Scannability improvements to front matter for push protection articles (#52570)

Co-authored-by: Courtney Claessens <courtneycl@github.com>
Co-authored-by: Anne-Marie <102995847+am-stead@users.noreply.github.com>
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>

content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md

@@ -2,7 +2,7 @@
 title: Enabling push protection for your repository
 shortTitle: Enable push protection
 intro: 'With push protection, {% data variables.product.prodname_secret_scanning %} blocks contributors from pushing secrets to a repository and generates an alert whenever a contributor bypasses the block.'
-product: '{% data reusables.gated-features.secret-scanning %}'
+permissions: '{% data reusables.permissions.push-protection %}'
 versions:
   fpt: '*'
   ghes: '*'

content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection.md

@@ -1,7 +1,7 @@
 ---
 title: About delegated bypass for push protection
 intro: 'You can control which teams or roles have the ability to bypass push protection in your organization or repository.'
-product: '{% data reusables.gated-features.push-protection-for-repos %}'
+product: '{% data reusables.gated-features.delegated-bypass %}'
 versions:
   feature: push-protection-delegated-bypass
 type: overview

content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md

@@ -1,8 +1,7 @@
 ---
 title: Enabling delegated bypass for push protection
 intro: 'You can use delegated bypass for your organization or repository to control who can push commits that contain secrets identified by {% data variables.product.prodname_secret_scanning %}.'
-product: '{% data reusables.gated-features.push-protection-for-repos %}'
+permissions: '{% data reusables.permissions.delegated-bypass %}'
-permissions: 'Organization owners and repository administrators can enable delegated bypass for push protection for their organization and repository, respectively.'
 versions:
   feature: push-protection-delegated-bypass
 type: how_to

content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection.md

@@ -1,8 +1,7 @@
 ---
 title: Managing requests to bypass push protection
 intro: 'As a member of the bypass list for an organization or repository, you can review bypass requests from other members of the organization or repository.'
-product: '{% data reusables.gated-features.push-protection-for-repos %}'
+permissions: '{% data reusables.permissions.delegated-bypass-list %}'
-permissions: 'Members of the bypass list can process requests from non-members to bypass push protection.'
 versions:
   feature: push-protection-delegated-bypass
 type: how_to

content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/excluding-folders-and-files-from-secret-scanning.md

@@ -1,7 +1,7 @@
 ---
 title: Excluding folders and files from secret scanning
 intro: 'You can customize {% data variables.product.prodname_secret_scanning %} to exclude directories or files from analysis, by configuring a `secret_scanning.yml` file in your repository.'
-product: '{% data reusables.gated-features.secret-scanning %}'
+permissions: '{% data reusables.permissions.secret-scanning-alerts %}'
 shortTitle: Exclude folders and files
 versions:
   fpt: '*'

content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line.md

@@ -2,7 +2,7 @@
 title: Working with push protection from the command line
 shortTitle: Push protection on the command line
 intro: 'Learn your options for unblocking your push from the command line to {% data variables.product.prodname_dotcom %} if {% data variables.product.prodname_secret_scanning %} detects a secret in your changes.'
-product: '{% data reusables.gated-features.secret-scanning %}'
+permissions: '{% data reusables.permissions.push-protection %}'
 versions:
   fpt: '*'
   ghes: '*'

content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui.md

@@ -2,7 +2,7 @@
 title: Working with push protection in the GitHub UI
 shortTitle: Push protection in the GitHub UI
 intro: 'Learn your options for unblocking your commit when {% data variables.product.prodname_secret_scanning %} detects a secret in your changes.'
-product: '{% data reusables.gated-features.secret-scanning %}'
+permissions: '{% data reusables.permissions.push-protection %}'
 versions:
   fpt: '*'
   ghes: '*'

data/reusables/gated-features/delegated-bypass.md

@@ -0,0 +1,13 @@
+Delegated bypass requires push protection to be enabled for the organization or the repository. See "[AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection)."
+
+Delegated bypass is available for the following repositories:
+
+{% ifversion ghec %}
+
+* Private and internal repositories in organizations using {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled
+
+{% elsif ghes %}
+
+* Organization-owned repositories with [{% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled
+
+{% endif %}

data/reusables/gated-features/push-protection-for-repos.md

@@ -1,6 +1,13 @@
-{%- ifversion fpt or ghec %}
+Push protection for repositories and organizations is available for the following repository types:
 
-Push protection for repositories and organizations is available for {% ifversion ghec %}user-owned {% endif %}public repositories for free. Organizations using {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_advanced_security %} can also enable push protection on their private and internal repositories.
+{% ifversion fpt or ghec %}
 
-{%- elsif ghes %}
+* {% ifversion ghec %}User-owned public{% elsif fpt %}Public{% endif %} repositories for free
-Push protection is available for organization-owned repositories in {% data variables.product.product_name %} if your enterprise has a license for {% data variables.product.prodname_GH_advanced_security %}.{% endif %}
+* Private and internal repositories in organizations using {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% ifversion ghec %}
+* User namespace repositories belonging to {% data variables.product.prodname_emus %}{% endif %}
+
+{% elsif ghes %}
+
+* Organization-owned repositories with [{% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled
+
+{% endif %}

data/reusables/gated-features/push-protection-for-users.md

@@ -1 +1,3 @@
-Push protection for users is on by default and can be disabled in your personal account settings.
+Push protection for users is on by default on the following repository types:
+
+* Public repositories

data/reusables/permissions/delegated-bypass-list.md

@@ -0,0 +1,4 @@
+* Organization owners
+* Security managers
+* Users in teams, default roles, or custom roles that have been added to the bypass list.{% ifversion push-protection-bypass-fine-grained-permissions %}
+* Users who are assigned a custom role with the "review and manage {% data variables.product.prodname_secret_scanning %} bypass requests" fine-grained permission. {% endif %}

data/reusables/permissions/delegated-bypass.md

@@ -0,0 +1 @@
+Repository owners, organization owners, security managers, and users with the **admin** role

data/reusables/permissions/push-protection.md

@@ -0,0 +1 @@
+Repository owners, organization owners, security managers, and users with the **admin** role

data/reusables/secret-scanning/push-protection-delegated-bypass-note.md

@@ -1,6 +1 @@
-Members {% ifversion push-protection-bypass-fine-grained-permissions %}with permission to review and manage bypass requests {% else %}of the bypass list{% endif %} are still protected from accidentally pushing secrets to a repository. If they attempt to push a commit containing a secret, their push is still blocked, but they can choose to bypass the block by specifying a reason for allowing the push. The following types of people can bypass push protection without requesting bypass privileges:
+Members {% ifversion push-protection-bypass-fine-grained-permissions %}with permission to review and manage bypass requests {% else %}of the bypass list{% endif %} are still protected from accidentally pushing secrets to a repository. If they attempt to push a commit containing a secret, their push is still blocked, but they can choose to bypass the block by specifying a reason for allowing the push.
-
-* Organization owners
-* Security managers
-* Users in teams, default roles, or custom roles that have been added to the bypass list.{% ifversion push-protection-bypass-fine-grained-permissions %}
-* Users who are assigned (either directly or via a team) a custom role with the "review and manage secret scanning bypass requests" fine-grained permission.{% endif %}