Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file not shown.
Binary file modified assets/images/help/repository/dependabot-alerts-view.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file not shown.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file not shown.
Binary file modified assets/images/help/repository/legacy-dependabot-alerts-view.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Original file line number Diff line number Diff line change
Expand Up @@ -1093,7 +1093,7 @@ Before you'll see `git` category actions, you must enable Git events in the audi
{%- ifversion ghes %}
| `repo.disk_archive` | A repository was archived on disk. For more information, see "[AUTOTITLE](/repositories/archiving-a-github-repository/archiving-repositories)."
{%- endif %}
| `repo.download_zip` | A source code archive of a repository was downloaded as a ZIP file.
| `repo.download_zip` | A source code archive of a repository was downloaded as a ZIP file. For more information, see "[AUTOTITLE](/repositories/working-with-files/using-files/downloading-source-code-archives)."
| `repo.pages_cname` | A {% data variables.product.prodname_pages %} custom domain was modified in a repository.
| `repo.pages_create` | A {% data variables.product.prodname_pages %} site was created.
| `repo.pages_destroy` | A {% data variables.product.prodname_pages %} site was deleted.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,9 @@ For supported languages, {% data variables.product.prodname_dependabot %} detect
1. View the details for an alert. For more information, see "[Viewing {% data variables.product.prodname_dependabot_alerts %}](#viewing-dependabot-alerts)" (above).
{% ifversion fpt or ghec or ghes %}
1. If you have {% data variables.product.prodname_dependabot_security_updates %} enabled, there may be a link to a pull request that will fix the dependency. Alternatively, you can click **Create {% data variables.product.prodname_dependabot %} security update** at the top of the alert details page to create a pull request.
![Create {% data variables.product.prodname_dependabot %} security update button](/assets/images/help/repository/create-dependabot-security-update-button-ungrouped.png)

![Screenshot of a {% data variables.product.prodname_dependabot %} alert with the "Create {% data variables.product.prodname_dependabot %} security update" button highlighted with a dark orange outline.](/assets/images/help/repository/create-dependabot-security-update-button-ungrouped.png)

1. Optionally, if you do not use {% data variables.product.prodname_dependabot_security_updates %}, you can use the information on the page to decide which version of the dependency to upgrade to and create a pull request to update the dependency to a secure version.
{% elsif ghae %}
1. You can use the information on the page to decide which version of the dependency to upgrade to and create a pull request to the manifest or lock file to a secure version.
Expand Down Expand Up @@ -201,12 +203,11 @@ You can view all open alerts, and you can reopen alerts that have been previousl
1. To just view closed alerts, click **Closed**.

{%- ifversion dependabot-bulk-alerts %}
![Screenshot showing the list of Dependabot alerts with the "Closed" tab highlighted with a dark orange outline.](/assets/images/help/repository/dependabot-alerts-closed-checkbox.png)
{%- else %}
![Screenshot showing the list of Dependabot alerts with the "Closed" tab highlighted with a dark orange outline.](/assets/images/help/repository/dependabot-alerts-closed.png)
![Screenshot showing the list of {% data variables.product.prodname_dependabot_alerts %} with the "Closed" tab highlighted with a dark orange outline.](/assets/images/help/repository/dependabot-alerts-closed-checkbox.png)
{%- endif %}

1. Click the alert that you would like to view or update.
2. Optionally, if the alert was dismissed and you wish to reopen it, click **Reopen**. Alerts that have already been fixed cannot be reopened.
1. Optionally, if the alert was dismissed and you wish to reopen it, click **Reopen**. Alerts that have already been fixed cannot be reopened.

