVersions %}{%- assign supportLevel = featureEntry[1][version] %} | {%- case supportLevel -%}{%- when "supported" %}✓{%- when "preview" %}P{%- else %}✗{%- endcase -%}{%- endfor %} | +| {{ featureEntry[0] }}{%- for version in groupVersions %}{%- assign supportLevel = featureEntry[1][version] %} | {%- case supportLevel -%}{%- when "supported" %}✓{%- when "preview" %}P{%- when "closing-down" %}C{%- else %}✗{%- endcase -%}{%- endfor %} | {%- endfor %} {% endfor %} diff --git a/data/tables/copilot/copilot-matrix.yml b/data/tables/copilot/copilot-matrix.yml index 076b6f5db89e..e1bdb2146e7b 100644 --- a/data/tables/copilot/copilot-matrix.yml +++ b/data/tables/copilot/copilot-matrix.yml @@ -7,6 +7,7 @@ metadata: - not-supported - preview - supported + - closing-down ides: VS Code: versions: @@ -272,27 +273,6 @@ ides: 1.60.0: not-supported 1.57.0: not-supported 0.0.0: not-supported - Custom chat modes: - 1.108.0: preview - 1.107.0: preview - 1.106.0: preview - 1.105.0: preview - 1.104.0: preview - 1.103.0: preview - 1.102.0: preview - 1.101.0: preview - 1.100.0: not-supported - 1.99.0: not-supported - 1.98.0: not-supported - 1.97.0: not-supported - 1.96.0: not-supported - 1.95.0: not-supported - 1.94.0: not-supported - 1.80.0: not-supported - 1.70.0: not-supported - 1.60.0: not-supported - 1.57.0: not-supported - 0.0.0: not-supported Custom instructions: 1.108.0: supported 1.107.0: supported @@ -335,27 +315,6 @@ ides: 1.60.0: not-supported 1.57.0: not-supported 0.0.0: not-supported - Extensions: - 1.108.0: supported - 1.107.0: supported - 1.106.0: supported - 1.105.0: supported - 1.104.0: supported - 1.103.0: supported - 1.102.0: supported - 1.101.0: supported - 1.100.0: supported - 1.99.0: supported - 1.98.0: supported - 1.97.0: supported - 1.96.0: supported - 1.95.0: supported - 1.94.0: supported - 1.80.0: supported - 1.70.0: supported - 1.60.0: supported - 1.57.0: supported - 0.0.0: supported Java Upgrade Agent: 1.108.0: preview 1.107.0: preview @@ -539,6 +498,12 @@ ides: 17.14.0: supported 17.13.0: supported 0.0.0: supported + Checkpoints: + 18.0.0: supported + 17.14.13: supported + 17.14.6: supported + 17.14.0: supported + 17.13.0: not-supported Code completion: 18.0.0: supported 17.14.13: supported @@ -560,6 +525,13 @@ ides: 17.14.0: supported 17.13.0: supported 0.0.0: supported + Custom agents: + 18.0.0: preview + 17.14.13: not-supported + 17.14.6: not-supported + 17.14.0: not-supported + 17.13.0: not-supported + 0.0.0: not-supported Custom instructions: 18.0.0: supported 17.14.13: supported @@ -568,25 +540,11 @@ ides: 17.13.0: supported 0.0.0: supported Edit mode: - 18.0.0: supported + 18.0.0: closing-down 17.14.6: supported 17.14.0: supported 17.13.0: supported 0.0.0: not-supported - Extensions: - 18.0.0: supported - 17.14.13: supported - 17.14.6: supported - 17.14.0: supported - 17.13.0: supported - 0.0.0: supported - Java Upgrade Agent: - 18.0.0: not-supported - 17.14.13: not-supported - 17.14.6: not-supported - 17.14.0: not-supported - 17.13.0: not-supported - 0.0.0: not-supported MCP: 18.0.0: supported 17.14.13: supported @@ -609,14 +567,14 @@ ides: 17.13.0: not-supported 0.0.0: not-supported Vision: - 18.0.0: preview - 17.14.13: preview - 17.14.6: preview - 17.14.0: preview + 18.0.0: supported + 17.14.13: supported + 17.14.6: supported + 17.14.0: supported 17.13.0: preview 0.0.0: preview Workspace indexing: - 18.0.0: not-supported + 18.0.0: supported 17.14.13: not-supported 17.14.6: not-supported 17.14.0: not-supported @@ -624,6 +582,11 @@ ides: 0.0.0: not-supported JetBrains: versions: + - 1.5.66 + - 1.5.65 + - 1.5.64 + - 1.5.63 + - 1.5.62 - 1.5.54 - 1.5.53 - 1.5.49 @@ -637,12 +600,18 @@ ides: - 0.0.0 versionGroups: latest releases: - - 1.5.54 - - 1.5.53 - - 1.5.49 - - 1.5.45 - - 1.5.43 + - 1.5.66 + - 1.5.65 + - 1.5.64 + - 1.5.63 + - 1.5.62 + 2026 releases: + - 1.5.66 + - 1.5.65 + - 1.5.64 + - 1.5.63 2025 releases: + - 1.5.62 - 1.5.54 - 1.5.53 - 1.5.49 @@ -655,19 +624,12 @@ ides: - 1.5.39 - 1.4.0 features: - .NET Upgrade Agent: - 1.5.54: not-supported - 1.5.53: not-supported - 1.5.49: not-supported - 1.5.45: not-supported - 1.5.43: not-supported - 1.5.41: not-supported - 1.5.39: not-supported - 1.5.0: not-supported - 1.4.0: not-supported - 1.0.1: not-supported - 0.0.0: not-supported Agent skills: + 1.5.66: preview + 1.5.65: preview + 1.5.64: preview + 1.5.63: not-supported + 1.5.62: not-supported 1.5.54: not-supported 1.5.53: not-supported 1.5.49: not-supported @@ -680,6 +642,11 @@ ides: 1.0.1: not-supported 0.0.0: not-supported Agent mode: + 1.5.66: supported + 1.5.65: supported + 1.5.64: supported + 1.5.63: supported + 1.5.62: supported 1.5.54: supported 1.5.53: supported 1.5.49: supported @@ -692,6 +659,11 @@ ides: 1.0.1: not-supported 0.0.0: not-supported BYOK: + 1.5.66: preview + 1.5.65: preview + 1.5.64: preview + 1.5.63: preview + 1.5.62: preview 1.5.54: preview 1.5.53: preview 1.5.49: preview @@ -704,6 +676,11 @@ ides: 1.0.1: preview 0.0.0: preview Chat: + 1.5.66: supported + 1.5.65: supported + 1.5.64: supported + 1.5.63: supported + 1.5.62: supported 1.5.54: supported 1.5.53: supported 1.5.49: supported @@ -716,6 +693,11 @@ ides: 1.0.1: not-supported 0.0.0: not-supported Checkpoints: + 1.5.66: supported + 1.5.65: supported + 1.5.64: supported + 1.5.63: supported + 1.5.62: supported 1.5.54: not-supported 1.5.53: not-supported 1.5.49: not-supported @@ -728,6 +710,11 @@ ides: 1.0.1: not-supported 0.0.0: not-supported Code completion: + 1.5.66: supported + 1.5.65: supported + 1.5.64: supported + 1.5.63: supported + 1.5.62: supported 1.5.54: supported 1.5.53: supported 1.5.49: supported @@ -740,6 +727,11 @@ ides: 1.0.1: supported 0.0.0: preview Code referencing: + 1.5.66: supported + 1.5.65: supported + 1.5.64: supported + 1.5.63: supported + 1.5.62: supported 1.5.54: supported 1.5.53: supported 1.5.49: supported @@ -752,6 +744,11 @@ ides: 1.0.1: supported 0.0.0: supported Copilot code review: + 1.5.66: supported + 1.5.65: supported + 1.5.64: supported + 1.5.63: supported + 1.5.62: supported 1.5.54: supported 1.5.53: supported 1.5.49: supported @@ -763,7 +760,7 @@ ides: 1.4.0: supported 1.0.1: supported 0.0.0: supported - Custom chat modes: + Custom agents: 1.5.54: not-supported 1.5.53: not-supported 1.5.49: not-supported @@ -776,6 +773,11 @@ ides: 1.0.1: not-supported 0.0.0: not-supported Custom instructions: + 1.5.66: preview + 1.5.65: preview + 1.5.64: preview + 1.5.63: preview + 1.5.62: preview 1.5.54: preview 1.5.53: preview 1.5.49: preview @@ -787,7 +789,18 @@ ides: 1.4.0: not-supported 1.0.1: not-supported 0.0.0: not-supported + Custom chat: + 1.5.66: preview + 1.5.65: preview + 1.5.64: preview + 1.5.63: preview + 1.5.62: preview Edit mode: + 1.5.66: supported + 1.5.65: supported + 1.5.64: supported + 1.5.63: supported + 1.5.62: supported 1.5.54: supported 1.5.53: supported 1.5.49: supported @@ -799,24 +812,16 @@ ides: 1.4.0: not-supported 1.0.1: not-supported 0.0.0: not-supported - - Extensions: + MCP: + 1.5.66: supported + 1.5.65: supported + 1.5.64: supported + 1.5.63: supported + 1.5.62: supported 1.5.54: supported 1.5.53: supported - 1.5.49: supported - 1.5.45: supported - 1.5.43: supported - 1.5.41: supported - 1.5.39: supported - 1.5.0: supported - 1.4.0: supported - 1.0.1: supported - 0.0.0: supported - Java Upgrade Agent: - 1.5.54: not-supported - 1.5.53: not-supported - 1.5.49: not-supported - 1.5.45: not-supported + 1.5.49: preview + 1.5.45: preview 1.5.43: not-supported 1.5.41: not-supported 1.5.39: not-supported @@ -824,19 +829,12 @@ ides: 1.4.0: not-supported 1.0.1: not-supported 0.0.0: not-supported - MCP: - 0.0.0: not-supported - 1.0.1: not-supported - 1.4.0: not-supported - 1.5.0: not-supported - 1.5.39: not-supported - 1.5.41: not-supported - 1.5.43: not-supported - 1.5.45: preview - 1.5.49: preview - 1.5.53: supported - 1.5.54: supported Next edit suggestions: + 1.5.66: preview + 1.5.65: preview + 1.5.64: preview + 1.5.63: preview + 1.5.62: preview 1.5.54: preview 1.5.53: not-supported 1.5.49: not-supported @@ -849,6 +847,11 @@ ides: 1.0.1: not-supported 0.0.0: not-supported Prompt files: + 1.5.66: preview + 1.5.65: preview + 1.5.64: preview + 1.5.63: preview + 1.5.62: preview 1.5.54: preview 1.5.53: not-supported 1.5.49: not-supported @@ -861,6 +864,11 @@ ides: 1.0.1: not-supported 0.0.0: not-supported Vision: + 1.5.66: preview + 1.5.65: preview + 1.5.64: preview + 1.5.63: preview + 1.5.62: preview 1.5.54: preview 1.5.53: preview 1.5.49: preview @@ -873,6 +881,11 @@ ides: 1.0.1: not-supported 0.0.0: not-supported Workspace indexing: + 1.5.66: supported + 1.5.65: supported + 1.5.64: supported + 1.5.63: supported + 1.5.62: supported 1.5.54: not-supported 1.5.53: not-supported 1.5.49: not-supported @@ -923,21 +936,6 @@ ides: - 0.2.0 - 0.1.0 features: - .NET Upgrade Agent: - 0.14.0: not-supported - 0.13.0: not-supported - 0.12.0: not-supported - 0.11.0: not-supported - 0.10.0: not-supported - 0.9.0: not-supported - 0.8.0: not-supported - 0.7.0: not-supported - 0.6.0: not-supported - 0.5.0: not-supported - 0.4.0: not-supported - 0.3.0: not-supported - 0.2.0: not-supported - 0.1.0: not-supported Agent skills: 0.14.0: not-supported 0.13.0: not-supported @@ -1058,7 +1056,7 @@ ides: 0.3.0: not-supported 0.2.0: not-supported 0.1.0: not-supported - Custom chat modes: + Custom agents: 