Merge branch 'main' into mgriffin/answered-discussion

.github/CODEOWNERS

@@ -12,3 +12,9 @@ src/ghes-releases/lib/enterprise-dates.json @github/docs-content-enterprise
 
 # Requires review of #actions-oidc-integration, docs-engineering/issues/1506
 content/actions/deployment/security-hardening-your-deployments/** @github/oidc
+
+# Temporary, so @lecoursen can copy any changes to the audit log reference
+# to the JSON file that will soon be used to auto-generate this content
+/content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise.md @lecoursen
+/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization.md @lecoursen
+/content/authentication/keeping-your-account-and-data-secure/security-log-events.md @lecoursen

.github/workflows/test.yml

@@ -53,16 +53,18 @@ jobs:
               { name: 'github-apps', path: 'src/github-apps/tests', },
               { name: 'graphql', path: 'src/graphql/tests', },
               { name: 'landings', path: 'src/landings/tests', },
-              // { name: 'learning-track', path: 'src/learning-track/tests', },
+              { name: 'learning-track', path: 'src/learning-track/tests', },
               { name: 'linting', path: 'src/content-linter/tests', },
               { name: 'observability', path: 'src/observability/tests' },
               { name: 'pageinfo', path: 'src/pageinfo/tests', },
               { name: 'redirects', path: 'src/redirects/tests', },
+              { name: 'release-notes', path: 'src/release-notes/tests', },
               { name: 'rendering', path: 'tests/rendering', },
               { name: 'rendering-fixtures', path: 'tests/rendering-fixtures', },
               { name: 'rest', path: 'src/rest/tests', },
               { name: 'routing', path: 'tests/routing', },
               { name: 'search', path: 'src/search/tests', },
+              { name: 'secret-scanning', path: 'src/secret-scanning/tests',},
               { name: 'shielding', path: 'src/shielding/tests', },
               context.payload.repository.full_name === 'github/docs-internal' &&
                 { name: 'languages', path: 'src/languages/tests', },

content/apps/creating-github-apps/writing-code-for-a-github-app/building-ci-checks-with-a-github-app.md

@@ -319,7 +319,6 @@ class GHAapp < Sinatra::Application
     # this request is an attack, and you should reject it. GitHub uses the HMAC
     # hexdigest to compute the signature. The `X-HUB-Signature` looks something
     # like this: 'sha1=123456'.
-    # See https://developer.github.com/webhooks/securing/ for details.
     def verify_webhook_signature
       their_signature_header = request.env['HTTP_X_HUB_SIGNATURE'] || 'sha1='
       method, their_digest = their_signature_header.split('=')
@@ -571,7 +570,7 @@ You can test that the server is listening to your app by triggering an event for
 
 1. Create a new repository to use for testing your tutorial code. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/creating-a-new-repository)."
 1. Install the {% data variables.product.prodname_github_app %} on the repository you just created. For more information, see "[AUTOTITLE](/apps/using-github-apps/installing-your-own-github-app#installing-your-own-github-app)." During the installation process, choose **Only select repositories**, and select the repository you created in the previous step.
-2. After you click **Install**, look at the output in the terminal tab where you're running `server.rb`. You should see something like this:
+1. After you click **Install**, look at the output in the terminal tab where you're running `server.rb`. You should see something like this:
 
    ```shell
    > D, [2023-06-08T15:45:43.773077 #30488] DEBUG -- : ---- received event installation
@@ -1147,7 +1146,7 @@ To push to a repository, your app must have write permissions for "Contents" in
 To commit files, Git must know which username and email address to associate with the commit. Next you'll add environment variables to store the name and email address that your app will use when it makes Git commits.
 
 1. Open the `.env` file you created earlier in this tutorial.
-2. Add the following environment variables to your `.env` file. Replace `APP_NAME` with the name of your app, and `EMAIL_ADDRESS` with any email you'd like to use for this example.
+1. Add the following environment variables to your `.env` file. Replace `APP_NAME` with the name of your app, and `EMAIL_ADDRESS` with any email you'd like to use for this example.
 
