From d6c8dac4f3aa486f456433b64b28b0c19b05da04 Mon Sep 17 00:00:00 2001
From: mc <42146119+mchammer01@users.noreply.github.com>
Date: Tue, 8 Oct 2024 13:41:32 +0100
Subject: [PATCH] Secret scanning: update permission and product callouts
 (#52473)

---
 .../about-secret-scanning-for-partners.md       |  1 +
 .../about-alerts.md                             |  2 +-
 .../evaluating-alerts.md                        |  3 +--
 .../monitoring-alerts.md                        |  2 +-
 .../resolving-alerts.md                         |  3 +--
 .../viewing-alerts.md                           |  3 +--
 .../secret-scanning-partner-program.md          |  1 +
 .../secret-scanning-partner-alerts.md           |  7 +++++++
 .../reusables/gated-features/secret-scanning.md | 17 ++++++++++-------
 .../permissions/secret-scanning-alerts.md       |  1 +
 10 files changed, 25 insertions(+), 15 deletions(-)
 create mode 100644 data/reusables/gated-features/secret-scanning-partner-alerts.md
 create mode 100644 data/reusables/permissions/secret-scanning-alerts.md

diff --git a/content/code-security/secret-scanning/introduction/about-secret-scanning-for-partners.md b/content/code-security/secret-scanning/introduction/about-secret-scanning-for-partners.md
index 276124021d..13d6bc733c 100644
--- a/content/code-security/secret-scanning/introduction/about-secret-scanning-for-partners.md
+++ b/content/code-security/secret-scanning/introduction/about-secret-scanning-for-partners.md
@@ -1,6 +1,7 @@
 ---
 title: About secret scanning for partners
 intro: 'When {% data variables.product.prodname_secret_scanning %} detects authentication details for a service provider in a public repository on {% data variables.product.prodname_dotcom %}, an alert is sent directly to the provider. This allows service providers who are {% data variables.product.prodname_dotcom %} partners to promptly take action to secure their systems.'
+product: '{% data reusables.gated-features.secret-scanning-partner-alerts %}'
 versions:
   fpt: '*'
   ghec: '*'
diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts.md
index 59de0ea9ac..33fa5f2297 100644
--- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts.md
+++ b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts.md
@@ -1,7 +1,7 @@
 ---
 title: About secret scanning alerts
 intro: 'Learn about the different types of {% data variables.secret-scanning.alerts %}.'
-permissions: 'People with admin access to a {% ifversion fpt %}public {% endif %}repository can manage {% data variables.secret-scanning.alerts %} for the repository.'
+permissions: '{% data reusables.permissions.secret-scanning-alerts %}'
 product: '{% data reusables.gated-features.secret-scanning %}'
 versions:
   fpt: '*'
diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts.md
index 7fc067804b..61e6566605 100644
--- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts.md
+++ b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts.md
@@ -1,8 +1,7 @@
 ---
 title: Evaluating alerts from secret scanning
 intro: 'Learn about additional features that can help you evaluate alerts and prioritize their remediation, such as checking a secret''s validity.'
-permissions: 'People with admin access to a {% ifversion fpt %}public {% endif %}repository can view {% data variables.secret-scanning.alerts %} for the repository.'
-product: '{% data reusables.gated-features.secret-scanning %}'
+permissions: '{% data reusables.permissions.secret-scanning-alerts %}'
 versions:
   fpt: '*'
   ghes: '*'
diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/monitoring-alerts.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/monitoring-alerts.md
index 55d3f79542..e3127cbdce 100644
--- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/monitoring-alerts.md
+++ b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/monitoring-alerts.md
@@ -1,7 +1,7 @@
 ---
 title: Monitoring alerts from secret scanning
 intro: 'Learn how and when {% data variables.product.product_name %} will notify you about a secret scanning alert.'
-product: '{% data reusables.gated-features.secret-scanning %}'
+permissions: '{% data reusables.permissions.secret-scanning-alerts %}'
 versions:
   fpt: '*'
   ghes: '*'
diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts.md
index b0dc2237c5..ac9bd343f9 100644
--- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts.md
+++ b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts.md
@@ -1,8 +1,7 @@
 ---
 title: Resolving alerts from secret scanning
 intro: 'After reviewing the details of a secret scanning alert, you should fix and then close the alert.'
-permissions: 'People with admin access to a {% ifversion fpt %}public {% endif %}repository can dismiss secret scanning alerts for the repository.'
-product: '{% data reusables.gated-features.secret-scanning %}'
+permissions: '{% data reusables.permissions.secret-scanning-alerts %}'
 versions:
   fpt: '*'
   ghes: '*'
diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts.md
index a7a59be384..58571fa07a 100644
--- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts.md
+++ b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts.md
@@ -1,8 +1,7 @@
 ---
 title: Viewing and filtering alerts from secret scanning
 intro: 'Learn how to find and filter {% ifversion fpt or ghec %}{% data variables.secret-scanning.user_alerts %}{% else %}{% data variables.secret-scanning.user_alerts %} alerts{% endif %} for your repository.'
-permissions: 'People with admin access to a {% ifversion fpt %}public {% endif %}repository can view {% data variables.secret-scanning.user_alerts %}{% ifversion ghes %} alerts{% endif %} for the repository.'
-product: '{% data reusables.gated-features.secret-scanning %}'
+permissions: '{% data reusables.permissions.secret-scanning-alerts %}'
 versions:
   fpt: '*'
   ghes: '*'
diff --git a/content/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program.md b/content/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program.md
index 26f11638c1..5559f593a7 100644
--- a/content/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program.md
+++ b/content/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program.md
@@ -1,6 +1,7 @@
 ---
 title: Secret scanning partner program
 intro: 'As a service provider, you can partner with {% data variables.product.prodname_dotcom %} to have your secret token formats secured through secret scanning, which searches for accidental commits of your secret format and can be sent to a service provider''s verify endpoint.'
+product: '{% data reusables.gated-features.secret-scanning-partner-alerts %}'
 redirect_from:
   - /partnerships/token-scanning
   - /partnerships/secret-scanning
diff --git a/data/reusables/gated-features/secret-scanning-partner-alerts.md b/data/reusables/gated-features/secret-scanning-partner-alerts.md
new file mode 100644
index 0000000000..a64c68fcef
--- /dev/null
+++ b/data/reusables/gated-features/secret-scanning-partner-alerts.md
@@ -0,0 +1,7 @@
+{%- ifversion fpt or ghec %}
+
+{% data variables.secret-scanning.partner_alerts_caps %} runs by default on the following repositories:
+
+* Public repositories and public npm packages on {% data variables.product.prodname_dotcom %}
+
+{% endif %}
diff --git a/data/reusables/gated-features/secret-scanning.md b/data/reusables/gated-features/secret-scanning.md
index c3bdbceca6..1ba5196563 100644
--- a/data/reusables/gated-features/secret-scanning.md
+++ b/data/reusables/gated-features/secret-scanning.md
@@ -1,11 +1,14 @@
-{%- ifversion fpt or ghec %}
-{% data variables.secret-scanning.partner_alerts_caps %} runs automatically on public repositories and public npm packages to notify service providers about leaked secrets on {% data variables.product.prodname_dotcom %}.
+{% data variables.product.prodname_secret_scanning_caps %} is available for the following repositories:
 
