Merge branch 'main' into dependabot/npm_and_yarn/types/react-dom-18.0.0

.devcontainer/test-custom-devcontainer/Dockerfile

@@ -1,21 +0,0 @@
-# See here for image contents: https://github.com/microsoft/vscode-dev-containers/tree/v0.177.0/containers/javascript-node/.devcontainer/base.Dockerfile
-
-# [Choice] Node.js version: 16, 14, 12
-ARG VARIANT="16-buster"
-FROM mcr.microsoft.com/vscode/devcontainers/javascript-node:0-${VARIANT}
-
-# [Optional] Uncomment this section to install additional OS packages.
-# RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
-#     && apt-get -y install --no-install-recommends <your-package-list-here>
-
-# [Optional] Uncomment if you want to install an additional version of node using nvm
-# ARG EXTRA_NODE_VERSION=10
-# RUN su node -c "source /usr/local/share/nvm/nvm.sh && nvm install ${EXTRA_NODE_VERSION}"
-
-# [Optional] Uncomment if you want to install more global node modules
-# RUN su node -c "npm install -g <your-package-list-here>"
-
-# Install the GitHub CLI see:
-# https://github.com/microsoft/vscode-dev-containers/blob/3d59f9fe37edb68f78874620f33dac5a62ef2b93/script-library/docs/github.md
-COPY library-scripts/github-debian.sh /tmp/library-scripts/
-RUN apt-get update && bash /tmp/library-scripts/github-debian.sh

.devcontainer/test-custom-devcontainer/devcontainer.json

@@ -1,34 +1,26 @@
 {
-	"name": "docs.github.com",
+	"name": "test",
 
-	// Set *default* container specific settings.json values on container create.
 	"settings": {
-		"terminal.integrated.shell.linux": "/bin/bash",
-		"cSpell.language": ",en"
+		"terminal.integrated.shell.linux": "/bin/zsh",
 	},
 
-	// Install features. Type 'feature' in the VS Code command palette for a full list.
-	"features": {
-		"git-lfs": "latest"
-	 },
-
 	// Visual Studio Code extensions which help authoring for docs.github.com.
 	"extensions": [
 		"dbaeumer.vscode-eslint",
-		"sissel.shopify-liquid",
-		"davidanson.vscode-markdownlint",
-		"bierner.markdown-preview-github-styles",
-		"streetsidesoftware.code-spell-checker"
+		"sissel.shopify-liquid"
 	],
 
+	"hostRequirements": {
+	   "cpus": 8,
+	   "memory": "8gb",
+	   "storage": "32gb" 
+	},
+		
 	// Use 'forwardPorts' to make a list of ports inside the container available locally.
-	"forwardPorts": [4000],
+	"forwardPorts": [5000],
 
 	// Use 'postCreateCommand' to run commands after the container is created.
-	//"postCreateCommand": "git lfs pull && npm ci",
-	"postCreateCommand": "echo This file was created by the postCreateCommand in the custom devcontainer.json > aaa-TEST.txt",
-
-	// Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
-	"remoteUser": "node"
+	"postCreateCommand": "echo test > aaa-TEST.txt"
 
 }

.vscode/settings.json

@@ -3,5 +3,5 @@
     "**/translations": true
   },
   "workbench.editor.enablePreview": false,
-  "workbench.editor.enablePreviewFromQuickOpen": false  
+  "workbench.editor.enablePreviewFromQuickOpen": false
 }

codespaces-settings.json

@@ -0,0 +1 @@
+"isInternal": true

components/landing/CodeExamples.tsx

@@ -22,7 +22,8 @@ export const CodeExamples = () => {
   const isSearching = !!search
   let searchResults: typeof productCodeExamples = []
   if (isSearching) {
-    const matchReg = new RegExp(search, 'i')
+    // The following replace method escapes special characters in regular expression creation.
+    const matchReg = new RegExp(search.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, '\\$&'), 'i')
     searchResults = productCodeExamples.filter((example) => {
       const searchableStr = `${example.tags.join(' ')} ${example.title} ${example.description}`
       return matchReg.test(searchableStr)

components/lib/get-rest-code-samples.ts

@@ -0,0 +1,123 @@
+import { parseTemplate } from 'url-template'
+import { stringify } from 'javascript-stringify'
+
+import type { CodeSample, Operation } from '../rest/types'
+
+/*
+  Generates a curl example
+
+  For example: 
+  curl \
+  -X POST \
+  -H "Accept: application/vnd.github.v3+json" \
+  https://{hostname}/api/v3/repos/OWNER/REPO/deployments \
+  -d '{"ref":"topic-branch","payload":"{ \"deploy\": \"migrate\" }","description":"Deploy request from hubot"}'
+*/
+export function getShellExample(operation: Operation, codeSample: CodeSample) {
+  // This allows us to display custom media types like application/sarif+json
+  const defaultAcceptHeader = codeSample?.response?.contentType?.includes('+json')
+    ? codeSample.response.contentType
+    : 'application/vnd.github.v3+json'
+
+  const requestPath = codeSample?.request?.parameters
+    ? parseTemplate(operation.requestPath).expand(codeSample.request.parameters)
+    : operation.requestPath
+
+  let requestBodyParams = ''
+  if (codeSample?.request?.bodyParameters) {
+    requestBodyParams = `-d '${JSON.stringify(codeSample.request.bodyParameters)}'`
+
+    // If the content type is application/x-www-form-urlencoded the format of
+    // the shell example is --data-urlencode param1=value1 --data-urlencode param2=value2
+    // For example, this operation:
+    // https://docs.github.com/en/enterprise/rest/reference/enterprise-admin#enable-or-disable-maintenance-mode
+    if (codeSample.request.contentType === 'application/x-www-form-urlencoded') {
+      requestBodyParams = ''
+      const paramNames = Object.keys(codeSample.request.bodyParameters)
+      paramNames.forEach((elem) => {
+        requestBodyParams = `${requestBodyParams} --data-urlencode ${elem}=${codeSample.request.bodyParameters[elem]}`
+      })
+    }
+  }
+
+  const args = [
+    operation.verb !== 'get' && `-X ${operation.verb.toUpperCase()}`,
+    `-H "Accept: ${defaultAcceptHeader}"`,
+    `${operation.serverUrl}${requestPath}`,
+    requestBodyParams,
+  ].filter(Boolean)
+  return `curl \\\n  ${args.join(' \\\n  ')}`
+}
+
+/*
+  Generates a GitHub CLI example
+
+  For example:
+   gh api \
+    -X POST \
+    -H "Accept: application/vnd.github.v3+json" \
+    /repos/OWNER/REPO/deployments \
+    -fref,topic-branch=0,payload,{ "deploy": "migrate" }=1,description,Deploy request from hubot=2
+*/
+export function getGHExample(operation: Operation, codeSample: CodeSample) {
+  const defaultAcceptHeader = codeSample?.response?.contentType?.includes('+json')
+    ? codeSample.response.contentType
+    : 'application/vnd.github.v3+json'
+  const hostname = operation.serverUrl !== 'https://api.github.com' ? '--hostname HOSTNAME' : ''
+
+  const requestPath = codeSample?.request?.parameters
+    ? parseTemplate(operation.requestPath).expand(codeSample.request.parameters)
+    : operation.requestPath
+
+  let requestBodyParams = ''
+  if (codeSample?.request?.bodyParameters) {
+    const bodyParamValues = Object.values(codeSample.request.bodyParameters)
+    // GitHub CLI does not support sending Objects and arrays using the -F or
+    // -f flags. That support may be added in the future. It is possible to
+    // use gh api --input to take a JSON object from standard input
+    // constructed by jq and piped to gh api. However, we'll hold off on adding
+    // that complexity for now.
+    if (bodyParamValues.some((elem) => typeof elem === 'object')) {
+      return undefined
+    }
+    requestBodyParams = Object.keys(codeSample.request.bodyParameters)
+      .map((key) => {
+        if (typeof codeSample.request.bodyParameters[key] === 'string') {
+          return `-f ${key}='${codeSample.request.bodyParameters[key]}'`
+        } else {
+          return `-F ${key}=${codeSample.request.bodyParameters[key]}`
+        }
+      })
+      .join(' ')
+  }
+  const args = [
+    operation.verb !== 'get' && `--method ${operation.verb.toUpperCase()}`,
+    `-H "Accept: ${defaultAcceptHeader}"`,
+    hostname,
+    requestPath,
+    requestBodyParams,
+  ].filter(Boolean)
+  return `gh api \\\n  ${args.join(' \\\n  ')}`
+}
+
+/*
+  Generates an octokit.js example
+
+  For example:
+  await octokit.request('POST /repos/{owner}/{repo}/deployments'{
+    "owner": "OWNER",
+    "repo": "REPO",
+    "ref": "topic-branch",
+    "payload": "{ \"deploy\": \"migrate\" }",
+    "description": "Deploy request from hubot"
+  })
+
+*/
+export function getJSExample(operation: Operation, codeSample: CodeSample) {
+  const parameters = codeSample.request
+    ? { ...codeSample.request.parameters, ...codeSample.request.bodyParameters }
+    : {}
+  return `await octokit.request('${operation.verb.toUpperCase()} ${
+    operation.requestPath
+  }', ${stringify(parameters, null, 2)})`
+}

components/rest/CodeBlock.tsx

@@ -1,15 +1,13 @@
 import cx from 'classnames'
 import { CheckIcon, CopyIcon } from '@primer/octicons-react'
 import { Tooltip } from '@primer/react'
-
 import useClipboard from 'components/hooks/useClipboard'
-
 import styles from './CodeBlock.module.scss'
+import type { ReactNode } from 'react'
 
 type Props = {
   verb?: string
-  // Only Code samples should have a copy icon - if there's a headingLang it's a code sample
-  headingLang?: string
+  headingLang?: ReactNode | string
   codeBlock: string
   highlight?: string
 }
@@ -20,20 +18,12 @@ export function CodeBlock({ verb, headingLang, codeBlock, highlight }: Props) {
   })
 
   return (
-    <div className={headingLang && 'code-extra'}>
+    <div className={headingLang ? 'code-extra' : undefined}>
+      {/* Only Code samples should have a copy icon
+          If there's a headingLang it's a code sample */}
       {headingLang && (
         <header className="d-flex flex-justify-between flex-items-center p-2 text-small rounded-top-1 border">
-          {headingLang === 'JavaScript' ? (
-            <span>
-              {headingLang} (
-              <a className="text-underline" href="https://github.com/octokit/core.js#readme">
-                @octokit/core.js
-              </a>
-              )
-            </span>
-          ) : (
-            `${headingLang}`
-          )}
+          {headingLang}
           <Tooltip direction="w" aria-label={isCopied ? 'Copied!' : 'Copy to clipboard'}>
             <button className="js-btn-copy btn-octicon" onClick={() => setCopied()}>
               {isCopied ? <CheckIcon /> : <CopyIcon />}
@@ -44,10 +34,13 @@ export function CodeBlock({ verb, headingLang, codeBlock, highlight }: Props) {
       <pre className={cx(styles.codeBlock, 'rounded-1 border')} data-highlight={highlight}>
         <code>
           {verb && (
-            <span className="color-bg-accent-emphasis color-fg-on-emphasis rounded-1 text-uppercase p-1">
-              {verb}
-            </span>
-          )}{' '}
+            <>
+              <span className="color-bg-accent-emphasis color-fg-on-emphasis rounded-1 text-uppercase p-1">
+                {verb}
+              </span>
+              <> </>
+            </>
+          )}
           {codeBlock}
         </code>
       </pre>

components/rest/PreviewsRow.tsx

@@ -1,14 +1,12 @@
-import { xGitHub } from './types'
 import { useTranslation } from 'components/hooks/useTranslation'
 
 type Props = {
   slug: string
-  xGitHub: xGitHub
+  numPreviews: number
 }
 
-export function PreviewsRow({ slug, xGitHub }: Props) {
+export function PreviewsRow({ slug, numPreviews }: Props) {
   const { t } = useTranslation('products')
-  const hasPreviews = xGitHub.previews && xGitHub.previews.length > 0
 
   return (
     <tr>
@@ -21,9 +19,9 @@ export function PreviewsRow({ slug, xGitHub }: Props) {
         <p className="m-0">
           Setting to
           <code>application/vnd.github.v3+json</code> is recommended.
-          {hasPreviews && (
+          {numPreviews > 0 && (
             <a href={`#${slug}-preview-notices`} className="d-inline">
-              {xGitHub.previews.length > 1
+              {numPreviews > 1
                 ? ` ${t('rest.reference.see_preview_notices')}`
                 : ` ${t('rest.reference.see_preview_notice')}`}
             </a>

components/rest/RestCodeSamples.tsx

@@ -1,35 +1,92 @@
-import type { xCodeSample } from './types'
+import type { Operation } from './types'
 import { useTranslation } from 'components/hooks/useTranslation'
 import { CodeBlock } from './CodeBlock'
-import { Fragment } from 'react'
+import { getShellExample, getGHExample, getJSExample } from '../lib/get-rest-code-samples'
 
 type Props = {
   slug: string
-  xCodeSamples: Array<xCodeSample>
+  operation: Operation
 }
 
-export function RestCodeSamples({ slug, xCodeSamples }: Props) {
+export function RestCodeSamples({ operation, slug }: Props) {
   const { t } = useTranslation('products')
 
+  const JAVASCRIPT_HEADING = (
+    <span>
+      JavaScript{' '}
+      <a className="text-underline" href="https://github.com/octokit/core.js#readme">
+        @octokit/core.js
+      </a>
+    </span>
+  )
+
+  const GH_CLI_HEADING = (
+    <span>
+      GitHub CLI{' '}
+      <a className="text-underline" href="https://cli.github.com/manual/gh_api">
+        gh api
+      </a>
+    </span>
+  )
+
+  // Format the example properties into different language examples
+  const languageExamples = operation.codeExamples.map((sample) => {
+    const languageExamples = {
+      curl: getShellExample(operation, sample),
+      javascript: getJSExample(operation, sample),
+      ghcli: getGHExample(operation, sample),
+    }
+    return Object.assign({}, sample, languageExamples)
+  })
+
   return (
-    <Fragment key={xCodeSamples + slug}>
+    <>
       <h4 id={`${slug}--code-samples`}>
         <a href={`#${slug}--code-samples`}>{`${t('rest.reference.code_samples')}`}</a>
       </h4>
-      {xCodeSamples.map((sample, index) => {
-        const sampleElements: JSX.Element[] = []
-        if (sample.lang !== 'Ruby') {
-          sampleElements.push(
-            <CodeBlock
-              key={sample.lang + index}
-              headingLang={sample.lang}
-              codeBlock={sample.source}
-              highlight={sample.lang === 'JavaScript' ? 'javascript' : 'curl'}
-            ></CodeBlock>
-          )
-        }
-        return sampleElements
-      })}
-    </Fragment>
+      {languageExamples.map((sample, index) => (
+        <div key={`${JSON.stringify(sample)}-${index}`}>
+          {/* Example requests */}
+          {sample.request && (
+            <>
+              {/* Title of the code sample block */}
+              <h5 dangerouslySetInnerHTML={{ __html: sample.request.description }} />
+              {sample.curl && (
+                <CodeBlock headingLang="Shell" codeBlock={sample.curl} highlight="curl" />
+              )}
+              {sample.javascript && (
+                <CodeBlock
+                  headingLang={JAVASCRIPT_HEADING}
+                  codeBlock={sample.javascript}
+                  highlight="javascript"
+                />
+              )}
+              {sample.ghcli && (
+                <CodeBlock headingLang={GH_CLI_HEADING} codeBlock={sample.ghcli} highlight="curl" />
+              )}
+            </>
+          )}
+
+          {/* Title of the response */}
+          {sample.response && (
+            <>
+              <h5 dangerouslySetInnerHTML={{ __html: sample.response.description }} />
+              {/* Status code */}
+              {sample.response.statusCode && (
+                <CodeBlock codeBlock={`Status: ${sample.response.statusCode}`} />
+              )}
+
+              {/* Example response */}
+              {sample.response.example && (
+                <CodeBlock
+                  codeBlock={JSON.stringify(sample.response.example, null, 2)}
+                  highlight="json"
+                />
+              )}
+            </>
+          )}
+        </div>
+      ))}
+    </>
   )
 }

components/rest/RestHTTPMethod.tsx

@@ -1,10 +0,0 @@
-import { CodeBlock } from './CodeBlock'
-
-type Props = {
-  verb: string
-  requestPath: string
-}
-
-export function RestHTTPMethod({ verb, requestPath }: Props) {
-  return <CodeBlock verb={verb} codeBlock={requestPath}></CodeBlock>
-}

components/rest/RestNotes.tsx

@@ -1,25 +1,21 @@
+import { useRouter } from 'next/router'
+
 import { useTranslation } from 'components/hooks/useTranslation'
+import { Link } from 'components/Link'
 
