Docs for new Secret risk assessment, GHAS SKU unbundling, and expansion to Team plan - ships 1st April (UK morning) (#54748)

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com>
Co-authored-by: mchammer01 <42146119+mchammer01@users.noreply.github.com>
Co-authored-by: Anne-Marie <102995847+am-stead@users.noreply.github.com>
Co-authored-by: Hector Alfaro <hectorsector@github.com>
Co-authored-by: Vanessa <vgrl@github.com>
Co-authored-by: Erin Havens <erinhav@github.com>
Co-authored-by: Aaron Waggener <73763104+aaronwaggener@users.noreply.github.com>
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
Co-authored-by: Sarah Schneider <sarahs@users.noreply.github.com>
Co-authored-by: Sarita Iyer <66540150+saritai@users.noreply.github.com>
Co-authored-by: Sarah Schneider <sarahs@github.com>

content/admin/data-residency/about-github-enterprise-cloud-with-data-residency.md

@@ -47,7 +47,7 @@ To pay for user licenses and services, you can:
 
 You will be on our latest billing platform, which allows you to estimate spending, create cost centers to manage expenses, and pay flexibly for the services you use.
 
-You can also sign up for usage-based billing for {% data variables.product.prodname_enterprise %} and {% data variables.product.prodname_GHAS %}{% ifversion ghas-products-cloud %} products{% endif %}, meaning you won't need to purchase a pre-defined number of licenses in advance.
+You can also sign up for usage-based billing for {% data variables.product.prodname_enterprise %} and {% data variables.product.prodname_GHAS %} products, meaning you won't need to purchase a pre-defined number of licenses in advance.
 
 ## Developer experience
 

content/admin/managing-code-security/securing-your-enterprise/about-security-configurations.md

@@ -2,7 +2,6 @@
 title: About security configurations
 shortTitle: Security configurations
 intro: 'Security configurations are collections of security settings that you can apply across your enterprise.'
-product: '{% data reusables.gated-features.security-configurations-enterprise %}'
 versions:
   feature: security-configuration-enterprise-level
 topics:
@@ -17,9 +16,16 @@ topics:
 
 {% data reusables.security-configurations.overview %}
 
+{% ifversion ghec %}
+
+When you create a security configuration with {% data variables.product.prodname_AS %} features enabled, your enterprise will incur usage costs when you apply the configuration to repositories if your enterprise account has metered billing. If you have bought volume/subscription licenses for {% data variables.product.prodname_GHAS %}, {% data variables.product.prodname_GH_code_security %}, or {% data variables.product.prodname_GH_secret_protection %}, you will need enough licenses to cover any additional unique committers.
+
+{% endif %}
+
 {% ifversion security-configurations-ghes-only %}
 
 When creating a security configuration, keep in mind that:
+
 * Only features installed by a site administrator on your {% data variables.product.prodname_ghe_server %} instance will appear in the UI.
 * {% data variables.product.prodname_AS %} features will only be visible if your enterprise or {% data variables.product.prodname_ghe_server %} instance holds a {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %}, {% data variables.product.prodname_GH_code_security %}, or {% data variables.product.prodname_GH_secret_protection %}{% endif %} license.
 * Certain features, like {% data variables.product.prodname_dependabot_security_updates %} and {% data variables.product.prodname_code_scanning %} default setup, also require that {% data variables.product.prodname_actions %} is installed on the {% data variables.product.prodname_ghe_server %} instance.

content/admin/managing-code-security/securing-your-enterprise/applying-the-github-recommended-security-configuration-to-your-enterprise.md

@@ -15,14 +15,16 @@ topics:
 
 The {% data variables.product.prodname_github_security_configuration %} is a set of industry best practices and features that provide a robust, baseline security posture for enterprises. This configuration is created and maintained by subject matter experts at {% data variables.product.github %}, with the help of multiple industry leaders and experts. The {% data variables.product.prodname_github_security_configuration %} is designed to successfully reduce the security risks for low- and high-impact repositories. We recommend you apply this configuration to all the repositories in your enterprise.
 
+The {% data variables.product.prodname_github_security_configuration %} includes {% data variables.product.prodname_GH_code_security %} and {% data variables.product.prodname_GH_secret_protection %} features. Applying the configuration to private and internal repositories will incur usage costs or require GHAS licenses. For more information, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
+
 {% data reusables.security-configurations.github-recommended-warning-enterprise %}
 
-## Applying the {% data variables.product.prodname_github_security_configuration %} to  repositories in your enterprise
+## Applying the {% data variables.product.prodname_github_security_configuration %} to repositories in your enterprise
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.advanced-security-tab %}
-1. In the "{% data variables.product.company_short %} recommended" row of the configurations table for your enterprise, select the **Apply to** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **All repositories** or **All repositories without configurations**.
+1. In the "{% data variables.product.github %} recommended" row of the configurations table for your enterprise, select the **Apply to** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **All repositories** or **All repositories without configurations**.
 {% data reusables.security-configurations.apply-configuration-by-default %}
 
 {% data reusables.security-configurations.apply-configuration %}
@@ -36,5 +38,6 @@ The {% data variables.product.prodname_github_security_configuration %} is a set
 {% data reusables.enterprise-accounts.advanced-security-tab %}
 1. In the "Configurations" section, select "{% data variables.product.company_short %} recommended".
 1. In the "Policy" section, next to "Enforce configuration", select **Enforce** from the dropdown menu.
+1. Click **Save configuration** to save your change to the {% data variables.product.prodname_github_security_configuration %}.
 
 {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases-enterprise %}

content/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise.md

@@ -15,8 +15,7 @@ topics:
 
 There are some additional {% data variables.product.prodname_secret_scanning %} settings that cannot be applied to repositories using {% data variables.product.prodname_security_configurations %}, so you must configure these settings separately:
 
-* [Configuring a resource link for push protection](/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise#configuring-a-resource-link-for-push-protection){% ifversion secret-scanning-ai-generic-secret-detection %}
-* [Configuring AI detection to find additional secrets](/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise#configuring-ai-detection-to-find-additional-secrets){% endif %}
+* [Configuring a resource link for push protection](/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise#configuring-a-resource-link-for-push-protection)
 
 These additional settings only apply to repositories with {% data variables.product.prodname_secret_scanning %} enabled and {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %} or {% data variables.product.prodname_GH_secret_protection %}{% endif %}.
 
@@ -33,17 +32,3 @@ To provide context for developers when {% data variables.product.prodname_secret
 
 1. Under "Additional settings", to the right of "Resource link for push protection", click **{% octicon "pencil" aria-hidden="true" %}**.
 1. In the text box, type the link to the desired resource, then click **{% octicon "check" aria-label="Save" %}**.
-
-{% ifversion secret-scanning-ai-generic-secret-detection %}
-
-### Configuring AI detection to find additional secrets
-
-{% data variables.secret-scanning.copilot-secret-scanning %}'s {% data variables.secret-scanning.generic-secret-detection %} is an AI-powered expansion of {% data variables.product.prodname_secret_scanning %} that scans and creates alerts for unstructured secrets, such as passwords.
-
-1. Under "Additional settings", to the right of "Use AI detection to find additional secrets", ensure the setting is toggled to "On".
-
-{% data reusables.secret-scanning.copilot-secret-scanning-generic-secrets-subscription-note %}
-
-To learn more about generic secrets, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).
-
-{% endif %}

content/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise.md

@@ -21,6 +21,14 @@ We recommend securing your enterprise with the {% data variables.product.prodnam
 
 With {% data variables.product.prodname_custom_security_configurations %}, you can create collections of enablement settings for {% data variables.product.company_short %}'s security products to meet the specific security needs of your enterprise. For example, you can create a different {% data variables.product.prodname_custom_security_configuration %} for each organization or group of organizations to reflect their unique security requirements and compliance obligations.
 
+{% ifversion ghas-products %}
+
+You can also choose whether or not you want to include {% data variables.product.prodname_GH_code_security %} or {% data variables.product.prodname_GH_secret_protection %} features in a configuration.
+
+If you do, keep in mind that these features incur usage costs (or require {% data variables.product.prodname_GHAS %} licenses) when applied to private and internal repositories. For more information, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
+
+{% endif %}
+
 {% ifversion security-configurations-ghes-only %}
 
 When creating a security configuration, keep in mind that:
@@ -32,8 +40,8 @@ When creating a security configuration, keep in mind that:
 
 ## Creating a {% data variables.product.prodname_custom_security_configuration %}
 
-{% ifversion security-configurations-cloud %}
-<!-- Note: this article has two entirely separate procedures for cloud and server users. -->
+{% ifversion ghec %}
+<!-- Note: this article has two entirely separate procedures for cloud and server enterprises. The GHES 3.17+ version of the procedure is still to come. -->
 
 >[!NOTE]
 > The enablement status of some security features is dependent on other, higher-level security features. For example, disabling dependency graph will also disable automatic dependency submission, {% data variables.product.prodname_dependabot_alerts %}, vulnerability exposure analysis, and security updates.
@@ -43,30 +51,39 @@ When creating a security configuration, keep in mind that:
 {% data reusables.enterprise-accounts.advanced-security-tab %}
 1. In the "Configurations" section, click **New configuration**.
 1. To help identify your {% data variables.product.prodname_custom_security_configuration %} and clarify its purpose on the "Configurations" page, name your configuration and create a description.
-1. In the "{% data variables.product.prodname_GH_advanced_security %} features" row, choose whether to include or exclude {% data variables.product.prodname_GH_advanced_security %} (GHAS) features. If you plan to apply a {% data variables.product.prodname_custom_security_configuration %} with GHAS features to private repositories, you must have available GHAS licenses for each active unique committer to those repositories, or the features will not be enabled. See [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
-1. In the "Dependency graph and {% data variables.product.prodname_dependabot %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for the following security features:
-    * Dependency graph. To learn about dependency graph, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph).{%- ifversion maven-transitive-dependencies %}
-    * Automatic dependency submission. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %}
-    * {% data variables.product.prodname_dependabot_alerts %}. To learn about {% data variables.product.prodname_dependabot_alerts %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
-    * Security updates. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).
+1. Optionally, enable "{% data variables.product.prodname_secret_protection %}", a paid feature for private {% ifversion ghec %}and internal {% endif %} repositories. Enabling {% data variables.product.prodname_secret_protection %} enables alerts for {% data variables.product.prodname_secret_scanning %}. In addition, you can choose whether to enable, disable, or keep the existing settings for the following {% data variables.product.prodname_secret_scanning %} features:
+    {% ifversion secret-scanning-validity-check-partner-patterns %}
+    * **Validity checks**. To learn more about validity checks for partner patterns, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity).{% endif %}{% ifversion org-npp-enablement-security-configurations %}
+    * **Non-provider patterns**. To learn more about scanning for non-provider patterns, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#non-provider-patterns) and [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts).{% endif %}{% ifversion secret-scanning-ai-generic-secret-detection %}
+    * **Scan for generic passwords**. To learn more, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).{% endif %}
+    * **Push protection**. To learn about push protection, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).{% ifversion security-delegated-alert-dismissal %}
+    * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning).{% endif %}
+1. Optionally, enable "{% data variables.product.prodname_code_security %}", a paid feature for private and internal repositories. You can choose whether to enable, disable, or keep the existing settings for the following {% data variables.product.prodname_code_scanning %} features:
+   * **Default setup**. To learn more, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#about-default-setup). {% ifversion code-scanning-default-setup-customize-labels %}
+   * **Runner type**. If you want to target specific runners for {% data variables.product.prodname_code_scanning %}, you can choose to use custom-labeled runners at this step. See [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#assigning-labels-to-runners).{% endif %} {% ifversion security-delegated-alert-dismissal %}
+    * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning).{% endif %}
+1. Still under "{% data variables.product.prodname_code_security %}", in the "Dependency scanning" table, choose whether you want to enable, disable, or keep the existing settings for the following dependency scanning features:
+   * **Dependency graph**. To learn about dependency graph, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph).
+      > [!TIP]
+      > When both "{% data variables.product.prodname_code_security %}" and Dependency graph are enabled, this enables dependency review, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).{%- ifversion maven-transitive-dependencies %}
+   * **Automatic dependency submission**. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %}
+   * **{% data variables.product.prodname_dependabot %} alerts**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
+   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).
+1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).
+1. Optionally, in the "Policy" section, you can use additional options to control how the configuration is applied:
+   * **Use as default for newly created repositories**. Select the **None** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**.
+   * **Enforce configuration**. Block repository owners from changing features that are enabled or disabled by the configuration (features that are not set aren't enforced). Select **Enforce** from the dropdown menu.
 
-    > [!NOTE]
-    > You cannot manually change the enablement settings for vulnerable function calls. If {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %} or {% data variables.product.prodname_GH_code_security %}{% endif %} features and {% data variables.product.prodname_dependabot_alerts %} are enabled, vulnerable function calls is also enabled. Otherwise, it is disabled.
-
-1. In the "{% data variables.product.prodname_code_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for {% data variables.product.prodname_code_scanning %} default setup. To learn about default setup, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#about-default-setup).
-1. In the "{% data variables.product.prodname_secret_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for the following security features:
-    * Alerts. To learn about {% data variables.product.prodname_secret_scanning %}, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning).{% ifversion org-npp-enablement-security-configurations %}
-    * Non-provider patterns. To learn more about scanning for non-provider patterns, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#non-provider-patterns) and [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts).{% endif %}
-    * Push protection. To learn about push protection, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).
-1. In the "Private vulnerability reporting" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for private vulnerability reporting. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).
-1. Optionally, in the "Policy" section, you can choose to automatically apply the {% data variables.product.prodname_security_configuration %} to newly created repositories depending on their visibility. Select the **None** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**.
-1. Optionally, in the "Policy" section, you can enforce the configuration and block repository owners from changing features that are enabled or disabled by the configuration (features that are not set aren't enforced). Next to "Enforce configuration", select **Enforce** from the dropdown menu.
-
-    {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases-enterprise %}
+        {% data reusables.security-configurations.default-configuration-exception-repo-transfers %}
 
 1. To finish creating your {% data variables.product.prodname_custom_security_configuration %}, click **Save configuration**.
 
-{% elsif security-configurations-ghes-only %}
+{% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases-enterprise %}
+
+<!-- expires 2025-05-01 -->
+<!-- The updated procedure for GHES 3.17+ will be added here later, see ref: #17613 -->
+<!-- end expires 2025-05-01 -->
+{% elsif ghes < 3.17 %}
 
 >[!NOTE]
 > The enablement status of some security features is dependent on other, higher-level security features. For example, disabling {% data variables.secret-scanning.alerts %} will also disable non-provider patterns and push protection.
@@ -78,16 +95,16 @@ When creating a security configuration, keep in mind that:
 1. To help identify your {% data variables.product.prodname_custom_security_configuration %} and clarify its purpose on the "Configurations" page, name your configuration and create a description.
 1. In the "{% data variables.product.prodname_GH_advanced_security %} features" row, choose whether to include or exclude {% data variables.product.prodname_GH_advanced_security %} (GHAS) features. If you plan to apply a {% data variables.product.prodname_custom_security_configuration %} with GHAS features to private repositories, you must have available GHAS licenses for each active unique committer to those repositories, or the features will not be enabled. See [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
 1. In the "Dependency graph and {% data variables.product.prodname_dependabot %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for the following security features:
-    * {% data variables.product.prodname_dependabot_alerts %}. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
+    * **{% data variables.product.prodname_dependabot_alerts %}**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
     > [!NOTE] {% data variables.dependabot.auto_triage_rules %} are not available to set at enterprise level. If an enterprise-level security configuration is applied to a repository, it can still have {% data variables.dependabot.auto_triage_rules %} enabled, but you can't turn off these rules at the level of the enterprise.
-    * Security updates. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).
+    * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).
     > [!NOTE]
     > You cannot manually change the enablement setting for the dependency graph. This setting is installed and managed by a site administrator at the instance level.
 1. In the "{% data variables.product.prodname_code_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for {% data variables.product.prodname_code_scanning %} default setup. To learn about default setup, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#about-default-setup).
 1. In the "{% data variables.product.prodname_secret_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for the following security features:
-    * Alerts. To learn about {% data variables.secret-scanning.alerts %}, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning).{% ifversion org-npp-enablement-security-configurations %}
-    * Non-provider patterns. To learn more about scanning for non-provider patterns, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#non-provider-patterns) and [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts).{% endif %}
-    * Push protection. To learn about push protection, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).
+    * **Alerts**. To learn about {% data variables.secret-scanning.alerts %}, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning).{% ifversion org-npp-enablement-security-configurations %}
+    * **Non-provider patterns**. To learn more about scanning for non-provider patterns, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#non-provider-patterns) and [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts).{% endif %}
+    * **Push protection**. To learn about push protection, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).
 1. Optionally, in the "Policy" section, you can choose to automatically apply the {% data variables.product.prodname_security_configuration %} to newly created repositories depending on their visibility. Select the **None** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **Public**, or **Private and internal**, or **All repositories**.
 
 1. Optionally, in the "Policy" section, you can enforce the configuration and block repository owners from changing features that are enabled or disabled by the configuration (features that are not set aren't enforced). Next to "Enforce configuration", select **Enforce** from the dropdown menu.

content/admin/managing-code-security/securing-your-enterprise/deleting-a-custom-security-configuration.md

@@ -24,5 +24,5 @@ If you no longer need a {% data variables.product.prodname_custom_security_confi
 {% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.advanced-security-tab %}
 1. In the configurations table, click the name of the {% data variables.product.prodname_custom_security_configuration %} you want to delete.
-1. In the "Edit configuration" page, scroll to the bottom of the "Policy" section, then click **Delete configuration**.
+1. In the "Edit configuration" page, scroll to the bottom of the page, then click **Delete configuration**.
 1. Ensure you read the warning in the "Delete this configuration?" dialog, to confirm you are comfortable deleting the {% data variables.product.prodname_custom_security_configuration %}, then click **Delete configuration**.

content/admin/managing-code-security/securing-your-enterprise/editing-a-custom-security-configuration.md

@@ -29,7 +29,7 @@ After creating and applying a {% data variables.product.prodname_custom_security
 {% data reusables.enterprise-accounts.advanced-security-tab %}
 1. In the "Configurations" section, click the name of the {% data variables.product.prodname_custom_security_configuration %} you want to edit.
 1. Edit the name and description of your {% data variables.product.prodname_custom_security_configuration %} as desired.
-1. In the "Security settings" section, edit the enablement settings of your {% data variables.product.prodname_custom_security_configuration %} as desired.
+1. Edit the enablement settings of your {% data variables.product.prodname_custom_security_configuration %} as desired.
 1. In the "Policy" section, you can modify the configuration's enforcement status. Enforcing a configuration will block repository owners from changing features that are enabled or disabled by the configuration, but features that are not set aren't enforced. Next to "Enforce configuration", select **Enforce** or **Don't enforce** from the dropdown menu.
 
     {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases-enterprise %}

content/admin/overview/setting-up-a-trial-of-github-enterprise-cloud.md

@@ -16,16 +16,12 @@ shortTitle: Enterprise Cloud trial
 
 {% data reusables.enterprise.about-ghec %} See [AUTOTITLE](/enterprise-cloud@latest/admin/overview/about-github-enterprise-cloud).
 
->You can set up a trial to evaluate features that require {% data variables.product.prodname_ghe_cloud %}, such as SAML single sign-on (SSO) and {% data variables.product.prodname_GH_advanced_security %}. For a full list of available features, see our [Pricing](https://github.com/pricing) page.
-
-Your trial **won't** include {% data variables.enterprise.data_residency_short %} on {% data variables.enterprise.data_residency_site %} or access to {% data variables.product.prodname_ghe_server %}. To test these features, contact {% data variables.contact.contact_enterprise_sales %}.
+To set up a trial, you must be signed in to a personal account. If you don't have a personal account, see [AUTOTITLE](/free-pro-team@latest/get-started/start-your-journey/creating-an-account-on-github).
 
 <a href="https://github.com/account/enterprises/new?ref_cta=GHEC+trial&ref_loc=setting+up+a+trial+of+github+enterprise+cloud&ref_page=docs" target="_blank" class="btn btn-primary mt-3 mr-3 no-underline"><span>Set up a trial of {% data variables.product.prodname_ghe_cloud %}</span> {% octicon "link-external" height:16 %}</a>
 
 >[!IMPORTANT] Your trial enterprise will be hosted in the USA. If you require {% data variables.enterprise.data_residency_short %} outside the USA, contact {% data variables.contact.contact_sales_data_residency %}.
 
-To set up a trial, you must be signed in to a personal account. If you don't have a personal account, see [AUTOTITLE](/free-pro-team@latest/get-started/start-your-journey/creating-an-account-on-github).
-
 {% data reusables.enterprise.enterprise-types %}
 
 ## What is included in the trial?
@@ -34,11 +30,13 @@ The trial lasts for **{% data reusables.enterprise.ghec-trial-length %} days** a
 
 * Access to **most** {% data variables.product.prodname_ghe_cloud %} features.{% ifversion metered-ghe-ghas %}
 * {% data variables.product.prodname_copilot_for_business %}
-* {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %} products{% endif %}
+* {% data variables.product.prodname_GH_cs_and_sp %}
 * Access to the **new billing platform**.{% ifversion enhanced-billing-platform %} See [AUTOTITLE](/billing/using-the-new-billing-platform/about-the-new-billing-platform-for-enterprises).{% endif %}{% endif %}
 * An **enterprise account**, which allows you to manage multiple organizations. See [AUTOTITLE](/enterprise-cloud@latest/get-started/learning-about-github/types-of-github-accounts).
 * Up to **50 licenses** to grant access to users.
 
+Your trial **won't** include {% data variables.enterprise.data_residency_short %} on {% data variables.enterprise.data_residency_site %} or access to {% data variables.product.prodname_ghe_server %}. To test these features, contact {% data variables.contact.contact_enterprise_sales %}.
+
 ## Features not included in the trial
 
 * {% data variables.product.prodname_github_codespaces %}
@@ -77,7 +75,7 @@ You can end your trial at any time by purchasing {% data variables.product.prodn
 If you **purchase {% data variables.product.prodname_enterprise %}**:
 
 {% ifversion metered-ghe-ghas %}
-* You can use usage-based billing for {% data variables.product.prodname_ghe_cloud %} and {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %} products{% endif %}, which means you pay monthly for the number of licenses you use. You will not need to buy a predefined number of licenses in advance. See, [AUTOTITLE](/billing/using-the-new-billing-platform/about-usage-based-billing-for-licenses).
+* You can use usage-based billing for {% data variables.product.prodname_ghe_cloud %} and {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %} products{% endif %}, which means you pay monthly for the number of licenses you use. You will not need to buy a predefined number of licenses in advance. See [AUTOTITLE](/billing/using-the-new-billing-platform/about-usage-based-billing-for-licenses).
 
   If you did not set up a free trial and you want to use usage-based billing to pay for {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %} products{% endif %} after the {% data variables.product.prodname_ghe_cloud %} trial ends, contact [{% data variables.product.prodname_dotcom %}'s Sales team](https://enterprise.github.com/contact).{% endif %}
 

content/billing/managing-billing-for-your-products/managing-billing-for-github-actions/about-billing-for-github-actions.md

@@ -20,12 +20,8 @@ shortTitle: Billing for GitHub Actions
 
 ## About billing for {% data variables.product.prodname_actions %}
 
-{% ifversion billing-auth-and-capture %}
-
 {% data reusables.billing.authorization-charge %}
 
-{% endif %}
-
 {% data reusables.actions.actions-billing %}
 
 {% data reusables.actions.actions-spending-limit-brief %} For more information, see [About spending limits](#about-spending-limits).

content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security.md

@@ -1,7 +1,8 @@
 ---
-title: About billing for GitHub Advanced Security
-intro: 'Learn how {% data variables.product.prodname_GH_advanced_security %} costs are calculated and how to get the most from your license.'
-product: '{% data reusables.gated-features.ghas-ghec %}'
+title: About billing for {% data variables.product.prodname_GHAS %}
+intro: '{% ifversion ghes = 3.12 %}Learn how the use of {% data variables.product.prodname_GHAS %} licenses is calculated.{% else %}Learn about the licensing models for {% data variables.product.prodname_AS %} products and how the use of {% data variables.product.prodname_GHAS_cs_and_sp %} licenses is calculated.{% endif %}'
+allowTitleToDifferFromFilename: true
+product: '{% data reusables.gated-features.ghas-billing %}'
 redirect_from:
   - /admin/advanced-security/about-licensing-for-github-advanced-security
   - /billing/managing-licensing-for-github-advanced-security/about-licensing-for-github-advanced-security
@@ -20,173 +21,186 @@ topics:
 shortTitle: Advanced Security billing
 ---
 
+{% ifversion fpt or ghec %}
+{% data variables.product.github %} makes a subset of {% data variables.product.prodname_AS %} features available, free of charge, to all public repositories on {% data variables.product.prodname_dotcom_the_website %}. In addition, you can get insight into your exposure to leaked secrets with a free {% data variables.product.prodname_secret_risk_assessment %}. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization).
+
+You need pay to use {% data variables.product.prodname_AS %} features in private repositories. If you change the visibility of a public repository to private and don't pay for {% data variables.product.prodname_AS %}, {% data variables.product.prodname_AS %} features will be disabled for that repository.
+
+{% endif %}
+
+{% ifversion ghas-products %}
+
+## License types for {% data variables.product.prodname_AS %} products
+
+Licensing for {% data variables.product.prodname_AS %} products is flexible, making it easy for you to choose options that fit your business needs. {% ifversion ghec or ghes %}You can buy volume/subscription licenses for any combination of the following products or use metered billing to pay for your use:{% endif %}
+
+{% data reusables.advanced-security.ghas-products-bullets %}{% ifversion ghec or ghes %}
+* **{% data variables.product.prodname_GHAS %}**, which includes all features in {% data variables.product.prodname_GH_secret_protection %} and {% data variables.product.prodname_GH_code_security %}.{% endif %}
+
+For example, you might start by using {% data variables.product.prodname_GH_secret_protection %} across all repositories, and pilot {% data variables.product.prodname_GH_code_security %} in high-risk repositories. You {% ifversion ghec or ghes %}buy or {% endif %}pay only for the products you need, and expand as you see the benefits to the security of your code.
+
+For more information, see [feature summary and pricing information](https://github.com/enterprise/advanced-security#pricing) and [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
+
+{% else %}
+You can make extra features available to users with a license for {% data variables.product.prodname_AS %} products. For more information, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
+
+{% endif %}
+
 {% ifversion metered-ghe-ghas %}
 
-## Metered billing for {% data variables.product.prodname_GH_advanced_security %}
+## Billing models for {% data variables.product.prodname_AS %} products
 
-If you started a trial of {% data variables.product.prodname_GH_advanced_security %} (GHAS) during your {% data variables.product.prodname_ghe_cloud %} trial on or after August 1, 2024, or if your account is onboarded into metered billing outside of the trial, your billing will be usage-based. This means:
+Each active committer to at least one repository with an {% data variables.product.prodname_AS %} product enabled uses one license. A committer is considered active if one of their commits has been pushed to the repository within the last 90 days, regardless of when it was originally authored.
 
-* You pay for the number of licenses used each month.
-* This applies to both {% data variables.product.prodname_ghe_cloud %} and {% data variables.product.prodname_GH_advanced_security %}.
+There are two different ways to pay for licenses.
 
-There are a few key differences between metered and volume billing for {% data variables.product.prodname_GH_advanced_security %}.
+* **Metered billing** {% ifversion ghec %}introduced from June 2024 onward{% elsif ghes %}available from {% data variables.product.prodname_ghe_server %} 3.13 onward with {% data variables.product.prodname_github_connect %}{% endif %}
 
-* **GHAS Metered billing**
+  * Users can enable {% data variables.product.prodname_GH_cs_or_sp %} independently.
+  * Monthly bill for the number of licenses used by active committers.
+  * No pre-defined license limit.
+  * No overage state, you pay only for what you use.{% ifversion ghec or ghes %}
+  * {% data variables.product.prodname_ghe_server %} use of {% data variables.product.prodname_AS %} products is billed through the linked enterprise account on {% data variables.product.prodname_ghe_cloud %} for hybrid systems.{% endif %}
 
-  * Billed per active committer, with no pre-defined license limit.
-  * No overage state, pay only for what you use.
-  * Server-only users will be added to metered billing. These users are de-duplicated with email matching to avoid double billing.
+* **Volume/subscription billing** available for {% data variables.product.prodname_enterprise %} plans only
 
-* **GHAS Volume/Subscription billing**
-
-  * Purchase a defined number of licenses (for example, 100 licenses).
-  * If usage exceeds purchased licenses, you will need to purchase additional licenses to cover this overage usage.
-
-For more detailed information about these two types of billing, see [AUTOTITLE](/billing/using-the-new-billing-platform/about-usage-based-billing-for-licenses).
-
-### Managing committers and repositories
-
-{% data variables.product.prodname_GH_advanced_security %} is billed per committer and enabled by repository. If you remove a committer from an organization or enterprise, or if you disable {% data variables.product.prodname_GH_advanced_security %} on a repository, the committers will remain billable until the end of the current monthly billing cycle. Prorated billing applies only when a committer starts partway through the month. For examples of how committers are tracked and billed, see [Understanding usage](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security#understanding-usage).
-
-If you have further questions about using {% data variables.product.prodname_GH_advanced_security %}, you can contact your account manager in {% data variables.contact.contact_enterprise_sales %}.
-
-{% data reusables.billing.actions-usage-delay %}
+  * Users must ask the sales team to set up billing.
+  * Purchase a specific number of {% data variables.product.prodname_GHAS_cs_or_sp %} licenses that last for a defined period, typically at least a year.
+  * If the usage of {% data variables.product.prodname_AS %} by active committers exceeds the number of licenses purchased, you need to purchase additional licenses to cover this overage usage.
 
 {% endif %}
 
-## About licenses for {% data variables.product.prodname_GH_advanced_security %}
+{% ifversion metered-ghe-ghas %}
 
-{% ifversion billing-auth-and-capture %}
-
-{% data reusables.billing.authorization-charge %}
-
-{% endif %}
+## Managing committers and costs
 
 {% ifversion fpt %}
 
-{% data reusables.advanced-security.ghas-license-info-for-fpt %}
-
-> [!NOTE]
-> If you change the visibility of a public repository to private then {% data variables.product.prodname_GH_advanced_security %} will be disabled for that repository.
-
-For pricing details for {% data variables.product.prodname_GH_advanced_security %}, see our [pricing information](https://github.com/enterprise/advanced-security#pricing).
-
-{% data reusables.advanced-security.ghas-products-tip %}
-
-{% elsif ghec %}
-
-If you want to use {% data variables.product.prodname_GH_advanced_security %} features on any repository apart from a public repository on {% data variables.product.prodname_dotcom_the_website %}, you will need a {% data variables.product.prodname_GH_advanced_security %} license. For more information about {% data variables.product.prodname_GH_advanced_security %}, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
-
-{% data reusables.advanced-security.ghas-products-tip %}
-
-{% ifversion security-configurations %}
-{% data reusables.security-configurations.managing-GHAS-licenses %}
-
-{% endif %}
-
-{% data reusables.advanced-security.ghas-trial-availability %} See [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security).
-
-{% data reusables.advanced-security.ghas-trial-invoiced %}
-
-For other billing-related questions, contact {% data variables.contact.github_support %}.
-
-{% elsif ghes %}
-
-You can make extra features available to users by buying and uploading a license for {% data variables.product.prodname_GH_advanced_security %}. For more information about {% data variables.product.prodname_GH_advanced_security %}, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
-
-{% data reusables.advanced-security.ghas-products-tip %}
-
-{% ifversion security-configurations %}
-{% data reusables.security-configurations.managing-GHAS-licenses %}
-
-{% endif %}
-
-{% endif %}
-
-{% ifversion ghes or ghec %}
-
-## License size
-
-{% ifversion metered-ghe-ghas %}
-
-> [!IMPORTANT] If you have access to usage-based billing for {% data variables.product.prodname_GH_advanced_security %}, you will pay for the licenses you use each month and will not have a license limit. See [AUTOTITLE](/billing/using-the-enhanced-billing-platform-for-enterprises/about-usage-based-billing-for-licenses).
-
-{% endif %}
-
-Each license for {% data variables.product.prodname_GH_advanced_security %} specifies a maximum number of accounts that can use these features. Each active committer to at least one repository with the feature enabled uses one license. A committer is considered active if one of their commits has been pushed to the repository within the last 90 days, regardless of when it was originally authored.
-
-When you remove a user from your enterprise account, the user's license is freed within 24 hours.
-
-{% ifversion ghes %}
-You can determine how many licenses you'll need for {% data variables.product.prodname_GH_advanced_security %} by generating a count of your instance's active committers in the site admin dashboard. See [AUTOTITLE](/admin/configuration/configuring-your-enterprise/site-admin-dashboard#advanced-security-committers).
-{% endif %}
-
-If you are over your license limit, {% data variables.product.prodname_GH_advanced_security %} continues to work on all repositories where it is already enabled. However, in organizations where {% data variables.product.prodname_GH_advanced_security %} is enabled for new repositories, repositories will be created with the feature deactivated. In addition, the option to enable {% data variables.product.prodname_GH_advanced_security %} for existing repositories will not be available.
-
-As soon as you free up some licenses, by deactivating {% data variables.product.prodname_GH_advanced_security %} for some repositories or by increasing your license size, the options for activating {% data variables.product.prodname_GH_advanced_security %} will work again as normal.
-
-You can enforce policies to allow or disallow the use of {% data variables.product.prodname_advanced_security %} by organizations owned by your enterprise account. See [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-advanced-security-in-your-enterprise).
-
-For more information on viewing license usage, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage).
-
-## Active committers and unique committers
-
-We record and display two numbers of active committers for {% data variables.product.prodname_GH_advanced_security %} on {% data variables.location.product_location %}:
-
-* **Active committers** is the number of committers who contributed to at least one {% ifversion fpt or ghec %}private {% endif %}organization-owned repository{% ifversion secret-scanning-user-owned-repos %} or one user-owned repository{% ifversion ghec %} when using {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_emus %}{% endif %}{% endif %}, and who use a license in your enterprise. That is, they are also an organization member, an external collaborator, or have a pending invitation to join an organization in your enterprise, and they are not a {% data variables.product.prodname_github_app %} bot. For information about differences between bot and machine accounts, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/differences-between-github-apps-and-oauth-apps#machine-vs-bot-accounts).
-* **Unique to this repository/organization** is the number of active committers who contributed only to this repository, or to repositories in this organization. This number shows how many licenses you can free up by deactivating {% data variables.product.prodname_GH_advanced_security %} for that repository or organization.
-
-If there are no unique active committers, all active committers also contribute to other repositories or organizations that use {% data variables.product.prodname_GH_advanced_security %}. Deactivating the feature for that repository or organization would not free any licenses for {% data variables.product.prodname_GH_advanced_security %}.
-
-> [!NOTE] Users can contribute to multiple repositories or organizations. Usage is measured across the whole enterprise account to ensure that each member uses one license regardless of how many repositories or organizations the user contributes to.
-
-When you activate or deactivate {% data variables.product.prodname_advanced_security %} for repositories, {% data variables.product.prodname_dotcom %} displays an overview of changes to the use of your license. If you deactivate access to {% data variables.product.prodname_GH_advanced_security %}, any licenses used by unique active committers are freed up.
-
-{% ifversion ghec %}
-For more information on managing the number of committers, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/managing-your-github-advanced-security-licensing).
-{% endif %}
-
-## Understanding usage
-
-{% ifversion metered-ghe-ghas %}
-
-The following example timeline demonstrates how active committer count for {% data variables.product.prodname_GH_advanced_security %} could change over time in an enterprise. For each month, you will find events, along with the resulting committer count and the effect on usage-based billing.
-
-| Date | Events during the month | Total committers | Effect on usage-based billing |
-| :- | :- | -: | :- |
-| <span style="white-space: nowrap;">April 15</span> | A member of your enterprise enables {% data variables.product.prodname_GH_advanced_security %} for repository **X**. Repository **X** has 50 committers over the past 90 days. | **50** | Billing begins for 50 committers. |
-| <span style="white-space: nowrap;">May 1</span> | Developer **A** leaves the team working on repository **X**. Developer **A**'s contributions continue to count for 90 days. | **50** | No immediate change. Developer **A** continues to be billed until their contributions are inactive for 90 days. |
-| <span style="white-space: nowrap;">August 1</span> | Developer **A**'s contributions no longer count towards the licenses required, because 90 days have passed. | 50 - 1 =<br>**49** | Developer **A** is removed from the billing count, reducing the billable committers to 49. |
-| <span style="white-space: nowrap;">August 15</span> | A member of your enterprise enables {% data variables.product.prodname_GH_advanced_security %} for a second repository, repository **Y**. In the last 90 days, a total of 20 developers contributed to that repository. Of those 20 developers, 10 also recently worked on repo **X** and do not require additional licenses. | 49 + 10 =<br>**59** | Billing increases to 59 committers, accounting for the 10 additional unique contributors. |
-| <span style="white-space: nowrap;">August 16</span> | A member of your enterprise disables {% data variables.product.prodname_GH_advanced_security %} for repository **X**. Of the 49 developers who were working on repository **X**, 10 still also work on repository **Y**, which has a total of 20 developers contributing in the last 90 days. | 49 - 29 =<br>**20** | Billing for repository **X** continues until the end of the monthly billing cycle, but the overall billing count decreases to 20 committers for the next cycle. |
+With a {% data variables.product.prodname_team %} plan, you manage committers and costs by controlling usage. The options available depend on your billing platform.
 
