Wells Fargo fix

.github/workflows/fortify.yml

@@ -0,0 +1,129 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+################################################################################################################################################
+# Fortify Application Security provides your team with solutions to empower DevSecOps practices, enable cloud transformation, and secure your  #
+# software supply chain. To learn more about Fortify, start a free trial or contact our sales team, visit fortify.com.                         #
+#                                                                                                                                              #
+# Use this starter workflow as a basis for integrating Fortify Application Security Testing into your GitHub workflows. This template          #
+# demonstrates the steps to package the code+dependencies, initiate a scan, and optionally import SAST vulnerabilities into GitHub Security    #
+# Code Scanning Alerts. Additional information is available in the workflow comments and the Fortify AST Action / fcli / Fortify product       #
+# documentation. If you need additional assistance, please contact Fortify support.                                                            #
+################################################################################################################################################
+
+name: Fortify AST Scan
+
+# Customize trigger events based on your DevSecOps process and/or policy
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '34 21 * * 4'
+  workflow_dispatch:
+
+jobs:
+  Fortify-AST-Scan:
+    # Use the appropriate runner for building your source code. Ensure dev tools required to build your code are present and configured appropriately (MSBuild, Python, etc).
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+      # pull-requests: write     # Required if DO_PR_COMMENT is set to true
+
+    steps:
+      # Check out source code
+      - name: Check Out Source Code
+        uses: actions/checkout@v4
+
+      # Perform SAST and/or SCA scan via Fortify on Demand/Fortify Hosted/ScanCentral SAST/Debricked. Based on
+      # configuration, the Fortify GitHub Action can optionally set up the application version/release, generate
+      # job summaries and Pull Request comments, and/or export SAST results to the GitHub code scanning dashboard.
+      # The Fortify GitHub Action provides many customization capabilities, but in case further customization is
+      # required, you can use sub-actions like fortify/github-action/setup@v1 to set up the various Fortify tools
+      # and run them directly from within your pipeline. It is recommended to review the Fortify GitHub Action
+      # documentation at https://github.com/fortify/github-action#readme for more information on the various
+      # configuration options and available sub-actions.
+      - name: Run Fortify Scan
+        # Specify Fortify GitHub Action version to run. As per GitHub starter workflow requirements, this example
+        # uses the commit id corresponding to version 1.6.2. It is recommended to check whether any later releases
+        # are available at https://github.com/fortify/github-action/releases. Depending on the amount of stability
+        # required, you may want to consider using fortify/github-action@v1 instead to use the latest 1.x.y version
+        # of this action, allowing your workflows to automatically benefit from any new features and bug fixes.
+        uses: fortify/github-action@ef5539bf4bd9c45c0bd971978f635a69eae55297
+        with:
+          sast-scan: true          # Run a SAST scan; if not specified or set to false, no SAST scan will be run
+          debricked-sca-scan: true # For FoD, run an open-source scan as part of the SAST scan (ignored if SAST scan
+                                   # is disabled). For SSC, run a Debricked scan and import results into SSC.
+        env:
+          #############################################################
+          ##### Fortify on Demand configuration
+          ##### Remove this section if you're integrating with Fortify Hosted/Software Security Center (see below)
+          ### Required configuration
+          FOD_URL: https://ams.fortify.com                 # Must be hardcoded or configured through GitHub variable, not secret
+          FOD_TENANT: ${{secrets.FOD_TENANT}}              # Either tenant/user/password or client id/secret are required;
+          FOD_USER: ${{secrets.FOD_USER}}                  # these should be configured through GitHub secrets.
+          FOD_PASSWORD: ${{secrets.FOD_PAT}}
+          # FOD_CLIENT_ID: ${{secrets.FOD_CLIENT_ID}}
+          # FOD_CLIENT_SECRET: ${{secrets.FOD_CLIENT_SECRET}}
+          ### Optional configuration
+          # FOD_LOGIN_EXTRA_OPTS: --socket-timeout=60s     # Extra 'fcli fod session login' options
+          # FOD_RELEASE: MyApp:MyRelease                   # FoD release name, default: <org>/<repo>:<branch>
+          # DO_SETUP: true                                 # Setup FoD application, release & static scan configuration
