From d1ec88b5f794422b359bed554ae8a6f65c7d7ebf Mon Sep 17 00:00:00 2001
From: Vanessa <vgrl@github.com>
Date: Fri, 1 Aug 2025 10:51:55 +1000
Subject: [PATCH] Secret risk assessment - Add more CTAs (#56918)

---
 content/code-security/index.md                         |  4 +++-
 .../introduction/about-secret-scanning.md              |  5 ++++-
 .../code-security/securing-your-organization/index.md  |  2 +-
 .../about-secret-risk-assessment.md                    |  6 +++---
 .../index.md                                           |  2 +-
 ...ret-risk-assessment-report-for-your-organization.md |  1 +
 .../security-overview/about-security-overview.md       |  5 ++++-
 .../about-github-advanced-security.md                  |  4 +++-
 .../gated-features/secret-risk-assessment-report.md    |  2 +-
 .../gated-features/security-overview-general.md        | 10 ++++------
 data/variables/secret-scanning.yml                     |  5 +++++
 11 files changed, 30 insertions(+), 16 deletions(-)

diff --git a/content/code-security/index.md b/content/code-security/index.md
index ac30cba95b..6b868301df 100644
--- a/content/code-security/index.md
+++ b/content/code-security/index.md
@@ -5,11 +5,13 @@ intro: 'Build security into your {% data variables.product.github %} workflow to
 redirect_from:
   - /code-security/guides
 introLinks:
+  overview: '{% ifversion ghes %}/code-security/getting-started/github-security-features{% endif %}'
   generate_secret_risk_assessment_report_for_free: '{% ifversion secret-risk-assessment %}/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization#generating-an-initial-secret-risk-assessment{% endif %}'
 featuredLinks:
   startHere: # Links aimed at the builder audience
-    - /code-security/getting-started/github-security-features
+    - '{% ifversion fpt or ghec %}/code-security/getting-started/github-security-features{% endif %}'
     - /code-security/getting-started/quickstart-for-securing-your-repository
+    - '{% ifversion ghes %}/code-security/secret-scanning/working-with-secret-scanning-and-push-protection{% endif %}'
     - /code-security/getting-started/dependabot-quickstart-guide
     - /code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning
   guideCards:
diff --git a/content/code-security/secret-scanning/introduction/about-secret-scanning.md b/content/code-security/secret-scanning/introduction/about-secret-scanning.md
index 1e68351c39..5e8c9126c8 100644
--- a/content/code-security/secret-scanning/introduction/about-secret-scanning.md
+++ b/content/code-security/secret-scanning/introduction/about-secret-scanning.md
@@ -1,7 +1,10 @@
 ---
 title: About secret scanning
 intro: '{% data variables.product.github %} scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally.'
-product: '{% data reusables.gated-features.secret-scanning %}'
+product: |
+  {% data reusables.gated-features.secret-scanning %}{% ifversion secret-risk-assessment %}
+
+  {% data variables.secret-scanning.secret-risk-assessment-cta-product %}{% endif %}
 redirect_from:
   - /github/administering-a-repository/about-token-scanning
   - /articles/about-token-scanning
diff --git a/content/code-security/securing-your-organization/index.md b/content/code-security/securing-your-organization/index.md
index cfbec67856..3176ebc37b 100644
--- a/content/code-security/securing-your-organization/index.md
+++ b/content/code-security/securing-your-organization/index.md
@@ -1,7 +1,7 @@
 ---
 title: Securing your organization
 shortTitle: Secure your organization
-intro: 'Secure your organization at scale with {% data variables.product.company_short %}''s security products{% ifversion security-configurations %} through {% data variables.product.prodname_security_configurations %} and {% data variables.product.prodname_global_settings %}{% endif %}.'
+intro: 'Secure your organization at scale with {% data variables.product.company_short %}''s security products{% ifversion security-configurations %} through {% data variables.product.prodname_security_configurations %} and {% data variables.product.prodname_global_settings %}{% endif %}.{% ifversion secret-risk-assessment %}<br>{% data variables.secret-scanning.secret-risk-assessment-cta-product %}{% endif %}'
 versions:
   fpt: '*'
   ghec: '*'
diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment.md b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment.md
index ea273050ee..b0b88bd347 100644
--- a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment.md
+++ b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment.md
@@ -2,7 +2,7 @@
 title: 'About the secret risk assessment'
 shortTitle: 'Secret risk assessment'
 intro: 'Learn why it''s so important to understand your organization''s exposure to data leaks and how the {% data variables.product.prodname_secret_risk_assessment %} report gives an overview of your organization’s secret leak footprint.'
-product: '{% data reusables.gated-features.secret-risk-assessment-report %}'
+product: '{% data reusables.gated-features.secret-risk-assessment-report %}<br>{% data variables.secret-scanning.secret-risk-assessment-cta-product %}'
 allowTitleToDifferFromFilename: true
 type: overview
 versions:
@@ -19,7 +19,7 @@ topics:
 
