merge from main

.github/dependabot.yml

@@ -9,4 +9,4 @@ updates:
   - package-ecosystem: 'github-actions'
     directory: '/'
     schedule:
-      interval: weekly
+      interval: monthly

CONTRIBUTING.md

@@ -6,7 +6,7 @@ Read our [Code of Conduct](./CODE_OF_CONDUCT.md) to keep our community approacha
 
 In this guide you will get an overview of the contribution workflow from opening an issue, creating a PR, reviewing, and merging the PR.
 
-Use the table of contents icon <img src="./assets/images/table-of-contents.png" width="25" height="25" /> on the top left corner of the this document to get to a specific section of this guide quickly.
+Use the table of contents icon <img src="./assets/images/table-of-contents.png" width="25" height="25" /> on the top left corner of this document to get to a specific section of this guide quickly.
 
 ## New contributor guide
 

README.md

@@ -4,7 +4,7 @@ This repository contains the documentation website code and Markdown source file
 
 GitHub's Docs team works on pre-production content in a private repo that regularly syncs with this public repo.
 
-Use the table of contents icon <img src="./assets/images/table-of-contents.png" width="25" height="25" /> on the top left corner of the this document to get to a specific section of this guide quickly.
+Use the table of contents icon <img src="./assets/images/table-of-contents.png" width="25" height="25" /> on the top left corner of this document to get to a specific section of this guide quickly.
 
 ## Contributing
 
@@ -60,4 +60,4 @@ When using the GitHub logos, be sure to follow the [GitHub logo guidelines](http
 
 ## Thanks :purple_heart:
 
-Thanks for all your contributions and efforts towards improving the GitHub documentation. We thank you being part of our ✨ community ✨ !
+Thanks for all your contributions and efforts towards improving the GitHub documentation. We thank you being part of our :sparkles: community :sparkles: !

content/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications.md

@@ -134,8 +134,8 @@ Email notifications from {% data variables.product.product_name %} contain the f
 | --- | --- |
 | `From` address | This address will always be {% ifversion fpt %}'`notifications@github.com`'{% else %}'the no-reply email address configured by your site administrator'{% endif %}. |
 | `To` field | This field connects directly to the thread.{% ifversion not ghae %} If you reply to the email, you'll add a new comment to the conversation.{% endif %} |
-| `Cc` address | {% data variables.product.product_name %} will `Cc` you if you're subscribed to a conversation. The second `Cc` email address matches the notification reason. The suffix for these notification reasons is {% data variables.notifications.cc_address %}. The possible notification reasons are: <ul><li>`assign`: You were assigned to an issue or pull request.</li><li>`author`: You created an issue or pull request.</li><li>`ci_activity`: A {% data variables.product.prodname_actions %} workflow run that you triggered was completed.</li><li>`comment`: You commented on an issue or pull request.</li><li>`manual`: There was an update to an issue or pull request you manually subscribed to.</li><li>`mention`: You were mentioned on an issue or pull request.</li><li>`push`: Someone committed to a pull request you're subscribed to.</li><li>`review_requested`: You or a team you're a member of was requested to review a pull request.</li>{% ifversion not ghae %}<li>`security_alert`: {% data variables.product.prodname_dotcom %} detected a vulnerability in a repository you receive alerts for.</li>{% endif %}<li>`state_change`: An issue or pull request you're subscribed to was either closed or opened.</li><li>`subscribed`: There was an update in a repository you're watching.</li><li>`team_mention`: A team you belong to was mentioned on an issue or pull request.</li><li>`your_activity`: You opened, commented on, or closed an issue or pull request.</li></ul> |
-| `mailing list` field | This field identifies the name of the repository and its owner. The format of this address is always `<repository name>.<repository owner>.{% data variables.command_line.backticks %}`. |{% ifversion fpt or ghes %}
+| `Cc` address | {% data variables.product.product_name %} will `Cc` you if you're subscribed to a conversation. The second `Cc` email address matches the notification reason. The suffix for these notification reasons is {% data variables.notifications.cc_address %}. The possible notification reasons are: <ul><li>`assign`: You were assigned to an issue or pull request.</li><li>`author`: You created an issue or pull request.</li><li>`ci_activity`: A {% data variables.product.prodname_actions %} workflow run that you triggered was completed.</li><li>`comment`: You commented on an issue or pull request.</li><li>`manual`: There was an update to an issue or pull request you manually subscribed to.</li><li>`mention`: You were mentioned on an issue or pull request.</li><li>`push`: Someone committed to a pull request you're subscribed to.</li><li>`review_requested`: You or a team you're a member of was requested to review a pull request.</li>{% ifversion fpt or ghes or ghae-issue-4864 %}<li>`security_alert`: {% data variables.product.prodname_dotcom %} detected a vulnerability in a repository you receive alerts for.</li>{% endif %}<li>`state_change`: An issue or pull request you're subscribed to was either closed or opened.</li><li>`subscribed`: There was an update in a repository you're watching.</li><li>`team_mention`: A team you belong to was mentioned on an issue or pull request.</li><li>`your_activity`: You opened, commented on, or closed an issue or pull request.</li></ul> |
+| `mailing list` field | This field identifies the name of the repository and its owner. The format of this address is always `<repository name>.<repository owner>.{% data variables.command_line.backticks %}`. |{% ifversion fpt or ghes or ghae-issue-4864 %}
 | `X-GitHub-Severity` field | {% data reusables.repositories.security-alerts-x-github-severity %} The possible severity levels are:<ul><li>`low`</li><li>`moderate`</li><li>`high`</li><li>`critical`</li></ul>For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)." |{% endif %}
 
