diff --git a/assets/images/help/security-overview/security-risk-view-highlights-enterprise.png b/assets/images/help/security-overview/security-risk-view-highlights-enterprise.png
index 8aaa6866e7b5..eba2095557c0 100644
Binary files a/assets/images/help/security-overview/security-risk-view-highlights-enterprise.png and b/assets/images/help/security-overview/security-risk-view-highlights-enterprise.png differ
diff --git a/assets/images/help/security-overview/security-risk-view-highlights.png b/assets/images/help/security-overview/security-risk-view-highlights.png
index 204ee4b58c30..5c0d45521df6 100644
Binary files a/assets/images/help/security-overview/security-risk-view-highlights.png and b/assets/images/help/security-overview/security-risk-view-highlights.png differ
diff --git a/content/code-security/adopting-github-advanced-security-at-scale/phase-2-preparing-to-enable-at-scale.md b/content/code-security/adopting-github-advanced-security-at-scale/phase-2-preparing-to-enable-at-scale.md
index 03fd0cb5b302..be841685683a 100644
--- a/content/code-security/adopting-github-advanced-security-at-scale/phase-2-preparing-to-enable-at-scale.md
+++ b/content/code-security/adopting-github-advanced-security-at-scale/phase-2-preparing-to-enable-at-scale.md
@@ -31,7 +31,7 @@ First, prepare your teams to use {% data variables.product.prodname_code_scannin
For an introduction to {% data variables.product.prodname_code_scanning %}, see:
* "[AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning)"
* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts)"
-* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository)"
+* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository)"
{% else %} During this phase, you should focus on leveraging APIs and running internal enablement events.{% endif %}
Your core focus should be preparing as many teams to use {% data variables.product.prodname_code_scanning %} as possible. You can also encourage teams to remediate appropriately, but we recommend prioritizing enablement and use of {% data variables.product.prodname_code_scanning %} over fixing issues during this phase.
diff --git a/content/code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md b/content/code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md
index 7ee316d5367a..1d32a3dca814 100644
--- a/content/code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md
+++ b/content/code-security/adopting-github-advanced-security-at-scale/phase-5-rollout-and-scale-code-scanning.md
@@ -53,7 +53,8 @@ You should capture the pull request URLs created by automation, and check each w
To successfully manage and use {% data variables.product.prodname_code_scanning %} across your company, you should build internal subject matter expertise. For default setup for {% data variables.product.prodname_code_scanning %}, one of the most important areas for subject matter experts (SMEs) to understand is interpreting and fixing {% data variables.product.prodname_code_scanning %} alerts. For more information about {% data variables.product.prodname_code_scanning %} alerts, see:
* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts)"
-* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository)"
+* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository)"
+* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts)"
You'll also need SMEs if you need to use advanced setup for {% data variables.product.prodname_code_scanning %}. These SMEs will need knowledge of {% data variables.product.prodname_code_scanning %} alerts, as well as topics like {% data variables.product.prodname_actions %} and customizing {% data variables.product.prodname_code_scanning %} workflows for particular frameworks. For custom configurations of advanced setup, consider running meetings on complicated topics to scale the knowledge of several SMEs at once.
{% else %}
diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md
index 4231fa5d9e95..ab441c209e3a 100644
--- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md
+++ b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages.md
@@ -2,8 +2,8 @@
title: CodeQL code scanning for compiled languages
shortTitle: CodeQL for compiled languages
intro: 'Understand how {% data variables.product.prodname_codeql %} analyzes compiled languages, the build options available, and learn how you can customize the database generation process if you need to.'
+permissions: '{% data reusables.permissions.code-scanning-all-alerts %} if [advanced setup](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning) is already enabled'
product: '{% data reusables.gated-features.code-scanning %}'
-permissions: 'People with write permissions to a repository can configure {% data variables.product.prodname_code_scanning %} for that repository by editing a workflow, when advanced setup is enabled (admin permission is required to change setup).'
redirect_from:
- /github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning-for-compiled-languages
- /github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-the-codeql-action-for-compiled-languages
diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale.md b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale.md
index b0d97945169a..d550b79c8e43 100644
--- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale.md
+++ b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale.md
@@ -2,6 +2,7 @@
title: Configuring advanced setup for code scanning with CodeQL at scale
shortTitle: CodeQL advanced setup at scale
intro: 'You can use a script to configure advanced setup for {% data variables.product.prodname_code_scanning %} for a specific group of repositories in your organization.'
+permissions: '{% data reusables.permissions.security-org-enable %}'
product: '{% data reusables.gated-features.code-scanning %}'
redirect_from:
- /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-advanced-setup-for-code-scanning-with-codeql-at-scale
diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md
index c6ae6db09cb3..f35e38c7f46f 100644
--- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md
+++ b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md
@@ -2,8 +2,8 @@
title: Configuring advanced setup for code scanning
shortTitle: Configure advanced setup
intro: 'You can configure advanced setup for a repository to find security vulnerabilities in your code using a highly customizable {% data variables.product.prodname_code_scanning %} configuration.'
+permissions: '{% data reusables.permissions.security-repo-enable %}'
product: '{% data reusables.gated-features.code-scanning %}'
-permissions: 'People with admin permissions to a repository, or the security manager role for the repository, can enable {% data variables.product.prodname_code_scanning %} for that repository.'
redirect_from:
- /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-advanced-setup-for-code-scanning
versions:
@@ -125,7 +125,7 @@ For information on bulk enablement, see "[AUTOTITLE](/code-security/code-scannin
## Next steps
-After your workflow runs successfully at least once, you are ready to start examining and resolving {% data variables.product.prodname_code_scanning %} alerts. For more information on {% data variables.product.prodname_code_scanning %} alerts, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts)" and "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository)."
+After your workflow runs successfully at least once, you are ready to start examining and resolving {% data variables.product.prodname_code_scanning %} alerts. For more information on {% data variables.product.prodname_code_scanning %} alerts, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts)" and "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository)."
Learn how {% data variables.product.prodname_code_scanning %} runs behave as checks on pull requests, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests#about-code-scanning-as-a-pull-request-check)."
diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.md b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.md
index 70f6996af2bc..cf22324d3bd8 100644
--- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.md
+++ b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.md
@@ -1,8 +1,7 @@
---
title: Customizing your advanced setup for code scanning
intro: 'You can customize how your advanced setup scans the code in your project for vulnerabilities and errors.'
-product: '{% data reusables.gated-features.code-scanning %}'
-permissions: 'People with write permissions to a repository can customize advanced setup for {% data variables.product.prodname_code_scanning %}.'
+permissions: '{% data reusables.permissions.code-scanning-all-alerts %} if [advanced setup](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning) is already enabled'
redirect_from:
- /github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning
- /code-security/secure-coding/configuring-code-scanning
@@ -61,7 +60,7 @@ Scanning code when someone pushes a change, and whenever a pull request is creat
By default, the {% data variables.code-scanning.codeql_workflow %} uses the `on:push` event to trigger a code scan on every push to the default branch of the repository and any protected branches. For {% data variables.product.prodname_code_scanning %} to be triggered on a specified branch, the workflow must exist in that branch. For more information, see "[AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions#on)."
-If you scan on push, then the results appear in the **Security** tab for your repository. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository)."
+If you scan on push, then the results appear in the **Security** tab for your repository. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository)."
Additionally, when an `on:push` scan returns results that can be mapped to an open pull request, these alerts will automatically appear on the pull request in the same places as other pull request alerts. The alerts are identified by comparing the existing analysis of the head of the branch to the analysis for the target branch. For more information on {% data variables.product.prodname_code_scanning %} alerts in pull requests, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests)."
diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/recommended-hardware-resources-for-running-codeql.md b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/recommended-hardware-resources-for-running-codeql.md
index 0ffe9b2c0e52..8ed21f5a2672 100644
--- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/recommended-hardware-resources-for-running-codeql.md
+++ b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/recommended-hardware-resources-for-running-codeql.md
@@ -2,7 +2,7 @@
title: Recommended hardware resources for running CodeQL
shortTitle: Hardware resources for CodeQL
intro: 'Recommended specifications (RAM, CPU cores, and disk) for running {% data variables.product.prodname_codeql %} analysis on self-hosted machines, based on the size of your codebase.'
-product: '{% data reusables.gated-features.code-scanning %}'
+product: '{% data reusables.gated-features.codeql %}'
redirect_from:
- /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/recommended-hardware-resources-for-running-codeql
versions:
diff --git a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md b/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md
index d80d67ed6a25..018be995475d 100644
--- a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md
+++ b/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md
@@ -5,6 +5,7 @@ intro: 'You can quickly configure {% data variables.product.prodname_code_scanni
redirect_from:
- /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale
- /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-default-setup-for-code-scanning-at-scale
+permissions: '{% data reusables.permissions.security-org-enable %}'
product: '{% data reusables.gated-features.code-scanning %}'
type: how_to
topics:
diff --git a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md b/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md
index 2fb6f03acab3..62464949c6ca 100644
--- a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md
+++ b/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md
@@ -14,8 +14,8 @@ redirect_from:
- /github/finding-security-vulnerabilities-and-errors-in-your-code/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository
- /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository
- /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-default-setup-for-code-scanning
+permissions: '{% data reusables.permissions.security-repo-enable %}'
product: '{% data reusables.gated-features.code-scanning %}'
-permissions: 'People with admin permissions to a repository, or the security manager role for the repository, can configure {% data variables.product.prodname_code_scanning %} for that repository.'
type: how_to
topics:
- Advanced Security
@@ -153,7 +153,7 @@ At least one {% data variables.product.prodname_codeql %}-supported language's a
## Next steps
-After your configuration runs successfully at least once, you can start examining and resolving {% data variables.product.prodname_code_scanning %} alerts. For more information on {% data variables.product.prodname_code_scanning %} alerts, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts)" and "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository)."
+After your configuration runs successfully at least once, you can start examining and resolving {% data variables.product.prodname_code_scanning %} alerts. For more information on {% data variables.product.prodname_code_scanning %} alerts, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts)" and "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository)."
After you've configured default setup for {% data variables.product.prodname_code_scanning %}, you can read about evaluating how it's working for you and the next steps you can take to customize it. For more information, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/evaluating-default-setup-for-code-scanning)."
diff --git a/content/code-security/code-scanning/enabling-code-scanning/evaluating-default-setup-for-code-scanning.md b/content/code-security/code-scanning/enabling-code-scanning/evaluating-default-setup-for-code-scanning.md
index 5fdd67777cf4..0a6fa6184b9f 100644
--- a/content/code-security/code-scanning/enabling-code-scanning/evaluating-default-setup-for-code-scanning.md
+++ b/content/code-security/code-scanning/enabling-code-scanning/evaluating-default-setup-for-code-scanning.md
@@ -2,7 +2,7 @@
title: Evaluating default setup for code scanning
shortTitle: Evaluate code scanning
intro: 'Learn how to assess how code scanning is working for you, and how you can customize your setup to best meet your code security needs.'
-product: '{% data reusables.gated-features.code-scanning %}'
+permissions: '{% data reusables.permissions.security-repo-enable %}'
type: how_to
topics:
- Advanced Security
diff --git a/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md b/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md
index 6a7154106cc0..6966103e5201 100644
--- a/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md
+++ b/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md
@@ -29,7 +29,7 @@ To upload a SARIF file from a third-party static code analysis engine, you'll ne
If you're using {% data variables.product.prodname_actions %} with the {% data variables.code-scanning.codeql_workflow %} or using the {% data variables.product.prodname_codeql_cli %}, then the {% data variables.product.prodname_code_scanning %} results will automatically use the supported subset of SARIF 2.1.0. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning)" or "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system)."
-{% data variables.product.prodname_dotcom %} uses properties in the SARIF file to display alerts. For example, the `shortDescription` and `fullDescription` appear at the top of a {% data variables.product.prodname_code_scanning %} alert. The `location` allows {% data variables.product.prodname_dotcom %} to show annotations in your code file. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository)."
+{% data variables.product.prodname_dotcom %} uses properties in the SARIF file to display alerts. For example, the `shortDescription` and `fullDescription` appear at the top of a {% data variables.product.prodname_code_scanning %} alert. The `location` allows {% data variables.product.prodname_dotcom %} to show annotations in your code file. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts)."
If you're new to SARIF and want to learn more, see Microsoft's [`SARIF tutorials`](https://github.com/microsoft/sarif-tutorials) repository.
diff --git a/content/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github.md b/content/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github.md
index 601bf15d266f..8b079f70b28c 100644
--- a/content/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github.md
+++ b/content/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github.md
@@ -2,7 +2,7 @@
title: Uploading a SARIF file to GitHub
shortTitle: Upload a SARIF file
intro: '{% data reusables.code-scanning.you-can-upload-third-party-analysis %}'
-permissions: 'People with write permissions to a repository can upload {% data variables.product.prodname_code_scanning %} data generated outside {% data variables.product.prodname_dotcom %}.'
+permissions: '{% data reusables.permissions.code-scanning-all-alerts %}'
product: '{% data reusables.gated-features.code-scanning %}'
redirect_from:
- /github/managing-security-vulnerabilities/uploading-a-code-scanning-analysis-to-github
@@ -29,7 +29,7 @@ topics:
## About SARIF file uploads for {% data variables.product.prodname_code_scanning %}
-{% data variables.product.prodname_dotcom %} creates {% data variables.product.prodname_code_scanning %} alerts in a repository using information from Static Analysis Results Interchange Format (SARIF) files. SARIF files can be uploaded to a repository using the API or {% data variables.product.prodname_actions %}. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository)."
+{% data variables.product.prodname_dotcom %} creates {% data variables.product.prodname_code_scanning %} alerts in a repository using information from Static Analysis Results Interchange Format (SARIF) files. SARIF files can be uploaded to a repository using the API or {% data variables.product.prodname_actions %}. For more information, see "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system)."
You can generate SARIF files using many static analysis security testing tools, including {% data variables.product.prodname_codeql %}. The results must use SARIF version 2.1.0. For more information, see "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning)."
diff --git a/content/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system.md b/content/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system.md
index b6c92d221253..ef7c887079ce 100644
--- a/content/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system.md
+++ b/content/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system.md
@@ -1,6 +1,7 @@
---
title: Using code scanning with your existing CI system
-intro: 'You can analyze your code with the {% data variables.product.prodname_codeql_cli %} or another tool in a third-party continuous integration system and upload the results to {% data variables.product.github %}. The resulting {% data variables.product.prodname_code_scanning %} alerts are shown alongside any alerts generated within {% data variables.product.product_name %}.'
+intro: 'You can analyze your code with the {% data variables.product.prodname_codeql_cli %} or another tool in a third-party continuous integration system and upload the results to {% data variables.product.github %}. The resulting {% data variables.product.prodname_code_scanning %} alerts are shown alongside any alerts generated within {% data variables.product.github %}.'
+permissions: '{% data reusables.permissions.code-scanning-all-alerts %}'
product: '{% data reusables.gated-features.code-scanning %}'
redirect_from:
- /github/finding-security-vulnerabilities-and-errors-in-your-code/using-codeql-code-scanning-with-your-existing-ci-system
diff --git a/content/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning.md b/content/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning.md
index cd63a6ff7ac4..9782190dcad1 100644
--- a/content/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning.md
+++ b/content/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning.md
@@ -25,7 +25,7 @@ topics:
You can use {% data variables.product.prodname_code_scanning %} to find, triage, and prioritize fixes for existing problems in your code. {% data variables.product.prodname_code_scanning_caps %} also prevents developers from introducing new problems. You can schedule scans for specific days and times, or trigger scans when a specific event occurs in the repository, such as a push.
-If {% data variables.product.prodname_code_scanning %} finds a potential vulnerability or error in your code, {% data variables.product.prodname_dotcom %} displays an alert in the repository. After you fix the code that triggered the alert, {% data variables.product.prodname_dotcom %} closes the alert. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository)."
+If {% data variables.product.prodname_code_scanning %} finds a potential vulnerability or error in your code, {% data variables.product.prodname_dotcom %} displays an alert in the repository. After you fix the code that triggered the alert, {% data variables.product.prodname_dotcom %} closes the alert. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts)."
{% ifversion code-scanning-autofix %}
diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts.md b/content/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts.md
index 6a2a9f4dec52..67c417f6036e 100644
--- a/content/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts.md
+++ b/content/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts.md
@@ -1,6 +1,7 @@
---
title: About code scanning alerts
intro: Learn about the different types of code scanning alerts and the information that helps you understand the problem each alert highlights.