 Assessing your exposure to leaked secrets is crucial if you want to prevent:
 
-* **Exploitation by bad actors**. Malicious actors can use leaked secrets such as API keys, passwords, and tokens to gain unauthorized access to systems, databases, and sensitive information. Leaked secrets can lead to data breaches, compromising user data and potentially causing significant financial and reputational damage. See industry examples and in-depth discussion in [Understanding your organization's exposure to secret leaks](https://resources.github.com/enterprise/understanding-secret-leak-exposure) in {% data variables.product.github %} Executive Insights.
+* **Exploitation by bad actors**. Malicious actors can use leaked secrets such as API keys, passwords, and tokens to gain unauthorized access to systems, databases, and sensitive information. Leaked secrets can lead to data breaches, compromising user data and potentially causing significant financial and reputational damage.
 
 * **Regulatory problems**. Many industries have strict regulatory requirements for data protection, and leaked secrets can result in non-compliance with regulations, leading to legal penalties and fines.
 
@@ -29,7 +29,7 @@ Assessing your exposure to leaked secrets is crucial if you want to prevent:
 
 * **Costly fallout**. Addressing the fallout from leaked secrets can be costly, involving incident response efforts, security audits, and potential compensation for affected parties.
 
-Regularly assessing your exposure to leaked secrets is good practice to help identify vulnerabilities, implement necessary security measures, and ensure that any compromised secrets are promptly rotated and invalidated.
+Regularly assessing your exposure to leaked secrets is good practice to help identify vulnerabilities, implement necessary security measures, and ensure that any compromised secrets are promptly rotated and invalidated. See industry examples and in-depth discussion in [Understanding your organization's exposure to secret leaks](https://resources.github.com/enterprise/understanding-secret-leak-exposure) in {% data variables.product.github %} Executive Insights.
 
 ## About {% data variables.product.prodname_secret_risk_assessment %}
 
diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/index.md b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/index.md
index 35dae238b9..e7749d5912 100644
--- a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/index.md
+++ b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/index.md
@@ -1,7 +1,7 @@
 ---
 title: 'Understanding your organization''s exposure to leaked secrets'
 shortTitle: Exposure to leaked secrets
-intro: 'You can generate a secret risk assessment report to evaluate the extent of your organization''s vulnerability to leaked secrets. Decide whether to enable {% data variables.product.prodname_secret_protection %} to protect your organization from further leaks.'
+intro: 'You can generate a secret risk assessment report to evaluate the extent of your organization''s vulnerability to leaked secrets. Decide whether to enable {% data variables.product.prodname_secret_protection %} to protect your organization from further leaks.<br>{% data variables.secret-scanning.secret-risk-assessment-cta-product %}'
 versions:
   feature: secret-risk-assessment
 topics:
diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization.md b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization.md
index 4de3f51798..5245a7117c 100644
--- a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization.md
+++ b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization.md
@@ -2,6 +2,7 @@
 title: 'Viewing the secret risk assessment report for your organization'
 shortTitle: 'View secret risk assessment'
 intro: 'You can generate and view the {% data variables.product.prodname_secret_risk_assessment %} report for your organization from the "Security" tab.'
+product: '{% data reusables.gated-features.secret-risk-assessment-report %}'
 permissions: '{% data reusables.permissions.secret-risk-assessment-report-generation %}'
 allowTitleToDifferFromFilename: true
 type: how_to
diff --git a/content/code-security/security-overview/about-security-overview.md b/content/code-security/security-overview/about-security-overview.md
index a55ae4892a..31fc662618 100644
--- a/content/code-security/security-overview/about-security-overview.md
+++ b/content/code-security/security-overview/about-security-overview.md
@@ -1,7 +1,10 @@
 ---
 title: About security overview
 intro: 'You can gain insights into the overall security landscape of your organization or enterprise and identify repositories that require intervention using security overview.'
-product: '{% data reusables.gated-features.security-overview-general %}'
+product: |
+  {% data reusables.gated-features.security-overview-general %}{% ifversion secret-risk-assessment %}
+
+  {% data variables.secret-scanning.secret-risk-assessment-cta-product %}{% endif %}
 redirect_from:
   - /code-security/security-overview/exploring-security-alerts
   - /code-security/security-overview/about-the-security-overview
diff --git a/content/get-started/learning-about-github/about-github-advanced-security.md b/content/get-started/learning-about-github/about-github-advanced-security.md
index dcbef3bbe3..f4e055be16 100644
--- a/content/get-started/learning-about-github/about-github-advanced-security.md
+++ b/content/get-started/learning-about-github/about-github-advanced-security.md
@@ -130,7 +130,9 @@ A {% data variables.product.prodname_GHAS %} license provides the following addi
 