-type Props = {
-  notes: Array<string>
-  enabledForGitHubApps: boolean
-}
-
-export function RestNotes({ notes, enabledForGitHubApps }: Props) {
+export function RestNotes() {
   const { t } = useTranslation('products')
+  const router = useRouter()
 
   return (
     <>
       <h4 className="pt-4">{t('rest.reference.notes')}</h4>
       <ul className="mt-2 pl-3 pb-2">
-        {enabledForGitHubApps && (
-          <li>
-            <a href="/developers/apps">Works with GitHub Apps</a>
-          </li>
-        )}
-        {notes.map((note: string) => {
-          return <li>{note}</li>
-        })}
+        <li>
+          <Link href={`/${router.locale}/developers/apps`}>
+            {t('rest.reference.works_with_github_apps')}
+          </Link>
+        </li>
       </ul>
     </>
   )

components/rest/RestOperation.tsx

@@ -1,56 +1,62 @@
+import slugger from 'github-slugger'
+
 import { RestOperationHeading } from './RestOperationHeading'
-import { RestHTTPMethod } from './RestHTTPMethod'
+import { CodeBlock } from './CodeBlock'
 import { RestParameterTable } from './RestParameterTable'
 import { RestCodeSamples } from './RestCodeSamples'
-import { RestResponse } from './RestResponse'
+import { RestStatusCodes } from './RestStatusCodes'
 import { Operation } from './types'
 import { RestNotes } from './RestNotes'
 import { RestPreviewNotice } from './RestPreviewNotice'
 import { useTranslation } from 'components/hooks/useTranslation'
-import { RestStatusCodes } from './RestStatusCodes'
 
 type Props = {
   operation: Operation
-  index: number
 }
 
 export function RestOperation({ operation }: Props) {
   const { t } = useTranslation('products')
-  const previews = operation['x-github'].previews
-  const nonErrorResponses = operation.responses.filter(
-    (response) => parseInt(response.httpStatusCode) < 400
-  )
+
+  const slug = slugger.slug(operation.title)
+
+  const numPreviews = operation.previews.length
+  const hasStatusCodes = operation.statusCodes.length > 0
+  const hasCodeSamples = operation.codeExamples.length > 0
+  const hasParameters = operation.parameters.length > 0 || operation.bodyParameters.length > 0
 
   return (
     <div>
       <RestOperationHeading
-        slug={operation.slug}
-        summary={operation.summary}
+        slug={slug}
+        title={operation.title}
         descriptionHTML={operation.descriptionHTML}
       />
-      <RestHTTPMethod verb={operation.verb} requestPath={operation.requestPath} />
-      {operation.parameters && (
+
+      {operation.requestPath && (
+        <CodeBlock verb={operation.verb} codeBlock={operation.requestPath}></CodeBlock>
+      )}
+
+      {hasParameters && (
         <RestParameterTable
-          slug={operation.slug}
-          xGitHub={operation['x-github']}
+          slug={slug}
+          numPreviews={numPreviews}
           parameters={operation.parameters}
           bodyParameters={operation.bodyParameters}
         />
       )}
-      {operation['x-codeSamples'] && operation['x-codeSamples'].length > 0 && (
-        <RestCodeSamples slug={operation.slug} xCodeSamples={operation['x-codeSamples']} />
-      )}
-      <RestResponse responses={nonErrorResponses} />
-      {(operation.notes.length > 0 || operation['x-github'].enabledForGitHubApps) && (
-        <RestNotes
-          notes={operation.notes}
-          enabledForGitHubApps={operation['x-github'].enabledForGitHubApps}
+
+      {hasCodeSamples && <RestCodeSamples operation={operation} slug={slug} />}
+
+      {hasStatusCodes && (
+        <RestStatusCodes
+          heading={t('rest.reference.status_codes')}
+          statusCodes={operation.statusCodes}
         />
       )}
-      {previews && (
-        <RestPreviewNotice slug={operation.slug} previews={operation['x-github'].previews} />
-      )}
-      <RestStatusCodes heading={t('rest.reference.status_codes')} responses={operation.responses} />
+
+      {operation.enabledForGitHubApps && <RestNotes />}
+
+      {numPreviews > 0 && <RestPreviewNotice slug={slug} previews={operation.previews} />}
     </div>
   )
 }

components/rest/RestOperationHeading.tsx

@@ -2,18 +2,18 @@ import { LinkIcon } from '@primer/octicons-react'
 
 type Props = {
   slug: string
-  summary: string
+  title: string
   descriptionHTML: string
 }
 
-export function RestOperationHeading({ slug, summary, descriptionHTML }: Props) {
+export function RestOperationHeading({ slug, title, descriptionHTML }: Props) {
   return (
     <>
       <h3 id={slug}>
         <a href={`#${slug}`}>
           <LinkIcon size={16} className="m-1" />
         </a>
-        {summary}
+        {title}
       </h3>
       <div dangerouslySetInnerHTML={{ __html: descriptionHTML }} />
     </>

components/rest/RestParameterTable.tsx

@@ -1,6 +1,6 @@
 import cx from 'classnames'
 import { useTranslation } from 'components/hooks/useTranslation'
-import { BodyParameter, Parameter, xGitHub } from './types'
+import { BodyParameter, Parameter } from './types'
 import styles from './RestParameterTable.module.scss'
 import { PreviewsRow } from './PreviewsRow'
 import { ParameterRows } from './ParameterRows'
@@ -8,12 +8,12 @@ import { BodyParameterRows } from './BodyParametersRows'
 
 type Props = {
   slug: string
-  xGitHub: xGitHub
+  numPreviews: number
   parameters: Array<Parameter>
   bodyParameters: Array<BodyParameter>
 }
 
-export function RestParameterTable({ slug, xGitHub, parameters, bodyParameters }: Props) {
+export function RestParameterTable({ slug, numPreviews, parameters, bodyParameters }: Props) {
   const { t } = useTranslation('products')
 
   return (
@@ -31,7 +31,7 @@ export function RestParameterTable({ slug, xGitHub, parameters, bodyParameters }
           </tr>
         </thead>
         <tbody>
-          <PreviewsRow slug={slug} xGitHub={xGitHub} />
+          <PreviewsRow slug={slug} numPreviews={numPreviews} />
           <ParameterRows parameters={parameters} />
           <BodyParameterRows slug={slug} bodyParameters={bodyParameters} />
         </tbody>

components/rest/RestPreviewNotice.tsx

@@ -1,34 +1,27 @@
 import { useTranslation } from 'components/hooks/useTranslation'
-import { Preview } from './types'
 
 type Props = {
   slug: string
-  previews: Array<Preview> | []
+  previews: Array<string>
 }
 
 export function RestPreviewNotice({ slug, previews }: Props) {
   const { t } = useTranslation('products')
 
-  const previewNotices = previews.map((preview, index) => {
-    return (
-      <div
-        className="extended-markdown note border rounded-1 mb-6 p-3 color-border-accent-emphasis color-bg-accent f5"
-        dangerouslySetInnerHTML={{ __html: preview.html }}
-        key={`${preview.name}-${index}`}
-      >
-        {preview.required && t('preview_header_is_required')}
-      </div>
-    )
-  })
-
-  return previews.length > 0 ? (
+  return (
     <>
       <h4 id={`${slug}-preview-notices`}>
         {previews.length > 1
           ? `${t('rest.reference.preview_notices')}`
           : `${t('rest.reference.preview_notice')}`}
       </h4>
-      {previewNotices}
+      {previews.map((preview, index) => (
+        <div
+          className="extended-markdown note border rounded-1 mb-6 p-3 color-border-accent-emphasis color-bg-accent f5"
+          dangerouslySetInnerHTML={{ __html: preview }}
+          key={JSON.stringify(preview) + index}
+        />
+      ))}
     </>
-  ) : null
+  )
 }

components/rest/RestReferencePage.tsx

@@ -127,7 +127,13 @@ export const RestReferencePage = ({
         as="li"
         key={item.contents}
         className={item.platform}
-        sx={{ listStyle: 'none', padding: '2px' }}
+        sx={{
+          listStyle: 'none',
+          padding: '2px',
+          ':hover': {
+            bg: 'var(--color-canvas-inset)',
+          },
+        }}
       >
         <div className={cx('lh-condensed d-block width-full')}>
           <div className="d-inline-flex" dangerouslySetInnerHTML={{ __html: item.contents }} />
@@ -188,10 +194,13 @@ export const RestReferencePage = ({
         </div>
         <MarkdownContent>
           {subcategories.map((subcategory, index) => (
-            <div key={`restCategory-${index}`}>
+            <div key={`${subcategory}-${index}`}>
               <div dangerouslySetInnerHTML={{ __html: descriptions[subcategory] }} />
               {restOperations[subcategory].map((operation, index) => (
-                <RestOperation key={`restOperation-${index}`} operation={operation} index={index} />
+                <RestOperation
+                  key={`${subcategory}-${operation.title}-${index}`}
+                  operation={operation}
+                />
               ))}
             </div>
           ))}

components/rest/RestResponse.tsx

@@ -1,30 +0,0 @@
-import { CodeResponse } from './types'
-import { CodeBlock } from './CodeBlock'
-
-type Props = {
-  responses: Array<CodeResponse>
-}
-
-export function RestResponse(props: Props) {
-  const { responses } = props
-
-  if (!responses || responses.length === 0) {
-    return null
-  }
-
-  return (
-    <>
-      {responses.map((response, index) => {
-        return (
-          <div key={`${response.httpStatusMessage}-${index}}`}>
-            <h4 dangerouslySetInnerHTML={{ __html: response.description }} />
-            <CodeBlock
-              codeBlock={`Status: ${response.httpStatusCode} ${response.httpStatusMessage}`}
-            />
-            {response.payload ? <CodeBlock codeBlock={response.payload} highlight="json" /> : null}
-          </div>
-        )
-      })}
-    </>
-  )
-}

components/rest/RestStatusCodes.tsx

@@ -1,14 +1,14 @@
 import cx from 'classnames'
-import { CodeResponse } from './types'
+import { StatusCode } from './types'
 import { useTranslation } from 'components/hooks/useTranslation'
 import styles from './RestResponseTable.module.scss'
 
 type Props = {
   heading: string
-  responses: Array<CodeResponse>
+  statusCodes: Array<StatusCode>
 }
 
-export function RestStatusCodes({ heading, responses }: Props) {
+export function RestStatusCodes({ heading, statusCodes }: Props) {
   const { t } = useTranslation('products')
 
   return (
@@ -22,21 +22,22 @@ export function RestStatusCodes({ heading, responses }: Props) {
           </tr>
         </thead>
         <tbody>
-          {responses.map((response, index) => (
-            <tr key={`${response.description}-${index}}`}>
-              <td>
-                <code>{response.httpStatusCode}</code>
-              </td>
-              <td>
-                {response.description &&
-                response.description.toLowerCase() !== '<p>response</p>' ? (
-                  <div dangerouslySetInnerHTML={{ __html: response.description }} />
-                ) : (
-                  response.httpStatusMessage
-                )}
-              </td>
-            </tr>
-          ))}
+          {statusCodes.map((statusCode, index) => {
+            return (
+              <tr key={`${statusCode.description}-${index}}`}>
+                <td>
+                  <code>{statusCode.httpStatusCode}</code>
+                </td>
+                <td>
+                  {statusCode.description ? (
+                    <div dangerouslySetInnerHTML={{ __html: statusCode.description }} />
+                  ) : (
+                    statusCode.httpStatusMessage
+                  )}
+                </td>
+              </tr>
+            )
+          })}
         </tbody>
       </table>
     </>

components/rest/types.ts

@@ -1,15 +1,17 @@
 export interface Operation {
   verb: string
-  summary: string
-  slug: string
+  title: string
   descriptionHTML: string
-  notes: Array<string>
+  previews: Array<string>
   requestPath: string
-  responses: Array<CodeResponse>
+  serverUrl: string
+  statusCodes: Array<StatusCode>
   parameters: Array<Parameter>
   bodyParameters: Array<BodyParameter>
-  'x-github': xGitHub
-  'x-codeSamples': Array<xCodeSample>
+  category: string
+  subcategory: string
+  enabledForGitHubApps: boolean
+  codeExamples: Array<CodeSample>
 }
 
 export interface Parameter {
@@ -23,28 +25,27 @@ export interface Parameter {
   }
 }
 
-export interface xGitHub {
-  category: string
-  enabledForGitHubApps: boolean
-  previews: Array<Preview> | []
-}
-
-export interface CodeResponse {
+export interface StatusCode {
   description: string
   httpStatusCode: string
   httpStatusMessage: string
-  payload: string
 }
 
-export interface xCodeSample {
-  lang: string
-  source: string
-}
-
-export interface Preview {
-  html: string
-  required: boolean
-  name: string
+export interface CodeSample {
+  key: string
+  response: {
+    contentType: string
+    description: string
+    example: Record<string, string>
+    statusCode: string
+  }
+  request: {
+    contentType: string
+    acceptHeader: string
+    bodyParameters: Record<string, string>
+    parameters: Record<string, string>
+    description: string
+  }
 }
 
 export interface BodyParameter {

components/ui/MarkdownContent/MarkdownContent.module.scss

@@ -6,6 +6,7 @@
 .markdownBody {
   a {
     text-decoration: underline;
+    text-underline-offset: 25%;
   }
 
   summary {

components/ui/MiniTocs/MiniTocs.tsx

@@ -16,7 +16,18 @@ const renderTocItem = (item: MiniTocItem) => {
       as="li"
       key={item.contents}
       className={item.platform}
-      sx={{ listStyle: 'none', padding: '2px' }}
+      sx={{
+        listStyle: 'none',
+        padding: '2px',
+        ':hover': {
+          bg: 'var(--color-canvas-inset)',
+        },
+        'ul > li': {
+          ':hover': {
+            bg: 'var(--color-neutral-subtle)',
+          },
+        },
+      }}
     >
       <div className={cx('lh-condensed d-block width-full')}>
         <div dangerouslySetInnerHTML={{ __html: item.contents }} />

content/actions/deployment/targeting-different-environments/using-environments-for-deployment.md

@@ -71,6 +71,14 @@ Secrets stored in an environment are only available to workflow jobs that refere
 
 {% data reusables.actions.permissions-statement-environment %}
 
+{% ifversion fpt or ghec %}
+{% note %}
+
+**Note:** To create an environment in a private repository, your organization must use {% data variables.product.prodname_ghe_cloud %}. {% data reusables.enterprise.link-to-ghec-trial %}
+
+{% endnote %}
+{% endif %}
+
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.actions.sidebar-environment %}

content/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners.md

@@ -58,10 +58,10 @@ The {% data variables.product.prodname_actions %} service will then automaticall
 
 By default, self-hosted runners will automatically perform a software update whenever a new version of the runner software is available.  If you use ephemeral runners in containers then this can lead to repeated software updates when a new runner version is released.  Turning off automatic updates allows you to update the runner version on the container image directly on your own schedule.
 
-If you want to turn off automatic software updates and install software updates yourself, you can specify the `--disableupdate` parameter when starting the runner.  For example:
+To turn off automatic software updates and install software updates yourself, specify the `--disableupdate` flag when registering your runner using `config.sh`. For example:
 
 ```shell
-./run.sh --disableupdate
+./config.sh --url <em>https://github.com/octo-org</em> --token <em>example-token</em> --disableupdate
 ```
 
 If you disable automatic updates, you must still update your runner version regularly.  New functionality in {% data variables.product.prodname_actions %} requires changes in both the {% data variables.product.prodname_actions %} service _and_ the runner software.  The runner may not be able to correctly process jobs that take advantage of new features in {% data variables.product.prodname_actions %} without a software update.

content/actions/hosting-your-own-runners/configuring-the-self-hosted-runner-application-as-a-service.md

@@ -81,7 +81,7 @@ You can manage the runner service in the Windows **Services** application, or yo
 The command takes an optional `user` argument to install the service as a different user.
 
 ```shell
-./svc.sh install --user <em>USERNAME</em>
+./svc.sh install <em>USERNAME</em>
 ```
 
 ## Starting the service

content/actions/security-guides/security-hardening-for-github-actions.md

@@ -48,6 +48,12 @@ To help prevent accidental disclosure, {% data variables.product.product_name %}
 - **Consider requiring review for access to secrets**
     - You can use required reviewers to protect environment secrets. A workflow job cannot access environment secrets until approval is granted by a reviewer. For more information about storing secrets in environments or requiring reviews for environments, see "[Encrypted secrets](/actions/reference/encrypted-secrets)" and "[Using environments for deployment](/actions/deployment/using-environments-for-deployment)."
 
+{% warning %}
+
+**Warning**: Any user with write access to your repository has read access to all secrets configured in your repository. Therefore, you should ensure that the credentials being used within workflows have the least privileges required.
+
+{% endwarning %}
+
 ## Using `CODEOWNERS` to monitor changes
 
 You can use the `CODEOWNERS` feature to control how changes are made to your workflow files. For example, if all your workflow files are stored in `.github/workflows`, you can add this directory to the code owners list, so that any proposed changes to these files will first require approval from a designated reviewer.
@@ -300,7 +306,7 @@ For example, you can use the audit log to track the `org.update_actions_secret`
   ![Audit log entries](/assets/images/help/repository/audit-log-entries.png)
 
 The following tables describe the {% data variables.product.prodname_actions %} events that you can find in the audit log. For more information on using the audit log, see
-"[Reviewing the audit log for your organization](/organizations/keeping-your-organization-secure/reviewing-the-audit-log-for-your-organization#searching-the-audit-log)."
+"[Reviewing the audit log for your organization](/organizations/keeping-your-organization-secure/reviewing-the-audit-log-for-your-organization#searching-the-audit-log)" and "[Reviewing audit logs for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise)."
 
 {% ifversion fpt or ghec %}
 ### Events for environments
@@ -318,6 +324,7 @@ The following tables describe the {% data variables.product.prodname_actions %}
 | Action | Description
 |------------------|-------------------
 | `repo.actions_enabled` | Triggered when {% data variables.product.prodname_actions %} is enabled for a repository. Can be viewed using the UI. This event is not visible when you access the audit log using the REST API. For more information, see "[Using the REST API](#using-the-rest-api)."
+| `repo.update_actions_access_settings` | Triggered when the setting to control how your repository is used by {% data variables.product.prodname_actions %} workflows in other repositories is changed.
 {% endif %}
 
 ### Events for secret management

content/actions/using-containerized-services/about-service-containers.md

@@ -49,7 +49,7 @@ When a job runs directly on a runner machine, the service running in the Docker
 
 You can use the `services` keyword to create service containers that are part of a job in your workflow. For more information, see [`jobs.<job_id>.services`](/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#jobsjob_idservices).
 
-This example creates a service called `redis` in a job called `container-job`. The Docker host in this example is the `node:10.18-jessie` container.
+This example creates a service called `redis` in a job called `container-job`. The Docker host in this example is the `node:16-bullseye` container.
 
