Add content for Dependabot delegated alert dismissal (#58850)

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>

content/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise.md

@@ -69,7 +69,8 @@ When creating a security configuration, keep in mind that:
       > When both "{% data variables.product.prodname_code_security %}" and Dependency graph are enabled, this enables dependency review, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).{%- ifversion maven-transitive-dependencies %}
    * **Automatic dependency submission**. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %}
    * **{% data variables.product.prodname_dependabot %} alerts**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
-   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion fpt or ghec %}
+   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion dependabot-delegated-alert-dismissal %}
+   * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal).{% endif %}{% ifversion fpt or ghec %}
 1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).{% endif %}
 1. Optionally, in the "Policy" section, you can use additional options to control how the configuration is applied:
    * **Use as default for newly created repositories**. Select the **None** {% octicon "triangle-down" aria-hidden="true" aria-label="triangle-down" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**.
@@ -108,7 +109,8 @@ When creating a security configuration, keep in mind that:
       > When both "{% data variables.product.prodname_GHAS %}" and Dependency graph are enabled, this enables dependency review, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).{%- ifversion maven-transitive-dependencies %}
    * **Automatic dependency submission**. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %}
    * **{% data variables.product.prodname_dependabot %} alerts**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
-   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion fpt or ghec %}
+   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion dependabot-delegated-alert-dismissal %}
+   * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal).{% endif %}{% ifversion fpt or ghec %}
 1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).{% endif %}
 1. Optionally, in the "Policy" section, you can use additional options to control how the configuration is applied:
    * **Use as default for newly created repositories**. Select the **None** {% octicon "triangle-down" aria-hidden="true" aria-label="triangle-down" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**.

content/admin/overview/establishing-a-governance-framework-for-your-enterprise.md

@@ -122,7 +122,10 @@ You may want to set up an approval process for better control over who in your e
 
 Approval processes are available for:
 * Bypasses of push protection—You can choose who is allowed to bypass push protection, and add a review and approval cycle for pushes containing secrets from all other contributors. For more information about **delegated bypass for push protection**, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection).{% ifversion security-delegated-alert-dismissal %}
-* Dismissals of alerts for {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}—You can provide additional control and visibility over alert assessment by ensuring that only designated individuals can dismiss (or close) alerts. For more information about **delegated alert dismissal**, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning) and [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning).
+* Dismissals of alerts for {% data variables.product.prodname_code_scanning %}{% ifversion dependabot-delegated-alert-dismissal %}, {% data variables.product.prodname_dependabot %},{% endif %} and {% data variables.product.prodname_secret_scanning %}—You can provide additional control and visibility over alert assessment by ensuring that only designated individuals can dismiss (or close) alerts. For more information about **delegated alert dismissal**, see the following articles:
+  * [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning){% ifversion dependabot-delegated-alert-dismissal %}
+  * [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal){% endif %}
+  * [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning)
 
 {% endif %}
 

content/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning.md

@@ -46,3 +46,7 @@ You must configure delegated dismissal for your enterprise using a custom securi
 1. Apply the security configuration to all (or selected) repositories in your enterprise. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise).
 
 To learn more about security configurations, see [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale).
+
+## Next steps
+
+Now that you have enabled delegated alert dismissal for {% data variables.product.prodname_code_scanning %}, you should regularly review alert dismissal requests to maintain an accurate alert count and unblock your developers. See [AUTOTITLE](/code-security/security-overview/review-alert-dismissal-requests).

content/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal.md

@@ -0,0 +1,51 @@
+---
+title: Enabling delegated alert dismissal for Dependabot
+intro: 'Increase your governance over your {% data variables.product.prodname_dependabot_alerts %} with delegated alert dismissal.'
+permissions: '{% data reusables.permissions.delegated-alert-dismissal %}'
+shortTitle: Enable delegated alert dismissal
+versions:
+  feature: dependabot-delegated-alert-dismissal
+type: how_to
+topics:
+  - Dependabot
+  - Code Security
+  - Security updates
+  - Alerts
+  - Dependencies
+---
+
+## About enabling delegated alert dismissal
+
+{% data reusables.security.delegated-alert-dismissal-intro %}
+
+## Configuring delegated dismissal for a repository
+
+>[!NOTE] If an organization owner configures delegated alert dismissal via an enforced security configuration, the settings can't be changed at the repository level.
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghas-products %}{% else %}
+{% data reusables.repositories.navigate-to-ghas-settings %}{% endif %}
+1. In the "{% data variables.product.prodname_dependabot %}" section, next to "Prevent direct alert dismissals", click **Enable**.
+
+## Configuring delegated dismissal for an organization
+
+You must configure delegated dismissal for your organization using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your organization.
+
+1. Start creating or editing a custom security configuration. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration#creating-a-custom-security-configuration).
+1. In the "Dependency scanning" section of your security configuration, set "Prevent direct alert dismissals" to **Enabled**.
+1. Click **Save configuration**.
+1. Apply the security configuration to repositories in your organization. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration).
+
+## Configuring delegated dismissal for an enterprise
+
+You must configure delegated dismissal for your enterprise using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your enterprise.
+
+1. Start creating or editing a custom security configuration. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise).
+1. In the "Dependency scanning" section of your security configuration, set "Prevent direct alert dismissals" to **Enabled**.
+1. Click **Save configuration**.
+1. Apply the security configuration to repositories in your enterprise. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise).
+
+## Next steps
+
+Now that you have enabled delegated alert dismissal for {% data variables.product.prodname_dependabot %}, you should regularly review alert dismissal requests to maintain an accurate alert count and unblock your developers. See [AUTOTITLE](/code-security/security-overview/review-alert-dismissal-requests).