+permissions: '{% data reusables.permissions.code-scanning-all-alerts %}'
product: '{% data reusables.gated-features.code-scanning %}'
versions:
fpt: '*'
@@ -25,7 +26,7 @@ By default, {% data variables.product.prodname_code_scanning %} analyzes your co
{% ifversion code-scanning-autofix %}
-You can use {% data variables.product.prodname_copilot_autofix %} to generate fixes automatically for {% data variables.product.prodname_code_scanning %} alerts from {% data variables.product.prodname_codeql %} analysis. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#generating-suggested-fixes-for-code-scanning-alerts)."
+You can use {% data variables.product.prodname_copilot_autofix %} to generate fixes automatically for {% data variables.product.prodname_code_scanning %} alerts from {% data variables.product.prodname_codeql %} analysis. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts#generating-suggested-fixes-for-code-scanning-alerts)."
{% endif %}
@@ -61,7 +62,7 @@ You can run multiple configurations of code analysis on a repository, using diff
If you use multiple configurations to analyze a file, any problems detected by the same query are reported as alerts generated by multiple configurations. If an alert exists in more than one configuration, the number of configurations appears next to the branch name in the "Affected branches" section on the right-hand side of the alert page. To view the configurations for an alert, in the "Affected branches" section, click a branch. A "Configurations analyzing" modal appears with the names of each configuration generating the alert for that branch. Below each configuration, you can see when that configuration's alert was last updated.
-An alert may display different statuses from different configurations. To update the alert statuses, re-run each out-of-date configuration. Alternatively, you can delete stale configurations from a branch to remove outdated alerts. For more information on deleting stale configurations and alerts, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch)."
+An alert may display different statuses from different configurations. To update the alert statuses, re-run each out-of-date configuration. Alternatively, you can delete stale configurations from a branch to remove outdated alerts. For more information on deleting stale configurations and alerts, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts#removing-stale-configurations-and-alerts-from-a-branch)."
### About labels for alerts that are not found in application code
diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository.md b/content/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository.md
new file mode 100644
index 000000000000..9bf1fd845839
--- /dev/null
+++ b/content/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository.md
@@ -0,0 +1,135 @@
+---
+title: Assessing code scanning alerts for your repository
+shortTitle: Assess alerts
+intro: 'From the security view, you can explore and evaluate alerts for potential vulnerabilities or errors in your project''s code.'
+permissions: '{% data reusables.permissions.code-scanning-all-alerts %}'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+type: how_to
+topics:
+ - Advanced Security
+ - Code scanning
+ - Alerts
+ - Repositories
+---
+
+Anyone with read permission for a repository can see {% data variables.product.prodname_code_scanning %} annotations on pull requests. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests)."
+
+## Viewing the alerts for a repository
+
+You need write permission to view a summary of all the alerts for a repository on the **Security** tab.
+
+By default, the {% data variables.product.prodname_code_scanning %} alerts page is filtered to show alerts for the default branch of the repository only.
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-security %}
+{% data reusables.repositories.sidebar-code-scanning-alerts %}
+1. Optionally, use the free text search box or the dropdown menus to filter alerts. For example, you can filter by the tool that was used to identify alerts.
+
+ 
+
+{% data reusables.code-scanning.explore-alert %}
+ {% data reusables.code-scanning.alert-default-branch %}
+1. Optionally, if the alert highlights a problem with data flow, click **Show paths** to display the path from the data source to the sink where it's used.
+
+ 
+
+1. Alerts from {% data variables.product.prodname_codeql %} analysis include a description of the problem. Click **Show more** for guidance on how to fix your code.
+
+For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts)."
+
+{% note %}
+
+**Note:** You can see information about when {% data variables.product.prodname_code_scanning %} analysis last ran on the tool status page. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page)."
+
+{% endnote %}
+
+{% ifversion copilot-chat-ghas-alerts %}
+
+## Asking {% data variables.product.prodname_copilot_chat %} about {% data variables.product.prodname_code_scanning %} alerts
+
+With a {% data variables.product.prodname_copilot_enterprise %} license, you can ask {% data variables.product.prodname_copilot_chat_short %} for help to better understand security alerts, including {% data variables.product.prodname_code_scanning %} alerts, in repositories in your organization. For more information, see "[AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-questions-about-alerts-from-github-advanced-security-features)."
+
+{% endif %}
+
+{% ifversion security-overview-org-codeql-pr-alerts %}
+
+## Viewing metrics for {% data variables.product.prodname_codeql %} pull request alerts for an organization
+
+For {% data variables.product.prodname_code_scanning %} alerts from {% data variables.product.prodname_codeql %} analysis, you can use security overview to see how {% data variables.product.prodname_codeql %} is performing in pull requests in repositories where you have write access across your organization, and to identify repositories where you may need to take action. For more information, see "[AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts)."
+
+{% endif %}
+
+## Filtering {% data variables.product.prodname_code_scanning %} alerts
+
+You can filter the alerts shown in the {% data variables.product.prodname_code_scanning %} alerts view. This is useful if there are many alerts as you can focus on a particular type of alert. There are some predefined filters and a range of keywords that you can use to refine the list of alerts displayed.
+
+When you select a keyword from either a drop-down list, or as you enter a keyword in the search field, only values with results are shown. This makes it easier to avoid setting filters that find no results.
+
+
+
+If you enter multiple filters, the view will show alerts matching _all_ these filters. For example, `is:closed severity:high branch:main` will only display closed high-severity alerts that are present on the `main` branch. The exception is filters relating to refs (`ref`, `branch` and `pr`): `is:open branch:main branch:next` will show you open alerts from both the `main` branch and the `next` branch.
+
+{% data reusables.code-scanning.filter-non-default-branches %}
+
+You can prefix the `tag` filter with `-` to exclude results with that tag. For example, `-tag:style` only shows alerts that do not have the `style` tag.
+
+### Restricting results to application code only
+
+You can use the "Only alerts in application code" filter or `autofilter:true` keyword and value to restrict results to alerts in application code. For more information about the types of code that are automatically labeled as not application code, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-labels-for-alerts-that-are-not-found-in-application-code)."
+
+## Searching {% data variables.product.prodname_code_scanning %} alerts
+
+You can search the list of alerts. This is useful if there is a large number of alerts in your repository, or if you don't know the exact name for an alert for example. {% data variables.product.product_name %} performs the free text search across:
+* The name of the alert
+* The alert details (this also includes the information hidden from view by default in the **Show more** collapsible section)
+
+| Supported search | Syntax example | Results |
+| ---- | ---- | ---- |
+| Single word search | `injection` | Returns all the alerts containing the word `injection` |
+| Multiple word search | `sql injection` | Returns all the alerts containing `sql` or `injection` |
+| Exact match search(use double quotes) | `"sql injection"` | Returns all the alerts containing the exact phrase `sql injection` |
+| OR search | `sql OR injection` | Returns all the alerts containing `sql` or `injection` |
+| AND search | `sql AND injection` | Returns all the alerts containing both words `sql` and `injection` |
+
+{% tip %}
+
+**Tips:**
+* The multiple word search is equivalent to an OR search.
+* The AND search will return results where the search terms are found _anywhere_, in any order in the alert name or details.
+
+{% endtip %}
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-security %}
+{% data reusables.repositories.sidebar-code-scanning-alerts %}
+1. To the right of the **Filters** drop-down menus, type the keywords to search for in the free text search box.
+ 
+1. Press return. The alert listing will contain the open {% data variables.product.prodname_code_scanning %} alerts matching your search criteria.
+
+{% ifversion code-scanning-task-lists %}
+
+## Tracking {% data variables.product.prodname_code_scanning %} alerts in issues
+
+{% data reusables.code-scanning.beta-alert-tracking-in-issues %}
+
+To quickly create an issue to track the status of a specific {% data variables.product.prodname_code_scanning %} alert, on the {% data variables.product.prodname_code_scanning %} alerts page, click the alert you would like to track. On the detailed page for that alert, click **Create issue**. Customize the autogenerated issue as desired, then click **Submit new issue**.
+
+Alternatively, to track a {% data variables.product.prodname_code_scanning %} alert in an existing issue, add the URL for the alert as a task list item in the issue. For more information about task lists, see "[AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists)."
+
+{% data reusables.code-scanning.alert-tracking-link %}
+
+{% endif %}
+
+## Auditing responses to {% data variables.product.prodname_code_scanning %} alerts
+
+{% data reusables.code-scanning.audit-code-scanning-events %}
+
+## Further reading
+
+* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts)"
+* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests)"
+* "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)"
+* "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/about-integration-with-code-scanning)"
diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/index.md b/content/code-security/code-scanning/managing-code-scanning-alerts/index.md
index d0f0f9a74e77..962f35eb456f 100644
--- a/content/code-security/code-scanning/managing-code-scanning-alerts/index.md
+++ b/content/code-security/code-scanning/managing-code-scanning-alerts/index.md
@@ -15,7 +15,8 @@ children:
- /about-code-scanning-alerts
- /responsible-use-autofix-code-scanning
- /disabling-autofix-for-code-scanning
- - /managing-code-scanning-alerts-for-your-repository
+ - /assessing-code-scanning-alerts-for-your-repository
+ - /resolving-code-scanning-alerts
- /triaging-code-scanning-alerts-in-pull-requests
- /tracking-code-scanning-alerts-in-issues-using-task-lists
---
diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository.md b/content/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository.md
deleted file mode 100644
index 0f74048c7a94..000000000000
--- a/content/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository.md
+++ /dev/null
@@ -1,244 +0,0 @@
----
-title: Managing code scanning alerts for your repository
-shortTitle: Manage alerts
-intro: 'From the security view, you can view, fix, or dismiss alerts for potential vulnerabilities or errors in your project''s code.'
-product: '{% data reusables.gated-features.code-scanning %}'
-permissions: 'If you have write permission to a repository you can manage {% data variables.product.prodname_code_scanning %} alerts for that repository.'
-versions:
- fpt: '*'
- ghes: '*'
- ghec: '*'
-redirect_from:
- - /github/managing-security-vulnerabilities/managing-alerts-from-automated-code-scanning
- - /github/finding-security-vulnerabilities-and-errors-in-your-code/managing-alerts-from-code-scanning
- - /github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository
- - /code-security/secure-coding/managing-code-scanning-alerts-for-your-repository
- - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository
- - /github/finding-security-vulnerabilities-and-errors-in-your-code/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository
- - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository
-type: how_to
-topics:
- - Advanced Security
- - Code scanning
- - Alerts
- - Repositories
----
-
-## Viewing the alerts for a repository
-
-Anyone with read permission for a repository can see {% data variables.product.prodname_code_scanning %} annotations on pull requests. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests)."
-
-You need write permission to view a summary of all the alerts for a repository on the **Security** tab.
-
-By default, the {% data variables.product.prodname_code_scanning %} alerts page is filtered to show alerts for the default branch of the repository only.
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-security %}
-{% data reusables.repositories.sidebar-code-scanning-alerts %}
-1. Optionally, use the free text search box or the dropdown menus to filter alerts. For example, you can filter by the tool that was used to identify alerts.
-
- 
-
-{% data reusables.code-scanning.explore-alert %}
- {% data reusables.code-scanning.alert-default-branch %}
-1. Optionally, if the alert highlights a problem with data flow, click **Show paths** to display the path from the data source to the sink where it's used.
-
- 
-
-1. Alerts from {% data variables.product.prodname_codeql %} analysis include a description of the problem. Click **Show more** for guidance on how to fix your code.
-
-For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts)."
-
-{% note %}
-
-**Note:** You can see information about when {% data variables.product.prodname_code_scanning %} analysis last ran on the tool status page. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page)."
-
-{% endnote %}
-
-{% ifversion copilot-chat-ghas-alerts %}
-
-## Asking {% data variables.product.prodname_copilot_chat %} about {% data variables.product.prodname_code_scanning %} alerts
-
-With a {% data variables.product.prodname_copilot_enterprise %} license, you can ask {% data variables.product.prodname_copilot_chat_short %} for help to better understand security alerts, including {% data variables.product.prodname_code_scanning %} alerts, in repositories in your organization. For more information, see "[AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-questions-about-alerts-from-github-advanced-security-features)."
-
-{% endif %}
-
-{% ifversion security-overview-org-codeql-pr-alerts %}
-
-## Viewing metrics for {% data variables.product.prodname_codeql %} pull request alerts for an organization
-
-For {% data variables.product.prodname_code_scanning %} alerts from {% data variables.product.prodname_codeql %} analysis, you can use security overview to see how {% data variables.product.prodname_codeql %} is performing in pull requests in repositories across your organization, and to identify repositories where you may need to take action. For more information, see "[AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts)."
-
-{% endif %}
-
-## Filtering {% data variables.product.prodname_code_scanning %} alerts
-
-You can filter the alerts shown in the {% data variables.product.prodname_code_scanning %} alerts view. This is useful if there are many alerts as you can focus on a particular type of alert. There are some predefined filters and a range of keywords that you can use to refine the list of alerts displayed.
-
-When you select a keyword from either a drop-down list, or as you enter a keyword in the search field, only values with results are shown. This makes it easier to avoid setting filters that find no results.
-
-
-
-If you enter multiple filters, the view will show alerts matching _all_ these filters. For example, `is:closed severity:high branch:main` will only display closed high-severity alerts that are present on the `main` branch. The exception is filters relating to refs (`ref`, `branch` and `pr`): `is:open branch:main branch:next` will show you open alerts from both the `main` branch and the `next` branch.
-
-{% data reusables.code-scanning.filter-non-default-branches %}
-
-You can prefix the `tag` filter with `-` to exclude results with that tag. For example, `-tag:style` only shows alerts that do not have the `style` tag.
-
-### Restricting results to application code only
-
-You can use the "Only alerts in application code" filter or `autofilter:true` keyword and value to restrict results to alerts in application code. For more information about the types of code that are automatically labeled as not application code, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-labels-for-alerts-that-are-not-found-in-application-code)."
-
-## Searching {% data variables.product.prodname_code_scanning %} alerts
-
-You can search the list of alerts. This is useful if there is a large number of alerts in your repository, or if you don't know the exact name for an alert for example. {% data variables.product.product_name %} performs the free text search across:
-* The name of the alert
-* The alert details (this also includes the information hidden from view by default in the **Show more** collapsible section)
-
-| Supported search | Syntax example | Results |
-| ---- | ---- | ---- |
-| Single word search | `injection` | Returns all the alerts containing the word `injection` |
-| Multiple word search | `sql injection` | Returns all the alerts containing `sql` or `injection` |
-| Exact match search(use double quotes) | `"sql injection"` | Returns all the alerts containing the exact phrase `sql injection` |
-| OR search | `sql OR injection` | Returns all the alerts containing `sql` or `injection` |
-| AND search | `sql AND injection` | Returns all the alerts containing both words `sql` and `injection` |
-
-{% tip %}
-
-**Tips:**
-* The multiple word search is equivalent to an OR search.
-* The AND search will return results where the search terms are found _anywhere_, in any order in the alert name or details.
-
-{% endtip %}
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-security %}
-{% data reusables.repositories.sidebar-code-scanning-alerts %}
-1. To the right of the **Filters** drop-down menus, type the keywords to search for in the free text search box.
- 
-1. Press return. The alert listing will contain the open {% data variables.product.prodname_code_scanning %} alerts matching your search criteria.
-
-{% ifversion code-scanning-task-lists %}
-
-## Tracking {% data variables.product.prodname_code_scanning %} alerts in issues
-
-{% data reusables.code-scanning.beta-alert-tracking-in-issues %}
-
-To quickly create an issue to track the status of a specific {% data variables.product.prodname_code_scanning %} alert, on the {% data variables.product.prodname_code_scanning %} alerts page, click the alert you would like to track. On the detailed page for that alert, click **Create issue**. Customize the autogenerated issue as desired, then click **Submit new issue**.
-
-Alternatively, to track a {% data variables.product.prodname_code_scanning %} alert in an existing issue, add the URL for the alert as a task list item in the issue. For more information about task lists, see "[AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists)."
-
-{% data reusables.code-scanning.alert-tracking-link %}
-
-{% endif %}
-
-{% ifversion code-scanning-autofix %}
-
-## Generating suggested fixes for {% data variables.product.prodname_code_scanning %} alerts
-
-{% data variables.product.prodname_copilot_autofix %} can generate fixes for alerts from {% data variables.product.prodname_codeql %} analysis. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning)."
-
-{% data reusables.rai.code-scanning.copilot-autofix-note %}
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-security %}
-{% data reusables.repositories.sidebar-code-scanning-alerts %}
-1. Click the name of an alert.