 {% raw %}
 ```yaml{:copy}
@@ -62,7 +62,7 @@ jobs:
     # Containers must run in Linux based operating systems
     runs-on: ubuntu-latest
     # Docker Hub image that `container-job` executes in
-    container: node:10.18-jessie
+    container: node:16-bullseye
 
     # Service containers to run with `container-job`
     services:

content/actions/using-workflows/caching-dependencies-to-speed-up-workflows.md

@@ -102,7 +102,16 @@ For more information, see [`actions/cache`](https://github.com/actions/cache).
           ~/.gradle/wrapper
     ```
   - With `v1` of the `cache` action, only a single path is supported and it must be a directory. You cannot cache a single file.
-- `restore-keys`: **Optional** An ordered list of alternative keys to use for finding the cache if no cache hit occurred for `key`.
+- `restore-keys`: **Optional** A string containing alternative restore keys, with each restore key placed on a new line. If no cache hit occurred for `key`, these restore keys are used sequentially in the order provided to find and restore a cache. For example:
+
+  {% raw %}
+  ```yaml
+  restore-keys: |
+    npm-foobar-${{ hashFiles('package-lock.json') }}
+    npm-foobar-
+    npm-
+  ```
+  {% endraw %}
 
 ### Output parameters for the `cache` action
 

content/actions/using-workflows/events-that-trigger-workflows.md

@@ -899,7 +899,7 @@ on:
 
 jobs:
   if_merged:
-    if: github.event.pull_request_target.merged == true
+    if: github.event.pull_request.merged == true
     runs-on: ubuntu-latest
     steps:
     - run: |

content/admin/configuration/configuring-your-enterprise/command-line-utilities.md

@@ -114,7 +114,7 @@ Allows you to find the universally unique identifier (UUID) of your node in `clu
 ```
 
