Merge branch 'mchammer01/vulnerability-exposure-analysis' of github.com:github/docs-internal into mchammer01/vulnerability-exposure-analysis

content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md

@@ -44,6 +44,31 @@ You can enable automatic security updates for any repository that uses {% data v
 Each {% data variables.product.prodname_dependabot %} alert has a unique numeric identifier and the {% data variables.product.prodname_dependabot_alerts %} tab lists an alert for every detected vulnerability. Legacy {% data variables.product.prodname_dependabot_alerts %} grouped vulnerabilities by dependency and generated a single alert per dependency. If you navigate to a legacy {% data variables.product.prodname_dependabot %} alert, you will be redirected to a {% data variables.product.prodname_dependabot_alerts %} tab filtered for that package. {% endif %}
 {% endif %}
 
+{% if dependabot-alerts-vulnerable-calls %}
+## About calls to vulnerable functions
+
+{% data reusables.dependabot.vulnerable-calls-beta %}
+
+This feature is enabled for supported {% data variables.product.prodname_dependabot_alerts %} on public repositories, as well as on private repositories with {% data variables.product.prodname_GH_advanced_security %} enabled.
+
+{% data variables.product.prodname_dependabot_alerts %} can also detect whether the code in your repository calls vulnerable code paths, so that you can prioritize and remediate alerts more effectively.
+
+The detection of calls to vulnerable functions uses the semantic code graph to figure out if a repository calls a vulnerable function. The "Vulnerable call" label next to an alert highlights alerts for which the code in the current repository calls known vulnerable functions. 
+
+![Screenshot showing the "Vulnerable call" label](/assets/images/help/repository/dependabot-alerts-vulnerable-call-label.png)
+
+The alert details page shows:
+
+- The first of several exposures (if relevant) you have to the vulnerable function
+- A code block with the location of where the function is used
+- An annotation calling out the function itself
+
+![Screenshot showing the alert details page](/assets/images/help/repository/vulnerable-calls-alert-details-page.png)
+
+For more information, see the "[Reviewing your exposure to a vulnerability](#reviewing-your-exposure-to-a-vulnerability) section below.
+
+{% endif %}
+
 ## Viewing vulnerable dependencies
 
 {% ifversion fpt or ghec or ghes > 3.4 or ghae-issue-5638 %}
@@ -151,30 +176,7 @@ Each {% data variables.product.prodname_dependabot %} alert has a unique numeric
 
 {% endif %}
 
-<!-- TODO: review where to put this content - I'd be tempted to have conceptual information at the top of the article and procedural sections afterwards but I'm wondering if this breaks the flow -->
-
 {% if dependabot-alerts-vulnerable-calls %}
-## About vulnerable calls
-
-{% data reusables.dependabot.vulnerable-calls-beta %}
-
-This feature is enabled for supported {% data variables.product.prodname_dependabot_alerts %} on public repositories, as well as on private repositories with {% data variables.product.prodname_GH_advanced_security %} enabled.
-
-{% data variables.product.prodname_dependabot_alerts %} can also detect whether the code in your repository calls vulnerable code paths, so that you can prioritize and remediate alerts more effectively.
-
-The detection of calls to vulnerable functions uses the semantic code graph to figure out if a repository calls a vulnerable function. The "Vulnerable call" label next to an alert highlights alerts for which the code in the current repository calls known vulnerable functions. 
-
-![Screenshot showing the "Vulnerable call" label](/assets/images/help/repository/dependabot-alerts-vulnerable-call-label.png)
-
-The alert details page shows:
-
-- The first of several exposures (if relevant) you have to the vulnerable function
-- A code block with the location of where the function is used
-- An annotation calling out the function itself
-
-![Screenshot showing the alert details page](/assets/images/help/repository/vulnerable-calls-alert-details-page.png)
-
-For more information about reviewing your exposure to a vulnerability, see the section below.
 ## Reviewing your exposure to a vulnerability
 
 {% data reusables.repositories.navigate-to-repo %}

content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md

@@ -68,7 +68,7 @@ You can also enable or disable {% data variables.product.prodname_dependabot_sec
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-security-and-analysis %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
 1. Under "Code security and analysis", to the right of "{% data variables.product.prodname_dependabot %} security updates", click **Enable** to enable the feature or **Disable** to disable it. {% ifversion fpt or ghec %}For public repositories, the button is disabled if the feature is always enabled.{% endif %}
   {% ifversion fpt or ghec %}!["Code security and analysis" section with button to enable {% data variables.product.prodname_dependabot_security_updates %}](/assets/images/help/repository/enable-dependabot-security-updates-button.png){% else %}!["Code security and analysis" section with button to enable {% data variables.product.prodname_dependabot_security_updates %}](/assets/images/enterprise/3.3/repository/security-and-analysis-disable-or-enable-ghes.png){% endif %}
 

content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md

@@ -1001,4 +1001,4 @@ updates:
     schedule:
       interval: "daily"
 ```
-{% endif %}
+{% endif %}