    ```shell copy
    GITHUB_APP_USER_NAME="APP_NAME"
@@ -1542,7 +1541,6 @@ class GHAapp < Sinatra::Application
     # this request is an attack, and you should reject it. GitHub uses the HMAC
     # hexdigest to compute the signature. The `X-HUB-Signature` looks something
     # like this: 'sha1=123456'.
-    # See https://developer.github.com/webhooks/securing/ for details.
     def verify_webhook_signature
       their_signature_header = request.env['HTTP_X_HUB_SIGNATURE'] || 'sha1='
       method, their_digest = their_signature_header.split('=')

content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md

@@ -21,7 +21,7 @@ redirect_from:
 
 ## About dependency review
 
-{% data reusables.dependency-review.feature-overview %}  
+{% data reusables.dependency-review.feature-overview %}
 
 If a pull request targets your repository's default branch and contains changes to package manifests or lock files, you can display a dependency review to see what has changed. The dependency review includes details of changes to indirect dependencies in lock files, and it tells you if any of the added or updated dependencies contain known vulnerabilities.
 
@@ -58,12 +58,44 @@ You can use the {% data variables.dependency-review.action_name %} in your repos
 
 By default, the {% data variables.dependency-review.action_name %} check will fail if it discovers any vulnerable packages. A failed check blocks a pull request from being merged when the repository owner requires the dependency review check to pass. For more information, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging)."
 
-{% ifversion fpt or ghec or ghes %}
-The action uses the Dependency Review REST API to get the diff of dependency changes between the base commit and head commit. You can use the Dependency Review API to get the diff of dependency changes, including vulnerability data, between any two commits on a repository. For more information, see "[AUTOTITLE](/rest/dependency-graph#dependency-review)."
+{% ifversion fpt or ghec or ghes %}The action uses the dependency review REST API to get the diff of dependency changes between the base commit and head commit. You can use the dependency review API to get the diff of dependency changes, including vulnerability data, between any two commits on a repository. For more information, see "[AUTOTITLE](/rest/dependency-graph#dependency-review)."{% endif %}{% ifversion dependency-review-submission-api %} The action also considers dependencies submitted via the dependency submission API. For more information about the dependency submission API, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)."
+
+{% data reusables.dependency-review.works-with-submission-api-beta %}
+
 {% endif %}
 
 {% ifversion dependency-review-action-configuration %}
 You can configure the {% data variables.dependency-review.action_name %} to better suit your needs. For example, you can specify the severity level that will make the action fail{% ifversion dependency-review-action-licenses %}, or set an allow or deny list for licenses to scan{% endif %}. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review#configuring-the-dependency-review-github-action)."
 {% endif %}
 
 {% endif %}
+
+{% ifversion dependency-review-submission-api %}
+
+## Best practices for using the dependency review API and the dependency submission API together
+
+The dependency review API and the {% data variables.dependency-review.action_name %} both work by comparing dependency changes in a pull request with the state of your dependencies in the head commit of your target branch, which is usually your default branch.
+
+If your repository only depends on statically defined dependencies in one of {% data variables.product.prodname_dotcom %}’s supported ecosystems, the dependency review API and the {% data variables.dependency-review.action_name %} work consistently.
+
+However, you may want your dependencies to be scanned during a build and then uploaded to the dependency submission API. In this case, there are some best practices you should follow to ensure that you don’t introduce a race condition when running the processes for the dependency review API and the dependency submission API, since it could result in missing data.
+
+The best practices you should take will depend on whether you use {% data variables.product.prodname_actions %} to access the dependency submission API and the dependency review API, or whether you use direct API access.
+
+### Using GitHub Actions to access the dependency submission API and the dependency review API
+
+If you use {% data variables.product.prodname_actions %} to access the dependency submission API or the dependency review API:
+   * Make sure you run all of your dependency submission actions in the same {% data variables.product.prodname_actions %} workflow as your {% data variables.dependency-review.action_name %}. This will give you control over the order of execution, and it will ensure that dependency review will always work.
+   * If you do choose to run the {% data variables.dependency-review.action_name %} separately, for instance, as a required workflow, you should:
+     + Set `retry-on-snapshot-warnings` to `true`.
+     + Set `retry-on-snapshot-warnings-timeout` to slightly exceed the typical run time (in seconds) of your longest-running dependency submission action.
+
+### Using direct API access to the dependency submission API and the dependency review API
+
+If you don’t use {% data variables.product.prodname_actions %}, and your code relies on direct access to the dependency submission API and the dependency review API:
+   * Make sure you run the code that calls the dependency submission API first, and then run the code that calls the dependency review API afterwards.
+   * If you do choose to run the code for the dependency submission API and the dependency review API in parallel, you should implement a retry logic and note the following:
+     + When there are snapshots missing for either side of the comparison, you will see an explanation for that in the `x-github-dependency-graph-snapshot-warnings` header (as a base64-encoded string). Therefore, if the header is non-empty, you should consider retrying.
+     + Implement a retry logic with exponential backoff retries.
+     + Implement a reasonable number of retries to account for the typical runtime of your dependency submission code.
+{% endif %}

content/codespaces/managing-codespaces-for-your-organization/listing-the-codespaces-in-your-organization.md