 ## Choosing your notification settings
@@ -144,7 +144,7 @@ Email notifications from {% data variables.product.product_name %} contain the f
 {% data reusables.notifications-v2.manage-notifications %}
 3. On the notifications settings page, choose how you receive notifications when:
     - There are updates in repositories or team discussions you're watching or in a conversation you're participating in. For more information, see "[About participating and watching notifications](#about-participating-and-watching-notifications)."
-    - You gain access to a new repository or you've joined a new team. For more information, see "[Automatic watching](#automatic-watching)."{% ifversion fpt or ghes %}
+    - You gain access to a new repository or you've joined a new team. For more information, see "[Automatic watching](#automatic-watching)."{% ifversion fpt or ghes or ghae-issue-4864 %}
     - There are new {% data variables.product.prodname_dependabot_alerts %} in your repository. For more information, see "[{% data variables.product.prodname_dependabot_alerts %} notification options](#dependabot-alerts-notification-options)." {% endif %} {% ifversion fpt %}
     - There are workflow runs updates on repositories set up with {% data variables.product.prodname_actions %}. For more information, see "[{% data variables.product.prodname_actions %} notification options](#github-actions-notification-options)."{% endif %}
 
@@ -161,14 +161,14 @@ If "Automatically watch repositories" is disabled, then you will not automatical
 You can choose whether to watch or unwatch an individual repository. You can also choose to only be notified of {% ifversion fpt or ghes > 3.0 or ghae-next %}certain event types such as {% data reusables.notifications-v2.custom-notification-types %} (if enabled for the repository) {% else %}new releases{% endif %}, or completely ignore an individual repository.
 
 {% data reusables.repositories.navigate-to-repo %}
-2. In the upper-right corner, click the "Watch" drop-down menu to select a watch option.
-{% ifversion fpt or ghes > 3.0 or ghae-next %}
+2. In the upper-right corner, select the "Watch" drop-down menu to click a watch option.
+{% ifversion fpt or ghes > 3.0 or ghae-issue-4910 %}
    ![Watch options in a drop-down menu for a repository](/assets/images/help/notifications-v2/watch-repository-options-custom.png)
 
    The **Custom** option allows you to further customize notifications so that you're only notified when specific events happen in the repository, in addition to participating and @mentions.
 {% else %}
      ![Watch options in a drop-down menu for a repository](/assets/images/help/notifications-v2/watch-repository-options.png){% endif %}
-{% ifversion fpt or ghes > 3.0 or ghae-next %}
+{% ifversion fpt or ghes > 3.0 or ghae-issue-4910 %}
    ![Custom watch options in a drop-down menu for a repository](/assets/images/help/notifications-v2/watch-repository-options-custom2-dotcom.png)
    If you select "Issues", you will be notified about, and subscribed to, updates on every issue (including those that existed prior to you selecting this option) in the repository. If you're @mentioned in a pull request in this repository, you'll receive notifications for that too, and you'll be subscribed to updates on that specific pull request, in addition to being notified about issues.
 {% endif %}
@@ -198,12 +198,8 @@ If you are a member of more than one organization, you can configure each one to
 5. Select one of your verified email addresses, then click **Save**.	
 ![Switching your per-org email address](/assets/images/help/notifications/notifications_switching_org_email.gif)
 
-{% ifversion not ghae %}
-{% ifversion fpt or ghes %}
+{% ifversion fpt or ghes or ghae-issue-4864 %}
 ## {% data variables.product.prodname_dependabot_alerts %} notification options 
-{% else %}
-## Security alert notification options 
-{% endif %}
 
 {% data reusables.notifications.vulnerable-dependency-notification-enable %}
 {% data reusables.notifications.vulnerable-dependency-notification-delivery-method-customization2 %}

content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md

@@ -114,14 +114,14 @@ To filter notifications for specific activity on {% data variables.product.produ
 - `is:gist`
 - `is:issue-or-pull-request`
 - `is:release`
-- `is:repository-invitation`{% ifversion not ghae %}
-- `is:repository-vulnerability-alert`
+- `is:repository-invitation`{% ifversion fpt or ghes or ghae-issue-4864 %}
+- `is:repository-vulnerability-alert`{% endif %}{% ifversion fpt %}
 - `is:repository-advisory`{% endif %}
 - `is:team-discussion`{% ifversion fpt %}
 - `is:discussion`{% endif %}
 
-{% ifversion not ghae %}
-For information about reducing noise from notifications for {% ifversion fpt or ghes %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %}, see "[Configuring notifications for vulnerable dependencies](/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies)."
+{% ifversion fpt or ghes or ghae-issue-4864 %}
+For information about reducing noise from notifications for {% data variables.product.prodname_dependabot_alerts %}, see "[Configuring notifications for vulnerable dependencies](/github/managing-security-vulnerabilities/configuring-notifications-for-vulnerable-dependencies)."
 {% endif %}
 
 You can also use the `is:` query to describe how the notification was triaged.
@@ -144,7 +144,7 @@ To filter notifications by why you've received an update, you can use the `reaso
 | `reason:invitation` | When you're invited to a team, organization, or repository.
 | `reason:manual` | When you click **Subscribe** on an issue or pull request you weren't already subscribed to.
 | `reason:mention` | You were directly @mentioned.
-| `reason:review-requested` | You or a team you're on have been requested to review a pull request.{% ifversion not ghae %}
+| `reason:review-requested` | You or a team you're on have been requested to review a pull request.{% ifversion fpt or ghes or ghae-issue-4864 %}
 | `reason:security-alert` | When a security alert is issued for a repository.{% endif %}
 | `reason:state-change`  | When the state of a pull request or issue is changed. For example, an issue is closed or a pull request is merged.
 | `reason:team-mention` | When a team you're a member of is @mentioned.
@@ -163,7 +163,7 @@ For example, to see notifications from the octo-org organization, use `org:octo-
 
 {% endif %}
 
-{% ifversion fpt or ghes %}
+{% ifversion fpt or ghes or ghae-issue-4864 %}
 ## {% data variables.product.prodname_dependabot %} custom filters
 
