Merge pull request #42567 from github/repo-sync

Repo sync

Author: docs-bot

content/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/logs-not-detailed-enough.md

@@ -13,29 +13,43 @@ redirect_from:
 contentType: how-tos
 ---
 
-If your logs are not detailed enough, there are several steps you can take to make them more useful.
+If your logs are not detailed enough to troubleshoot a problem, there are several steps you can take to obtain extra information and make logs more useful.
 
 ## Enable step debug logging
 
-You can enable step debug logging in {% data variables.product.prodname_actions %} to increase the verbosity of a job's logs during and after a job's execution. For more information, see [AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging#enabling-step-debug-logging).
+You can enable step debug logging in {% data variables.product.prodname_actions %} to increase the verbosity of a job's logs during a job's execution. For more information, see [AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging#enabling-step-debug-logging).
 
 ## Creating {% data variables.product.prodname_codeql %} debugging artifacts
 
 > [!WARNING]
 > {% data variables.product.prodname_codeql %} debugging artifacts contain a copy of the source code being analyzed by {% data variables.product.prodname_codeql %}, therefore we suggest sharing these bundles only with people who are authorized to access that source code.
 
 You can obtain artifacts to help you debug {% data variables.product.prodname_codeql %}.
-The debug artifacts will be uploaded to the workflow run as an artifact named `debug-artifacts`. The data contains the {% data variables.product.prodname_codeql %} logs, {% data variables.product.prodname_codeql %} database(s), extracted source code files, and any SARIF file(s) produced by the workflow. For more information about downloading {% data variables.product.prodname_codeql %} artifacts, see [AUTOTITLE](/actions/managing-workflow-runs/downloading-workflow-artifacts).
+The debug artifacts will be uploaded to the workflow run as artifacts with names starting with `debug-artifacts`. If {% data variables.product.prodname_codeql %} analyzes multiple languages concurrently as part of the workflow run, there will be one such artifact for every language. The data contains the {% data variables.product.prodname_codeql %} logs, {% data variables.product.prodname_codeql %} databases, extracted source code files, and any SARIF files produced by the workflow. For more information about downloading {% data variables.product.prodname_codeql %} artifacts, see [AUTOTITLE](/actions/managing-workflow-runs/downloading-workflow-artifacts).
 
 These artifacts will help you debug problems with {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}. If you contact GitHub support, they might ask for this data.
 
-### Creating {% data variables.product.prodname_codeql %} debugging artifacts by re-running jobs with debug logging enabled
+### Creating {% data variables.product.prodname_codeql %} debugging artifacts for {% data variables.product.prodname_codeql %} default setup
 
-You can create {% data variables.product.prodname_codeql %} debugging artifacts by enabling debug logging and re-running the jobs. For more information about re-running {% data variables.product.prodname_actions %} workflows and jobs, see [AUTOTITLE](/actions/managing-workflow-runs/re-running-workflows-and-jobs).
+You can create {% data variables.product.prodname_codeql %} debugging artifacts by enabling {% data variables.product.prodname_actions %} step debug logging and triggering a new {% data variables.product.prodname_codeql %} analysis by, for example, pushing a new commit to a pull request branch. For information on how to enable {% data variables.product.prodname_actions %} step debug logging, see [AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging#enabling-step-debug-logging).
 
-You need to ensure that you select **Enable debug logging**. This option enables runner diagnostic logging and step debug logging for the run. You'll then be able to download `debug-artifacts` to investigate further. You do not need to modify the workflow file when creating {% data variables.product.prodname_codeql %} debugging artifacts by re-running jobs.
+{% ifversion org-private-registry %}
 