{% indented_data_reference reusables.enterprise.3-5-missing-feature spaces=3 %}
![Screenshot showing the "Reopen" button](/assets/images/help/repository/reopen-dismissed-alert.png)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -49,10 +49,12 @@ You can enable {% data variables.secret-scanning.user_alerts %} for any {% ifver
{% ifversion ghec %}![Enable {% data variables.product.prodname_GH_advanced_security %} for your repository](/assets/images/help/repository/enable-ghas-dotcom.png)
{% elsif ghes or ghae %}![Enable {% data variables.product.prodname_GH_advanced_security %} for your repository](/assets/images/enterprise/3.1/help/repository/enable-ghas.png){% endif %}
1. Review the impact of enabling {% data variables.product.prodname_advanced_security %}, then click **Enable {% data variables.product.prodname_GH_advanced_security %} for this repository**.
1. When you enable {% data variables.product.prodname_advanced_security %}, {% data variables.product.prodname_secret_scanning %} may automatically be enabled for the repository due to the organization's settings. If "{% data variables.product.prodname_secret_scanning_caps %}" is shown with an **Enable** button, you still need to enable {% data variables.product.prodname_secret_scanning %} by clicking **Enable**. If you see a **Disable** button, {% data variables.product.prodname_secret_scanning %} is already enabled.
![Enable {% data variables.product.prodname_secret_scanning %} for your repository](/assets/images/help/repository/enable-secret-scanning-ghec.png){% endif %}{% ifversion fpt %}
2. Scroll down to the bottom of the page, and click **Enable** for {% data variables.product.prodname_secret_scanning %}. If you see a **Disable** button, it means that {% data variables.product.prodname_secret_scanning %} is already enabled for the repository.
![Enable {% data variables.product.prodname_secret_scanning %} for your repository](/assets/images/help/repository/enable-secret-scanning-alerts-fpt.png){% endif %}
1. When you enable {% data variables.product.prodname_advanced_security %}, {% data variables.product.prodname_secret_scanning %} may automatically be enabled for the repository due to the organization's settings. If "{% data variables.product.prodname_secret_scanning_caps %}" is shown with an **Enable** button, you still need to enable {% data variables.product.prodname_secret_scanning %} by clicking **Enable**. If you see a **Disable** button, {% data variables.product.prodname_secret_scanning %} is already enabled.

![Screenshot of the "{% data variables.product.prodname_secret_scanning_caps %}" section of the "Code security and analysis" page, with the "Enable" button highlighted in a dark orange outline.](/assets/images/help/repository/enable-secret-scanning-alerts.png){% endif %}{% ifversion fpt %}
1. Scroll down to the bottom of the page, and click **Enable** for {% data variables.product.prodname_secret_scanning %}. If you see a **Disable** button, it means that {% data variables.product.prodname_secret_scanning %} is already enabled for the repository.

![Screenshot of the "{% data variables.product.prodname_secret_scanning_caps %}" section of the "Code security and analysis" page, with the "Enable" button highlighted in a dark orange outline.](/assets/images/help/repository/enable-secret-scanning-alerts.png){% endif %}

{% ifversion secret-scanning-push-protection %}
1. Optionally, if you want to enable push protection, click **Enable** to the right of "Push protection." {% data reusables.secret-scanning.push-protection-overview %} For more information, see "[AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)."
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -684,7 +684,7 @@ For more information, see "[AUTOTITLE](/organizations/managing-organization-sett
| `create_actions_secret` |Triggered when a {% data variables.product.prodname_actions %} secret is created for a repository. For more information, see "[AUTOTITLE](/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository)."{% endif %}
| `destroy` | Triggered when [a repository is deleted](/repositories/creating-and-managing-repositories/deleting-a-repository).{% ifversion fpt or ghec %}
| `disable` | Triggered when a repository is disabled (e.g., for [insufficient funds](/billing/managing-your-github-billing-settings/unlocking-a-locked-account)).{% endif %}
| `download_zip` | A source code archive of a repository was downloaded as a ZIP file.
| `download_zip` | A source code archive of a repository was downloaded as a ZIP file. For more information, see "[AUTOTITLE](/repositories/working-with-files/using-files/downloading-source-code-archives)."
| `enable` | Triggered when a repository is re-enabled.{% ifversion fpt or ghes or ghec %}
| `remove_actions_secret` | Triggered when a {% data variables.product.prodname_actions %} secret is removed.{% endif %}
| `remove_member` | Triggered when a user is [removed from a repository as a collaborator](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-access-to-your-personal-repositories/removing-a-collaborator-from-a-personal-repository).
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ redirect_from:
---
## About {% data variables.large_files.product_name_short %} objects in archives