-1. If {% data variables.product.prodname_copilot_autofix_short %} can suggest a fix, at the top of the page, click **{% octicon "shield-check" aria-label="Generate fix"%} Generate fix**.
-1. Once the suggested fix has been generated, at the bottom of the page, you can click **Create PR with fix** to automatically generate a pull request with the suggested fix.
-
-{% endif %}
-
-## Fixing an alert {% ifversion code-scanning-autofix %}manually{% endif %}
-
-Anyone with write permission for a repository can fix an alert by committing a correction to the code. If the repository has {% data variables.product.prodname_code_scanning %} scheduled to run on pull requests, it's best to raise a pull request with your correction. This will trigger {% data variables.product.prodname_code_scanning %} analysis of the changes and test that your fix doesn't introduce any new problems. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning)" and "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests)."
-
-If you have write permission for a repository, you can view fixed alerts by viewing the summary of alerts and clicking **Closed**. For more information, see "[Viewing the alerts for a repository](#viewing-the-alerts-for-a-repository)." The "Closed" list shows fixed alerts and alerts that users have dismissed.
-
-You can use the free text search or the filters to display a subset of alerts and then in turn mark all matching alerts as closed.
-
-Alerts may be fixed in one branch but not in another. You can use the "Branch" filter, on the summary of alerts, to check whether an alert is fixed in a particular branch.
-
-
-
-{% data reusables.code-scanning.filter-non-default-branches %}
-
-{% note %}
-
-**Note:**
-
-If you run {% data variables.product.prodname_code_scanning %} using multiple configurations, the same alert will sometimes be generated by more than one configuration. Unless you run all configurations regularly, you may see alerts that are fixed in one configuration but not in another. These stale configurations and alerts can be removed from a branch. For more information, see "[Removing stale configurations and alerts from a branch](#removing-stale-configurations-and-alerts-from-a-branch)."
-
-{% endnote %}
-
-## Dismissing alerts
-
-There are two ways of closing an alert. You can fix the problem in the code, or you can dismiss the alert.
-
-Dismissing an alert is a way of closing an alert that you don't think needs to be fixed. {% data reusables.code-scanning.close-alert-examples %} You can dismiss alerts from {% data variables.product.prodname_code_scanning %} annotations in code, or from the summary list within the **Security** tab.
-
-When you dismiss an alert:
-
-* It's dismissed in all branches.
-* The alert is removed from the number of current alerts for your project.
-* The alert is moved to the "Closed" list in the summary of alerts, from where you can reopen it, if required.
-* The reason why you closed the alert is recorded.
-* Optionally, you can comment on a dismissal to record the context of an alert dismissal.
-* Next time {% data variables.product.prodname_code_scanning %} runs, the same code won't generate an alert.
-
-To dismiss alerts:
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-security %}
-{% data reusables.repositories.sidebar-code-scanning-alerts %}
-1. If you want to dismiss an alert, it's important to explore the alert first, so that you can choose the correct dismissal reason. Click the alert you'd like to explore.
-1. Review the alert, then click **Dismiss alert** and choose, or type, a reason for closing the alert.
- 
- {% data reusables.code-scanning.choose-alert-dismissal-reason %}
-
- {% data reusables.code-scanning.false-positive-fix-codeql %}
-
-### Dismissing multiple alerts at once
-
-If a project has multiple alerts that you want to dismiss for the same reason, you can bulk dismiss them from the summary of alerts. Typically, you'll want to filter the list and then dismiss all of the matching alerts. For example, you might want to dismiss all of the current alerts in the project that have been tagged for a particular Common Weakness Enumeration (CWE) vulnerability.
-
-## Re-opening dismissed alerts
-
-If you dismiss an alert but later realize that you need to fix the alert, you can re-open it and fix the problem with the code. Display the list of closed alerts, find the alert, display it, and reopen it. You can then fix the alert in the same way as any other alert.
-
-## Removing stale configurations and alerts from a branch
-
-You may have multiple code scanning configurations on a single repository. When run, multiple configurations can generate the same alert. Additionally, if the configurations are run on different schedules, the alert statuses may become out-of-date for infrequent or stale configurations. For more information on alerts from multiple configurations, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alerts-from-multiple-configurations)."
-
-{% data reusables.repositories.navigate-to-repo %}
-{% data reusables.repositories.sidebar-security %}
-{% data reusables.repositories.sidebar-code-scanning-alerts %}
-1. Under "{% data variables.product.prodname_code_scanning_caps %}", click a {% data variables.product.prodname_code_scanning %} alert.
-1. In the "Affected branches" section of the sidebar, click the desired branch.
-1. In the "Configurations analyzing" dialog, review details of the configurations that reported this alert on the selected branch. To delete an unwanted configuration for the desired branch, click {% octicon "trash" aria-label="Delete configuration" %}.
-
- If you delete a configuration by mistake, click **Cancel** to avoid applying your changes.
-
- 
-
-1. Once you have removed any unwanted configurations and confirmed the expected configurations are displayed, click **Save changes**.
-
- If you save your changes after accidentally deleting a configuration, re-run the configuration to update the alert. For more information on re-running configurations that use {% data variables.product.prodname_actions %}, see "[AUTOTITLE](/actions/managing-workflow-runs/re-running-workflows-and-jobs#re-running-all-the-jobs-in-a-workflow)."
-
-{% note %}
-
-**Notes:**
-* If you remove all {% data variables.product.prodname_code_scanning %} configurations for the default branch of your repository, the default branch will remain in the "Affected branches" sidebar, but it will not be analyzed by any configurations.
-* If you remove all {% data variables.product.prodname_code_scanning %} configurations for any branch other than the default branch of your repository, that branch will be removed from the "Affected branches" sidebar.
-
-{% endnote %}
-
-## Auditing responses to {% data variables.product.prodname_code_scanning %} alerts
-
-{% data reusables.code-scanning.audit-code-scanning-events %}
-
-## Further reading
-
-* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests)"
-* "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)"
-* "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/about-integration-with-code-scanning)"
diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts.md b/content/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts.md
new file mode 100644
index 000000000000..52f82b373e88
--- /dev/null
+++ b/content/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts.md
@@ -0,0 +1,141 @@
+---
+title: Resolving code scanning alerts
+shortTitle: Resolve alerts
+intro: 'From the security view, you can view, fix, or dismiss alerts for potential vulnerabilities or errors in your project''s code.'
+permissions: '{% data reusables.permissions.code-scanning-all-alerts %}'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+redirect_from:
+ - /github/managing-security-vulnerabilities/managing-alerts-from-automated-code-scanning
+ - /github/finding-security-vulnerabilities-and-errors-in-your-code/managing-alerts-from-code-scanning
+ - /github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository
+ - /code-security/secure-coding/managing-code-scanning-alerts-for-your-repository
+ - /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository
+ - /github/finding-security-vulnerabilities-and-errors-in-your-code/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository
+ - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository
+ - /code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository
+type: how_to
+topics:
+ - Advanced Security
+ - Code scanning
+ - Alerts
+ - Repositories
+---
+
+{% ifversion copilot-chat-ghas-alerts %}
+
+## Asking {% data variables.product.prodname_copilot_chat %} about {% data variables.product.prodname_code_scanning %} alerts
+
+With a {% data variables.product.prodname_copilot_enterprise %} license, you can ask {% data variables.product.prodname_copilot_chat_short %} for help to better understand security alerts, including {% data variables.product.prodname_code_scanning %} alerts, in repositories in your organization. For more information, see "[AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-questions-about-alerts-from-github-advanced-security-features)."
+
+{% endif %}
+
+{% ifversion code-scanning-autofix %}
+
+## Generating suggested fixes for {% data variables.product.prodname_code_scanning %} alerts
+
+{% data variables.product.prodname_copilot_autofix %} can generate fixes for alerts from {% data variables.product.prodname_codeql %} analysis. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning)."
+
+{% data reusables.rai.code-scanning.copilot-autofix-note %}
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-security %}
+{% data reusables.repositories.sidebar-code-scanning-alerts %}
+1. Click the name of an alert.
+1. If {% data variables.product.prodname_copilot_autofix_short %} can suggest a fix, at the top of the page, click **{% octicon "shield-check" aria-label="Generate fix"%} Generate fix**.
+1. Once the suggested fix has been generated, at the bottom of the page, you can click **Create PR with fix** to automatically generate a pull request with the suggested fix.
+A new branch is created from the default branch, the generated fix is committed and a draft pull request is created. You can test and edit the suggested fix as you would with any other fix.
+
+For information about the limitations of automatically generated fixes, see "[Limitations of suggestions](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning#limitations-of-suggestions)
+
+{% endif %}
+
+## Fixing an alert {% ifversion code-scanning-autofix %}manually{% endif %}
+
+Anyone with write permission for a repository can fix an alert by committing a correction to the code. If the repository has {% data variables.product.prodname_code_scanning %} scheduled to run on pull requests, it's best to raise a pull request with your correction. This will trigger {% data variables.product.prodname_code_scanning %} analysis of the changes and test that your fix doesn't introduce any new problems. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests)."
+
+You can use the free text search or the filters to display a subset of alerts and then in turn mark all matching alerts as closed.
+
+Alerts may be fixed in one branch but not in another. You can use the "Branch" filter, on the summary of alerts, to check whether an alert is fixed in a particular branch.
+
+
+
+{% data reusables.code-scanning.filter-non-default-branches %}
+
+{% note %}
+
+**Note:**
+
+If you run {% data variables.product.prodname_code_scanning %} using multiple configurations, the same alert will sometimes be generated by more than one configuration. Unless you run all configurations regularly, you may see alerts that are fixed in one configuration but not in another. These stale configurations and alerts can be removed from a branch. For more information, see "[Removing stale configurations and alerts from a branch](#removing-stale-configurations-and-alerts-from-a-branch)."
+
+{% endnote %}
+
+## Dismissing alerts
+
+There are two ways of closing an alert. You can fix the problem in the code, or you can dismiss the alert.
+
+Dismissing an alert is a way of closing an alert that you don't think needs to be fixed. {% data reusables.code-scanning.close-alert-examples %} You can dismiss alerts from {% data variables.product.prodname_code_scanning %} annotations in code, or from the summary list within the **Security** tab.
+
+When you dismiss an alert:
+
+* It's dismissed in all branches.
+* The alert is removed from the number of current alerts for your project.
+* The alert is moved to the "Closed" list in the summary of alerts, from where you can reopen it, if required.
+* The reason why you closed the alert is recorded.
+* Optionally, you can comment on a dismissal to record the context of an alert dismissal.
+* Next time {% data variables.product.prodname_code_scanning %} runs, the same code won't generate an alert.
+
+To dismiss alerts:
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-security %}
+{% data reusables.repositories.sidebar-code-scanning-alerts %}
+1. If you want to dismiss an alert, it's important to explore the alert first, so that you can choose the correct dismissal reason. Click the alert you'd like to explore.
+1. Review the alert, then click **Dismiss alert** and choose, or type, a reason for closing the alert.
+ 
+ {% data reusables.code-scanning.choose-alert-dismissal-reason %}
+
+ {% data reusables.code-scanning.false-positive-fix-codeql %}
+
+### Dismissing multiple alerts at once
+
+If a project has multiple alerts that you want to dismiss for the same reason, you can bulk dismiss them from the summary of alerts. Typically, you'll want to filter the list and then dismiss all of the matching alerts. For example, you might want to dismiss all of the current alerts in the project that have been tagged for a particular Common Weakness Enumeration (CWE) vulnerability.
+
+## Re-opening dismissed alerts
+
+If you dismiss an alert but later realize that you need to fix the alert, you can re-open it and fix the problem with the code. Display the list of closed alerts, find the alert, display it, and reopen it. You can then fix the alert in the same way as any other alert.
+
+## Removing stale configurations and alerts from a branch
+
+You may have multiple code scanning configurations on a single repository. When run, multiple configurations can generate the same alert. Additionally, if the configurations are run on different schedules, the alert statuses may become out-of-date for infrequent or stale configurations. For more information on alerts from multiple configurations, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alerts-from-multiple-configurations)."
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-security %}
+{% data reusables.repositories.sidebar-code-scanning-alerts %}
+1. Under "{% data variables.product.prodname_code_scanning_caps %}", click a {% data variables.product.prodname_code_scanning %} alert.
+1. In the "Affected branches" section of the sidebar, click the desired branch.
+1. In the "Configurations analyzing" dialog, review details of the configurations that reported this alert on the selected branch. To delete an unwanted configuration for the desired branch, click {% octicon "trash" aria-label="Delete configuration" %}.
+
+ If you delete a configuration by mistake, click **Cancel** to avoid applying your changes.
+
+ 
+
+1. Once you have removed any unwanted configurations and confirmed the expected configurations are displayed, click **Save changes**.
+
+ If you save your changes after accidentally deleting a configuration, re-run the configuration to update the alert. For more information on re-running configurations that use {% data variables.product.prodname_actions %}, see "[AUTOTITLE](/actions/managing-workflow-runs/re-running-workflows-and-jobs#re-running-all-the-jobs-in-a-workflow)."
+
+{% note %}
+
+**Notes:**
+* If you remove all {% data variables.product.prodname_code_scanning %} configurations for the default branch of your repository, the default branch will remain in the "Affected branches" sidebar, but it will not be analyzed by any configurations.
+* If you remove all {% data variables.product.prodname_code_scanning %} configurations for any branch other than the default branch of your repository, that branch will be removed from the "Affected branches" sidebar.
+
+{% endnote %}
+
+## Further reading
+
+* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests)"
+* "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)"
+* "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/about-integration-with-code-scanning)"
diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning.md b/content/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning.md
index 1e49cb31592f..78ecd86ff4c0 100644
--- a/content/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning.md
+++ b/content/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning.md
@@ -119,5 +119,5 @@ It is important to remember that the author of a pull request retains responsibi
* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts)"
* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests#working-with-autofix-suggestions-for-alerts-on-a-pull-request)"
-* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#generating-suggested-fixes-for-code-scanning-alerts)
+* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts#generating-suggested-fixes-for-code-scanning-alerts)
* "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning)"
diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/tracking-code-scanning-alerts-in-issues-using-task-lists.md b/content/code-security/code-scanning/managing-code-scanning-alerts/tracking-code-scanning-alerts-in-issues-using-task-lists.md
index b84b67a1aefa..705fd5f9427b 100644
--- a/content/code-security/code-scanning/managing-code-scanning-alerts/tracking-code-scanning-alerts-in-issues-using-task-lists.md
+++ b/content/code-security/code-scanning/managing-code-scanning-alerts/tracking-code-scanning-alerts-in-issues-using-task-lists.md
@@ -2,8 +2,7 @@
title: Tracking code scanning alerts in issues using task lists
shortTitle: Track alerts in issues
intro: You can add code scanning alerts to issues using task lists. This makes it easy to create a plan for development work that includes fixing alerts.
-product: '{% data reusables.gated-features.code-scanning %}'
-permissions: 'If you have write permission to a repository you can track {% data variables.product.prodname_code_scanning %} alerts in issues using task lists.'
+permissions: '{% data reusables.permissions.code-scanning-all-alerts %}'
versions:
feature: code-scanning-task-lists
redirect_from:
@@ -63,7 +62,7 @@ Instead of tracking a {% data variables.product.prodname_code_scanning %} alert
{% data reusables.repositories.sidebar-security %}
{% data reusables.repositories.sidebar-code-scanning-alerts %}
{% data reusables.code-scanning.explore-alert %}
-1. Optionally, to find the alert to track, you can use the free-text search or the drop-down menus to filter and locate the alert. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#filtering-code-scanning-alerts)."
+1. Optionally, to find the alert to track, you can use the free-text search or the drop-down menus to filter and locate the alert. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository#filtering-code-scanning-alerts)."
1. Towards the top of the page, on the right side, click **Create issue**.
diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md b/content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md
index b5b741b73e91..dd23b8fb6fae 100644
--- a/content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md
+++ b/content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md
@@ -2,8 +2,7 @@
title: Triaging code scanning alerts in pull requests
shortTitle: Triage alerts in pull requests
intro: 'When {% data variables.product.prodname_code_scanning %} identifies a problem in a pull request, you can review the highlighted code and resolve the alert.'
-product: '{% data reusables.gated-features.code-scanning %}'
-permissions: 'If you have read permission for a repository, you can see annotations on pull requests. With write permission, you can see detailed information and resolve {% data variables.product.prodname_code_scanning %} alerts for that repository.'