 {% else %}
 
-The following example timeline demonstrates how active committer count for {% data variables.product.prodname_GH_advanced_security %} could change over time in an enterprise. For each month, you will find events, along with the resulting committer count.
+The options available for managing committers and costs depend on your billing model and the billing platform you use.
 
-| Date | Events during the month | Total committers |
-| :- | :- | -: |
-| <span style="white-space: nowrap;">April 15</span> | A member of your enterprise enables {% data variables.product.prodname_GH_advanced_security %} for repository **X**. Repository **X** has 50 committers over the past 90 days. | **50** |
-| <span style="white-space: nowrap;">May 1</span> | Developer **A** leaves the team working on repository **X**. Developer **A**'s contributions continue to count for 90 days. | **50** | **50** |
-| <span style="white-space: nowrap;">August 1</span> | Developer **A**'s contributions no longer count towards the licenses required, because 90 days have passed. | 50 - 1 =<br>**49** |
-| <span style="white-space: nowrap;">August 15</span> | A member of your enterprise enables {% data variables.product.prodname_GH_advanced_security %} for a second repository, repository **Y**. In the last 90 days, a total of 20 developers contributed to that repository. Of those 20 developers, 10 also recently worked on repo **X** and do not require additional licenses. | 49 + 10 =<br>**59** |
-| <span style="white-space: nowrap;">August 16</span> | A member of your enterprise disables {% data variables.product.prodname_GH_advanced_security %} for repository **X**. Of the 49 developers who were working on repository **X**, 10 still also work on repository **Y**, which has a total of 20 developers contributing in the last 90 days. | 49 - 29 =<br>**20** |
+### Metered billing
+<!--Metered billing is the only option for GitHub Teams so no heading required -->
 
 {% endif %}
 
-> [!NOTE] A user will be flagged as active when their commits are pushed to any branch of a repository, even if the commits were authored more than 90 days ago.
+Your use of {% data variables.product.prodname_AS %} is billed per committer and enabled by repository. If you remove a committer from an organization{% ifversion ghec or ghes %} or enterprise{% endif %}, or if you disable all {% data variables.product.prodname_GH_cs_or_sp %} features for a repository, the committers will remain billable until the end of the current monthly billing cycle. Prorated billing applies only when a committer starts partway through the month. For examples of how committers are tracked and billed, see [Understanding usage](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security#understanding-usage).
 
-## Getting the most out of {% data variables.product.prodname_GH_advanced_security %}
+You can control usage and costs with {% ifversion ghec %}cost centers, policies, {% endif %}budgets and alerts. See {% data reusables.advanced-security.control-use-cost-links %}.
 
-When you decide which repositories and organizations to prioritize for {% data variables.product.prodname_GH_advanced_security %}, you should review them and identify:
-
-* Codebases that are the most critical to your company's success. These are the projects for which the introduction of vulnerable code, hard-coded secrets, or insecure dependencies would have the greatest impact on your company.
-* Codebases with the highest commit frequency. These are the most actively developed projects, consequently there is a higher risk that security problems could be introduced.
-
-When you have enabled {% data variables.product.prodname_GH_advanced_security %} for these organizations or repositories, assess which other codebases you could add without incurring billing for unique active committers. Finally, review the remaining important and busy codebases. If you want to increase the number of licensed active committers, contact {% data variables.contact.contact_enterprise_sales %}.
+{% data reusables.billing.actions-usage-delay %}
 
 {% ifversion ghas-in-license-sync %}
 If your enterprise uses {% data variables.product.prodname_GH_advanced_security %} on both {% data variables.product.prodname_ghe_server %} and {% data variables.product.prodname_ghe_cloud %}, you can ensure users aren't consuming multiple licenses unnecessarily by synchronizing license usage between environments.{% ifversion ghec %} {% data variables.product.prodname_GH_advanced_security %} is included in license sync in {% data variables.product.prodname_ghe_server %} version 3.12 and later.{% endif %} See [AUTOTITLE](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud).
 {% endif %}
 
 {% endif %}
+
+{% ifversion ghec or ghes > 3.12 %}
+<!--Volume/Subscription billing for GHCS and GH SP is not available for GitHub Teams-->
+### Volume/subscription billing
+
+{% elsif ghes < 3.13 %}
+<!--Volume/Subscription billing is the only option for GHES 3.12-->
+## License size
+
+{% endif %}
+
+Each license specifies a maximum number of accounts that can use {% data variables.product.prodname_AS %}. Each active committer to at least one repository with the product enabled consumes one license. When you remove a user from your {% data variables.enterprise.enterprise_or_org %} account, the user's license is freed within 24 hours.
+
+If you exceed your license limit, features controlled by {% data variables.product.prodname_AS %} licensing continue to work on all repositories where they are already enabled. However, you will not be able to enable {% data variables.product.prodname_GH_cs_or_sp %} on any additional repositories. Any new repositories created in organizations where {% data variables.product.prodname_GH_cs_or_sp %} are configured to be enabled automatically will be created with the products disabled.
+
+As soon as you make licenses available, by disabling {% data variables.product.prodname_GH_cs_or_sp %} in some repositories, or by increasing your license size, the options for enabling {% data variables.product.prodname_GH_cs_and_sp %} will work again as normal. {% ifversion ghes %}All standalone instances of {% data variables.product.prodname_ghe_server %} use volume/subscription licenses. Contact [{% data variables.product.github %}'s Sales team](https://enterprise.github.com/contact) if you want to make changes to your license.{% endif %}
+
+You can enforce policies to allow or disallow the use of {% data variables.product.prodname_advanced_security %} by organizations owned by your enterprise account. See [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-advanced-security-in-your-enterprise).
+
+## Active and unique committers
+
+The number of unique, active committers who use {% data variables.product.prodname_GH_cs_or_sp %} controls your license use.
+
+{% ifversion security-configurations %}You can see the active and unique committers to an organization on the Global settings page for {% data variables.product.UI_advanced_security %}. Under "{% data variables.product.prodname_secret_protection %} repositories" and "{% data variables.product.prodname_code_security %} repositories" summary and repository-level details are reported. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization).{% endif %}
+
+{% ifversion fpt %}
+* **Active committers** is the number of committers who contributed to at least one organization-owned repository, and who use a license in your organization. That is, they are also an organization member, an external collaborator, or have a pending invitation to join your organization, and they are not a {% data variables.product.prodname_github_app %} bot.
+{% else %}
+* **Active committers** is the number of committers who contributed to at least one organization-owned repository{% ifversion secret-scanning-user-owned-repos %} or one user-owned repository{% endif %}, and who use a license in your enterprise. That is, they are also an organization member, an external collaborator, or have a pending invitation to join an organization in your enterprise, and they are not a {% data variables.product.prodname_github_app %} bot.
+{% endif %} For information about differences between bot and machine accounts, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/differences-between-github-apps-and-oauth-apps#machine-vs-bot-accounts).
+* **Unique committers** is the number of active committers who contributed only to a repository, or to repositories in an organization. This number shows how many licenses you can free up by disabling {% data variables.product.prodname_GH_cs_or_sp %} for that repository or organization.
+
+If there are no unique committers to a repository or organization, all active committers also contribute to other repositories or organizations that use {% data variables.product.prodname_AS %} licenses. Disabling a product for that repository or organization would not free any licenses or lower your usage costs.
+
+{% ifversion fpt or ghec %}
+
+<!--GHES does not have a billing platform, it is either part of a hybrid GHEC/GHES instance where billing (metered or volume) is managed through the linked GHEC enterprise account, or it is a standalone GHES instance that uses a volume/subscription license.-->
+
+## Billing platforms
+
+In June 2024 {% data variables.product.github %} introduced a new billing platform to provide greater insight and control over the use of paid products. {% ifversion fpt or ghec %}All {% data variables.enterprise.enterprise_or_org %}s are being migrated over to the new billing platform.{% endif %}
+
+### New billing platform
+
+{% ifversion fpt %}
+1. In the upper-right corner of any page on {% data variables.product.prodname_dotcom %}, select your profile photo.
+1. For **organizations**, click **Your organizations**, then next to the organization, click **Settings**.
+
+If your organization uses the new billing platform, there will be a **{% octicon "credit-card" aria-hidden="true" %} Billing & Licensing** option in the sidebar, see [AUTOTITLE](/billing/using-the-new-billing-platform).
+{% elsif ghec %}
+{% data reusables.enterprise-accounts.access-enterprise %}
+
+If your enterprise uses the new billing platform, there will be a **{% octicon "credit-card" aria-hidden="true" %} Billing & Licensing** tab, see [AUTOTITLE](/billing/using-the-new-billing-platform).
+{% endif %}
+
+### Original billing platform
+
+Each {% data variables.enterprise.enterprise_or_org %} on the original billing platform is contacted by {% data variables.product.github %} in advance of their migration to the new billing platform. If you have not been contacted yet, then you probably use the original billing platform, see [AUTOTITLE](/billing/using-the-billing-platform).
+
+{% endif %}
+
+## Understanding usage
+
+Users can contribute to multiple repositories or organizations. Usage is measured across the whole {% data variables.enterprise.enterprise_or_org %} to ensure that each member uses one license regardless of how many repositories or organizations the user contributes to.
+
+When you enable or disable {% data variables.product.prodname_GH_cs_or_sp %} for one or more repositories, {% data variables.product.github %} displays an overview of how this will change your usage.
+
+{% ifversion metered-ghe-ghas %}
+
+* Metered billing, showing an increase or reduction in the number of active committers using licenses.
+* Volume/subscription billing, showing the number of licenses used or freed by unique active committers.
+
+The following example timeline demonstrates how the active committer count for {% data variables.product.prodname_AS %} products could change over time in an enterprise. For each month, you will find events, along with the resulting committer count and the effect on usage-based billing.
+
+> [!NOTE] A user is flagged as active when their commits are pushed to any branch of a repository, even if the commits were authored more than 90 days ago.
+
+| Date | Events during the month | Total committers | Effect on usage-based billing |
+| :- | :- | -: | :- |
+| <span style="white-space: nowrap;">April 15</span> | A member of your enterprise enables {% data variables.product.prodname_GH_cs_and_sp %} for repository **X**. Repository **X** has 50 committers over the past 90 days. | **50** | Billing begins for 50 committers. |
+| <span style="white-space: nowrap;">May 1</span> | Developer **A** leaves the team working on repository **X**. Developer **A**'s contributions continue to count for 90 days. | **50** | No immediate change. Developer **A** continues to be billed until their contributions are inactive for 90 days. |
+| <span style="white-space: nowrap;">August 1</span> | Developer **A**'s contributions no longer count towards the licenses required, because 90 days have passed. | 50 - 1 =<br>**49** | Developer **A** is removed from the billing count, reducing the billable committers to 49. |
+| <span style="white-space: nowrap;">August 15</span> | A member of your enterprise enables {% data variables.product.prodname_GH_cs_and_sp %} for a second repository, repository **Y**. In the last 90 days, a total of 20 developers contributed to that repository. Of those 20 developers, 10 also recently worked on repo **X** and do not require additional licenses. | 49 + 10 =<br>**59** | Billing increases to 59 committers, accounting for the 10 additional unique contributors. |
+| <span style="white-space: nowrap;">August 16</span> | A member of your enterprise disables {% data variables.product.prodname_GH_cs_and_sp %} for repository **X**. Of the 49 developers who were working on repository **X**, 10 still also work on repository **Y**, which has a total of 20 developers contributing in the last 90 days. | 49 - 29 =<br>**20** | Billing for repository **X** continues until the end of the monthly billing cycle, but the overall billing count decreases to 20 committers for the next cycle. |
+
+{% else %}
+
+The following example timeline demonstrates how active committer count for {% data variables.product.prodname_AS %} could change over time in an enterprise. For each month, you will find events, along with the resulting committer count.
+
+| Date | Events during the month | Total committers |
+| :- | :- | -: |
+| <span style="white-space: nowrap;">April 15</span> | A member of your enterprise enables {% data variables.product.prodname_GHAS %} for repository **X**. Repository **X** has 50 committers over the past 90 days. | **50** |
+| <span style="white-space: nowrap;">May 1</span> | Developer **A** leaves the team working on repository **X**. Developer **A**'s contributions continue to count for 90 days. | **50** | **50** |
+| <span style="white-space: nowrap;">August 1</span> | Developer **A**'s contributions no longer count towards the licenses required, because 90 days have passed. | 50 - 1 =<br>**49** |
+| <span style="white-space: nowrap;">August 15</span> | A member of your enterprise enables {% data variables.product.prodname_GHAS %} for a second repository, repository **Y**. In the last 90 days, a total of 20 developers contributed to that repository. Of those 20 developers, 10 also recently worked on repo **X** and do not require additional licenses. | 49 + 10 =<br>**59** |
+| <span style="white-space: nowrap;">August 16</span> | A member of your enterprise disables {% data variables.product.prodname_GHAS %} for repository **X**. Of the 49 developers who were working on repository **X**, 10 still also work on repository **Y**, which has a total of 20 developers contributing in the last 90 days. | 49 - 29 =<br>**20** |
+
+{% endif %}
+
+## Further reading
+
+* [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage)
+{%- ifversion metered-ghe-ghas %}{% ifversion ghec %}
+* [AUTOTITLE](/enterprise-cloud@latest/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/managing-your-github-advanced-security-licensing){% elsif ghes %}
+* [AUTOTITLE](/enterprise-cloud@latest/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/managing-your-github-advanced-security-licensing) in the documentation for {% data variables.product.prodname_ghe_cloud %}{% endif %}
+* {% ifversion fpt or ghec %}[AUTOTITLE](/billing/using-the-new-billing-platform/preventing-overspending){% elsif ghes %}[AUTOTITLE](/enterprise-cloud@latest/billing/using-the-new-billing-platform/preventing-overspending) in the documentation for {% data variables.product.prodname_ghe_cloud %}{% endif %}
+{% endif %}

content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/index.md

@@ -1,8 +1,7 @@
 ---
-title: Managing billing for GitHub Advanced Security
-shortTitle: GitHub Advanced Security
-intro: 'You can view and manage your use of seats on a license for {% data variables.product.prodname_GH_advanced_security %}.'
-product: '{% data reusables.gated-features.ghas-ghec %}'
+title: 'Managing billing for {% data variables.product.prodname_GHAS %} products'
+shortTitle: '{% data variables.product.prodname_GHAS %}'
+intro: 'You can view and manage the cost of {% data variables.product.prodname_GHAS %} products{% ifversion ghec %}, whether you have volume/subscription licenses or are using the new metered-billing license consumption model{% endif %}.'
 redirect_from:
   - /billing/managing-licensing-for-github-advanced-security
   - /github/setting-up-and-managing-billing-and-payments-on-github/managing-licensing-for-github-advanced-security
@@ -12,11 +11,12 @@ versions:
   ghes: '*'
   ghec: '*'
 children:
-  - /setting-up-a-trial-of-github-advanced-security
   - /about-billing-for-github-advanced-security
+  - /setting-up-a-trial-of-github-advanced-security
   - /signing-up-for-github-advanced-security
+  - /viewing-your-github-advanced-security-usage
+  - /migrating-from-ghas-to-cs-and-sp
   - /viewing-committer-information-for-github-advanced-security
   - /managing-your-github-advanced-security-licensing
-  - /viewing-your-github-advanced-security-usage
 
 ---

content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/managing-your-github-advanced-security-licensing.md

@@ -1,8 +1,8 @@
 ---
-title: Managing your GitHub Advanced Security licensing
-intro: 'You can add or remove {% data variables.product.prodname_GH_advanced_security %} licenses for your enterprise.'
-permissions: 'Enterprise owners can manage licensing for {% data variables.product.prodname_GH_advanced_security %}.'
-product: '{% data reusables.gated-features.ghas-ghec %}'
+title: Managing volume/subscription licenses for {% data variables.product.prodname_AS %}
+intro: 'You can monitor and control the availability and consumption of licenses for {% data variables.product.prodname_AS %} in repositories in your enterprise.'
+allowTitleToDifferFromFilename: true
+permissions: 'Enterprise owners with **volume/subscription licenses** for {% data variables.product.prodname_AS %}. </br>For metered usage on the new platform, see [AUTOTITLE](/billing/using-the-new-billing-platform/preventing-overspending).'
 versions:
   ghec: '*'
 type: how_to
@@ -11,40 +11,31 @@ redirect_from:
 topics:
   - Advanced Security
   - Enterprise
-shortTitle: Manage Advanced Security licensing
+shortTitle: Volume/subscription GHAS license
 ---
-## About licensing for {% data variables.product.prodname_GH_advanced_security %}
 
-Each license for {% data variables.product.prodname_GH_advanced_security %} specifies a maximum number of accounts that can use these features. Each active committer to at least one repository with the feature enabled uses one license. A committer is considered active if one of their commits has been pushed to the repository within the last 90 days, regardless of when it was originally authored. For more information about committer numbers, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security). For information about purchasing a license, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/signing-up-for-github-advanced-security).
+There are two different ways to pay for {% data variables.product.prodname_GHAS_cs_and_sp %} licenses: volume/subscription licenses purchased in advance or usage-based metered billing paid in arrears. This article is about volume/subscription licenses. For information about the two different billing models, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
 
-{% data reusables.advanced-security.ghas-products-tip %}
+For information about using policies to control use of licenses in your enterprise, see [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-advanced-security-in-your-enterprise).
 
-## Managing the number of committers in your subscription
-
-{% ifversion security-configurations %}
-
-{% data reusables.security-configurations.managing-GHAS-licenses %}
-
-{% endif %}
+## Changing the size of your license
 
 {% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.license-tab %}
-1. Under "{% data variables.product.prodname_GH_advanced_security %}", click **Committers**.
+{% data reusables.enterprise-accounts.licensing-tab-both-platforms %}
+1. Under "{% data variables.product.prodname_AS %}" you will see the consumption of licenses for {% data variables.product.prodname_GH_cs_and_sp %}.
 
-   ![Screenshot of the {% data variables.product.prodname_GH_advanced_security %} licensing screen. The "Committers" dropdown is highlighted with an orange line.](/assets/images/help/enterprises/ghas-committers-dropdown.png)
-1. Under "Committers", click **Manage committers**.
-1. Under "Total committers", click the plus or minus buttons to add or remove committers.
+   ![Screenshot of the {% data variables.product.prodname_GH_advanced_security %} licensing screen. The "Manage licenses" button is outlined in orange.](/assets/images/help/enterprises/ghas-licenses-dropdown.png)
 
-   ![Screenshot of the {% data variables.product.prodname_GH_advanced_security %} committers screen. A text box with the number 5, with a minus and a plus button, are outlined in orange.](/assets/images/help/enterprises/ghas-add-committers.png)
-1. Click **Update committers**.
+1. To add new licenses, select {% octicon "kebab-horizontal" aria-label="Open menu" %}, then click **Manage licenses**.
+1. Under "Total licenses", click the plus or minus buttons to add or remove licenses.
+
+   ![Screenshot of the {% data variables.product.prodname_AS %} license screen. A text box with the number 5, with a minus and a plus button, are outlined in orange.](/assets/images/help/enterprises/ghas-add-licenses.png)
+
+1. Click **Confirm licenses**.
 
 ## Canceling your {% data variables.product.prodname_GH_advanced_security %} subscription
 
 {% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.license-tab %}
-1. To the right of "{% data variables.product.prodname_GH_advanced_security %}", click **Manage**, then click **Cancel Subscription**.
-
-   ![Screenshot of the "Manage" dropdown in the {% data variables.product.prodname_GH_advanced_security %} licensing screen. The "Cancel Subscription" button is outlined in orange.](/assets/images/help/enterprises/ghas-cancel-subscription.png)
-1. To confirm your cancellation, click **I understand, cancel Advanced Security**.
+{% data reusables.enterprise-accounts.licensing-tab-both-platforms %}
+1. To the right of "{% data variables.product.prodname_AS %}", select {% octicon "kebab-horizontal" aria-label="Open menu" %}, then click **Cancel subscription**.
+1. To confirm your cancellation, click **I understand, cancel {% data variables.product.prodname_AS %}**.

content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/migrating-from-ghas-to-cs-and-sp.md

@@ -0,0 +1,64 @@
+---
+title: Migrating from {% data variables.product.prodname_GHAS %} to {% data variables.product.prodname_cs_and_sp %}
+intro: 'Learn how you can migrate from a combined license for {% data variables.product.prodname_AS %} features to one of the new SKUs.'
+allowTitleToDifferFromFilename: true
+product: '{% data reusables.gated-features.ghas-billing %}'
+versions:
+  ghec: '*'
+  ghes: '> 3.16'
+type: how_to
+topics:
+  - Advanced Security
+  - Enterprise
+  - Licensing
+  - Code Security
+  - Secret Protection
+shortTitle: Migrating to new GHAS SKUs
+---
+
+## New SKUs for {% data variables.product.prodname_AS %} features
+
+<!-- expires 2025-05-31 -->
+
+<!-- On expiry, check with the stakeholder. If nothing else, remove the date from the start of this paragraph and check the information for Metered-billing users is still appropriate. Possibly the whole article can be deleted. Reference: release 5202 -->
+
+From April 1, 2025, {% data variables.product.prodname_AS %} features are available under two separate stock keeping units (SKUs) for {% data variables.product.prodname_team %} and {% data variables.product.prodname_ghe_cloud %} users. {% data variables.product.prodname_ghe_server %} users will be able to use the two new SKUs from version 3.17.
+
+<!-- end expires 2025-05-31 -->
+
+{% data reusables.advanced-security.ghas-products-bullets %}
+
+For detailed information about the separate SKUs, see [feature summary and pricing information](https://github.com/enterprise/advanced-security#pricing) and [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
+
+## New users of {% data variables.product.prodname_AS %}
+
+{% data variables.product.prodname_ghe_cloud %} users who don't already use {% data variables.product.prodname_GHAS %}, and {% data variables.product.prodname_team %} users, can start using {% data variables.product.prodname_cs_and_sp %} with metered billing immediately.
+
+To get started, apply the GitHub-recommended security configuration or a custom configuration to one or more repositories. Applying a configuration with {% data variables.product.prodname_cs_or_sp %} enabled to internal or private repositories will be tracked and billed by active, unique committer.
+
+For more information, see:
+
+* [Metered billing](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security#metered-billing)
+* [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)
+* [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration)
+* [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage)
+
+In addition, enterprise customers can talk to their existing account team or [request a demo](https://github.com/security/advanced-security/secret-protection).
+
+## Existing  {% data variables.product.prodname_AS %} users
+
+If you already pay to use {% data variables.product.prodname_AS %} features, the migration options available to you depend on your existing billing model.
+
+### Metered billing users
+
+If you are an existing self-serve customer, instructions on how to transition from the combined {% data variables.product.prodname_GHAS %} product to the new {% data variables.product.prodname_GH_cs_and_sp %} SKUs will be announced over the next 30 days.
+
+You'll receive an email notification when the new plans are available to your enterprise. Transitioning to the two separate products will be self-serve and optional.
+
+### Volume/subscription billing users
+
+When your license is due for renewal, you can choose to continue with licenses for {% data variables.product.prodname_GHAS %}, migrate to {% data variables.product.prodname_cs_or_sp %} subscription licenses, or migrate to metered billing.
+
+### Questions?
+
+If you have any questions, contact [{% data variables.product.github %}'s Sales team](https://enterprise.github.com/contact).

content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security.md

@@ -1,8 +1,10 @@
 ---
-title: Setting up a trial of GitHub Advanced Security
-intro: 'You can try {% data variables.product.prodname_GH_advanced_security %} for free.'
-product: '{% data reusables.gated-features.ghas-ghec %}'
+title: Setting up a trial of {% data variables.product.prodname_GHAS %}
+intro: 'You can try the full set of {% data variables.product.prodname_GHAS %} features for free.'
+product: 'Enterprise owners <br> Otherwise, you need a trial of {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_GHAS %}. See [AUTOTITLE](/enterprise-cloud@latest/admin/overview/setting-up-a-trial-of-github-enterprise-cloud) in the {% data variables.product.prodname_ghe_cloud %} docs.'
+allowTitleToDifferFromFilename: true
 versions:
+  fpt: '*'
   ghec: '*'
 type: how_to
 redirect_from:
@@ -13,58 +15,46 @@ topics:
 shortTitle: Set up an Advanced Security trial
 ---
 
-{% ifversion metered-ghe-ghas %}
-
-{% data reusables.billing.ghas-metered-billing-note-with-link %}
-
-{% endif %}
-
-## About {% data variables.product.prodname_GH_advanced_security %}
-
-{% data variables.product.prodname_GH_advanced_security %} provides features that help you improve and maintain the security and quality of code, such as {% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_secret_scanning %}, and dependency review. For more information, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
-
-{% data reusables.advanced-security.ghas-products-tip %}
-
-## About trials of {% data variables.product.prodname_GH_advanced_security %}
-
-There are a few ways to trial {% data variables.product.prodname_GH_advanced_security %}:
-
-* If you are **an existing {% data variables.product.prodname_ghe_cloud %} customer** paying by credit card or PayPal, and you have not yet purchased {% data variables.product.prodname_GH_advanced_security %} or participated in a trial, you can start a trial of {% data variables.product.prodname_GH_advanced_security %} at any time. For more information, see [Setting up your trial of {% data variables.product.prodname_GH_advanced_security %}](#setting-up-your-trial-of-github-advanced-security).
-* If you are **a new {% data variables.product.prodname_ghe_cloud %} customer**, you can start a trial of {% data variables.product.prodname_ghe_cloud %}, which includes {% data variables.product.prodname_GH_advanced_security %}. For more information, see [AUTOTITLE](/enterprise-cloud@latest/admin/overview/setting-up-a-trial-of-github-enterprise-cloud).
-* If you **pay by invoice**, contact {% data variables.contact.contact_enterprise_sales %} to discuss trialing {% data variables.product.prodname_GH_advanced_security %} for your enterprise.
-
-During a trial of {% data variables.product.prodname_GH_advanced_security %} in a {% data variables.product.prodname_ghe_cloud %} account with a paid subscription, you can add any number of committers and enable {% data variables.product.prodname_GH_advanced_security %} for any number of organizations. During a trial of {% data variables.product.prodname_ghe_cloud %}, you can enable {% data variables.product.prodname_GH_advanced_security %} for your whole enterprise.
-
 ## Prerequisites
 
-To set up a trial of {% data variables.product.prodname_GH_advanced_security %}, you must be an owner of an enterprise account. For more information, see [AUTOTITLE](/admin/overview/about-enterprise-accounts) and [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise#enterprise-owners).
+To set up a trial of {% data variables.product.prodname_GHAS %} using this method, you must meet the following criteria:
 
-## Setting up your trial of {% data variables.product.prodname_GH_advanced_security %}
+1. Be an owner of an enterprise account. See [AUTOTITLE](/enterprise-cloud@latest/admin/overview/about-enterprise-accounts).
+1. Pay by credit card or PayPal.
+1. Have not previously purchased or had a trial of {% data variables.product.prodname_GHAS %}.
+
+> [!TIP]
+> * **No enterprise account?** Start a trial of {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_GHAS %}. See [AUTOTITLE](/enterprise-cloud@latest/admin/overview/setting-up-a-trial-of-github-enterprise-cloud).
+> * **Pay by invoice** Contact {% data variables.contact.contact_enterprise_sales %} to arrange a trial.
+
+## Setting up your trial of {% data variables.product.prodname_GHAS %}
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.license-tab %}
-1. To the right of "{% data variables.product.prodname_GH_advanced_security %}", click **Start free trial**.
+{% data reusables.enterprise-accounts.licensing-tab-both-platforms %}
+1. To the right of "{% data variables.product.prodname_GHAS %}", click **Start free trial**.
 1. Click **Start trial**.
 
+   During a trial of {% data variables.product.prodname_GHAS %}, you can add any number of committers and enable {% data variables.product.prodname_GH_cs_and_sp %} for any number of organizations.
+
 ## Finishing your trial
 
-You can finish your trial at any time by purchasing {% data variables.product.prodname_GH_advanced_security %}. If you haven't purchased {% data variables.product.prodname_GH_advanced_security %} by the end of the 30 days, your trial will expire.
+You can finish your trial at any time by purchasing licenses for {% data variables.product.prodname_GH_cs_or_sp %}. If you haven't made a purchase by the end of the 30 days, your trial will expire.
 
 {% ifversion metered-ghe-ghas %}
 
-If you pay for {% data variables.product.prodname_ghe_cloud %} with usage-based billing, but did not set up a free trial of {% data variables.product.prodname_GH_advanced_security %}, you can still use usage-based billing to pay for {% data variables.product.prodname_GH_advanced_security %} after the {% data variables.product.prodname_ghe_cloud %} trial ends. For more information, contact [{% data variables.product.prodname_dotcom %}'s Sales team](https://enterprise.github.com/contact).
+If you pay for {% data variables.product.prodname_ghe_cloud %} with metered billing, but did not set up a free trial of {% data variables.product.prodname_GHAS %}, you can still use metered-based billing to pay for {% data variables.product.prodname_AS %} products after the {% data variables.product.prodname_ghe_cloud %} trial ends. For more information, contact [{% data variables.product.prodname_dotcom %}'s Sales team](https://enterprise.github.com/contact).
 