 {% ifversion fpt %}
@@ -175,8 +175,11 @@ If you use {% data variables.product.prodname_dependabot %} to keep your depende
 For more information about {% data variables.product.prodname_dependabot %}, see "[About managing vulnerable dependencies](/github/managing-security-vulnerabilities/about-managing-vulnerable-dependencies)."
 {% endif %}
 
-{% ifversion ghes %}
-If you use {% data variables.product.prodname_dependabot %} to keep your dependencies-up-to-date, you can use and save the `is:repository_vulnerability_alert` custom filter to show notifications for {% data variables.product.prodname_dependabot_alerts %}.
+{% ifversion ghes or ghae-issue-4864 %}
+
+If you use {% data variables.product.prodname_dependabot %} to keep your dependencies-up-to-date, you can use and save these custom filters to show notifications for {% data variables.product.prodname_dependabot_alerts %}:
+- `is:repository_vulnerability_alert` 
+- `reason:security_alert`
 
 For more information about {% data variables.product.prodname_dependabot %}, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)."
 {% endif %}

content/account-and-profile/setting-up-and-managing-your-github-profile/customizing-your-profile/about-your-organizations-profile.md

@@ -14,7 +14,7 @@ topics:
   - Profiles
 shortTitle: Organization's profile
 ---
-You can optionally choose to add a description, location, website, and email address for your organization, and pin important repositories. You can customize your organization's profile by adding a README.md file. For more information, see "[Customizing your organization's profile](/organizations/collaborating-with-groups-in-organizations/customizing-your-organizations-profile)."
+You can optionally choose to add a description, location, website, and email address for your organization, and pin important repositories.{% ifversion not ghes and not ghae %} You can customize your organization's profile by adding a README.md file. For more information, see "[Customizing your organization's profile](/organizations/collaborating-with-groups-in-organizations/customizing-your-organizations-profile)."{% endif %}
 
 {% ifversion fpt %}To confirm your organization's identity and display a "Verified" badge on your organization profile page, you must verify your organization's domains with {% data variables.product.product_name %}. For more information, see "[Verifying or approving a domain for your organization](/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization)."{% endif %}
 

content/actions/deployment/about-continuous-deployment.md

@@ -34,9 +34,12 @@ You can configure your CD workflow to run when a {% data variables.product.produ
 
 {% data reusables.actions.cd-templates-actions %}
 
+{% ifversion fpt or ghae or ghes > 3.0 %}
+
 ## Further reading
 
 - [Deploying with GitHub Actions](/actions/deployment/deploying-with-github-actions)
 - [Using environments for deployment](/actions/deployment/using-environments-for-deployment){% ifversion fpt %}
-- "[Managing billing for {% data variables.product.prodname_actions %}](/billing/managing-billing-for-github-actions)"
+- "[Managing billing for {% data variables.product.prodname_actions %}](/billing/managing-billing-for-github-actions)"{% endif %}
+
 {% endif %}

content/actions/deployment/deploying-to-amazon-elastic-container-service.md

@@ -21,9 +21,9 @@ shortTitle: Deploy to Amazon ECS
 
 ## Introduction
 
-This guide explains how to use {% data variables.product.prodname_actions %} to build a containerized application, push it to [Amazon Elastic Container Registry (ECR)](https://aws.amazon.com/ecr/), and deploy it to [Amazon Elastic Container Service (ECS)](https://aws.amazon.com/ecs/) when a release is created.
+This guide explains how to use {% data variables.product.prodname_actions %} to build a containerized application, push it to [Amazon Elastic Container Registry (ECR)](https://aws.amazon.com/ecr/), and deploy it to [Amazon Elastic Container Service (ECS)](https://aws.amazon.com/ecs/) when there is a push to the `main` branch.
 
-On every new release in your {% data variables.product.company_short %} repository, the {% data variables.product.prodname_actions %} workflow builds and pushes a new container image to Amazon ECR, and then deploys a new task definition to Amazon ECS.
+On every new push to `main` in your {% data variables.product.company_short %} repository, the {% data variables.product.prodname_actions %} workflow builds and pushes a new container image to Amazon ECR, and then deploys a new task definition to Amazon ECS.
 
 ## Prerequisites
 
@@ -67,7 +67,9 @@ Before creating your {% data variables.product.prodname_actions %} workflow, you
 
    See the documentation for each action used below for the recommended IAM policies for the IAM user, and methods for handling the access key credentials.
 
+{% ifversion fpt or ghes > 3.0 or ghae %}
 5. Optionally, configure a deployment environment. {% data reusables.actions.about-environments %}
+{% endif %}
 
 ## Creating the workflow
 
@@ -85,8 +87,9 @@ Ensure that you provide your own values for all the variables in the `env` key o
 name: Deploy to Amazon ECS
 
 on:
-  release:
-    types: [ created ]
+  push:
+    branches:
+      - main
 
 env:
   AWS_REGION: MY_AWS_REGION                   # set this to your preferred AWS region, e.g. us-west-1

content/actions/deployment/deploying-to-azure-app-service.md

@@ -69,13 +69,15 @@ Before creating your {% data variables.product.prodname_actions %} workflow, you
 
 4. For Linux apps, add an app setting called `WEBSITE_WEBDEPLOY_USE_SCM` and set it to true in your app. For more information, see "[Configure apps in the portal](https://docs.microsoft.com/en-us/azure/app-service/configure-common#configure-app-settings)" in the Azure documentation.
 
+{% ifversion fpt or ghes > 3.0 or ghae %}
 5. Optionally, configure a deployment environment. {% data reusables.actions.about-environments %}
+{% endif %}
 
 ## Creating the workflow
 
 Once you've completed the prerequisites, you can proceed with creating the workflow.
 
