update docs

docs/github/repository/forking_allowed_for_repository.md

@@ -1,18 +1,18 @@
 ---
 layout: default
-title: Forking Should Not Be Allowed for This Repository
+title: Forking Should Not Be Allowed for Private/Internal Repositories
 parent: Repository Policies
 grand_parent: GitHub Policies
 ---
 
 
-## Forking Should Not Be Allowed for This Repository
+## Forking Should Not Be Allowed for Private/Internal Repositories
 policy name: forking_allowed_for_repository
 
 severity: LOW
 
 ### Description
-Forking a repository can lead to loss of control and potential exposure of the source code. If you do not need forking, it is recommended to turn it off in the repository configuration. If needed, forking should be turned on by admins deliberately when opting to create a fork.
+Forking private or internal repositories can lead to unauthorized spread and potential exposure of sensitive source code. It is recommended to disable forking for private repositories in the repository or the organization configuration to maintain control over the source code. If forking is necessary, it should be enabled selectively by admins for specific collaboration needs on private repositories.
 
 ### Threat Example(s)
 Forked repositories cause more code and secret sprawl in the organization as forks are independent copies of the repository and need to be tracked separately, making it more difficult to keep track of sensitive assets and contain potential incidents.

docs/github/repository/secret_scanning_not_enabled.md

@@ -0,0 +1,28 @@
+---
+layout: default
+title: Secret Scanning should be enabled
+parent: Repository Policies
+grand_parent: GitHub Policies
+---
+
+
+## Secret Scanning should be enabled
+policy name: secret_scanning_not_enabled
+
+severity: MEDIUM
+
+### Description
+Repository should have secret scanning enabled. Secret scanning helps prevent the exposure of sensitive information and ensures compliance.
+
+### Threat Example(s)
+Exposed secrets increases the risk of sensitive information such as API keys, passwords, and tokens being disclosed, leading to unauthorized access to systems and services, and data breaches.
+
+
+
+### Remediation
+1. Go to the repository settings page
+2. Under the 'Security' title on the left, select 'Code security and analysis'
+3. Under 'Secret scanning', click 'Enable'
+
+
+

docs/gitlab/project/forking_allowed_for_repository.md

@@ -1,18 +1,18 @@
 ---
 layout: default
-title: Forking Should Not Be Allowed
+title: Forking Should Not Be Allowed for Private/Internal Projects
 parent: Project Policies
 grand_parent: GitLab Policies
 ---
 
 
-## Forking Should Not Be Allowed
+## Forking Should Not Be Allowed for Private/Internal Projects
 policy name: forking_allowed_for_repository
 
 severity: LOW
 
 ### Description
-Forking a repository can lead to loss of control and potential exposure of source code. If you do not need forking, it is recommended to turn it off in the project's configuration. The option to fork should be enabled only by owners deliberately when opting to create a fork.
+Forking a project (repository) can lead to loss of control and potential exposure of source code. If you do not need forking, it is recommended to turn it off in the project or group configuration. The option to fork should be enabled only by owners deliberately when opting to create a fork.
 
 ### Threat Example(s)
 Forked repositories may leak important code assets or sensitive secrets embedded in the code to anyone outside your organization, as the code becomes publicly accessible.