 {% endif %}
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.license-tab %}
-1. To the right of "{% data variables.product.prodname_GH_advanced_security %} trial", select the **Manage** dropdown menu and click **Purchase**.
+{% data reusables.enterprise-accounts.licensing-tab-both-platforms %}
+1. To the right of "{% data variables.product.prodname_GHAS %} trial", select the **Manage** dropdown menu and click **Purchase**.
 {% data reusables.advanced-security.purchase-ghas %}
 
 ## Further reading
 
 * [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)
-* [AUTOTITLE](/code-security/adopting-github-advanced-security-at-scale)
 * [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale)
+* [AUTOTITLE](/code-security/adopting-github-advanced-security-at-scale)

content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/signing-up-for-github-advanced-security.md

@@ -1,9 +1,11 @@
 ---
-title: Signing up for GitHub Advanced Security
-intro: "You can sign up for {% data variables.product.prodname_GH_advanced_security %} from your enterprise account's settings to take advantage of extra security features that {% data variables.product.prodname_dotcom %} makes available to customers under a {% data variables.product.prodname_GH_advanced_security %} license."
-permissions: 'Enterprise owners can sign up for {% data variables.product.prodname_GH_advanced_security %}.'
-product: '{% data reusables.gated-features.ghas-ghec %}'
+title: Signing up for {% data variables.product.prodname_GHAS %}
+intro: "You can sign up for {% data variables.product.prodname_GHAS %} products from your {% data variables.enterprise.enterprise_or_org %} account's settings to prevent data leaks and keep vulnerablities out of your codebase."
+allowTitleToDifferFromFilename: true
+permissions: '{% ifversion fpt %}Organization{% else %}Enterprise{% endif %} owners can sign up for {% data variables.product.prodname_GH_cs_or_sp %}'
+product: '{% data reusables.gated-features.ghas-billing %}'
 versions:
+  fpt: '*'
   ghec: '*'
 type: how_to
 redirect_from:
@@ -13,26 +15,43 @@ topics:
   - Enterprise
 shortTitle: Sign up for Advanced Security
 ---
-{% ifversion metered-ghe-ghas %}
 
-{% data reusables.billing.ghas-metered-billing-note-with-link %}
+## Checking your current plan
 
-{% endif %}
+Your organization must use a {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %} plan before you can enable {% data variables.product.prodname_GH_cs_or_sp %} on private repositories.
 
-## Purchasing {% data variables.product.prodname_GH_advanced_security %}
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+{% data reusables.organizations.billing_plans_or_licensing %}
 
-{% data reusables.advanced-security.ghas-products-tip %}
+Your current plan is shown with any options to upgrade to a different plan.
+
+## Starting to use {% data variables.product.prodname_AS %}
+
+{% ifversion fpt %}
+If your organization uses a {% data variables.product.prodname_team %} plan, you are ready to start enabling {% data variables.product.prodname_GH_cs_and_sp %} at the organization and repository level. Whenever you enable a feature or apply a configuration, a modal dialog shows detailed information with estimated billing changes. You can confirm your change or return to the page without making changes.
+
+The most effective way to control and enable these features is using security configurations, see [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/choosing-a-security-configuration-for-your-repositories).
+
+{% elsif ghec %}
+If you use volume/subscription billing, then you will need to purchase licenses before you can start using {% data variables.product.prodname_GH_cs_or_sp %} on private or internal repositories.
+
+If your enterprise uses metered billing, then you are ready to start enabling {% data variables.product.prodname_GH_cs_and_sp %} at the enterprise, organization, and repository level. Whenever you enable a feature or apply a configuration, a modal dialog shows detailed information with estimated billing changes. You can confirm your change or return to the page without making changes.
+
+## Purchasing licenses for {% data variables.product.prodname_GH_cs_or_sp %}
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.license-tab %}
+{% data reusables.enterprise-accounts.licensing-tab-both-platforms %}
 1. To the right of "GitHub Advanced Security", click **Buy Advanced Security**.
 
    ![Screenshot of the {% data variables.product.prodname_GH_advanced_security %} section of the enterprise licensing screen. The "Buy Advanced Security" button is outlined in orange.](/assets/images/help/enterprises/ghas-buy-advanced-security-button.png)
 
 {% data reusables.advanced-security.purchase-ghas %}
 
+{% endif %}
+
 ## Further reading
 
-* [Introduction to adopting {% data variables.product.prodname_GH_advanced_security %} at scale](/code-security/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale)
-* [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale)
+* [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale){% ifversion ghec %}
+* [AUTOTITLE](/code-security/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale){% endif %}

content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-committer-information-for-github-advanced-security.md

@@ -1,7 +1,8 @@
 ---
-title: Viewing committer information for GitHub Advanced Security
+title: Viewing committer information for volume/subscription licenses for GitHub Advanced Security
 intro: 'You can view information about the {% data variables.product.prodname_GH_advanced_security %} committers for your enterprise and calculate the cost for additional committers with the site admin dashboard.'
-permissions: 'Site administrators can view committer information for {% data variables.product.prodname_GH_advanced_security %}.'
+allowTitleToDifferFromFilename: true
+permissions: 'Site administrators'
 product: '{% data reusables.gated-features.ghas-ghec %}'
 versions:
   ghes: '*'

content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md

@@ -1,8 +1,9 @@
 ---
-title: Viewing your GitHub Advanced Security usage
-intro: 'You can view usage of {% data variables.product.prodname_GH_advanced_security %} for your enterprise.'
-permissions: 'Enterprise owners can view usage for {% data variables.product.prodname_GH_advanced_security %}.'
-product: '{% data reusables.gated-features.ghas-ghec %}'
+title: Viewing and downloading licensed use of {% data variables.product.prodname_AS %}
+intro: 'You can view and download consumption of {% data variables.product.prodname_GH_advanced_security %} licenses by your {% data variables.enterprise.enterprise_or_org %}: volume/subscription licenses or metered usage.'
+allowTitleToDifferFromFilename: true
+permissions: '{% ifversion fpt %}Organization{% else %}Enterprise{% endif %} owners with {% data variables.product.prodname_AS %}'
+product: '{% data reusables.gated-features.ghas-billing %}'
 redirect_from:
   - /billing/managing-licensing-for-github-advanced-security/viewing-your-github-advanced-security-usage
   - /admin/advanced-security/viewing-your-github-advanced-security-usage
@@ -11,156 +12,154 @@ redirect_from:
   - /github/setting-up-and-managing-billing-and-payments-on-github/viewing-your-github-advanced-security-usage
   - /billing/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage
 versions:
+  fpt: '*'
   ghes: '*'
   ghec: '*'
 type: how_to
 topics:
   - Advanced Security
   - Enterprise
-shortTitle: View Advanced Security usage
+shortTitle: View or download GHAS license use
 ---
 
+{% ifversion ghec or ghes %}
+<!--For FPT version see separate procedure below-->
+
+## Viewing {% data variables.product.prodname_AS %} usage for your enterprise{% ifversion ghec %} account{% endif %}
+
+You can view the current license limits and usage for your enterprise.
+
+{% ifversion ghec %}
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.licensing-tab-both-platforms %}
+   * The "{% data variables.product.prodname_GHAS %}" section shows details of the licenses you currently **consume**.
+   * If you have a volume/subscription license, the number of licenses **available** to use is also displayed.
+   * If you run out of licenses, for volume/subscription only, the section is red and reports "Limit exceeded." You should either reduce your use or purchase more licenses.
+
+1. Optionally, to see a detailed breakdown of usage per organization{% ifversion secret-scanning-user-owned-repos %} and user namespace when using {% data variables.product.prodname_emus %}{% endif %}, in the "{% data variables.product.prodname_GHAS %}" section click **More details**.
+
+   In the "{% data variables.product.prodname_GHAS %}" section, you can see a summary of your current license usage, as well as the number of committers and unique committers for each organization{% ifversion secret-scanning-user-owned-repos %} and user namespace when using {% data variables.product.prodname_emus %}{% endif %}. The organizations{% ifversion secret-scanning-user-owned-repos %} and user namespaces{% endif %} in the billing table are sorted by the highest number of unique committers in descending order.
+
+1. Optionally, to see a detailed breakdown of usage by repositories within an organization, click an organization name to display the "Global code security settings" for the organization.
+
+   On the "Global code security settings" page, scroll to the "{% data variables.product.prodname_GH_advanced_security %} repositories" section to see a detailed breakdown of usage by repository for this organization. See [AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage).
+
+{% elsif ghes and security-configurations %}
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.license-tab %}
+
+   The "{% data variables.product.prodname_GHAS %}" section shows details of the current usage. You can see the total number of licenses used, as well as a table with the number of committers and unique committers for each organization.
+
+1. Optionally, to see a detailed breakdown of usage by repositories within an organization, click an organization name to display the "Global code security settings" for the organization.
+
+   On the "Global code security settings" settings page, scroll to the "{% data variables.product.prodname_GH_advanced_security %} repositories" section to see a detailed breakdown of usage by repository for this organization, see [AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage).
+
+{% elsif pre-security-configurations %}
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.license-tab %}
+
+   The "{% data variables.product.prodname_GHAS %}" section shows details of the current usage. You can see the total number of licenses used, as well as a table with the number of committers and unique committers for each organization.
+
+1. Optionally, to see a detailed breakdown of usage by repositories within an organization, click an organization name to display the "Security & analysis" for the organization.
+
+   * On the "Security & analysis" settings page, scroll to the "{% data variables.product.prodname_GH_advanced_security %} repositories" section to see a detailed breakdown of usage by repository for this organization. For more information, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization).
+{% endif %}
+
+{% endif %}
+
+{% ifversion fpt %}
+
+## Viewing {% data variables.product.prodname_AS %} usage for your organization account
+
+You can view the organization account's current license limits and usage.
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+{% data reusables.organizations.billing_plans_or_licensing %}
+
+   The "{% data variables.product.prodname_GHAS %}" section shows details of the current usage.
+
+{% endif %}
+
 {% ifversion enhanced-billing-platform %}
-
-{% data reusables.billing.enhanced-billing-platform-licenses %}
-
+> [!TIP]
+> If you have access to the new billing platform, see also [AUTOTITLE](/billing/using-the-new-billing-platform/gathering-insights-on-your-spending) and [AUTOTITLE](/billing/using-the-new-billing-platform/preventing-overspending).
 {% endif %}
 
-## About licenses for {% data variables.product.prodname_GH_advanced_security %}
+## Downloading {% data variables.product.prodname_AS %} license usage information
 
-Each license for {% data variables.product.prodname_GH_advanced_security %} specifies a maximum number of licenses that can use these features. Periodically you should check that your use is within your license capacity. For more information, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
+You can download a CSV file with {% data variables.product.prodname_GHAS %} license usage information at both the {% data variables.enterprise.enterprise_and_org %} level. The CSV file contains information about each {% data variables.product.prodname_AS %} license that is in use, including:
 
-{% ifversion ghas-committers-calculator %}
-You can estimate the number of licenses your enterprise would need to purchase {% data variables.product.prodname_GH_advanced_security %} or to enable {% data variables.product.prodname_GH_advanced_security %} for additional organizations and repositories. For more information, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-committer-information-for-github-advanced-security).
-{% endif %}
-
-{% ifversion security-configurations %}
-
-{% data reusables.security-configurations.managing-GHAS-licenses %}
-
-{% endif %}
-
-## Viewing {% data variables.product.prodname_GH_advanced_security %} license usage for your enterprise account
-
-You can view the enterprise account's current license limits and usage.
-
-{% ifversion ghec %}
-
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.license-tab %}
-   The "{% data variables.product.prodname_GH_advanced_security %}" section shows details of the current usage.
-
-   If you run out of licenses, the section will be red and show "Limit exceeded." You should either reduce your use of {% data variables.product.prodname_GH_advanced_security %} or purchase more licenses. For more information, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security#getting-the-most-out-of-github-advanced-security) and [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/managing-your-github-advanced-security-licensing).
-
-{% ifversion security-configurations %}
-      {% data reusables.security-configurations.managing-GHAS-licenses %}
-{% endif %}
-
-{% elsif ghes %}
-
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.license-tab %}
-   The "{% data variables.product.prodname_GH_advanced_security %}" section shows details of the current usage. You can see the total number of licenses used, as well as a table with the number of committers and unique committers for each organization.
-
-{% endif %}
-{%- ifversion ghec -%}
-1. Optionally, to see a detailed breakdown of usage per organization{% ifversion secret-scanning-user-owned-repos %} and user namespace when using {% data variables.product.prodname_emus %}{% endif %}, click {% octicon "credit-card" aria-hidden="true" %} **Billing & Licensing**.
-
-   In the “{% data variables.product.prodname_GH_advanced_security %}” section, you can see a summary of your current license usage, as well as the number of committers and unique committers for each organization{% ifversion secret-scanning-user-owned-repos %} and user namespace when using {% data variables.product.prodname_emus %}{% endif %}. The organizations{% ifversion secret-scanning-user-owned-repos %} and user namespaces{% endif %} in the billing table are sorted by the highest number of unique committers in descending order.
-{% endif %}
-1. Optionally, display the security and analysis settings for an organization.
-   * Click the name of the organization.
-
-{% ifversion ghec %}
-   * On the "{% data variables.product.UI_advanced_security_ent %}" settings page, scroll to the "{% data variables.product.prodname_GH_advanced_security %} repositories" section to see an overview of your organization's license usage, as well as a detailed breakdown of usage by repository for this organization.
-
-      For more information, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization).
-
-{% else %}
-   * On the "Security & analysis" settings page, scroll to the "{% data variables.product.prodname_GH_advanced_security %} repositories" section to see a detailed breakdown of usage by repository for this organization.
-
-  For more information, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization).
-
-{% ifversion security-configurations %}
-
-{% data reusables.security-configurations.managing-GHAS-licenses %}
-
-{% endif %}
-{% endif %}
-
-## Downloading {% data variables.product.prodname_GH_advanced_security %} license usage information
-
-You can download a CSV file with {% data variables.product.prodname_GH_advanced_security %} license usage information at both the enterprise and organization levels. The CSV file contains information about each {% data variables.product.prodname_advanced_security %} license that is in use, including:
-
-* The username of the person using the license
-* The {% data variables.product.prodname_advanced_security %}-enabled repositories where commits were made
+* The username of the person using the {% data variables.product.prodname_GHAS_cs_or_sp %} license
+* The {% data variables.product.prodname_GH_cs_and_sp %}-enabled repositories where commits were made
 * The organizations{% ifversion secret-scanning-user-owned-repos %}{% ifversion ghec %} and user namespaces for {% data variables.product.prodname_emus %}{% endif %}{% endif %} that people using licenses belong to
 * The most recent commit dates and associated email addresses
 
-You can use this information for insights into your {% data variables.product.prodname_advanced_security %} usage, such as which members of your enterprise are using an {% data variables.product.prodname_advanced_security %} license or how {% data variables.product.prodname_advanced_security %} licenses are being consumed across your organizations.
+You can use this information for insights into your {% data variables.product.prodname_AS %} usage, such as which members of your enterprise are using a license or how licenses are being consumed across your organizations.
 
-You can download the {% data variables.product.prodname_advanced_security %} license usage CSV through the {% data variables.product.github %} user interface or the REST API.
+You can download a CSV report of license usage through the {% data variables.product.github %} user interface or the REST API.
 
-### Downloading {% data variables.product.prodname_advanced_security %} license usage information through the UI
+### Downloading license usage information from the UI
 
-{% ifversion ghec %}
+{% ifversion fpt %}You can download a CSV report for a repository or an organization.{% endif %}
+{% ifversion ghec %}You can download a CSV report for a repository, an organization, or an enterprise.{% endif %}
 
-#### At the repository-level
+{% ifversion fpt or ghec %}
+
+#### For a repository
 
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}
 1. In the "Security" section of the sidebar, select the {% data variables.product.UI_advanced_security %} dropdown menu, then click **{% data variables.product.prodname_global_settings_caps %}**.
-1. In the "{% data variables.product.prodname_GH_advanced_security %} repositories" section, next to the repository you want usage information for, select {% octicon "kebab-horizontal" aria-label="GHAS repository actions" %}, then click **Download CSV report**.
+1. In the "{% data variables.product.prodname_GH_cs_or_sp %} repositories" section, next to the repository you want usage information for, select {% octicon "kebab-horizontal" aria-label="GHAS repository actions" %}, then click **Download CSV report**.
 
-   ![Screenshot of the committers by repository table. The horizontal kebab icon and "Download CSV report" button are highlighted with an orange outline.](/assets/images/help/billing/ghas-billing-table-repository-csv.png)
+   ![Screenshot of the table for {% data variables.product.prodname_GH_secret_protection %} usage. The horizontal kebab icon and "Download CSV report" button are outlined in orange.](/assets/images/help/billing/ghas-billing-table-repository-csv.png)
 
-{% endif %}
-
-{% ifversion ghec %}
-
-#### At the organization-level
+#### For an organization
 
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}
-{% data reusables.organizations.billing_plans %}
-1. Underneath "{% data variables.product.prodname_GH_advanced_security %}," next to "Committers", click **{% octicon "download" aria-hidden="true" %} CSV report**.
+1. In the "Access" section of the sidebar click **{% octicon "credit-card" aria-hidden="true" %} Billing & licensing** and then **Usage**.
+1. Filter the metered usage to show `product:ghas` and choose "Group: SKU".
+1. Optionally, use the "Time Frame" field to set the period to report on.
+1. Click **{% octicon "download" aria-hidden="true" %}Get usage report** to download the report.
+
 {% endif %}
 
 {% ifversion ghec %}
 
-#### At the enterprise-level
-
-{% endif %}
+#### For an enterprise
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+1. Click **{% octicon "credit-card" aria-hidden="true" %} Billing & licensing** to display an overview.
+
+   **License consumption:**
+   1. Click **{% octicon "law" aria-hidden="true" %} Licensing**.
+   1. Under "{% data variables.product.prodname_GHAS %}," click the **Download report** dropdown and then click either **{% octicon "download" aria-hidden="true" %} {% data variables.product.prodname_code_security %}** or **{% octicon "download" aria-hidden="true" %} {% data variables.product.prodname_secret_protection %}**.
+
+   **Metered usage:**
+   1. Scroll to the tabbed usage information at the bottom of the "Overview" page and click **{% data variables.product.prodname_AS %}** to show usage.
+   1. In the summary box, click "View details" to show metered usage for {% data variables.product.prodname_AS %} grouped by SKU.
+   1. Select a time frame and click **{% octicon "download" aria-hidden="true" %}Get usage report** to download a detailed report.
+
+{% elsif ghes %}
 
 {% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.license-tab %}
+1. Under "{% data variables.product.prodname_GHAS %}," click **{% octicon "download" aria-hidden="true" %} CSV report**.
 
-{%- ifversion ghec %}
-1. Under "{% data variables.product.prodname_GH_advanced_security %}," click the **Manage** dropdown and then click **Download report**.
-
-   ![Screenshot of the "Manage" dropdown in the {% data variables.product.prodname_GH_advanced_security %} licensing screen. The "Download Report" button is outlined in orange.](/assets/images/help/enterprises/ghas-download-report.png)
-
-{%- elsif ghes %}
-1. Under "{% data variables.product.prodname_GH_advanced_security %}," click **{% octicon "download" aria-hidden="true" %} CSV report** in the header of the "Committers" table.
-
-   ![Screenshot of the {% data variables.product.prodname_GH_advanced_security %} licensing screen. The "CSV Report" button is highlighted with an orange outline.](/assets/images/enterprise/ghas/download-csv-report-ghes-3.9.png)
-
-{%- else %}
-1. Under "{% data variables.product.prodname_GH_advanced_security %}," {% octicon "download" aria-label="The download icon" %} in the header of the "Committers" table.
-
-{%- endif %}
-
-### Downloading {% data variables.product.prodname_advanced_security %} license usage information through the REST API
-
-You can retrieve {% data variables.product.prodname_advanced_security %} usage information via the billing API.
-
-{% ifversion ghec %}
-
-For organization-level data, use the `/orgs/{org}/settings/billing/advanced-security` endpoint. For more information, see [AUTOTITLE](/rest/billing/billing#get-github-advanced-security-active-committers-for-an-organization).
+   ![Screenshot of the licensing screen. The "CSV Report" button is highlighted with an orange outline.](/assets/images/enterprise/ghas/download-csv-report-ghes-3.9.png)
 
 {% endif %}
 
-For enterprise-level data, use the `/enterprises/{enterprise}/settings/billing/advanced-security` endpoint. For more information, see [AUTOTITLE](/rest/enterprise-admin#get-github-advanced-security-active-committers-for-an-enterprise) in the {% data variables.product.prodname_dotcom %} REST API documentation.
+### Downloading {% data variables.product.prodname_AS %} license usage information through the REST API
+
+You can retrieve {% data variables.product.prodname_AS %} usage information via the billing API.
+
+{% ifversion fpt or ghec %}
+
+For organization-level data, use the `/organizations/{org}/settings/billing/usage` endpoint. For more information, see [AUTOTITLE](/rest/billing/enhanced-billing?apiVersion=2022-11-28).
+
+{% endif %}
+
+For enterprise-level data, use the `/enterprises/{enterprise}/settings/billing/usage` endpoint. For more information, see [AUTOTITLE](/enterprise-cloud@latest/rest/enterprise-admin/billing?apiVersion=2022-11-28#get-billing-usage-report-for-an-enterprise) in the {% data variables.product.prodname_ghe_cloud %} documentation.

content/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces.md

@@ -23,9 +23,7 @@ redirect_from:
 
 ## About {% data variables.product.prodname_github_codespaces %} pricing
 
-{% ifversion billing-auth-and-capture %}
 {% data reusables.billing.authorization-charge %}
-{% endif %}
 
 {% data reusables.codespaces.codespaces-free-for-personal-intro %}
 

content/billing/managing-billing-for-your-products/managing-billing-for-github-packages/about-billing-for-github-packages.md

@@ -20,12 +20,8 @@ shortTitle: About billing
 
 ## About billing for {% data variables.product.prodname_registry %}
 
-{% ifversion billing-auth-and-capture %}
-
 {% data reusables.billing.authorization-charge %}
 
-{% endif %}
-
 {% data reusables.package_registry.packages-billing %}
 
 {% data reusables.package_registry.packages-spending-limit-brief %} For more information, see [About spending limits](#about-spending-limits).

content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md

@@ -62,13 +62,21 @@ You can customize your {% data variables.product.prodname_codeql %} analysis by
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.user-settings.security-analysis %}
-1. Scroll down to the "{% data variables.product.prodname_code_scanning_caps %}" section, select **Set up** {% octicon "triangle-down" aria-hidden="true" %}, then click **Advanced**.
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+1. Scroll down to "{% data variables.product.UI_code_security_scanning %}", select **Set up** {% octicon "triangle-down" aria-hidden="true" %}, then click **Advanced**.
 
    > [!NOTE]
-   > If you are switching from default setup to advanced setup, in the "{% data variables.product.prodname_code_scanning_caps %}" section, select {% octicon "kebab-horizontal" aria-label="Menu" %}, then click **{% octicon "workflow" aria-hidden="true" %} Switch to advanced**. In the pop-up window that appears, click **Disable {% data variables.product.prodname_codeql %}**.
+   > If you are switching from default setup to advanced setup, in the "{% data variables.product.UI_code_security_scanning %}" section, select {% octicon "kebab-horizontal" aria-label="Menu" %}, then click **{% octicon "workflow" aria-hidden="true" %} Switch to advanced**. In the pop-up window that appears, click **Disable {% data variables.product.prodname_codeql %}**.
 
-   ![Screenshot of the "{% data variables.product.prodname_code_scanning_caps %}" section of "{% data variables.product.UI_advanced_security %}" settings. The "Advanced setup" button is highlighted with an orange outline.](/assets/images/help/security/advanced-code-scanning-setup.png)
+   {% ifversion ghas-products %}
+
+   ![Screenshot of the "{% data variables.product.UI_code_security_scanning %}" section of "{% data variables.product.UI_advanced_security %}" settings. The "Advanced setup" button is highlighted with an orange outline.](/assets/images/help/security/advanced-code-scanning-setup.png)
+
+   {% else %}
+
+    ![Screenshot of the "{% data variables.product.prodname_code_scanning_caps %}" section of "{% data variables.product.UI_advanced_security %}" settings. The "Advanced setup" button is highlighted with an orange outline.](/assets/images/help/security/advanced-code-scanning-setup-ghas.png)
+
+    {% endif %}
 
 1. To customize how {% data variables.product.prodname_code_scanning %} scans your code, edit the workflow.
 

content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md

@@ -44,7 +44,7 @@ For repositories that are not eligible for default setup, you can configure adva
 
 A repository must meet all the following criteria to be eligible for default setup, otherwise you need to use advanced setup.
 
-* {% ifversion fpt %}{% data variables.product.prodname_code_scanning_caps %}{% else %}Advanced setup for {% data variables.product.prodname_code_scanning %}{% endif %} is not already enabled.
+* Advanced setup for {% data variables.product.prodname_code_scanning %} is not already enabled.
 * {% data variables.product.prodname_actions %} are enabled.{% ifversion default-setup-pre-enablement %}
 * Uses Go, JavaScript/TypeScript, Python, or Ruby.{% endif %}
 {% data reusables.code-scanning.require-actions-ghcs %}

content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md

@@ -85,10 +85,18 @@ Compiled languages are not automatically included in default setup configuration
    > If you are configuring default setup on a fork, you must first enable {% data variables.product.prodname_actions %}. To enable {% data variables.product.prodname_actions %}, under your repository name, click **{% octicon "play" aria-hidden="true" %} Actions**, then click **I understand my workflows, go ahead and enable them**. Be aware that this will enable all existing workflows on your fork.
 
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.user-settings.security-analysis %}
-1. In the "{% data variables.product.prodname_code_scanning_caps %}" section, select **Set up** {% octicon "triangle-down" aria-hidden="true" %}, then click **Default**.
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+{% data reusables.repositories.code-scanning-enable %}
 
-   ![Screenshot of the "{% data variables.product.prodname_code_scanning_caps %}" section of "{% data variables.product.UI_advanced_security %}" settings. The "Default setup" button is highlighted with an orange outline.](/assets/images/help/security/default-code-scanning-setup.png)
+   {% ifversion ghas-products %}
+
+   ![Screenshot of the "{% data variables.product.UI_code_security_scanning %}" section of "{% data variables.product.UI_advanced_security %}" settings. The "Default setup" button is highlighted with an orange outline.](/assets/images/help/security/default-code-scanning-setup.png)
+
+   {% else %}
+
+   ![Screenshot of the "{% data variables.product.prodname_code_scanning_caps %}" section of "{% data variables.product.UI_advanced_security %}" settings. The "Default setup" button is highlighted with an orange outline.](/assets/images/help/security/default-code-scanning-setup-ghas.png)
+
+   {% endif %}
 
    You will then see a "{% data variables.product.prodname_codeql %} default configuration" dialog summarizing the {% data variables.product.prodname_code_scanning %} configuration automatically created by default setup.
 

content/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning.md

@@ -56,5 +56,5 @@ If {% data variables.product.prodname_copilot_autofix_short %} is allowed at the
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.user-settings.security-analysis %}
-1. In the "{% data variables.product.prodname_code_scanning_caps %}" section, deselect **{% data variables.product.prodname_copilot_autofix_short %}** or **{% data variables.product.prodname_copilot_autofix_short %} for third-party tools**.
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+1. In the "{% data variables.product.UI_code_security_scanning %}" section, deselect **{% data variables.product.prodname_copilot_autofix_short %}** or **{% data variables.product.prodname_copilot_autofix_short %} for third-party tools**.

content/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning.md

@@ -26,7 +26,7 @@ redirect_from:
 
 {% data variables.product.prodname_copilot_autofix_short %} is allowed by default and enabled for every repository using {% data variables.product.prodname_codeql %}, but you can choose to opt out and disable {% data variables.product.prodname_copilot_autofix_short %}. To learn how to disable {% data variables.product.prodname_copilot_autofix_short %} at the enterprise, organization and repository levels, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning).
 
-In an organization's security overview dashboard, you can view the total number of code suggestions generated on open and closed pull requests in the organization for a given time period. For more information, see {% ifversion ghas-products-cloud %}[AUTOTITLE](/code-security/security-overview/viewing-security-insights#autofix-suggestions){% elsif fpt %}[AUTOTITLE](/enterprise-cloud@latest/code-security/security-overview/viewing-security-insights#autofix-suggestions) in the {% data variables.product.prodname_ghe_cloud %} documentation{% endif %}.
+In an organization's security overview dashboard, you can view the total number of code suggestions generated on open and closed pull requests in the organization for a given time period. For more information, see [AUTOTITLE](/code-security/security-overview/viewing-security-insights#autofix-suggestions).
 
 ## Developer experience
 

content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md

@@ -29,8 +29,8 @@ If you need to change any other aspects of your {% data variables.product.prodna
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.user-settings.security-analysis %}
-1. In the "{% data variables.product.prodname_codeql %} analysis" row of the "{% data variables.product.prodname_code_scanning_caps %}" section, select {% octicon "kebab-horizontal" aria-label="Menu" %}, then click **{% octicon "gear" aria-hidden="true" %} View {% data variables.product.prodname_codeql %} configuration**.
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+1. In the "{% data variables.product.prodname_codeql %} analysis" row of the "{% data variables.product.UI_code_security_scanning %}" section, select {% octicon "kebab-horizontal" aria-label="Menu" %}, then click **{% octicon "gear" aria-hidden="true" %} View {% data variables.product.prodname_codeql %} configuration**.
 1. In the "{% data variables.product.prodname_codeql %} default configuration" window, click **{% octicon "pencil" aria-hidden="true" %} Edit**.
 1. Optionally, in the "Languages" section, select or deselect languages for analysis.
 1. Optionally, in the "Query suite" row of the "Scan settings" section, select a different query suite to run against your code.{% ifversion codeql-threat-models %}

content/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning.md

@@ -25,10 +25,9 @@ shortTitle: Enable delegated alert dismissal
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-code-security-and-analysis %}
-{% data reusables.repositories.navigate-to-ghas-settings %}
-
-1. Under "{% data variables.product.prodname_code_scanning_caps %}",  click **Enable** for "Prevent direct alert dismissals".
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghas-products %}{% else %}
+{% data reusables.repositories.navigate-to-ghas-settings %}{% endif %}
+1. Under "{% data variables.product.UI_code_security_scanning %}",  click **Enable** for "Prevent direct alert dismissals".
 
