{"meta":{"title":"保护您的仓库","intro":"副驾驶聊天 可以帮助保护仓库和代码。","product":"GitHub Copilot","breadcrumbs":[{"href":"/zh/copilot","title":"GitHub Copilot"},{"href":"/zh/copilot/tutorials","title":"教程"},{"href":"/zh/copilot/tutorials/copilot-chat-cookbook","title":"GitHub Copilot Chat 指南"},{"href":"/zh/copilot/tutorials/copilot-chat-cookbook/analyze-security","title":"分析安全性"},{"href":"/zh/copilot/tutorials/copilot-chat-cookbook/analyze-security/secure-your-repository","title":"保护存储库"}],"documentType":"article"},"body":"# 保护您的仓库\n\n副驾驶聊天 可以帮助保护仓库和代码。\n\n## 配置基本安全功能\n\n### 示例方案\n\n假设你最近为一个新的 Web 应用程序创建了一个仓库，你想要保护它，但不知道从哪里开始。\n\n副驾驶聊天 可以指导你配置最重要的安全功能，以确保仓库安全。\n\n### 示例提示\n\n```copilot copy prompt\nProvide step-by-step instructions on how to enable the following essential security features in my GitHub repository:\n\n* Secret scanning\n* Push protection\n* Dependabot alerts\n* Dependabot security updates\n* Branch protection rules, including enforced code reviews before merging\n\nExplain why each feature is important and how it helps secure my repository.\n```\n\n### 示例响应\n\n副驾驶聊天 提供有关每个安全功能的信息，并解释如何启用它。\n\n```markdown\nWhy it's important:\n\nSecret scanning automatically detects accidentally committed secrets (API keys, credentials, etc.) in your repository.\n\nHow it helps:\n\nLeaked secrets can allow attackers to access systems, steal data, or cause other harm. Early detection prevents misuse.\n\nHow to Enable:\n\n1. Go to your repository on GitHub.\n1. Click on Settings.\n1. In the left sidebar, click Code security.\n1. Scroll to Secret scanning.\n1. Ensure \"Secret scanning\" and \"Push protection\" are both enabled.\n1. If not, click Enable.\n```\n\n## 使用安全策略鼓励安全贡献和最佳做法\n\n### 示例方案\n\n假设你想要公开共享project，并希望制定明确的安全策略，指导用户如何安全地报告存储库中发现的漏洞。\n\n副驾驶聊天 可以为仓库编写安全策略。\n\n### 示例提示\n\n```copilot copy prompt\nWrite a GitHub security policy (SECURITY.md) for my repository. The policy should include:\n\n* A clear description of how users can report security vulnerabilities.\n* A response timeline for security issues.\n* Guidelines for responsible disclosure.\n* Supported versions of the software.\n\nFormat it as a well-structured Markdown document.\n```\n\n### 示例输出\n\n副驾驶聊天 会生成一个 `SECURITY.md` 文件，你可以将其提交到仓库。\n\n```markdown\n# Security Policy\n\nThank you for helping to keep this project and its users secure! This document outlines the security policy and responsible disclosure guidelines for this repository.\n\n## Reporting a Vulnerability\n\nIf you discover a security vulnerability, please report it by emailing **security@yourdomain.com** or by using the GitHub [security advisories](https://github.com/octocat/octocat-repo/security/advisories) feature.\n**Do not** report security vulnerabilities via public GitHub issues or pull requests.\n\nWhen reporting a vulnerability, please include as much information as possible to help us understand and reproduce the issue:\n- A clear description of the vulnerability.\n- Steps to reproduce the issue.\n- Any relevant logs, screenshots, or proof-of-concept code.\n- Your assessment of the potential impact.\n\n## Response Timeline\n\nWe take security issues seriously and will respond according to the following guidelines:\n- **Acknowledgment:** We will acknowledge receipt of your report within **3 business days**.\n- **Investigation:** We will investigate and assess the report as quickly as possible, usually within **7 business days**.\n- **Resolution:** Once a fix is identified, we will work to release a security update promptly. We will coordinate with you as needed, especially if you are the reporter.\n- **Disclosure:** We will notify the community of the vulnerability and fix via a GitHub security advisory, and credit the reporter as appropriate.\n\n## Responsible Disclosure Guidelines\n\nTo protect users of this project, we ask that you:\n- Avoid public disclosure of the vulnerability until it has been investigated and patched.\n- Allow us a reasonable amount of time to resolve the issue before any public disclosure.\n- Provide relevant details privately (see \"Reporting a Vulnerability\" above).\n- Act in good faith and avoid exploiting the vulnerability beyond what is necessary for your report.\n\nWe are committed to working with security researchers and the community to ensure a safe and secure software ecosystem.\n```\n\n## 其他阅读材料\n\n* [GitHub Copilot 对话助手的提示设计](/zh/copilot/using-github-copilot/prompt-engineering-for-github-copilot)\n* [使用 GitHub Copilot 的最佳做法](/zh/copilot/using-github-copilot/best-practices-for-using-github-copilot)"}