-### Creating {% data variables.product.prodname_codeql %} debugging artifacts using a workflow flag
+If you have given {% data variables.product.prodname_codeql %} access to private registries, additional artifacts whose names start with `proxy-log-file` will be available. These contain logs of the authentication proxy that is used by {% data variables.product.prodname_codeql %} default setup to authenticate requests to private registries and may be used to troubleshoot private registry configurations. To learn more, see [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries).
+
+{% endif %}
+
+### Creating {% data variables.product.prodname_codeql %} debugging artifacts for {% data variables.product.prodname_codeql %} advanced setup
+
+Debugging artifacts for {% data variables.product.prodname_codeql %} advanced setup can be obtained in several different ways.
+
+#### Re-running jobs with debug logging enabled
+
+The easiest option to create debugging artifacts for {% data variables.product.prodname_codeql %} advanced setup is by re-running jobs with debug logging enabled. For more information about re-running {% data variables.product.prodname_actions %} workflows and jobs, see [AUTOTITLE](/actions/managing-workflow-runs/re-running-workflows-and-jobs).
+
+You need to ensure that you select **Enable debug logging**. This option enables runner diagnostic logging and step debug logging for the run. You'll then be able to download {% data variables.product.prodname_codeql %} debugging artifacts to investigate further. You do not need to modify the workflow file when creating {% data variables.product.prodname_codeql %} debugging artifacts by re-running jobs.
+
+#### Using a workflow flag
 
 You can create {% data variables.product.prodname_codeql %} debugging artifacts by using a flag in your workflow. For this, you need to modify the `init` step of your {% data variables.code-scanning.codeql_workflow %} file and set `debug: true`.
 