 ## Configuring delegated dismissal for an organization
 

content/code-security/code-scanning/troubleshooting-code-scanning/advanced-security-must-be-enabled.md

@@ -21,38 +21,44 @@ versions:
 403: {% data variables.product.prodname_GH_advanced_security %} is not enabled
 ```
 
-This error is reported if you try to run {% data variables.product.prodname_code_scanning %} in a repository where {% data variables.product.prodname_GH_advanced_security %} is not enabled or where use of this feature is blocked by a policy.
+This error is reported if you try to run {% data variables.product.prodname_code_scanning %} in a repository where {% data variables.product.prodname_GH_code_security %} is not enabled or where use of this feature is blocked by a policy.
 
-{% ifversion fpt or ghec %}You will only see this error for repositories with private or internal visibility. {% data variables.product.prodname_GH_advanced_security %} is enabled by default for all public repositories.{% endif %}
+{% ifversion fpt or ghec %}You will only see this error for repositories with private or internal visibility. {% data variables.product.prodname_GH_code_security %} is enabled by default for all public repositories.{% endif %}
+
+{% ifversion fpt %}
+If you are on a **{% data variables.product.prodname_free_team %}** or **{% data variables.product.prodname_pro %}** plan, you can only use {% data variables.product.prodname_code_scanning %} on repositories that are publicly available. To enable {% data variables.product.prodname_code_scanning %} for private or internal repositories, you must upgrade to {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %} with {% data variables.product.prodname_GH_code_security %} and enable {% data variables.product.prodname_code_security %} for the repository. For more information, see [AUTOTITLE](/get-started/learning-about-github/githubs-products#github-team) and [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
+{% endif %}
 
 ## Confirming the cause of the error
 
-{% ifversion fpt %}
-If you are on a free, pro, or team plan, you can only use {% data variables.product.prodname_code_scanning %} on repositories that are publicly available. To enable {% data variables.product.prodname_code_scanning %} for private or internal repositories, you must upgrade to GitHub Enterprise with {% data variables.product.prodname_GH_advanced_security %} and enable {% data variables.product.prodname_GH_advanced_security %} for the repository. For more information, see [AUTOTITLE](/get-started/learning-about-github/githubs-products#github-enterprise) and [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
-
-{% else %}
-
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.user-settings.security-analysis %}
-1. Scroll down to "{% data variables.product.prodname_GH_advanced_security %}."
-1. If there is an associated and active **Enable** button, {% data variables.product.prodname_GH_advanced_security %} is available for this repository but not yet enabled.
-1. If use of {% data variables.product.prodname_GH_advanced_security %} is blocked by a policy, the **Enable** button is inactive and the owner of the policy is listed.
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+1. On the settings page, scroll down to "{% data variables.product.prodname_code_security %}."
+1. If there is an associated and active **Enable** button, {% data variables.product.prodname_GH_code_security %} is available for this repository but not yet enabled.
+{% ifversion ghas-products %}
+1. If use of {% data variables.product.prodname_GH_code_security %} is blocked by a policy, "{% octicon "shield" aria-hidden="true" %} Disabled" is shown in place of the **Enable** button.
 
-   ![Screenshot of the "{% data variables.product.prodname_GH_advanced_security %}" setting. The owner of the enterprise policy and the inactive "Enable" button are outlined in orange.](/assets/images/help/repository/ghas-enterprise-policy-block.png)
+   !["Screenshot of the {% data variables.product.prodname_GH_advanced_security %}" setting. The disabled option is highlighted in dark orange.](/assets/images/help/repository/ghas-enterprise-policy-block.png)
+{% else %}
+1. If use of {% data variables.product.prodname_GH_code_security %} is blocked by a policy, the **Enable** button is inactive and the owner of the policy is listed.
+
+   !["Screenshot of the {% data variables.product.prodname_GH_advanced_security %}" setting. The enterprise policy owner and the inactive "Enable" button are highlighted in dark orange.](/assets/images/help/repository/ghas-enterprise-policy-block-ghas.png)
+{% endif %}
 
 ## Fixing the problem
 
-If {% data variables.product.prodname_GH_advanced_security %} is available to your repository, you can enable it on the settings page. If {% data variables.product.prodname_GH_advanced_security %} is blocked by a policy, you first need to request access.
+If {% data variables.product.prodname_GH_code_security %} is available to your repository, you can enable it on the settings page.
 
-### Requesting access to {% data variables.product.prodname_GH_advanced_security %}
+If {% data variables.product.prodname_GH_code_security %} is blocked by a policy, you first need to request access.
 
-1. In the "{% data variables.product.prodname_GH_advanced_security %}" settings, click the enterprise name to display a list of users with access to edit the policy that controls access to {% data variables.product.prodname_GH_advanced_security %}. For more information, see [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise#enforcing-a-policy-for-the-use-of-github-advanced-security-in-your-enterprises-organizations).
+### Requesting access to {% data variables.product.prodname_GH_code_security %}
+
+1. In the "{% data variables.product.prodname_code_security %}" settings, click the enterprise name to display a list of users with access to edit the policy that controls access to {% data variables.product.prodname_advanced_security %} products. For more information, see [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise#enforcing-a-policy-for-the-use-of-github-advanced-security-in-your-enterprises-organizations).
 1. Follow your company's policy for requesting access to additional features.
 
-### Enabling {% data variables.product.prodname_GH_advanced_security %}
+### Enabling {% data variables.product.prodname_GH_code_security %}
 
-1. In the "{% data variables.product.prodname_GH_advanced_security %}" settings, click **Enable**.
+1. Open the "Code security" settings page.
+1. Next to the "{% data variables.product.prodname_code_security %}" feature, click **Enable**.
 1. Rerun {% data variables.product.prodname_code_scanning %}.
-
-{% endif %}

content/code-security/code-scanning/troubleshooting-code-scanning/cannot-enable-codeql-in-a-private-repository.md

@@ -14,34 +14,34 @@ versions:
 ---
 
 {% ifversion fpt %}
-{% ifversion ghas-products-cloud %}
-If you are on a free or pro plan, you can only use {% data variables.product.prodname_code_scanning %} on repositories that are publicly available. To enable {% data variables.product.prodname_code_scanning %} for private or internal repositories, you must upgrade to {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %} with {% data variables.product.prodname_GH_code_security %} and enable {% data variables.product.prodname_GH_code_security %} for the repository. For more information, see [AUTOTITLE](/get-started/learning-about-github/githubs-products#github-team) and [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
-{% else %}
-If you are on a free, pro, or team plan, you can only use {% data variables.product.prodname_code_scanning %} on repositories that are publicly available. To enable {% data variables.product.prodname_code_scanning %} for private or internal repositories, you must upgrade to {% data variables.product.prodname_enterprise %} with {% data variables.product.prodname_GHAS %} and enable {% data variables.product.prodname_GHAS %} for the repository. For more information, see [AUTOTITLE](/get-started/learning-about-github/githubs-products#github-enterprise) and [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
+If you are on a **{% data variables.product.prodname_free_team %}** or **{% data variables.product.prodname_pro %}** plan, you can only use {% data variables.product.prodname_code_scanning %} on repositories that are publicly available. To enable {% data variables.product.prodname_code_scanning %} for private or internal repositories, you must upgrade to {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %} with {% data variables.product.prodname_GH_code_security %} and enable {% data variables.product.prodname_code_security %} for the repository. For more information, see [AUTOTITLE](/get-started/learning-about-github/githubs-products#github-team) and [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
 {% endif %}
-{% endif %}
-
-{% ifversion ghas-products-cloud or ghec or ghes %}
 
 ## Confirm whether {% data variables.product.prodname_GH_code_security %} is enabled
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.user-settings.security-analysis %}
-1. Scroll down to "{% data variables.product.prodname_GH_advanced_security %}."
-1. If there is an associated and active **Enable** button, {% data variables.product.prodname_GH_advanced_security %} is available for this repository but not yet enabled.
-1. If use of {% data variables.product.prodname_GH_advanced_security %} is blocked by a policy, the **Enable** button is inactive and the owner of the policy is listed.
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+1. On the settings page, scroll down to "{% data variables.product.prodname_code_security %}."
+1. If there is an associated and active **Enable** button, {% data variables.product.prodname_code_security %} is available for this repository but not yet enabled.
 
-   !["Screenshot of the {% data variables.product.prodname_GH_advanced_security %}" setting. The enterprise policy owner and the inactive "Enable" button are highlighted in dark orange.](/assets/images/help/repository/ghas-enterprise-policy-block.png)
+{% ifversion ghas-products %}
+1. If use of {% data variables.product.prodname_GH_code_security %} is blocked by a policy, "{% octicon "shield" aria-hidden="true" %} Disabled" is shown in place of the **Enable** button.
 
-### Requesting access to {% data variables.product.prodname_GH_advanced_security %}
+   !["Screenshot of the {% data variables.product.prodname_GH_advanced_security %}" setting. The disabled option is highlighted in dark orange.](/assets/images/help/repository/ghas-enterprise-policy-block.png)
+{% else %}
+1. If use of {% data variables.product.prodname_GH_code_security %} is blocked by a policy, the **Enable** button is inactive and the owner of the policy is listed.
 
-1. In the "{% data variables.product.prodname_GH_advanced_security %}" settings, click the enterprise or organization name to display a list of users with access to edit the policy that controls access to {% data variables.product.prodname_GH_advanced_security %}. For more information, see [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise#enforcing-a-policy-for-the-use-of-github-advanced-security-in-your-enterprises-organizations).
+   !["Screenshot of the {% data variables.product.prodname_GH_advanced_security %}" setting. The enterprise policy owner and the inactive "Enable" button are highlighted in dark orange.](/assets/images/help/repository/ghas-enterprise-policy-block-ghas.png)
+{% endif %}
+
+### Requesting access to {% data variables.product.prodname_GH_code_security %}
+
+1. In the "{% data variables.product.prodname_code_security %}" settings, click the enterprise or organization name to display a list of users with access to edit the policy that controls access to {% data variables.product.prodname_GH_code_security %}. For more information, see [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise#enforcing-a-policy-for-the-use-of-github-advanced-security-in-your-enterprises-organizations).
 1. Follow your company's policy for requesting access to additional features.
 
-### Enabling {% data variables.product.prodname_GH_advanced_security %}
+### Enabling {% data variables.product.prodname_GH_code_security %}
 
-1. In the "{% data variables.product.prodname_GH_advanced_security %}" settings, click **Enable**.
+1. Open the "Code security" settings page.
+1. Next to the "{% data variables.product.prodname_code_security %}" feature, click **Enable**.
 1. Rerun {% data variables.product.prodname_code_scanning %}.
-
-{% endif %}

content/code-security/code-scanning/troubleshooting-sarif-uploads/default-setup-enabled.md

@@ -31,8 +31,8 @@ You will only see this error for SARIF files that contain results created using
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.user-settings.security-analysis %}
-1. In the "{% data variables.product.prodname_code_scanning_caps %}" section of the page, next to "{% data variables.product.prodname_codeql %} analysis," click {% octicon "kebab-horizontal" aria-label="Menu" %}.
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+1. In the "{% data variables.product.UI_code_security_scanning %}" section of the page, next to "{% data variables.product.prodname_codeql %} analysis," click {% octicon "kebab-horizontal" aria-label="Menu" %}.
 1. If there is a **{% octicon "workflow" aria-hidden="true" %} Switch to advanced** option, default setup is enabled for the repository.
 
 ## Fixing the problem

content/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github.md

@@ -65,7 +65,7 @@ codeql github upload-results \
 
 | Option | Required | Usage |
 | ------ | :------: | ----- |
-| <code><span style="white-space: nowrap;">--repository</span></code> | {% octicon "check" aria-label="Required" %} | Specify the _OWNER/NAME_ of the repository to upload data to. The owner must be an organization{% ifversion ghas-products-cloud %}{% ifversion fpt or ghec %} within an enterprise, or on a team plan,{% endif %}{% endif %} with {% data variables.product.prodname_GH_code_security %} enabled for the repository{% ifversion fpt or ghec %}, unless the repository is public{% endif %}. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository). |
+| <code><span style="white-space: nowrap;">--repository</span></code> | {% octicon "check" aria-label="Required" %} | Specify the _OWNER/NAME_ of the repository to upload data to. The owner must be an organization{% ifversion fpt or ghec %} within an enterprise, or on a {% data variables.product.prodname_team %} plan,{% endif %} with {% data variables.product.prodname_GH_code_security %} enabled for the repository{% ifversion fpt or ghec %}, unless the repository is public{% endif %}. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository). |
 | <code><span style="white-space: nowrap;">--ref</span></code> | {% octicon "check" aria-label="Required" %} | Specify the name of the `ref` you checked out and analyzed so that the results can be matched to the correct code. For a branch use: `refs/heads/BRANCH-NAME`, for the head commit of a pull request use `refs/pull/NUMBER/head`, or for the {% data variables.product.prodname_dotcom %}-generated merge commit of a pull request use `refs/pull/NUMBER/merge`. |
 | <code><span style="white-space: nowrap;">--commit</span></code> | {% octicon "check" aria-label="Required" %} | Specify the full SHA of the commit you analyzed. |
 | <code><span style="white-space: nowrap;">--sarif</span></code> | {% octicon "check" aria-label="Required" %} | Specify the SARIF file to load. |

content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md

@@ -116,12 +116,7 @@ You can enable or disable {% data variables.product.prodname_dependabot_alerts %
 
 {% endif %}
 
-{% ifversion dependabot-alerts-enterprise-enablement %}
-
-> [!NOTE]
-> When {% data variables.product.prodname_dependabot_alerts %} are enabled or disabled at the enterprise level, it overrides the organization and repository level settings for {% data variables.product.prodname_dependabot_alerts %}.
-
-{% endif %}
+{% ifversion ghes < 3.16 %}
 
 {% ifversion dependabot-alerts-enterprise-enablement or ghes %}
 {% data reusables.enterprise-accounts.access-enterprise %}
@@ -130,3 +125,17 @@ You can enable or disable {% data variables.product.prodname_dependabot_alerts %
 1. In the "{% data variables.product.prodname_dependabot %}" section, to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Disable all** or **Enable all**.
 1. Optionally, select **Automatically enable for new repositories** to enable {% data variables.product.prodname_dependabot_alerts %} by default for your organizations' new repositories.
 {% endif %}
+
+{% ifversion dependabot-alerts-enterprise-enablement or security-configuration-enterprise-level %}
+
+> [!NOTE]
+> When {% data variables.product.prodname_dependabot_alerts %} are enabled or disabled at the enterprise level, it overrides the organization and repository level settings for {% data variables.product.prodname_dependabot_alerts %}.
+
+{% data variables.product.prodname_security_configurations_caps %}, which are collections of security settings,  allow you to manage {% data variables.product.prodname_dependabot_alerts %} for your enterprise. You can:
+
+* Use the {% data variables.product.prodname_github_security_configuration %}. This configuration is maintained by {% data variables.product.github %} and is a set of industry best practices and features that provide a robust, baseline security posture for enterprises. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/applying-the-github-recommended-security-configuration-to-your-enterprise).
+* Configure your own {% data variables.product.prodname_custom_security_configuration %} if you prefer the enablement settings to meet the specific security needs of your enterprise. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise).
+
+{% endif %}
+
+{% endif %}

content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md

@@ -71,7 +71,7 @@ The alert details page of alerts on development-scoped packages shows a "Tags" s
 
 {% data reusables.dependabot.where-to-view-dependabot-alerts %} You can sort and filter {% data variables.product.prodname_dependabot_alerts %} by selecting a filter from the dropdown menu.
 
-{% ifversion ghec or ghes %}To view summaries of alerts for all or a subset of repositories owned by your organization, use security overview. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview#about-security-overview-for-organizations).{% endif %}
+To view summaries of alerts for all or a subset of repositories owned by your organization, use security overview. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview#about-security-overview-for-organizations).
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-security %}

content/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules.md

@@ -44,7 +44,7 @@ The rule is enabled by default for public repositories and can be opted into for
 
 With {% data variables.dependabot.custom_rules %}, you can create your own rules to automatically dismiss or reopen alerts based on targeted metadata, such as severity, package name, CWE, and more. You can also specify which alerts you want {% data variables.product.prodname_dependabot %} to open pull requests for. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts).
 
-You can create custom rules from the **Settings** tab of the repository{% ifversion ghec or ghes %}, provided the repository belongs to an organization that has a license for {% ifversion ghas-products %}{% data variables.product.prodname_GH_code_security %} or {% endif %}{% data variables.product.prodname_GHAS %}{% endif %}. For more information, see [Adding custom auto-triage rules to your repository](/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts#adding-custom-auto-triage-rules-to-your-repository).
+You can create custom rules from the **Settings** tab of the repository, provided the repository belongs to an organization that has a license for {% data variables.product.prodname_GHAS_or_code_security %}. For more information, see [Adding custom auto-triage rules to your repository](/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts#adding-custom-auto-triage-rules-to-your-repository).
 
 ### About auto-dismissing alerts
 

content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md

@@ -1,6 +1,7 @@
 ---
 title: Customizing auto-triage rules to prioritize Dependabot alerts
 intro: 'You can create your own {% data variables.dependabot.auto_triage_rules_short %} to control which alerts are dismissed or snoozed, and which alerts you want {% data variables.product.prodname_dependabot %} to open pull requests for.'
+product: '{% data reusables.gated-features.dependabot-auto-triage-rules %}'
 permissions: '{% data reusables.permissions.dependabot-auto-triage-rules %}'
 versions:
   fpt: '*'
@@ -24,9 +25,9 @@ You can create your own {% data variables.dependabot.auto_triage_rules %} based
 
 Since any rules that you create apply to both future and current alerts, you can also use {% data variables.dependabot.auto_triage_rules_short %} to manage your {% data variables.product.prodname_dependabot_alerts %} in bulk.
 
-Repository administrators can create {% data variables.dependabot.custom_rules %} for their {% ifversion fpt %}public{% elsif ghec or ghes %}public, private, and internal{% endif %} repositories.
+Repository administrators can create {% data variables.dependabot.custom_rules %} for their repositories. {% ifversion fpt or ghec %}For private or internal repositories, this requires {% data variables.product.prodname_GH_code_security %}.{% elsif ghes %}This requires {% data variables.product.prodname_GH_code_security %}.{% endif %}
 
-Organization owners and security managers can set {% data variables.dependabot.custom_rules %} at the organization-level, and then choose if a rule is enforced or enabled across all public {% ifversion ghec %}and private {% endif %} repositories in the organization.
+Organization owners and security managers can set {% data variables.dependabot.custom_rules %} at the organization-level, and then choose if a rule is enforced or enabled across all public and private repositories in the organization.
 
    * **Enforced:** If an organization-level rule is "enforced", repository administrators cannot edit, disable, or delete the rule.
    * **Enabled:** If an organization-level rule is "enabled", repository administrators can still disable the rule for their repository.

content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md

@@ -57,7 +57,7 @@ You can also enable or disable {% data variables.product.prodname_dependabot_sec
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.repositories.navigate-to-code-security-and-analysis %}
-1. Under "{% data variables.product.UI_advanced_security %}", to the right of "{% data variables.product.prodname_dependabot %} security updates", click **Enable** to enable the feature or **Disable** to disable it. {% ifversion fpt or ghec %}For public repositories, the button is disabled if the feature is always enabled.{% endif %}
+1. To the right of "{% data variables.product.prodname_dependabot %} security updates", click **Enable** to enable the feature or **Disable** to disable it. {% ifversion fpt or ghec %}For public repositories, the button is disabled if the feature is always enabled.{% endif %}
 
 {% ifversion dependabot-grouped-security-updates-config %}
 
@@ -82,7 +82,7 @@ Repository administrators can enable or disable grouped security updates for the
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.repositories.navigate-to-code-security-and-analysis %}
-1. Under "{% data variables.product.UI_advanced_security %}", to the right of "Grouped security updates", click **Enable** to enable the feature or **Disable** to disable it.
+1. Under "{% ifversion ghas-products %}{% data variables.product.prodname_dependabot %}{% else %}{% data variables.product.UI_advanced_security %}{% endif %}", to the right of "Grouped security updates", click **Enable** to enable the feature or **Disable** to disable it.
 
 ### Enabling or disabling grouped {% data variables.product.prodname_dependabot_security_updates %} for an organization
 

content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md

@@ -43,7 +43,7 @@ You enable {% data variables.product.prodname_dependabot_version_updates %} by c
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.repositories.navigate-to-code-security-and-analysis %}
-1. Under "{% data variables.product.UI_advanced_security %}", to the right of "{% data variables.product.prodname_dependabot_version_updates %}", click **Enable** to open a basic `dependabot.yml` configuration file in the `.github` directory of your repository. {% data reusables.dependabot.link-to-yml-config-file %}
+1. Under "{% ifversion ghas-products %}{% data variables.product.prodname_dependabot %}{% else %}{% data variables.product.UI_advanced_security %}{% endif %}", to the right of "{% data variables.product.prodname_dependabot_version_updates %}", click **Enable** to open a basic `dependabot.yml` configuration file in the `.github` directory of your repository. {% data reusables.dependabot.link-to-yml-config-file %}
 {% else %}
 1. Create a `dependabot.yml` configuration file in the `.github` directory of your repository. You can use the snippet below as a starting point. {% data reusables.dependabot.link-to-yml-config-file %}
 {% endif %}
@@ -117,7 +117,7 @@ On a fork, you also need to explicitly enable {% data variables.product.prodname
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.repositories.navigate-to-code-security-and-analysis %}
-1. Under "{% data variables.product.UI_advanced_security %}", to the right of "{% data variables.product.prodname_dependabot_version_updates %}", click **Enable** to allow {% data variables.product.prodname_dependabot %} to initiate version updates.
+1. Under "{% ifversion ghas-products %}{% data variables.product.prodname_dependabot %}{% else %}{% data variables.product.UI_advanced_security %}{% endif %}", to the right of "{% data variables.product.prodname_dependabot_version_updates %}", click **Enable** to allow {% data variables.product.prodname_dependabot %} to initiate version updates.
 
 ## Checking the status of version updates
 

content/code-security/dependabot/maintain-dependencies/best-practices-for-maintaining-dependencies.md

@@ -109,7 +109,7 @@ By following these practices, you can significantly reduce the risk posed by out
 
 **Security overview**
 
-   * You can keep an eye on the dashboards on the security overview page, which provide  insights about your organization or enterprise's security landscape and progress. It helps users identify repositories that need attention and monitor the health of their application security program.{% ifversion ghec or ghes %} For example, you can see a summary of an organization's security risk, trends in detection, remediation, and prevention of security alerts, as well as the enablement status of {% data variables.product.github %}'s security features.{% endif %} For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview).
+   * You can keep an eye on the dashboards on the security overview page, which provide  insights about your organization or enterprise's security landscape and progress. It helps users identify repositories that need attention and monitor the health of their application security program. For example, you can see a summary of an organization's security risk, trends in detection, remediation, and prevention of security alerts, as well as the enablement status of {% data variables.product.github %}'s security features. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview).
 
 **Security policy**
 

content/code-security/getting-started/auditing-security-alerts.md

@@ -32,7 +32,7 @@ Many of the events in the timeline also create an event in the audit log, which
 
 Security overview consolidates information about security alerts and provides high-level summaries of the security status of your enterprise or organization.
 
-In security overview you can see repositories with open security alerts{% ifversion ghec or ghes %}, as well as which repositories have enabled specific security features{% endif %}. You can also use security overview to filter and sort security alerts using interactive views.
+In security overview you can see repositories with open security alerts, as well as which repositories have enabled specific security features. You can also use security overview to filter and sort security alerts using interactive views.
 
 For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview).
 

content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md

@@ -78,16 +78,23 @@ There are two forms of {% data variables.product.prodname_secret_scanning %} ava
   When enabled, {% data variables.secret-scanning.user_alerts %} can be detected on the following types of repository:{% ifversion fpt %}
    * Public repositories owned by personal accounts on {% data variables.product.prodname_dotcom_the_website %}
    * Public repositories owned by organizations
-   * Private and internal repositories owned by organizations using {% ifversion ghas-products-cloud %}{% data variables.product.prodname_team %} or {% endif %}{% data variables.product.prodname_ghe_cloud %}, with a license for {% data variables.product.prodname_GH_code_security %}{% elsif ghec %}
+   * Private and internal repositories owned by organizations using {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %}, with a license for {% data variables.product.prodname_GH_code_security %}{% elsif ghec %}
    * Public repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %}
    * Private and internal repositories when you have a license for {% data variables.product.prodname_GH_code_security %}{% endif %}
 {% endif %}
 
+{% ifversion ghas-products %}{% ifversion secret-risk-assessment %}
+
+> [!TIP]
+> Regardless of the enablement status of {% data variables.product.prodname_secret_scanning %} and push protection, organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %} can run a free report to scan the code in the organization for leaked secrets. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment).{% endif %}{% else %}
+
+{% endif %}
+
 {% ifversion ghes %}Your site administrator must enable {% data variables.product.prodname_secret_scanning %} for your instance before you can use this feature. For more information, see [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance).{% endif %}
 
 For more information about {% data variables.product.prodname_secret_scanning %}, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning).
 
-{% data reusables.secret-scanning.push-protection-high-level %} For more information, see [AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning).{% ifversion ghec or ghes %} Finally, you can also extend the detection to include custom secret string structures. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning).{% endif %}
+{% data reusables.secret-scanning.push-protection-high-level %} For more information, see [AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning). Finally, you can also extend the detection to include custom secret string structures. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning).
 
 ### Review the audit log for your organization
 

content/code-security/getting-started/dependabot-quickstart-guide.md

@@ -44,11 +44,12 @@ You need to follow the steps below on the repository you forked in [Prerequisite
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.repositories.navigate-to-code-security-and-analysis %}
-1. Under "{% data variables.product.UI_advanced_security %}", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Enable** for {% data variables.product.prodname_dependabot_alerts %}, {% data variables.product.prodname_dependabot_security_updates %}, and {% data variables.product.prodname_dependabot_version_updates %}.
-1. Optionally, if you are interested in experimenting with {% data variables.product.prodname_dependabot_version_updates %}, click **.github/dependabot.yml**. This will create a default `dependabot.yml` configuration file in the `/.github` directory of your repository. To enable {% data variables.product.prodname_dependabot_version_updates %} for your repository, you typically configure this file to suit your needs by editing the default file, and committing your changes. You can refer to the snippet provided in [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#example-dependabotyml-file) for an example.
+1. Under "{% data variables.product.prodname_dependabot %}", click **Enable** for {% data variables.product.prodname_dependabot_alerts %}, {% data variables.product.prodname_dependabot_security_updates %}, and {% data variables.product.prodname_dependabot_version_updates %}.
+1. If you clicked **Enable** for {% data variables.product.prodname_dependabot_version_updates %}, you can edit the default `dependabot.yml` configuration file that {% data variables.product.github %} creates for you in the `/.github` directory of your repository.
+   To enable {% data variables.product.prodname_dependabot_version_updates %} for your repository, you typically configure this file to suit your needs by editing the default file, and committing your changes. You can refer to the snippet provided in [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#example-dependabotyml-file) for an example.
 
 > [!NOTE]
-> If the dependency graph is not already enabled for the repository, {% data variables.product.prodname_dotcom %} will enable it automatically when you enable {% data variables.product.prodname_dependabot %}.
+> If the dependency graph is not already enabled for the repository, {% data variables.product.github %} will enable it automatically when you enable {% data variables.product.prodname_dependabot %}.
 
 For more information about configuring each of these {% data variables.product.prodname_dependabot %} features, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts), [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates), and [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates).
 

content/code-security/getting-started/github-security-features.md

@@ -1,6 +1,6 @@
 ---
 title: GitHub security features
-intro: 'An overview of {% data variables.product.prodname_dotcom %} security features.'
+intro: 'An overview of {% data variables.product.github %}''s security features.'
 versions:
   fpt: '*'
   ghes: '*'
@@ -14,67 +14,101 @@ topics:
   - Secret Protection
 ---
 
-## About {% data variables.product.prodname_dotcom %}'s security features
+## About {% data variables.product.github %}'s security features
 
-{% data variables.product.prodname_dotcom %} has security features that help keep code and secrets secure in repositories and across organizations. {% data reusables.advanced-security.security-feature-availability %}
+{% data variables.product.github %}'s security features help keep your code and secrets secure in repositories and across organizations.
 
-The {% data variables.product.prodname_advisory_database %} contains a curated list of security vulnerabilities that you can view, search, and filter. {% data reusables.security-advisory.link-browsing-advisory-db %}
+{% ifversion ghas-products %}
 
-## Available for all repositories
+{% ifversion fpt or ghec %}
+
+* Some features are available for all {% data variables.product.github %} plans.
+* Additional features are available to organizations {% ifversion ghec %}and enterprises{% endif %} on {% data variables.product.prodname_team %} and {% data variables.product.prodname_ghe_cloud %} that purchase a {% data variables.product.prodname_GHAS %} product:
+  * [{% data variables.product.prodname_GH_secret_protection %}](#available-with-github-secret-protection)
+  * [{% data variables.product.prodname_GH_code_security %}](#available-with-github-code-security)
+* In addition, a number of {% data variables.product.prodname_GH_secret_protection %} and {% data variables.product.prodname_GH_code_security %} features can be run on public repositories for free.{% endif %}
+
+{%- ifversion ghes %}
+
+* Some features are available for all repositories by default.
+* Additional features are available to enterprises that purchase a {% data variables.product.prodname_GHAS %} product:
+  * [{% data variables.product.prodname_GH_secret_protection %}](#available-with-github-secret-protection)
+  * [{% data variables.product.prodname_GH_code_security %}](#available-with-github-code-security){% endif %}
+
+{%- else %}
+* Some features are available for all {% data variables.product.github %} plans.
+* Additional features are available to enterprises that purchase {% data variables.product.prodname_GHAS %}.
+
+{% endif %}
+
+## Available for all {% data variables.product.github %} plans
+
+The following security features are available for you to use, regardless of the {% data variables.product.github %} plan you are on. {% ifversion ghas-products %}You don't need to purchase {% data variables.product.prodname_GH_cs_or_sp %} to use these features.{% endif %}
+
+{% ifversion fpt or ghec %}
+
+Most of these features are available for public{% ifversion ghec %}, internal,{% endif %} and private repositories.
+Some features are _only_ available for public repositories.
+
+{% endif %}
 
 ### Security policy
 
 Make it easy for your users to confidentially report security vulnerabilities they've found in your repository. For more information, see [AUTOTITLE](/code-security/getting-started/adding-a-security-policy-to-your-repository).
 
-### {% data variables.product.prodname_dependabot_alerts %} and security updates
-
-View alerts about dependencies that are known to contain security vulnerabilities, and choose whether to have pull requests generated automatically to update these dependencies. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)
-and [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).
-
-You can use default {% data variables.dependabot.auto_triage_rules %} curated by {% data variables.product.prodname_dotcom %} to automatically filter out a substantial amount of false positives. {% data reusables.dependabot.dismiss-low-impact-rule %}
-
-{% data reusables.dependabot.quickstart-link %}
-
-### {% data variables.product.prodname_dependabot_version_updates %}
-
-Use {% data variables.product.prodname_dependabot %} to automatically raise pull requests to keep your dependencies up-to-date. This helps reduce your exposure to older versions of dependencies. Using newer versions makes it easier to apply patches if security vulnerabilities are discovered, and also makes it easier for {% data variables.product.prodname_dependabot_security_updates %} to successfully raise pull requests to upgrade vulnerable dependencies. You can also customize {% data variables.product.prodname_dependabot_version_updates %} to streamline their integration into your repositories. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates).
-
 ### Dependency graph
 
 The dependency graph allows you to explore the ecosystems and packages that your repository depends on and the repositories and packages that depend on your repository.
 
 You can find the dependency graph on the **Insights** tab for your repository. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph).
 
-{% data reusables.dependency-graph.sbom-export %}
+### Software Bill of Materials (SBOM)
 
-{% ifversion security-overview-displayed-alerts %}
+You can export the dependency graph of your repository as an SPDX-compatible, Software Bill of Materials (SBOM). For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exporting-a-software-bill-of-materials-for-your-repository).
 
-### Security overview
+### {% data variables.product.prodname_advisory_database %}
 
-Security overview allows you to review the overall security landscape of your organization, view trends and other insights, and manage security configurations, making it easy to monitor your organization's security status and identify the repositories and organizations at greatest risk. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview).
+The {% data variables.product.prodname_advisory_database %} contains a curated list of security vulnerabilities that you can view, search, and filter. {% data reusables.security-advisory.link-browsing-advisory-db %}
 
-{% else %}
+### {% data variables.product.prodname_dependabot_alerts %} and security updates
 
-### Security overview for repositories
+View alerts about dependencies that are known to contain security vulnerabilities, and choose whether to have pull requests generated automatically to update these dependencies. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)
+and [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).
 
-Security overview shows which security features are enabled for the repository, and lets you configure any available security features that are not already enabled.
-{% endif %}
+You can also use default {% data variables.dependabot.auto_triage_rules %} curated by {% data variables.product.github %} to automatically filter out a substantial amount of false positives.
 
-{% ifversion fpt or ghec %}
+{% data reusables.dependabot.quickstart-link %}
 
-## Available for free public repositories
+### {% data variables.product.prodname_dependabot_version_updates %}
+
+Use {% data variables.product.prodname_dependabot %} to automatically raise pull requests to keep your dependencies up-to-date. This helps reduce your exposure to older versions of dependencies. Using newer versions makes it easier to apply patches if security vulnerabilities are discovered, and also makes it easier for {% data variables.product.prodname_dependabot_security_updates %} to successfully raise pull requests to upgrade vulnerable dependencies. You can also customize {% data variables.product.prodname_dependabot_version_updates %} to streamline their integration into your repositories. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates).
 
 {% ifversion fpt or ghec %}
 
 ### Security advisories
 
-Privately discuss and fix security vulnerabilities in your repository's code. You can then publish a security advisory to alert your community to the vulnerability and encourage community members to upgrade. For more information, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories).
+Privately discuss and fix security vulnerabilities in your public repository's code. You can then publish a security advisory to alert your community to the vulnerability and encourage community members to upgrade. For more information, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories).
 
 {% endif %}
 
-### {% data variables.secret-scanning.user_alerts_caps %}
+### Repository rulesets
 
-Automatically detect tokens or credentials that have been checked into a {% ifversion ghec %}user-owned {% endif %}public repository. You can view alerts for any secrets that {% data variables.product.company_short %} finds in your code, in the **Security** tab of the repository, so that you know which tokens or credentials to treat as compromised. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts#about-user-alerts).
+Enforce consistent code standards, security, and compliance across branches and tags. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets).