 {% ifversion ghes %}
-Allows you to exempt a list of users from API rate limits. A hard limit of 120,000 requests will still apply to these users. For more information, see "[Resources in the REST API](/rest/overview/resources-in-the-rest-api#rate-limiting)."
+Allows you to exempt a list of users from REST API rate limits. A hard limit of 120,000 requests will still apply to these users. For more information, see "[Resources in the REST API](/rest/overview/resources-in-the-rest-api#rate-limiting)."
 
 ``` shell
 $ ghe-config app.github.rate-limiting-exempt-users "<em>hubot</em> <em>github-actions</em>"

content/admin/configuration/configuring-your-enterprise/site-admin-dashboard.md

@@ -45,9 +45,9 @@ Data for GitHub's [trending page][] is calculated into daily, weekly, and monthl
 
 {% data variables.product.product_name %} keeps a running log of audited actions that you can query.
 
-By default, the audit log shows you a list of all audited actions in reverse chronological order. You can filter this list by entering key-value pairs in the **Query** text box and then clicking **Search**, as explained in "[Searching the audit log](/enterprise/{{ currentVersion }}/admin/guides/installation/searching-the-audit-log)."
+By default, the audit log shows you a list of all audited actions in reverse chronological order. You can filter this list by entering key-value pairs in the **Query** text box and then clicking **Search**, as explained in "[Searching the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/searching-the-audit-log-for-your-enterprise)."
 
-For more information on audit logging in general, see "[Audit logging](/enterprise/{{ currentVersion }}/admin/guides/installation/audit-logging)." For a full list of audited actions, see "[Audited actions](/enterprise/{{ currentVersion }}/admin/guides/installation/audited-actions)."
+For more information on audit logging in general, see "[About the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise)." For a full list of audited actions, see "[Audit log events for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise)."
 
 ## Reports
 

content/admin/enterprise-management/index.md

@@ -13,6 +13,6 @@ children:
   - /configuring-clustering
   - /configuring-high-availability
   - /caching-repositories
-shortTitle: 'Monitor, manage & update'
+shortTitle: 'Monitor, manage, and update your appliance'
 ---
 

content/admin/enterprise-management/monitoring-your-appliance/about-system-logs.md

@@ -0,0 +1,62 @@
+---
+title: About system logs
+intro: '{% data variables.product.product_name %} keeps error and message logs for system events. Logs are useful for identifying user, application and system-level actions and exceptions.'
+versions:
+  ghes: '*'
+type: overview
+topics:
+  - Auditing
+  - Enterprise
+  - Logging
+  - Security
+---
+
+## System logs
+
+By default, system logs for {% data variables.product.product_name %} are automatically rotated every 24 hours and are retained for seven days. System logs include system-level events, application logs, and Git events data. As log files are often being written to and can be large in size, it may be beneficial to extract and parse relevant log entries on a host separate to your {% data variables.product.prodname_ghe_server %} instance.
+
+You can forward system logs to a third-party system or server for longer retention. For more information see "[Log forwarding](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/log-forwarding)."
+
+In addition to reviewing your system logs, you can monitor activity in your enterprise in other ways, such as viewing audit logs, push logs and managing global webhooks. For more information, see "[Monitoring activity in your enterprise](/admin/monitoring-activity-in-your-enterprise)."
+
+## Types of logs
+
+Listed below are the main logs used by the {% data variables.product.product_name %} appliance and their functions:
+
+| Path | Description​ |
+|------|-------------|
+| `/var/log/github/audit.log` | Audited user, repository and system events.
+| `/var/log/github/unicorn.log` | API and web interface traffic.
+| `/var/log/github/exceptions.log` | Application-level errors.
+| `/var/log/haproxy.log` | All IP traffic reaching the appliance.
+| `/var/log/hookshot/resqued.log` | Webhook delivery and failures.
+| `/var/log/github/auth.log` | Authentication requests, whether through built in, LDAP, CAS or SAML methods.
+| `/var/log/github/gitauth.log` | All Git authentication requests.
+
+Git activity and authentication requests are processed by the `babeld` service.
+
+Several {% data variables.product.product_name %} services, such as the `babeld` service, are containerized. Containerized logs are written to the `systemd journal`, and can be queried at any time using the `journalctl` command.
+
+## Audited system events
+
+All entries from the `audit.log` file use and can be filtered with the `github_audit` keyword.
+
+For example, this entry shows that a new repository was created.
+
+```
+Oct 26 01:42:08 github-ent github_audit: {:created_at=>1351215728326, :actor_ip=>"10.0.0.51", :data=>{}, :user=>"some-user", :repo=>"some-user/some-repository", :actor=>"some-user", :actor_id=>2, :user_id=>2, :action=>"repo.create", :repo_id=>1, :from=>"repositories#create"}
+```
+
+This example shows that commits were pushed to a repository.
+
+```
+Oct 26 02:19:31 github-ent github_audit: { "pid":22860, "ppid":22859, "program":"receive-pack", "git_dir":"/data/repositories/some-user/some-repository.git", "hostname":"github-ent", "pusher":"some-user", "real_ip":"10.0.0.51", "user_agent":"git/1.7.10.4", "repo_id":1, "repo_name":"some-user/some-repository", "transaction_id":"b031b7dc7043c87323a75f7a92092ef1456e5fbaef995c68", "frontend_ppid":1, "repo_public":true, "user_name":"some-user", "user_login":"some-user", "frontend_pid":18238, "frontend":"github-ent", "user_email":"some-user@github.example.com", "user_id":2, "pgroup":"github-ent_22860", "status":"post_receive_hook", "features":" report-status side-band-64k", "received_objects":3, "receive_pack_size":243, "non_fast_forward":false, "current_ref":"refs/heads/main" }
+```
+
+## Support bundles
+
+The support bundle includes system logs and all audit information is logged to the `audit.log` file in the `github-logs` directory. For more information, see "[Providing data to {% data variables.product.prodname_dotcom %} Support](/support/contacting-github-support/providing-data-to-github-support)."
+
+## Further reading
+
+- [Linux man page for the `journalctl` command](http://man7.org/linux/man-pages/man1/journalctl.1.html)

content/admin/enterprise-management/monitoring-your-appliance/index.md

@@ -16,6 +16,7 @@ children:
   - /setting-up-external-monitoring
   - /configuring-collectd
   - /monitoring-using-snmp
+  - /about-system-logs
   - /generating-a-health-check-for-your-enterprise
 ---
 

content/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/introducing-github-actions-to-your-enterprise.md

@@ -40,7 +40,7 @@ Then,{% else %}First,{% endif %} decide whether you'll allow third-party actions
 Consider combining OpenID Connect (OIDC) with reusable workflows to enforce consistent deployments across your repository, organization, or enterprise. You can do this by defining trust conditions on cloud roles based on reusable workflows. For more information, see "[Using OpenID Connect with reusable workflows](/actions/deployment/security-hardening-your-deployments/using-openid-connect-with-reusable-workflows)."
 {% endif %}
 
-You can access information about activity related to {% data variables.product.prodname_actions %} in the audit logs for your enterprise. If your business needs require retaining audit logs for longer than six months, plan how you'll export and store this data outside of {% data variables.product.prodname_dotcom %}. For more information, see {% ifversion ghec %}"[Streaming the audit logs for organizations in your enterprise](/admin/user-management/managing-organizations-in-your-enterprise/streaming-the-audit-logs-for-organizations-in-your-enterprise-account)."{% else %}"[Searching the audit log](/admin/user-management/monitoring-activity-in-your-enterprise/searching-the-audit-log)."{% endif %}
+You can access information about activity related to {% data variables.product.prodname_actions %} in the audit logs for your enterprise. If your business needs require retaining audit logs for longer than six months, plan how you'll export and store this data outside of {% data variables.product.prodname_dotcom %}. For more information, see {% ifversion ghec %}"[Streaming the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise)" and "[Exporting audit log activity for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/exporting-audit-log-activity-for-your-enterprise)."{% else %}"[Log forwarding](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/log-forwarding)."{% endif %}
 
 ![Audit log entries](/assets/images/help/repository/audit-log-entries.png)
 

content/admin/guides.md

@@ -31,7 +31,6 @@ includeGuides:
   - /admin/authentication/managing-identity-and-access-for-your-enterprise/managing-team-synchronization-for-organizations-in-your-enterprise
   - /admin/authentication/managing-identity-and-access-for-your-enterprise/switching-your-saml-configuration-from-an-organization-to-an-enterprise-account
   - /admin/authentication/managing-your-enterprise-users-with-your-identity-provider/about-enterprise-managed-users
-  - /admin/authentication/managing-your-enterprise-users-with-your-identity-provider/auditing-activity-in-your-enterprise
   - /admin/authentication/managing-your-enterprise-users-with-your-identity-provider/configuring-saml-single-sign-on-for-enterprise-managed-users
   - /admin/authentication/managing-your-enterprise-users-with-your-identity-provider/configuring-scim-provisioning-for-enterprise-managed-users
   - /admin/authentication/managing-your-enterprise-users-with-your-identity-provider/configuring-scim-provisioning-for-enterprise-managed-users-with-okta
@@ -75,6 +74,7 @@ includeGuides:
   - /admin/enterprise-management/setting-up-external-monitoring
   - /admin/enterprise-management/upgrade-requirements
   - /admin/enterprise-management/upgrading-github-enterprise-server
+  - /admin/enterprise-management/monitoring-your-appliance/about-system-logs
   - /admin/enterprise-support/about-github-enterprise-support
   - /admin/github-actions/about-using-actions-in-your-enterprise
   - /admin/github-actions/backing-up-and-restoring-github-enterprise-server-with-github-actions-enabled
@@ -103,7 +103,6 @@ includeGuides:
   - /admin/policies/managing-pre-receive-hooks-on-the-github-enterprise-server-appliance
   - /admin/user-management/about-migrations
   - /admin/user-management/adding-people-to-teams
-  - /admin/user-management/audited-actions
   - /admin/user-management/auditing-ssh-keys
   - /admin/user-management/auditing-users-across-your-enterprise
   - /admin/user-management/configuring-git-large-file-storage-for-your-enterprise
@@ -115,11 +114,19 @@ includeGuides:
   - /admin/user-management/exporting-migration-data-from-your-enterprise
   - /admin/user-management/importing-data-from-third-party-version-control-systems
   - /admin/user-management/managing-dormant-users
-  - /admin/user-management/managing-global-webhooks
+  - /admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise
+  - /admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/accessing-the-audit-log-for-your-enterprise
+  - /admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/searching-the-audit-log-for-your-enterprise
+  - /admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/exporting-audit-log-activity-for-your-enterprise
+  - /admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise
+  - /admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/using-the-audit-log-api-for-your-enterprise
+  - /admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise
+  - /admin/monitoring-activity-in-your-enterprise/exploring-user-activity/activity-dashboard
+  - /admin/monitoring-activity-in-your-enterprise/exploring-user-activity/viewing-push-logs
+  - /admin/monitoring-activity-in-your-enterprise/exploring-user-activity/log-forwarding
+  - /admin/monitoring-activity-in-your-enterprise/exploring-user-activity/managing-global-webhooks
   - /admin/user-management/managing-organizations-in-your-enterprise/adding-organizations-to-your-enterprise
   - /admin/user-management/managing-organizations-in-your-enterprise/managing-unowned-organizations-in-your-enterprise
-  - /admin/user-management/managing-organizations-in-your-enterprise/streaming-the-audit-logs-for-organizations-in-your-enterprise-account
-  - /admin/user-management/managing-organizations-in-your-enterprise/viewing-the-audit-logs-for-organizations-in-your-enterprise
   - /admin/user-management/managing-projects-using-jira
   - /admin/user-management/managing-users-in-your-enterprise/inviting-people-to-manage-your-enterprise
   - /admin/user-management/managing-users-in-your-enterprise/managing-support-entitlements-for-your-enterprise
@@ -128,7 +135,6 @@ includeGuides:
   - /admin/user-management/managing-users-in-your-enterprise/viewing-people-in-your-enterprise
   - /admin/user-management/migrating-data-to-your-enterprise
   - /admin/user-management/migrating-to-internal-repositories
-  - /admin/user-management/monitoring-activity-in-your-enterprise/managing-global-webhooks
   - /admin/user-management/placing-a-legal-hold-on-a-user-or-organization
   - /admin/user-management/preparing-to-migrate-data-to-your-enterprise
   - /admin/user-management/preventing-users-from-creating-organizations

content/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/auditing-activity-in-your-enterprise.md

@@ -1,36 +0,0 @@
----
-title: Auditing activity in your enterprise
-shortTitle: Auditing activity
-intro: 'You can audit the activity of the {% data variables.product.prodname_managed_users %} in your enterprise, viewing information about what actions were performed, by which user, and when they took place.'
-permissions: Enterprise owners can access the audit log.
-product: '{% data reusables.gated-features.emus %}'
-redirect_from:
-  - /github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider/auditing-activity-in-your-enterprise
-  - /admin/authentication/managing-your-enterprise-users-with-your-identity-provider/auditing-activity-in-your-enterprise
-versions:
-  ghec: '*'
-topics:
-  - Accounts
-  - Enterprise
----
-
-## About the audit log
-
-The audit log allows enterprise owners to quickly review or export the actions performed by both owners and members of your enterprise. Each audit log entry shows information about the event.
-
-- The organization an action was performed in
-- The user who performed the action
-- Which repository an action was performed in
-- The action that was performed
-- Which country the action took place in
-- The date and time the action occurred
-
-## Accessing the audit log
-
-You can also access the audit log for your enterprise from the REST API. For more information, see "[GitHub Enterprise administration](/rest/reference/enterprise-admin#get-the-audit-log-for-an-enterprise)" in the API documentation.
-
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.audit-log-tab %}
-1. Optionally, above the list of events, select the **Export Git Events** or **Export** drop-down menu and choose options for exporting events from the audit log.
-  !["Export Git Events" and "Export" drop-down menus for the enterprise audit log](/assets/images/help/enterprises/audit-log-export-drop-down-menus.png)

content/admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/index.md

@@ -17,6 +17,5 @@ children:
   - /configuring-scim-provisioning-for-enterprise-managed-users
   - /configuring-scim-provisioning-for-enterprise-managed-users-with-okta
   - /managing-team-memberships-with-identity-provider-groups
-  - /auditing-activity-in-your-enterprise
 ---
 

content/admin/index.md

@@ -100,8 +100,8 @@ featuredLinks:
     - '{% ifversion ghes %}/billing/managing-your-license-for-github-enterprise{% endif %}'
     - '{% ifversion ghes %}/admin/configuration/command-line-utilities{% endif %}'
     - '{% ifversion ghec %}/admin/configuration/configuring-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise{% endif %}'
-    - '{% ifversion ghec %}/admin/user-management/managing-organizations-in-your-enterprise/viewing-the-audit-logs-for-organizations-in-your-enterprise{% endif %}'
-    - '{% ifversion ghec %}/admin/user-management/monitoring-activity-in-your-enterprise/managing-global-webhooks{% endif %}'
+    - '{% ifversion ghec %}/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise{% endif %}'
+    - '{% ifversion ghec %}/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/managing-global-webhooks{% endif %}'
     - '{% ifversion ghec %}/billing/managing-your-license-for-github-enterprise/using-visual-studio-subscription-with-github-enterprise/setting-up-visual-studio-subscription-with-github-enterprise{% endif %}'
     - /admin/configuration/configuring-github-connect/managing-github-connect
     - /admin/enterprise-support/about-github-enterprise-support
@@ -125,6 +125,7 @@ children:
   - /identity-and-access-management
   - /user-management
   - /policies
+  - /monitoring-activity-in-your-enterprise
   - /enterprise-management
   - /github-actions
   - /packages

content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-hyper-v.md

@@ -29,7 +29,7 @@ shortTitle: Install on Hyper-V
 
 {% data reusables.enterprise_installation.download-license %}
 {% data reusables.enterprise_installation.download-appliance %}
-4. Select {% data variables.product.prodname_dotcom %} On-premises, then click **Hyper-V (VHD)**.
+4. Under "{% data variables.product.prodname_dotcom %} On-premises", select the "Select your hypervisor" dropdown menu and click **Hyper-V (VHD)**.
 5. Click **Download for Hyper-V (VHD)**.
 
 ## Creating the {% data variables.product.prodname_ghe_server %} instance

content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-openstack-kvm.md

@@ -28,7 +28,7 @@ shortTitle: Install on OpenStack
 
 {% data reusables.enterprise_installation.download-license %}
 {% data reusables.enterprise_installation.download-appliance %}
-4. Select {% data variables.product.prodname_dotcom %} On-premises, then click **OpenStack KVM (QCOW2)**.
+4. Under "{% data variables.product.prodname_dotcom %} On-premises", select the "Select your hypervisor" dropdown menu and click **OpenStack KVM (QCOW2)**.
 5. Click **Download for OpenStack KVM (QCOW2)**.
 
 ## Creating the {% data variables.product.prodname_ghe_server %} instance

content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-vmware.md

@@ -32,7 +32,7 @@ shortTitle: Install on VMware
 
 {% data reusables.enterprise_installation.download-license %}
 {% data reusables.enterprise_installation.download-appliance %}
-4. Select {% data variables.product.prodname_dotcom %} On-premises, then click **VMware ESXi/vSphere (OVA)**.
+4. Under "{% data variables.product.prodname_dotcom %} On-premises", select the "Select your hypervisor" dropdown menu and click **VMware ESXi/vSphere (OVA)**.
 5. Click **Download for VMware ESXi/vSphere (OVA)**.
 
 ## Creating the {% data variables.product.prodname_ghe_server %} instance

content/admin/installation/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-xenserver.md

@@ -36,7 +36,7 @@ shortTitle: Install on XenServer
 
 {% data reusables.enterprise_installation.download-license %}
 {% data reusables.enterprise_installation.download-appliance %}
-4. Select {% data variables.product.prodname_dotcom %} On-premises, then click **XenServer (VHD)**.
+4. Under "{% data variables.product.prodname_dotcom %} On-premises", select the "Select your hypervisor" dropdown menu and click **XenServer (VHD)**.
 5. To download your license file, click **Download license**.
 
 ## Creating the {% data variables.product.prodname_ghe_server %} instance

content/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/activity-dashboard.md

@@ -6,6 +6,7 @@ redirect_from:
   - /enterprise/admin/installation/activity-dashboard
   - /enterprise/admin/user-management/activity-dashboard
   - /admin/user-management/activity-dashboard
+  - /admin/user-management/monitoring-activity-in-your-enterprise/activity-dashboard
 versions:
   ghes: '*'
   ghae: '*'

content/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/index.md

@@ -0,0 +1,16 @@
+---
+title: Exploring user activity in your enterprise
+intro: You can view user and system activity by leveraging dashboards, webhooks and log forwarding.
+versions:
+  ghec: '*'
+  ghes: '*'
+  ghae: '*'
+topics:
+  - Enterprise
+children:
+  - /activity-dashboard
+  - /viewing-push-logs
+  - /log-forwarding  
+  - /managing-global-webhooks
+shortTitle: Explore user activity
+---

content/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/log-forwarding.md

@@ -7,6 +7,7 @@ redirect_from:
   - /enterprise/admin/enterprise-management/log-forwarding
   - /admin/enterprise-management/log-forwarding
   - /admin/user-management/log-forwarding
+  - /admin/user-management/monitoring-activity-in-your-enterprise/log-forwarding
 versions:
   ghes: '*'
   ghae: '*'

content/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/managing-global-webhooks.md

@@ -13,6 +13,7 @@ redirect_from:
   - /articles/configuring-webhooks-for-organization-events-in-your-enterprise-account
   - /github/setting-up-and-managing-your-enterprise-account/configuring-webhooks-for-organization-events-in-your-enterprise-account
   - /github/setting-up-and-managing-your-enterprise/configuring-webhooks-for-organization-events-in-your-enterprise-account
+  - /admin/user-management/monitoring-activity-in-your-enterprise/managing-global-webhooks
 versions:
   ghec: '*'
   ghes: '*'

content/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/viewing-push-logs.md

@@ -6,6 +6,7 @@ redirect_from:
   - /enterprise/admin/installation/viewing-push-logs
   - /enterprise/admin/user-management/viewing-push-logs
   - /admin/user-management/viewing-push-logs
+  - /admin/user-management/monitoring-activity-in-your-enterprise/viewing-push-logs
 versions:
   ghes: '*'
   ghae: '*'
@@ -42,6 +43,6 @@ Push log entries show:
 {% data reusables.enterprise_installation.ssh-into-instance %}
 1. In the appropriate Git repository, open the audit log file:
   ```shell
-  ghe-repo <em>owner</em>/<em>repository</em> -c "less audit_log"
+  ghe-repo <em>owner</em>/<em>repository</em> -c "cat audit_log"
   ```
 {% endif %}

content/admin/monitoring-activity-in-your-enterprise/index.md

@@ -0,0 +1,16 @@
+---
+title: Monitoring activity in your enterprise
+intro: You can view user and system activity by leveraging audit logs{% ifversion ghes or ghae %}, push logs, dashboards, webhooks, and log forwarding{% else %}and webhooks{% endif %}.
+redirect_from:
+  - /enterprise/admin/installation/monitoring-activity-on-your-github-enterprise-server-instance
+versions:
+  ghec: '*'
+  ghes: '*'
+  ghae: '*'
+topics:
+  - Enterprise
+children:
+  - /reviewing-audit-logs-for-your-enterprise
+  - /exploring-user-activity
+shortTitle: Monitor activity
+---

content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise.md

@@ -0,0 +1,61 @@
+---
+title: About the audit log for your enterprise
+intro: 'To support debugging and internal and external compliance, {% data variables.product.product_name %} provides logs of audited{% ifversion ghes %} system,{% endif %} user, organization, and repository events.'
+shortTitle: About audit logs
+redirect_from:
+  - /enterprise/admin/articles/audit-logging
+  - /enterprise/admin/installation/audit-logging
+  - /enterprise/admin/user-management/audit-logging
+  - /admin/user-management/audit-logging
+  - /admin/user-management/monitoring-activity-in-your-enterprise/audit-logging
+  - /github/setting-up-and-managing-your-enterprise/managing-your-enterprise-users-with-your-identity-provider/auditing-activity-in-your-enterprise
+  - /admin/authentication/managing-your-enterprise-users-with-your-identity-provider/auditing-activity-in-your-enterprise
+  - /admin/identity-and-access-management/managing-iam-with-enterprise-managed-users/auditing-activity-in-your-enterprise
+versions:
+  ghes: '*'
+  ghae: '*'
+  ghec: '*'
+type: overview
+topics:
+  - Auditing
+  - Enterprise
+  - Logging
+  - Security
+---
+
+## About audit logs
+
+{% data reusables.audit_log.retention-periods %}
+
+{% data reusables.audit_log.audit-log-search-list-info-about-action %}
+
+In addition to viewing your audit log, you can monitor activity in your enterprise in other ways, such as {% ifversion ghes or ghae %}viewing push logs and {% endif %}managing global webhooks. For more information, see "[Exploring user activity in your enterprise](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity)."
+
+## Using your audit logs
+
+As an enterprise owner{% ifversion ghes %} or site administrator{% endif %}, you can interact with the audit log data for your enterprise in several ways:
+- You can view the audit log for your enterprise. For more information, see "[Accessing the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/accessing-the-audit-log-for-your-enterprise)."
+- You can search the audit log for specific events{% ifversion ghec %} and export audit log data{% endif %}. For more information, see "[Searching the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/searching-the-audit-log-for-your-enterprise)"{% ifversion ghec %} and "[Exporting the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/exporting-audit-log-activity-for-your-enterprise)"{% endif %}.
+{%- ifversion ghec %}
+- You can stream audit and Git events data from {% data variables.product.prodname_dotcom %} to an external data management system. For more information, see "[Streaming the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise)."
+{%- else %}
+- You can forward audit and system logs, from your enterprise to an third-party hosted monitoring system. For more information, see "[Log forwarding](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/log-forwarding)."
+{%- endif %}
+{%- ifversion ghec or ghes > 3.2 or ghae-issue-6648 %}
+- You can use the Audit log API to view actions performed in your enterprise. For more information, see "[Using the audit log API for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/using-the-audit-log-api-for-your-enterprise)."
+{%- endif %}
+
+For a full list of audit log actions that may appear in your enterprise audit log, see "[Audit log actions for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise)."
+
+{% ifversion ghec %}
+## Git events
+
+Git events data, such as cloning, fetching, and pushing is logged. For more information, see "[Streaming the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise)."
+
+{% endif %}
+
+## Further reading
+- "[Reviewing the audit log for your organization](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization)"
+{%- ifversion ghes %}
+- "[About system logs](/admin/enterprise-management/monitoring-your-appliance/about-system-logs)"
+{%- endif %}

content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/accessing-the-audit-log-for-your-enterprise.md

@@ -0,0 +1,27 @@
+---
+title: Accessing the audit log for your enterprise
+intro: You can view aggregated actions from all of the organizations owned by an enterprise account in the enterprise's audit log.
+shortTitle: Access audit logs
+permissions: Enterprise owners {% ifversion ghes %}and site administrators {% endif %}can access the audit log.
+redirect_from:
+  - /github/setting-up-and-managing-your-enterprise/managing-organizations-in-your-enterprise-account/viewing-the-audit-logs-for-organizations-in-your-enterprise-account
+  - /articles/viewing-the-audit-logs-for-organizations-in-your-business-account
+  - /articles/viewing-the-audit-logs-for-organizations-in-your-enterprise-account
+  - /github/setting-up-and-managing-your-enterprise-account/viewing-the-audit-logs-for-organizations-in-your-enterprise-account
+  - /github/setting-up-and-managing-your-enterprise/viewing-the-audit-logs-for-organizations-in-your-enterprise-account
+  - /admin/user-management/managing-organizations-in-your-enterprise/viewing-the-audit-logs-for-organizations-in-your-enterprise
+versions:
+  ghec: '*'
+  ghes: '*'
+  ghae: '*'
+type: how_to
+topics:
+  - Auditing
+  - Enterprise
+  - Logging
+---
+{% data reusables.audit_log.retention-periods %}
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+{% data reusables.enterprise-accounts.audit-log-tab %}

content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/exporting-audit-log-activity-for-your-enterprise.md

@@ -0,0 +1,50 @@
+---
+title: Exporting audit log activity for your enterprise
+intro: 'You can export audit and Git events data to a file for offline analysis.'
+shortTitle: Export audit logs
+permissions: Enterprise owners can export the audit log.
+miniTocMaxHeadingLevel: 3
+versions:
+  ghec: '*'
+type: tutorial
+topics:
+  - Auditing
+  - Enterprise
+  - Logging
+---
+## About exports of audit log and Git events data
+
+You can export the audit log by downloading a JSON or CSV file from your enterprise on {% data variables.product.product_name %}. When you export audit log events, you can query by one or more of these supported qualifiers to filter for specific log events to export. For more information about search qualifiers, see "[Search based on the action performed](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/searching-the-audit-log-for-your-enterprise#search-based-on-the-action-performed)."
+
+You can export Git events data by downloading a JSON file from your enterprise audit log. Unlike audit log data, you cannot query for specific Git events to filter and export in the audit log user interface.
+
+{% data reusables.audit_log.exported-log-keys-and-values %}
+
+As an alternative to exporting log events, you can use the API to retrieve audit log events, or set up {% data variables.product.product_name %} to stream audit data as events are logged. For more information, see "[Using the audit log API for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/using-the-audit-log-api-for-your-enterprise)" and "[Streaming the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise)."
+
+## Exporting audit log data
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+{% data reusables.enterprise-accounts.audit-log-tab %}
+1. Optionally, to only export filtered results, search by one or more supported qualifiers or log filters.
+2. Select the {% octicon "download" aria-label="The Download icon" %} **Export** dropdown menu, and choose the file format (JSON or CSV) to export log events in.
+
+    ![Export button](/assets/images/help/organizations/org-audit-log-export.png)
+
+## Exporting Git events data
+
+You can also export Git events data by date range.
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+{% data reusables.enterprise-accounts.audit-log-tab %}
+1. Select the {% octicon "download" aria-label="The Download icon" %} **Export Git Events** dropdown menu and choose a date range to export log events for.
+
+    ![Export Git events button](/assets/images/help/organizations/org-audit-log-export-git-events.png)
+1. Click {% octicon "file-zip" aria-label="The File-zip icon" %} **Download Results** to download the file.
+1. The data is exported as a compressed JSON file. To extract the JSON data, uncompress the file using an archive utility client or command. For example:
+
+    ```
+    gunzip export-avocado-corp-1642896556.json.gz
+    ```

content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/index.md

@@ -0,0 +1,19 @@
+---
+title: Reviewing audit logs for your enterprise
+intro: You can view user and system activity in the audit logs for your enterprise.
+shortTitle: Review audit logs
+versions:
+  ghec: '*'
+  ghes: '*'
+  ghae: '*'
+topics:
+  - Enterprise
+children:
+  - /about-the-audit-log-for-your-enterprise
+  - /accessing-the-audit-log-for-your-enterprise
+  - /searching-the-audit-log-for-your-enterprise
+  - /exporting-audit-log-activity-for-your-enterprise
+  - /streaming-the-audit-log-for-your-enterprise
+  - /using-the-audit-log-api-for-your-enterprise
+  - /audit-log-events-for-your-enterprise
+---

content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/searching-the-audit-log-for-your-enterprise.md

@@ -0,0 +1,130 @@
+---
+title: Searching the audit log for your enterprise
+intro: You can search an extensive list of audited actions in your enterprise.
+shortTitle: Search audit logs
+permissions: Enterprise owners {% ifversion ghes %}and site administrators {% endif %}can search the audit log.
+redirect_from:
+  - /enterprise/admin/articles/searching-the-audit-log
+  - /enterprise/admin/installation/searching-the-audit-log
+  - /enterprise/admin/user-management/searching-the-audit-log
+  - /admin/user-management/searching-the-audit-log