+permissions: '{% data reusables.permissions.code-scanning-pr-alerts %}'
redirect_from:
- /github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests
- /code-security/secure-coding/triaging-code-scanning-alerts-in-pull-requests
@@ -46,7 +45,7 @@ If the lines of code changed in the pull request generate {% data variables.prod
{% endif %}
-If you have write permission for the repository, you can see any existing {% data variables.product.prodname_code_scanning %} alerts on the **Security** tab. For information about repository alerts, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository)."
+If you have write permission for the repository, you can see any existing {% data variables.product.prodname_code_scanning %} alerts on the **Security** tab. For information about repository alerts, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository)."
In repositories where {% data variables.product.prodname_code_scanning %} is configured to scan each time code is pushed, {% data variables.product.prodname_code_scanning %} will also map the results to any open pull requests and add the alerts as annotations in the same places as other pull request checks. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#scanning-on-push)."
@@ -66,7 +65,7 @@ There are many options for configuring {% data variables.product.prodname_code_s
For all configurations of {% data variables.product.prodname_code_scanning %}, the check that contains the results of {% data variables.product.prodname_code_scanning %} is: **{% data variables.product.prodname_code_scanning_caps %} results**. The results for each analysis tool used are shown separately. Any new alerts on lines of code changed in the pull request are shown as annotations.
-To see the full set of alerts for the analyzed branch, click **View all branch alerts**. This opens the full alert view where you can filter all the alerts on the branch by type, severity, tag, etc. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#filtering-and-searching-for-code-scanning-alerts)."
+To see the full set of alerts for the analyzed branch, click **View all branch alerts**. This opens the full alert view where you can filter all the alerts on the branch by type, severity, tag, etc. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository#filtering-and-searching-for-code-scanning-alerts)."
@@ -94,7 +93,7 @@ You can see any {% data variables.product.prodname_code_scanning %} alerts that
You can also view all {% data variables.product.prodname_code_scanning %} alerts that are inside the diff of the changes introduced in the pull request in the **Files changed** tab.
-If you add a new code scanning configuration in your pull request, you will see a comment on your pull request directing you to the **Security** tab of the repository so you can view all the alerts on the pull request branch. For more information about viewing the alerts for a repository, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository)."
+If you add a new code scanning configuration in your pull request, you will see a comment on your pull request directing you to the **Security** tab of the repository so you can view all the alerts on the pull request branch. For more information about viewing the alerts for a repository, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository)."
If you have write permission for the repository, some annotations contain links with extra context for the alert. In the example above, from {% data variables.product.prodname_codeql %} analysis, you can click **user-provided value** to see where the untrusted data enters the data flow (this is referred to as the source). In this case you can also view the full path from the source to the code that uses the data (the sink) by clicking **Show paths**. This makes it easy to check whether the data is untrusted or if the analysis failed to recognize a data sanitization step between the source and the sink. For information about analyzing data flow using {% data variables.product.prodname_codeql %}, see "[About data flow analysis](https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/)."
@@ -173,4 +172,4 @@ An alternative way of closing an alert is to dismiss it. You can dismiss an aler
{% data reusables.code-scanning.false-positive-fix-codeql %}
-For more information about dismissing alerts, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#dismissing--alerts)."
+For more information about dismissing alerts, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts#dismissing--alerts)."
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page.md
index 86c627b9fbf2..25df9424ba7f 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page.md
@@ -3,6 +3,7 @@ title: About the tool status page for code scanning
shortTitle: Code scanning tool status
allowTitleToDifferFromFilename: true
intro: The {% data variables.code-scanning.tool_status_page %} shows useful information about all of your code scanning tools. If code scanning is not working as you'd expect, the {% data variables.code-scanning.tool_status_page %} is a good starting point for debugging problems.
+permissions: '{% data reusables.permissions.code-scanning-all-alerts %}'
product: '{% data reusables.gated-features.code-scanning %}'
versions:
fpt: '*'
@@ -101,7 +102,7 @@ To remove a configuration, select the configuration you want to delete. Then cli
{% note %}
-**Note:** You can only use the {% data variables.code-scanning.tool_status_page %} to remove configurations for the default branch of a repository. For information about removing configurations from non-default branches, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch)."
+**Note:** You can only use the {% data variables.code-scanning.tool_status_page %} to remove configurations for the default branch of a repository. For information about removing configurations from non-default branches, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts#removing-stale-configurations-and-alerts-from-a-branch)."
{% endnote %}
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/c-cpp-built-in-queries.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/c-cpp-built-in-queries.md
index 5f26a3bb0ef1..7e8b6f8a4f52 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/c-cpp-built-in-queries.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/c-cpp-built-in-queries.md
@@ -2,7 +2,7 @@
title: C and C++ queries for CodeQL analysis
shortTitle: C and C++ CodeQL queries
intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in C or C++ when you select the `default` or the `security-extended` query suite.'
-product: '{% data reusables.gated-features.code-scanning %}'
+product: '{% data reusables.gated-features.codeql %}'
allowTitleToDifferFromFilename: true
versions:
fpt: '*'
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites.md
index 7a32743b2a1c..c5f50b88b29c 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites.md
@@ -2,7 +2,7 @@
title: CodeQL query suites
shortTitle: CodeQL query suites
intro: 'You can choose from different built-in {% data variables.product.prodname_codeql %} query suites to use in your {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} setup.'
-product: '{% data reusables.gated-features.code-scanning %}'
+product: '{% data reusables.gated-features.codeql %}'
versions:
fpt: '*'
ghes: '*'
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/configuring-larger-runners-for-default-setup.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/configuring-larger-runners-for-default-setup.md
index 1a3f9b76b0b3..e2aff3c30c21 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/configuring-larger-runners-for-default-setup.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/configuring-larger-runners-for-default-setup.md
@@ -2,8 +2,7 @@
title: Configuring larger runners for default setup
shortTitle: Configure larger runners
intro: 'You can run {% data variables.product.prodname_code_scanning %} default setup more quickly on bigger codebases using {% data variables.actions.hosted_runners %}.'
-product: '{% data reusables.gated-features.code-scanning %}'
-permissions: '{% data reusables.actions.larger-runner-permissions %}'
+product: '{% data reusables.actions.larger-runner-permissions %}'
versions:
feature: default-setup-larger-runners
topics:
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/csharp-built-in-queries.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/csharp-built-in-queries.md
index 3d3d99784c7b..bd121030973a 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/csharp-built-in-queries.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/csharp-built-in-queries.md
@@ -2,7 +2,7 @@
title: C# queries for CodeQL analysis
shortTitle: C# CodeQL queries
intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in C# when you select the `default` or the `security-extended` query suite.'
-product: '{% data reusables.gated-features.code-scanning %}'
+product: '{% data reusables.gated-features.codeql %}'
allowTitleToDifferFromFilename: true
versions:
fpt: '*'
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md
index b54898d41c26..bd4687e60b07 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md
@@ -2,7 +2,7 @@
title: Editing your configuration of default setup
shortTitle: Edit default setup
intro: 'You can edit your existing configuration of default setup for {% data variables.product.prodname_code_scanning %} to better meet your code security needs.'
-product: '{% data reusables.gated-features.code-scanning %}'
+permissions: '{% data reusables.permissions.security-org-enable %}'
versions:
fpt: '*'
ghes: '*'
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/go-built-in-queries.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/go-built-in-queries.md
index ccdf6aee6e74..085e813158c7 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/go-built-in-queries.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/go-built-in-queries.md
@@ -2,7 +2,7 @@
title: Go queries for CodeQL analysis
shortTitle: Go CodeQL queries
intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in Go (Golang) when you select the `default` or the `security-extended` query suite.'
-product: '{% data reusables.gated-features.code-scanning %}'
+product: '{% data reusables.gated-features.codeql %}'
allowTitleToDifferFromFilename: true
versions:
fpt: '*'
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/java-kotlin-built-in-queries.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/java-kotlin-built-in-queries.md
index dd2a29fc6177..5dda274ca115 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/java-kotlin-built-in-queries.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/java-kotlin-built-in-queries.md
@@ -2,7 +2,7 @@
title: Java and Kotlin queries for CodeQL analysis
shortTitle: Java and Kotlin CodeQL queries
intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in Java or Kotlin when you select the `default` or the `security-extended` query suite.'
-product: '{% data reusables.gated-features.code-scanning %}'
+product: '{% data reusables.gated-features.codeql %}'
allowTitleToDifferFromFilename: true
versions:
fpt: '*'
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/javascript-typescript-built-in-queries.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/javascript-typescript-built-in-queries.md
index ff85696b4862..257194e74686 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/javascript-typescript-built-in-queries.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/javascript-typescript-built-in-queries.md
@@ -2,7 +2,7 @@
title: JavaScript and TypeScript queries for CodeQL analysis
shortTitle: JavaScript and TypeScript queries
intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in JavaScript or TypeScript when you select the `default` or the `security-extended` query suite.'
-product: '{% data reusables.gated-features.code-scanning %}'
+product: '{% data reusables.gated-features.codeql %}'
allowTitleToDifferFromFilename: true
versions:
fpt: '*'
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/python-built-in-queries.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/python-built-in-queries.md
index 878f88281c9d..5e03709a5685 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/python-built-in-queries.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/python-built-in-queries.md
@@ -2,7 +2,7 @@
title: Python queries for CodeQL analysis
shortTitle: Python CodeQL queries
intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in Python when you select the `default` or the `security-extended` query suite.'
-product: '{% data reusables.gated-features.code-scanning %}'
+product: '{% data reusables.gated-features.codeql %}'
allowTitleToDifferFromFilename: true
versions:
fpt: '*'
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/ruby-built-in-queries.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/ruby-built-in-queries.md
index 5cc24289b21d..cdbf2198f068 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/ruby-built-in-queries.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/ruby-built-in-queries.md
@@ -2,7 +2,7 @@
title: Ruby queries for CodeQL analysis
shortTitle: Ruby CodeQL queries
intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in Ruby when you select the `default` or the `security-extended` query suite.'
-product: '{% data reusables.gated-features.code-scanning %}'
+product: '{% data reusables.gated-features.codeql %}'
allowTitleToDifferFromFilename: true
versions:
fpt: '*'
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection.md
index 25335b37773e..9a329863c5e0 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection.md
@@ -2,6 +2,7 @@
title: Set code scanning merge protection
shortTitle: Set merge protection
intro: 'You can use rulesets to set {% data variables.product.prodname_code_scanning %} merge protection for pull requests.'
+permissions: '{% data reusables.permissions.security-org-enable %}'
product: '{% data reusables.gated-features.code-scanning %}'
versions:
feature: code-scanning-merge-protection-rulesets
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/swift-built-in-queries.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/swift-built-in-queries.md
index 375e5b7de79d..21279052a81d 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/swift-built-in-queries.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/swift-built-in-queries.md
@@ -2,7 +2,7 @@
title: Swift queries for CodeQL analysis
shortTitle: Swift CodeQL queries
intro: 'Explore the queries that {% data variables.product.prodname_codeql %} uses to analyze code written in Swift when you select the `default` or the `security-extended` query suite.'
-product: '{% data reusables.gated-features.code-scanning %}'
+product: '{% data reusables.gated-features.codeql %}'
allowTitleToDifferFromFilename: true
versions:
fpt: '*'
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/viewing-code-scanning-logs.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/viewing-code-scanning-logs.md
index ed4e19d75df8..687fab820ab0 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/viewing-code-scanning-logs.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/viewing-code-scanning-logs.md
@@ -1,8 +1,7 @@
---
title: Viewing code scanning logs
intro: 'You can view the output generated during {% data variables.product.prodname_code_scanning %} analysis in {% data variables.product.github %}.'
-product: '{% data reusables.gated-features.code-scanning %}'
-permissions: 'If you have read permissions to a repository, you can view the {% data variables.product.prodname_code_scanning %} logs for that repository.'
+permissions: '{% data reusables.permissions.code-scanning-pr-alerts %}'
redirect_from:
- /code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/viewing-code-scanning-logs
- /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/viewing-code-scanning-logs
@@ -21,13 +20,13 @@ shortTitle: View code scanning logs
You can use a variety of tools to configure {% data variables.product.prodname_code_scanning %} in your repository. For more information, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)" and "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning)."
-The log and diagnostic information available to you depends on the method you use for {% data variables.product.prodname_code_scanning %} in your repository. You can check the type of {% data variables.product.prodname_code_scanning %} you're using in the **Security** tab of your repository, by using the **Tool** drop-down menu in the alert list. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository)."
+The log and diagnostic information available to you depends on the method you use for {% data variables.product.prodname_code_scanning %} in your repository. You can check the type of {% data variables.product.prodname_code_scanning %} you're using in the **Security** tab of your repository, by using the **Tool** drop-down menu in the alert list. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository)."
## About analysis and diagnostic information
You can see analysis and diagnostic information for {% data variables.product.prodname_code_scanning %} run using {% data variables.product.prodname_codeql %} analysis on {% data variables.product.prodname_dotcom %}.
-Analysis information is shown for the most recent analysis in a header at the top of the list of alerts. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository)."
+Analysis information is shown for the most recent analysis in a header at the top of the list of alerts. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository)."
Diagnostic information is displayed in the Action workflow logs and consists of summary metrics and extractor diagnostics. For information about accessing {% data variables.product.prodname_code_scanning %} logs on {% data variables.product.prodname_dotcom %}, see "[Viewing the logging output from {% data variables.product.prodname_code_scanning %}](#viewing-the-logging-output-from-code-scanning)" below.
@@ -73,4 +72,4 @@ After configuring {% data variables.product.prodname_code_scanning %} for your r
1. Optionally, to see more detail about the commit that triggered the workflow run, click the short commit hash. The short commit hash is 7 lowercase characters immediately following the commit author's username.
-1. Once all jobs are complete, you can view the details of any {% data variables.product.prodname_code_scanning %} alerts that were identified. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository)."
+1. Once all jobs are complete, you can view the details of any {% data variables.product.prodname_code_scanning %} alerts that were identified. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository#viewing-the-alerts-for-a-repository)."
diff --git a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github.md b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github.md
index 98b92eaf4356..92ddbbe07af7 100644
--- a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github.md
+++ b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github.md
@@ -88,7 +88,7 @@ codeql github upload-results \
{% endif %}
```
-There is no output from this command unless the upload was unsuccessful. The command prompt returns when the upload is complete and data processing has begun. On smaller codebases, you should be able to explore the {% data variables.product.prodname_code_scanning %} alerts in {% data variables.product.product_name %} shortly afterward. You can see alerts directly in the pull request or on the **Security** tab for branches, depending on the code you checked out. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests)" and "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository)."
+There is no output from this command unless the upload was unsuccessful. The command prompt returns when the upload is complete and data processing has begun. On smaller codebases, you should be able to explore the {% data variables.product.prodname_code_scanning %} alerts in {% data variables.product.product_name %} shortly afterward. You can see alerts directly in the pull request or on the **Security** tab for branches, depending on the code you checked out. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests)" and "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository)."
## Uploading diagnostic information to {% data variables.product.product_name %} if the analysis fails
diff --git a/content/code-security/getting-started/auditing-security-alerts.md b/content/code-security/getting-started/auditing-security-alerts.md
index 5b6d3e5d37cb..4e1d5c73c597 100644
--- a/content/code-security/getting-started/auditing-security-alerts.md
+++ b/content/code-security/getting-started/auditing-security-alerts.md
@@ -85,6 +85,6 @@ For more information, see "[{% data variables.product.prodname_code_scanning_cap
## Further reading
-* [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository)
+* [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository)
* [AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts)
* [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)
diff --git a/content/code-security/getting-started/quickstart-for-securing-your-organization.md b/content/code-security/getting-started/quickstart-for-securing-your-organization.md
index d1a503932b13..5e41477eaccc 100644
--- a/content/code-security/getting-started/quickstart-for-securing-your-organization.md
+++ b/content/code-security/getting-started/quickstart-for-securing-your-organization.md
@@ -1,7 +1,7 @@
---
title: Quickstart for securing your organization
intro: "You can use a number of {% data variables.product.prodname_dotcom %} features to help keep your organization secure."
-permissions: Organization owners and security managers can manage security features for an organization.