+
+{% ifversion fpt or ghec %}
+
+### Artifact attestations
+
+Create unfalsifiable provenance and integrity guarantees for the software you build. For more information, see [AUTOTITLE](/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds).
+
+{% ifversion fpt %}
+
+> [!NOTE]
+> If you are on a {% data variables.product.prodname_free_user %}, {% data variables.product.prodname_pro %}, or {% data variables.product.prodname_team %} plan, artifact attestations are only available for public repositories. To use artifact attestations in private or internal repositories, you must be on a {% data variables.product.prodname_ghe_cloud %} plan.{% endif %}
+
+### {% data variables.secret-scanning.partner_alerts_caps %}
+
+When {% data variables.product.github %} detects a leaked secret in a public repository, or a public npm packages, {% data variables.product.github %} informs the relevant service provider that the secret may be compromised. For details of the supported secrets and service providers, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets).
 
 {% ifversion secret-scanning-push-protection-for-users %}
 
@@ -84,42 +118,107 @@ Push protection for users automatically protects you from accidentally committin
 
 {% endif %}
 
-### {% data variables.secret-scanning.partner_alerts_caps %}
+{% endif %}
 
-Automatically detect leaked secrets across all public repositories, as well as public npm packages. {% data variables.product.company_short %} informs the relevant service provider that the secret may be compromised. For details of the supported secrets and service providers, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets).
+{% ifversion ghas-products %}
+
+## Available with {% data variables.product.prodname_GH_secret_protection %}
+
+For accounts on {% ifversion fpt or ghec %}{% data variables.product.prodname_team %} and {% data variables.product.prodname_ghe_cloud %}{% endif %}{% ifversion ghes %} {% data variables.product.prodname_ghe_server %}{% endif %}, you can access additional security features when you purchase **{% data variables.product.prodname_GH_secret_protection %}**.  
+
+{% data variables.product.prodname_GH_secret_protection %} includes features that help you detect and prevent secret leaks, such as {% data variables.product.prodname_secret_scanning %} and push protection.
+
+These features are available for all repository types. {% ifversion fpt or ghec %}Some of these features are available for public repositories free of charge, meaning that you don't need to purchase {% data variables.product.prodname_GH_secret_protection %} to enable the feature on a public repository.{% endif %}
+
+<!--Hiding information on setting up a trial for now, as there is no available link for fpt yet. Needs versioning for fpt, ghec and ghes.
+For information about how you can try {% data variables.product.prodname_GH_secret_protection %} for free, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security).
+-->
+
+{% else %}
+
+## Available with {% data variables.product.prodname_GHAS %}
+
+{% data variables.product.prodname_GHAS %} features are available for enterprises with a license for {% data variables.product.prodname_GHAS %}. The features are restricted to repositories owned by an organization.
 
 {% endif %}
 
-## Available with {% data variables.product.prodname_GH_advanced_security %}
+### {% data variables.secret-scanning.user_alerts_caps %}
 
-{% ifversion fpt %}
-The following {% data variables.product.prodname_GH_advanced_security %} features are available and free of charge for public repositories on {% data variables.product.prodname_dotcom %}. Organizations that use {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_advanced_security %} can use the full set of features in any of their repositories. For a list of the features available with {% data variables.product.prodname_ghe_cloud %}, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/getting-started/github-security-features#available-with-github-advanced-security).
+Automatically detect tokens or credentials that have been checked into a repository. You can view alerts for any secrets that {% data variables.product.github %} finds in your code, in the **Security** tab of the repository, so that you know which tokens or credentials to treat as compromised. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts#about-user-alerts).
 
-{% elsif ghec %}
-Many {% data variables.product.prodname_GH_advanced_security %} features are available and free of charge for public repositories on {% data variables.product.prodname_dotcom %}. Organizations within an enterprise that have a {% data variables.product.prodname_GH_advanced_security %} license can use the following features on all their repositories. {% data reusables.advanced-security.more-info-ghas %}
+{% data reusables.advanced-security.available-for-public-repos %}
 
-{% elsif ghes %}
-{% data variables.product.prodname_GH_advanced_security %} features are available for enterprises with a license for {% data variables.product.prodname_GH_advanced_security %}. The features are restricted to repositories owned by an organization. {% data reusables.advanced-security.more-info-ghas %}
+{% ifversion secret-scanning-ai-generic-secret-detection %}
+
+### {% data variables.secret-scanning.copilot-secret-scanning %}
+
+{% data variables.secret-scanning.copilot-secret-scanning %}'s generic secret detection is an AI-powered expansion of {% data variables.product.prodname_secret_scanning %} that identifies unstructured secrets (passwords) in your source code and then generates an alert. For more information, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).
 
 {% endif %}
 
-{% ifversion copilot-chat-ghas-alerts %}
+### Push protection
 
-With a {% data variables.product.prodname_copilot_enterprise %} license, you can also ask {% data variables.product.prodname_copilot_chat %} for help to better understand security alerts in repositories in your organization from {% data variables.product.prodname_GH_advanced_security %} features ({% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_secret_scanning %}, and {% data variables.product.prodname_dependabot_alerts %}). For more information, see [AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-questions-about-alerts-from-github-advanced-security-features).
+Push protection proactively scans your code, and any repository contributors' code, for secrets during the push process and blocks the push if any secrets are detected. If a contributor bypasses the block, {% data variables.product.github %} creates an alert. For more information, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).
+
+{% data reusables.advanced-security.available-for-public-repos %}
+
+{% ifversion push-protection-delegated-bypass %}
+
+### Delegated bypass for push protection
+
+Delegated bypass for push protection lets you control which individuals, roles and teams can bypass push protection, and implements a review and approval cycle for pushes containing secrets. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection).
 
 {% endif %}
 
-{% data reusables.advanced-security.ghas-trial %}
+### Custom patterns
+
+You can define custom patterns to identify secrets that are not detected by the default patterns supported by {% data variables.product.prodname_secret_scanning %}, such as patterns that are internal to your organization. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning).
+
+<!--Hiding security overview for earlier GHES versions, so it isn't duplicated below-->
+{% ifversion ghas-products %}
+
+### Security overview
+
+Security overview allows you to review the overall security landscape of your organization, view trends and other insights, and manage security configurations, making it easy to monitor your organization's security status and identify the repositories and organizations at greatest risk. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview).
+
+## Available with {% data variables.product.prodname_GH_code_security %}
+
+For accounts on {% ifversion fpt or ghec %}{% data variables.product.prodname_team %} and {% data variables.product.prodname_ghe_cloud %}{% endif %}{% ifversion ghes %} {% data variables.product.prodname_ghe_server %}{% endif %}, you can access additional security features when you purchase **{% data variables.product.prodname_GH_code_security %}**.  
+
+{% data variables.product.prodname_GH_code_security %} includes features that help you find and fix vulnerabilities, like {% data variables.product.prodname_code_scanning %}, premium {% data variables.product.prodname_dependabot %} features, and dependency review.
+
+These features are available for all repository types. {% ifversion fpt or ghec %}Some of these features are available for public repositories free of charge, meaning that you don't need to purchase {% data variables.product.prodname_GH_code_security %} to enable the feature on a public repository.{% endif %}
+
+<!--Hiding information on setting up a trial for now, as there is no available link for fpt yet. Needs versioning for fpt, ghec & ghes.
+
+For information about how you can try {% data variables.product.prodname_GH_code_security %} for free, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security).
+
+-->
+{% endif %}
 
 ### {% data variables.product.prodname_code_scanning_caps %}
 
 Automatically detect security vulnerabilities and coding errors in new or modified code. Potential problems are highlighted, with detailed information, allowing you to fix the code before it's merged into your default branch. For more information, see [AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning).
 
-### {% data variables.secret-scanning.user_alerts_caps %}
+{% data reusables.advanced-security.available-for-public-repos %}
 
-Automatically detect tokens or credentials that have been checked into a repository. You can view alerts for any secrets that {% data variables.product.company_short %} finds in your code, in the **Security** tab of the repository, so that you know which tokens or credentials to treat as compromised. {% data reusables.secret-scanning.alert-type-links %}
+### {% data variables.product.prodname_codeql_cli %}
 
-### {% data variables.dependabot.custom_rules_caps %}
+Run {% data variables.product.prodname_codeql %} processes locally on software projects or to generate {% data variables.product.prodname_code_scanning %} results for upload to {% data variables.product.github %}. For more information, see [AUTOTITLE](/code-security/codeql-cli/getting-started-with-the-codeql-cli/about-the-codeql-cli).
+
+{% data reusables.advanced-security.available-for-public-repos %}
+
+{% ifversion code-scanning-autofix %}
+
+### {% data variables.product.prodname_copilot_autofix_short %}
+
+Get automatically generated fixes for {% data variables.product.prodname_code_scanning %} alerts. For more information, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning).
+
+{% data reusables.advanced-security.available-for-public-repos %}
+
+{% endif %}
+
+### {% data variables.dependabot.custom_rules_caps %} for {% data variables.product.prodname_dependabot %}
 
 {% data reusables.dependabot.dependabot-custom-rules-ghas %}
 
@@ -127,18 +226,30 @@ Automatically detect tokens or credentials that have been checked into a reposit
 
 Show the full impact of changes to dependencies and see details of any vulnerable versions before you merge a pull request. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).
 
-{% ifversion security-overview-displayed-alerts %}<!--Section appears in non-GHAS features above-->
+{% data reusables.advanced-security.available-for-public-repos %}
 
-{% elsif fpt %}<!--Feature requires enterprise product-->
+{% ifversion security-campaigns %}
 
-{% else %}
+### Security campaigns
 
-### Security overview for organizations{% ifversion ghes %}, enterprises,{% endif %} and teams
+Fix security alerts at scale by creating security campaigns and collaborating with developers to reduce your security backlog. For more information, see [AUTOTITLE](/code-security/securing-your-organization/fixing-security-alerts-at-scale/about-security-campaigns).
+
+{% endif %}
+
+### Security overview
+
+Security overview allows you to review the overall security landscape of your organization, view trends and other insights, and manage security configurations, making it easy to monitor your organization's security status and identify the repositories and organizations at greatest risk. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview).
+
+{% ifversion copilot-chat-ghas-alerts %}
+
+## Leveraging {% data variables.product.prodname_copilot_chat %} to understand security alerts
+
+With a {% data variables.product.prodname_copilot_enterprise %} license, you can also ask {% data variables.product.prodname_copilot_chat %} for help to better understand security alerts in repositories in your organization from {% data variables.product.prodname_GHAS %} features ({% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_secret_scanning %}, and {% data variables.product.prodname_dependabot_alerts %}). For more information, see [AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-questions-about-alerts-from-github-advanced-security-features).
 
-Review the security configuration and alerts for your organization and identify the repositories at greatest risk. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview).
 {% endif %}
 
 ## Further reading
 
 * [AUTOTITLE](/get-started/learning-about-github/githubs-plans)
+* [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)
 * [AUTOTITLE](/get-started/learning-about-github/github-language-support)

content/code-security/getting-started/quickstart-for-securing-your-repository.md

@@ -22,7 +22,7 @@ shortTitle: Secure repository quickstart
 
 ## Introduction
 
-This guide shows you how to configure security features for a repository. You must be a repository administrator or organization owner to configure security settings for a repository.
+This guide shows you how to configure security features for a repository.
 
 Your security needs are unique to your repository, so you may not need to enable every feature for your repository. For more information, see [AUTOTITLE](/code-security/getting-started/github-security-features).
 
@@ -35,7 +35,7 @@ The first step to securing a repository is to establish who can see and modify y
 From the main page of your repository, click **{% octicon "gear" aria-hidden="true" %} Settings**, then scroll down to the "Danger Zone."
 
 * To change who can view your repository, click **Change visibility**. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility).
-* To change who can access your repository and adjust permissions, click **Manage access**. For more information, see[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-teams-and-people-with-access-to-your-repository).
+* To change who can access your repository and adjust permissions, click **Manage access**. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-teams-and-people-with-access-to-your-repository).
 
 ## Managing the dependency graph
 
@@ -62,13 +62,11 @@ For more information, see [AUTOTITLE](/code-security/supply-chain-security/under
 {% ifversion fpt or ghec %}
 1. Click your profile photo, then click **Settings**.
 1. Click **{% data variables.product.UI_advanced_security %}**.
-1. Click **Enable all** next to {% data variables.product.prodname_dependabot_alerts %}.
+1. Click **Enable** next to {% data variables.product.prodname_dependabot_alerts %}.
 {% endif %}
 
-{% ifversion dependabot-alerts-ghes-enablement %}
+{% ifversion ghes %}
 {% data reusables.dependabot.dependabot-alerts-enterprise-server-repo-org-enablement %}
-{% else %}
-{% data reusables.dependabot.dependabot-alerts-dependency-graph-enterprise %}
 {% endif %}
 
 For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts){% ifversion fpt or ghec %} and [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-security-and-analysis-settings-for-your-personal-account){% endif %}.
@@ -77,14 +75,16 @@ For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alert
 
 Dependency review lets you visualize dependency changes in pull requests before they are merged into your repositories. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).
 
-Dependency review is a {% data variables.product.prodname_GH_code_security %} feature. {% ifversion fpt or ghec %}Dependency review is already enabled for all public repositories. {% ifversion fpt %}Organizations that use {% ifversion ghas-products-cloud %}{% data variables.product.prodname_team %} or {% endif %}{% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_GH_code_security %} can additionally enable dependency review for private and internal repositories. For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/getting-started/quickstart-for-securing-your-repository#managing-dependency-review). {% endif %}{% endif %}{% ifversion ghec or ghes %}To enable dependency review for a {% ifversion ghec %}private or internal {% endif %}repository, ensure that the dependency graph is enabled and enable {% data variables.product.prodname_GH_code_security %}.
+Dependency review is a {% data variables.product.prodname_GH_code_security %} feature. {% ifversion fpt or ghec %}Dependency review is already enabled for all public repositories. Organizations that use {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_GH_code_security %} can additionally enable dependency review for private and internal repositories.{% endif %}
+
+To enable dependency review for a repository, ensure that the dependency graph is enabled and enable {% data variables.product.prodname_GH_code_security %}.
 
 1. From the main page of your repository, click **{% octicon "gear" aria-hidden="true" %} Settings**.
-1. Click **{% data variables.product.UI_advanced_security %}**.
-1. {% ifversion ghec %}If dependency graph is not already enabled, click **Enable**.{% elsif ghes %}Check that dependency graph is configured for your enterprise.{% endif %}
-1. If {% data variables.product.prodname_GH_advanced_security %} is not already enabled, click **Enable**.
-
-{% endif %}
+1. Click **{% data variables.product.UI_advanced_security %}**.{% ifversion fpt or ghec %}
+1. To the right of {% data variables.product.prodname_code_security %}, click **Enable**.
+1. Under {% data variables.product.prodname_code_security %}, check that dependency graph is enabled for the repository.
+   * For public repositories, dependency graph is always enabled.{% elsif ghes %}
+1. Check that dependency graph is configured for your enterprise.{% endif %}
 
 ## Managing {% data variables.product.prodname_dependabot_security_updates %}
 
@@ -110,29 +110,37 @@ You can enable {% data variables.product.prodname_dependabot %} to automatically
 To enable {% data variables.product.prodname_dependabot_version_updates %}, you must create a `dependabot.yml` configuration file. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates).
 {% endif %}
 
-## Configuring {% data variables.product.prodname_code_scanning %}
+## Configuring {% ifversion ghas-products %}{% data variables.product.prodname_code_security %}{% else %}{% data variables.product.prodname_code_scanning %}{% endif %}
 
 > [!NOTE]
-> {% data variables.product.prodname_code_scanning_caps %} is available {% ifversion fpt or ghec %}for all public repositories, and for private repositories owned by organizations that are part of {% ifversion ghas-products-cloud %}a team or {% endif %}an enterprise with a license for {% else %}for organization-owned repositories if your enterprise uses {% endif %}{% data variables.product.prodname_GH_code_security %}.
+> {% ifversion ghas-products %}{% data variables.product.prodname_code_security %} features are available {% else %}{% data variables.product.prodname_code_scanning_caps %} is available {% endif %}{% ifversion fpt or ghec %}for all public repositories, and for private repositories owned by organizations that are part of a team or an enterprise that uses {% else %}for organization-owned repositories if your enterprise uses {% endif %}{% data variables.product.prodname_GH_code_security %}.
 
-You can configure {% data variables.product.prodname_code_scanning %} to automatically identify vulnerabilities and errors in the code stored in your repository by using a {% data variables.code-scanning.codeql_workflow %} or third-party tool. Depending on the programming languages in your repository, you can configure {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %} using default setup, in which {% data variables.product.prodname_dotcom %} automatically determines the languages to scan, query suites to run, and events that will trigger a new scan. For more information, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning).
+{% ifversion ghas-products %}{% data variables.product.prodname_GH_code_security %} includes {% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_codeql_cli %} and {% data variables.product.prodname_copilot_autofix_short %}, as well as other features that find and fix vulnerabilities in your codebase.{% endif %}
+
+You can configure {% data variables.product.prodname_code_scanning %} to automatically identify vulnerabilities and errors in the code stored in your repository by using a {% data variables.code-scanning.codeql_workflow %} or third-party tool. Depending on the programming languages in your repository, you can configure {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %} using default setup, in which {% data variables.product.github %} automatically determines the languages to scan, query suites to run, and events that will trigger a new scan. For more information, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning).
 
 1. From the main page of your repository, click **{% octicon "gear" aria-hidden="true" %} Settings**.
-1. In the "Security" section of the sidebar, click **{% octicon "shield-lock" aria-hidden="true" %} {% data variables.product.UI_advanced_security %}**.
-1. In the "{% data variables.product.prodname_code_scanning_caps %}" section, select **Set up** {% octicon "triangle-down" aria-hidden="true" %}, then click **Default**.
-1. In the pop-up window that appears, review the default configuration settings for your repository, then click **Enable {% data variables.product.prodname_codeql %}**.
+1. In the "Security" section of the sidebar, click **{% octicon "shield-lock" aria-hidden="true" %} {% data variables.product.UI_advanced_security %}**.{% ifversion ghas-products %}
+1. If "{% data variables.product.prodname_code_security %}" is not already enabled, click **Enable**.
+1. Under "{% data variables.product.prodname_code_security %}", to the right of "CodeQL analysis", select **Set up** {% octicon "triangle-down" aria-hidden="true" %}, then click **Default**.{% else %}
+1. In the "{% data variables.product.prodname_code_scanning_caps %}" section, select **Set up** {% octicon "triangle-down" aria-hidden="true" %}, then click **Default**.{% endif %}
+1. In the pop-up window that appears, review the default configuration settings for your repository, then click **Enable {% data variables.product.prodname_codeql %}**.{% ifversion code-scanning-autofix %}
+1. Choose whether you want to enable addition features, such as {% data variables.product.prodname_copilot_autofix_short %}.{% endif %}
 
-Alternatively, you can use advanced setup, which generates a workflow file you can edit to customize your {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %}. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning#configuring-advanced-setup-for-code-scanning-with-codeql).
+As an alternative to default setup, you can use advanced setup, which generates a workflow file you can edit to customize your {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %}. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning#configuring-advanced-setup-for-code-scanning-with-codeql).
 
-## Configuring {% data variables.product.prodname_secret_scanning %}
+## Configuring {% ifversion ghas-products %}{% data variables.product.prodname_secret_protection %}{% else %}{% data variables.product.prodname_secret_scanning %}{% endif %}
 
-{% data reusables.gated-features.secret-scanning %}
+> [!NOTE]
+> {% ifversion ghas-products %}{% data variables.product.prodname_secret_protection %} features are available {% else %}{% data variables.product.prodname_secret_scanning_caps %} is available {% endif %}{% ifversion fpt or ghec %}for all public repositories, and for user-owned and organization-owned repositories that are part of a team or an enterprise that uses {% else %}for organization-owned repositories if your enterprise uses {% endif %}{% data variables.product.prodname_GH_secret_protection %}.
+
+{% ifversion ghas-products %}{% data variables.product.prodname_GH_secret_protection %} includes {% data variables.product.prodname_secret_scanning %} and push protection, as well as other features that help you detect and prevent secret leaks in your repository.{% endif %}
 
 1. From the main page of your repository, click **{% octicon "gear" aria-hidden="true" %} Settings**.
 1. Click **{% data variables.product.UI_advanced_security %}**.
-{% ifversion ghec or ghes %}
-1. If {% data variables.product.prodname_GH_advanced_security %} is not already enabled, click **Enable**.{% endif %}
-1. Next to {% data variables.product.prodname_secret_scanning_caps %}, click **Enable**.
+1. If {% data variables.product.prodname_secret_protection %} is not already enabled, click **Enable**.{% ifversion ghes < 3.17 %}
+1. Next to {% data variables.product.prodname_secret_scanning_caps %}, click **Enable**.{% endif %}{% ifversion ghas-products %}
+1. Choose whether you want to enable additional features, such as validity checks, scanning for non-provider patterns, and push protection.{% endif %}
 
 ## Setting a security policy
 
@@ -149,7 +157,7 @@ For more information, see [AUTOTITLE](/code-security/getting-started/adding-a-se
 
 You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts), [AUTOTITLE](/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates), [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository), and [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning).
 
-You can also use {% data variables.product.prodname_dotcom %}'s tools to audit responses to security alerts. For more information, see [AUTOTITLE](/code-security/getting-started/auditing-security-alerts).
+You can also use {% data variables.product.github %}'s tools to audit responses to security alerts. For more information, see [AUTOTITLE](/code-security/getting-started/auditing-security-alerts).
 
 {% ifversion fpt or ghec %}If you have a security vulnerability in a public repository, you can create a security advisory to privately discuss and fix the vulnerability. For more information, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories) and [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory).
 {% endif %}

content/code-security/index.md

@@ -7,6 +7,7 @@ redirect_from:
 introLinks:
   overview: /code-security/getting-started/github-security-features
   try_ghas_for_free: '{% ifversion ghec %}/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security{% endif %}'
+  generate_secret_risk_assessment_report_for_free: '{% ifversion secret-risk-assessment %}/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization{% endif %}'
 featuredLinks:
   startHere: # Links aimed at the builder audience
     - /code-security/getting-started/quickstart-for-securing-your-repository
@@ -20,6 +21,7 @@ featuredLinks:
     - /code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates
     - /code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates
   popular: # Links aimed at the driver audience
+    - '{% ifversion secret-risk-assessment %}/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment{% endif %}'
     - '{% ifversion ghes %}/admin/release-notes{% endif %}'
     - /code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/about-coordinated-disclosure-of-security-vulnerabilities
     - /code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization

content/code-security/secret-scanning/copilot-secret-scanning/enabling-ai-powered-generic-secret-detection.md

@@ -21,7 +21,7 @@ redirect_from:
 
 {% data reusables.secret-scanning.generic-secret-detection-policy-note %}
 
-You can then enable {% data variables.secret-scanning.generic-secret-detection %} in the security settings page of your repository or organization.
+You can enable {% data variables.secret-scanning.generic-secret-detection %} in the security settings page of your repository or organization.
 
 {% data reusables.secret-scanning.copilot-secret-scanning-generic-secrets-subscription-note %}
 
@@ -30,15 +30,14 @@ You can then enable {% data variables.secret-scanning.generic-secret-detection %
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.repositories.navigate-to-code-security-and-analysis %}
-{% data reusables.repositories.navigate-to-ghas-settings %}
-1. Under "Secret scanning", select the checkbox next to "Scan for generic secrets".
+1. Under "{% data variables.product.prodname_secret_protection %}", to the right of "Scan for generic passwords", click **Enable**.
 
 ### Enabling {% data variables.secret-scanning.generic-secret-detection %} for your organization
 
 You must configure {% data variables.secret-scanning.generic-secret-detection %} for your organization using a {% data variables.product.prodname_custom_security_configuration %}. You can then apply the {% data variables.product.prodname_security_configuration %} to all (or selected) repositories in your organization.
 
 1. Create a new {% data variables.product.prodname_custom_security_configuration %}, or edit an existing one. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration#creating-a-custom-security-configuration).
-1. When creating the custom security configuration, under "{% data variables.product.prodname_secret_scanning_caps %}", ensure that the dropdown menus for "Alerts" and "Generic secrets" are set to **Enabled**.
+1. When creating the custom security configuration, ensure that "{% data variables.product.prodname_secret_protection %}" is set to **Enabled**, and that the dropdown menu for "Scan for generic secrets" is also set to **Enabled**.
 1. Apply the {% data variables.product.prodname_custom_security_configuration %} to one or more repositories. For more information, see [Applying a {% data variables.product.prodname_custom_security_configuration %}](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/applying-a-custom-security-configuration).
 
 For information on how to view alerts for generic secrets that have been detected using AI, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts).

content/code-security/secret-scanning/copilot-secret-scanning/generating-regular-expressions-for-custom-patterns-with-copilot-secret-scanning.md

@@ -25,8 +25,7 @@ redirect_from:
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.repositories.navigate-to-code-security-and-analysis %}
-{% data reusables.repositories.navigate-to-ghas-settings %}
-{% data reusables.advanced-security.secret-scanning-new-custom-pattern %}
+1. Under "{% data variables.product.prodname_secret_protection %}", under "Custom patterns", click **New pattern**.
 {% data reusables.advanced-security.secret-scanning-generate-regular-expression-custom-pattern %}
 1. When you're ready to test your new custom pattern, to identify matches in the repository without creating alerts, click **Save and dry run**.
 {% data reusables.advanced-security.secret-scanning-dry-run-results %}

content/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-regex-generator.md

@@ -6,7 +6,6 @@ product: '{% data reusables.rai.secret-scanning.copilot-secret-scanning-gated-fe
 allowTitleToDifferFromFilename: true
 versions:
   feature: secret-scanning-custom-pattern-ai-generated
-  fpt: '*'
 type: rai
 topics:
   - Secret Protection
@@ -43,7 +42,7 @@ The model returns up to three regular expressions for you to review. You can cli
 
 Some results may be quite similar, and some results may not find every instance of the secret that the pattern is intended to detect. It is also possible that the regular expression generator may produce results which are invalid or inappropriate.
 
-When you click **Use result** on a regular expression, the expression and any examples inputted will be copied over to the main custom pattern form. There, you can perform a dry run of the pattern to see how it performs across your repository or organization.{% ifversion secret-scanning-custom-pattern-ai-generated %} For more information on how to define a custom pattern for your repository or organization, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning). {% endif %}
+When you click **Use result** on a regular expression, the expression and any examples inputted will be copied over to the main custom pattern form. There, you can perform a dry run of the pattern to see how it performs across your repository or organization. For more information on how to define a custom pattern for your repository or organization, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning).
 
 ## Improving performance when generating regular expressions with AI
 
@@ -61,24 +60,14 @@ Also, the model used by the {% data variables.secret-scanning.custom-pattern-reg
 
 Note that {% data variables.secret-scanning.copilot-secret-scanning %}'s {% data variables.secret-scanning.custom-pattern-regular-expression-generator %} is only suitable for creating regular expressions to detect structured patterns.
 
-{% ifversion secret-scanning-custom-pattern-ai-generated %}
-
 ## Next steps
 
 * [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/generating-regular-expressions-for-custom-patterns-with-copilot-secret-scanning)
 * [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)
-{% endif %}
 
 ## Further reading
 
-{% ifversion ghas-products-cloud %}
-<!-- Nothing to show because the bullets controlled by the feature version below will be visible to fpt -->
-{% elsif fpt %}
 * [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)
 * [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)
-{% endif %}
-
-{% ifversion secret-scanning-custom-pattern-ai-generated %}
 * [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning)
 * [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)
-{% endif %}

content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md

@@ -16,11 +16,11 @@ topics:
 
 ## About enabling push protection
 
-To enable push protection for a repository, you must first enable {% data variables.product.prodname_secret_scanning %}. You can then enable push protection in the repository's "{% data variables.product.UI_advanced_security %}" settings page following the steps outlined in this article.
+To enable push protection for a repository, you must first enable {% ifversion ghas-products %}{% data variables.product.prodname_secret_protection %}{% else %}{% data variables.product.prodname_secret_scanning %}{% endif %}. You can then enable push protection in the repository's "{% data variables.product.UI_advanced_security %}" settings page following the steps outlined in this article.
 
 {% ifversion secret-scanning-push-protection-for-users %}
 
-You can additionally enable push protection for your own personal account, which prevents you from pushing secrets to _any_ public repository on {% data variables.product.prodname_dotcom %}. For more information, see [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users).
+You can additionally enable push protection for your own personal account, which prevents you from pushing secrets to _any_ public repository on {% data variables.product.github %}. For more information, see [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users).
 
 {% endif %}
 
@@ -50,9 +50,10 @@ If your organization is owned by an enterprise account, an enterprise owner can
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghas-products %}
+1. Under "{% data variables.product.prodname_secret_protection %}", to the right of "Push Protection", click **Enable**.{% else %}
 {% data reusables.repositories.navigate-to-ghas-settings %}
-{% data reusables.advanced-security.secret-scanning-push-protection-repo %}
+{% data reusables.advanced-security.secret-scanning-push-protection-repo %}{% endif %}
 
 ## Further reading
 

content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository.md

@@ -20,12 +20,10 @@ topics:
 
 {% data variables.secret-scanning.user_alerts_caps %} can be enabled on any free public repository that you own.
 
-{% endif %}{% ifversion ghec or ghes %}
+{% endif %}
 
 {% data variables.secret-scanning.user_alerts_caps %} can be enabled for any repository that is owned by an organization{% ifversion secret-scanning-user-owned-repos %}, and for repositories owned by user accounts when using {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_emus %}{% endif %}.
 
-{% endif %}
-
 {% ifversion security-configurations %}
 
 If you're an organization owner, you can enable {% data variables.product.prodname_secret_scanning %} for multiple repositories at a time using {% data variables.product.prodname_security_configurations %}. For more information, see [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale).
@@ -48,15 +46,16 @@ If your organization is owned by an enterprise account, an enterprise owner can
 
 ## Enabling {% data variables.secret-scanning.user_alerts %}
 
+{% ifversion ghas-products %}
+{% data variables.secret-scanning.user_alerts_caps %} are enabled when you enable {% data variables.product.prodname_secret_protection %} for your repository.
+{% endif %}
+
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghec or ghes %}
-1. If {% data variables.product.prodname_advanced_security %} is not already enabled for the repository, to the right of "{% data variables.product.prodname_GH_advanced_security %}", click **Enable**.
-1. Review the impact of enabling {% data variables.product.prodname_advanced_security %}, then click **Enable {% data variables.product.prodname_GH_advanced_security %} for this repository**.
-1. When you enable {% data variables.product.prodname_advanced_security %}, {% data variables.product.prodname_secret_scanning %} may automatically be enabled for the repository due to the organization's settings. If "{% data variables.product.prodname_secret_scanning_caps %}" is shown with an **Enable** button, you still need to enable {% data variables.product.prodname_secret_scanning %} by clicking **Enable**. If you see a **Disable** button, {% data variables.product.prodname_secret_scanning %} is already enabled.
-
-   ![Screenshot of the "{% data variables.product.prodname_secret_scanning_caps %}" section of the "{% data variables.product.UI_advanced_security %}" page, with the "Enable" button highlighted in a dark orange outline.](/assets/images/help/repository/enable-secret-scanning-alerts.png){% endif %}{% ifversion fpt %}
-1. Scroll down to the bottom of the page, and click **Enable** for {% data variables.product.prodname_secret_scanning %}. If you see a **Disable** button, it means that {% data variables.product.prodname_secret_scanning %} is already enabled for the repository.
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghas-products %}
+1. To the right of "{% data variables.product.prodname_secret_protection %}", click **Enable**.
+1. Review the impact of enabling {% data variables.product.prodname_secret_protection %}, then click **Enable {% data variables.product.prodname_secret_protection %}**.{% elsif ghes < 3.17 %}
+1. When you enable {% data variables.product.prodname_AS %}, {% data variables.product.prodname_secret_scanning %} may automatically be enabled for the repository due to the organization's settings. If "{% data variables.product.prodname_secret_scanning_caps %}" is shown with an **Enable** button, you still need to enable {% data variables.product.prodname_secret_scanning %} by clicking **Enable**. If you see a **Disable** button, {% data variables.product.prodname_secret_scanning %} is already enabled.
 
    ![Screenshot of the "{% data variables.product.prodname_secret_scanning_caps %}" section of the "{% data variables.product.UI_advanced_security %}" page, with the "Enable" button highlighted in a dark orange outline.](/assets/images/help/repository/enable-secret-scanning-alerts.png){% endif %}
 

content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository.md

@@ -33,8 +33,9 @@ For more information on using validity checks, see [AUTOTITLE](/code-security/se
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-code-security-and-analysis %}
-{% data reusables.secret-scanning.validity-check-auto-enable %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghas-products %}
+1. Under "{% data variables.product.prodname_secret_protection %}", to the right of "Validity checks", click **Enable**.{% else %}
+{% data reusables.secret-scanning.validity-check-auto-enable %}{% endif %}
 
 You can also use the REST API to enable validity checks for partner patterns for your repository. For more information, see [AUTOTITLE](/rest/repos/repos#update-a-repository).
 

content/code-security/secret-scanning/introduction/about-push-protection.md

@@ -34,6 +34,13 @@ You can enable push protection:
 
 {% endif %}
 
+{% ifversion ghas-products %}{% ifversion secret-risk-assessment %}
+
+> [!TIP]
+> Regardless of the enablement status of push protection, organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %} can run a free report to scan the code in the organization for leaked secrets. The report also tells you how many secret leaks in your organization could have been prevented by push protection. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment).{% endif %}{% else %}
+
+{% endif %}
+
 For information about the secrets and service providers supported by push protection, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets).
 
 Push protection has some limitations. For more information, see [AUTOTITLE](/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/troubleshooting-secret-scanning#push-protection-limitations).
@@ -69,7 +76,7 @@ By default, anyone with write access to the repository can choose to bypass push
 
 * **Integration with CI/CD pipelines:** Push Protection can be integrated into your Continuous Integration/Continuous Deployment (CI/CD) pipelines, ensuring that every push is scanned for secrets before it gets deployed. This adds an extra layer of security to your DevOps practices.
 
-{% ifversion secret-scanning-push-protection-custom-patterns %}* **Ability to detect custom patterns:** Organizations can define custom patterns for detecting secrets unique to their environment. This customization ensures that push Protection can effectively identify and block even non-standard secrets.{% endif %}
+* **Ability to detect custom patterns:** Organizations can define custom patterns for detecting secrets unique to their environment. This customization ensures that push Protection can effectively identify and block even non-standard secrets.
 