{% data variables.product.product_name %} creates source code archives of your repository in the form of ZIP files and tarballs. People can download these archives on the main page of your repository or as release assets. By default, {% data variables.large_files.product_name_short %} objects are not included in these archives, only the pointer files to these objects. To improve the usability of archives for your repository, you can choose to include the {% data variables.large_files.product_name_short %} objects instead. To be included, the {% data variables.large_files.product_name_short %} objects must be covered by tracking rules in a *.gitattributes* file that has been committed to the repository.
{% data variables.product.product_name %} creates [source code archives](/repositories/working-with-files/using-files/downloading-source-code-archives) of your repository in the form of ZIP files and tarballs. People can download these archives on the main page of your repository or as release assets. By default, {% data variables.large_files.product_name_short %} objects are not included in these archives, only the pointer files to these objects. To improve the usability of archives for your repository, you can choose to include the {% data variables.large_files.product_name_short %} objects instead. To be included, the {% data variables.large_files.product_name_short %} objects must be covered by tracking rules in a *.gitattributes* file that has been committed to the repository.

If you choose to include {% data variables.large_files.product_name_short %} objects in archives of your repository, every download of those archives will count towards bandwidth usage for your account. Each account receives {% data variables.large_files.initial_bandwidth_quota %} per month of bandwidth for free, and you can pay for additional usage. For more information, see "[AUTOTITLE](/repositories/working-with-files/managing-large-files/about-storage-and-bandwidth-usage)" and "[AUTOTITLE](/billing/managing-billing-for-git-large-file-storage)."

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ For example:
- If {% data variables.product.prodname_actions %} downloads a 500 MB file that is tracked with LFS, it will use 500 MB of the repository owner's allotted bandwidth.

{% ifversion fpt or ghec %}
If {% data variables.large_files.product_name_long %} ({% data variables.large_files.product_name_short %}) objects are included in source code archives for your repository, downloads of those archives will count towards bandwidth usage for the repository. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-git-lfs-objects-in-archives-of-your-repository)."
If {% data variables.large_files.product_name_long %} ({% data variables.large_files.product_name_short %}) objects are included in [source code archives](/repositories/working-with-files/using-files/downloading-source-code-archives) for your repository, downloads of those archives will count towards bandwidth usage for the repository. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-git-lfs-objects-in-archives-of-your-repository)."
{% endif %}

{% tip %}
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
---
title: Downloading source code archives
intro: 'You can download a snapshot of the code in your repository.'
versions:
fpt: '*'
ghes: '*'
ghae: '*'
ghec: '*'
topics:
- Repositories
shortTitle: Source code archives
---
## Overview of source code archives

You can download a snapshot of any branch, tag, or specific commit from {% data variables.location.product_location %}. These snapshots are generated by the [`git archive` command](https://git-scm.com/docs/git-archive) in one of two formats: tarball or zipball. Snapshots don't contain the entire repository history. If you want the entire history, you can clone the repository. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/cloning-a-repository)."

## Downloading source code archives

You can download the source code archives in three ways.

### Downloading source code archives from the repository view

{% data reusables.repositories.navigate-to-repo %}
1. Above the list of files, click {% octicon "download" aria-label="The download icon" %} **Code**.

!["Code" button](/assets/images/help/repository/code-button.png)

1. Click {% octicon "file-zip" aria-label="The ZIP icon" %} **Download ZIP**.

### Downloading source code archives from a release

{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.releases %}
1. Scroll down to the "Assets" section of the release.
1. To download the source code, click {% octicon "file-zip" aria-label="The ZIP icon" %} **Source code (zip)** or {% octicon "file-zip" aria-label="The ZIP icon" %} **Source code (tar.gz)**.