+permissions: '{% data reusables.permissions.security-org-enable %}'
redirect_from:
- /code-security/getting-started/securing-your-organization
versions:
diff --git a/content/code-security/getting-started/quickstart-for-securing-your-repository.md b/content/code-security/getting-started/quickstart-for-securing-your-repository.md
index e5707d0eeeca..30c01818b97d 100644
--- a/content/code-security/getting-started/quickstart-for-securing-your-repository.md
+++ b/content/code-security/getting-started/quickstart-for-securing-your-repository.md
@@ -1,7 +1,7 @@
---
title: Quickstart for securing your repository
intro: 'You can use a number of {% data variables.product.prodname_dotcom %} features to help keep your repository secure.'
-permissions: Repository administrators and organization owners can configure repository security settings.
+permissions: '{% data reusables.permissions.security-repo-enable %}'
redirect_from:
- /github/administering-a-repository/about-securing-your-repository
- /github/code-security/getting-started/about-securing-your-repository
@@ -115,6 +115,9 @@ To enable {% data variables.product.prodname_dependabot_version_updates %}, you
## Configuring {% data variables.product.prodname_code_scanning %}
+> [!NOTE]
+> {% data variables.product.prodname_code_scanning_caps %} is available {% ifversion fpt or ghec %}for all public repositories, and for private repositories owned by organizations that are part of an enterprise with a license for {% else %}for organization-owned repositories if your enterprise uses {% endif %}{% data variables.product.prodname_GH_advanced_security %}.
+
You can configure {% data variables.product.prodname_code_scanning %} to automatically identify vulnerabilities and errors in the code stored in your repository by using a {% data variables.code-scanning.codeql_workflow %} or third-party tool. Depending on the programming languages in your repository, you can configure {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %} using default setup, in which {% data variables.product.prodname_dotcom %} automatically determines the languages to scan, query suites to run, and events that will trigger a new scan. For more information, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)."
1. From the main page of your repository, click {% octicon "gear" aria-hidden="true" %} **Settings**.
@@ -124,8 +127,6 @@ You can configure {% data variables.product.prodname_code_scanning %} to automat
Alternatively, you can use advanced setup, which generates a workflow file you can edit to customize your {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %}. For more information, see "[AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning#configuring-advanced-setup-for-code-scanning-with-codeql)."
-{% data variables.product.prodname_code_scanning_caps %} is available {% ifversion fpt or ghec %}for all public repositories, and for private repositories owned by organizations that are part of an enterprise with a license for {% else %}for organization-owned repositories if your enterprise uses {% endif %}{% data variables.product.prodname_GH_advanced_security %}. {% data reusables.secret-scanning.secret-scanning-user-owned-repos-beta %}
-
## Configuring {% data variables.product.prodname_secret_scanning %}
{% data reusables.gated-features.secret-scanning %}
@@ -149,7 +150,7 @@ For more information, see "[AUTOTITLE](/code-security/getting-started/adding-a-s
## Next steps
-You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts)," "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates)," "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository)," and "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)".
+You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts)," "[AUTOTITLE](/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates)," "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository)," and "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)".
You can also use {% data variables.product.prodname_dotcom %}'s tools to audit responses to security alerts. For more information, see "[AUTOTITLE](/code-security/getting-started/auditing-security-alerts)".
diff --git a/content/code-security/secret-scanning/introduction/about-push-protection.md b/content/code-security/secret-scanning/introduction/about-push-protection.md
index 2f286004a3a9..bc47536efdab 100644
--- a/content/code-security/secret-scanning/introduction/about-push-protection.md
+++ b/content/code-security/secret-scanning/introduction/about-push-protection.md
@@ -38,6 +38,12 @@ For information about the secrets and service providers supported by push protec
## How push protection works
+Push protection works:
+
+* From the command line. See "[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line)."
+* In the {% data variables.product.prodname_dotcom %} UI. See "[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui)."{% ifversion secret-scanning-push-protection-content-endpoints %}
+* From the REST API. See "[AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-rest-api)."{% endif %}
+
Once enabled, if push protection detects a potential secret during a push attempt, it will block the push and provide a detailed message explaining the reason for the block. You will need to review the code in question, remove any sensitive information, and reattempt the push.
By default, anyone with write access to the repository can choose to bypass push protection by specifying one of the bypass reasons outlined in the table. {% data reusables.secret-scanning.push-protection-bypass %}
@@ -46,6 +52,8 @@ By default, anyone with write access to the repository can choose to bypass push
{% ifversion push-protection-delegated-bypass %} If you want greater control over which contributors can bypass push protection and which pushes containing secrets should be allowed, you can enable delegated bypass for push protection. Delegated bypass lets you configure a designated group of reviewers to oversee and manage requests to bypass push protection from contributors pushing to the repository. For more information, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection)."{% endif %}
+{% ifversion secret-scanning-push-protection-content-endpoints %}You can also bypass push protection using the REST API. For more information, see "[AUTOTITLE](/rest/secret-scanning/secret-scanning?apiVersion=2022-11-28#create-a-push-protection-bypass)."{% endif %}
+
## About the benefits of push protection
* **Preventative security**: Push protection acts as a frontline defense mechanism by scanning code for secrets at the time of the push. This preventative approach helps to catch potential issues before they are merged into your repository.
diff --git a/content/code-security/secret-scanning/introduction/about-secret-scanning-for-partners.md b/content/code-security/secret-scanning/introduction/about-secret-scanning-for-partners.md
index 276124021dcd..13d6bc733cc9 100644
--- a/content/code-security/secret-scanning/introduction/about-secret-scanning-for-partners.md
+++ b/content/code-security/secret-scanning/introduction/about-secret-scanning-for-partners.md
@@ -1,6 +1,7 @@
---
title: About secret scanning for partners
intro: 'When {% data variables.product.prodname_secret_scanning %} detects authentication details for a service provider in a public repository on {% data variables.product.prodname_dotcom %}, an alert is sent directly to the provider. This allows service providers who are {% data variables.product.prodname_dotcom %} partners to promptly take action to secure their systems.'
+product: '{% data reusables.gated-features.secret-scanning-partner-alerts %}'
versions:
fpt: '*'
ghec: '*'
diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts.md
index 59de0ea9ac88..33fa5f229734 100644
--- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts.md
+++ b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts.md
@@ -1,7 +1,7 @@
---
title: About secret scanning alerts
intro: 'Learn about the different types of {% data variables.secret-scanning.alerts %}.'
-permissions: 'People with admin access to a {% ifversion fpt %}public {% endif %}repository can manage {% data variables.secret-scanning.alerts %} for the repository.'
+permissions: '{% data reusables.permissions.secret-scanning-alerts %}'
product: '{% data reusables.gated-features.secret-scanning %}'
versions:
fpt: '*'
diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts.md
index 7fc067804b67..61e65666056e 100644
--- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts.md
+++ b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts.md
@@ -1,8 +1,7 @@
---
title: Evaluating alerts from secret scanning
intro: 'Learn about additional features that can help you evaluate alerts and prioritize their remediation, such as checking a secret''s validity.'
-permissions: 'People with admin access to a {% ifversion fpt %}public {% endif %}repository can view {% data variables.secret-scanning.alerts %} for the repository.'
-product: '{% data reusables.gated-features.secret-scanning %}'
+permissions: '{% data reusables.permissions.secret-scanning-alerts %}'
versions:
fpt: '*'
ghes: '*'
diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/monitoring-alerts.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/monitoring-alerts.md
index 55d3f7954280..e3127cbdcef7 100644
--- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/monitoring-alerts.md
+++ b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/monitoring-alerts.md
@@ -1,7 +1,7 @@
---
title: Monitoring alerts from secret scanning
intro: 'Learn how and when {% data variables.product.product_name %} will notify you about a secret scanning alert.'
-product: '{% data reusables.gated-features.secret-scanning %}'
+permissions: '{% data reusables.permissions.secret-scanning-alerts %}'
versions:
fpt: '*'
ghes: '*'
diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts.md
index b0dc2237c5c7..ac9bd343f95d 100644
--- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts.md
+++ b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts.md
@@ -1,8 +1,7 @@
---
title: Resolving alerts from secret scanning
intro: 'After reviewing the details of a secret scanning alert, you should fix and then close the alert.'
-permissions: 'People with admin access to a {% ifversion fpt %}public {% endif %}repository can dismiss secret scanning alerts for the repository.'
-product: '{% data reusables.gated-features.secret-scanning %}'
+permissions: '{% data reusables.permissions.secret-scanning-alerts %}'
versions:
fpt: '*'
ghes: '*'
diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts.md
index a7a59be38467..58571fa07ab9 100644
--- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts.md
+++ b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts.md
@@ -1,8 +1,7 @@
---
title: Viewing and filtering alerts from secret scanning
intro: 'Learn how to find and filter {% ifversion fpt or ghec %}{% data variables.secret-scanning.user_alerts %}{% else %}{% data variables.secret-scanning.user_alerts %} alerts{% endif %} for your repository.'
-permissions: 'People with admin access to a {% ifversion fpt %}public {% endif %}repository can view {% data variables.secret-scanning.user_alerts %}{% ifversion ghes %} alerts{% endif %} for the repository.'
-product: '{% data reusables.gated-features.secret-scanning %}'
+permissions: '{% data reusables.permissions.secret-scanning-alerts %}'
versions:
fpt: '*'
ghes: '*'
diff --git a/content/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program.md b/content/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program.md
index 26f11638c1e2..5559f593a7d1 100644
--- a/content/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program.md
+++ b/content/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program.md
@@ -1,6 +1,7 @@
---
title: Secret scanning partner program
intro: 'As a service provider, you can partner with {% data variables.product.prodname_dotcom %} to have your secret token formats secured through secret scanning, which searches for accidental commits of your secret format and can be sent to a service provider''s verify endpoint.'
+product: '{% data reusables.gated-features.secret-scanning-partner-alerts %}'
redirect_from:
- /partnerships/token-scanning
- /partnerships/secret-scanning
diff --git a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/index.md b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/index.md
index 4a5ba486277b..e2b328229e00 100644
--- a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/index.md
+++ b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/index.md
@@ -15,6 +15,7 @@ topics:
children:
- /push-protection-for-users
- /working-with-push-protection-from-the-command-line
+ - /working-with-push-protection-from-the-rest-api
- /working-with-push-protection-in-the-github-ui
redirect_from:
- /code-security/secret-scanning/working-with-push-protection
diff --git a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line.md b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line.md
index 742267de805a..1e4a50ff74e9 100644
--- a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line.md
+++ b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line.md
@@ -152,4 +152,5 @@ If your request is denied, you will need to remove the secret from all commits c
## Further reading
-* [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui)
+* [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui){% ifversion secret-scanning-push-protection-content-endpoints %}
+* [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-rest-api){% endif %}
diff --git a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-rest-api.md b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-rest-api.md
new file mode 100644
index 000000000000..6673e482d784
--- /dev/null
+++ b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-rest-api.md
@@ -0,0 +1,32 @@
+---
+title: Working with push protection from the REST API
+shortTitle: Push protection from the REST API
+intro: 'Learn your options for unblocking your push to {% data variables.product.prodname_dotcom %} using the REST API if {% data variables.product.prodname_secret_scanning %} detects a secret in the content of your API request.'
+product: '{% data reusables.gated-features.secret-scanning %}'
+versions:
+ feature: secret-scanning-push-protection-content-endpoints
+type: how_to
+topics:
+ - Secret scanning
+ - Advanced Security
+ - Alerts
+ - Repositories
+---
+
+## About push protection from the REST API
+
+Push protection prevents you from accidentally committing secrets to a repository by blocking pushes containing supported secrets.
+
+The "Create a blob" and "Create or update file contents" endpoints in the REST API include push protection. See "[AUTOTITLE](/rest/git/blobs?apiVersion=2022-11-28#create-a-blob)" and "[AUTOTITLE](/rest/repos/contents?apiVersion=2022-11-28#create-or-update-file-contents)."
+
+If you make a request with these endpoints whose content includes a supported secret, the REST API will return a 409 error, indicating that a secret has been detected.
+
+To resolve the error, you can either:
+
+* **Remove** the secret from the content of your API request before trying again.
+* **Create a push protection bypass**: You can bypass push protection using the "Create a push protection bypass" endpoint. For more information, see "[AUTOTITLE](/rest/secret-scanning/secret-scanning?apiVersion=2022-11-28#create-a-push-protection-bypass)."
+
+## Further reading
+
+* [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line)
+* [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui)
diff --git a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui.md b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui.md
index 1a334dc55f3b..8a72e495a47a 100644
--- a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui.md
+++ b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui.md
@@ -89,4 +89,5 @@ If your request is denied, you will need to remove the secret from the file befo
## Further reading
-* [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line)
+* [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line){% ifversion secret-scanning-push-protection-content-endpoints %}
+* [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-rest-api){% endif %}
diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md
index 2ec7919ea018..cce8600b4b5a 100644
--- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md
+++ b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md
@@ -15,7 +15,7 @@ topics:
After creating and applying a {% data variables.product.prodname_custom_security_configuration %}, you may need to edit the enablement settings for that configuration to better secure your repositories. Any changes you make to the enablement settings of a {% data variables.product.prodname_security_configuration %} will automatically populate to all linked repositories.
-To determine if your {% data variables.product.prodname_custom_security_configuration %} is meeting your security needs, see "[AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings-on-a-repository)."
+To determine if your {% data variables.product.prodname_custom_security_configuration %} is meeting your security needs, see "[AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings)."
{% note %}
diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/index.md b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/index.md
index c254cd07d7ae..186c92f073ec 100644
--- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/index.md
+++ b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/index.md
@@ -9,7 +9,7 @@ topics:
- Organizations
- Security
children:
- - /interpreting-security-findings-on-a-repository
+ - /interpreting-security-findings
- /filtering-repositories-in-your-organization-using-the-repository-table
- /editing-a-custom-security-configuration
- /managing-your-github-advanced-security-license-usage
diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings-on-a-repository.md b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings.md
similarity index 52%
rename from content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings-on-a-repository.md
rename to content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings.md
index 89c4aa0ee55f..8c221c3ffa3f 100644
--- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings-on-a-repository.md
+++ b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings.md
@@ -1,5 +1,5 @@
---
-title: Interpreting security findings on a repository
+title: Interpreting security findings
shortTitle: Interpret security data
intro: 'You can analyze security data on repositories in your organization to determine if you need to make changes to your security setup.'
permissions: '{% data reusables.security-configurations.security-configurations-permissions %}'
@@ -9,11 +9,13 @@ topics:
- Advanced Security
- Organizations
- Security
+redirect_from:
+ - /code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings-on-a-repository
---
-## About security findings on a repository
+## About security findings
-After you apply a {% data variables.product.prodname_security_configuration %} to a repository, the enabled security features will likely raise security findings on that repository. These findings may show up as feature-specific alerts, or as automatically generated pull requests designed to keep your repository secure. To best secure your organization, you should be able to understand and resolve these alerts and pull requests, then analyze the findings and make any necessary adjustments to your {% data variables.product.prodname_security_configuration %}.
+After you apply a {% data variables.product.prodname_security_configuration %} to a repository, the enabled security features will likely raise security findings on that repository. These findings may show up as feature-specific alerts, or as automatically generated pull requests designed to keep your repository secure. To best secure your organization, you should encourage contributors to those repositories to review and resolve these alerts and pull requests. You can analyze the findings across the organization and make any necessary adjustments to your {% data variables.product.prodname_security_configuration %}.
{% ifversion ghec or ghes %}
@@ -22,8 +24,15 @@ After you apply a {% data variables.product.prodname_security_configuration %} t
{% data reusables.security-overview.information-varies-GHAS %}
{% data reusables.organizations.navigate-to-org %}
{% data reusables.organizations.security-overview %}
-{% data reusables.security-overview.open-security-risk-view %}
-{% data reusables.code-scanning.using-security-overview-risk %}
+1. By default, the overview shows alerts for all native {% data variables.product.github %} tools (filter: `tool:github`). To display alerts for a specific tool, replace `tool:github` in the filter text box. For example:
+ * `tool:dependabot` to show only alerts for dependencies identified by {% data variables.product.prodname_dependabot %}.
+ * `tool:secret-scanning` to only show alerts for secrets indentified by {% data variables.product.prodname_secret_scanning %}.
+ * `tool:codeql` to show only alerts for potential security vulnerabilities identified by {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}.
+1. You can add further filters to show only the repositories you want to assess. The list of repositories and metrics displayed on the page automatically update to match your current selection. For more information on filtering, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
+ * Use the **Teams** dropdown to show information only for the repositories owned by one or more teams.
+ * Click **NUMBER affected** or **NUMBER unaffected** in the header for any feature to show only the repositories with open alerts or no open alerts of that type.