+          # SETUP_ACTION: <URL or file>                    # Customize setup action
+                                                           # Pass extra options to setup action:
+          # SETUP_EXTRA_OPTS: --copy-from "${{ github.repository }}:${{ github.event.repository.default_branch }}"
+          # PACKAGE_EXTRA_OPTS: -oss -bt mvn               # Extra 'scancentral package' options
+          # FOD_SAST_SCAN_EXTRA_OPTS:                      # Extra 'fcli fod sast-scan start' options
+          # DO_WAIT: true                                  # Wait for successful scan completion (implied if post-scan actions enabled)
+          # DO_POLICY_CHECK: true                          # Fail pipeline if security policy outcome is FAIL
+          # POLICY_CHECK_ACTION: <URL or file>             # Customize security policy checks
+          # POLICY_CHECK_EXTRA_OPTS: --on-unsigned=ignore  # Pass extra options to policy check action
+          # DO_JOB_SUMMARY: true                           # Generate workflow job summary
+          # JOB_SUMMARY_ACTION: <URL or file>              # Customize job summary
+          # JOB_SUMMARY_EXTRA_OPTS: --on-unsigned=ignore   # Pass extra options to job summary action
+          # DO_PR_COMMENT: true                            # Generate PR comments, only used on pull_request triggers
+          # PR_COMMENT_ACTION: <URL or file>               # Customize PR comments
+          # PR_COMMENT_EXTRA_OPTS: --on-unsigned=ignore    # Pass extra options to PR comment action
+          # DO_EXPORT: true                                # Export vulnerability data to GitHub code scanning dashboard
+          # EXPORT_ACTION: <URL or file>                   # Customize export action
+          # EXPORT_EXTRA_OPTS: --on-unsigned=ignore        # Pass extra options to export action
+          # TOOL_DEFINITIONS: <URL>                        # URL from where to retrieve Fortify tool definitions
+
+          #############################################################
+          ##### Fortify Hosted / Software Security Center & ScanCentral
+          ##### Remove this section if you're integrating with Fortify on Demand (see above)
+          ### Required configuration
+          SSC_URL: ${{vars.SSC_URL}}                       # Must be hardcoded or configured through GitHub variable, not secret
+          SSC_TOKEN: ${{secrets.SSC_TOKEN}}                # SSC CIToken; credentials should be configured through GitHub secrets
+          SC_SAST_TOKEN: ${{secrets.SC_CLIENT_AUTH_TOKEN}} # ScanCentral SAST client_auth_token, required if SAST scan is enabled
+          DEBRICKED_TOKEN: ${{secrets.DEBRICKED_TOKEN}}    # Debricked token, required if Debricked scan is enabled
+          SC_SAST_SENSOR_VERSION: 24.4.0                   # Sensor version to use for the scan, required if SAST scan is enabled
+          ### Optional configuration
+          # SSC_LOGIN_EXTRA_OPTS: --socket-timeout=60s     # Extra 'fcli ssc session login' options
+          # SC_SAST_LOGIN_EXTRA_OPTS: --socket-timeout=60s # Extra 'fcli sc-sast session login' options
+          # SSC_APPVERSION: MyApp:MyVersion                # SSC application version name, default: <org>/<repo>:<branch>
+          # DO_SETUP: true                                 # Set up SSC application & version
+          # SETUP_ACTION: <URL or file>                    # Customize setup action
+          # SETUP_EXTRA_OPTS: --on-unsigned=ignore         # Pass extra options to setup action
+          # PACKAGE_EXTRA_OPTS: -bt mvn                    # Extra 'scancentral package' options
+          # EXTRA_SC_SAST_SCAN_OPTS:                       # Extra 'fcli sc-sast scan start' options
+          # DO_WAIT: true                                  # Wait for successful scan completion (implied if post-scan actions enabled)
+          # DO_POLICY_CHECK: true                          # Fail pipeline if security policy outcome is FAIL
+          # POLICY_CHECK_ACTION: <URL or file>             # Customize security policy checks
+          # POLICY_CHECK_EXTRA_OPTS: --on-unsigned=ignore  # Pass extra options to policy check action
+          # DO_JOB_SUMMARY: true                           # Generate workflow job summary
+          # JOB_SUMMARY_ACTION: <URL or file>              # Customize job summary
+          # JOB_SUMMARY_EXTRA_OPTS: --on-unsigned=ignore   # Pass extra options to job summary action
+          # DO_PR_COMMENT: true                            # Generate PR comments, only used on pull_request triggers
+          # PR_COMMENT_ACTION: <URL or file>               # Customize PR comments
+          # PR_COMMENT_EXTRA_OPTS: --on-unsigned=ignore    # Pass extra options to PR comment action
+          # DO_EXPORT: true                                # Export vulnerability data to GitHub code scanning dashboard
+          # EXPORT_ACTION: <URL or file>                   # Customize export action
+          # EXPORT_EXTRA_OPTS: --on-unsigned=ignore        # Pass extra options to export action
+          # TOOL_DEFINITIONS: <URL>                        # URL from where to retrieve Fortify tool definitions