-The following example workflow demonstrates how to build, test, and deploy the Node.js project to Azure App Service when a release is created.
+The following example workflow demonstrates how to build, test, and deploy the Node.js project to Azure App Service when there is a push to the `main` branch.
 
 Ensure that you set `AZURE_WEBAPP_NAME` in the workflow `env` key to the name of the web app you created. You can also change `AZURE_WEBAPP_PACKAGE_PATH` if the path to your project is not the repository root and `NODE_VERSION` if you want to use a node version other than `10.x`.
 
@@ -85,8 +87,9 @@ Ensure that you set `AZURE_WEBAPP_NAME` in the workflow `env` key to the name of
 {% data reusables.actions.actions-not-certified-by-github-comment %}
 
 on:
-  release:
-    types: [created]
+  push:
+    branches:
+      - main
 
 env:
   AZURE_WEBAPP_NAME: MY_WEBAPP_NAME   # set this to your application's name

content/actions/deployment/deploying-to-google-kubernetes-engine.md

@@ -21,7 +21,7 @@ shortTitle: Deploy to Google Kubernetes Engine
 
 ## Introduction
 
-This guide explains how to use {% data variables.product.prodname_actions %} to build a containerized application, push it to Google Container Registry (GCR), and deploy it to Google Kubernetes Engine (GKE) when a release is created.
+This guide explains how to use {% data variables.product.prodname_actions %} to build a containerized application, push it to Google Container Registry (GCR), and deploy it to Google Kubernetes Engine (GKE) when there is a push to the `main` branch.
 
 GKE is a managed Kubernetes cluster service from Google Cloud that can host your containerized workloads in the cloud or in your own datacenter. For more information, see [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine).
 
@@ -105,9 +105,11 @@ Store the name of your project as a secret named `GKE_PROJECT`. For more informa
 ### (Optional) Configuring kustomize
 Kustomize is an optional tool used for managing YAML specs. After creating a _kustomization_ file, the workflow below can be used to dynamically set fields of the image and pipe in the result to `kubectl`. For more information, see [kustomize usage](https://github.com/kubernetes-sigs/kustomize#usage).
 
+{% ifversion fpt or ghes > 3.0 or ghae %}
 ### (Optional) Configure a deployment environment
 
 {% data reusables.actions.about-environments %}
+{% endif %}
 
 ## Creating the workflow
 
@@ -125,8 +127,9 @@ Under the `env` key, change the value of `GKE_CLUSTER` to the name of your clust
 name: Build and Deploy to GKE
 
 on:
-  release:
-    types: [created]
+  push:
+    branches:
+      - main
 
 env:
   PROJECT_ID: {% raw %}${{ secrets.GKE_PROJECT }}{% endraw %}

content/actions/deployment/deploying-with-github-actions.md

@@ -31,13 +31,12 @@ You should be familiar with the syntax for {% data variables.product.prodname_ac
 
 ## Triggering your deployment
 
-You can use a variety of events to trigger your deployment workflow. Some of the most common are: `pull_request`, `push`, `release`, and `workflow_dispatch`.
+You can use a variety of events to trigger your deployment workflow. Some of the most common are: `pull_request`, `push`, and `workflow_dispatch`.
 
 For example, a workflow with the following triggers runs whenever:
 
 - There is a push to the `main` branch.
 - A pull request targeting the `main` branch is opened, synchronized, or reopened.
-- A release is created.
 - Someone manually triggers it.
 
 ```yaml
@@ -48,9 +47,6 @@ on:
   pull_request:
     branches:
       - main
-  release:
-    types:
-      - created
   workflow_dispatch:
 ```
 

content/actions/guides.md

@@ -0,0 +1,66 @@
+---
+title: Guides for GitHub Actions
+intro: 'These guides for {% data variables.product.prodname_actions %} include specific use cases and examples to help you configure workflows.'
+allowTitleToDifferFromFilename: true
+layout: product-sublanding
+versions:
+  fpt: '*'
+  ghes: '*'
+  ghae: '*'
+learningTracks:
+  - getting_started
+  - continuous_integration
+  - continuous_deployment
+  - deploy_to_the_cloud
+  - hosting_your_own_runners
+  - create_actions
+includeGuides:
+  - /actions/quickstart
+  - /actions/learn-github-actions/introduction-to-github-actions
+  - /actions/creating-actions/creating-a-docker-container-action
+  - /actions/learn-github-actions/using-workflow-templates
+  - /actions/automating-builds-and-tests/building-and-testing-python
+  - /actions/automating-builds-and-tests/building-and-testing-nodejs
+  - /actions/publishing-packages/about-packaging-with-github-actions
+  - /actions/publishing-packages/publishing-docker-images
+  - /actions/advanced-guides/caching-dependencies-to-speed-up-workflows
+  - /actions/automating-builds-and-tests/about-continuous-integration
+  - /actions/automating-builds-and-tests/building-and-testing-powershell
+  - /actions/automating-builds-and-tests/building-and-testing-ruby
+  - /actions/automating-builds-and-tests/building-and-testing-java-with-maven
+  - /actions/automating-builds-and-tests/building-and-testing-java-with-gradle
+  - /actions/automating-builds-and-tests/building-and-testing-java-with-ant
+  - /actions/automating-builds-and-tests/building-and-testing-swift
+  - /actions/deployment/installing-an-apple-certificate-on-macos-runners-for-xcode-development
+  - /actions/automating-builds-and-tests/building-and-testing-xamarin-applications
+  - /actions/publishing-packages/publishing-nodejs-packages
+  - /actions/publishing-packages/publishing-java-packages-with-maven
+  - /actions/publishing-packages/publishing-java-packages-with-gradle
+  - /actions/advanced-guides/storing-workflow-data-as-artifacts
+  - /actions/using-containerized-services/about-service-containers
+  - /actions/using-containerized-services/creating-redis-service-containers
+  - /actions/using-containerized-services/creating-postgresql-service-containers
+  - /actions/deployment/deploying-to-amazon-elastic-container-service
+  - /actions/deployment/deploying-to-azure-app-service
+  - /actions/deployment/deploying-to-google-kubernetes-engine
+  - /actions/learn-github-actions/essential-features-of-github-actions
+  - /actions/security-guides/security-hardening-for-github-actions
+  - /actions/creating-actions/about-custom-actions
+  - /actions/creating-actions/creating-a-javascript-action
+  - /actions/creating-actions/creating-a-composite-action
+  - /actions/migrating-to-github-actions/migrating-from-azure-pipelines-to-github-actions
+  - /actions/migrating-to-github-actions/migrating-from-circleci-to-github-actions
+  - /actions/migrating-to-github-actions/migrating-from-gitlab-cicd-to-github-actions
+  - /actions/migrating-to-github-actions/migrating-from-jenkins-to-github-actions
+  - /actions/migrating-to-github-actions/migrating-from-travis-ci-to-github-actions
+  - /actions/managing-issues-and-pull-requests/using-github-actions-for-project-management
+  - /actions/managing-issues-and-pull-requests/closing-inactive-issues
+  - /actions/managing-issues-and-pull-requests/scheduling-issue-creation
+  - /actions/managing-issues-and-pull-requests/adding-labels-to-issues
+  - /actions/managing-issues-and-pull-requests/commenting-on-an-issue-when-a-label-is-added
+  - /actions/managing-issues-and-pull-requests/moving-assigned-issues-on-project-boards
+  - /actions/managing-issues-and-pull-requests/removing-a-label-when-a-card-is-added-to-a-project-board-column
+  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions
+  - /code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot
+---
+