@@ -26,14 +26,14 @@ For information on how to see the current total {% data variables.product.prodna
 To list all of the current codespaces for a specified organization, use the following command.
 
 ```shell copy
-gh codespace list --org ORGANIZATION 
+gh codespace list --org ORGANIZATION
 ```
 
 This command returns a list that includes the following information for each codespace:
-	- The name and display name
-	- The user who created the codespace
-	- The repository and branch
-	- The current state of the codespace
+- The name and display name
+- The user who created the codespace
+- The repository and branch
+- The current state of the codespace
 
 To list all of the current codespaces for an organization that were created by a specific user, use the following command.
 

content/contributing/setting-up-your-environment-to-work-on-github-docs/creating-a-local-environment.md

@@ -71,9 +71,9 @@ The [`script/bookmarklets`](https://github.com/github/docs/tree/main/script/book
 
 ### Enabling different languages
 
-By default, the local server does not run with all supported languages enabled.  If you need to run a local server with a particular language, you can temporarily edit the `start` script in `package.json` and update the `ENABLED_LANGUAGES` variable.  
+By default, the local server does not run with all supported languages enabled.  If you need to run a local server with a particular language, you can temporarily edit the `start` script in `package.json` and update the `ENABLED_LANGUAGES` variable.
 
-For example, to enable Japanese and Portuguese in addition to English, you can edit `package.json` and set `ENABLED_LANGUAGES='en,ja,pt'` in the `start` script. Then restart the server for the change to take effect. 
+For example, to enable Japanese and Portuguese in addition to English, you can edit `package.json` and set `ENABLED_LANGUAGES='en,ja,pt'` in the `start` script. Then restart the server for the change to take effect.
 
 {% note %}
 
@@ -83,10 +83,9 @@ For example, to enable Japanese and Portuguese in addition to English, you can e
 
 The supported language codes are defined in [`src/languages/lib/languages.js`](https://github.com/github/docs/blob/main/src/languages/lib/languages.js).
 
-
 ## Using {% data variables.product.prodname_github_codespaces %}
 
-As an alternative to running {% data variables.product.prodname_docs %} locally, you can use {% data variables.product.prodname_github_codespaces %}. {% data variables.product.prodname_github_codespaces %} enable you to edit, preview, and test your changes directly from your browser. 
+As an alternative to running {% data variables.product.prodname_docs %} locally, you can use {% data variables.product.prodname_github_codespaces %}. {% data variables.product.prodname_github_codespaces %} enable you to edit, preview, and test your changes directly from your browser.
 
 For more information about using a codespace for working on {% data variables.product.company_short %} documentation, see "[AUTOTITLE](/contributing/setting-up-your-environment-to-work-on-github-docs/working-on-github-docs-in-a-codespace)."
 
@@ -98,4 +97,4 @@ For more information about using a codespace for working on {% data variables.pr
 - [Middleware](https://github.com/github/docs/blob/main/middleware/README.md)
 - [Scripts](https://github.com/github/docs/blob/main/script/README.md)
 - [Styles](https://github.com/github/docs/blob/main/stylesheets/README.md)
-- [Tests](https://github.com/github/docs/blob/main/tests/README.md) 
+- [Tests](https://github.com/github/docs/blob/main/tests/README.md)

content/desktop/contributing-and-collaborating-using-github-desktop/adding-and-cloning-repositories/cloning-a-repository-from-github-to-github-desktop.md

@@ -21,10 +21,10 @@ shortTitle: Clone a GitHub repo
 
    ![Screenshot of the "URL" tab of the "Clone a Repository" window. Next to the "Local Path" field, a button, labeled "Choose", is highlighted with an orange outline.](/assets/images/help/desktop/clone-choose-button-url-mac.png)
 
-  {% note %}
+   {% note %}
 
-  **Note:** If the repository is configured to use LFS, you will be prompted to initialize {% data variables.large_files.product_name_short %}.
+   **Note:** If the repository is configured to use LFS, you will be prompted to initialize {% data variables.large_files.product_name_short %}.
 
-  {% endnote %}
+   {% endnote %}
 
 1. Click **Clone**.

content/desktop/contributing-and-collaborating-using-github-desktop/making-changes-in-a-branch/committing-and-reviewing-changes-to-your-project-in-github-desktop.md

@@ -120,7 +120,7 @@ Once you're satisfied with the changes you've chosen to include in your commit,
     - To move your changes, click **switch branches**.
     - To commit your changes to the protected branch, click **Commit to BRANCH**.
 