content/code-security/dependabot/dependabot-alerts/index.md

@@ -17,5 +17,6 @@ children:
   - /about-dependabot-alerts
   - /configuring-dependabot-alerts
   - /viewing-and-updating-dependabot-alerts
+  - /enable-delegated-alert-dismissal
   - /configuring-notifications-for-dependabot-alerts
 ---

content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning.md

@@ -51,3 +51,7 @@ To learn more about security configurations, see [AUTOTITLE](/code-security/secu
 1. Apply the security configuration to all (or selected) repositories in your enterprise. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise).
 
 {% endif %}
+
+## Next steps
+
+Now that you have enabled delegated alert dismissal for {% data variables.product.prodname_secret_scanning %}, you should regularly review alert dismissal requests to maintain an accurate alert count and unblock your developers. See [AUTOTITLE](/code-security/security-overview/review-alert-dismissal-requests).

content/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration.md

@@ -70,7 +70,8 @@ You can also choose whether or not you want to include {% data variables.product
       > When both "{% data variables.product.prodname_code_security %}" and Dependency graph are enabled, this enables dependency review, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).{%- ifversion maven-transitive-dependencies %}
    * **Automatic dependency submission**. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %}
    * **{% data variables.product.prodname_dependabot %} alerts**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
-   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion fpt or ghec %}
+   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion dependabot-delegated-alert-dismissal %}
+   * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal).{% endif %}{% ifversion fpt or ghec %}
 1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).{% endif %}
 1. Optionally, in the "Policy" section, you can use additional options to control how the configuration is applied:
    * **Use as default for newly created repositories**. Select the **None** {% octicon "triangle-down" aria-hidden="true" aria-label="triangle-down" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**.
@@ -110,7 +111,8 @@ You can also choose whether or not you want to include {% data variables.product
       > When both "{% data variables.product.prodname_GHAS %}" and Dependency graph are enabled, this enables dependency review, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).{%- ifversion maven-transitive-dependencies %}
    * **Automatic dependency submission**. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %}
    * **{% data variables.product.prodname_dependabot %} alerts**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
-   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion fpt or ghec %}
+   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion dependabot-delegated-alert-dismissal %}
+   * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal).{% endif %}{% ifversion fpt or ghec %}
 1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).{% endif %}
 1. Optionally, in the "Policy" section, you can use additional options to control how the configuration is applied:
    * **Use as default for newly created repositories**. Select the **None** {% octicon "triangle-down" aria-hidden="true" aria-label="triangle-down" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**.

content/code-security/security-overview/index.md

@@ -24,4 +24,5 @@ children:
   - /viewing-metrics-for-secret-scanning-push-protection
   - /viewing-metrics-for-pull-request-alerts
   - /reviewing-requests-to-bypass-push-protection
+  - /review-alert-dismissal-requests
 ---