 {% ifversion push-protection-delegated-bypass %}* **Delegated bypass for flexibility:** For cases where false positives occur or when certain patterns are necessary, the delegated bypass feature allows designated users to approve specific pushes. This provides flexibility without compromising overall security.{% endif %}
 
@@ -87,14 +94,10 @@ Once push protection is enabled, you can customize it further:
 
 Integrate push protection with your Continuous Integration/Continuous Deployment (CI/CD) pipelines to ensure that it runs scans during automated processes. This typically involves adding steps in your pipeline configuration file to call GitHub's APIs or using {% data variables.product.prodname_actions %}.
 
-{% ifversion secret-scanning-push-protection-custom-patterns %}
-
 ### Define custom patterns
 
 Define custom patterns that push protection can use to identify secrets and block pushes containing these secrets. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning).
 
-{% endif %}
-
 {% ifversion push-protection-delegated-bypass %}
 
 ### Configure delegated bypass
@@ -107,6 +110,6 @@ Define contributors who can bypass push protection and add an approval process f
 
 * [AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository)
 * [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line)
-* [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui){% ifversion secret-scanning-push-protection-custom-patterns %}
-* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning){% endif %}{% ifversion push-protection-delegated-bypass %}
+* [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui)
+* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning){% ifversion push-protection-delegated-bypass %}
 * [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection){% endif %}

content/code-security/secret-scanning/introduction/about-secret-scanning.md

@@ -26,12 +26,16 @@ shortTitle: Secret scanning
 
 <!-- expires 2025-04-04 -->
 
-{% data variables.product.prodname_secret_scanning_caps %} scans your entire Git history on all branches present in your {% data variables.product.prodname_dotcom %} repository for secrets{% ifversion ghec or ghes %}, even if the repository is archived{% endif %}. {% data variables.product.prodname_dotcom %} will also periodically run a full Git history scan for new secret types in existing content in {% ifversion fpt %}public repositories{% else %}repositories with {% data variables.product.prodname_GH_secret_protection %} enabled{% endif %} where {% data variables.product.prodname_secret_scanning %} is enabled when new supported secret types are added.
+{% data variables.product.prodname_secret_scanning_caps %} scans your entire Git history on all branches present in your {% data variables.product.prodname_dotcom %} repository for secrets, even if the repository is archived. {% data variables.product.prodname_dotcom %} will also periodically run a full Git history scan for new secret types in existing content in {% ifversion fpt or ghec %}public repositories{% else %}repositories with {% data variables.product.prodname_GH_secret_protection %} enabled{% endif %} where {% data variables.product.prodname_secret_scanning %} is enabled when new supported secret types are added.
 
 <!-- end expires 2025-04-04 -->
 
 {% data reusables.secret-scanning.what-is-scanned %}
 
+{% ifversion ghas-products %}{% ifversion secret-risk-assessment %}
+> [!TIP]
+> Regardless of the enablement status of {% data variables.product.prodname_AS %} features, organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %} can run a free report to scan the code in the organization for leaked secrets, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment).{% endif %}{% else %}{% endif %}
+
 When a supported secret is leaked, {% data variables.product.github %} generates a {% data variables.product.prodname_secret_scanning %} alert. Alerts are reported on the **Security** tab of repositories on {% data variables.product.github %}, where you can view, evaluate, and resolve them. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning).
 
 {% ifversion fpt or ghec %}Service providers can partner with {% data variables.product.company_short %} to provide their secret formats for scanning. We automatically run {% data variables.product.prodname_secret_scanning %} for partner patterns on all public repositories and public npm packages.{% data reusables.secret-scanning.partner-program-link %}
@@ -40,11 +44,9 @@ Any strings that match patterns that were provided by secret scanning partners a
 
 For information about the secrets and service providers supported by {% data variables.product.prodname_secret_scanning %}, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets).
 
-You can use the REST API to monitor results from {% data variables.product.prodname_secret_scanning %} across your repositories{% ifversion ghes %} or your organization{% endif %}. For more information about API endpoints, see [AUTOTITLE](/rest/secret-scanning).
+You can use the REST API to monitor results from {% data variables.product.prodname_secret_scanning %} across your repositories or organization. For more information about API endpoints, see [AUTOTITLE](/rest/secret-scanning).
 
-{% ifversion ghec or ghes %}
 You can also use security overview to see an organization-level view of which repositories have enabled {% data variables.product.prodname_secret_scanning %} and the alerts found. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview).
-{% endif %}
 
 {% data reusables.secret-scanning.audit-secret-scanning-events %}
 
@@ -82,42 +84,26 @@ Below is a typical workflow that explains how {% data variables.product.prodname
 
 {% endif %}
 
-{% ifversion ghec or ghes %}
-
 * **Custom pattern support:** Organizations can define custom patterns to detect proprietary or unique types of secrets that may not be covered by default patterns. This flexibility allows for tailored security measures specific to your environment.
 
-{% endif %}
-
-{% ifversion secret-scanning-non-provider-patterns %}
-
 * **Ability to detect non-provider patterns:** You can expand the detection to include non-provider patterns such as connection strings, authentication headers, and private keys, for your repository or organization.
 
-{% endif %}
-
 ## Customizing {% data variables.product.prodname_secret_scanning %}
 
 Once {% data variables.product.prodname_secret_scanning %} is enabled, you can customize it further:
 
-{% ifversion secret-scanning-non-provider-patterns %}
-
 ### Detection of non-provider patterns
 
 Scan for and detect secrets that are not specific to a service provider, such as private keys and generic API keys. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns).
 
-{% endif %}
-
 ### Performing validity checks
 
 Validity checks help you prioritize alerts by telling you which secrets are `active` or `inactive`. For more information, see{% ifversion secret-scanning-validity-check-partner-patterns %} [AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository) and{% endif %} [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity).
 
-{% ifversion ghec or ghes %}
-
 ### Defining custom patterns
 
 Define your own patterns for secrets used by your organization that {% data variables.product.prodname_secret_scanning %} can scan for and detect. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning).
 
-{% endif %}
-
 {% ifversion secret-scanning-ai-generic-secret-detection %}
 
 ### {% data variables.secret-scanning.copilot-secret-scanning %}

content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md

@@ -35,19 +35,17 @@ This table lists the secrets supported by {% data variables.product.prodname_sec
 
 * **Provider:** Name of the token provider.{% ifversion fpt or ghec %}
 * **Partner:** Token for which leaks are reported to the relevant token partner. Applies to public repositories only.
-* **User:** Token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}.{% ifversion secret-scanning-non-provider-patterns %}
+* **User:** Token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}.
   * Applies to public repositories, and to private repositories where {% data variables.product.prodname_GH_secret_protection %} and {% data variables.product.prodname_secret_scanning %} are enabled.
   * Includes {% ifversion secret-scanning-alert-experimental-list %}default{% else %}high confidence{% endif %} tokens, which relate to supported patterns and specified custom patterns, as well as non-provider tokens such as private keys, which usually have a higher ratio of false positives.
   * For {% data variables.product.prodname_secret_scanning %} to scan for non-provider patterns, the detection of non-provider patterns must be enabled for the repository or the organization. For more information, see [AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository).
-  {% data reusables.secret-scanning.non-provider-patterns-beta %}{% endif %}{% endif %}{% ifversion ghes %}
-* **{% data variables.product.prodname_secret_scanning_caps %} alert:** Token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}.{% ifversion secret-scanning-non-provider-patterns %}
+  {% data reusables.secret-scanning.non-provider-patterns-beta %}{% endif %}{% ifversion ghes %}
+* **{% data variables.product.prodname_secret_scanning_caps %} alert:** Token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}.
   * Applies to private repositories where {% data variables.product.prodname_GH_secret_protection %} and {% data variables.product.prodname_secret_scanning %} are enabled.
-  * Includes {% ifversion secret-scanning-alert-experimental-list %}default{% else %}high confidence{% endif %} tokens, which relate to supported patterns and specified custom patterns, as well as non-provider tokens such as private keys, which often result in false positives.{% else %} Applies to private repositories where {% data variables.product.prodname_GH_secret_protection %} and {% data variables.product.prodname_secret_scanning %} enabled.{% endif %}{% endif %}
+  * Includes {% ifversion secret-scanning-alert-experimental-list %}default{% else %}high confidence{% endif %} tokens, which relate to supported patterns and specified custom patterns, as well as non-provider tokens such as private keys, which often result in false positives.{% endif %}
 * **Push protection:** Token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}. Applies to repositories with {% data variables.product.prodname_secret_scanning %} and push protection enabled.
 
-* **Validity check:** Token for which a validity check is implemented. {% ifversion secret-scanning-validity-check-partner-patterns %}For partner tokens, {% data variables.product.prodname_dotcom %} sends the token to the relevant partner. Note that not all partners are based in the United States. For more information, see [{% data variables.product.prodname_AS %}](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security) in the Site Policy documentation.{% else %} {% ifversion ghes %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens.{% endif %} {% ifversion fpt %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens, and not shown in the table. For more information about validity check support see [AUTOTITLE](/enterprise-cloud@latest/code-security/secret-scanning/secret-scanning-patterns#supported-secrets) in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}{% endif %}
-
-{% ifversion secret-scanning-non-provider-patterns %}
+* **Validity check:** Token for which a validity check is implemented. {% ifversion secret-scanning-validity-check-partner-patterns %}For partner tokens, {% data variables.product.prodname_dotcom %} sends the token to the relevant partner. Note that not all partners are based in the United States. For more information, see [{% data variables.product.prodname_AS %}](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security) in the Site Policy documentation.{% else %} {% ifversion ghes %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens.{% endif %}{% endif %}
 
 ### Non-provider patterns
 
@@ -69,21 +67,11 @@ This table lists the secrets supported by {% data variables.product.prodname_sec
 
 ### {% ifversion secret-scanning-alert-experimental-list %}Default{% else %}High confidence{% endif %} patterns
 
-{% endif %}
+<!-- Team plan and GHEC version of table -->
+{% ifversion fpt or ghec %}
 
-<!-- FPT version of table -->
-{% ifversion fpt %}
-
-| Provider | Token | Partner | User | Push protection
-|----|:----|:----:|:----:|:----:|
-{%- for entry in secretScanningData %}
-| {{ entry.provider }} | {{ entry.secretType }} | {% if entry.isPublic %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Unsupported" %}{% endif %} | {% if entry.isPrivateWithGhas %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Unsupported" %}{% endif %} | {% if entry.hasPushProtection %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Unsupported" %}{% endif %} |
-{%- endfor %}
-
-{% endif %}
-
-<!-- GHEC version of table -->
-{% ifversion ghec %}
+> [!NOTE]
+> Validity checks are only available to users with {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %} who enable the feature as part of {% data variables.product.prodname_GH_secret_protection %}.
 
 | Provider | Token | Partner | User | Push protection | Validity check |
 |----|:----|:----:|:----:|:----:|:----:|

content/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts.md

@@ -25,15 +25,13 @@ allowTitleToDifferFromFilename: true
 
 When {% data variables.product.company_short %} detects a supported secret in a repository that has {% data variables.product.prodname_secret_scanning %} enabled, a {% ifversion fpt or ghec %}user {% else %}{% data variables.product.prodname_secret_scanning %}{% endif %} alert is generated and displayed in the **Security** tab of the repository.
 
-{% ifversion secret-scanning-non-provider-patterns %}{% ifversion fpt or ghec %}User {% else %}{% data variables.product.prodname_secret_scanning %}{% endif %} alerts can be of the following types:
+{% ifversion fpt or ghec %}User {% else %}{% data variables.product.prodname_secret_scanning %} {% endif %}alerts can be of the following types:
 
 * {% ifversion secret-scanning-alert-experimental-list %}Default{% else %}High confidence{% endif %} alerts, which relate to supported patterns and specified custom patterns.
 * {% ifversion secret-scanning-alert-experimental-list %}Experimental{% else %}Other{% endif %} alerts, which can have a higher ratio of false positives or secrets used in tests.
 
 {% data variables.product.prodname_dotcom %} displays {% ifversion secret-scanning-alert-experimental-list %}experimental{% else %}these "other"{% endif %} alerts in a different list to {% ifversion secret-scanning-alert-experimental-list %}default{% else %}high confidence{% endif %} alerts, making triaging a better experience for users. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts).
 
-{% endif %}
-
 {% data reusables.secret-scanning.secret-scanning-pattern-pair-matches %}
 
 ## About push protection alerts
@@ -63,7 +61,7 @@ Partner alerts are not sent to repository administrators, so you do not need to
 
 ## Further reading
 
-* [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns){% ifversion ghec or ghes %}
-* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning){% endif %}{% ifversion secret-scanning-non-provider-patterns %}
-* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns){% endif %}{% ifversion secret-scanning-ai-generic-secret-detection %}
+* [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns)
+* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning)
+* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns){% ifversion secret-scanning-ai-generic-secret-detection %}
 * [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets){% endif %}

content/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts.md

@@ -20,7 +20,7 @@ allowTitleToDifferFromFilename: true
 
 There are some additional features that can help you to evaluate alerts in order to better prioritize and manage them. You can:
 
-* Check the validity of a secret, to see if the secret is still active. {% ifversion fpt or ghes %}**Applies to {% data variables.product.company_short %} tokens only**.{% endif %} For more information, see [Checking a secret's validity](#checking-a-secrets-validity).{% ifversion secret-scanning-validity-check-partner-patterns %}
+* Check the validity of a secret, to see if the secret is still active. {% ifversion fpt or ghec %}**Applies to {% data variables.product.company_short %} tokens only**.{% endif %} For more information, see [Checking a secret's validity](#checking-a-secrets-validity).{% ifversion secret-scanning-validity-check-partner-patterns %}
 * Perform an "on-demand" validity check, to get the most up to date validation status. For more information, see [Performing an on-demand validity check](#performing-an-on-demand-validity-check).{% endif %}
 * Review a token's metadata. **Applies to {% data variables.product.company_short %} tokens only**. For example, to see when the token was last used. For more information, see [Reviewing {% data variables.product.company_short %} token metadata](#reviewing-github-token-metadata).{% ifversion secret-scanning-multi-repo-public-leak %}
 * Review the labels assigned to the alert. For more information, see [Reviewing alert labels](#reviewing-alert-labels).{% endif %}
@@ -31,11 +31,7 @@ Validity checks help you prioritize alerts by telling you which secrets are `act
 
 By default, {% data variables.product.company_short %} checks the validity of {% data variables.product.company_short %} tokens and displays the validation status of the token in the alert view.
 
-{% ifversion fpt %}
-
-Organizations using {% ifversion ghas-products-cloud %}{% data variables.product.prodname_team %} or {% endif %}{% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_secret_protection %} can also enable validity checks for partner patterns. For more information, see [Checking a secret's validity](/enterprise-cloud@latest/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity) in the {% data variables.product.prodname_ghe_cloud %} documentation.
-
-{% endif %}
+Organizations using {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_secret_protection %} can also enable validity checks for partner patterns. For more information, see [Checking a secret's validity](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity).
 
 {% data reusables.secret-scanning.validity-check-table %}
 

content/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts.md

@@ -20,7 +20,7 @@ allowTitleToDifferFromFilename: true
 
 Once a secret has been committed to a repository, you should consider the secret compromised. {% data variables.product.github %} recommends the following actions for compromised secrets:
 
-* Verify that the secret committed to {% data variables.product.github %} is valid. {% ifversion fpt or ghes %}**Applies to {% data variables.product.github %} tokens only**. See [Checking a secret's validity](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity).{% endif %}{% ifversion secret-scanning-validity-check-partner-patterns %}See [Performing an on-demand validity check](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#performing-an-on-demand-validity-check).{% endif %}{% ifversion secret-scanning-report-secret-github-pat %}
+* Verify that the secret committed to {% data variables.product.github %} is valid. {% ifversion fpt or ghec %}**Applies to {% data variables.product.github %} tokens only**. See [Checking a secret's validity](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity).{% endif %}{% ifversion secret-scanning-validity-check-partner-patterns %}See [Performing an on-demand validity check](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#performing-an-on-demand-validity-check).{% endif %}{% ifversion secret-scanning-report-secret-github-pat %}
 * For secrets detected in private repositories, report the leaked secret to {% data variables.product.github %}, who will treat it like any publicly leaked secret and revoke it. **Applies to {% data variables.product.github %} {% data variables.product.pat_generic %}s only**. See [Reporting a leaked secret](#reporting-a-leaked-secret). {% endif %}
 * Review and update any services that use the old token. For {% data variables.product.github %} {% data variables.product.pat_generic %}s, delete the compromised token and create a new token. See [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token).
 * Depending on the secret provider, check your security logs for any unauthorized activity.

content/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts.md

@@ -20,8 +20,6 @@ allowTitleToDifferFromFilename: true
 
 {% data reusables.secret-scanning.secret-scanning-about-alerts %} {% data reusables.secret-scanning.repository-alert-location %}
 
-{% ifversion secret-scanning-non-provider-patterns %}
-
 To help you triage alerts more effectively, {% data variables.product.company_short %} separates alerts into two lists:
 
 {% ifversion secret-scanning-alert-experimental-list %}
@@ -77,16 +75,14 @@ For {% data variables.product.company_short %} to scan for non-provider patterns
 
 {% endif %}
 
-{% endif %}
-
 ## Viewing alerts
 
 Alerts for {% data variables.product.prodname_secret_scanning %} are displayed under the **Security** tab of the repository.
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-security %}
-1. In the left sidebar, under "Vulnerability alerts", click **{% data variables.product.prodname_secret_scanning_caps %}**. {% ifversion secret-scanning-non-provider-patterns %}
-1. Optionally, toggle to {% ifversion secret-scanning-alert-experimental-list %}"Experimental"{% else %}"Other"{% endif %} to see alerts for non-provider patterns{% ifversion secret-scanning-ai-generic-secret-detection %} or generic secrets detected using AI{% endif %}.{% endif %}
+1. In the left sidebar, under "Vulnerability alerts", click **{% data variables.product.prodname_secret_scanning_caps %}**.
+1. Optionally, toggle to {% ifversion secret-scanning-alert-experimental-list %}"Experimental"{% else %}"Other"{% endif %} to see alerts for non-provider patterns{% ifversion secret-scanning-ai-generic-secret-detection %} or generic secrets detected using AI{% endif %}.
 1. Under "{% data variables.product.prodname_secret_scanning_caps %}", click the alert you want to view.
    {% ifversion secret-scanning-user-owned-repos %}
 
@@ -110,15 +106,13 @@ You can apply various filters to the alerts list to help you find the alerts you
 | {% ifversion secret-scanning-bypass-filter %} |
 |`bypassed: true`|Displays alerts for secrets where push protection has been bypassed. For more information, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).|
 | {% endif %} |
-|`validity:active`| Displays alerts for secrets that are known to be active. {% ifversion fpt %}Applies to {% data variables.product.company_short %} tokens only.{% endif %} For more information about validity statuses, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity).|
+|`validity:active`| Displays alerts for secrets that are known to be active. {% ifversion fpt or ghec %}Applies only to {% data variables.product.github %} tokens unless you enable validity checks.{% endif %}For more information about validity statuses, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity).|
 |`validity:inactive`| Displays alerts for secrets that are no longer active.|
 |`validity:unknown`| Displays alerts for secrets where the validity status of the secret is unknown.|
 |`secret-type:SECRET-NAME`| Displays alerts for a specific secret type, for example, `secret-type:github_personal_access_token`. For a list of supported secret types, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secret). |
 |`provider:PROVIDER-NAME`|Displays alerts for a specific provider, for example, `provider:github`. For a list of supported partners, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets).|
-| {% ifversion secret-scanning-non-provider-patterns %} |
 |{% ifversion secret-scanning-alert-experimental-list %}`results:default`{% else %}`confidence:high`{% endif %}| Displays alerts for {% ifversion secret-scanning-alert-experimental-list %}{% else %}high-confidence secrets, which relate to {% endif %}supported secrets and custom patterns. For a list of supported patterns, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns). |
 |{% ifversion secret-scanning-alert-experimental-list %}`results:experimental`{% else %}`confidence:other`{% endif %}| Displays alerts for non-provider patterns, such as private keys{% ifversion secret-scanning-ai-generic-secret-detection %}, and AI-detected generic secrets, such as passwords{% endif %}. For a list of supported non-provider patterns, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#non-provider-patterns). {% ifversion secret-scanning-ai-generic-secret-detection %}For more information about AI-detected generic secrets, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).{% endif %}|
-| {% endif %} |
 
 ## Next steps
 

content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md

@@ -8,6 +8,7 @@ redirect_from:
   - /code-security/secret-security/defining-custom-patterns-for-secret-scanning
   - /code-security/secret-scanning/defining-custom-patterns-for-secret-scanning
 versions:
+  fpt: '*'
   ghes: '*'
   ghec: '*'
 type: how_to
@@ -22,7 +23,7 @@ You can define custom patterns to identify secrets that are not detected by the
 
 You can define custom patterns for your enterprise, organization, or repository. {% data variables.product.prodname_secret_scanning_caps %} supports up to 500 custom patterns for each organization or enterprise account, and up to 100 custom patterns per repository.
 
-{% ifversion secret-scanning-push-protection-custom-patterns %}You can also enable push protection for custom patterns. For more information about push protection, see [AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning).{% endif %}
+You can also enable push protection for custom patterns. For more information about push protection, see [AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning).
 
 ## About using regular expressions for custom patterns
 
@@ -53,17 +54,18 @@ For simple tokens you will usually only need to specify a secret format. The oth
 
 ## Defining a custom pattern for a repository
 
-Before defining a custom pattern, you must ensure that {% data variables.product.prodname_secret_scanning %} is enabled on your repository. For more information, see [AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository).
+Before defining a custom pattern, you must ensure that {% ifversion ghas-products %}{% data variables.product.prodname_secret_protection %}{% else %}{% data variables.product.prodname_secret_scanning %}{% endif %} is enabled on your repository. For more information, see [AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository).
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghas-products %}
+1. Under "{% data variables.product.prodname_secret_protection %}", to the right of "Custom patterns", click **New pattern**.{% else %}
 {% data reusables.repositories.navigate-to-ghas-settings %}
-{% data reusables.advanced-security.secret-scanning-new-custom-pattern %}
+{% data reusables.advanced-security.secret-scanning-new-custom-pattern %}{% endif %}
 {% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}
 1. When you're ready to test your new custom pattern, to identify matches in the repository without creating alerts, click **Save and dry run**.
 {% data reusables.advanced-security.secret-scanning-dry-run-results %}
-{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}{% ifversion secret-scanning-push-protection-custom-patterns %}
+{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}
 1. Optionally, to enable push protection for your custom pattern, click **Enable**.
 
    > [!NOTE]
@@ -71,8 +73,6 @@ Before defining a custom pattern, you must ensure that {% data variables.product
 
    For more information about push protection, see [AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning).
 
-{% endif %}
-
 After your pattern is created, {% data reusables.secret-scanning.secret-scanning-process %} For more information on viewing {% data variables.secret-scanning.alerts %}, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning).
 
 ### Example of a custom pattern specified using additional requirements
@@ -123,16 +123,20 @@ To enable {% data variables.product.prodname_secret_scanning %} on all repositor
 1. When you're ready to test your new custom pattern, to identify matches in select repositories without creating alerts, click **Save and dry run**.
 {% data reusables.advanced-security.secret-scanning-dry-run-select-repos %}
 {% data reusables.advanced-security.secret-scanning-dry-run-results %}
-{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}{% ifversion secret-scanning-push-protection-custom-patterns %}
+{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}
 1. Optionally, to enable push protection for your custom pattern, click **Enable**. For more information, see [AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-in-an-organization-for-a-custom-pattern).
 
-{% indented_data_reference reusables.secret-scanning.push-protection-org-notes spaces=3 %}{% endif %}
+{% indented_data_reference reusables.secret-scanning.push-protection-org-notes spaces=3 %}
 
 After your pattern is created, {% data variables.product.prodname_secret_scanning %} scans for any secrets in repositories in your organization, including their entire Git history on all branches. Organization owners and repository administrators will be alerted to any secrets found and can review the alert in the repository where the secret is found. For more information on viewing {% data variables.secret-scanning.alerts %}, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning).
 
 ## Defining a custom pattern for an enterprise account
 
-Before defining a custom pattern, you must ensure that you enable secret scanning for your enterprise account. For more information, see [AUTOTITLE]({% ifversion fpt or ghec %}/enterprise-server@latest/{% endif %}/admin/advanced-security/enabling-github-advanced-security-for-your-enterprise).
+{% ifversion ghes %}
+
+Before defining a custom pattern, you must ensure that you enable secret scanning for your enterprise account. For more information, see [AUTOTITLE](/admin/advanced-security/enabling-github-advanced-security-for-your-enterprise).
+
+{% endif %}
 
 > [!NOTE]
 > * At the enterprise level, only the creator of a custom pattern can edit the pattern, and use it in a dry run.
@@ -147,13 +151,13 @@ Before defining a custom pattern, you must ensure that you enable secret scannin
 1. When you're ready to test your new custom pattern, to identify matches in the enterprise without creating alerts, click **Save and dry run**.
 {% data reusables.advanced-security.secret-scanning-dry-run-select-enterprise-repos %}
 {% data reusables.advanced-security.secret-scanning-dry-run-results %}
-{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}{% ifversion secret-scanning-push-protection-custom-patterns %}
+{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}
 1. Optionally, to enable push protection for your custom pattern, click **Enable**. For more information, see [AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning).
-{% indented_data_reference reusables.secret-scanning.push-protection-enterprise-note spaces=3 %}{% endif %}
+{% indented_data_reference reusables.secret-scanning.push-protection-enterprise-note spaces=3 %}
 
 After your pattern is created, {% data variables.product.prodname_secret_scanning %} scans for any secrets in repositories within your organizations with {% data variables.product.prodname_GH_secret_protection %} enabled, including their entire Git history on all branches. Organization owners and repository administrators will be alerted to any secrets found, and can review the alert in the repository where the secret is found. For more information on viewing {% data variables.secret-scanning.alerts %}, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning).
 
 ## Further reading
 
-* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns) {% ifversion secret-scanning-custom-patterns-metrics %}
-* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/metrics-for-custom-patterns){% endif %}
+* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns)
+* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/metrics-for-custom-patterns)

content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/index.md

@@ -5,6 +5,7 @@ allowTitleToDifferFromFilename: true
 intro: 'You can extend the capabilities of {% data variables.product.prodname_secret_scanning %} to search for your own patterns. These custom patterns can range from your service API keys to connection strings into cloud resources.'
 product: '{% data reusables.gated-features.secret-scanning-custom-patterns %}'
 versions:
+  fpt: '*'
   ghes: '*'
   ghec: '*'
 topics:

content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md

@@ -4,6 +4,7 @@ shortTitle: Manage custom patterns
 intro: 'You can view, edit, and remove custom patterns, as well as enable push protection for custom patterns.'
 permissions: '{% data reusables.permissions.security-enterprise-enable %}'
 versions:
+  fpt: '*'
   ghes: '*'
   ghec: '*'
 type: how_to
@@ -21,25 +22,23 @@ At the enterprise level, only the creator of a custom pattern can edit the patte
 When you save a change to a custom pattern, this closes all the {% data variables.secret-scanning.alerts %} that were created using the previous version of the pattern.
 
 {% data reusables.secret-scanning.view-custom-pattern %}
-1. Under "{% data variables.product.prodname_secret_scanning_caps %}", to the right of the custom pattern you want to edit, click {% octicon "pencil" aria-label="Edit pattern" %}.
+1. Under {% ifversion ghas-products %}"Custom patterns"{% else %}"{% data variables.product.prodname_secret_scanning_caps %}"{% endif %}, to the right of the custom pattern you want to edit, click {% octicon "pencil" aria-label="Edit pattern" %}.
 1. When you're ready to test your edited custom pattern, to identify matches without creating alerts, click **Save and dry run**.
-1. When you have reviewed and tested your changes, click **Publish changes**.{% ifversion secret-scanning-push-protection-custom-patterns %}
+1. When you have reviewed and tested your changes, click **Publish changes**.
 {% data reusables.advanced-security.secret-scanning-enable-push-protection-custom-pattern %}
 1. Optionally, to disable push protection for your custom pattern, click **Disable**.
 
-   ![Screenshot of the custom pattern page with the button to disable push protection highlighted with a dark orange outline.](/assets/images/help/repository/secret-scanning-disable-push-protection-custom-pattern.png){% endif %}
+   ![Screenshot of the custom pattern page with the button to disable push protection highlighted with a dark orange outline.](/assets/images/help/repository/secret-scanning-disable-push-protection-custom-pattern.png)
 
 ## Removing a custom pattern
 
-When you remove a custom pattern, {% data variables.product.prodname_dotcom %} gives you the option to close the {% data variables.secret-scanning.alerts %} relating to the pattern, or keep these alerts.
+When you remove a custom pattern, {% data variables.product.github %} gives you the option to close the {% data variables.secret-scanning.alerts %} relating to the pattern, or keep these alerts.
 
 {% data reusables.secret-scanning.view-custom-pattern %}
 1. To the right of the custom pattern you want to remove, click {% octicon "trash" aria-label="Remove pattern" %}.
 1. Review the confirmation, and select a method for dealing with any open alerts relating to the custom pattern.
 1. Click **Yes, delete this pattern**.
 
-{% ifversion secret-scanning-push-protection-custom-patterns %}
-
 ## Enabling push protection for a custom pattern
 
 You can enable {% data variables.product.prodname_secret_scanning %} as a push protection for custom patterns stored at the enterprise, organization, or repository level.
@@ -89,13 +88,12 @@ Before enabling push protection for a custom pattern at repository level, you mu
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghas-products %}
+1. Under "{% data variables.product.prodname_secret_protection %}", under "Custom patterns", click {% octicon "pencil" aria-label="Edit custom pattern" %} for the pattern of interest.{% else %}
 {% data reusables.repositories.navigate-to-ghas-settings %}
-{% data reusables.advanced-security.secret-scanning-edit-custom-pattern %}
+{% data reusables.advanced-security.secret-scanning-edit-custom-pattern %}{% endif %}
 1. To enable push protection for your custom pattern, scroll down to "Push Protection", and click **Enable**.
 
    {% data reusables.secret-scanning.custom-pattern-push-protection-enable-button %}
 
    ![Screenshot of the "Push protection" section of the custom pattern page. A button, labeled "Enable", is outlined in dark orange.](/assets/images/help/repository/secret-scanning-custom-pattern-enable-push-protection.png)
-
-{% endif %}

content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/metrics-for-custom-patterns.md

@@ -4,7 +4,9 @@ shortTitle: Custom pattern metrics
 intro: 'You can view alert metrics for custom patterns at the repository, organization, and enterprise levels.'
 permissions: '{% data reusables.permissions.security-enterprise-enable %}'
 versions:
-  feature: secret-scanning-custom-patterns-metrics
+  fpt: '*'
+  ghec: '*'
+  ghes: '*'
 type: how_to
 topics:
   - Secret Protection
@@ -20,6 +22,6 @@ Organization owners and people with admin permission for a repository can see an
 ## Viewing metrics for custom patterns
 
 {% data reusables.secret-scanning.view-custom-pattern %}
-1. Under "{% data variables.product.prodname_secret_scanning_caps %}", click the custom pattern you want to view.
+1. Under "Custom patterns", click the custom pattern you want to view.
 
 The metrics are displayed under the custom pattern's name.

content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md

@@ -31,8 +31,9 @@ When you enable this feature, you will create a bypass list of roles and teams w
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-code-security-and-analysis %}
-{% data reusables.repositories.navigate-to-ghas-settings %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghas-products %}
+1. Under "{% data variables.product.prodname_secret_protection %}", ensure that push protection is enabled for the repository.{% else %}
+{% data reusables.repositories.navigate-to-ghas-settings %}{% endif %}
 1. Under "Push protection", to the right of "Who can bypass push protection for {% data variables.product.prodname_secret_scanning %}", select the dropdown menu, then click **Specific roles or teams**.
 1. Under "Bypass list", click **Add role or team**.
 
@@ -50,7 +51,7 @@ When you enable this feature, you will create a bypass list of roles and teams w
 You must configure delegated bypass for your organization using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your organization.
 
 1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration#creating-a-custom-security-configuration).
-1. When creating the custom security configuration, under "{% data variables.product.prodname_secret_scanning_caps %}", ensure that the dropdown menus for "Alerts" and "Push protection" are set to **Enabled**.
+1. When defining the custom security configuration, under "{% data variables.product.prodname_secret_scanning_caps %}", ensure that {% ifversion ghas-products %}"Push protection" is set to **Enabled**{% else %}the dropdown menus for "Alerts" and "Push protection" are set to **Enabled**{% endif %}.
 1. Under "Push protection", to the right of "Bypass privileges", select the dropdown menu, then click **Specific actors**.
 
    > [!NOTE]

content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning.md

@@ -10,7 +10,7 @@ topics:
   - Advanced Security
   - Alerts
   - Repositories
-shortTitle: Enable delegated alert dismissal
+shortTitle: Delegated alert dismissal
 ---
 
 ## About enabling delegated alert dismissal
@@ -26,16 +26,14 @@ shortTitle: Enable delegated alert dismissal
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.repositories.navigate-to-code-security-and-analysis %}
-{% data reusables.repositories.navigate-to-ghas-settings %}
-
-1. Under "{% data variables.product.prodname_secret_scanning_caps %}", click **Enable** for "Prevent direct alert dismissals".
+1. Under "{% data variables.product.prodname_secret_protection %}", to the right of "Prevent direct alert dismissals", click **Enable**.
 
 ## Configuring delegated dismissal for an organization
 
 You must configure delegated dismissal for your organization using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your organization.
 
 1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration#creating-a-custom-security-configuration).
-1. When creating the custom security configuration, under "{% data variables.product.prodname_secret_scanning_caps %}", ensure that the dropdown menus for "Alerts" and "Prevent direct alert dismissals" are set to **Enabled**.
+1. When defining the custom security configuration, under "{% data variables.product.prodname_secret_scanning_caps %}", ensure that the dropdown menu for "Prevent direct alert dismissals" is set to **Enabled**.
 1. Click **Save configuration**.
 1. Apply the security configuration to all (or selected) repositories in your organization. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration).
 

content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns.md

@@ -32,7 +32,7 @@ For more information about non-provider patterns, see "{% ifversion fpt or ghec
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.repositories.navigate-to-code-security-and-analysis %}
-1. Under {% data variables.product.prodname_secret_scanning_caps %}, to the right of "Non-provider patterns", click **Enable**.
+1. Under "{% data variables.product.UI_secret_protection_scanning %}", to the right of "Non-provider patterns", click **Enable**.
 
 {% ifversion security-configurations %}
 

content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line.md

@@ -125,7 +125,7 @@ If {% data variables.product.prodname_dotcom %} blocks a secret that you believe
 
 {% data reusables.secret-scanning.push-protection-allow-email %}
 
-If you don't see the option to bypass the block, the repository administrator or organization owner has configured tighter controls around push protection. Instead, you should remove the secret from the commit, or submit a request for "bypass privileges" in order to push the blocked secret. For more information, see [Requesting bypass privileges](/enterprise-cloud@latest/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line#requesting-bypass-privileges) in the {% data variables.product.prodname_ghe_cloud %} documentation.
+If you don't see the option to bypass the block, the repository administrator or organization owner has configured tighter controls around push protection. Instead, you should remove the secret from the commit{% ifversion push-protection-delegated-bypass %}, or submit a request for "bypass privileges" in order to push the blocked secret. For more information, see [Requesting bypass privileges](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line#requesting-bypass-privileges){% endif %}.
 