+  - /admin/user-management/monitoring-activity-in-your-enterprise/searching-the-audit-log
+versions:
+  ghes: '*'
+  ghae: '*'
+  ghec: '*'
+type: how_to
+topics:
+  - Auditing
+  - Enterprise
+  - Logging
+miniTocMaxHeadingLevel: 3
+---
+
+## About search for the enterprise audit log
+
+You can search your enterprise audit log directly from the user interface by using the **Filters** dropdown, or by typing a search query.
+
+  ![Search query](/assets/images/enterprise/site-admin-settings/search-query.png)
+
+For more information about viewing your enterprise audit log, see "[Accessing the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/accessing-the-audit-log-for-your-enterprise)." 
+
+You can also use the API to retrieve audit log events. For more information, see "[Using the audit log API for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/using-the-audit-log-api-for-your-enterprise)."
+
+Note that you cannot search for entries using text. You can, however, construct search queries using a variety of filters. Many operators used when querying the log, such as `-`, `>`, or `<`, match the same format as searching across {% data variables.product.product_name %}. For more information, see "[Searching on {% data variables.product.prodname_dotcom %}](/search-github/getting-started-with-searching-on-github/about-searching-on-github)."
+
+{% note %}
+
+**Note**: {% data reusables.audit_log.retention-periods %}
+
+{% endnote %}
+
+## Search query filters
+
+Filter| Description
+--------------:| -----------
+`Yesterday's activity` | All actions created in the past day.
+`Enterprise account management` | All actions in the `business` category.
+`Organization membership` | All actions for when a new user was invited to join an organization.
+`Team management` | All actions related to team management.<br/>- When a user account or repository was added or removed from a team<br/>- When a team maintainer was promoted or demoted<br/>-  When a team was deleted
+`Repository management` | All actions for repository management.<br/>- When a repository was created or deleted<br/>- When the repository visibility was changed<br/>- When a team was added or removed from a repository{% ifversion ghec %}
+`Billing updates` | All actions concerning how your enterprise pays for {% data variables.product.prodname_dotcom %} and for when your billing email address was changed.{% endif %}
+`Hook activity` | All actions for webhooks and pre-receive hooks.
+`Security management` | All actions concerning SSH keys, deploy keys, security keys, 2FA, and SAML single sign-on credential authorization, and vulnerability alerts for repositories.
+
+## Search query syntax
+
+You can compose a search query from one or more `key:value` pairs, separated by AND/OR logical operators. For example, to see all actions that have affected the repository `octocat/Spoon-Knife` since the beginning of 2017:
+
+  `repo:"octocat/Spoon-Knife" AND created:>=2017-01-01`
+
+The `key:value` pairs that can be used in a search query are:
+
+Key            | Value
+--------------:| --------------------------------------------------------
+`actor_id`     | ID of the user account that initiated the action
+`actor`        | Name of the user account that initiated the action
+`oauth_app_id` | ID of the OAuth application associated with the action
+`action`       | Name of the audited action
+`user_id`      | ID of the user affected by the action
+`user`         | Name of the user affected by the action
+`repo_id`      | ID of the repository affected by the action (if applicable)
+`repo`         | Name of the repository affected by the action (if applicable)
+`actor_ip`     | IP address from which the action was initiated
+`created`      | Time at which the action occurred{% ifversion ghes %}. If querying the audit log from the site admin dashboard, use `created_at` instead{% endif %}
+`from`         | View from which the action was initiated
+`note`         | Miscellaneous event-specific information (in either plain text or JSON format)
+`org`          | Name of the organization affected by the action (if applicable)
+`org_id`       | ID of the organization affected by the action (if applicable)
+`business` | Name of the enterprise affected by the action (if applicable)
+`business_id` | ID of the enterprise affected by the action (if applicable)
+
+To see actions grouped by category, you can also use the action qualifier as a `key:value` pair. For more information, see "[Search based on the action performed](#search-based-on-the-action-performed)."
+
+For a full list of actions in your enterprise audit log, see "[Audit log actions for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise)."
+
+## Searching the audit log
+
+{% data reusables.audit_log.audit-log-search-by-operation %}
+
+{% data reusables.audit_log.audit-log-search-by-repo %}
+
+{% data reusables.audit_log.audit-log-search-by-user %}
+
+### Search based on the action performed
+
+To search for specific events, use the `action` qualifier in your query. For example:
+
+  * `action:team` finds all events grouped within the team category.
+  * `-action:hook` excludes all events in the webhook category.
+
+Each category has a set of associated actions that you can filter on. For example:
+
+  * `action:team.create` finds all events where a team was created.
+  * `-action:hook.events_changed` excludes all events where the events on a webhook have been altered.
+
+Actions that can be found in your enterprise audit log are grouped within the following categories:
+
+{% data reusables.audit_log.audit-log-action-categories %}
+### Search based on time of action
+
+Use the `created` qualifier to filter events in the audit log based on when they occurred.
+
+{% data reusables.time_date.date_format %} {% data reusables.time_date.time_format %}
+
+{% data reusables.search.date_gt_lt %}
+
+For example:
+
+  * `created:2014-07-08` finds all events that occurred on July 8th, 2014.
+  * `created:>=2014-07-08` finds all events that occurred on or after July 8th, 2014.
+  * `created:<=2014-07-08` finds all events that occurred on or before July 8th, 2014.
+  * `created:2014-07-01..2014-07-31` finds all events that occurred in the month of July 2014.
+
+### Search based on location
+
+Using the qualifier `country`, you can filter events in the audit log based on the originating country. You can use a country's two-letter short code or full name. Countries with spaces in their name will need to be wrapped in quotation marks. For example:
+
+  * `country:de` finds all events that occurred in Germany.
+  * `country:Mexico` finds all events that occurred in Mexico.
+  * `country:"United States"` all finds events that occurred in the United States.

content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise.md

@@ -1,5 +1,5 @@
 ---
-title: Streaming the audit logs for organizations in your enterprise account
+title: Streaming the audit log for your enterprise
 intro: 'You can stream audit and Git events data from {% data variables.product.prodname_dotcom %} to an external data management system.'
 miniTocMaxHeadingLevel: 3
 versions:
@@ -10,27 +10,13 @@ topics:
   - Enterprise
   - Logging
   - Organizations
-shortTitle: Stream organization audit logs
+shortTitle: Stream audit logs
 redirect_from:
   - /github/setting-up-and-managing-your-enterprise/managing-organizations-in-your-enterprise-account/streaming-the-audit-logs-for-organizations-in-your-enterprise-account
+  - /admin/user-management/managing-organizations-in-your-enterprise/streaming-the-audit-logs-for-organizations-in-your-enterprise-account
 permissions: Enterprise owners can configure audit log streaming.
 ---
 
-## About exporting audit data
-
-You can extract audit log and Git events data from {% data variables.product.prodname_dotcom %} in multiple ways:
-
-* Go to the Audit log page in {% data variables.product.prodname_dotcom %} and click **Export**. For more information, see "[Viewing the audit logs for organizations in your enterprise account](/github/setting-up-and-managing-your-enterprise/managing-organizations-in-your-enterprise-account/viewing-the-audit-logs-for-organizations-in-your-enterprise-account)" and "[Exporting the audit log](/organizations/keeping-your-organization-secure/reviewing-the-audit-log-for-your-organization#exporting-the-audit-log)."
-* Use the API to poll for new audit log events. For more information, see "[Using the audit log API](/organizations/keeping-your-organization-secure/reviewing-the-audit-log-for-your-organization#using-the-audit-log-api)."
-* Set up {% data variables.product.product_name %} to stream audit data as events are logged.
-
-Currently, audit log streaming is supported for multiple storage providers.
-- Amazon S3
-- Azure Blob Storage
-- Azure Event Hubs
-- Google Cloud Storage
-- Splunk
-
 ## About audit log streaming
 
 To help protect your intellectual property and maintain compliance for your organization, you can use streaming to keep copies of your audit log data and monitor:
@@ -40,7 +26,7 @@ The benefits of streaming audit data include:
 
 * **Data exploration**. You can examine streamed events using your preferred tool for querying large quantities of data. The stream contains both audit events and Git events across the entire enterprise account.
 * **Data continuity**. You can pause the stream for up to seven days without losing any audit data.
-* **Data retention**. You can keep your exported audit logs and Git data as long as you need to.
+* **Data retention**. You can keep your exported audit logs and Git events data as long as you need to.
 
 Enterprise owners can set up, pause, or delete a stream at any time. The stream exports the audit data for all of the organizations in your enterprise.
 

content/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/using-the-audit-log-api-for-your-enterprise.md

@@ -0,0 +1,143 @@
+---
+title: Using the audit log API for your enterprise
+intro: 'You can programmatically retrieve enterprise events with the{% ifversion ghec or ghes > 3.2 %} REST or{% endif %} GraphQL API.'
+shortTitle: Audit log API
+permissions: Enterprise owners {% ifversion ghes %}and site administrators {% endif %}can use the audit log API.
+miniTocMaxHeadingLevel: 3
+versions:
+  ghec: '*'
+  ghes: '>=3.0'
+  ghae: '*'
+type: tutorial
+topics:
+  - Auditing
+  - Enterprise
+  - Logging
+  - API
+---
+
+## Using the audit log API
+
+You can interact with the audit log using the GraphQL API{% ifversion ghec or ghes > 3.2 or ghae-issue-6648 %} or the REST API{% endif %}. 
+
+Timestamps and date fields in the API response are measured in [UTC epoch milliseconds](http://en.wikipedia.org/wiki/Unix_time).
+
+{% ifversion ghec or ghes > 3.0 or ghae %}
+## Querying the audit log GraphQL API
+
+To ensure your intellectual property is secure, and you maintain compliance for your enterprise, you can use the audit log GraphQL API to keep copies of your audit log data and monitor:
+{% data reusables.audit_log.audit-log-api-info %}
+
+Note that you can't retrieve Git events using the {% ifversion not ghec %}audit log API.{% else %}GraphQL API. To retrieve Git events, use the REST API instead. For more information, see `git` category actions in "[Audit log actions for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise#git-category-actions)", and also the "[Enterprise administration](/rest/reference/enterprise-admin#audit-log)" and "[Organizations](/rest/reference/orgs#get-the-audit-log-for-an-organization) audit log endpoints in the REST API documentation."{% endif %}
+
+The GraphQL response can include data for up to 90 to 120 days.
+
+### Example 1: Members added to or removed from organizations in an enterprise
+
+The query below fetches the audit logs for the `avocado-corp` enterprise and returns the first 10 organizations in the enterprise, where the only actions performed were adding or removing a member from an organization. The first 20 audit log entries for each organization are returned. 
+
+This query uses the [auditlog](/graphql/reference/objects) field from the Organization object, and the [OrgAddMemberAuditEntry](/graphql/reference/objects#orgaddmemberauditentry) and [OrgRemoveMemberAuditEntry](/graphql/reference/objects#orgremovememberauditentry) objects. The  {% data variables.product.prodname_dotcom %} account querying the enterprise audit log must be an organization owner for each organization within the enterprise.
+
+```shell
+{
+  enterprise(slug: "avocado-corp") {
+    organizations(first: 10, orderBy: {field: LOGIN, direction: DESC}) {
+      nodes {
+        name
+        auditLog(first: 20) {
+          edges {
+            node {
+              ... on OrgAddMemberAuditEntry {
+                action
+                actorLogin
+                createdAt
+              }
+              ... on OrgRemoveMemberAuditEntry {
+                action
+                actorLogin
+                createdAt
+              }
+            }
+          }
+        }
+      }
+      pageInfo {
+        hasNextPage
+        endCursor
+      }
+    }
+  }
+}
+```
+
+The GraphQL API will return at most 100 nodes per query. To retrieve additional results, you'll need to implement pagination. For more information, see "[Resource limitations](/graphql/overview/resource-limitations#node-limit)" in the GraphQL API documentation and [Pagination](https://graphql.org/learn/pagination/) in the official GraphQL documentation.
+### Example 2: Events in an organization, for a specific date and actor
+
+You can specify multiple search phrases, such as `created` and `actor`, by separating them in your query string with a space.
+
+The query below fetches all the audit logs for the `avocado-corp` enterprise that relate to the `octo-org` organization, where the actions were performed by the `octocat` user on or after the 1 Jan, 2022. The first 20 audit log entries are returned, with the newest log entry appearing first. 
+
+This query uses the [AuditEntry](/graphql/reference/interfaces#auditentry) interface. The {% data variables.product.prodname_dotcom %} account querying the enterprise audit log must be an owner of the `octo-org` organization.
+
+```shell
+{
+  enterprise(slug: "avocado-corp") {
+    organizations(first: 1, query: "octo-org") {
+      nodes {
+        name
+        auditLog(first: 20, query: "actor:octocat created:>=2022-01-01T00:00:00.000Z", orderBy: {field: CREATED_AT, direction: DESC}) {
+          edges {
+            node {
+              ... on AuditEntry {
+                action
+                actorLogin
+                createdAt
+                user {
+                  name
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
+```
+
+For more query examples, see the [platform-samples repository](https://github.com/github/platform-samples/blob/master/graphql/queries).
+
+{% endif %}
+{% ifversion ghec or ghes > 3.2 or ghae-issue-6648 %}
+## Querying the audit log REST API
+
+To ensure your intellectual property is secure, and you maintain compliance for your enterprise, you can use the audit log REST API to keep copies of your audit log data and monitor:
+{% data reusables.audit_log.audited-data-list %}
+
+{% data reusables.audit_log.retention-periods %}
+
+For more information about the audit log REST API, see "[Enterprise administration](/rest/reference/enterprise-admin#audit-log)" and "[Organizations](/rest/reference/orgs#get-the-audit-log-for-an-organization)."
+
+### Example 1: All events in an enterprise, for a specific date, with pagination
+
+The query below searches for audit log events created on Jan 1st, 2022 in the `avocado-corp` enterprise, and return the first page with a maximum of 100 items per page using [REST API pagination](/rest/overview/resources-in-the-rest-api#pagination):
+
+```shell
+curl -H "Authorization: token <em>TOKEN</em>" \
+--request GET \
+"https://api.github.com/enterprises/avocado-corp/audit-log?phrase=created:2022-01-01&page=1&per_page=100"
+```
+
+### Example 2: Events for pull requests in an enterprise, for a specific date and actor
+
+You can specify multiple search phrases, such as `created` and `actor`, by separating them in your formed URL with the `+` symbol or ASCII character code `%20`.
+
+The query below searches for audit log events for pull requests, where the event occurred on or after Jan 1st, 2022 in the `avocado-corp` enterprise, and the action was performed by the `octocat` user:
+
+```shell
+curl -H "Authorization: token <em>TOKEN</em>" \
+--request GET \
+"https://api.github.com/enterprises/avocado-corp/audit-log?phrase=action:pull_request+created:>=2022-01-01+actor:octocat"
+```
+
+{% endif %}

content/admin/overview/system-overview.md

@@ -39,15 +39,15 @@ The user filesystem contains user configuration and data, such as:
 
 ## Deployment options
 
-You can deploy {% data variables.product.prodname_ghe_server %} as a single virtual appliance, or in a high availability configuration. For more information, see "[Configuring {% data variables.product.prodname_ghe_server %} for High Availability](/enterprise/{{ currentVersion }}/admin/guides/installation/configuring-github-enterprise-server-for-high-availability/)."
+You can deploy {% data variables.product.prodname_ghe_server %} as a single virtual appliance, or in a high availability configuration. For more information, see "[Configuring {% data variables.product.prodname_ghe_server %} for High Availability](/admin/enterprise-management/configuring-high-availability)."
 
-Some organizations with tens of thousands of developers may also benefit from {% data variables.product.prodname_ghe_server %} Clustering. For more information, see "[About clustering](/enterprise/{{ currentVersion }}/admin/guides/clustering/about-clustering)."
+Some organizations with tens of thousands of developers may also benefit from {% data variables.product.prodname_ghe_server %} Clustering. For more information, see "[About clustering](/admin/enterprise-management/configuring-clustering/about-clustering)."
 
 ## Data retention and datacenter redundancy
 
 {% danger %}
 
-Before using {% data variables.product.prodname_ghe_server %} in a production environment, we strongly recommend you set up backups and a disaster recovery plan. For more information, see "[Configuring backups on your appliance](/enterprise/{{ currentVersion }}/admin/guides/installation/configuring-backups-on-your-appliance)."
+Before using {% data variables.product.prodname_ghe_server %} in a production environment, we strongly recommend you set up backups and a disaster recovery plan. For more information, see "[Configuring backups on your appliance](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance)."
 
 {% enddanger %}
 
@@ -55,7 +55,7 @@ Before using {% data variables.product.prodname_ghe_server %} in a production en
 
 In addition to network backups, both AWS (EBS) and VMware disk snapshots of the user storage volumes are supported while the appliance is offline or in maintenance mode. Regular volume snapshots can be used as a low-cost, low-complexity alternative to network backups with {% data variables.product.prodname_enterprise_backup_utilities %} if your service level requirements allow for regular offline maintenance.
 
-For more information, see "[Configuring backups on your appliance](/enterprise/{{ currentVersion }}/admin/guides/installation/configuring-backups-on-your-appliance)."
+For more information, see "[Configuring backups on your appliance](/admin/configuration/configuring-your-enterprise/configuring-backups-on-your-appliance)."
 
 ## Security
 
@@ -80,11 +80,11 @@ For more information, see "[Configuring backups on your appliance](/enterprise/{
 
 Currently, the base of the {% data variables.product.prodname_ghe_server %} appliance is Debian 9 (Stretch) and receives support under the Debian Long Term Support program.  There are plans to move to a newer base operating system before the end of the Debian LTS period for Stretch.
 
-Regular patch updates are released on the {% data variables.product.prodname_ghe_server %} [releases](https://enterprise.github.com/releases) page, and the [release notes](/enterprise-server/admin/release-notes) page provides more information. These patches typically contain upstream vendor and project security patches after they've been tested and quality approved by our engineering team. There can be a slight time delay from when the upstream update is released to when it's tested and bundled in an upcoming {% data variables.product.prodname_ghe_server %} patch release.
+Regular patch updates are released on the {% data variables.product.prodname_ghe_server %} [releases](https://enterprise.github.com/releases) page, and the [release notes](/admin/release-notes) page provides more information. These patches typically contain upstream vendor and project security patches after they've been tested and quality approved by our engineering team. There can be a slight time delay from when the upstream update is released to when it's tested and bundled in an upcoming {% data variables.product.prodname_ghe_server %} patch release.
 
 ### Network security
 
-{% data variables.product.prodname_ghe_server %}'s internal firewall restricts network access to the appliance's services. Only services necessary for the appliance to function are available over the network. For more information, see "[Network ports](/enterprise/{{ currentVersion }}/admin/guides/installation/network-ports)."
+{% data variables.product.prodname_ghe_server %}'s internal firewall restricts network access to the appliance's services. Only services necessary for the appliance to function are available over the network. For more information, see "[Network ports](/admin/configuration/configuring-network-settings/network-ports)."
 
 ### Application security
 
@@ -92,15 +92,15 @@ Regular patch updates are released on the {% data variables.product.prodname_ghe
 
 ### External services and support access
 
-{% data variables.product.prodname_ghe_server %} can operate without any egress access from your network to outside services. You can optionally enable integration with external services for email delivery, external monitoring, and log forwarding. For more information, see "[Configuring email for notifications](/admin/configuration/configuring-email-for-notifications)," "[Setting up external monitoring](/enterprise/{{ currentVersion }}/admin/installation/setting-up-external-monitoring)," and "[Log forwarding](/admin/user-management/log-forwarding)."
+{% data variables.product.prodname_ghe_server %} can operate without any egress access from your network to outside services. You can optionally enable integration with external services for email delivery, external monitoring, and log forwarding. For more information, see "[Configuring email for notifications](/admin/configuration/configuring-your-enterprise/configuring-email-for-notifications)," "[Setting up external monitoring](/admin/enterprise-management/monitoring-your-appliance/setting-up-external-monitoring)," and "[Log forwarding](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/log-forwarding)."
 
-You can manually collect and send troubleshooting data to {% data variables.contact.github_support %}. For more information, see "[Providing data to {% data variables.contact.github_support %}](/enterprise/{{ currentVersion }}/admin/enterprise-support/providing-data-to-github-support)."
+You can manually collect and send troubleshooting data to {% data variables.contact.github_support %}. For more information, see "[Providing data to {% data variables.contact.github_support %}](/support/contacting-github-support/providing-data-to-github-support)."
 
 ### Encrypted communication
 
-{% data variables.product.prodname_dotcom %} designs {% data variables.product.prodname_ghe_server %} to run behind your corporate firewall. To secure communication over the wire, we encourage you to enable Transport Layer Security (TLS). {% data variables.product.prodname_ghe_server %} supports 2048-bit and higher commercial TLS certificates for HTTPS traffic. For more information, see "[Configuring TLS](/enterprise/{{ currentVersion }}/admin/installation/configuring-tls)."
+{% data variables.product.prodname_dotcom %} designs {% data variables.product.prodname_ghe_server %} to run behind your corporate firewall. To secure communication over the wire, we encourage you to enable Transport Layer Security (TLS). {% data variables.product.prodname_ghe_server %} supports 2048-bit and higher commercial TLS certificates for HTTPS traffic. For more information, see "[Configuring TLS](/admin/configuration/configuring-network-settings/configuring-tls)."
 
-By default, the appliance also offers Secure Shell (SSH) access for both repository access using Git and administrative purposes. For more information, see "[About SSH](/enterprise/user/articles/about-ssh)" and "[Accessing the administrative shell (SSH)](/enterprise/{{ currentVersion }}/admin/installation/accessing-the-administrative-shell-ssh)."
+By default, the appliance also offers Secure Shell (SSH) access for both repository access using Git and administrative purposes. For more information, see "[About SSH](/authentication/connecting-to-github-with-ssh/about-ssh)" and "[Accessing the administrative shell (SSH)](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)."
 
 {% ifversion ghes > 3.3 %}
 
@@ -112,24 +112,24 @@ If you configure SAML authentication for {% data variables.product.product_locat
 
 {% data variables.product.prodname_ghe_server %} provides three types of accounts.
 
-- The `admin` Linux user account has controlled access to the underlying operating system, including direct filesystem and database access. A small set of trusted administrators should have access to this account, which they can access over SSH. For more information, see "[Accessing the administrative shell (SSH)](/enterprise/{{ currentVersion }}/admin/installation/accessing-the-administrative-shell-ssh)."
+- The `admin` Linux user account has controlled access to the underlying operating system, including direct filesystem and database access. A small set of trusted administrators should have access to this account, which they can access over SSH. For more information, see "[Accessing the administrative shell (SSH)](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)."
 - User accounts in the appliance's web application have full access to their own data and any data that other users or organizations explicitly grant.
 - Site administrators in the appliance's web application are user accounts that can manage high-level web application and appliance settings, user and organization account settings, and repository data.
 
-For more information about {% data variables.product.prodname_ghe_server %}'s user permissions, see "[Access permissions on GitHub](/enterprise/user/articles/access-permissions-on-github)."
+For more information about {% data variables.product.prodname_ghe_server %}'s user permissions, see "[Access permissions on GitHub](/get-started/learning-about-github/access-permissions-on-github)."
 
 ### Authentication
 
 {% data variables.product.prodname_ghe_server %} provides four authentication methods.
 
-- SSH public key authentication provides both repository access using Git and administrative shell access. For more information, see "[About SSH](/enterprise/user/articles/about-ssh)" and "[Accessing the administrative shell (SSH)](/enterprise/{{ currentVersion }}/admin/installation/accessing-the-administrative-shell-ssh)."
-- Username and password authentication with HTTP cookies provides web application access and session management, with optional two-factor authentication (2FA). For more information, see "[Using built-in authentication](/enterprise/{{ currentVersion }}/admin/user-management/using-built-in-authentication)."
-- External LDAP, SAML, or CAS authentication using an LDAP service, SAML Identity Provider (IdP), or other compatible service provides access to the web application. For more information, see "[Authenticating users for your GitHub Enterprise Server instance](/enterprise/{{ currentVersion }}/admin/user-management/authenticating-users-for-your-github-enterprise-server-instance)."
+- SSH public key authentication provides both repository access using Git and administrative shell access. For more information, see "[About SSH](/authentication/connecting-to-github-with-ssh/about-ssh)" and "[Accessing the administrative shell (SSH)](/admin/configuration/configuring-your-enterprise/accessing-the-administrative-shell-ssh)."
+- Username and password authentication with HTTP cookies provides web application access and session management, with optional two-factor authentication (2FA). For more information, see "[Using built-in authentication](/admin/identity-and-access-management/authenticating-users-for-your-github-enterprise-server-instance/using-built-in-authentication)."
+- External LDAP, SAML, or CAS authentication using an LDAP service, SAML Identity Provider (IdP), or other compatible service provides access to the web application. For more information, see "[Authenticating users for your GitHub Enterprise Server instance](/admin/identity-and-access-management/authenticating-users-for-your-github-enterprise-server-instance)."
 - OAuth and Personal Access Tokens provide access to Git repository data and APIs for both external clients and services. For more information, see "[Creating a personal access token](/github/authenticating-to-github/creating-a-personal-access-token)."
 
 ### Audit and access logging
 
-{% data variables.product.prodname_ghe_server %} stores both traditional operating system and application logs. The application also writes detailed auditing and security logs, which {% data variables.product.prodname_ghe_server %} stores permanently. You can forward both types of logs in real time to multiple destinations via the `syslog-ng` protocol. For more information, see "[Log forwarding](/admin/user-management/log-forwarding)."
+{% data variables.product.prodname_ghe_server %} stores both traditional operating system and application logs. The application also writes detailed auditing and security logs, which {% data variables.product.prodname_ghe_server %} stores permanently. You can forward both types of logs in real time to multiple destinations via the `syslog-ng` protocol. For more information, see "[Log forwarding](/admin/monitoring-activity-in-your-enterprise/exploring-user-activity/log-forwarding)."
 
 Access and audit logs include information like the following.
 
@@ -158,6 +158,6 @@ Tarballs are also available, with a full list of dependencies and metadata, at `
 
 ## Further reading
 
-- "[Setting up a trial of {% data variables.product.prodname_ghe_server %}](/articles/setting-up-a-trial-of-github-enterprise-server)"
-- "[Setting up a {% data variables.product.prodname_ghe_server %} instance](/enterprise/{{ currentVersion }}/admin/guides/installation/setting-up-a-github-enterprise-server-instance)"
+- "[Setting up a trial of {% data variables.product.prodname_ghe_server %}](/get-started/signing-up-for-github/setting-up-a-trial-of-github-enterprise-server)"
+- "[Setting up a {% data variables.product.prodname_ghe_server %} instance](/admin/installation/setting-up-a-github-enterprise-server-instance)"
 - [ {% data variables.product.prodname_roadmap %} ]( {% data variables.product.prodname_roadmap_link %} ) in the  `github/roadmap` repository

content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md

@@ -118,7 +118,7 @@ Across all organizations owned by your enterprise, you can allow people with acc
   
 ## Enforcing a policy for inviting{% ifversion ghec %} outside{% endif %} collaborators to repositories
 
-Across all organizations owned by your enterprise, you can allow members to invite{% ifversion ghec %} outside{% endif %} collaborators to repositories, restrict {% ifversion ghec %}outside collaborator {% endif %}invitations to organization owners, or allow owners to administer the setting on the organization level.
+Across all organizations owned by your enterprise, you can allow members to invite{% ifversion ghec %} outside{% endif %} collaborators to repositories, restrict {% ifversion ghec %}outside collaborator {% endif %}invitations to organization owners, {% if prevent-org-admin-add-outside-collaborator %}restrict {% ifversion ghec %}outside collaborator {% endif %}invitations to enterprise owners, {% endif %}or allow organization owners to administer the setting on the organization level.
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}

content/admin/user-management/index.md

@@ -1,6 +1,6 @@
 ---
 title: 'Managing users, organizations, and repositories'
-shortTitle: 'Managing users, organizations, and repositories'
+shortTitle: 'Manage users, organizations, and repositories'
 intro: 'This guide describes authentication methods for users signing in to your enterprise, how to create organizations and teams for repository access and collaboration, and suggested best practices for user security.'