@@ -45,3 +59,7 @@ You can create {% data variables.product.prodname_codeql %} debugging artifacts
   with:
     debug: true
 ```
+
+#### Using {% data variables.product.prodname_actions %} step debug logging
+
+If you have enabled {% data variables.product.prodname_actions %} step debug logging, {% data variables.product.prodname_codeql %} will also produce debugging artifacts and upload them. See [AUTOTITLE](/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging#enabling-step-debug-logging).

content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries.md

@@ -16,20 +16,28 @@ contentType: how-tos
 
 ## About the importance of providing access to private registries
 
-When a repository uses code stored in a private registry, some security features need access to the registry to enable them to work effectively. Without access to all the dependencies of a repository, {% ifversion code-quality %}{% data variables.product.prodname_code_quality_short %} ({% data variables.release-phases.public_preview %}), {% endif %}{% data variables.product.prodname_code_scanning %} default setup and {% data variables.product.prodname_dependabot %} are limited.
+When code in a repository has dependencies that are stored in a private registry, some security features need access to the registry to enable them to work effectively. Without access to all the dependencies of a repository, the effectiveness of {% ifversion code-quality %}{% data variables.product.prodname_code_quality_short %} ({% data variables.release-phases.public_preview %}), {% endif %}{% data variables.product.prodname_code_scanning %} default setup and {% data variables.product.prodname_dependabot %} are limited.
 
 ## {% data variables.product.prodname_code_scanning_caps %} default setup access to private registries
 
-If you do not define access to the private registries your organization uses, then {% data variables.product.prodname_code_scanning %} will only gather necessary data from dependencies available in public registries. Most times, this is enough for surfacing most of the vulnerabilities. However, in some cases the lack of access can lead to false negative results, that is, {% data variables.product.prodname_code_scanning %} is unable to detect a vulnerability in the code because it does not have all the information it needs to analyze the code. For example, some of the data flow paths may not be detected because steps are defined in dependencies that are not accessible and {% data variables.product.prodname_code_scanning %} does not know how to interpret them.
+If you do not define access to the private registries your organization uses, then {% data variables.product.prodname_code_scanning %} will only gather necessary data from dependencies available in public registries. Most times, this is enough for surfacing most of the vulnerabilities. However, in some cases the lack of access can lead to false negative results. In other words, {% data variables.product.prodname_code_scanning %} is unable to detect a vulnerability in the code because it does not have all the information it needs to analyze the code. For example, some of the data flow paths may not be detected because steps are defined in dependencies that are not accessible and {% data variables.product.prodname_code_scanning %} does not know how to interpret them.
 
 When you configure access to the private registries used in your organization, {% data variables.product.prodname_code_scanning %} has access to all the information it needs and is much less likely to miss a vulnerability.
 
+{% data variables.product.prodname_code_scanning_caps %} default setup supports the following registry types:
+
+| Language | Registry types |
+|----------|----------------|
+| C# | NuGet Feed |
+| Go | GOPROXY server, Git Source |
+| Java | Maven Repository |
+
 > [!TIP]
-> You can define one of each type of registry for each organization. If the codebases in your organization use more than one registry of a given type, you should define access to the most important registry for the codebases in that organization.
+> You can define one of each type of registry for each organization. If the codebases in your organization use more than one registry of a given type, you should set up a unified access point or define access to the most important registry for the codebases in that organization.
 
 ### Defining registry access for {% data variables.product.prodname_code_scanning %} default setup
 
-You need to be an **organization owner** to set up access to private registries in the user interface. You can also use the REST API with organization owner or `{read,write}_org_private_registries` permission.
+You need to be an **organization owner** to set up access to private registries in the user interface. You can also use the REST API with the organization owner or `{read,write}_org_private_registries` permissions.
 
 1. On the **Settings** tab for the organization, scroll down to the "Security" section and select **Secrets and variables**.
 1. In the expanded list of secrets and variables, select **Private registries** to display the "Private Registries" page.
@@ -38,6 +46,7 @@ You need to be an **organization owner** to set up access to private registries
    * **URL** is the location where you access the private registry. For example, to use the {% data variables.product.prodname_registry %} registry for NuGet: `https://nuget.pkg.github.com/`.
    * **Type** is the type of registry.
 1. Select either **Token** or **Username and password**, depending on the authentication method, then enter data into the appropriate fields.
+   Some types of authentication tokens, such as a {% data variables.product.github %} {% data variables.product.pat_generic_title_case %}, are tied to a particular user identity. Select the **Username and password** option for these and enter the relevant username as **Username** and the token as **Password**.
 1. Define which repositories in the organization can access the private registry using these details: all, private and internal, or selected repositories only.
 1. When you have finished defining the private registry, select **Add Registry** to save the registry information.
 

content/code-security/how-tos/view-and-interpret-data/viewing-code-scanning-logs.md

@@ -77,15 +77,17 @@ After configuring {% data variables.product.prodname_code_scanning %} for your r
 
 ### Determining whether {% data variables.product.prodname_code_scanning %} default setup used any private registries
 
-{% data variables.product.prodname_code_scanning_caps %} default setup includes a `Setup proxy or registries` step. When you are looking at a log file for default setup, you can expand this step. If the step includes:
+{% data variables.product.prodname_code_scanning_caps %} default setup workflows include a `Setup proxy for registries` step. When you are looking at a workflow run for default setup, you can expand this step to view the corresponding log and look for the following messages:
 
-* `Using registries_credentials input.` At least one private registry is configured for the organization.
+* `Using registries_credentials input.` At least one private registry is configured for the organization. This includes configurations for private registry types which are not supported by {% data variables.product.prodname_code_scanning %} default setup. For more details about supported registry types, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/giving-org-access-private-registries#code-scanning-default-setup-access-to-private-registries).
 
 * `Credentials loaded for the following registries:`
-  * No further output in the step. Access was unsuccessful.
-  * `Type: nuget_feed;` Default set up accessed a private Nuget feed.
-  * `Type: maven_repository;` Default set up accessed a private Maven repository.
+  * If no list of configurations follows, then no private registry configurations supported by {% data variables.product.prodname_code_scanning %} default setup were found.
+  * Otherwise, one line for each supported configuration that was successfully loaded is shown. For example, a line containing `Type: nuget_feed; Host: undefined; Url: https://nuget.pkg.github.com/; Username: undefined; Password: true; Token: false` indicates that a private NuGet Feed configuration was loaded.
+  * The information about the configuration in the log may not match exactly what is configured for the organization in the UI. For example, the log may indicate that a `Password` is set, even though a `Token` is configured in the UI.
 
-For more information, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/giving-org-access-private-registries).
+If the output from the `Setup proxy for registries` step is as expected, but {% data variables.product.prodname_code_scanning %} default setup is unable to successfully access dependencies in the private registries, you can obtain additional troubleshooting information. See [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/troubleshooting/troubleshooting-analysis-errors/logs-not-detailed-enough#creating-codeql-debugging-artifacts-for-codeql-default-setup).
+
+For more information about giving {% data variables.product.prodname_code_scanning %} default setup access to private registries, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/giving-org-access-private-registries).
 
 {% endif %}