content/code-security/security-overview/review-alert-dismissal-requests.md

@@ -0,0 +1,43 @@
+---
+title: Reviewing alert dismissal requests
+shortTitle: Review alert dismissal requests
+intro: 'Triage and resolve security alerts in your organization or enterprise by regularly reviewing alert dismissal requests.'
+permissions: '{% data reusables.permissions.security-overview %}'
+product: 'Organizations or enterprises with {% data variables.product.prodname_GHAS_cs_or_sp %}'
+type: how_to
+topics:
+  - Security overview
+  - Organizations
+  - Teams
+  - Secret scanning
+  - Code scanning
+  - Dependabot
+  - Alerts
+versions:
+  feature: security-delegated-alert-dismissal
+---
+
+## Prerequisites
+
+To receive and manage alert dismissal requests, you need to enable delegated alert dismissal. For an introduction to delegated alert dismissal and enablement instructions for specific features, see:
+* [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning)
+* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning){% ifversion dependabot-delegated-alert-dismissal %}
+* [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal){% endif %}
+
+## Reviewing requests for an organization
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.security-overview %}
+{% data reusables.security-overview.choose-alert-dismissal-request-view %}
+1. Optionally, to filter requests by source repository, reviewer, requester, timeframe, or status, use the dropdown menus at the top of the list of requests.
+{% data reusables.security-overview.review-an-alert-dismissal-request %}
+
+## Reviewing requests across your enterprise
+
+> [!NOTE] To review an alert dismissal request at the enterprise level, you must be an organization owner or security manager for the source organization, or be granted the necessary permissions through a custom role.
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.code-scanning.click-code-security-enterprise %}
+{% data reusables.security-overview.choose-alert-dismissal-request-view %}
+1. Optionally, to filter requests by source organization, reviewer, requester, timeframe, or status, use the dropdown menus at the top of the list of requests.
+{% data reusables.security-overview.review-an-alert-dismissal-request %}

content/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization.md

@@ -205,6 +205,10 @@ Some of the features listed below are limited to organizations using {% data var
 | {% ifversion security-delegated-alert-dismissal %} |
 | Review and manage {% data variables.product.prodname_code_scanning %} dismissal requests (see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning)) | <span role="img" class="octicon-bg-check" aria-label="Yes">✓</span> | <span role="img" class="octicon-bg-x" aria-label="No">✗</span> | <span role="img" class="octicon-bg-x" aria-label="No">✗</span> | <span role="img" class="octicon-bg-x" aria-label="No">✗</span> | <span role="img" class="octicon-bg-check" aria-label="Yes">✓</span> |
 | {% endif %} |
+| {% ifversion dependabot-delegated-alert-dismissal %} |
+| Review {% data variables.product.prodname_dependabot %} alert dismissal requests (see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal)) | <span role="img" class="octicon-bg-check" aria-label="Yes">✓</span> | <span role="img" class="octicon-bg-x" aria-label="No">✗</span> | <span role="img" class="octicon-bg-x" aria-label="No">✗</span> | <span role="img" class="octicon-bg-x" aria-label="No">✗</span> | <span role="img" class="octicon-bg-check" aria-label="Yes">✓</span> |
+| Bypass {% data variables.product.prodname_dependabot %} alert dismissal requests (see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal)) | <span role="img" class="octicon-bg-check" aria-label="Yes">✓</span> | <span role="img" class="octicon-bg-x" aria-label="No">✗</span> | <span role="img" class="octicon-bg-x" aria-label="No">✗</span> | <span role="img" class="octicon-bg-x" aria-label="No">✗</span> | <span role="img" class="octicon-bg-check" aria-label="Yes">✓</span> |
+| {% endif %} |
 
 {% endrowheaders %}
 
@@ -242,6 +246,10 @@ Some of the features listed below are limited to organizations using {% data var
 | {% ifversion security-delegated-alert-dismissal %} |
 | Review and manage {% data variables.product.prodname_code_scanning %} dismissal requests | <span role="img" class="octicon-bg-check" aria-label="Yes">✓</span> | <span role="img" class="octicon-bg-x" aria-label="No">✗</span> | <span role="img" class="octicon-bg-check" aria-label="Yes">✓</span> |
 | {% endif %} |
+| {% ifversion dependabot-delegated-alert-dismissal %} |
+| Review {% data variables.product.prodname_dependabot %} alert dismissal requests | <span role="img" class="octicon-bg-check" aria-label="Yes">✓</span> | <span role="img" class="octicon-bg-x" aria-label="No">✗</span> | <span role="img" class="octicon-bg-check" aria-label="Yes">✓</span> |
+| Bypass {% data variables.product.prodname_dependabot %} alert dismissal requests | <span role="img" class="octicon-bg-check" aria-label="Yes">✓</span> | <span role="img" class="octicon-bg-x" aria-label="No">✗</span> | <span role="img" class="octicon-bg-check" aria-label="Yes">✓</span> |
+| {% endif %} |
 | Manage {% data variables.product.prodname_dependabot_security_updates %} (see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)) | <span role="img" class="octicon-bg-check" aria-label="Yes">✓</span> | <span role="img" class="octicon-bg-x" aria-label="No">✗</span> | <span role="img" class="octicon-bg-check" aria-label="Yes">✓</span> |
 | Manage an organization's SSH certificate authorities (see [AUTOTITLE](/organizations/managing-git-access-to-your-organizations-repositories/managing-your-organizations-ssh-certificate-authorities)) | <span role="img" class="octicon-bg-check" aria-label="Yes">✓</span> | <span role="img" class="octicon-bg-x" aria-label="No">✗</span> | <span role="img" class="octicon-bg-x" aria-label="No">✗</span> |
 | {% ifversion projects-v1 %} |