 redirect_from:
   - /enterprise/admin/categories/user-management
@@ -18,7 +18,6 @@ children:
   - /managing-users-in-your-enterprise
   - /managing-organizations-in-your-enterprise
   - /managing-repositories-in-your-enterprise
-  - /monitoring-activity-in-your-enterprise
   - /migrating-data-to-and-from-your-enterprise
 ---
 

content/admin/user-management/managing-organizations-in-your-enterprise/index.md

@@ -23,8 +23,6 @@ children:
   - /requiring-two-factor-authentication-for-an-organization
   - /creating-teams
   - /adding-people-to-teams
-  - /viewing-the-audit-logs-for-organizations-in-your-enterprise
-  - /streaming-the-audit-logs-for-organizations-in-your-enterprise-account
   - /managing-your-role-in-an-organization-owned-by-your-enterprise
   - /removing-users-from-teams-and-organizations
   - /removing-organizations-from-your-enterprise

content/admin/user-management/managing-organizations-in-your-enterprise/viewing-the-audit-logs-for-organizations-in-your-enterprise.md

@@ -1,35 +0,0 @@
----
-title: Viewing the audit logs for organizations in your enterprise
-intro: Enterprise owners can view aggregated actions from all of the organizations owned by an enterprise account in its audit log.
-redirect_from:
-  - /github/setting-up-and-managing-your-enterprise/managing-organizations-in-your-enterprise-account/viewing-the-audit-logs-for-organizations-in-your-enterprise-account
-  - /articles/viewing-the-audit-logs-for-organizations-in-your-business-account
-  - /articles/viewing-the-audit-logs-for-organizations-in-your-enterprise-account
-  - /github/setting-up-and-managing-your-enterprise-account/viewing-the-audit-logs-for-organizations-in-your-enterprise-account
-  - /github/setting-up-and-managing-your-enterprise/viewing-the-audit-logs-for-organizations-in-your-enterprise-account
-versions:
-  ghec: '*'
-type: how_to
-topics:
-  - Auditing
-  - Enterprise
-  - Logging
-  - Organizations
-shortTitle: View organization audit logs
----
-Each audit log entry shows applicable information about an event, such as:
-
-- The organization an action was performed in
-- The user who performed the action
-- Which repository an action was performed in
-- The action that was performed
-- Which country the action took place in
-- The date and time the action occurred
-
-You can search the audit log for specific events and export audit log data. For more information on searching the audit log and on specific organization events, see "[Reviewing the audit log for your organization](/organizations/keeping-your-organization-secure/reviewing-the-audit-log-for-your-organization)."
-
-You can also stream audit and Git events data from {% data variables.product.prodname_dotcom %} to an external data management system. For more information, see "[Streaming the audit logs for organizations in your enterprise account](/admin/user-management/managing-organizations-in-your-enterprise/streaming-the-audit-logs-for-organizations-in-your-enterprise-account)."
-
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.audit-log-tab %}

content/admin/user-management/managing-users-in-your-enterprise/auditing-users-across-your-enterprise.md

@@ -80,7 +80,7 @@ The `org` qualifier limits actions to a specific organization. For example:
 
 ### Search based on the action performed
 
-The `action` qualifier searches for specific events, grouped within categories. For information on the events associated with these categories, see "[Audited actions](/admin/user-management/audited-actions)".
+The `action` qualifier searches for specific events, grouped within categories. For information on the events associated with these categories, see "[Audit log events for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise)".
 
 | Category name | Description
 |------------------|-------------------

content/admin/user-management/managing-users-in-your-enterprise/customizing-user-messages-for-your-enterprise.md

@@ -77,7 +77,7 @@ Mandatory messages have a variety of uses.
 
 If you include Markdown checkboxes in the message, all checkboxes must be selected before the user can dismiss the message. For example, if you include your terms of service in the mandatory message, you can require that each user selects a checkbox to confirm the user has read the terms.
 
-Each time a user sees a mandatory message, an audit log event is created. The event includes the version of the message that the user saw. For more information see "[Audited actions](/admin/user-management/audited-actions)."
+Each time a user sees a mandatory message, an audit log event is created. The event includes the version of the message that the user saw. For more information see "[Audit log events for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise)."
 
 {% note %}
 

content/admin/user-management/managing-users-in-your-enterprise/impersonating-a-user.md

@@ -19,7 +19,7 @@ If you need to temporarily take over a user account, for example when troublesho
 
 For each impersonation session, you need to provide a reason for the impersonation. A session is limited to one hour, and you will have the same access as the user being impersonated.
 
-Actions you perform during an impersonation session are recorded as events in the enterprise audit log, as well as the impersonated user's security log. The person being impersonated is sent an email notification when the impersonation session starts. For more information, see "[Audited actions](/admin/user-management/monitoring-activity-in-your-enterprise/audited-actions)" and "[Reviewing your security log](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log)."
+Actions you perform during an impersonation session are recorded as events in the enterprise audit log, as well as the impersonated user's security log. The person being impersonated is sent an email notification when the impersonation session starts. For more information, see "[Audit log events for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/audit-log-events-for-your-enterprise)" and "[Reviewing your security log](/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log)."
 
 ## Impersonating a user
 

content/admin/user-management/monitoring-activity-in-your-enterprise/audit-logging.md

@@ -1,47 +0,0 @@
----
-title: Audit logging
-intro: '{% data variables.product.product_name %} keeps logs of audited{% ifversion ghes %} system,{% endif %} user, organization, and repository events. Logs are useful for debugging and internal and external compliance.'
-redirect_from:
-  - /enterprise/admin/articles/audit-logging
-  - /enterprise/admin/installation/audit-logging
-  - /enterprise/admin/user-management/audit-logging
-  - /admin/user-management/audit-logging
-versions:
-  ghes: '*'
-  ghae: '*'
-type: reference
-topics:
-  - Auditing
-  - Enterprise
-  - Logging
-  - Security
----
-For a full list, see "[Audited actions](/admin/user-management/audited-actions)." For more information on finding a particular action, see "[Searching the audit log](/admin/user-management/searching-the-audit-log)."
-
-## Push logs
-
-Every Git push operation is logged. For more information, see "[Viewing push logs](/admin/user-management/viewing-push-logs)."
-
-{% ifversion ghes %}
-## System events
-
-All audited system events are logged to `/var/log/github/audit.log`. Logs are automatically rotated every 24 hours and are retained for seven days.
-
-The support bundle includes system logs. For more information, see "[Providing data to {% data variables.product.prodname_dotcom %} Support](/admin/enterprise-support/providing-data-to-github-support)."
-
-## Support bundles
-
-All audit information is logged to the `audit.log` file in the `github-logs` directory of any support bundle. If log forwarding is enabled, you can stream this data to an external syslog stream consumer such as [Splunk](http://www.splunk.com/) or [Logstash](http://logstash.net/). All entries from this log use and can be filtered with the `github_audit` keyword. For more information see "[Log forwarding](/admin/user-management/log-forwarding)."
-
-For example, this entry shows that a new repository was created.
-
-```
-Oct 26 01:42:08 github-ent github_audit: {:created_at=>1351215728326, :actor_ip=>"10.0.0.51", :data=>{}, :user=>"some-user", :repo=>"some-user/some-repository", :actor=>"some-user", :actor_id=>2, :user_id=>2, :action=>"repo.create", :repo_id=>1, :from=>"repositories#create"}
-```
-
-This example shows that commits were pushed to a repository.
-
-```
-Oct 26 02:19:31 github-ent github_audit: { "pid":22860, "ppid":22859, "program":"receive-pack", "git_dir":"/data/repositories/some-user/some-repository.git", "hostname":"github-ent", "pusher":"some-user", "real_ip":"10.0.0.51", "user_agent":"git/1.7.10.4", "repo_id":1, "repo_name":"some-user/some-repository", "transaction_id":"b031b7dc7043c87323a75f7a92092ef1456e5fbaef995c68", "frontend_ppid":1, "repo_public":true, "user_name":"some-user", "user_login":"some-user", "frontend_pid":18238, "frontend":"github-ent", "user_email":"some-user@github.example.com", "user_id":2, "pgroup":"github-ent_22860", "status":"post_receive_hook", "features":" report-status side-band-64k", "received_objects":3, "receive_pack_size":243, "non_fast_forward":false, "current_ref":"refs/heads/main" }
-```
-{% endif %}

content/admin/user-management/monitoring-activity-in-your-enterprise/audited-actions.md

@@ -1,214 +0,0 @@
----
-title: Audited actions
-intro: You can search the audit log for a wide variety of actions.
-miniTocMaxHeadingLevel: 3
-redirect_from:
-  - /enterprise/admin/articles/audited-actions
-  - /enterprise/admin/installation/audited-actions
-  - /enterprise/admin/user-management/audited-actions
-  - /admin/user-management/audited-actions
-versions:
-  ghes: '*'
-  ghae: '*'
-type: reference
-topics:
-  - Auditing
-  - Enterprise
-  - Security
----
-
-## Authentication
-
-Action                               | Description
------------------------------------- | ----------------------------------------
-`oauth_access.create`                | An [OAuth access token][] was [generated][generate token] for a user account.
-`oauth_access.destroy`               | An [OAuth access token][] was deleted from a user account.
-`oauth_application.destroy`          | An [OAuth application][] was deleted from a user or organization account.
-`oauth_application.reset_secret`     | An [OAuth application][]'s secret key was reset.
-`oauth_application.transfer`         | An [OAuth application][] was transferred from one user or organization account to another.
-`public_key.create`                  | An SSH key was [added][add key] to a user account or a [deploy key][] was added to a repository.
-`public_key.delete`                  | An SSH key was removed from a user account or a [deploy key][] was removed from a repository.
-`public_key.update`                  | A user account's SSH key or a repository's [deploy key][] was updated.{% ifversion ghes %}
-`two_factor_authentication.enabled`  | [Two-factor authentication][2fa] was enabled for a user account.
-`two_factor_authentication.disabled` | [Two-factor authentication][2fa] was disabled for a user account.{% endif %}
-
-  [add key]: /articles/adding-a-new-ssh-key-to-your-github-account
-  [deploy key]: /guides/managing-deploy-keys/#deploy-keys
-  [generate token]: /articles/creating-an-access-token-for-command-line-use
-  [OAuth access token]: /developers/apps/authorizing-oauth-apps
-  [OAuth application]: /guides/basics-of-authentication/#registering-your-app
-  [2fa]: /articles/about-two-factor-authentication
-
-{% ifversion ghes %}
-## {% data variables.product.prodname_actions %}
-
-{% data reusables.actions.actions-audit-events-for-enterprise %}
-
-{% endif %}
-
-## Hooks
-
-Action                            | Description
---------------------------------- | -------------------------------------------
-`hook.create`                     | A new hook was added to a repository.
-`hook.config_changed`             | A hook's configuration was changed.
-`hook.destroy`                    | A hook was deleted.
-`hook.events_changed`             | A hook's configured events were changed.
-
-## Enterprise configuration settings
-
-Action                                          | Description
------------------------------------------------ | -------------------------------------------{% ifversion ghes or ghae %}
-`business.advanced_security_policy_update` | A site admin creates, updates, or removes a policy for {% data variables.product.prodname_GH_advanced_security %}. For more information, see "[Enforcing policies for {% data variables.product.prodname_advanced_security %} in your enterprise](/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise)."{% endif %}
-`business.clear_members_can_create_repos` | A site admin clears a restriction on repository creation in organizations in the enterprise. For more information, see "[Enforcing repository management policies in your enterprise](/admin/policies/enforcing-repository-management-policies-in-your-enterprise#setting-a-policy-for-repository-creation)."{% ifversion ghes > 3.1 %}
-`business.referrer_override_enable` | A site admin enables the referrer policy override. For more information, see "[Configuring the referrer policy for your enterprise](/admin/configuration/configuring-your-enterprise/configuring-the-referrer-policy-for-your-enterprise)."
-`business.referrer_override_disable` | A site admin disables the referrer policy override. For more information, see "[Configuring the referrer policy for your enterprise](/admin/configuration/configuring-your-enterprise/configuring-the-referrer-policy-for-your-enterprise)."{% endif %}
-`business.update_member_repository_creation_permission` | A site admin restricts repository creation in organizations in the enterprise. For more information, see "[Enforcing repository management policies in your enterprise](/admin/policies/enforcing-repository-management-policies-in-your-enterprise#setting-a-policy-for-repository-creation)."{% ifversion ghes %}
-`enterprise.config.lock_anonymous_git_access`   | A site admin locks anonymous Git read access to prevent repository admins from changing existing anonymous Git read access settings for repositories in the enterprise. For more information, see "[Enforcing repository management policies in your enterprise](/admin/policies/enforcing-repository-management-policies-in-your-enterprise#configuring-anonymous-git-read-access)."
-`enterprise.config.unlock_anonymous_git_access` | A site admin unlocks anonymous Git read access to allow repository admins to change existing anonymous Git read access settings for repositories in the enterprise. For more information, see "[Enforcing repository management policies in your enterprise](/admin/policies/enforcing-repository-management-policies-in-your-enterprise#configuring-anonymous-git-read-access)."{% endif %}
-
-{% ifversion ghae %}
-
-## IP allow lists
-
-Name                                 | Description
-------------------------------------:| -----------------------------------------------------------
-`ip_allow_list_entry.create`         | An IP address was added to an IP allow list.
-`ip_allow_list_entry.update`         | An IP address or its description was changed.
-`ip_allow_list_entry.destroy`        | An IP address was deleted from an IP allow list.
-`ip_allow_list.enable`               | An IP allow list was enabled.
-`ip_allow_list.enable_for_installed_apps` | An IP allow list was enabled for installed {% data variables.product.prodname_github_apps %}.
-`ip_allow_list.disable`              | An IP allow list was disabled.
-`ip_allow_list.disable_for_installed_apps` | An IP allow list was disabled for installed {% data variables.product.prodname_github_apps %}.
-
-{% endif %}
-
-## Issues
-
-Action                               | Description
------------------------------------- | -----------------------------------------------------------
-`issue.update`                       | An issue's body text (initial comment) changed.
-`issue_comment.update`               | A comment on an issue (other than the initial one) changed.
-`issue.destroy`                      | An issue was deleted from the repository. For more information, see "[Deleting an issue](/github/managing-your-work-on-github/deleting-an-issue)."
-
-## Organizations
-
-Action             | Description
------------------- | ----------------------------------------------------------
-`org.async_delete` | A user initiated a background job to delete an organization.
-`org.delete`       | An organization was deleted by a user-initiated background job.{% ifversion not ghae %}
-`org.transform`    | A user account was converted into an organization. For more information, see "[Converting a user into an organization](/github/setting-up-and-managing-your-github-user-account/converting-a-user-into-an-organization)."{% endif %}
-
-## Pull requests
-
-| Action | Description |
-| :- | :- |{% ifversion ghes > 3.1 or ghae %}
-| `pull_request.create` | A pull request was created. For more information, see "[Creating a pull request](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request)." |
-| `pull_request.close` | A pull request was closed without being merged. For more information, see "[Closing a pull request](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/closing-a-pull-request)." |
-| `pull_request.reopen` | A pull request was reopened after previously being closed. |
-| `pull_request.merge` | A pull request was merged. For more information, see "[Merging a pull request](/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/merging-a-pull-request)." |
-| `pull_request.indirect_merge` | A pull request was considered merged because the pull request's commits were merged into the target branch. |
-| `pull_request.ready_for_review` | A pull request was marked as ready for review. For more information, see "[Changing the stage of a pull request](/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review)." |
-| `pull_request.converted_to_draft` | A pull request was converted to a draft. For more information, see "[Changing the stage of a pull request](/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#converting-a-pull-request-to-a-draft)." |
-| `pull_request.create_review_request` | A review was requested on a pull request. For more information, see "[About pull request reviews](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews)." |
-| `pull_request.remove_review_request` | A review request was removed from a pull request. For more information, see "[About pull request reviews](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews)." |
-| `pull_request_review.submit` | A review was submitted for a pull request. For more information, see "[About pull request reviews](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews)." |
-| `pull_request_review.dismiss` | A review on a pull request was dismissed. For more information, see "[Dismissing a pull request review](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/dismissing-a-pull-request-review)." |
-| `pull_request_review.delete` | A review on a pull request was deleted. |
-| `pull_request_review_comment.create` | A review comment was added to a pull request. For more information, see "[About pull request reviews](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews)." |
-| `pull_request_review_comment.update` | A review comment on a pull request was changed. |{% endif %}
-| `pull_request_review_comment.delete` | A review comment on a pull request was deleted. |
-
-## Protected branches
-
-Action                     | Description
--------------------------- | ----------------------------------------------------------
-`protected_branch.create ` | Branch protection is enabled on a branch.
-`protected_branch.destroy` | Branch protection is disabled on a branch.
-`protected_branch.update_admin_enforced `            | Branch protection is enforced for repository administrators.
-`protected_branch.update_require_code_owner_review ` | Enforcement of required code owner review is updated on a branch.
-`protected_branch.dismiss_stale_reviews `   | Enforcement of dismissing stale pull requests is updated on a branch.
-`protected_branch.update_signature_requirement_enforcement_level `    | Enforcement of required commit signing is updated on a branch.
-`protected_branch.update_pull_request_reviews_enforcement_level `     | Enforcement of required pull request reviews is updated on a branch. Can be one of `0`(deactivated), `1`(non-admins), `2`(everyone).
-`protected_branch.update_required_status_checks_enforcement_level `   | Enforcement of required status checks is updated on a branch.
-`protected_branch.rejected_ref_update `     | A branch update attempt is rejected.
-`protected_branch.policy_override `         | A branch protection requirement is overridden by a repository administrator.
-
-## Repositories
-
-Action                | Description
---------------------- | -------------------------------------------------------
-`repo.access`         | The visibility of a repository changed to private{% ifversion ghes %}, public,{% endif %} or internal.
-`repo.archived`       | A repository was archived. For more information, see "[Archiving a {% data variables.product.prodname_dotcom %} repository](/github/creating-cloning-and-archiving-repositories/archiving-a-github-repository)."
-`repo.add_member`     | A collaborator was added to a repository.
-`repo.config`         | A site admin blocked force pushes. For more information, see [Blocking force pushes to a repository](/enterprise/{{ currentVersion }}/admin/guides/developer-workflow/blocking-force-pushes-to-a-repository/) to a repository.
-`repo.create`         | A repository was created.
-`repo.destroy`        | A repository was deleted.
-`repo.remove_member`  | A collaborator was removed from a repository.
-`repo.rename`         | A repository was renamed.
-`repo.transfer`       | A user accepted a request to receive a transferred repository.
-`repo.transfer_start` | A user sent a request to transfer a repository to another user or organization.
-`repo.unarchived`     | A repository was unarchived. For more information, see "[Archiving a {% data variables.product.prodname_dotcom %} repository](/github/creating-cloning-and-archiving-repositories/archiving-a-github-repository)."{% ifversion ghes %}
-`repo.config.disable_anonymous_git_access`| Anonymous Git read access is disabled for a repository. For more information, see "[Enabling anonymous Git read access for a repository](/enterprise/{{ currentVersion }}/user/articles/enabling-anonymous-git-read-access-for-a-repository)."
-`repo.config.enable_anonymous_git_access` | Anonymous Git read access is enabled for a repository. For more information, see "[Enabling anonymous Git read access for a repository](/enterprise/{{ currentVersion }}/user/articles/enabling-anonymous-git-read-access-for-a-repository)."
-`repo.config.lock_anonymous_git_access` | A repository's anonymous Git read access setting is locked, preventing repository administrators from changing (enabling or disabling) this setting. For more information, see "[Preventing users from changing anonymous Git read access](/enterprise/{{ currentVersion }}/admin/guides/user-management/preventing-users-from-changing-anonymous-git-read-access)."
-`repo.config.unlock_anonymous_git_access` | A repository's anonymous Git read access setting is unlocked, allowing repository administrators to change (enable or disable) this setting. For more information, see "[Preventing users from changing anonymous Git read access](/enterprise/{{ currentVersion }}/admin/guides/user-management/preventing-users-from-changing-anonymous-git-read-access)."{% endif %}
-
-{% if secret-scanning-audit-log-custom-patterns %}
-## Secret scanning
-
-Action                        | Description
------------------------------ | -----------------------------------------------
-| `business_secret_scanning_custom_pattern.create` | Triggered when an enterprise-level custom pattern is published for secret scanning. For more information, see "[Defining custom patterns for secret scanning](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account)."
-| `business_secret_scanning_custom_pattern.update` | Triggered when changes to an enterprise-level custom pattern are saved for secret scanning.
-| `business_secret_scanning_custom_pattern.delete` | Triggered when an enterprise-level custom pattern is removed from secret scanning.
-{% endif %}
-
-## Site admin tools
-
-Action                        | Description
------------------------------ | -----------------------------------------------
-`staff.disable_repo`          | A site admin disabled access to a repository and all of its forks.
-`staff.enable_repo`           | A site admin re-enabled access to a repository and all of its forks.{% ifversion ghae or ghes > 3.2 %}
-`staff.exit_fake_login`       | A site admin ended an impersonation session on {% data variables.product.product_name %}.
-`staff.fake_login`            | A site admin signed into {% data variables.product.product_name %} as another user.{% endif %}
-`staff.repo_unlock`           | A site admin unlocked (temporarily gained full access to) one of a user's private repositories.
-`staff.unlock`                | A site admin unlocked (temporarily gained full access to) all of a user's private repositories.
-
-## Teams
-
-Action                            | Description
---------------------------------- | -------------------------------------------
-`team.create`                     | A user account or repository was added to a team.
-`team.delete`                     | A user account or repository was removed from a team.{% ifversion ghes or ghae %}
-`team.demote_maintainer`          | A user was demoted from a team maintainer to a team member.{% endif %}
-`team.destroy`                    | A team was deleted.{% ifversion ghes or ghae %}
-`team.promote_maintainer`         | A user was promoted from a team member to a team maintainer.{% endif %}
-
-## Users
-
-Action                            | Description
---------------------------------- | -------------------------------------------
-`user.add_email`                  | An email address was added to a user account.
-`user.async_delete`               | An asynchronous job was started to destroy a user account, eventually triggering `user.delete`.{% ifversion ghes %}
-`user.change_password`            | A user changed his or her password.{% endif %}
-`user.create`                     | A new user account was created.
-`user.delete`                     | A user account was destroyed by an asynchronous job.
-`user.demote`                     | A site admin was demoted to an ordinary user account.
-`user.destroy`                    | A user deleted his or her account, triggering `user.async_delete`.{% ifversion ghes %}
-`user.failed_login`               | A user tried to sign in with an incorrect username, password, or two-factor authentication code.
-`user.forgot_password`            | A user requested a password reset via the sign-in page.{% endif %}
-`user.login`                      | A user signed in.{% ifversion ghes or ghae %}
-`user.mandatory_message_viewed`   | A user views a mandatory message (see "[Customizing user messages](/admin/user-management/customizing-user-messages-for-your-enterprise)" for details) | {% endif %}
-`user.promote`                    | An ordinary user account was promoted to a site admin.
-`user.remove_email`               | An email address was removed from a user account.
-`user.rename`                     | A username was changed.
-`user.suspend`                    | A user account was suspended by a site admin.{% ifversion ghes %}
-`user.two_factor_requested`       | A user was prompted for a two-factor authentication code.{% endif %}
-`user.unsuspend`                  | A user account was unsuspended by a site admin.
-
-{% ifversion ghes > 3.1 or ghae %}
-## Workflows
-
-{% data reusables.actions.actions-audit-events-workflow %}
-{% endif %}

content/admin/user-management/monitoring-activity-in-your-enterprise/index.md

@@ -1,23 +0,0 @@
----
-title: Monitoring activity in your enterprise
-intro: You can view activity by leveraging dashboards and logs in your enterprise.
-redirect_from:
-  - /enterprise/admin/installation/monitoring-activity-on-your-github-enterprise-server-instance
-  - /enterprise/admin/user-management/monitoring-activity-in-your-enterprise
-versions:
-  ghec: '*'
-  ghes: '*'
-  ghae: '*'
-topics:
-  - Enterprise
-children:
-  - /activity-dashboard
-  - /audit-logging
-  - /searching-the-audit-log
-  - /audited-actions
-  - /viewing-push-logs
-  - /log-forwarding
-  - /managing-global-webhooks
-shortTitle: Monitor your enterprise
----
-

content/admin/user-management/monitoring-activity-in-your-enterprise/searching-the-audit-log.md

@@ -1,51 +0,0 @@
----
-title: Searching the audit log
-intro: Site administrators can search an extensive list of audited actions on the enterprise.
-redirect_from:
-  - /enterprise/admin/articles/searching-the-audit-log
-  - /enterprise/admin/installation/searching-the-audit-log
-  - /enterprise/admin/user-management/searching-the-audit-log
-  - /admin/user-management/searching-the-audit-log
-versions:
-  ghes: '*'
-  ghae: '*'
-type: how_to
-topics:
-  - Auditing
-  - Enterprise
-  - Logging
----
-## Search query syntax
-
-Compose a search query from one or more key:value pairs separated by AND/OR logical operators.
-
-Key            | Value
---------------:| --------------------------------------------------------
-`actor_id`     | ID of the user account that initiated the action
-`actor`        | Name of the user account that initiated the action
-`oauth_app_id` | ID of the OAuth application associated with the action
-`action`       | Name of the audited action
-`user_id`      | ID of the user affected by the action
-`user`         | Name of the user affected by the action
-`repo_id`      | ID of the repository affected by the action (if applicable)
-`repo`         | Name of the repository affected by the action (if applicable)
-`actor_ip`     | IP address from which the action was initiated
-`created_at`   | Time at which the action occurred
-`from`         | View from which the action was initiated
-`note`         | Miscellaneous event-specific information (in either plain text or JSON format)
-`org`          | Name of the organization affected by the action (if applicable)
-`org_id`       | ID of the organization affected by the action (if applicable)
-
-For example, to see all actions that have affected the repository `octocat/Spoon-Knife` since the beginning of 2017:
-
-  `repo:"octocat/Spoon-Knife" AND created_at:[2017-01-01 TO *]`
-
-For a full list of actions, see "[Audited actions](/admin/user-management/audited-actions)."
-
-## Searching the audit log
-
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.audit-log-tab %}
-4. Type a search query.
-![Search query](/assets/images/enterprise/site-admin-settings/search-query.png)

content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning.md

@@ -96,7 +96,7 @@ By default, only alerts with the severity level of `Error`{% ifversion fpt or gh
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-security-and-analysis %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
 1. Under "Code scanning", to the right of "Check Failure", use the drop-down menu to select the level of severity you would like to cause a pull request check failure. 
 {% ifversion fpt or ghes > 3.1  or ghae or ghec %}
 ![Check failure setting](/assets/images/help/repository/code-scanning-check-failure-setting.png)

content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md

@@ -68,7 +68,7 @@ You can also enable or disable {% data variables.product.prodname_dependabot_sec
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-security-and-analysis %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
 1. Under "Code security and analysis", to the right of "{% data variables.product.prodname_dependabot %} security updates", click **Enable** to enable the feature or **Disable** to disable it. {% ifversion fpt or ghec %}For public repositories, the button is disabled if the feature is always enabled.{% endif %}
   {% ifversion fpt or ghec %}!["Code security and analysis" section with button to enable {% data variables.product.prodname_dependabot_security_updates %}](/assets/images/help/repository/enable-dependabot-security-updates-button.png){% else %}!["Code security and analysis" section with button to enable {% data variables.product.prodname_dependabot_security_updates %}](/assets/images/enterprise/3.3/repository/security-and-analysis-disable-or-enable-ghes.png){% endif %}
 

content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md

@@ -1001,4 +1001,4 @@ updates:
     schedule:
       interval: "daily"
 ```
-{% endif %}
+{% endif %}