content/actions/hosting-your-own-runners/adding-self-hosted-runners.md

@@ -34,7 +34,7 @@ For more information, see "[About self-hosted runners](/github/automating-your-w
 
 ## Adding a self-hosted runner to a repository
 
-You can add self-hosted runners to a single repository. To add a self-hosted runner to a user repository, you must be the repository owner. For an organization repository, you must be an organization owner or have admin access to the repository.
+You can add self-hosted runners to a single repository. To add a self-hosted runner to a user repository, you must be the repository owner. For an organization repository, you must be an organization owner or have admin access to the repository. For information about how to add a self-hosted runner with the REST API, see "[Self-hosted runners](/rest/reference/actions#self-hosted-runners)."
 
 {% ifversion fpt %}
 {% data reusables.repositories.navigate-to-repo %}
@@ -55,7 +55,7 @@ You can add self-hosted runners to a single repository. To add a self-hosted run
 
 ## Adding a self-hosted runner to an organization
 
-You can add self-hosted runners at the organization level, where they can be used to process jobs for multiple repositories in an organization. To add a self-hosted runner to an organization, you must be an organization owner. 
+You can add self-hosted runners at the organization level, where they can be used to process jobs for multiple repositories in an organization. To add a self-hosted runner to an organization, you must be an organization owner. For information about how to add a self-hosted runner with the REST API, see "[Self-hosted runners](/rest/reference/actions#self-hosted-runners)."
 
 {% ifversion fpt %}
 {% data reusables.organizations.navigate-to-org %}
@@ -84,7 +84,7 @@ You can add self-hosted runners to an enterprise, where they can be assigned to
 New runners are assigned to the default group. You can modify the runner's group after you've registered the runner. For more information, see "[Managing access to self-hosted runners](/actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups#moving-a-self-hosted-runner-to-a-group)."
 
 {% ifversion fpt %}
-To add a self-hosted runner to an enterprise account, you must be an enterprise owner.
+To add a self-hosted runner to an enterprise account, you must be an enterprise owner. For information about how to add a self-hosted runner with the REST API, see the [Enterprise Administration GitHub Actions APIs](/rest/reference/enterprise-admin#github-actions).
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}

content/actions/hosting-your-own-runners/autoscaling-with-self-hosted-runners.md

@@ -15,6 +15,24 @@ type: 'overview'
 
 You can automatically increase or decrease the number of self-hosted runners in your environment in response to the webhook events you receive with a particular label. For example, you can create automation that adds a new self-hosted runner each time you receive a [`workflow_job`](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_job) webhook event with the  [`queued`](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_job) activity, which notifies you that a new job is ready for processing. The webhook payload includes label data, so you can identify the type of runner the job is requesting. Once the job has finished, you can then create automation that removes the runner in response to the `workflow_job` [`completed`](/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#workflow_job) activity. 
 
+## Recommended autoscaling solutions
+
+{% data variables.product.prodname_dotcom %} recommends and partners closely with two open source projects that you can use for autoscaling your runners. One or both solutions may be suitable, based on your needs. 
+
+The following repositories have detailed instructions for setting up these autoscalers: 
+
+- [actions-runner-controller/actions-runner-controller](https://github.com/actions-runner-controller/actions-runner-controller) - A Kubernetes controller for {% data variables.product.prodname_actions %} self-hosted runnners.
+- [philips-labs/terraform-aws-github-runner](https://github.com/philips-labs/terraform-aws-github-runner) - A Terraform module for scalable {% data variables.product.prodname_actions %} runners on Amazon Web Services.
+
+Each solution has certain specifics that may be important to consider:
+
+| **Features** | **actions-runner-controller** | **terraform-aws-github-runner** |
+| :--- | :--- | :--- |
+| Runtime | Kubernetes | Linux and Windows VMs |
+| Supported Clouds | Azure, Amazon Web Services, Google Cloud Platform, on-premises | Amazon Web Services |
+| Where runners can be scaled | Enterprise, organization, and repository levels. By runner label and runner group. | Organization and repository levels. By runner label and runner group. |
+| Pull-based autoscaling support | Yes | No |
+
 ## Using ephemeral runners for autoscaling
 