0.14.0: supported 0.13.0: supported 0.12.0: not-supported @@ -1088,36 +1086,6 @@ ides: 0.3.0: not-supported 0.2.0: not-supported 0.1.0: not-supported - Edit mode: - 0.14.0: not-supported - 0.13.0: not-supported - 0.12.0: not-supported - 0.11.0: not-supported - 0.10.0: not-supported - 0.9.0: not-supported - 0.8.0: not-supported - 0.7.0: not-supported - 0.6.0: not-supported - 0.5.0: not-supported - 0.4.0: not-supported - 0.3.0: not-supported - 0.2.0: not-supported - 0.1.0: not-supported - Extensions: - 0.14.0: not-supported - 0.13.0: not-supported - 0.12.0: not-supported - 0.11.0: not-supported - 0.10.0: not-supported - 0.9.0: not-supported - 0.8.0: not-supported - 0.7.0: not-supported - 0.6.0: not-supported - 0.5.0: not-supported - 0.4.0: not-supported - 0.3.0: not-supported - 0.2.0: not-supported - 0.1.0: not-supported Java Upgrade Agent: 0.14.0: not-supported 0.13.0: not-supported @@ -1270,32 +1238,6 @@ ides: - 0.23.0 - 0.0.0 features: - .NET Upgrade Agent: - 0.46.0: not-supported - 0.45.0: not-supported - 0.44.0: not-supported - 0.43.0: not-supported - 0.42.0: not-supported - 0.41.0: not-supported - 0.40.0: not-supported - 0.39.0: not-supported - 0.38.0: not-supported - 0.37.0: not-supported - 0.36.0: not-supported - 0.35.0: not-supported - 0.34.0: not-supported - 0.33.0: not-supported - 0.32.0: not-supported - 0.31.0: not-supported - 0.30.0: not-supported - 0.29.0: not-supported - 0.28.0: not-supported - 0.27.0: not-supported - 0.26.0: not-supported - 0.25.0: not-supported - 0.24.0: not-supported - 0.23.0: not-supported - 0.0.0: not-supported Agent skills: 0.46.0: not-supported 0.45.0: not-supported @@ -1504,7 +1446,7 @@ ides: 0.24.0: not-supported 0.23.0: not-supported 0.0.0: not-supported - Custom chat modes: + Custom agents: 0.46.0: preview 0.45.0: preview 0.44.0: not-supported @@ -1556,84 +1498,6 @@ ides: 0.24.0: not-supported 0.23.0: not-supported 0.0.0: not-supported - Edit mode: - 0.46.0: not-supported - 0.45.0: not-supported - 0.44.0: not-supported - 0.43.0: not-supported - 0.42.0: not-supported - 0.41.0: not-supported - 0.40.0: not-supported - 0.39.0: not-supported - 0.38.0: not-supported - 0.37.0: not-supported - 0.36.0: not-supported - 0.35.0: not-supported - 0.34.0: not-supported - 0.33.0: not-supported - 0.32.0: not-supported - 0.31.0: not-supported - 0.30.0: not-supported - 0.29.0: not-supported - 0.28.0: not-supported - 0.27.0: not-supported - 0.26.0: not-supported - 0.25.0: not-supported - 0.24.0: not-supported - 0.23.0: not-supported - 0.0.0: not-supported - Extensions: - 0.46.0: not-supported - 0.45.0: not-supported - 0.44.0: not-supported - 0.43.0: not-supported - 0.42.0: not-supported - 0.41.0: not-supported - 0.40.0: not-supported - 0.39.0: not-supported - 0.38.0: not-supported - 0.37.0: not-supported - 0.36.0: not-supported - 0.35.0: not-supported - 0.34.0: not-supported - 0.33.0: not-supported - 0.32.0: not-supported - 0.31.0: not-supported - 0.30.0: not-supported - 0.29.0: not-supported - 0.28.0: not-supported - 0.27.0: not-supported - 0.26.0: not-supported - 0.25.0: not-supported - 0.24.0: not-supported - 0.23.0: not-supported - 0.0.0: not-supported - Java Upgrade Agent: - 0.46.0: not-supported - 0.45.0: not-supported - 0.44.0: not-supported - 0.43.0: not-supported - 0.42.0: not-supported - 0.41.0: not-supported - 0.40.0: not-supported - 0.39.0: not-supported - 0.38.0: not-supported - 0.37.0: not-supported - 0.36.0: not-supported - 0.35.0: not-supported - 0.34.0: not-supported - 0.33.0: not-supported - 0.32.0: not-supported - 0.31.0: not-supported - 0.30.0: not-supported - 0.29.0: not-supported - 0.28.0: not-supported - 0.27.0: not-supported - 0.26.0: not-supported - 0.25.0: not-supported - 0.24.0: not-supported - 0.23.0: not-supported - 0.0.0: not-supported MCP: 0.46.0: supported 0.45.0: supported @@ -1818,27 +1682,6 @@ ides: - 1.0.0 - 0.0.1 features: - .NET Upgrade Agent: - 0.0.1: not-supported - 1.0.0: not-supported - 1.1.0: not-supported - 1.2.0: not-supported - 1.3.0: not-supported - 1.4.0: not-supported - 1.5.0: not-supported - 1.6.0: not-supported - 1.7.0: not-supported - 1.8.0: not-supported - 1.9.0: not-supported - 1.10.0: not-supported - 1.11.0: not-supported - 1.12.0: not-supported - 1.13.0: not-supported - 1.14.0: not-supported - 1.15.0: not-supported - 1.16.0: not-supported - 1.17.0: not-supported - 1.18.0: not-supported Agent skills: 1.18.0: not-supported 1.17.0: not-supported @@ -2007,7 +1850,7 @@ ides: 1.16.0: not-supported 1.17.0: not-supported 1.18.0: not-supported - Custom chat modes: + Custom agents: 0.0.1: not-supported 1.0.0: not-supported 1.1.0: not-supported @@ -2049,69 +1892,6 @@ ides: 1.16.0: not-supported 1.17.0: not-supported 1.18.0: not-supported - Edit mode: - 0.0.1: not-supported - 1.0.0: not-supported - 1.1.0: not-supported - 1.2.0: not-supported - 1.3.0: not-supported - 1.4.0: not-supported - 1.5.0: not-supported - 1.6.0: not-supported - 1.7.0: not-supported - 1.8.0: not-supported - 1.9.0: not-supported - 1.10.0: not-supported - 1.11.0: not-supported - 1.12.0: not-supported - 1.13.0: not-supported - 1.14.0: not-supported - 1.15.0: not-supported - 1.16.0: not-supported - 1.17.0: not-supported - 1.18.0: not-supported - Extensions: - 0.0.1: not-supported - 1.0.0: not-supported - 1.1.0: not-supported - 1.2.0: not-supported - 1.3.0: not-supported - 1.4.0: not-supported - 1.5.0: not-supported - 1.6.0: not-supported - 1.7.0: not-supported - 1.8.0: not-supported - 1.9.0: not-supported - 1.10.0: not-supported - 1.11.0: not-supported - 1.12.0: not-supported - 1.13.0: not-supported - 1.14.0: not-supported - 1.15.0: not-supported - 1.16.0: not-supported - 1.17.0: not-supported - 1.18.0: not-supported - Java Upgrade Agent: - 0.0.1: not-supported - 1.0.0: not-supported - 1.1.0: not-supported - 1.2.0: not-supported - 1.3.0: not-supported - 1.4.0: not-supported - 1.5.0: not-supported - 1.6.0: not-supported - 1.7.0: not-supported - 1.8.0: not-supported - 1.9.0: not-supported - 1.10.0: not-supported - 1.11.0: not-supported - 1.12.0: not-supported - 1.13.0: not-supported - 1.14.0: not-supported - 1.15.0: not-supported - 1.16.0: not-supported - 1.17.0: not-supported - 1.18.0: not-supported MCP: 0.0.1: not-supported 1.0.0: not-supported