-{% data variables.secret-scanning.user_alerts_caps %} are available for {% ifversion ghec %}user-owned {% endif %}public repositories for free. Organizations using {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_advanced_security %} can also enable {% data variables.secret-scanning.user_alerts %} on their private and internal repositories. {% data reusables.secret-scanning.secret-scanning-user-owned-repos-beta %}
+{% ifversion fpt or ghec %}
 
-{%- elsif ghes %}
-{% data variables.product.prodname_secret_scanning_caps %} is available for organization-owned repositories{% ifversion secret-scanning-user-owned-repos %}, and in {% data variables.release-phases.public_preview %} for user-owned repositories{% endif %} in {% data variables.product.product_name %} if your enterprise has a license for {% data variables.product.prodname_GH_advanced_security %}.
+  * Public repositories (for free)
+  * Private and internal repositories in organizations using {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% ifversion secret-scanning-user-owned-repos %}
+  * User-owned repositories for {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_emus %}{% endif %}
 
-{%- endif %} {% data reusables.advanced-security.more-info-ghas-secret-scanning %}
+{% elsif ghes %}
 
-{% data reusables.advanced-security.ghas-trial %}
+* Organization-owned repositories with [{% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled
+* {% ifversion secret-scanning-user-owned-repos %}User-owned repositories{% endif %} for an enterprise with {% data variables.product.prodname_GH_advanced_security %} enabled
+
+{% endif %}
diff --git a/data/reusables/permissions/secret-scanning-alerts.md b/data/reusables/permissions/secret-scanning-alerts.md
new file mode 100644
index 0000000000..ad5353b274
--- /dev/null
+++ b/data/reusables/permissions/secret-scanning-alerts.md
@@ -0,0 +1 @@
+Repository owners, organization owners, security managers, and users with the **admin** role