### Downloading source code archives from a tag

{% data reusables.repositories.navigate-to-repo %}
{% data reusables.repositories.releases %}
1. At the top of the Releases page, click **Tags**.
1. To download the source code, click {% octicon "file-zip" aria-label="The ZIP icon" %} **zip** or {% octicon "file-zip" aria-label="The ZIP icon" %} **tar.gz**.

![Screenshot of the "Tags" page of a repository. The zip and tar.gz options are outlined in dark orange.](/assets/images/help/repository/tags-download-zip-targz.png)

## Source code archive URLs

Source code archives are available at specific URLs for each repository. For example, consider the repository `github/codeql`. There are different URLs for downloading a branch, a tag, or a specific commit ID.

| Type of archive | Example | URL |
|-----------------|---------|---------|
| Branch | `main` | [https://github.com/github/codeql/archive/refs/**heads/main**.tar.gz](https://github.com/github/codeql/archive/refs/heads/main.tar.gz) |
| Tag | `codeql-cli/latest` | [https://github.com/github/codeql/archive/refs/**tags/codeql-cli/latest**.zip](https://github.com/github/codeql/archive/refs/tags/codeql-cli/latest.zip) |
| Commit | `aef66c4` | [https://github.com/github/codeql/archive/**aef66c462abe817e33aad91d97aa782a1e2ad2c7**.zip](https://github.com/github/codeql/archive/aef66c462abe817e33aad91d97aa782a1e2ad2c7.zip) |

{% note %}

**Note**: You can use either `.zip` or `.tar.gz` in the URLs above to request a zipball or tarball respectively.

{% endnote %}

## Stability of source code archives

Source code archives are generated on request, cached for a while, and then deleted. If the same archive is requested again in the future, it'll be regenerated. It's important to understand what guarantees {% data variables.product.company_short %} makes about source code archives.

* An archive of a commit ID will always have the same file contents whenever it's requested, assuming the commit ID is still in the repository.
* Because branches and tags can move to different commit IDs, future downloads of an archive may have different contents than previously downloaded archives of the same branch or tag. Assuming the branch or tag still points at the same commit ID, it will have the same file contents.
* The exact compression settings used to generate a zipball or tarball may change over time. The extracted contents won't change if the branch or tag doesn't change, but the outer compressed archive may have a different byte layout. {% data variables.product.company_short %} will give at least six months' notice before changing compression settings.

If you rely on stability of source code archives for reproducibility (ensuring you always get identical files inside the archive), we recommend using the [archives REST API](/rest/repos/contents#download-a-repository-archive-tar) with a commit ID for `:ref`. Using the commit ID ensures you'll always get the same file contents inside the archive and you’ll be immune to repositories rewriting tags or moving branch heads.

If you rely on stability of archives for security (for example: to ensure you don't attempt to unzip a maliciously-crafted file), we recommend using releases instead of using source downloads. For more information, see "[AUTOTITLE](/repositories/releasing-projects-on-github/about-releases)."

You can use something like [this third-party {% data variables.product.company_short %} action](https://github.com/softprops/action-gh-release) to create and push these files as part of your release process. The [Release Assets REST API](/rest/releases/assets#get-a-release-asset) can later be used to retrieve them.
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ children:
- /navigating-code-on-github
- /viewing-a-file
- /getting-permanent-links-to-files
- /downloading-source-code-archives
- /working-with-non-code-files
---

Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
{% ifversion fpt or ghec %}
You can choose whether {% data variables.large_files.product_name_short %} objects are included in source code archives, such as ZIP files and tarballs, that {% data variables.product.product_name %} creates for your repository. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-git-lfs-objects-in-archives-of-your-repository)."
You can choose whether {% data variables.large_files.product_name_short %} objects are included in [source code archives](/repositories/working-with-files/using-files/downloading-source-code-archives), such as ZIP files and tarballs, that {% data variables.product.product_name %} creates for your repository. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-git-lfs-objects-in-archives-of-your-repository)."
{% endif %}