-  For more information about protected branches, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches)."
+   For more information about protected branches, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches)."
 {% data reusables.desktop.push-origin %}
 
 1. If you have a pull request based off the branch you are working on, {% data variables.product.prodname_desktop %} will display the status of the checks that have run for the pull request next to the "Current Branch" section of the repository bar. For more information about checks, see "[AUTOTITLE](/desktop/contributing-and-collaborating-using-github-desktop/working-with-your-remote-repository-on-github-or-github-enterprise/viewing-and-re-running-checks-in-github-desktop)."

content/desktop/contributing-and-collaborating-using-github-desktop/managing-commits/reordering-commits-in-github-desktop.md

@@ -36,7 +36,7 @@ When you reorder commits, you may see one of the following notifications or erro
 - A message states that there are merge conflicts that you must resolve before the application can continue reordering commits on your branch.
     1. Click **View conflicts**.
 
-      ![Screenshot of a notification about conflicts. At the end of the message, a link, labeled "View commits", is highlighted with an orange outline.](/assets/images/help/desktop/reorder-resolve-conflicts.png)
+       ![Screenshot of a notification about conflicts. At the end of the message, a link, labeled "View commits", is highlighted with an orange outline.](/assets/images/help/desktop/reorder-resolve-conflicts.png)
     {% data reusables.desktop.resolve-merge-conflicts %}
 
     1. When all conflicts are resolved, you can reorder your commits.

content/desktop/installing-and-configuring-github-desktop/installing-and-authenticating-to-github-desktop/authenticating-to-github-in-github-desktop.md

@@ -56,7 +56,7 @@ Before you authenticate, {% data reusables.desktop.get-an-account %}
 
 {% data reusables.desktop.sign-in-browser %}
 
-  {% data reusables.user-settings.password-authentication-deprecation-desktop %}
+   {% indented_data_reference reusables.user-settings.password-authentication-deprecation-desktop spaces=3 %}
 
 {% data reusables.desktop.authenticate-in-browser %}
 {% data reusables.desktop.2fa-in-browser %}

content/education/manage-coursework-with-github-classroom/teach-with-github-classroom/manage-classrooms.md

@@ -60,14 +60,14 @@ If your course already has a roster, you can update the students on the roster o
 
    {% note %}
 
-  **Note:** {% data reusables.classroom.google-classroom-note %}
+   **Note:** {% data reusables.classroom.google-classroom-note %}
 
-  {% endnote %}
+   {% endnote %}
 
 1. Provide the student identifiers for your roster.
 
-     - To import a roster by uploading a file containing student identifiers, click **Upload a CSV or text file**.
-     - To create a roster manually, type your student identifiers in the text field.
+   - To import a roster by uploading a file containing student identifiers, click **Upload a CSV or text file**.
+   - To create a roster manually, type your student identifiers in the text field.
 
 1. Click **Create roster**.
 
@@ -80,13 +80,13 @@ Your classroom must have an existing roster to add students to the roster. For m
 {% data reusables.classroom.click-students %}
 1. To the right of "Classroom roster", click **Update students**. If you have already linked your classroom to an LMS course, then you will see a **Sync from...** button instead.
 1. Follow the instructions to add students to the roster.
-    - To import students from an LMS, your LMS administrator will first need to register your LMS instance and then you will need to connect your LMS course to your classroom. Once connected, you can click the **Sync from...** button. For more information, see "[AUTOTITLE](/education/manage-coursework-with-github-classroom/teach-with-github-classroom/connect-a-learning-management-system-course-to-a-classroom)."
-        {% note %}
+   - To import students from an LMS, your LMS administrator will first need to register your LMS instance and then you will need to connect your LMS course to your classroom. Once connected, you can click the **Sync from...** button. For more information, see "[AUTOTITLE](/education/manage-coursework-with-github-classroom/teach-with-github-classroom/connect-a-learning-management-system-course-to-a-classroom)."
+     {% note %}
 
-        **Note:** {% data reusables.classroom.google-classroom-note %}
+     **Note:** {% data reusables.classroom.google-classroom-note %}
 
-        {% endnote %}
-    - To manually add students, under "Manually add students", click **Upload a CSV or text file** or type the identifiers for the students, then click **Add roster entries**.
+     {% endnote %}
+   - To manually add students, under "Manually add students", click **Upload a CSV or text file** or type the identifiers for the students, then click **Add roster entries**.
 
 ## Renaming a classroom