 {% data variables.product.prodname_dotcom %} recommends implementing autoscaling with ephemeral self-hosted runners; autoscaling with persistent self-hosted runners is not recommended. In certain cases, {% data variables.product.prodname_dotcom %} cannot guarantee that jobs are not assigned to persistent runners while they are shut down. With ephemeral runners, this can be guaranteed because {% data variables.product.prodname_dotcom %} only assigns one job to a runner.
@@ -44,7 +62,7 @@ You can create your own autoscaling environment by using payloads received from
 
 ## Authentication requirements
 
-You can register and delete self-hosted runners using [the API](/rest/reference/actions#self-hosted-runners). To authenticate to the API, your autoscaling implementation can use an access token or a {% data variables.product.prodname_dotcom %} app. 
+You can register and delete repository and organization self-hosted runners using [the API](/rest/reference/actions#self-hosted-runners). To authenticate to the API, your autoscaling implementation can use an access token or a {% data variables.product.prodname_dotcom %} app. 
 
 Your access token will require the following scope:
 
@@ -53,22 +71,8 @@ Your access token will require the following scope:
 
 To  authenticate using a {% data variables.product.prodname_dotcom %} App, it must be assigned the following permissions:
 - For repositories, assign the `administration` permission.
-- for organizations, assign the `organization_self_hosted_runners` permission.
+- For organizations, assign the `organization_self_hosted_runners` permission.
 
-## Recommended autoscaling solutions
+You can register and delete enterprise self-hosted runners using [the API](/rest/reference/enterprise-admin#github-actions). To authenticate to the API, your autoscaling implementation can use an access token.
 
-{% data variables.product.prodname_dotcom %} recommends and partners closely with two open source projects that you can use for autoscaling your runners. One or both solutions may be suitable, based on your needs. 
-
-The following repositories have detailed instructions for setting up these autoscalers: 
-
-- [actions-runner-controller/actions-runner-controller](https://github.com/actions-runner-controller/actions-runner-controller) - A Kubernetes controller for {% data variables.product.prodname_actions %} self-hosted runnners.
-- [philips-labs/terraform-aws-github-runner](https://github.com/philips-labs/terraform-aws-github-runner) - A Terraform module for scalable {% data variables.product.prodname_actions %} runners on Amazon Web Services.
-
-Each solution has certain specifics that may be important to consider:
-
-| **Features** | **actions-runner-controller** | **terraform-aws-github-runner** |
-| :--- | :--- | :--- |
-| Runtime | Kubernetes | Linux and Windows VMs |
-| Supported Clouds | Azure, Amazon Web Services, Google Cloud Platform, on-premises | Amazon Web Services |
-| Where runners can be scaled | Enterprise, organization, and repository levels. By runner label and runner group. | Organization and repository levels. By runner label and runner group. |
-| Pull-based autoscaling support | Yes | No |
+Your access token will requite the `manage_runners:enterprise` scope.

content/actions/hosting-your-own-runners/managing-access-to-self-hosted-runners-using-groups.md

@@ -33,7 +33,7 @@ When new runners are created, they are automatically assigned to the default gro
 
 ## Creating a self-hosted runner group for an organization
 
-All organizations have a single default self-hosted runner group. Organizations within an enterprise account can create additional self-hosted groups. Organization admins can allow individual repositories access to a runner group.
+All organizations have a single default self-hosted runner group. Organizations within an enterprise account can create additional self-hosted groups. Organization admins can allow individual repositories access to a runner group. For information about how to create a self-hosted runner group with the REST API, see "[Self-hosted runner groups](/rest/reference/actions#self-hosted-runner-groups)."
 
 Self-hosted runners are automatically assigned to the default group when created, and can only be members of one group at a time. You can move a runner from the default group to any group you create.
 
@@ -83,7 +83,7 @@ When creating a group, you must choose a policy that defines which repositories
 
 ## Creating a self-hosted runner group for an enterprise
 
-Enterprises can add their self-hosted runners to groups for access management. Enterprises can create groups of self-hosted runners that are accessible to specific organizations in the enterprise account. Organization admins can then assign additional granular repository access policies to the enterprise runner groups.
+Enterprises can add their self-hosted runners to groups for access management. Enterprises can create groups of self-hosted runners that are accessible to specific organizations in the enterprise account. Organization admins can then assign additional granular repository access policies to the enterprise runner groups. For information about how to create a self-hosted runner group with the REST API, see the [Enterprise Administration GitHub Actions APIs](/rest/reference/enterprise-admin#github-actions).
 
 Self-hosted runners are automatically assigned to the default group when created, and can only be members of one group at a time. You can assign the runner to a specific group during the registration process, or you can later move the runner from the default group to a custom group.
 

content/actions/hosting-your-own-runners/removing-self-hosted-runners.md

@@ -26,7 +26,7 @@ shortTitle: Remove self-hosted runners
 
 {% endnote %}
 
-To remove a self-hosted runner from a user repository you must be the repository owner. For an organization repository, you must be an organization owner or have admin access to the repository. We recommend that you also have access to the self-hosted runner machine.
+To remove a self-hosted runner from a user repository you must be the repository owner. For an organization repository, you must be an organization owner or have admin access to the repository. We recommend that you also have access to the self-hosted runner machine. For information about how to remove a self-hosted runner with the REST API, see "[Self-hosted runners](/rest/reference/actions#self-hosted-runners)."
 
 {% data reusables.github-actions.self-hosted-runner-reusing %}
 {% ifversion fpt %}
@@ -53,7 +53,7 @@ To remove a self-hosted runner from a user repository you must be the repository
 
 {% endnote %}
 
-To remove a self-hosted runner from an organization, you must be an organization owner. We recommend that you also have access to the self-hosted runner machine.
+To remove a self-hosted runner from an organization, you must be an organization owner. We recommend that you also have access to the self-hosted runner machine. For information about how to remove a self-hosted runner with the REST API, see "[Self-hosted runners](/rest/reference/actions#self-hosted-runners)."
 