content/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories.md

@@ -28,7 +28,7 @@ You can enable {% data variables.product.prodname_secret_scanning_GHAS %} for an
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-security-and-analysis %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
 4. If {% data variables.product.prodname_advanced_security %} is not already enabled for the repository, to the right of "{% data variables.product.prodname_GH_advanced_security %}", click **Enable**.
    {% ifversion fpt or ghec %}![Enable {% data variables.product.prodname_GH_advanced_security %} for your repository](/assets/images/help/repository/enable-ghas-dotcom.png)
    {% elsif ghes or ghae %}![Enable {% data variables.product.prodname_GH_advanced_security %} for your repository](/assets/images/enterprise/3.1/help/repository/enable-ghas.png){% endif %}

content/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning.md

@@ -64,15 +64,12 @@ Before defining a custom pattern, you must ensure that {% data variables.product
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-security-and-analysis %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
 {% data reusables.repositories.navigate-to-ghas-settings %}
 {% data reusables.advanced-security.secret-scanning-new-custom-pattern %}
 {% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}{% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5499 %}
 1. When you're ready to test your new custom pattern, to identify matches in the repository without creating alerts, click **Save and dry run**.
-1. When the dry run finishes, you'll see a sample of results (up to 1000) from the repository. Review the results and identify any false positive results.
-   ![Screenshot showing results from dry run](/assets/images/help/repository/secret-scanning-publish-pattern.png)
-1. Edit the new custom pattern to fix any problems with the results, then click **Save and dry run** to test your changes.
-{% indented_data_reference reusables.secret-scanning.beta-dry-runs spaces=3 %}
+{% data reusables.advanced-security.secret-scanning-dry-run-results %}
 {% endif %}
 {% data reusables.advanced-security.secret-scanning-create-custom-pattern %}
 
@@ -111,11 +108,13 @@ aAAAe9
 
 Before defining a custom pattern, you must ensure that you enable {% data variables.product.prodname_secret_scanning %} for the repositories that you want to scan in your organization. To enable {% data variables.product.prodname_secret_scanning %} on all repositories in your organization, see "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)."
 