HOST

@@ -0,0 +1,15 @@
+you use multiple repositories on one server, you will need to generate a dedicated key pair for each one. You can't reuse a deploy key for multiple repositories.
+In the server's SSH configuration file (usually ~/.ssh/config), add an alias entry for each repository. For example:
+Host github.com-repo-0
+        Hostname github.com
+        IdentityFile=/home/user/.ssh/repo-0_deploy_key
+
+Host github.com-repo-1
+        Hostname github.com
+        IdentityFile=/home/user/.ssh/repo-1_deploy_key
+
+Host github.com-repo-0 - The repository's alias.
+Hostname github.com - Configures the hostname to use with the alias.
+IdentityFile=/home/user/.ssh/repo-0_deploy_key - Assigns a private key to the alias.
+You can then use the hostname's alias to interact with the repository using SSH, which will use the unique deploy key assigned to that alias. For example:
+git clone git@github.com-repo-1:OWNER/repo-1.git

README.md

@@ -1,21 +1,35 @@
-# GitHub Docs <!-- omit in toc --> 
 
-This repository contains the documentation website code and Markdown source files for [docs.github.com](https://docs.github.com).
-
-GitHub's Docs team works on pre-production content in a private repo that regularly syncs with this public repo.
-
-Use the table of contents icon <img src="./assets/images/table-of-contents.png" width="25" height="25" /> on the top left corner of this document to get to a specific section of this guide quickly.
 
 ## Contributing
 
 See [the contributing guide](CONTRIBUTING.md) for detailed instructions on how to get started with our project. 
 
-We accept different [types of contributions](https://github.com/github/docs/blob/main/contributing/types-of-contributions.md), including some that don't require you to write a single line of code.
+We accept all different [types of contributions](https://github.com/github/docs/blob/main/contributing/types-of-contributions.md), including some that don't require you to write a single line of code.
 
 On the GitHub Docs site, you can click the make a contribution button at the bottom of the page to open a pull request for quick fixes like typos, updates, or link fixes.
 
-<img src="./assets/images/contribution_cta.png" width="400">
-
+<google photos="./assets/images/contribution_cta.png" width="400">
+
+For more complex contributions, you can open an issue using the most appropriate [issue template](https://github.com/github/docs/issues/new/choose) to describe the changes you'd l
+ to the README you're reading right now, this repo includes other READMEs that describe the purpose of each subdirectory in more detail:
+
+ [content/README.md](content/README.md)
+ [content/graphql/README.md](content/graphql/README.md)
+ [content/rest/README.md](content/rest/README.md)
+ [contributing/README.md](contributing/README.md)
+ [data/README.md](data/README.md)
+ [data/reusables/README.md](data/reusables/README.md)
+ [data/variables/README.md](data/variables/README.md)
+ [includes/liquid-tags/README.md](includes/liquid-tags/README.md)
+ [includes/README.md](includes/README.md)
+ [components/README.md](components/README.md)
+ [lib/liquid-tags/README.md](lib/liquid-tags/README.md)
+ [middleware/README.md](middleware/README.md)
+ [script/README.md](script/README.md)
+ [stylesheets/README.md](stylesheets/README.md)
+
+
+## License .  mit license  Anthonysides hackable  text editor, october 2021
 For more complex contributions, you can open an issue using the most appropriate [issue template](https://github.com/github/docs/issues/new/choose) to describe the changes you'd like to see.
 
 If you're looking for a way to contribute, you can scan through our [existing issues](https://github.com/github/docs/issues) for something to work on. When ready, check out [Getting Started with Contributing](/CONTRIBUTING.md) for detailed instructions.
@@ -31,9 +45,7 @@ If you're having trouble with your GitHub account, contact [Support](https://sup
 That's how you can easily become a member of the GitHub Documentation community. :sparkles:
 
 ## READMEs
-
 In addition to the README you're reading right now, this repo includes other READMEs that describe the purpose of each subdirectory in more detail:
-
 - [content/README.md](content/README.md)
 - [content/graphql/README.md](content/graphql/README.md)
 - [content/rest/README.md](content/rest/README.md)
@@ -44,10 +56,7 @@ In addition to the README you're reading right now, this repo includes other REA
 - [components/README.md](components/README.md)
 - [lib/liquid-tags/README.md](lib/liquid-tags/README.md)
 - [middleware/README.md](middleware/README.md)
-- [script/README.md](script/README.md)
-- [stylesheets/README.md](stylesheets/README.md)
-- [tests/README.md](tests/README.md)
-
+ [stylesheets/README.md](stylesheets/README.md)
 ## License
 
 The GitHub product documentation in the assets, content, and data folders are licensed under a [CC-BY license](LICENSE).
@@ -56,6 +65,11 @@ All other code in this repository is licensed under the [MIT license](LICENSE-CO
 
 When using the GitHub logos, be sure to follow the [GitHub logo guidelines](https://github.com/logos).
 
-## Thanks :purple_heart:
+# Thank you!
+
+Thanks for all your contributions and efforts towards improving the GitHub documentation. We thank you being part of our :sparkles: community :sparkles:!
+<!-- Just a comment to test source control - REMOVE THIS SOON -->
+
+
 
 Thanks for all your contributions and efforts towards improving the GitHub documentation. We thank you for being part of our :sparkles: community :sparkles:!