+ * Click any of the descriptions of "Open alerts" in the header to show only repositories with alerts of that type and category. For example, **1 critical** to show the repository with a critical alert for {% data variables.product.prodname_dependabot %}.
+ * At the top of the list of repositories, click **NUMBER Archived** to show only repositories that are archived.
{% data reusables.organizations.security-overview-feature-specific-page %}
{% endif %}
@@ -35,25 +44,25 @@ After you apply a {% data variables.product.prodname_security_configuration %} t
* {% data variables.secret-scanning.user_alerts_caps %}, which appear on {% data variables.product.product_name %} and can be resolved
{% endif %}
-You can view {% data variables.product.prodname_secret_scanning %} alerts for a repository by navigating to the main page of that repository, clicking the {% octicon "shield" aria-hidden="true" %} **Security** tab, then clicking {% octicon "key" aria-hidden="true" %} **{% data variables.product.prodname_secret_scanning_caps %}**.
+You can view {% data variables.product.prodname_secret_scanning %} alerts for an organization by navigating to the main page of that organization, clicking the {% octicon "shield" aria-hidden="true" %} **Security** tab, then clicking {% octicon "key" aria-hidden="true" %} **{% data variables.product.prodname_secret_scanning_caps %}**.
For an introduction to {% data variables.product.prodname_secret_scanning %} alerts, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts)."
-To learn how to interpret and resolve {% data variables.product.prodname_secret_scanning %} alerts, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)."
+To learn how to evaluate {% data variables.product.prodname_secret_scanning %} alerts, see "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts)."
## Interpreting {% data variables.product.prodname_code_scanning %} alerts
{% data reusables.code-scanning.about-code-scanning %} These problems are raised as {% data variables.product.prodname_code_scanning %} alerts, which contain detailed information on the vulnerability or error detected.
-You can view the {% data variables.product.prodname_code_scanning %} alerts for a repository by navigating to the main page of that repository, clicking the {% octicon "shield" aria-hidden="true" %} **Security** tab, then clicking {% octicon "codescan" aria-hidden="true" %} **{% data variables.product.prodname_code_scanning_caps %}**.
+You can view the {% data variables.product.prodname_code_scanning %} alerts for an organization by navigating to the main page of that organization, clicking the {% octicon "shield" aria-hidden="true" %} **Security** tab, then clicking {% octicon "codescan" aria-hidden="true" %} **{% data variables.product.prodname_code_scanning_caps %}**.
For an introduction to {% data variables.product.prodname_code_scanning %} alerts, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts)."
-To learn how to interpret and resolve {% data variables.product.prodname_code_scanning %} alerts, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository)."
+To learn how to interpret and resolve {% data variables.product.prodname_code_scanning %} alerts, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository)" and "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts)."
## Interpreting {% data variables.product.prodname_dependabot_alerts %}
-{% data variables.product.prodname_dependabot_alerts %} inform you about vulnerabilities in the dependencies that you use in your repository. You can view {% data variables.product.prodname_dependabot_alerts %} for a repository by navigating to the main page of that repository, clicking the {% octicon "shield" aria-hidden="true" %} **Security** tab, then clicking {% octicon "dependabot" aria-hidden="true" %} **{% data variables.product.prodname_dependabot %}**.
+{% data variables.product.prodname_dependabot_alerts %} inform you about vulnerabilities in the dependencies that you use in repositories in your organization. You can view {% data variables.product.prodname_dependabot_alerts %} for an organization by navigating to the main page of that organization, clicking the {% octicon "shield" aria-hidden="true" %} **Security** tab, then clicking {% octicon "dependabot" aria-hidden="true" %} **{% data variables.product.prodname_dependabot %}**.
For an introduction to {% data variables.product.prodname_dependabot_alerts %}, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)."
@@ -61,7 +70,7 @@ To learn how to interpret and resolve {% data variables.product.prodname_dependa
{% note %}
-**Note:** If you enabled {% data variables.product.prodname_dependabot_security_updates %} or {% data variables.product.prodname_dependabot_version_updates %}, {% data variables.product.prodname_dependabot %} can also automatically raise pull requests to update the dependencies used in your repository. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)" and "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates)."
+**Note:** If you enabled {% data variables.product.prodname_dependabot_security_updates %}, {% data variables.product.prodname_dependabot %} can also automatically raise pull requests to update the dependencies used in the repositories of the organization. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)."
{% endnote %}
diff --git a/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/applying-a-custom-security-configuration.md b/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/applying-a-custom-security-configuration.md
index 3380d4b5bf9f..1bb9e446fc24 100644
--- a/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/applying-a-custom-security-configuration.md
+++ b/content/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/applying-a-custom-security-configuration.md
@@ -36,7 +36,7 @@ After you create a {% data variables.product.prodname_custom_security_configurat
## Next steps
-To learn how to interpret security findings from your {% data variables.product.prodname_custom_security_configuration %} on a repository, see "[AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings-on-a-repository)."
+To learn how to interpret security findings from your {% data variables.product.prodname_custom_security_configuration %} on a repository, see "[AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings)."
{% data reusables.security-configurations.edit-configuration-next-step %}
diff --git a/content/code-security/security-overview/about-security-overview.md b/content/code-security/security-overview/about-security-overview.md
index 5eba4c10eeda..e20c9ff27145 100644
--- a/content/code-security/security-overview/about-security-overview.md
+++ b/content/code-security/security-overview/about-security-overview.md
@@ -1,6 +1,6 @@
---
title: About security overview
-intro: 'You can gain insights into the overall security landscape of your organization and view summaries of alerts for repositories owned by your organization. {% ifversion security-overview-org-risk-coverage %}You can also monitor adoption of code security features across your organization.{% endif %}'
+intro: 'You can gain insights into the overall security landscape of your organization or enterprise and identify repositories that require intervention using security overview.'
permissions: '{% data reusables.security-overview.permissions %}'
product: '{% data reusables.gated-features.security-overview %}'
redirect_from:
@@ -22,113 +22,64 @@ topics:
- Teams
---
-## About security overview
-
-{% data reusables.security-overview.about-security-overview %} {% ifversion fpt %}For more information, see [the {% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/security-overview/about-security-overview).{% endif %}
+{% ifversion fpt %}{% data reusables.security-overview.about-security-overview %} For more information, see [the {% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/security-overview/about-security-overview).{% endif %}
{% ifversion ghec or ghes %}
-{% note %}
+Security overview contains focused views where you can explore trends in detection, remediation, and prevention of security alerts and dig deep into the current state of your codebases.
-**Note:** Security overview shows information and metrics for the default branches of an organization's repositories.
+* Information about {% data variables.product.prodname_dependabot %} features and alerts is shown for all repositories.
+* Information for {% data variables.product.prodname_GH_advanced_security %} features, such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}, is shown for enterprises that use {% data variables.product.prodname_GH_advanced_security %}{% ifversion ghec %} and for public repositories{% endif %}.
-{% endnote %}
+For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts#dependabot-alerts-for-vulnerable-dependencies)" and "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)."
-Security overview shows which security features are enabled for repositories and includes repository and alert-focused views so you can quickly investigate security issues and take action to remediate them.
+## About the views
-* Risk and coverage information about {% data variables.product.prodname_dependabot %} features and alerts is shown for all repositories.
-* Risk and coverage information for {% data variables.product.prodname_GH_advanced_security %} features, such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}, is shown for enterprises that use {% data variables.product.prodname_GH_advanced_security %}{% ifversion ghec %} and for public repositories{% endif %}.{% ifversion security-overview-dashboard %}
-* An organization-level dashboard of insights from security features is shown for enterprise-owned organizations that use {% data variables.product.prodname_GH_advanced_security %}{% ifversion ghec %} and for public repositories{% endif %}.{% endif %}
+> [!NOTE]
+> All views show information and metrics for the **default** branches of the repositories you have permission to view in an organization or enterprise.
-For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts#dependabot-alerts-for-vulnerable-dependencies)" and "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)."
+The views are interactive with filters that allow you to look at the aggregated data in detail and identify sources of high risk, see security trends, and see the impact of pull request analysis on blocking security vulnerabilities entering your code. As you apply multiple filters to focus on narrower areas of interest, all data and metrics across the view change to reflect your current selection. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
{% ifversion security-overview-export-data %}
{% data reusables.security-overview.download-csv-files %} For more information, see "[AUTOTITLE](/code-security/security-overview/exporting-data-from-security-overview)."
{% endif %}
-The views are interactive with filters that allow you to look at the aggregated data in detail and identify sources of high risk or low feature coverage. As you apply multiple filters to focus on narrower areas of interest, all data and metrics across the view change to reflect your current selection. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
-
-{% ifversion security-overview-alert-views %}
-There are also dedicated views for each type of security alert that you can use to limit your analysis to a specific set of alerts, and then narrow the results further with a range of filters specific to each view. For example, in the {% data variables.product.prodname_secret_scanning %} alert view, you can use the "Secret type" filter to view only {% data variables.secret-scanning.alerts %} for a specific secret, like a {% data variables.product.prodname_dotcom %} {% data variables.product.pat_generic %}.
-{% endif %}
-
-{% note %}
-
-**Note:** Security overview displays active alerts raised by security features. If there are no alerts shown in security overview for a repository, undetected security vulnerabilities or code errors may still exist or the feature may not be enabled for that repository.
+There are dedicated views for each type of security alert. You can limit your analysis to a specific type of alert, and then narrow the results further with a range of filters specific to each view. For example, in the {% data variables.product.prodname_secret_scanning %} alert view, you can use the "Secret type" filter to view only {% data variables.secret-scanning.alerts %} for a specific secret, like a {% data variables.product.prodname_dotcom %} {% data variables.product.pat_generic %}.
-{% endnote %}
+> [!NOTE]
+> Security overview displays active alerts raised by security features. If there are no alerts shown in security overview for a repository, undetected security vulnerabilities or code errors may still exist or the feature may not be enabled for that repository.
## About security overview for organizations
-The application security team at your company can use the different views for both broad and specific analyses of your organization's security status. {% ifversion security-overview-org-risk-coverage %} For example, {% ifversion security-overview-dashboard %}the team can use the "Overview" dashboard view to track your organization's security landscape and progression{% else %}the team can use the "Coverage" view to monitor the adoption of features across your organization or by a specific team as you roll out {% data variables.product.prodname_GH_advanced_security %}, or use the "Risk" view to identify repositories with more than five open {% data variables.secret-scanning.alerts %}{% endif %}. {% else %}For example, they can use the overview page to monitor adoption of features by your organization or by a specific team as you roll out {% data variables.product.prodname_GH_advanced_security %} to your enterprise, or to review all alerts of a specific type and severity level across all repositories in your organization.{% endif %} {% ifversion code-security-multi-repo-enablement %}{% ifversion pre-security-configurations %}You can also use security overview to find a set of repositories and enable or disable security features for them all at the same time. For more information, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)."{% endif %}{% endif %}
-
-You can find security overview on the **Security** tab for any organization that's owned by an enterprise. Each view shows a summary of the data that you have access to. As you add filters, all data and metrics across the view change to reflect the repositories or alerts that you've selected. For information about permissions, see "[Permission to view data in security overview](#permission-to-view-data-in-security-overview)."
+The application security team at your company can use the different views for both broad and specific analyses of your organization's security status. For example, {% ifversion security-overview-dashboard %}the team can use the "Overview" dashboard view to track your organization's security landscape and progression{% else %}the team can use the "Coverage" view to monitor the adoption of features across your organization or by a specific team as you roll out {% data variables.product.prodname_GH_advanced_security %}, or use the "Risk" view to identify repositories with more than five open {% data variables.secret-scanning.alerts %}{% endif %}. {% ifversion pre-security-configurations %}You can also use security overview to find a set of repositories and enable or disable security features for them all at the same time. For more information, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)."{% endif %}
-{% ifversion security-overview-org-risk-coverage %}
+You can find security overview on the **Security** tab for any organization. Each view shows a summary of the data that you have access to. As you add filters, all data and metrics across the view change to reflect the repositories or alerts that you've selected. For information about permissions, see "[Permission to view data in security overview](#permission-to-view-data-in-security-overview)."
Security overview has multiple views that provide different ways to explore enablement and alert data.
{% ifversion security-overview-dashboard %}
-* Use "Overview" to view insights about your organization's security landscape and progress.{% endif %}
-* Use "Coverage" to assess the adoption of code security features across repositories in the organization.
-* Use "Risk" to assess the risk from security alerts of all types for one or more repositories in the organization.
-* Use the individual security alert views to identify your risk from specific vulnerable dependencies, code weaknesses, or leaked secrets.
-
-{% data reusables.security-overview.alert-differences %}
-
-For more information about these views, see {% ifversion security-overview-dashboard %}"[AUTOTITLE](/code-security/security-overview/viewing-security-insights),"{% endif %}"[AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security)" and "[AUTOTITLE](/code-security/security-overview/assessing-code-security-risk)."
-
-{% else %}
-
-### Understanding the main security overview
-
-
-
-Each repository is shown in security overview with an indicator for each type of security feature and how many alerts there are of each type. If a security feature is not enabled for a repository, the indicator for that feature will be grayed out. In addition, a risk score is calculated for each repository based on its {% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_dependabot %} and {% data variables.secret-scanning.alerts %}. This score is in {% data variables.release-phases.public_preview %} and should be used with caution. Its algorithm and approach is subject to change.
-
-| Indicator | Meaning |
-| -------- | -------- |
-| {% octicon "code-square" aria-label="Code scanning alerts" %} | {% data variables.product.prodname_code_scanning_caps %} alerts. For more information, see "[AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning)." |
-| {% octicon "key" aria-label="Secret scanning alerts" %} | {% data variables.product.prodname_secret_scanning_caps %} alerts. For more information, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)." |
-| {% octicon "hubot" aria-label="Dependabot alerts" %} | {% data variables.product.prodname_dependabot_alerts %}. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)." |
-| {% octicon "check" aria-label="Enabled" %} | The security feature is enabled, but does not raise alerts in this repository. |
-| {% octicon "x" aria-label="Not supported" %} | The security feature is not supported in this repository. |
-
-{% endif %}
-
-{% ifversion ghec or ghes %}
+* **Overview:** visualize trends in **Detection**, **Remediation**, and **Prevention** of security alerts, see "[AUTOTITLE](/code-security/security-overview/viewing-security-insights)."{% endif %}
+* **Risk and Alert views:** explore the risk from security alerts of all types or focus on a single alert type and identify your risk from specific vulnerable dependencies, code weaknesses, or leaked secrets, see "[AUTOTITLE](/code-security/security-overview/assessing-code-security-risk)."
+* **Coverage:** assess the adoption of code security features across repositories in the organization, see "[AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security)."{% ifversion security-overview-tool-adoption %}
+* **Enablement trends:** see how quickly different teams are adopting security features.{% endif %}{% ifversion security-overview-org-codeql-pr-alerts %}
+* **CodeQL pull request alerts:** assess the impact of running CodeQL on pull requests and how development teams are resolving code scanning alerts, see "[AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts)."{% endif %}{% ifversion security-overview-push-protection-metrics-page %}
+* **Secret scanning:** find out which types of secret are blocked by push protection{% ifversion security-overview-delegated-bypass-requests %} and which teams are bypassing push protection{% endif %}, see "[AUTOTITLE](/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection){% ifversion security-overview-delegated-bypass-requests %}" and "[AUTOTITLE](/code-security/security-overview/reviewing-requests-to-bypass-push-protection){% endif %}."{% endif %}
## About security overview for enterprises
-You can find security overview on the **Code Security** tab for your enterprise. Each page displays aggregated and repository-specific security information for your enterprise. {% ifversion security-overview-org-risk-coverage-enterprise %}
-
-As with security overview for organizations, security overview for enterprises has multiple views that provide different ways to explore enablement and alert data.
-
-{% ifversion security-overview-dashboard-enterprise %}
-* Use the "Overview" view to see insights about your enterprise's security landscape and progress.{% endif %}
-* Use the "Coverage" view to assess the adoption of code security features across organizations in the enterprise.
-* Use the "Risk" view to assess the risk from security alerts of all types across organizations in the enterprise.
-* Use the individual security alert views to identify your risk from specific vulnerable dependencies, code weaknesses, or leaked secrets.{% else %}You can view repositories owned by your enterprise that have security alerts, view all security alerts, or view security feature-specific alerts from across your enterprise.{% endif %}
+You can find security overview on the **Code Security** tab for your enterprise. Each page displays aggregated and repository-specific security information for your enterprise.