+{% ifversion ghes < 3.5 or ghae %}
 {% note %}
 
 **Note:** As there is no dry-run functionality, we recommend that you test your custom patterns in a repository before defining them for your entire organization. That way, you can avoid creating excess false-positive {% data variables.product.prodname_secret_scanning %} alerts.
 
 {% endnote %}
+{% endif %}
 
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}
@@ -123,6 +122,13 @@ Before defining a custom pattern, you must ensure that you enable {% data variab
 {% data reusables.repositories.navigate-to-ghas-settings %}
 {% data reusables.advanced-security.secret-scanning-new-custom-pattern %}
 {% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}
+{%- if secret-scanning-org-dry-runs %}
+1. When you're ready to test your new custom pattern, to identify matches in select repositories without creating alerts, click **Save and dry run**.
+1. Search for and select the repositories where you want to perform the dry run. You can select up to 10 repositories.
+   ![Screenshot showing repositories selected for the dry run](/assets/images/help/repository/secret-scanning-dry-run-custom-pattern-select-repo.png)
+1. When you're ready to test your new custom pattern, click **Dry run**.
+{% data reusables.advanced-security.secret-scanning-dry-run-results %}
+{%- endif %}
 {% data reusables.advanced-security.secret-scanning-create-custom-pattern %}
 
 After your pattern is created, {% data variables.product.prodname_secret_scanning %} scans for any secrets in repositories in your organization, including their entire Git history on all branches. Organization owners and repository administrators will be alerted to any secrets found and can review the alert in the repository where the secret is found. For more information on viewing {% data variables.product.prodname_secret_scanning %} alerts, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."

content/code-security/secret-scanning/protecting-pushes-with-secret-scanning.md

@@ -46,7 +46,7 @@ Organization owners, security managers, and repository administrators can enable
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-security-and-analysis %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
 {% data reusables.repositories.navigate-to-ghas-settings %}
 {% data reusables.advanced-security.secret-scanning-push-protection-repo %}
 

content/code-security/security-overview/about-the-security-overview.md

@@ -22,7 +22,9 @@ topics:
 shortTitle: About security overview
 ---
 
+{% ifversion ghes < 3.5 or ghae-issue-4554 %}
 {% data reusables.security-center.beta %}
+{% endif %}
 
 ## About the security overview
 

content/code-security/security-overview/filtering-alerts-in-the-security-overview.md

@@ -17,7 +17,9 @@ topics:
 shortTitle: Filtering alerts
 ---
 
+{% ifversion ghes < 3.5 or ghae-issue-4554 %}
 {% data reusables.security-center.beta %}
+{% endif %}
 
 ## About filtering the security overview
 

content/code-security/security-overview/viewing-the-security-overview.md

@@ -17,7 +17,9 @@ topics:
 shortTitle: View the security overview
 ---
 
+{% ifversion ghes < 3.5 or ghae-issue-4554 %}
 {% data reusables.security-center.beta %}
+{% endif %}
 
 ## Viewing the security overview for an organization
 
@@ -43,7 +45,7 @@ shortTitle: View the security overview
 ## Viewing the security overview for an enterprise
 
 {% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}
-1. In the left sidebar, click {% octicon "shield" aria-label="The shield icon" %} **Security**.
+1. In the left sidebar, click {% octicon "shield" aria-label="The shield icon" %} **Code Security**.
 {% endif %}
 
 ## Viewing alerts for a repository

content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md

@@ -49,4 +49,18 @@ Dependency review supports the same languages and package management ecosystems
 ## Enabling dependency review
 
 The dependency review feature becomes available when you enable the dependency graph. For more information, see "{% ifversion ghec %}[Enabling the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#enabling-the-dependency-graph){% elsif ghes %}[Enabling the dependency graph for your enterprise](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise){% endif %}."
-{% endif %}
+{% endif %}
+
+{% ifversion fpt or ghec or ghes > 3.5 or ghae-issue-6396 %}
+## Dependency review enforcement
+
+{% data reusables.dependency-review.dependency-review-action-beta-note %}
+
+You can use the Dependency Review GitHub Action in your repository to enforce dependency reviews on your pull requests. The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests, and warns you about the associated security vulnerabilities. This gives you better visibility of what's changing in a pull request, and helps prevent vulnerabilities being added to your repository. For more information, see [`dependency-review-action`](https://github.com/actions/dependency-review-action).
+
+![Dependency review action example](/assets/images/help/graphs/dependency-review-action.png)
+
+The Dependency Review GitHub Action check will fail if it discovers any vulnerable package, but will only block a pull request from being merged if the repository owner has required the check to pass before merging. For more information, see "[About protected branches](/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches#require-status-checks-before-merging)."
+
+The action uses the Dependency Review REST API to get the diff of dependency changes between the base commit and head commit. You can use the Dependency Review API to get the diff of dependency changes, including vulnerability data, between any two commits on a repository. For more information, see "[Dependency review](/rest/reference/dependency-graph#dependency-review)."
+{% endif %}

content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md

@@ -76,7 +76,7 @@ You can also enable or disable the dependency graph for all repositories owned b
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-security-and-analysis %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
 4. Read the message about granting {% data variables.product.product_name %} read-only access to the repository data to enable the dependency graph, then next to "Dependency Graph", click **Enable**.
    !["Enable" button for the dependency graph](/assets/images/help/repository/dependency-graph-enable-button.png)
 
@@ -99,7 +99,7 @@ The "Used by" section represents a single package from the repository. If you ha
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-security-and-analysis %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
 4. Under "Code security and analysis", click the drop-down menu in the "Used by counter" section and choose a package.
   ![Choose a "Used by" package](/assets/images/help/repository/choose-used-by-package.png)
 

content/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository.md

@@ -88,7 +88,7 @@ If you prefer to receive certain reports outside of {% data variables.product.pr
 
 Here is an example *config.yml* file.
 
-```shell{:copy}
+```yaml{:copy}
 blank_issues_enabled: false
 contact_links:
   - name: {% data variables.product.prodname_gcf %}

content/desktop/installing-and-configuring-github-desktop/configuring-and-customizing-github-desktop/configuring-a-default-editor.md

@@ -34,6 +34,8 @@ shortTitle: Configure default editor
 - [CodeRunner](https://coderunnerapp.com/)
 - [SlickEdit](https://www.slickedit.com/)
 - [Xcode](https://developer.apple.com/xcode/)
+- [RStudio](https://rstudio.com/)
+- [Nova](https://nova.app/)
 - [Android Studio](https://developer.android.com/studio)
 
 {% endmac %}
@@ -47,10 +49,18 @@ shortTitle: Configure default editor
 - [ColdFusion Builder](https://www.adobe.com/products/coldfusion-builder.html)
 - [Typora](https://typora.io/)
 - [SlickEdit](https://www.slickedit.com/)
+- [JetBrains IntelliJ Idea](https://www.jetbrains.com/idea/)
 - [JetBrains WebStorm](https://www.jetbrains.com/webstorm/)
 - [JetBrains PhpStorm](https://www.jetbrains.com/phpstorm/)
 - [JetBrains Rider](https://www.jetbrains.com/rider/)
+- [JetBrains CLion](https://www.jetbrains.com/clion/)
+- [JetBrains PyCharm](https://www.jetbrains.com/pycharm/)
+- [JetBrains RubyMine](https://www.jetbrains.com/rubymine/)
+- [JetBrains GoLand](https://www.jetbrains.com/go/)
+- [Android Studio](https://developer.android.com/studio)
+- [Brackets](http://brackets.io/)
 - [Notepad++](https://notepad-plus-plus.org/)
+- [RStudio](https://rstudio.com/)
 
 {% endwindows %}
 

content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/use-github-in-your-classroom-and-research/about-github-education-for-educators-and-researchers.md

@@ -17,8 +17,7 @@ shortTitle: Educators & researchers
 With {% data variables.product.prodname_education %}'s tools and services for educators of all levels, you can:
   - Use [{% data variables.product.prodname_classroom %}](https://classroom.github.com) to distribute code, give students feedback, and collect assignments on {% data variables.product.prodname_dotcom %}.
   - Join our [{% data variables.product.prodname_education_community %}](https://education.github.com/forum) to discuss current trends in technology education with your peers from around the world.
-  - Access and adapt our [open source lesson plans](https://education.github.community/t/open-source-lesson-plans/1591) for teaching Git and {% data variables.product.prodname_dotcom %}.
-  - [Request a {% data variables.product.prodname_dotcom %} swag bag](https://education.github.community/t/get-a-github-swag-bag-for-your-classroom/33) with educational materials and goodies for your students.
+  - [Request a {% data variables.product.prodname_dotcom %} swag bag](https://github.com/orgs/github-community/discussions/13) with educational materials and goodies for your students.
   {% data reusables.education.apply-for-team %}
 
 ## {% data variables.product.prodname_education %} for researchers

content/education/explore-the-benefits-of-teaching-and-learning-with-github-education/use-github-in-your-classroom-and-research/apply-for-an-educator-or-researcher-discount.md

@@ -58,4 +58,4 @@ After your request for an educator or researcher discount has been approved, you
 - "[Why wasn't my application for an educator or researcher discount approved?](/articles/why-wasn-t-my-application-for-an-educator-or-researcher-discount-approved)"
 - [{% data variables.product.prodname_education %}](https://education.github.com)
 - [{% data variables.product.prodname_classroom %} Videos](https://classroom.github.com/videos)
-- [{% data variables.product.prodname_education_community %}](https://education.github.community/)
+- [{% data variables.product.prodname_education_community %}]({% data variables.product.prodname_education_forum_link %})

content/education/guides.md

@@ -43,6 +43,6 @@ Incorporate {% data variables.product.prodname_dotcom %} into your education, an
 
 Participate in the community, get training from {% data variables.product.company_short %}, and learn or teach new skills.
 
-- [{% data variables.product.prodname_education_community %}](https://education.github.community)
+- [{% data variables.product.prodname_education_community %}]({% data variables.product.prodname_education_forum_link %})
 - [About Campus Experts](/education/explore-the-benefits-of-teaching-and-learning-with-github-education/about-campus-experts)
 - [About Campus Advisors](/education/explore-the-benefits-of-teaching-and-learning-with-github-education/about-campus-advisors)

content/get-started/onboarding/getting-started-with-github-ae.md

@@ -22,10 +22,10 @@ After {% data variables.product.company_short %} creates the owner account for {
 You can configure an allow list for specific IP addresses to restrict access to assets owned by organizations in your enterprise account. For more information, see "[Restricting network traffic to your enterprise](/admin/configuration/configuring-your-enterprise/restricting-network-traffic-to-your-enterprise)."
 
 ### 4. Managing identity and access for {% data variables.product.product_location %}
-You can centrally manage access to {% data variables.product.product_location %} on {% data variables.product.product_name %} from an identity provider (IdP) using SAML single sign-on (SSO) for user authentication and System for Cross-domain Identity Management (SCIM) for user provisioning. Once you configure provisioning, you can assign or unassign users to the application from the IdP, creating or disabling user accounts in the enterprise. For more information, see "[About identity and access management for your enterprise](/admin/authentication/managing-identity-and-access-for-your-enterprise/about-identity-and-access-management-for-your-enterprise)."
+You can centrally manage access to {% data variables.product.product_location %} on {% data variables.product.product_name %} from an identity provider (IdP) using SAML single sign-on (SSO) for user authentication and System for Cross-domain Identity Management (SCIM) for user provisioning. Once you configure provisioning, you can assign or unassign users to the application from the IdP, creating or disabling user accounts in the enterprise. For more information, see "[About identity and access management for your enterprise](/admin/identity-and-access-management/managing-iam-for-your-enterprise/about-identity-and-access-management-for-your-enterprise)."
 
 ### 5. Managing billing for {% data variables.product.product_location %}
-Owners of the subscription for {% data variables.product.product_location %} on {% data variables.product.product_name %} can view billing details for {% data variables.product.product_name %} in the Azure portal. For more information, see "[Managing billing for your enterprise](/admin/overview/managing-billing-for-your-enterprise)."
+Owners of the subscription for {% data variables.product.product_location %} on {% data variables.product.product_name %} can view billing details for {% data variables.product.product_name %} in the Azure portal. For more information, see "[Managing billing for your enterprise](/billing/managing-billing-for-your-github-account/about-billing-for-your-enterprise)."
 
 ## Part 2: Organizing and managing enterprise members
 As an enterprise owner for {% data variables.product.product_name %}, you can manage settings on user, repository, team, and organization levels. You can manage members of {% data variables.product.product_location %}, create and manage organizations, set policies for repository management, and create and manage teams.
@@ -52,7 +52,7 @@ As an enterprise owner for {% data variables.product.product_name %}, you can ma
 To increase the security of {% data variables.product.product_location %}, you can monitor {% data variables.product.product_location %} and configure security and analysis features for your organizations.
 
 ### 1. Monitoring {% data variables.product.product_location %}
-You can monitor {% data variables.product.product_location %} with your activity dashboard and audit logging. For more information, see "[Monitoring activity in your enterprise](/admin/user-management/monitoring-activity-in-your-enterprise)."
+You can monitor {% data variables.product.product_location %} with your activity dashboard and audit logging. For more information, see "[Monitoring activity in your enterprise](/admin/monitoring-activity-in-your-enterprise)."
 
 ### 2. Configuring security features for your organizations
 {% data reusables.getting-started.configuring-security-features %}
@@ -66,7 +66,7 @@ You can customize and automate work in organizations in {% data variables.produc
 ### 2. Building {% data variables.product.prodname_actions %}
 {% data reusables.getting-started.actions %}
 
-For more information on enabling and configuring {% data variables.product.prodname_actions %} for {% data variables.product.product_name %}, see "[Getting started with {% data variables.product.prodname_actions %} for {% data variables.product.prodname_ghe_managed %}](/admin/github-actions/using-github-actions-in-github-ae/getting-started-with-github-actions-for-github-ae)."
+For more information on enabling and configuring {% data variables.product.prodname_actions %} for {% data variables.product.product_name %}, see "[Getting started with {% data variables.product.prodname_actions %} for {% data variables.product.prodname_ghe_managed %}](/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-ae)."
 
 ### 3. Using {% data variables.product.prodname_pages %}
 {% data reusables.getting-started.github-pages-enterprise %}

content/get-started/onboarding/getting-started-with-github-enterprise-cloud.md

@@ -179,7 +179,7 @@ To manage and moderate your enterprise, you can set policies for organizations w
 
 You can choose to enforce a number of policies for all organizations owned by your enterprise, or choose to allow these policies to be set in each organization. Types of policies you can enforce include repository management, project board, and team policies. For more information, see "[Setting policies for your enterprise](/enterprise-cloud@latest/admin/policies)."
 #### 2. Viewing audit logs, configuring webhooks, and restricting email notifications for your enterprise
-You can view actions from all of the organizations owned by your enterprise account in the enterprise audit log. You can also configure webhooks to receive events from organizations owned by your enterprise account. For more information, see "[Viewing the audit logs for organizations in your enterprise](/enterprise-cloud@latest/admin/user-management/managing-organizations-in-your-enterprise/viewing-the-audit-logs-for-organizations-in-your-enterprise)" and "[Managing global webhooks](/enterprise-cloud@latest/admin/user-management/managing-users-in-your-enterprise/managing-global-webhooks)."
+You can view actions from all of the organizations owned by your enterprise account in the enterprise audit log. You can also configure webhooks to receive events from organizations owned by your enterprise account. For more information, see "[Reviewing audit logs for your enterprise](/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise)" and "[Monitoring your enterprise](/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise)."
 
 You can also restrict email notifications for your enterprise account so that enterprise members can only use an email address in a verified or approved domain to receive notifications. For more information, see "[Restricting email notifications for your enterprise](/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/restricting-email-notifications-for-your-enterprise)."
 

content/get-started/onboarding/getting-started-with-github-enterprise-server.md

@@ -72,7 +72,7 @@ You can use {% data variables.product.product_name %}'s built-in authentication
 You can also require two-factor authentication for each of your organizations. For more information, see "[Requiring two factor authentication for an organization](/admin/user-management/managing-organizations-in-your-enterprise/requiring-two-factor-authentication-for-an-organization)."
 
 ### 2. Staying in compliance
-You can implement required status checks and commit verifications to enforce your organization's compliance standards and automate compliance workflows. You can also use the audit log for your organization to review actions performed by your team. For more information, see "[Enforcing policy with pre-receive hooks](/admin/policies/enforcing-policy-with-pre-receive-hooks)" and "[Audit logging](/admin/user-management/monitoring-activity-in-your-enterprise/audit-logging)."
+You can implement required status checks and commit verifications to enforce your organization's compliance standards and automate compliance workflows. You can also use the audit log for your organization to review actions performed by your team. For more information, see "[Enforcing policy with pre-receive hooks](/admin/policies/enforcing-policy-with-pre-receive-hooks)" and "[About the audit log for your enterprise](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/about-the-audit-log-for-your-enterprise)."
 
 {% ifversion ghes %}
 ### 3. Configuring security features for your organizations

content/get-started/privacy-on-github/managing-data-use-settings-for-your-private-repository.md

@@ -37,7 +37,7 @@ When you enable data use for your private repository, you'll be able to access t
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-security-and-analysis %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
 4. Under "Code security and analysis", to the right of the feature, click **Disable** or **Enable**.{% ifversion fpt %}
   !["Enable" or "Disable" button for "Configure security and analysis" features](/assets/images/help/repository/security-and-analysis-disable-or-enable-fpt-private.png){% elsif ghec %}
   !["Enable" or "Disable" button for "Configure security and analysis" features](/assets/images/help/repository/security-and-analysis-disable-or-enable-ghec-private.png){% endif %}