data/features/dependabot-delegated-alert-dismissal.yml

@@ -0,0 +1,6 @@
+# Reference: #20482
+# Delegated alert dismissal for Dependabot
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '> 3.20'

data/reusables/security-overview/choose-alert-dismissal-request-view.md

@@ -0,0 +1,4 @@
+1. In the "Requests" section of the sidebar, click any of the following options to review alert dismissal requests for the relevant feature:
+    * {% octicon "key" aria-hidden="true" aria-label="key" %} **{% data variables.product.prodname_secret_scanning_caps %} alert dismissal**
+    * {% octicon "codescan" aria-hidden="true" aria-label="codescan" %} **{% data variables.product.prodname_code_scanning_caps %} alert dismissal**{% ifversion dependabot-delegated-alert-dismissal %}
+    * {% octicon "dependabot" aria-hidden="true" aria-label="dependabot" %} **{% data variables.product.prodname_dependabot %} alert dismissal**{% endif %}

data/reusables/security-overview/review-an-alert-dismissal-request.md

@@ -0,0 +1,5 @@
+1. Click the request you want to review.
+1. Read the contents of the alert, as well as the requester's reasoning for the dismissal request.
+1. Next to the dismissal request in the alert timeline, click **Review request**.
+1. Provide any comments for the requester in the text box, then select either **Deny request** or **Approve request**.
+1. Click **Submit review**.

data/reusables/security/delegated-alert-dismissal-intro.md

@@ -1,23 +1,13 @@
-Delegated alert dismissal lets you restrict which users can directly dismiss an alert. When the feature is enabled, users attempting to dismiss an alert will instead create a request for dismissal.
+Delegated alert dismissal lets you restrict which users can directly dismiss an alert. When the feature is enabled:
+* Users with write access to a repository must request to dismiss alerts in that repository.
+* Organization owners and security managers can approve or deny dismissal requests, as well as dismiss alerts directly themselves.
 
-Enabling the feature automatically assigns organization owners and security managers with the permission to approve or deny dismissal requests for alerts. This permission is:
+You can also use custom roles with the following permissions to let other team members manage requests and dismiss alerts directly:
 
-* "Review and manage {% data variables.product.prodname_code_scanning %} alert dismissal requests" permission for {% data variables.product.prodname_code_scanning %}.
+* For {% data variables.product.prodname_code_scanning %}: "Review {% data variables.product.prodname_code_scanning %} alert dismissal requests" and "Bypass {% data variables.product.prodname_code_scanning %} alert dismissal requests"
+* For {% data variables.product.prodname_secret_scanning %}: "Review and manage {% data variables.product.prodname_secret_scanning %} alert dismissal requests"
+* For {% data variables.product.prodname_dependabot %}: "Review {% data variables.product.prodname_dependabot %} alert dismissal requests" and "Bypass {% data variables.product.prodname_dependabot %} alert dismissal requests"
 
-* "Review and manage {% data variables.product.prodname_secret_scanning %} alert dismissal requests" permission for {% data variables.product.prodname_secret_scanning %}. This permission can also be applied to custom roles. Individuals in these custom roles must also have the following permissions, which grant access to alerts in all repositories:
+Reviewers are notified of dismissal requests via email, and can either approve the request to dismiss the alert, or deny the request to leave the alert open. After a request is reviewed, the requester is notified of the outcome via email.
 
-   * "View {% data variables.product.prodname_secret_scanning %} alerts"
-   * "Dismiss or reopen {% data variables.product.prodname_secret_scanning %} alerts"
-  
-For more information about these permissions, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/roles-in-an-organization#permissions-for-organization-roles).
-
-To learn more about the security manager role, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization).
-
->[!NOTE] The implementation of this approval process can potentially cause some friction, so it's important to ensure that the team of security managers has adequate coverage before proceeding.
-
-Reviewers (security managers and organization owners):
-
-* Get an email notification for requests. These users need to ensure that they can review these lists periodically, so that there is no backlog and that the process is smooth.
-* Can process requests in a dedicated view in the "Security" tab of the organization. An alert will only be dismissed if the dismissal request is approved; otherwise, the alert will remain open.
-
-Requesters will get an email notification with the decision as to whether the alert can be dismissed or not.
+>[!NOTE] The implementation of this approval process can potentially cause some friction, so it's important to ensure that the team of security managers has adequate coverage to review dismissal requests regularly before proceeding.