 ## Run an assessment of your organization's exposure to secret leaks
 
-Organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %} can run a free report to scan the code in the organization for leaked secrets. This can help you understand the current exposure of repositories in your organization to leaked secrets, as well as help you see how many existing secret leaks could have been prevented by {% data variables.product.prodname_GH_secret_protection %}. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment).{% endif %}{% else %}{% endif %}
+{% ifversion secret-risk-assessment %}{% data variables.secret-scanning.secret-risk-assessment-cta-product %}{% endif %}
+
+Organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %} can run a free report to scan the code in the organization for leaked secrets. This can help you understand the current exposure of repositories in your organization to leaked secrets, as well as help you see how many existing secret leaks could have been prevented by {% data variables.product.prodname_GH_secret_protection %}.{% endif %}{% else %}{% endif %}
 
 ## Deploying {% ifversion ghas-products %}{% data variables.product.prodname_GH_code_security %} and {% data variables.product.prodname_GH_secret_protection %}{% else %}{% data variables.product.prodname_GHAS %} in your enterprise{% endif %}
 
diff --git a/data/reusables/gated-features/secret-risk-assessment-report.md b/data/reusables/gated-features/secret-risk-assessment-report.md
index 64ad27676d..35a39767d7 100644
--- a/data/reusables/gated-features/secret-risk-assessment-report.md
+++ b/data/reusables/gated-features/secret-risk-assessment-report.md
@@ -1 +1 @@
-{% data variables.product.prodname_secret_risk_assessment_caps %} is available for free for organization-owned repositories on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %}
+{% data variables.product.prodname_secret_risk_assessment_caps %} is available for free in organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %}
diff --git a/data/reusables/gated-features/security-overview-general.md b/data/reusables/gated-features/security-overview-general.md
index fe782a6ac3..9e088073c2 100644
--- a/data/reusables/gated-features/security-overview-general.md
+++ b/data/reusables/gated-features/security-overview-general.md
@@ -1,10 +1,8 @@
-{% data variables.product.prodname_secret_risk_assessment_caps %} is available for all organizations owned by {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %}. Additional views are available for:
+Security overview is available for all organizations owned by {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %} that have run {% data variables.product.prodname_secret_risk_assessment_caps %}.
 
-{% ifversion fpt %}
+Additional views are available for {% ifversion ghec %}enterprises and their organizations.{% elsif ghes %}organizations.
+
+{% elsif fpt %}
 * Organizations owned by a {% data variables.product.prodname_team %} account with {% data variables.product.prodname_GH_cs_or_sp %}
 * Organizations owned by a {% data variables.product.prodname_enterprise %} account
-{% elsif ghec %}
-* Enterprises and their organizations
-{% elsif ghes %}
-* Organizations
 {% endif %}
diff --git a/data/variables/secret-scanning.yml b/data/variables/secret-scanning.yml
index f10b98c952..9ed5e89cb2 100644
--- a/data/variables/secret-scanning.yml
+++ b/data/variables/secret-scanning.yml
@@ -14,6 +14,11 @@ copilot-secret-scanning: 'Copilot secret scanning'
 generic-secret-detection: 'generic secret detection'
 generic-secret-detection-caps: 'Generic secret detection'
 
+# Secret risk assessment call to action links. If changing the links below, also update the hard-coded link in /code-security/index.md
+secret-risk-assessment-cta-link: '/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization#generating-an-initial-secret-risk-assessment'
+secret-risk-assessment-cta-text: 'Find out how to run a free secret risk assessment'
+secret-risk-assessment-cta-product: '[<span class="btn btn-primary mt-3 mr-3 no-underline">{% data variables.secret-scanning.secret-risk-assessment-cta-text %}</span>](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization#generating-an-initial-secret-risk-assessment)'
+
 # Combined to provide a secret to demonstrate push protection. Dummy secret, no access.
 learner-example-secret-a: 'secret_scanning_ab85fc6f8d76'
 learner-example-secret-b: '38cf1c11da812da308d43_abcde'