 {% data reusables.secret-scanning.push-protection-visit-URL %}
 {% data reusables.secret-scanning.push-protection-choose-allow-secret-options %}

content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration.md

@@ -24,19 +24,16 @@ After you create a {% data variables.product.prodname_custom_security_configurat
 {% data reusables.organizations.org_settings %}
 {% data reusables.security-configurations.view-configurations-page %}
 1. Optionally, in the "Apply configurations" section, filter for specific repositories you would like to apply your {% data variables.product.prodname_custom_security_configuration %} to. To learn how to filter the repository table, see [AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/filtering-repositories-in-your-organization-using-the-repository-table).
-1. In the repository table, select repositories with one of three methods:
-     * Select each repository you would like to apply the {% data variables.product.prodname_security_configuration %} to.
-     * To select all repositories displayed on the current page of the repository table, select **NUMBER repositories**.
-     * After selecting **NUMBER repositories**, to select _all_ repositories in your organization that match any filters you have applied, click **Select all**.
-     >[!NOTE]
-     > The repository table will show which repositories have an enforced configuration. This means that repository owners will be blocked from changing features that have been enabled or disabled in the configuration, but features that are not set aren't enforced.
+{% data reusables.security-configurations.select-repos %}
 1. Select the **Apply configuration** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **YOUR-CONFIGURATION-NAME**.
-{% data reusables.security-configurations.apply-configuration-by-default %}
 
     {% data reusables.security-configurations.default-configuration-exception-repo-transfers %}
 
 {% data reusables.security-configurations.apply-configuration %}
 
+>[!NOTE]
+> If you apply an enforced configuration, this information is reported in the list of repositories. An enforced configuration means that repository owners are blocked from changing features that have been enabled or disabled in the configuration, but features that are not set aren't enforced.
+
 ## Next steps
 
 To learn how to interpret security findings from your {% data variables.product.prodname_custom_security_configuration %} on a repository, see [AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings).

content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization.md

@@ -16,13 +16,15 @@ topics:
 
 The {% data variables.product.prodname_github_security_configuration %} is a collection of enablement settings for {% data variables.product.company_short %}'s security features that is created and maintained by subject matter experts at {% data variables.product.company_short %}. The {% data variables.product.prodname_github_security_configuration %} is designed to successfully reduce the security risks for low- and high-impact repositories. We recommend you apply this configuration to all the repositories in your organization.
 
+> [!NOTE]
+> The {% data variables.product.prodname_github_security_configuration %} includes {% data variables.product.prodname_GH_code_security %} and {% data variables.product.prodname_GH_secret_protection %} features. Applying the configuration to private and internal repositories in your organization will incur usage costs or require licenses.
+
 ## Applying the {% data variables.product.prodname_github_security_configuration %} to all repositories in your organization
 
 {% data reusables.profile.access_org %}
 {% data reusables.organizations.org_settings %}
 {% data reusables.security-configurations.view-configurations-page %}
 1. In the "{% data variables.product.company_short %} recommended" row of the configurations table for your organization, select the **Apply to** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **All repositories** or **All repositories without configurations**.
-{% data reusables.security-configurations.apply-configuration-by-default %}
 
     {% data reusables.security-configurations.default-configuration-exception-repo-transfers %}
 
@@ -34,12 +36,8 @@ The {% data variables.product.prodname_github_security_configuration %} is a col
 {% data reusables.organizations.org_settings %}
 {% data reusables.security-configurations.view-configurations-page %}
 1. Optionally, in the "Apply configurations" section, filter the view to find the repositories you would like to apply the {% data variables.product.prodname_github_security_configuration %} to. To learn how to filter the repository table, see [AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/filtering-repositories-in-your-organization-using-the-repository-table).
-1. In the repository table, select repositories with one of three methods:
-     * Select each individual repository you would like to apply the {% data variables.product.prodname_security_configuration %} to.
-     * To select all repositories on the current page of the repository table, select **NUMBER repositories**.
-     * After selecting **NUMBER repositories**, to select all repositories in your organization that match your filter criteria, click **Select all**.
+{% data reusables.security-configurations.select-repos %}
 1. Select the **Apply configuration** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **{% data variables.product.company_short %} recommended**.
-{% data reusables.security-configurations.apply-configuration-by-default %}
 
     {% data reusables.security-configurations.default-configuration-exception-repo-transfers %}
 
@@ -50,7 +48,7 @@ The {% data variables.product.prodname_github_security_configuration %} is a col
 {% data reusables.profile.access_org %}
 {% data reusables.organizations.org_settings %}
 {% data reusables.security-configurations.view-configurations-page %}
-1. In the "Code security configurations" section, select "{% data variables.product.company_short %} recommended".
+1. In the "Security configurations" section, select "{% data variables.product.company_short %} recommended".
 1. In the "Policy" section, next to "Enforce configuration", select **Enforce** from the dropdown menu.
 
 {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases %}

content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md

@@ -36,7 +36,7 @@ You can customize several {% data variables.product.prodname_global_settings %}
 
 ### Creating and managing {% data variables.dependabot.auto_triage_rules %}
 
-You can create and manage {% data variables.dependabot.auto_triage_rules %} to instruct {% data variables.product.prodname_dependabot %} to automatically dismiss or snooze {% data variables.product.prodname_dependabot_alerts %}, and even open pull requests to attempt to resolve them. To configure {% data variables.dependabot.auto_triage_rules %}, click {% octicon "gear" aria-label="Configure {% data variables.product.prodname_dependabot %} rules" %}, then create or edit a rule:
+You can create and manage {% data variables.dependabot.auto_triage_rules %} to instruct {% data variables.product.prodname_dependabot %} to automatically dismiss or snooze {% data variables.product.prodname_dependabot_alerts %}, and even open pull requests to attempt to resolve them. To configure {% data variables.dependabot.auto_triage_rules %}, click {% octicon "gear" aria-label="Configure Dependabot rules" %}, then create or edit a rule:
   * You can create a new rule by clicking **New rule**, then entering the details for your rule and clicking **Create rule**.
   * You can edit an existing rule by clicking {% octicon "pencil" aria-label="Edit CURATED-OR-CUSTOM rule" %}, then making the desired changes and clicking **Save rule**.
 
@@ -72,8 +72,8 @@ You can customize several {% data variables.product.prodname_global_settings %}
 
 * [Recommending the extended query suite for default setup](#recommending-the-extended-query-suite-for-default-setup){% ifversion code-scanning-autofix %}
 * [Enabling {% data variables.product.prodname_copilot_autofix_short %} for {% data variables.product.prodname_codeql %}](#enabling-copilot-autofix-for-codeql)
-* [Enabling {% data variables.product.prodname_copilot_autofix_short %} for third-party {% data variables.product.prodname_code_scanning %} tools](#enabling-copilot-autofix-for-third-party-code-scanning-tools) {% endif %}
-* [Setting a failure threshold for {% data variables.product.prodname_code_scanning %} checks in pull requests](#setting-a-failure-threshold-for-code-scanning-checks-in-pull-requests)
+* [Enabling {% data variables.product.prodname_copilot_autofix_short %} for third-party {% data variables.product.prodname_code_scanning %} tools](#enabling-copilot-autofix-for-third-party-code-scanning-tools) {% endif %}{% ifversion ghes < 3.17 %}
+* [Setting a failure threshold for {% data variables.product.prodname_code_scanning %} checks in pull requests](#setting-a-failure-threshold-for-code-scanning-checks-in-pull-requests){% endif %}
 
 ### Recommending the extended query suite for default setup
 
@@ -94,49 +94,42 @@ You can select **{% data variables.product.prodname_copilot_autofix_short %} for
 
 {% endif %}
 
+{% ifversion ghes < 3.17 %}
+
 ### Setting a failure threshold for {% data variables.product.prodname_code_scanning %} checks in pull requests
 
 You can choose the severity levels at which {% data variables.product.prodname_code_scanning %} check runs on pull requests will fail. To choose a security severity level, select the **Security: SECURITY-SEVERITY-LEVEL** dropdown menu, then click a security severity level. To choose an alert severity level, select the **OTHER: ALERT-SEVERITY-LEVEL** dropdown menu, then click an alert severity level. For more information, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels).
 
+{% endif %}
+
 ## Configuring global {% data variables.product.prodname_secret_scanning %} settings
 
 {% data reusables.security-configurations.secret-scanning-security-configs-summary %}
 
 You can customize several {% data variables.product.prodname_global_settings %} for {% data variables.product.prodname_secret_scanning %}:
 
-{% ifversion secret-scanning-ai-generic-secret-detection %}
-* [Generic secret detection with {% data variables.secret-scanning.copilot-secret-scanning %}](#generic-secret-detection-with-copilot-secret-scanning){% endif %}
-* [Adding a resource link for blocked commits](#adding-a-resource-link-for-blocked-commits){% ifversion ghec or ghes %}
-* [Defining custom patterns](#defining-custom-patterns){% endif %}
-
-{% ifversion secret-scanning-ai-generic-secret-detection %}
-
-### {% data variables.secret-scanning.generic-secret-detection-caps %} with {% data variables.secret-scanning.copilot-secret-scanning %}
-
-{% data variables.secret-scanning.copilot-secret-scanning %}'s {% data variables.secret-scanning.generic-secret-detection %} is an AI-powered expansion of {% data variables.product.prodname_secret_scanning %} that scans and creates alerts for unstructured secrets, such as passwords. To enable these scans, select **Scan for generic secrets**. Be aware that generic secrets often have a higher rate of false positives than other types of alert. To learn more about generic secrets, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).
-
-{% data reusables.secret-scanning.copilot-secret-scanning-generic-secrets-subscription-note %}
-
-{% endif %}
+* [Adding a resource link for blocked commits](#adding-a-resource-link-for-blocked-commits)
+* [Defining custom patterns](#defining-custom-patterns)
 
 ### Adding a resource link for blocked commits
 
 To provide context for developers when {% data variables.product.prodname_secret_scanning %} blocks a commit, you can display a link with more information on why the commit was blocked. To include a link, select **Add a resource link in the CLI and the web UI when a commit is blocked**. In the text box, type the link to the desired resource, then click **Save**.
-{% ifversion ghec or ghes %}
 
 ### Defining custom patterns
 
 You can define custom patterns for {% data variables.product.prodname_secret_scanning %} with regular expressions. Custom patterns can identify secrets that are not detected by the default patterns supported by {% data variables.product.prodname_secret_scanning %}. To create a custom pattern, click **New pattern**, then enter the details for your pattern and click **Save and dry run**. For more information on custom patterns, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning).
 
-{% endif %}
-
 ## Creating security managers for your organization
 
 The security manager role grants members of your organization the ability to manage security settings and alerts across your organization. Security managers can view data for all repositories in your organization through security overview.
 
 To learn more about the security manager role, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization).
 
-{% ifversion ghes < 3.16 %}
+{% ifversion fpt or ghec or ghes > 3.15 %}
+
+To assign the security manager role, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/using-organization-roles#assigning-an-organization-role).
+
+{% else %}
 
 To grant all members of a team the security manager role, in the "Search for teams" text box, type the name of the desired team. In the dropdown menu that appears, click the team, then click **I understand, grant security manager permissions**.
 

content/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration.md

@@ -16,7 +16,7 @@ redirect_from:
 
 ## About {% data variables.product.prodname_custom_security_configurations %}
 
-{% ifversion security-configurations-cloud %}
+{% ifversion fpt or ghec %}
 
 We recommend securing your organization with the {% data variables.product.prodname_github_security_configuration %}, then evaluating the security findings on your repositories before configuring {% data variables.product.prodname_custom_security_configurations %}. For more information, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization).
 
@@ -24,56 +24,70 @@ We recommend securing your organization with the {% data variables.product.prodn
 
 With {% data variables.product.prodname_custom_security_configurations %}, you can create collections of enablement settings for {% data variables.product.company_short %}'s security products to meet the specific security needs of your organization. For example, you can create a different {% data variables.product.prodname_custom_security_configuration %} for each group of repositories to reflect their different levels of visibility, risk tolerance, and impact.
 
-{% ifversion security-configurations-ghes-only %}
+{% ifversion ghas-products %}
 
-When creating a security configuration, keep in mind that:
-* Only features installed by a site administrator on your {% data variables.product.prodname_ghe_server %} instance will appear in the UI.
-* {% data variables.product.prodname_GH_advanced_security %} features will only be visible if your organization or {% data variables.product.prodname_ghe_server %} instance holds a {% data variables.product.prodname_GH_advanced_security %} license.
-* Certain features, like {% data variables.product.prodname_dependabot_security_updates %} and {% data variables.product.prodname_code_scanning %} default setup, also require that {% data variables.product.prodname_actions %} is installed on the {% data variables.product.prodname_ghe_server %} instance.
+You can also choose whether or not you want to include {% data variables.product.prodname_GH_code_security %} or {% data variables.product.prodname_GH_secret_protection %} features in a configuration.
+
+{%- ifversion fpt or ghec %} If you do, keep in mind that these features incur usage costs (or require {% data variables.product.prodname_GHAS %} licenses) when applied to private and internal repositories.{% endif %} For more information, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
 
 {% endif %}
 
+{% ifversion ghes %}
+
+* Only features installed by a site administrator on your {% data variables.product.prodname_ghe_server %} instance will appear in the UI.
+* {% ifversion ghas-products %}Some features will only be visible if your organization or {% data variables.product.prodname_ghe_server %} instance has purchased the relevant {% data variables.product.prodname_GHAS %} product ({% data variables.product.prodname_GH_code_security %} or {% data variables.product.prodname_GH_secret_protection %}){% else %}{% data variables.product.prodname_GHAS %} features will only be visible if your organization or {% data variables.product.prodname_ghe_server %} instance holds a {% data variables.product.prodname_GHAS %} license{% endif %}.
+* Certain features, like {% data variables.product.prodname_dependabot_security_updates %} and {% data variables.product.prodname_code_scanning %} default setup, also require that {% data variables.product.prodname_actions %} is installed on the {% data variables.product.prodname_ghe_server %} instance.{% endif %}
+
 ## Creating a {% data variables.product.prodname_custom_security_configuration %}
 
-{% ifversion security-configurations-cloud %}
+{% ifversion fpt or ghec %}
 <!-- Note: this article has two entirely separate procedures for cloud and server users. -->
 
 >[!NOTE]
-> The enablement status of some security features is dependent on other, higher-level security features. For example, disabling dependency graph will also disable {% data variables.product.prodname_dependabot %}, and security updates. For {% data variables.product.prodname_security_configurations %}, dependent security features are indicated with indentation and {% octicon "reply" aria-hidden="true" %}.
+> The enablement status of some security features is dependent on other, higher-level security features. For example, disabling dependency graph will also disable {% data variables.product.prodname_dependabot %}, and security updates. For {% data variables.product.prodname_security_configurations %}, dependent security features are indicated with indentation.
 
 {% data reusables.profile.access_org %}
 {% data reusables.organizations.org_settings %}
 {% data reusables.security-configurations.view-configurations-page %}
-1. In the "Code security configurations" section, click **New configuration**.
-1. To help identify your {% data variables.product.prodname_custom_security_configuration %} and clarify its purpose on the "Code {% data variables.product.prodname_security_configurations %}" page, name your configuration and create a description.
-1. In the "{% data variables.product.prodname_GH_advanced_security %} features" row, choose whether to include or exclude {% data variables.product.prodname_GH_advanced_security %} (GHAS) features. If you plan to apply a {% data variables.product.prodname_custom_security_configuration %} with GHAS features to private repositories, you must have available GHAS licenses for each active unique committer to those repositories, or the features will not be enabled. See [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
-1. In the "Dependency graph" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for the following security features:
-    * Dependency graph. To learn about dependency graph, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph).{%- ifversion maven-transitive-dependencies %}
-    * Automatic dependency submission. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %}
-    * {% data variables.product.prodname_dependabot %}. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
-    * Security updates. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).
-
-1. In the "{% data variables.product.prodname_code_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for {% data variables.product.prodname_code_scanning %} default setup.{% ifversion code-scanning-default-setup-customize-labels %}
- If you want to target specific runners for {% data variables.product.prodname_code_scanning %}, you can also choose to use custom-labeled runners at this step.{% endif %} See [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#about-default-setup).
-1. In the "{% data variables.product.prodname_secret_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for the following security features:
-    * {% data variables.product.prodname_secret_scanning_caps %}. To learn about {% data variables.product.prodname_secret_scanning %}, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning).{% ifversion secret-scanning-validity-check-partner-patterns %}
-    * Validity check. To learn more about validity checks for partner patterns, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity).{% endif %}{% ifversion org-npp-enablement-security-configurations %}
-    * Non-provider patterns. To learn more about scanning for non-provider patterns, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#non-provider-patterns) and [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts).{% endif %}
-    * Push protection. To learn about push protection, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).
-{% ifversion push-protection-delegated-bypass-configurations %}
-1. Optionally, under "Push protection", choose whether you want to assign bypass privileges to selected actors in your organization. By assigning bypass privileges, selected organization members can bypass push protection, and there is a review and approval process for all other contributors. For further guidance on how to configure this setting, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#configuring-delegated-bypass-for-an-organization).
-{% endif %}
-1. In the "Private vulnerability reporting" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for private vulnerability reporting. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).
-1. Optionally, in the "Policy" section, you can choose to automatically apply the {% data variables.product.prodname_security_configuration %} to newly created repositories depending on their visibility. Select the **None** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **Public**, or **Private and internal**, or both.
-
-    {% data reusables.security-configurations.default-configuration-exception-repo-transfers %}
-1. Optionally, in the "Policy" section, you can enforce the configuration and block repository owners from changing features that are enabled or disabled by the configuration (features that are not set aren't enforced). Next to "Enforce configuration", select **Enforce** from the dropdown menu.
-
-    {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases %}
+1. In the "{% data variables.product.prodname_security_configurations_caps %}" section, click **New configuration**.
+1. To help identify your {% data variables.product.prodname_custom_security_configuration %} and clarify its purpose on the "{% data variables.product.prodname_security_configurations_caps %}" page, name your configuration and create a description.
+1. Optionally, enable "{% data variables.product.prodname_secret_protection %}", a paid feature for private {% ifversion ghec %}and internal {% endif %} repositories. Enabling {% data variables.product.prodname_secret_protection %} enables alerts for {% data variables.product.prodname_secret_scanning %}. In addition, you can choose whether to enable, disable, or keep the existing settings for the following {% data variables.product.prodname_secret_scanning %} features:
+    {% ifversion secret-scanning-validity-check-partner-patterns %}
+    * **Validity checks**. To learn more about validity checks for partner patterns, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity).{% endif %}{% ifversion org-npp-enablement-security-configurations %}
+    * **Non-provider patterns**. To learn more about scanning for non-provider patterns, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#non-provider-patterns) and [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts).{% endif %}{% ifversion secret-scanning-ai-generic-secret-detection %}
+    * **Scan for generic passwords**. To learn more, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).{% endif %}
+    * **Push protection**. To learn about push protection, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).{% ifversion push-protection-delegated-bypass-configurations %}
+    * **Bypass privileges**. By assigning bypass privileges, selected organization members can bypass push protection, and there is a review and approval process for all other contributors. See [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection).{% endif %}{% ifversion security-delegated-alert-dismissal %}
+    * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning).{% endif %}
+1. Optionally, enable "{% data variables.product.prodname_code_security %}", a paid feature for private {% ifversion ghec %}and internal {% endif %} repositories. You can choose whether to enable, disable, or keep the existing settings for the following {% data variables.product.prodname_code_scanning %} features:
+   * **Default setup**. To learn more, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#about-default-setup). {% ifversion code-scanning-default-setup-customize-labels %}
+   * **Runner type**. If you want to target specific runners for {% data variables.product.prodname_code_scanning %}, you can choose to use custom-labeled runners at this step. See [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#assigning-labels-to-runners).{% endif %} {% ifversion security-delegated-alert-dismissal %}
+    * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning).{% endif %}
+1. Still under "{% data variables.product.prodname_code_security %}", in the "Dependency scanning" table, choose whether you want to enable, disable, or keep the existing settings for the following dependency scanning features:
+   * **Dependency graph**. To learn about dependency graph, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph).
+      > [!TIP]
+      > When both "{% data variables.product.prodname_code_security %}" and Dependency graph are enabled, this enables dependency review, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).{%- ifversion maven-transitive-dependencies %}
+   * **Automatic dependency submission**. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %}
+   * **{% data variables.product.prodname_dependabot %} alerts**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
+   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).
+1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).
+1. Optionally, in the "Policy" section, you can use additional options to control how the configuration is applied:
+   * **Use as default for newly created repositories**. Select the **None** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**.
+        {% data reusables.security-configurations.default-configuration-exception-repo-transfers %}
+   * **Enforce configuration**. Block repository owners from changing features that are enabled or disabled by the configuration (features that are not set aren't enforced). Select **Enforce** from the dropdown menu.
 
 1. To finish creating your {% data variables.product.prodname_custom_security_configuration %}, click **Save configuration**.
 
-{% elsif security-configurations-ghes-only %}
+{% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases-enterprise %}
+
+{% endif %}
+
+<!-- expires 2025-05-01 -->
+<!-- The updated procedure for GHES 3.17+ will be added here later, see ref: #17613 -->
+<!-- end expires 2025-05-01 -->
+
+<!-- This content will be updated when there is a GHES 3.17+ test instance available. Issue #17613 -->
+{% ifversion ghes < 3.17 %}
 
 >[!NOTE]
 > The enablement status of some security features is dependent on other, higher-level security features. For example, disabling {% data variables.secret-scanning.alerts %} will also disable non-provider patterns and push protection.

content/code-security/securing-your-organization/index.md

@@ -15,6 +15,7 @@ children:
   - /introduction-to-securing-your-organization-at-scale
   - /enabling-security-features-in-your-organization
   - /managing-the-security-of-your-organization
+  - /understanding-your-organizations-exposure-to-leaked-secrets
   - /fixing-security-alerts-at-scale
   - /troubleshooting-security-configurations
 ---

content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale.md

@@ -13,9 +13,19 @@ topics:
 
 ## About securing your organization
 
-{% data variables.product.company_short %} offers many security features including {% data variables.product.prodname_GH_advanced_security %}, a suite of features designed to protect your organization from vulnerabilities in your code, insecure dependencies, leaked secrets, and more. For more information on {% data variables.product.prodname_GH_advanced_security %}, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
+{% ifversion ghas-products %}
 
-You can easily enable and manage {% data variables.product.company_short %}'s security features throughout your organization with {% data variables.product.prodname_security_configurations %}, which control repository-level security features, and {% data variables.product.prodname_global_settings %}, which control security features at the organization level. We recommend applying {% data variables.product.prodname_security_configurations %} _and_ customizing your {% data variables.product.prodname_global_settings %} to create a system that best meets the security needs of your organization.
+{% data variables.product.github %} has many features that help you improve and maintain the quality of your code. Some features are included in all {% data variables.product.github %} plans. Additional features are available to organizations {% ifversion ghec %}and enterprises{% endif %} on {% data variables.product.prodname_team %}{% ifversion ghec %} and {% data variables.product.prodname_ghe_cloud %}{% endif %} that purchase a {% data variables.product.prodname_GHAS %} product:
+  * **{% data variables.product.prodname_GH_code_security %}**, which includes features that help you find and fix vulnerabilities, like {% data variables.product.prodname_code_scanning %}, premium {% data variables.product.prodname_dependabot %} features, and dependency review.
+  * **{% data variables.product.prodname_GH_secret_protection %}**, which includes features that help you detect and prevent secret leaks, such as {% data variables.product.prodname_secret_scanning %} and push protection.
+
+{% else %}
+
+{% data variables.product.github %} offers many security features including {% data variables.product.prodname_GH_advanced_security %}, a suite of features designed to protect your organization from vulnerabilities in your code, insecure dependencies, leaked secrets, and more.{% endif %}
+
+You can easily enable and manage {% data variables.product.github %}'s security features throughout your organization with {% data variables.product.prodname_security_configurations %}, which control repository-level security features, and {% data variables.product.prodname_global_settings %}, which control security features at the organization level. We recommend applying {% data variables.product.prodname_security_configurations %} _and_ customizing your {% data variables.product.prodname_global_settings %} to create a system that best meets the security needs of your organization.
+
+For more information on purchasing {% data variables.product.prodname_GH_cs_or_sp %}, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
 
 ## About {% data variables.product.prodname_security_configurations %}
 

content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/choosing-a-security-configuration-for-your-repositories.md

@@ -31,6 +31,8 @@ The {% data variables.product.prodname_github_security_configuration %} offers a
 * It is the quickest {% data variables.product.prodname_security_configuration %} to apply to all repositories in your organization.
 * It is designed to effectively secure both low- and high-impact repositories.
 
+The {% data variables.product.prodname_github_security_configuration %} includes {% data variables.product.prodname_GH_code_security %} and {% data variables.product.prodname_GH_secret_protection %} features. Applying the configuration to private and internal repositories in your organization will incur usage costs or require licenses.
+
 To start securing repositories in your organization with the {% data variables.product.prodname_github_security_configuration %}, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization).
 
 ## Choosing a {% data variables.product.prodname_custom_security_configuration %}
@@ -39,6 +41,6 @@ If you are familiar with {% data variables.product.company_short %}'s security p
 
 * Edit the enablement settings for different security features
 * Create several configurations for repositories with different security needs
-* Manage your {% data variables.product.prodname_GH_advanced_security %} licensing by including or excluding {% data variables.product.prodname_GH_advanced_security %} features for a particular configuration
+* Control your usage and costs by including or excluding {% data variables.product.prodname_GH_code_security %} or {% data variables.product.prodname_GH_secret_protection %} features for a particular configuration
 
 To start securing repositories in your organization with {% data variables.product.prodname_custom_security_configurations %}, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration).

content/code-security/securing-your-organization/managing-the-security-of-your-organization/deleting-a-custom-security-configuration.md

@@ -25,5 +25,5 @@ If you no longer need a {% data variables.product.prodname_custom_security_confi
 {% data reusables.organizations.org_settings %}
 {% data reusables.security-configurations.view-configurations-page %}
 1. In the configurations table, click the name of the {% data variables.product.prodname_custom_security_configuration %} you want to delete.
-1. Scroll to the bottom of the "Security settings" section, then click **Delete configuration**.
+1. Scroll to the bottom of the page, then click **Delete configuration**.
 1. In the "Delete this configuration?" window, read the warning to confirm you are comfortable deleting the {% data variables.product.prodname_custom_security_configuration %}, then click **Delete configuration**.

content/code-security/securing-your-organization/managing-the-security-of-your-organization/detaching-repositories-from-their-security-configurations.md

@@ -24,9 +24,6 @@ Alternatively, if you want to apply a {% data variables.product.prodname_securit
 {% data reusables.organizations.org_settings %}
 {% data reusables.security-configurations.view-configurations-page %}
 1. Optionally, in the "Apply configurations" section, filter for specific repositories you would like to detach from their configurations. To learn more, see [AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/filtering-repositories-in-your-organization-using-the-repository-table).
-1. In the repository table, select repositories with one of three methods:
-    * Select each individual repository you would like to detach.
-    * To select all repositories displayed on the current page of the repository table, select **NUMBER repositories**.
-    * After selecting **NUMBER repositories**, to select _all_ repositories in your organization that match any filters you have applied, click **Select all**.
+{% data reusables.security-configurations.select-repos %}
 1. Select the **Apply configuration** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **No configuration**.
 1. To finish detaching your repositories from their linked {% data variables.product.prodname_security_configurations %}, in the "No configuration?" window, click **No configuration**.

content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md

@@ -30,12 +30,12 @@ To determine if your {% data variables.product.prodname_custom_security_configur
 {% data reusables.profile.access_org %}
 {% data reusables.organizations.org_settings %}
 {% data reusables.security-configurations.view-configurations-page %}
-1. In the "Code {% data variables.product.prodname_security_configurations %}" section, click the name of the {% data variables.product.prodname_custom_security_configuration %} you want to edit.
+1. {% ifversion ghas-products %}Under "{% data variables.product.prodname_security_configurations_caps %}"{% else %}In the "Code {% data variables.product.prodname_security_configurations %}" section{% endif %}, click the name of the {% data variables.product.prodname_custom_security_configuration %} you want to edit.
 
     {% data reusables.security-configurations.default-configuration-exception-repo-transfers %}
 
 1. Edit the name and description of your {% data variables.product.prodname_custom_security_configuration %} as desired.
-1. In the "Security settings" section, edit the enablement settings of your {% data variables.product.prodname_custom_security_configuration %} as desired.
+1. Edit the enablement settings of your {% data variables.product.prodname_custom_security_configuration %} as desired.
 1. In the "Policy" section, you can modify the configuration's enforcement status. Enforcing a configuration will block repository owners from changing features that are enabled or disabled by the configuration, but features that are not set aren't enforced. Next to "Enforce configuration", select **Enforce** or **Don't enforce** from the dropdown menu.
 
     {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases %}

content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings.md

@@ -20,8 +20,6 @@ After you apply a {% data variables.product.prodname_security_configuration %} t
 
 To best secure your organization, you should encourage contributors to review and resolve security alerts and pull requests. {% ifversion security-campaigns %}In addition, you can collaborate with contributors to fix historical security alerts, see [AUTOTITLE](/code-security/securing-your-organization/fixing-security-alerts-at-scale/best-practice-fix-alerts-at-scale).{% endif %}
 
-{% ifversion ghec or ghes %}
-
 ## Finding repositories with security alerts using security overview
 
 {% data reusables.security-overview.information-varies-GHAS %}
@@ -32,12 +30,7 @@ To best secure your organization, you should encourage contributors to review an
     * `tool:secret-scanning` to only show alerts for secrets identified by {% data variables.product.prodname_secret_scanning %}.
     * `tool:codeql` to show only alerts for potential security vulnerabilities identified by {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}.
 1. You can add further filters to show only the repositories you want to assess. The list of repositories and metrics displayed on the page automatically update to match your current selection. For more information on filtering, see [AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview).
-    * Use the **Teams** dropdown to show information only for the repositories owned by one or more teams.
-    * Click **NUMBER affected** or **NUMBER unaffected** in the header for any feature to show only the repositories with open alerts or no open alerts of that type.
-    * Click any of the descriptions of "Open alerts" in the header to show only repositories with alerts of that type and category. For example, **1 critical** to show the repository with a critical alert for {% data variables.product.prodname_dependabot %}.
-    * At the top of the list of repositories, click **NUMBER Archived** to show only repositories that are archived.
 {% data reusables.organizations.security-overview-feature-specific-page %}
-{% endif %}
 
 ## Interpreting {% data variables.product.prodname_secret_scanning %} alerts
 
@@ -47,7 +40,10 @@ To best secure your organization, you should encourage contributors to review an
 * {% data variables.secret-scanning.user_alerts_caps %}, which appear on {% data variables.product.github %} and can be resolved
 
 {% endif %}
-You can view {% data variables.product.prodname_secret_scanning %} alerts for an organization by navigating to the main page of that organization, clicking the **{% octicon "shield" aria-hidden="true" %} Security** tab, then clicking **{% octicon "key" aria-hidden="true" %} {% data variables.product.prodname_secret_scanning_caps %}**.
+You can view {% data variables.product.prodname_secret_scanning %} alerts for an organization by navigating to the main page of that organization, clicking the **{% octicon "shield" aria-hidden="true" %} Security** tab, then clicking **{% octicon "key" aria-hidden="true" %} {% data variables.product.prodname_secret_scanning_caps %}** in the "Metrics" or "Alerts" section.
+
+* **Metrics**. To see detailed information on push protection events, see [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection).
+* **Alerts**. To see detailed information on **Default** and **Generic** alerts for exposed secrets in the organization.
 
 For an introduction to {% data variables.product.prodname_secret_scanning %} alerts, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts).
 
@@ -57,7 +53,10 @@ To learn how to evaluate {% data variables.product.prodname_secret_scanning %} a
 
 {% data reusables.code-scanning.about-code-scanning %} These problems are raised as {% data variables.product.prodname_code_scanning %} alerts, which contain detailed information on the vulnerability or error detected.
 
-You can view the {% data variables.product.prodname_code_scanning %} alerts for an organization by navigating to the main page of that organization, clicking the **{% octicon "shield" aria-hidden="true" %} Security** tab, then clicking **{% octicon "codescan" aria-hidden="true" %} {% data variables.product.prodname_code_scanning_caps %}**.
+You can view the {% data variables.product.prodname_code_scanning %} alerts for an organization by navigating to the main page of that organization, clicking the **{% octicon "shield" aria-hidden="true" %} Security** tab, then clicking:
+
+* **{% data variables.product.prodname_codeql %} pull request alerts**. To see information on {% data variables.product.prodname_code_scanning %} alerts found and remediated in pull requests.
+* **{% data variables.product.prodname_code_scanning_caps %}**. To see detailed information on alerts for potentially vulnerable code in the organization, see [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts).
 
 For an introduction to {% data variables.product.prodname_code_scanning %} alerts, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts).
 

content/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage.md

@@ -1,8 +1,10 @@
 ---
-title: Managing your GitHub Advanced Security license usage
-shortTitle: Manage GHAS licenses
-intro: 'You can understand and control {% data variables.product.prodname_GH_advanced_security %} license usage for repositories in your organization.'
+title: Managing your paid use of {% data variables.product.prodname_AS %}
+shortTitle: Manage paid GHAS use
+intro: 'You can understand and control the costs of using {% data variables.product.prodname_GH_cs_and_sp %} in repositories in your organization.'
+allowTitleToDifferFromFilename: true