-For more information about these views, see {% ifversion security-overview-dashboard-enterprise %}"[AUTOTITLE](/code-security/security-overview/viewing-security-insights)," {% endif %}"[AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security)" and "[AUTOTITLE](/code-security/security-overview/assessing-code-security-risk)."
+As with security overview for organizations, security overview for enterprises has multiple views that provide different ways to explore data.
For information about permissions, see "[Permission to view data in security overview](#permission-to-view-data-in-security-overview)."
-{% endif %}
-
-{% ifversion security-overview-org-risk-coverage %}
-
## Permission to view data in security overview
-{% ifversion security-overview-org-risk-coverage-enterprise %}
-
### Organization-level overview
-{% endif %}
+If you are an **owner or security manager** for an organization, you can see data for all the repositories in the organization in all views.
-If you are an owner or security manager for an organization, you can see data for all the repositories in the organization in all views.
-
-If you are an organization or team member, you can view security overview for the organization and see data for repositories where you have an appropriate level of access.
+If you are an **organization or team member**, you can view security overview for the organization and see data for repositories where you have an appropriate level of access.
{% ifversion security-overview-dashboard %}
{% rowheaders %}
@@ -156,30 +107,17 @@ If you are an organization or team member, you can view security overview for th
{% endrowheaders %}
{% endif %}
-{% note %}
-
-**Note:** To ensure a consistent and responsive experience, for organization members, the organization-level security overview pages will only display results from the most recently updated 3,000 repositories. If your results have been restricted, a notification will appear at the top of the page. Organization owners and security managers will see results from all repositories.
-
-{% endnote %}
+> [!NOTE]
+> To ensure a consistent and responsive experience, for organization members, the organization-level security overview pages will only display results from the most recently updated 3,000 repositories. If your results have been restricted, a notification will appear at the top of the page. Organization owners and security managers will see results from all repositories.
For more information about access to security alerts and related views, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)" and "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/about-custom-repository-roles#security)."
-{% endif %}
-
-{% ifversion security-overview-org-risk-coverage-enterprise %}
-
### Enterprise-level overview
-{% ifversion ghec or ghes %}
-{% note %}
+> [!NOTE]
+> If you are an **enterprise owner**, you will need to join an organization as an organization owner to view data for the organization's repositories in both the organization-level and enterprise-level overview.{% ifversion secret-scanning-user-owned-repos %} {% data reusables.secret-scanning.secret-scanning-user-owned-repo-access %}{% endif %} For more information, see "[AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise)."
-**Note:** If you are an enterprise owner, you will need to join an organization as an organization owner to view data for the organization's repositories in both the organization-level and enterprise-level overview.{% ifversion secret-scanning-user-owned-repos %} {% data reusables.secret-scanning.secret-scanning-user-owned-repo-access %}{% endif %} For more information, see "[AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise)."
-
-{% endnote %}
-{% endif %}
-
-In the enterprise-level security overview, you can see data for all organizations where you are an organization owner or security manager. However, you cannot use the enterprise-level security overview to enable and disable security features. For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)."
-{% endif %}
+In the enterprise-level security overview, you can see data for all organizations where you are an **organization owner or security manager**. {% ifversion pre-security-configurations %}However, you cannot use the enterprise-level security overview to enable and disable security features. {% endif %}For more information, see "[AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/managing-github-advanced-security-features-for-your-enterprise)."
{% ifversion ghec %}
If you're an owner of an {% data variables.enterprise.prodname_emu_enterprise %}, you can view data from user-owned repositories in security overview and filter by repository owner type. For more information on {% data variables.enterprise.prodname_managed_users %}, see "[AUTOTITLE](/admin/identity-and-access-management/using-enterprise-managed-users-for-iam/about-enterprise-managed-users)."
diff --git a/content/code-security/security-overview/assessing-code-security-risk.md b/content/code-security/security-overview/assessing-code-security-risk.md
index 7c62405ff0a4..47a463d00070 100644
--- a/content/code-security/security-overview/assessing-code-security-risk.md
+++ b/content/code-security/security-overview/assessing-code-security-risk.md
@@ -21,28 +21,28 @@ redirect_from:
{% data reusables.security-overview.beta-org-risk-coverage %}
-## About security risks in your code
+## Exploring the security risks in your code
-You can use security overview to see which repositories and teams are free from any security alerts and which have unresolved security alerts. The "Security risk" page shows a summary and detailed information on which repositories in an organization {% ifversion security-overview-org-risk-coverage-enterprise %}or enterprise {% endif %}are affected by security alerts, with a breakdown of alert by severity. You can filter the view to show a subset of repositories using the "affected" and "unaffected" links, the links under "Open alerts", the "Teams" dropdown menu, and a search field in the page header. This view is a great way to understand the broader picture for a repository, team, or group of repositories because you can see security alerts of all types in one view.
+You can use the different views on your **Security** tab to explore the security risks in your code.
-
+* **Overview:** use to explore trends in **Detection**, **Remediation**, and **Prevention** of security alerts.
+* **Risk:** use to explore the current state of repositories, across all alert types.
+* **Alerts views:** use to explore {% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_dependabot %}, or {% data variables.product.prodname_secret_scanning %} alerts in greater detail.
-{% ifversion security-overview-export-data %}
-You can download a CSV file of the data displayed on the "Security risk" page. This data file can be used for efforts like security research and in-depth data analysis, and can integrate easily with external datasets. For more information, see "[AUTOTITLE](/code-security/security-overview/exporting-data-from-security-overview)."
-{% endif %}
+These views provide you with the data and filters to:
-{% note %}
+* Assess the landscape of your code security across all your repositories.
+* Identify the highest impact vulnerabilities to address.
+* Monitor your progress in remediating potential vulnerabilities. {% ifversion security-overview-export-data %}
+* Export your current selection of data for further analysis and reporting. {% endif %}
-**Note:** It's important to understand that all repositories without open alerts are included in the set of unaffected repositories. That is, unaffected repositories include any repositories where the feature is not enabled, in addition to repositories that have been scanned and any alerts identified have been closed.
-
-{% endnote %}
+{% ifversion security-overview-dashboard %}
+For information about the **Overview**, see "[AUTOTITLE](/code-security/security-overview/viewing-security-insights)."{% endif %}
## Viewing organization-level code security risks
{% data reusables.security-overview.information-varies-GHAS %}
-{% ifversion security-overview-org-risk-coverage %}
-
{% data reusables.organizations.navigate-to-org %}
{% data reusables.organizations.security-overview %}
{% data reusables.security-overview.open-security-risk-view %}
@@ -50,43 +50,27 @@ You can download a CSV file of the data displayed on the "Security risk" page. T
-{% data reusables.organizations.security-overview-feature-specific-page %}
-
-{% else %}
-
-{% data reusables.organizations.navigate-to-org %}
-{% data reusables.organizations.security-overview %}
-1. To view aggregate information about alert types, click **Show more**.
-{% data reusables.organizations.filter-security-overview %}
-{% ifversion security-overview-alert-views %}
-{% data reusables.organizations.security-overview-feature-specific-page %}
-
- 
+ {% data reusables.security-overview.unaffected-repositories %}
-{% endif %}
-{% endif %}
+{% data reusables.organizations.security-overview-feature-specific-page %} {% ifversion security-overview-export-data %}
+1. Optionally, use the {% octicon "download" aria-hidden="true" %} **Export CSV** button to download a CSV file of the data currently displayed on the page for security research and in-depth data analysis. For more information, see "[AUTOTITLE](/code-security/security-overview/exporting-data-from-security-overview)." {% endif %}
{% data reusables.security-overview.alert-differences %}
## Viewing enterprise-level code security risks
-{% ifversion security-overview-org-risk-coverage-enterprise %}
-
You can view data for security alerts across organizations in an enterprise. {% data reusables.security-overview.information-varies-GHAS %}
{% data reusables.security-overview.enterprise-filters-tip %}
-{% endif %}
-
{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}
{% data reusables.code-scanning.click-code-security-enterprise %}
-{% ifversion security-overview-org-risk-coverage-enterprise %}
-1. To display the "Security coverage" view, in the sidebar, click **Risk**.
+1. To display the "Security risk" view, in the sidebar, click {% octicon "shield" aria-hidden="true" %} **Risk**.
{% data reusables.code-scanning.using-security-overview-risk %}
-{% else %}
-{% data reusables.organizations.security-overview-feature-specific-page %}{% endif %}
+ {% data reusables.security-overview.unaffected-repositories %}
+{% data reusables.organizations.security-overview-feature-specific-page %}
{% data reusables.security-overview.alert-differences %}
diff --git a/content/codespaces/developing-in-a-codespace/using-github-codespaces-in-your-jetbrains-ide.md b/content/codespaces/developing-in-a-codespace/using-github-codespaces-in-your-jetbrains-ide.md
index 99979f3558a4..f05ac64d74b1 100644
--- a/content/codespaces/developing-in-a-codespace/using-github-codespaces-in-your-jetbrains-ide.md
+++ b/content/codespaces/developing-in-a-codespace/using-github-codespaces-in-your-jetbrains-ide.md
@@ -45,7 +45,7 @@ The basic process behind using a codespace in your JetBrains IDE is as follows.
To work in a codespace in a JetBrains IDE you need:
* A valid JetBrains license.
-* The JetBrains Gateway application, versions 2023.3.\* or 2024.1.\*.
+* The JetBrains Gateway application, versions 2023.3.\* or 2024.1.\*.
* An existing codespace running on a virtual machine that has at least 4 cores. The codespace must also be running an SSH server. For more information, see "[Codespace running an SSH server](#codespace-running-an-ssh-server)."
### JetBrains license
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/reviewing-changes-to-content-exclusions-for-github-copilot.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/reviewing-changes-to-content-exclusions-for-github-copilot.md
index 9d4e45228c23..5b44a617ea2e 100644
--- a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/reviewing-changes-to-content-exclusions-for-github-copilot.md
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/reviewing-activity-related-to-github-copilot-in-your-organization/reviewing-changes-to-content-exclusions-for-github-copilot.md
@@ -43,4 +43,30 @@ redirect_from:
The "Audit log" page for the organization is displayed, showing the most recently logged occurrences of the `copilot.content_exclusion_changed` action.
+ Changes made at either the repository or organization level are listed.
+
+{% data reusables.copilot.more-details-content-exclusion-logs %}
+
+{% ifversion ghec%}
+
+## Reviewing changes in your enterprise
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.copilot-tab %}
+
+1. On the {% data variables.product.prodname_copilot %} page, click the **Content exclusion** tab.
+
+ At the bottom of the page you'll see the name of the person who last changed the content exclusion settings, and information about when they made this change.
+
+1. Click the time of the last change.
+
+ 
+
+ The "Audit log" page for the organization is displayed, showing the most recently logged occurrences of the `copilot.content_exclusion_changed` action.
+
+ Changes made at the repository, organization, and enterprise level are listed.
+
{% data reusables.copilot.more-details-content-exclusion-logs %}
+
+{% endif %}
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/excluding-content-from-github-copilot.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/excluding-content-from-github-copilot.md
index 5e2dbfa083af..a840adb44601 100644
--- a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/excluding-content-from-github-copilot.md
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/excluding-content-from-github-copilot.md
@@ -2,7 +2,7 @@
title: Excluding content from GitHub Copilot
shortTitle: Exclude content from Copilot
intro: 'You can prevent {% data variables.product.prodname_copilot_short %} from accessing certain content.'
-permissions: '{% data reusables.copilot.content-exclusion-permissions %}'
+permissions: 'Repository administrators{% ifversion ghec%}, organization owners, and enterprise owners{% else %} and organization owners{% endif %} can manage content exclusion settings. People with the "Maintain" role for a repository can view, but not edit, content exclusion settings for that repository.'
product: '{% data reusables.gated-features.copilot-business-and-enterprise %}'
layout: inline
versions:
@@ -31,6 +31,10 @@ You can use content exclusions to configure {% data variables.product.prodname_c
* The content in affected files will not inform code completion suggestions in other files.
* The content in affected files will not inform {% data variables.product.prodname_copilot_chat %}'s responses.
+### Who can configure content exclusion
+
+Repository administrators{% ifversion ghec%}, organization owners, and enterprise owners{% else %} and organization owners{% endif %} can configure content exclusion.
+
{% data reusables.copilot.content-exclusions-scope %}
### Availability of content exclusions
@@ -171,6 +175,16 @@ git@gitlab.com:gitlab-org/gitlab-runner.git:
- "**/security/**"
```
+{% ifversion ghec %}
+
+## Configuring content exclusions for your enterprise
+
+As an enterprise owner, you can use the enterprise settings to specify files that {% data variables.product.prodname_copilot %} should ignore. The files can be within a Git repository or anywhere on the file system that is not under Git control.
+
+You apply rules in the same way as described in the previous section "[Configuring content exclusions for your organization](#configuring-content-exclusions-for-your-organization)" but from the settings for your enterprise. The key difference is that rules set at the enterprise level apply to all {% data variables.product.prodname_copilot_short %} users in the enterprise, whereas the rules set by organization owners only apply to users who are assigned a {% data variables.product.prodname_copilot_short %} seat by that organization.
+
+{% endif %}
+
## Testing changes to content exclusions
You can use your IDE to confirm that your changes to content exclusions are working as expected.
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization.md
index 15294ed9807d..a2c1768a9323 100644
--- a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization.md
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/setting-policies-for-copilot-in-your-organization/managing-policies-for-copilot-in-your-organization.md
@@ -2,7 +2,7 @@
title: Managing policies for Copilot in your organization
intro: 'Learn how to manage policies for {% data variables.product.prodname_copilot %} in your organization.'
permissions: Organization owners
-product: '{% data reusables.gated-features.copilot-business-and-enterprise %}'
+product: 'Organizations with a subscription to {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %}'
versions:
feature: copilot
redirect_from:
diff --git a/content/copilot/troubleshooting-github-copilot/troubleshooting-common-issues-with-github-copilot.md b/content/copilot/troubleshooting-github-copilot/troubleshooting-common-issues-with-github-copilot.md
index 35a8a1e37321..0bc017dad2ea 100644
--- a/content/copilot/troubleshooting-github-copilot/troubleshooting-common-issues-with-github-copilot.md
+++ b/content/copilot/troubleshooting-github-copilot/troubleshooting-common-issues-with-github-copilot.md
@@ -33,6 +33,8 @@ When a file is affected by a content exclusion setting, {% data variables.produc
{% data reusables.copilot.content-exclusion-note %}
+Content exclusion can be configured at the repository{% ifversion ghec%}, organization, and enterprise{% else %} and organization{% endif %} level. The scope of the exclusion is determined by the level at which the rule is set:
+
{% data reusables.copilot.content-exclusions-scope %}
{% data reusables.copilot.content-exclusions-delay %} For more information, see "[AUTOTITLE](/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-github-copilot-features-in-your-organization/testing-changes-to-content-exclusions-in-your-ide#propagating-content-exclusion-changes-to-your-ide)."
diff --git a/content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization.md b/content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization.md
index 0871f4225adb..aa51518f8965 100644
--- a/content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization.md
+++ b/content/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization.md
@@ -201,7 +201,7 @@ In this section, you can find the access required for security features, such as
| [View dependency reviews](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review) | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| {% endif %} |
| [View {% data variables.product.prodname_code_scanning %} alerts on pull requests](/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests) | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
-| [List, dismiss, and delete {% data variables.product.prodname_code_scanning %} alerts](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
+| [List, dismiss, and delete {% data variables.product.prodname_code_scanning %} alerts](/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| [View and dismiss {% data variables.secret-scanning.alerts %} in a repository](/code-security/secret-scanning/managing-alerts-from-secret-scanning) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |{% ifversion ghes or ghec %}
| [Resolve, revoke, or re-open {% data variables.secret-scanning.alerts %}](/code-security/secret-scanning/managing-alerts-from-secret-scanning) | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} | {% octicon "check" aria-label="Yes" %} |
| {% endif %} |
diff --git a/data/features/secret-scanning-push-protection-content-endpoints.yml b/data/features/secret-scanning-push-protection-content-endpoints.yml
new file mode 100644
index 000000000000..45e7c6a5d00e
--- /dev/null
+++ b/data/features/secret-scanning-push-protection-content-endpoints.yml
@@ -0,0 +1,6 @@
+# Reference: #15626
+# Secret scanning push protection for content endpoints in the GitHub REST API.