 {% data reusables.github-actions.self-hosted-runner-reusing %}
 {% ifversion fpt or ghes > 3.1 or ghae-next %}
@@ -81,7 +81,7 @@ To remove a self-hosted runner from an organization, you must be an organization
 {% data reusables.github-actions.self-hosted-runner-reusing %}
 
 {% ifversion fpt %}
-To remove a self-hosted runner from an enterprise account, you must be an enterprise owner. We recommend that you also have access to the self-hosted runner machine.
+To remove a self-hosted runner from an enterprise account, you must be an enterprise owner. We recommend that you also have access to the self-hosted runner machine. For information about how to add a self-hosted runner with the REST API, see the [Enterprise Administration GitHub Actions APIs](/rest/reference/enterprise-admin#github-actions).
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}
 {% data reusables.enterprise-accounts.actions-tab %}

content/actions/index.md

@@ -59,4 +59,5 @@ children:
   - /using-github-hosted-runners
   - /hosting-your-own-runners
   - /migrating-to-github-actions
+  - /guides
 ---

content/actions/learn-github-actions/essential-features-of-github-actions.md

@@ -92,6 +92,8 @@ jobs:
           name: output-log-file
 ```
 
+To download an artifact from the same workflow run, your download job should specify `needs: upload-job-name` so it doesn't start until the upload job finishes.
+
 For more information about artifacts, see "[Persisting workflow data using artifacts](/actions/configuring-and-managing-workflows/persisting-workflow-data-using-artifacts)."
 
 ## Next steps

content/actions/learn-github-actions/reusing-workflows.md

@@ -48,7 +48,6 @@ A reusable workflow can be used by another workflow if any of the following is t
 * Any environment variables set in an `env` context defined at the workflow level in the caller workflow are not propagated to the called workflow. For more information about the `env` context, see "[Context and expression syntax for GitHub Actions](/actions/reference/context-and-expression-syntax-for-github-actions#env-context)."
   
 The following limitations will be removed when workflow reuse moves out of beta:
-* Reusable workflows can't reference self-hosted runners.
 * You can't set the concurrency of a called workflow from the caller workflow. For more information about `jobs.<job_id>.concurrency`, see "[Workflow syntax for GitHub Actions](/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idconcurrency)."
 * Outputs generated by a called workflow can't be accessed by the caller workflow.
 

content/actions/migrating-to-github-actions/migrating-from-gitlab-cicd-to-github-actions.md

@@ -358,7 +358,7 @@ jobs:
 </tr>
 </table>
 
-{% data variables.product.prodname_actions %} caching is only applicable to {% data variables.product.prodname_dotcom %}-hosted runners. For more information, see "<a href="/actions/guides/caching-dependencies-to-speed-up-workflows" class="dotcom-only">Caching dependencies to speed up workflows</a>."
+{% data variables.product.prodname_actions %} caching is only applicable for repositories hosted on {% data variables.product.prodname_dotcom_the_website %}. For more information, see "<a href="/actions/guides/caching-dependencies-to-speed-up-workflows" class="dotcom-only">Caching dependencies to speed up workflows</a>."
 
 ## Artifacts
 

content/actions/migrating-to-github-actions/migrating-from-travis-ci-to-github-actions.md

@@ -334,7 +334,7 @@ cache: npm
 </tr>
 </table>
 
-{% data variables.product.prodname_actions %} caching is only applicable to {% data variables.product.prodname_dotcom %}-hosted runners.  For more information, see "<a href="/actions/guides/caching-dependencies-to-speed-up-workflows" class="dotcom-only">Caching dependencies to speed up workflows</a>."
+{% data variables.product.prodname_actions %} caching is only applicable for repositories hosted on {% data variables.product.prodname_dotcom_the_website %}. For more information, see "<a href="/actions/guides/caching-dependencies-to-speed-up-workflows" class="dotcom-only">Caching dependencies to speed up workflows</a>."
 
 ## Examples of common tasks
 

content/admin/advanced-security/enabling-github-advanced-security-for-your-enterprise.md

@@ -33,7 +33,7 @@ When you enable {% data variables.product.prodname_GH_advanced_security %} for y
 
     - {% data variables.product.prodname_code_scanning_capc %}, see "[Configuring {% data variables.product.prodname_code_scanning %} for your appliance](/admin/advanced-security/configuring-code-scanning-for-your-appliance#prerequisites-for-code-scanning)."
     - {% data variables.product.prodname_secret_scanning_caps %}, see "[Configuring {% data variables.product.prodname_secret_scanning %} for your appliance](/admin/advanced-security/configuring-secret-scanning-for-your-appliance#prerequisites-for-secret-scanning)."{% endif %}
-    - {% data variables.product.prodname_dependabot %}, see "[Enabling alerts for vulnerable dependencies on {% data variables.product.prodname_ghe_server %}](/admin/configuration/managing-connections-between-github-enterprise-server-and-github-enterprise-cloud/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server)." 
+    - {% data variables.product.prodname_dependabot %}, see "[Enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} on your enterprise account](/admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-the-dependency-graph-and-dependabot-alerts-on-your-enterprise-account)." 
 
 ## Checking whether your license includes {% data variables.product.prodname_GH_advanced_security %}
 

content/admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-the-dependency-graph-and-dependabot-alerts-on-your-enterprise-account.md

@@ -0,0 +1,114 @@
+---
+title: Enabling the dependency graph and Dependabot alerts on your enterprise account
+intro: 'You can connect {% data variables.product.product_location %} to {% data variables.product.prodname_ghe_cloud %} and enable the dependency graph and {% data variables.product.prodname_dependabot %} alerts in repositories in your instance.'
+shortTitle: Enable dependency analysis
+redirect_from:
+  - /enterprise/admin/installation/enabling-security-alerts-for-vulnerable-dependencies-on-github-enterprise-server
+  - /enterprise/admin/configuration/enabling-security-alerts-for-vulnerable-dependencies-on-github-enterprise-server