 permissions: '{% data reusables.permissions.security-org-enable %}'
+product: '{% data reusables.gated-features.ghas-billing %}'
 versions:
   feature: security-configurations
 topics:
@@ -12,55 +14,47 @@ topics:
   - Security
 ---
 
-## About {% data variables.product.prodname_GH_advanced_security %} billing and licenses
+## Requirements for enabling {% data variables.product.prodname_AS %} products
 
-{% ifversion fpt %}
+To use {% data variables.product.prodname_GH_cs_or_sp %} on private or internal repositories with unique active committers, you must have licenses available. The user-interface and options depend on how you pay for {% data variables.product.prodname_AS %}.
 
-{% data reusables.advanced-security.ghas-license-info-for-fpt %}
+* **Metered billing:** by default, there is no limit on how many licenses you can consume. See {% data reusables.advanced-security.control-use-cost-links %}.
+* **Volume/subscription billing** ({% data variables.product.prodname_enterprise %} only)**:**  once the licenses you have purchased are all in use, you cannot enable {% data variables.product.prodname_cs_or_sp %} on additional repositories until you free up or buy additional licenses.
 
-For information on managing your {% data variables.product.prodname_GH_advanced_security %} license usage, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage).
+With {% data variables.product.prodname_security_configurations %}, you can easily understand the license usage of repositories in your organization{% ifversion ghec or ghes %}, as well as the number of available {% data variables.product.prodname_GH_cs_and_sp %} licenses in your organization or enterprise. Additionally, if you need to make more licenses available to secure a high-impact repository, you can quickly disable {% data variables.product.prodname_GH_cs_and_sp %} on private and internal repositories at scale{% endif %}.
 
-{% else %}
+To learn about licensing for {% data variables.product.prodname_GH_cs_and_sp %}, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
 
-To use {% data variables.product.prodname_GH_advanced_security %} (GHAS) features on private or internal repositories with unique active committers, you must have available GHAS licenses. With {% data variables.product.prodname_security_configurations %}, you can easily understand the GHAS license usage of repositories in your organization, as well as the number of available GHAS licenses in your enterprise. Additionally, if you need to make more GHAS licenses available to secure a high-impact repository, you can quickly disable GHAS features on private and internal repositories at scale.
-
-To learn about GHAS licenses, as well as unique and active committers, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
-
-## Understanding your {% data variables.product.prodname_GH_advanced_security %} license usage
+## Understanding your license usage
 
 {% data reusables.profile.access_org %}
 {% data reusables.organizations.org_settings %}
 {% data reusables.security-configurations.view-configurations-page %}
-1. In the "Apply configurations" section, your current license usage will be displayed as "NUMBER-USED out of NUMBER-PURCHASED available {% data variables.product.prodname_GH_advanced_security %} licenses in use by YOUR-ENTERPRISE."
-
-    ![Screenshot of the "Apply configurations" section. The current GHAS license usage for the enterprise is outlined in dark orange.](/assets/images/help/security-configurations/current-ghas-license-usage.png)
+1. In the "Apply configurations" section, your current license usage will be displayed as:
+   {% ifversion ghas-products %}
+   `# {% data variables.product.prodname_secret_protection %} licenses • # {% data variables.product.prodname_code_security %} licenses in use{% ifversion ghec %} by YOUR-ENTERPRISE{% endif %}.`
+    ![Screenshot of the "Apply configurations" section. The current license use for the enterprise is outlined in dark orange.](/assets/images/help/security-configurations/current-sp-cs-license-usage.png)
+   {% else %}
+   `NUMBER-USED out of NUMBER-PURCHASED available GitHub Advanced Security licenses in use by YOUR-ENTERPRISE.`
+    ![Screenshot of the "Apply configurations" section. The current license use for the enterprise is outlined in dark orange.](/assets/images/help/security-configurations/current-ghas-license-usage.png)
+    {% endif %}
 
 1. Optionally, to find specific repositories in your organization, filter the repository table. To learn more, see [AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/filtering-repositories-in-your-organization-using-the-repository-table).
-1. To quickly identify the number of GHAS licenses needed to enable GHAS features on a specific repository, in that repository's row of the repository table, read "NUMBER licenses required".
-1. To view license usage for multiple repositories in your organization, select the repositories from the repository table. In the "Apply configurations" section, you will see the number of licenses required to apply GHAS features to the repositories, as well as the number of licenses made available if you disable GHAS features on those repositories.
+1. To quickly identify the number of licenses needed to enable {% data variables.product.prodname_GH_cs_and_sp %} on a specific repository, in that repository's row of the repository table, read "NUMBER licenses required".
+1. To view license usage for multiple repositories in your organization, select the repositories from the repository table. In the "Apply configurations" section, you will see the number of licenses required to apply {% data variables.product.prodname_GH_cs_and_sp %} to the repositories, as well as the number of licenses made available if you disable {% data variables.product.prodname_GH_cs_or_sp %} on those repositories.
 
     ![Screenshot of the "Apply configurations" section. The potential changes to GHAS license usage for the enterprise are outlined in dark orange.](/assets/images/help/security-configurations/ghas-licenses-used-or-freed.png)
 
-## Turning off {% data variables.product.prodname_GH_advanced_security %} features on select repositories in your organization
-
-{% data reusables.profile.access_org %}
-{% data reusables.organizations.org_settings %}
-{% data reusables.security-configurations.view-configurations-page %}
-1. Optionally, in the "Apply configurations" section, filter for specific repositories on which you would like to disable GHAS. To learn more, see [AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/filtering-repositories-in-your-organization-using-the-repository-table).
-1. In the repository table, select repositories with one of three methods:
-     * Select each individual repository you would like to disable GHAS features on.
-     * To select all repositories displayed on the current page of the repository table, select **NUMBER repositories**.
-     * After selecting **NUMBER repositories**, to select _all_ repositories in your organization that match any filters you have applied, click **Select all**.
-
-    Once you have selected the desired repositories, in the "Apply configurations" section, you can see how many GHAS licenses will become available when you disable GHAS features on those repositories. For more information, see [Understanding your {% data variables.product.prodname_GH_advanced_security %} license usage](#understanding-your-github-advanced-security-license-usage).
-1. Select the **Apply configuration** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **Disable {% data variables.product.prodname_GH_advanced_security %}**.
-1. To finish disabling GHAS features on the selected private or internal repositories, in the "Disable {% data variables.product.prodname_GH_advanced_security %}?" window, click **Disable {% data variables.product.prodname_GH_advanced_security %}**.
-
-    >[!NOTE]
-    {%- ifversion security-configurations-cloud %}
-    > * Disabling GHAS features for a private or internal repository will also detach that repository from any linked {% data variables.product.prodname_security_configuration %}.
-    > * On {% data variables.product.prodname_dotcom_the_website %}, disabling GHAS features through the repository table _will not_ disable those features on public repositories since they do not require {% data variables.product.prodname_GH_advanced_security %} licenses.{% elsif security-configurations-ghes-only %}
-    > * Disabling GHAS features for a repository will also detach that repository from any linked {% data variables.product.prodname_security_configuration %}.
-    {% endif %}
-
+{% ifversion ghec %}
+> [!TIP]
+> For information about buying more volume/subscription licenses, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/managing-your-github-advanced-security-licensing).
 {% endif %}
+
+## Turning off {% data variables.product.prodname_cs_or_sp %}
+
+The simplest way to turn off all {% data variables.product.prodname_cs_or_sp %} features for one or more repositories is to create a security configuration where the product is disabled at the top level. You can apply this custom configuration to repositories where you want to turn off paid features.
+
+> [!TIP]
+> Ensure that you give your custom configuration a very clear name, for example: "No Code Security" or "Secret Protection and Supply chain only" to avoid confusion.
+
+For more information, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration) and [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration).

content/code-security/securing-your-organization/troubleshooting-security-configurations/not-enough-github-advanced-security-licenses.md

@@ -1,7 +1,7 @@
 ---
 title: Not enough GitHub Advanced Security licenses
 shortTitle: Not enough GHAS licenses
-intro: 'You need available GHAS licenses to enable GHAS features on a private{% ifversion ghec or ghes %} or internal{% endif %} repository.'
+intro: 'If you are on a subscription-based billing model for GHAS, you need available GHAS licenses to enable GHAS features on a private{% ifversion ghec or ghes %} or internal{% endif %} repository.'
 permissions: '{% data reusables.permissions.security-org-enable %}'
 versions:
   feature: security-configurations
@@ -12,7 +12,7 @@ topics:
   - Security
 ---
 
-You must have an available {% data variables.product.prodname_GH_advanced_security %} (GHAS) license for each unique active committer to enable GHAS features on a private{% ifversion ghec or ghes %} or internal{% endif %} repository. To learn about GHAS licensing, as well as unique and active committers, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
+If you are on a volume / subscription-based billing model for {% data variables.product.prodname_GHAS %} (GHAS), you must have an available GHAS license for any additional unique active committers to enable GHAS features on a private{% ifversion ghec or ghes %} or internal{% endif %} repository. To learn about GHAS licensing, as well as unique and active committers, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
 
 If you try to apply a {% data variables.product.prodname_security_configuration %} with GHAS features to your repositories and don't have enough GHAS licenses, the configuration will only be successfully applied to public repositories. For private {% ifversion ghec or ghes %}and internal {% endif %}repositories, only free security features will be enabled due to the license limitation, resulting in the following outcomes:
 

content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment.md

@@ -0,0 +1,65 @@
+---
+title: 'About the secret risk assessment'
+shortTitle: 'Secret risk assessment'
+intro: 'Learn why it''s so important to understand your organization''s exposure to data leaks and how the {% data variables.product.prodname_secret_risk_assessment %} report gives an overview of your organization’s secret leak footprint.'
+product: '{% data reusables.gated-features.secret-risk-assessment-report %}'
+allowTitleToDifferFromFilename: true
+type: overview
+versions:
+  feature: secret-risk-assessment
+topics:
+  - Secret scanning
+  - Secret Protection
+  - Code Security
+  - Organizations
+  - Security
+---
+
+## About exposure to leaked secrets
+
+Assessing your exposure to leaked secrets is crucial if you want to prevent:
+
+* **Exploitation by bad actors**. Malicious actors can use leaked secrets such as API keys, passwords, and tokens to gain unauthorized access to systems, databases, and sensitive information. If secrets are leaked, it can lead to data breaches, compromising user data and potentially causing significant financial and reputational damage.
+
+* **Regulatory problems**. Many industries have strict regulatory requirements for data protection, and leaked secrets can result in non-compliance with regulations, leading to legal penalties and fines.
+
+* **Service disruptions**. Unauthorized access to systems can lead to service disruptions, impacting the availability and reliability of services provided to users.
+
+* **Loss of trust**. Customers expect robust security measures to protect their data, and exposure to leaked secrets can erode trust and confidence in your organization's ability to safeguard information.
+
+* **Costly fallout**. Addressing the fallout from leaked secrets can be costly, involving incident response efforts, security audits, and potential compensation for affected parties.
+
+Regularly assessing your exposure to leaked secrets is good practice to help identify vulnerabilities, implement necessary security measures, and ensure that any compromised secrets are promptly rotated and invalidated.
+
+## About {% data variables.product.prodname_secret_risk_assessment %}
+
+{% data reusables.secret-risk-assessment.public-preview-note %}
+
+{% ifversion fpt %}
+
+>[!TIP] This report is only available if you are on the {% data variables.product.prodname_team %} plan. For information about the plan and how to upgrade, see [{% data variables.product.prodname_team %}](/get-started/learning-about-github/githubs-plans#github-team) and [Upgrading your organization's plan](/billing/managing-the-plan-for-your-github-account/upgrading-your-accounts-plan#upgrading-your-organizations-plan).
+
+{% endif %}
+
+{% data reusables.secret-risk-assessment.report-intro %}
+
+The {% data variables.product.prodname_secret_risk_assessment %} report provides the following insights:
+
+   * **Total secrets**—Aggregate count of exposed secrets detected within the organization.
+   * **Public leaks**—Distinct secrets found in your organization's public repositories.
+   * **Preventable leaks**—Secrets that could have been protected, using {% data variables.product.prodname_GH_secret_protection %} features such as {% data variables.product.prodname_secret_scanning %} and push protection.
+   * **Secret locations**—Locations that are scanned for the report. {% data reusables.secret-risk-assessment.what-is-scanned %}
+   * **Secret categories**—Distribution of the types of secrets that are leaked. Secrets can be partner secrets, which are strings that match secrets issued by service providers in our partner program, or generic secrets, which are non-provider patterns such as SSH keys, database connection strings, and JSON web tokens.
+   * **Repositories with leaks**—Repositories where leaked secrets were detected, out of all the repositories scanned.
+
+{% data reusables.security-overview.secret-risk-assessment-report-generation-cadence %}
+
+Because the {% data variables.product.prodname_secret_risk_assessment %} report is based on **your repositories**, regardless of the enablement status of {% data variables.product.prodname_GH_secret_protection %} features, you can see your current exposure to leaked secrets, and understand better how {% data variables.product.github %} can help you prevent future secret leaks.
+
+## Next steps
+
+Now that you know about the {% data variables.product.prodname_secret_risk_assessment %} report, you may want to learn how to:
+
+* Generate the report to see your organization risk. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization).
+* Interpret the results of the report. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results).
+* Enable {% data variables.product.prodname_GH_secret_protection %} to improve your secret leak footprint. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/choosing-github-secret-protection#enabling-secret-protection).

content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/choosing-github-secret-protection.md

@@ -0,0 +1,79 @@
+---
+title: 'Choosing {% data variables.product.prodname_GH_secret_protection %}'
+shortTitle: 'Secret protection'
+intro: 'Learn how {% data variables.product.prodname_GH_secret_protection %} can help you detect secrets in your codebases and prevent leaks before they happen using continuous monitoring and prevention tools.'
+product: '{% data reusables.gated-features.secret-protection %}'
+allowTitleToDifferFromFilename: true
+type: overview
+versions:
+  feature: secret-risk-assessment
+topics:
+  - Secret scanning
+  - Secret Protection
+  - Code Security
+  - Organizations
+  - Security
+---
+
+## About {% data variables.product.prodname_GH_secret_protection %}
+
+{% data variables.product.prodname_secret_protection %} includes the following features to help you detect and prevent secret leaks, allowing continuous monitoring and detection. For details about the features and their availability, see [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security#github-secret-protection).
+
+{% data reusables.secret-protection.product-list %}
+
+In addition, {% data variables.product.prodname_secret_protection %} includes a free scanning feature, the **risk assessment** report, to help organizations understand their secret leak footprint across their {% data variables.product.github %} perimeter. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment).
+
+{% data variables.product.prodname_secret_protection %} is billed per active committer to the repositories where it is enabled. It is available to users with a {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %} plan, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
+
+## Why you should enable {% data variables.product.prodname_secret_protection %} for 100% of your organization's repositories
+
+{% data variables.product.github %} recommends enabling {% data variables.product.prodname_GH_secret_protection %} products for all repositories, in order to protect your organization from the risk of secret leaks and exposures.  {% data variables.product.prodname_GH_secret_protection %} is free to enable for public repositories, and available as a purchasable add-on for private and internal repositories.
+
+* {% data reusables.secret-risk-assessment.what-is-scanned %}. See [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)
+
+* The {% data variables.product.prodname_secret_risk_assessment %} and {% data variables.product.prodname_secret_scanning %} _scan code that has already been committed_ into your repositories. With **push protection**, your code is scanned for secrets _before_ commits are saved on {% data variables.product.github %}, during the push process, and the push is blocked if any secrets are detected. See [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).
+
+* If you have one or more secret patterns that are internal to your organization, these will not be detected by the default patterns supported by {% data variables.product.prodname_secret_scanning %}. You can define **custom patterns** that are only valid in your organization, and extend the {% data variables.product.prodname_secret_scanning %} capabilities to detect these patterns. See [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning).
+
+* Knowing which secrets could be exploited makes it easy to prioritize remediation of leaked secrets found by {% data variables.product.prodname_secret_scanning %}. **Validity checks** tell you if an active secret is one that could still be exploited, so these alerts should be reviewed and remediated as a priority. See [AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository).
+
+* You may also want to detect leaks of unstructured secrets such as passwords. This is possible with our AI-powered **{% data variables.secret-scanning.copilot-secret-scanning %}**. See [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).
+
+* Visualizing the prevention, detection, and remediation of security data is critical to understanding where to direct effort and where security initiatives are having an impact. **Security overview** has dedicated views that allow you to dig deep into the current state of your codebases at the organization and enterprise level. See [AUTOTITLE](/code-security/security-overview/about-security-overview).
+
+In addition to detecting and preventing secret leaks, you should consider building code security into all of your organization workflows to secure your software supply chain. See [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security).
+
+If you require help evaluating your security needs or options, contact [GitHub's Sales team](https://github.com/security/contact-sales).
+
+{% ifversion fpt or ghec %}
+
+Alternatively, you can trial {% data variables.product.prodname_GHAS %} for free to assess your needs. See [AUTOTITLE](/code-security/trialing-github-advanced-security/planning-a-trial-of-ghas).
+
+{% endif %}
+
+## Enabling {% data variables.product.prodname_secret_protection %}
+
+{% ifversion ghes %}
+A site administrator must enable {% data variables.product.prodname_AS %} for {% data variables.location.product_location %} before you can use these security features. See [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise).
+{% endif %}
+
+{% ifversion security-configurations %}
+{% data reusables.security-configurations.enable-security-features-with-gh-config %}
+{% endif %}
+
+{% data variables.product.prodname_security_configurations_caps %} can be applied at enterprise and organization level. You can also configure additional security settings for your organization. These settings, called {% data variables.product.prodname_global_settings %}, are then inherited by all repositories in the organization. With {% data variables.product.prodname_global_settings %}, you can customize how security features analyze your organization. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization).
+
+In addition, repository administrators can enable security features at the repository level.
+
+## Enabling {% data variables.product.prodname_secret_protection %} from the {% data variables.product.prodname_secret_risk_assessment %}
+
+{% data reusables.secret-risk-assessment.public-preview-note %}
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.security-overview %}
+{% data reusables.security-overview.open-assessments-view %}
+1. Click the **Enable Secret Protection** dropdown in the banner display, and then select one of the options for enabling the feature in your organization's repositories.
+   * **For public repositories for free**: Click to enable for _only_ public repositories in your organization.
+   * **For all repositories**: Click **Enable Secret Protection** to enable both {% data variables.product.prodname_secret_scanning %} and push protection for all repositories in your organization, at the estimated cost displayed. You will incur usage costs or need to purchase {% data variables.product.prodname_GH_secret_protection %} licenses.
+
+       Alternatively, click **Configure in settings** to customize which repositories you want to enable {% data variables.product.prodname_secret_protection %} for. See {% ifversion fpt or ghec %}[AUTOTITLE](/code-security/securing-your-organization\enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization) and {% endif %}[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration).

content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/index.md

@@ -0,0 +1,18 @@
+---
+title: 'Understanding your organization''s exposure to leaked secrets'
+shortTitle: Exposure to leaked secrets
+intro: 'You can generate a secret risk assessment report to evaluate the extent of your organization''s vulnerability to leaked secrets. Decide whether to enable {% data variables.product.prodname_secret_protection %} to protect your organization from further leaks.'
+versions:
+  feature: secret-risk-assessment
+topics:
+  - Organizations
+  - Secret scanning
+  - Secret Protection
+  - Code Security
+  - Security
+children:
+  - /about-secret-risk-assessment
+  - /viewing-the-secret-risk-assessment-report-for-your-organization
+  - /interpreting-secret-risk-assessment-results
+  - /choosing-github-secret-protection
+---

content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results.md

@@ -0,0 +1,46 @@
+---
+title: 'Interpreting secret risk assessment results'
+shortTitle: 'Interpret results'
+intro: 'Use the results from your {% data variables.product.prodname_secret_risk_assessment %} report to improve your organization''s security.'
+allowTitleToDifferFromFilename: true
+type: how_to
+versions:
+  feature: secret-risk-assessment
+topics:
+  - Code Security
+  - Secret scanning
+  - Secret Protection
+  - Organizations
+  - Security
+---
+
+The {% data variables.product.prodname_secret_risk_assessment %} dashboard displays point-in-time insights into the secrets detected in your organization. {% data reusables.secret-risk-assessment.link-conceptual-information %}
+
+{% data reusables.secret-risk-assessment.public-preview-note %}
+
+## Prerequisites
+
+You need to generate a {% data variables.product.prodname_secret_risk_assessment %} report and wait for the scan to complete before being able to view and export the results. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization#generating-an-initial-secret-risk-assessment) and [Exporting the {% data variables.product.prodname_secret_risk_assessment %} to CSV](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization#exporting-the-secret-risk-assessment-to-csv).
+
+## Prioritizing high-risk leaks for remediation
+
+To understand your secrets' footprint and exposure to secrets leaks, review the **Total secrets**,**Public leaks** and **Secret locations** metrics.
+
+Next, identify the areas in your organization where leaked secrets pose the highest threat to security.
+
+* **Leaked secrets that are still active** usually present the greatest risk to security. Prioritize any active secrets for remediation ahead of inactive secrets. For more information about checking the validity of a detected credential, see [AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository).
+* Similarly, **secrets leaked in public repositories** are usually considered a higher risk and priority, than those secrets leaked in private {% ifversion ghec or ghes %}or internal {% endif %}repositories.
+* The **Repositories with leaks** metric can indicate how frequent, or the extent of, secret leaks across your organization. A large proportion of repositories with secret leaks may suggest that developer education and increased security awareness around secrets is important for your organization.
+
+## Identifying areas of exposure
+
+Review the **Preventable leaks** and **Secret categories** metrics to understand your current secret detection coverage, in addition to learning how {% data variables.product.github %} can help prevent future secret leaks.
+
+* Secret leaks that could have been prevented using {% data variables.product.prodname_GH_secret_protection %} features such as {% data variables.product.prodname_secret_scanning %} and push protection are shown by the **Preventable leaks** metric.
+* Using the **Secret categories** metric and the **Token type** table, search for patterns in the type of secrets leaked across your organization.
+  * Common areas and repeated occurrences of leaked secrets may suggest particular CI/CD workflows or development processes in your organization that are contributing to the results.
+  * You may also be able to identify specific teams, repositories, or networks that are more prone to secret leaks, and therefore require additional security measures or management to be put in place.
+
+## Adopt {% data variables.product.prodname_GH_secret_protection %} to prevent leaks
+
+We recommend purchasing {% data variables.product.prodname_GH_secret_protection %} products to improve your organization's exposure to secret leaks and optimize your secret detection rates. {% data variables.product.prodname_GH_secret_protection %} is a continuous monitoring and detection solution that is the most effective path for secure development. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/choosing-github-secret-protection).

content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization.md

@@ -0,0 +1,81 @@
+---
+title: 'Viewing the secret risk assessment report for your organization'
+shortTitle: 'View secret risk assessment'
+intro: 'You can generate and view the {% data variables.product.prodname_secret_risk_assessment %} report for your organization from the "Security" tab.'
+permissions: '{% data reusables.permissions.secret-risk-assessment-report-generation %}'
+allowTitleToDifferFromFilename: true
+type: how_to
+versions:
+  feature: secret-risk-assessment
+topics:
+  - Code Security
+  - Secret scanning
+  - Secret Protection
+  - Organizations
+  - Security
+---
+
+{% data reusables.secret-risk-assessment.report-intro %} {% data reusables.secret-risk-assessment.link-conceptual-information %}
+
+You can generate the {% data variables.product.prodname_secret_risk_assessment %} report for your organization, review it, and export the results to CSV.
+
+{% data reusables.secret-risk-assessment.public-preview-note %}
+
+## Generating an initial {% data variables.product.prodname_secret_risk_assessment %}
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.security-overview %}
+{% data reusables.security-overview.open-assessments-view %}
+{% data reusables.security-overview.generate-secret-risk-assessment-report %}
+
+{% data reusables.secret-risk-assessment.notification-report-ready %}
+
+{% note %}
+
+Did you successfully generate the {% data variables.product.prodname_secret_risk_assessment %} report for your organization?
+
+<a href="https://docs.github.io/success-test/yes.html" target="_blank" class="btn btn-outline mt-3 mr-3 no-underline"><span>Yes</span></a>  <a href="https://docs.github.io/success-test/no.html" target="_blank" class="btn btn-outline mt-3 mr-3 no-underline"><span>No</span></a>
+
+{% endnote %}
+
+## Rerunning the {% data variables.product.prodname_secret_risk_assessment %}
+
+{% data reusables.security-overview.secret-risk-assessment-report-generation-cadence %}
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.security-overview %}
+{% data reusables.security-overview.open-assessments-view %}
+1. Towards the top right side of the existing report, click {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %}.
+1. Select **Rerun scan**.
+
+    {% data reusables.secret-risk-assessment.notification-report-ready %}
+
+## Viewing the {% data variables.product.prodname_secret_risk_assessment %}
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.security-overview %}
+{% data reusables.security-overview.open-assessments-view %} You can see the most recent report on this page.
+
+## Exporting the {% data variables.product.prodname_secret_risk_assessment %} to CSV
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.security-overview %}
+{% data reusables.security-overview.open-assessments-view %}
+1. Towards the top right side of the report, click {% octicon "kebab-horizontal" aria-label="More options" %}.
+1. Select **Download CSV**.
+
+The {% data variables.product.prodname_secret_risk_assessment %} CSV file includes the following information.
+
+| CSV column | Name                   | Description                                               |
+| ---------- | ---------------------- | --------------------------------------------------------- |
+| A          | `Organization Name`    | The name of the organization the secret was detected in |
+| B          | `Name`                 | The token name for the type of secret |
+| C          | `Slug`                 | The normalized string for the token. This corresponds to `Token` in the table of supported secrets. See [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets). |
+| D          | `Push Protected`       | A `boolean` to indicate whether the secret would be detected and blocked by push protection if it were enabled |
+| E          | `Non-Provider Pattern` | A `boolean` to indicate whether the secret matched a non-provider pattern and would generate an alert if {% data variables.product.prodname_secret_scanning %} with non-provider patterns were enabled |
+| F          | `Secret Count`         | An aggregate count of the active and inactive secrets found for the token type |
+| G          | `Repository Count`         | An aggregate count of distinct repositories in which the secret type was found, including public, private,{% ifversion ghec or ghes %} internal{% endif %}, and archived repositories |
+
+## Next steps
+
+Now that you've generated {% data variables.product.prodname_secret_risk_assessment %} for your organization, learn how to interpret the results. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results).

content/code-security/security-advisories/working-with-repository-security-advisories/evaluating-the-security-settings-of-a-repository.md

@@ -20,7 +20,7 @@ Evaluating a public repository's security settings can help security researchers
 
 If a repository is public, high level information about the repository's security settings is available to anyone. For example, you can see whether the repository has a security policy, and whether private vulnerability reporting is enabled. You can also view published and closed security advisories for the repository. If no security policy is associated with a repository, you can suggest one. If the repository has private vulnerability reporting enabled, you can privately report security vulnerabilities directly to repository maintainers.
 
-If you have admin permissions to the repository, and the repository is owned by an organization, you can see more detailed information about the repository's security settings through the security overview. For more information on the security overview, see [AUTOTITLE](/enterprise-cloud@latest/code-security/security-overview/about-security-overview){% ifversion ghec %}."{% else %} in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}
+If you have admin permissions to the repository, and the repository is owned by an organization, you can see more detailed information about the repository's security settings through the security overview. For more information on the security overview, see [AUTOTITLE](/code-security/security-overview/about-security-overview).
 
  If a repository is private, you can only see the security settings if you have admin permissions to the repository or have been granted special security permissions covering the repository, for example, as an organization-wide security manager.
 

content/code-security/security-overview/about-security-overview.md

@@ -1,7 +1,7 @@
 ---
 title: About security overview
 intro: 'You can gain insights into the overall security landscape of your organization or enterprise and identify repositories that require intervention using security overview.'
-product: '{% data reusables.gated-features.security-overview %}'
+product: '{% data reusables.gated-features.security-overview-general %}'
 redirect_from:
   - /code-security/security-overview/exploring-security-alerts
   - /code-security/security-overview/about-the-security-overview
@@ -21,22 +21,31 @@ topics:
   - Secret scanning
   - Teams
 ---
-<!-- expires 2025-04-01 -->
 
-<!-- The whole article will be suitable for GitHub Team users -->
+{% ifversion fpt %}
 
-{% ifversion fpt %}{% data reusables.security-overview.about-security-overview %} For more information, see [the {% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/security-overview/about-security-overview).{% endif %}
+Security overview provides insights into the security of code stored in repositories in your organization.
 
-{% ifversion ghec or ghes %}
+* **All organizations** on {% data variables.product.prodname_team %} can use the free **{% data variables.product.prodname_secret_risk_assessment %}** to evaluate the exposure of their organization to leaked secrets, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization).
+* {% data variables.product.prodname_team %} accounts that purchase **{% data variables.product.prodname_GH_cs_or_sp %}** have access to views with additional insights.
 
-<!-- end expires 2025-04-01 -->
+The information below describes the views available to organizations with {% data variables.product.prodname_GH_cs_or_sp %} that you can use to identify trends in detection, remediation, and prevention of security alerts and dig deep into the current state of your repositories.
+
+{% elsif ghec or ghes %}
 
 Security overview contains focused views where you can explore trends in detection, remediation, and prevention of security alerts and dig deep into the current state of your codebases.
 
-* Information about {% data variables.product.prodname_dependabot %} features and alerts is shown for all repositories.
-* Information for {% data variables.product.prodname_AS %} features, such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}, is shown for organizations and enterprises that use {% data variables.product.prodname_GHAS_cs_or_sp %}{% ifversion fpt or ghec %} and for public repositories{% endif %}.
+{% ifversion ghec %}
+All organizations on {% data variables.product.prodname_enterprise %} can use:
+* **{% data variables.product.prodname_secret_risk_assessment_caps %}** to evaluate the exposure of their organization to leaked secrets, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization).
+* **{% data variables.product.prodname_dependabot %}** data to evaluate the security of their supply chain in all repositories.
+{% else %}
+All organizations on {% data variables.product.prodname_enterprise %} can use {% data variables.product.prodname_dependabot %} data to evaluate the security of their supply chain in all repositories.
+{% endif %}
 
-For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts#dependabot-alerts-for-vulnerable-dependencies) and [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
+In addition, data for **{% data variables.product.prodname_AS %}** features, such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}, is shown for organizations and enterprises that use {% data variables.product.prodname_GHAS_cs_or_sp %}{% ifversion ghec %}, and for public repositories{% endif %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts#dependabot-alerts-for-vulnerable-dependencies) and [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
+
+{% endif %}
 
 ## About the views
 
@@ -65,10 +74,11 @@ Security overview has multiple views that provide different ways to explore enab
 {% ifversion security-overview-dashboard %}
 * **Overview:** visualize trends in **Detection**, **Remediation**, and **Prevention** of security alerts, see [AUTOTITLE](/code-security/security-overview/viewing-security-insights).{% endif %}
 * **Risk and Alert views:** explore the risk from security alerts of all types or focus on a single alert type and identify your risk from specific vulnerable dependencies, code weaknesses, or leaked secrets, see [AUTOTITLE](/code-security/security-overview/assessing-code-security-risk).
-* **Coverage:** assess the adoption of security features across repositories in the organization, see [AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security).{% ifversion security-overview-tool-adoption %}
+* **Coverage:** assess the adoption of security features across repositories in the organization, see [AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security).{% ifversion ghas-products %}{% ifversion secret-risk-assessment %}
+* **Assessments:** regardless of the enablement status of {% data variables.product.prodname_AS %} features, organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %} can run a free report to scan the code in the organization for leaked secrets, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment).{% endif %}{% endif %}{% ifversion security-overview-tool-adoption %}
 * **Enablement trends:** see how quickly different teams are adopting security features.{% endif %}{% ifversion security-overview-org-codeql-pr-alerts %}
-* **CodeQL pull request alerts:** assess the impact of running CodeQL on pull requests and how development teams are resolving code scanning alerts, see [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts).{% endif %}{% ifversion security-overview-push-protection-metrics-page %}
-* **Secret scanning:** find out which types of secret are blocked by push protection{% ifversion security-overview-delegated-bypass-requests %} and which teams are bypassing push protection{% endif %}, see [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection){% ifversion security-overview-delegated-bypass-requests %} and [AUTOTITLE](/code-security/security-overview/reviewing-requests-to-bypass-push-protection){% endif %}.{% endif %}
+* **CodeQL pull request alerts:** assess the impact of running CodeQL on pull requests and how development teams are resolving code scanning alerts, see [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts).{% endif %}
+* **Secret scanning:** find out which types of secret are blocked by push protection{% ifversion security-overview-delegated-bypass-requests %} and which teams are bypassing push protection{% endif %}, see [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection){% ifversion security-overview-delegated-bypass-requests %} and [AUTOTITLE](/code-security/security-overview/reviewing-requests-to-bypass-push-protection){% endif %}.
 
 {% ifversion security-campaigns %}
 You also create and manage security campaigns to remediate alerts from security overview, see [AUTOTITLE](/code-security/securing-your-organization/fixing-security-alerts-at-scale/creating-tracking-security-campaigns) and [AUTOTITLE](/code-security/securing-your-organization/fixing-security-alerts-at-scale/best-practice-fix-alerts-at-scale).
@@ -76,7 +86,7 @@ You also create and manage security campaigns to remediate alerts from security
 
 ## About security overview for enterprises
 
-You can find security overview on the **Code Security** tab for your enterprise. Each page displays aggregated and repository-specific security information for your enterprise.
+You can find security overview on the **Security** tab for your enterprise. Each page displays aggregated and repository-specific security information for your enterprise.
 
 As with security overview for organizations, security overview for enterprises has multiple views that provide different ways to explore data.
 
@@ -138,4 +148,3 @@ If you're an owner of an {% data variables.enterprise.prodname_emu_enterprise %}
 * [AUTOTITLE](/code-security/securing-your-organization){% else %}
 * [AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization){% endif %}
 * [AUTOTITLE](/code-security/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale)
-{% endif %}