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>=3.15'
diff --git a/data/learning-tracks/code-security.yml b/data/learning-tracks/code-security.yml
index e729c5089c09..3da10a960931 100644
--- a/data/learning-tracks/code-security.yml
+++ b/data/learning-tracks/code-security.yml
@@ -162,7 +162,11 @@ security_alerts:
endif %}
- >-
{% ifversion ghec or ghes
- %}/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository{%
+ %}/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository{%
+ endif %}
+ - >-
+ {% ifversion ghec or ghes
+ %}/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts{%
endif %}
- >-
{% ifversion ghec or ghes
diff --git a/data/release-notes/enterprise-server/3-10/0-rc1.yml b/data/release-notes/enterprise-server/3-10/0-rc1.yml
index dc29a35cb25f..f182c508ab51 100644
--- a/data/release-notes/enterprise-server/3-10/0-rc1.yml
+++ b/data/release-notes/enterprise-server/3-10/0-rc1.yml
@@ -43,7 +43,7 @@ sections:
notes:
# https://github.com/github/releases/issues/2798
- |
- To find vulnerabilities in specific parts of a project, users with write access to a repository can filter code scanning alerts by language or by file path by using the search queries `language:` and `path:`. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository)."
+ To find vulnerabilities in specific parts of a project, users with write access to a repository can filter code scanning alerts by language or by file path by using the search queries `language:` and `path:`. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository)."
# https://github.com/github/releases/issues/2844
- |
diff --git a/data/release-notes/enterprise-server/3-10/0.yml b/data/release-notes/enterprise-server/3-10/0.yml
index 64cba1c0ce59..ed153f6e65ac 100644
--- a/data/release-notes/enterprise-server/3-10/0.yml
+++ b/data/release-notes/enterprise-server/3-10/0.yml
@@ -50,7 +50,7 @@ sections:
notes:
# https://github.com/github/releases/issues/2798
- |
- To find vulnerabilities in specific parts of a project, users with write access to a repository can filter code scanning alerts by language or by file path by using the search queries `language:` and `path:`. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository)."
+ To find vulnerabilities in specific parts of a project, users with write access to a repository can filter code scanning alerts by language or by file path by using the search queries `language:` and `path:`. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository)."
# https://github.com/github/releases/issues/2844
- |
diff --git a/data/reusables/code-scanning/troubleshooting-multiple-configurations.md b/data/reusables/code-scanning/troubleshooting-multiple-configurations.md
index d7e1360726b5..91cfefbd11a0 100644
--- a/data/reusables/code-scanning/troubleshooting-multiple-configurations.md
+++ b/data/reusables/code-scanning/troubleshooting-multiple-configurations.md
@@ -1 +1 @@
-In some cases, your repository may use multiple {% data variables.product.prodname_code_scanning %} configurations. These configurations can generate duplicate alerts. Additionally, stale configurations that no longer run will display outdated alert statuses, and the stale alerts will stay open indefinitely. To avoid outdated alerts, you should remove stale {% data variables.product.prodname_code_scanning %} configurations from a branch. For more information on multiple configurations and deleting stale configurations, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alerts-from-multiple-configurations)" and "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/managing-code-scanning-alerts-for-your-repository#removing-stale-configurations-and-alerts-from-a-branch)."
+In some cases, your repository may use multiple {% data variables.product.prodname_code_scanning %} configurations. These configurations can generate duplicate alerts. Additionally, stale configurations that no longer run will display outdated alert statuses, and the stale alerts will stay open indefinitely. To avoid outdated alerts, you should remove stale {% data variables.product.prodname_code_scanning %} configurations from a branch. For more information on multiple configurations and deleting stale configurations, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alerts-from-multiple-configurations)" and "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/resolving-code-scanning-alerts#removing-stale-configurations-and-alerts-from-a-branch)."
diff --git a/data/reusables/codespaces/codespaces-jetbrains-beta-note.md b/data/reusables/codespaces/codespaces-jetbrains-beta-note.md
index 17e07061d81c..e5c4f0f24582 100644
--- a/data/reusables/codespaces/codespaces-jetbrains-beta-note.md
+++ b/data/reusables/codespaces/codespaces-jetbrains-beta-note.md
@@ -3,6 +3,6 @@
**Notes:**
* Using {% data variables.product.prodname_github_codespaces %} with JetBrains IDEs is currently in {% data variables.release-phases.public_preview %} and is subject to change.
-* To work on a codespace in a JetBrains IDE you must use release 2023.3.\* or 2024.1.\* of the JetBrains Gateway.
+* To work on a codespace in a JetBrains IDE you must use release 2023.3.\* or 2024.1.\* of the JetBrains Gateway.
{% endnote %}
diff --git a/data/reusables/copilot/content-exclusion-permissions.md b/data/reusables/copilot/content-exclusion-permissions.md
deleted file mode 100644
index 3878844cfb1e..000000000000
--- a/data/reusables/copilot/content-exclusion-permissions.md
+++ /dev/null
@@ -1,3 +0,0 @@
-Repository administrators and organization owners can manage content exclusion settings.
-
-People with the "Maintain" role for a repository can view, but not edit, content exclusion settings for that repository.
diff --git a/data/reusables/copilot/content-exclusions-scope.md b/data/reusables/copilot/content-exclusions-scope.md
index a93d9ac08418..d3eb5a3d3138 100644
--- a/data/reusables/copilot/content-exclusions-scope.md
+++ b/data/reusables/copilot/content-exclusions-scope.md
@@ -1,11 +1,21 @@
-{% ifversion fpt %}
+* **Repository administrators** can only exclude content for their own repositories. This affects {% data variables.product.prodname_copilot_short %} users working within those specific repositories.
+* **Organization owners** can exclude content for users assigned a {% data variables.product.prodname_copilot_short %} seat through their organization.
-Content exclusion settings only apply to members of the organization in which the content exclusion is configured, who have been granted a seat as part of a {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %} subscription.
+{% ifversion ghec %}
-{% else %}
+
-You can only specify content exclusions in the settings for an organization or repository, not in the settings for an enterprise. Content exclusion settings defined in an organization or repository within an enterprise will apply to all members of the enterprise who have been granted a seat as part of a {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %} subscription.
+ > [!NOTE] In the current {% data variables.release-phases.public_preview %} release, organization-level settings for content exclusion typically apply to all {% data variables.product.prodname_copilot_short %} users in the enterprise. This will change with the general availability (GA) release of this feature on November 8th, 2024.
+ >
+ > **_Before November 8th:_**
+ > * **If enterprise owners do not set rules**: Organization-level rules will continue to apply to all users across the enterprise, functioning as they do now, until November 8th.
+ > * **If enterprise owners set a rule**: Once enterprise-level rules are applied, organization-level rules will only apply to users who are assigned a {% data variables.product.prodname_copilot_short %} seat from the organization where the rule is set.
+ >
+ > **_After November 8th:_**
+ > * Organization-level rules will no longer apply enterprise-wide. They will be limited to users who are assigned a {% data variables.product.prodname_copilot_short %} seat from the organization where the rule is set.
-{% endif %}
+
+
+* **Enterprise owners** can apply exclusion rules to all {% data variables.product.prodname_copilot_short %} users in the enterprise.
-Anyone else who can access the specified files will still see code completion suggestions and {% data variables.product.prodname_copilot_chat %} responses referencing the specified files.
+{% endif %}
diff --git a/data/reusables/gated-features/code-scanning.md b/data/reusables/gated-features/code-scanning.md
index fc170a964a1a..e039074da2e6 100644
--- a/data/reusables/gated-features/code-scanning.md
+++ b/data/reusables/gated-features/code-scanning.md
@@ -1,10 +1,10 @@
-{%- ifversion fpt %}
-{% data variables.product.prodname_code_scanning_caps %} is available for all public repositories on {% data variables.product.prodname_dotcom_the_website %}. {% data variables.product.prodname_code_scanning_caps %} is also available for private repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_advanced_security %}.
+{% ifversion fpt or ghec %}
+{% data variables.product.prodname_code_scanning_caps %} is available for the following repository types:
-{%- elsif ghec %}
-{% data variables.product.prodname_code_scanning_caps %} is available for all public repositories on {% data variables.product.prodname_dotcom_the_website %}. To use {% data variables.product.prodname_code_scanning %} in a private repository owned by an organization, you must have a license for {% data variables.product.prodname_GH_advanced_security %}.
+* Public repositories on {% data variables.product.prodname_dotcom_the_website %}
+* Organization-owned repositories on {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled
-{%- elsif ghes %}
-{% data variables.product.prodname_code_scanning_caps %} is available for organization-owned repositories in {% data variables.product.product_name %}. This feature requires a license for {% data variables.product.prodname_GH_advanced_security %}.
+{% elsif ghes %}
+Organization-owned repositories with [{% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled
-{%- endif %} {% data reusables.advanced-security.more-info-ghas %}
+{% endif %}
diff --git a/data/reusables/gated-features/codeql.md b/data/reusables/gated-features/codeql.md
index 5c920b8b35c4..196ebc70ec58 100644
--- a/data/reusables/gated-features/codeql.md
+++ b/data/reusables/gated-features/codeql.md
@@ -1,3 +1,4 @@
-GitHub {% data variables.product.prodname_codeql %} is licensed on a per-user basis upon installation. You can use {% data variables.product.prodname_codeql %} only for certain tasks under the license restrictions. For more information, see "[AUTOTITLE](/code-security/codeql-cli/using-the-codeql-cli/about-the-codeql-cli#about-the-github-codeql-license)."
+{% data variables.product.prodname_codeql %} is available for the following repository types:
-If you have a GitHub Advanced Security license, you can use {% data variables.product.prodname_codeql %} for automated analysis, continuous integration, and continuous delivery. {% data reusables.advanced-security.more-info-ghas %}
+* Public repositories on {% data variables.product.prodname_dotcom_the_website %}, see [GitHub CodeQL Terms and Conditions](https://github.com/github/codeql-cli-binaries/blob/main/LICENSE.md)
+* Organization-owned repositories on {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled
diff --git a/data/reusables/gated-features/copilot-business-and-enterprise.md b/data/reusables/gated-features/copilot-business-and-enterprise.md
index 1b1e6dc9089c..c98b41ddd478 100644
--- a/data/reusables/gated-features/copilot-business-and-enterprise.md
+++ b/data/reusables/gated-features/copilot-business-and-enterprise.md
@@ -1 +1 @@
-Organizations with a subscription to {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %}
+Organizations{% ifversion ghec%} and enterprises{% endif %} with a subscription to {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %}.
diff --git a/data/reusables/gated-features/secret-scanning-partner-alerts.md b/data/reusables/gated-features/secret-scanning-partner-alerts.md
new file mode 100644
index 000000000000..a64c68fcef88
--- /dev/null
+++ b/data/reusables/gated-features/secret-scanning-partner-alerts.md
@@ -0,0 +1,7 @@
+{%- ifversion fpt or ghec %}
+
+{% data variables.secret-scanning.partner_alerts_caps %} runs by default on the following repositories:
+
+* Public repositories and public npm packages on {% data variables.product.prodname_dotcom %}
+
+{% endif %}
diff --git a/data/reusables/gated-features/secret-scanning.md b/data/reusables/gated-features/secret-scanning.md
index c3bdbceca671..1ba519656363 100644
--- a/data/reusables/gated-features/secret-scanning.md
+++ b/data/reusables/gated-features/secret-scanning.md
@@ -1,11 +1,14 @@
-{%- ifversion fpt or ghec %}
-{% data variables.secret-scanning.partner_alerts_caps %} runs automatically on public repositories and public npm packages to notify service providers about leaked secrets on {% data variables.product.prodname_dotcom %}.
+{% data variables.product.prodname_secret_scanning_caps %} is available for the following repositories:
-{% data variables.secret-scanning.user_alerts_caps %} are available for {% ifversion ghec %}user-owned {% endif %}public repositories for free. Organizations using {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_advanced_security %} can also enable {% data variables.secret-scanning.user_alerts %} on their private and internal repositories. {% data reusables.secret-scanning.secret-scanning-user-owned-repos-beta %}
+{% ifversion fpt or ghec %}
-{%- elsif ghes %}
-{% data variables.product.prodname_secret_scanning_caps %} is available for organization-owned repositories{% ifversion secret-scanning-user-owned-repos %}, and in {% data variables.release-phases.public_preview %} for user-owned repositories{% endif %} in {% data variables.product.product_name %} if your enterprise has a license for {% data variables.product.prodname_GH_advanced_security %}.
+ * Public repositories (for free)
+ * Private and internal repositories in organizations using {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% ifversion secret-scanning-user-owned-repos %}
+ * User-owned repositories for {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_emus %}{% endif %}
-{%- endif %} {% data reusables.advanced-security.more-info-ghas-secret-scanning %}
+{% elsif ghes %}
-{% data reusables.advanced-security.ghas-trial %}
+* Organization-owned repositories with [{% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled
+* {% ifversion secret-scanning-user-owned-repos %}User-owned repositories{% endif %} for an enterprise with {% data variables.product.prodname_GH_advanced_security %} enabled
+
+{% endif %}
diff --git a/data/reusables/permissions/code-scanning-all-alerts.md b/data/reusables/permissions/code-scanning-all-alerts.md
new file mode 100644
index 000000000000..01ff2356a439
--- /dev/null
+++ b/data/reusables/permissions/code-scanning-all-alerts.md
@@ -0,0 +1 @@
+Users with **write** access
diff --git a/data/reusables/permissions/code-scanning-pr-alerts.md b/data/reusables/permissions/code-scanning-pr-alerts.md
new file mode 100644
index 000000000000..c289a2905ab7
--- /dev/null
+++ b/data/reusables/permissions/code-scanning-pr-alerts.md
@@ -0,0 +1 @@
+Users with **read** access
diff --git a/data/reusables/permissions/secret-scanning-alerts.md b/data/reusables/permissions/secret-scanning-alerts.md
new file mode 100644
index 000000000000..ad5353b2743c
--- /dev/null
+++ b/data/reusables/permissions/secret-scanning-alerts.md
@@ -0,0 +1 @@
+Repository owners, organization owners, security managers, and users with the **admin** role
diff --git a/data/reusables/permissions/security-org-enable.md b/data/reusables/permissions/security-org-enable.md
new file mode 100644
index 000000000000..56038b2a0946
--- /dev/null
+++ b/data/reusables/permissions/security-org-enable.md
@@ -0,0 +1 @@
+Organization owners, security managers, and organization members with the **admin** role
diff --git a/data/reusables/permissions/security-repo-enable.md b/data/reusables/permissions/security-repo-enable.md
new file mode 100644
index 000000000000..ad5353b2743c
--- /dev/null
+++ b/data/reusables/permissions/security-repo-enable.md
@@ -0,0 +1 @@
+Repository owners, organization owners, security managers, and users with the **admin** role
diff --git a/data/reusables/security-configurations/secret-scanning-security-configs-summary.md b/data/reusables/security-configurations/secret-scanning-security-configs-summary.md
index 4a1159f76460..27700fa8332d 100644
--- a/data/reusables/security-configurations/secret-scanning-security-configs-summary.md
+++ b/data/reusables/security-configurations/secret-scanning-security-configs-summary.md
@@ -1 +1 @@
-{% data variables.product.prodname_secret_scanning_caps %} is a security tool that scans the entire Git history of your repository, as well as issues{% ifversion secret-scanning-enhancements-prs-discussions %}, pull requests, and discussions{% endif %} in that repository, for leaked secrets that have been accidentally committed, such as tokens or private keys.
+{% data variables.product.prodname_secret_scanning_caps %} is a security tool that scans the entire Git history of repositories, as well as issues{% ifversion secret-scanning-enhancements-prs-discussions %}, pull requests, and discussions{% endif %} in those repositories, for leaked secrets that have been accidentally committed, such as tokens or private keys.
diff --git a/data/reusables/security-overview/about-security-overview.md b/data/reusables/security-overview/about-security-overview.md
index b2293207d0ae..e7164e14305f 100644
--- a/data/reusables/security-overview/about-security-overview.md
+++ b/data/reusables/security-overview/about-security-overview.md
@@ -1 +1 @@
-Security overview provides high-level summaries of the security landscape of an organization or enterprise and makes it easy to identify repositories that require intervention. You can also use security overview to see which repositories have enabled specific security features and to configure any available security features that are not currently in use.
+Security overview provides high-level summaries of the security landscape of an organization or enterprise and makes it easy to identify repositories that require intervention.
diff --git a/data/reusables/security-overview/unaffected-repositories.md b/data/reusables/security-overview/unaffected-repositories.md
new file mode 100644
index 000000000000..b644de76e554
--- /dev/null
+++ b/data/reusables/security-overview/unaffected-repositories.md
@@ -0,0 +1 @@
+ > [!NOTE] The set of unaffected repositories includes all repositories without open alerts and also any repositories where the security feature is not enabled.