+  - /enterprise/admin/configuration/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server
+  - /admin/configuration/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server
+  - /admin/configuration/managing-connections-between-github-enterprise-server-and-github-enterprise-cloud/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server
+  - /admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server
+permissions: 'Enterprise owners who are also owners of the connected {% data variables.product.prodname_ghe_cloud %} organization or enterprise account can enable the dependency graph and {% data variables.product.prodname_dependabot %} alerts on {% data variables.product.product_location %}.'
+versions:
+  ghes: '*'
+  ghae: "issue-4864" 
+type: how_to
+topics:
+  - Enterprise
+  - Security
+  - Dependency graph
+  - Dependabot
+---
+## About alerts for vulnerable dependencies on {% data variables.product.product_location %}
+
+{% data reusables.dependabot.dependabot-alerts-beta %}
+
+{% data variables.product.prodname_dotcom %} identifies vulnerable dependencies in repositories and creates {% data variables.product.prodname_dependabot_alerts %} on {% data variables.product.product_location %}, using:
+
+- Data from the {% data variables.product.prodname_advisory_database %}
+- The dependency graph service
+
+For more information about these features, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)" and "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)."
+
+### About synchronization of data from the {% data variables.product.prodname_advisory_database %}
+
+{% data reusables.repositories.tracks-vulnerabilities %} 
+
+You can connect {% data variables.product.product_location %} to {% data variables.product.prodname_dotcom_the_website %} with {% data variables.product.prodname_github_connect %}. Once connected, vulnerability data is synced from the {% data variables.product.prodname_advisory_database %} to your instance once every hour. You can also choose to manually sync vulnerability data at any time. No code or information about code from {% data variables.product.product_location %} is uploaded to {% data variables.product.prodname_dotcom_the_website %}.
+
+### About generation of {% data variables.product.prodname_dependabot_alerts %}
+
+If you enable vulnerability detection, when {% data variables.product.product_location %} receives information about a vulnerability, it identifies repositories in your instance that use the affected version of the dependency and generates {% data variables.product.prodname_dependabot_alerts %}. You can choose whether or not to notify users automatically about new {% data variables.product.prodname_dependabot_alerts %}.
+
+## Enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies on {% data variables.product.product_location %}
+
+### Prerequisites
+
+For {% data variables.product.product_location %} to detect vulnerable dependencies and generate {% data variables.product.prodname_dependabot_alerts %}:
+- You must connect {% data variables.product.product_location %} to {% data variables.product.prodname_dotcom_the_website %}. {% ifversion ghae %}This also enables the dependency graph service. {% endif %}{% ifversion ghes or ghae-next %}For more information, see "[Connecting your enterprise account to {% data variables.product.prodname_ghe_cloud %}](/admin/configuration/managing-connections-between-your-enterprise-accounts/connecting-your-enterprise-account-to-github-enterprise-cloud)."{% endif %}
+{% ifversion ghes %}- You must enable the dependency graph service.{% endif %}
+- You must enable vulnerability scanning.
+
+{% ifversion ghes %}
+{% ifversion ghes > 3.1 %}
+You can enable the dependency graph via the {% data variables.enterprise.management_console %} or the administrative shell. We recommend you follow the {% data variables.enterprise.management_console %} route unless {% data variables.product.product_location %} uses clustering. 
+
+### Enabling the dependency graph via the {% data variables.enterprise.management_console %}
+{% data reusables.enterprise_site_admin_settings.sign-in %}
+{% data reusables.enterprise_site_admin_settings.access-settings %}
+{% data reusables.enterprise_site_admin_settings.management-console %}
+{% data reusables.enterprise_management_console.advanced-security-tab %}
+1. Under "Security," click **Dependency graph**.
+![Checkbox to enable or disable the dependency graph](/assets/images/enterprise/3.2/management-console/enable-dependency-graph-checkbox.png)
+{% data reusables.enterprise_management_console.save-settings %}
+1. Click **Visit your instance**.
+
+### Enabling the dependency graph via the administrative shell
+{% endif %}{% ifversion ghes < 3.2 %}
+### Enabling the dependency graph
+{% endif %}
+{% data reusables.enterprise_site_admin_settings.sign-in %}
+1. In the administrative shell, enable the dependency graph on {% data variables.product.product_location %}:
+    ``` shell
+    $ {% ifversion ghes > 3.1 %}ghe-config app.dependency-graph.enabled true{% else %}ghe-config app.github.dependency-graph-enabled true{% endif %}
+    ```
+   {% note %}
+
+   **Note**: For more information about enabling access to the administrative shell via SSH, see "[Accessing the administrative shell (SSH)](/enterprise/{{ currentVersion }}/admin/configuration/accessing-the-administrative-shell-ssh)."
+
+   {% endnote %}
+1. Apply the configuration.
+    ```shell
+    $ ghe-config-apply
+    ```
+1. Return to {% data variables.product.prodname_ghe_server %}.
+{% endif %}
+
+### Enabling {% data variables.product.prodname_dependabot_alerts %}
+
+{% ifversion ghes %}
+Before enabling {% data variables.product.prodname_dependabot_alerts %} for your instance, you need to enable the dependency graph. For more information, see above.
+{% endif %}
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{%- ifversion ghes < 3.1 %}{% data reusables.enterprise-accounts.settings-tab %}{% endif %}
+{% data reusables.enterprise-accounts.github-connect-tab %}
+1. Under "Repositories can be scanned for vulnerabilities", select the drop-down menu and click **Enabled without notifications**. Optionally, to enable alerts with notifications, click **Enabled with notifications**.
+   ![Drop-down menu to enable scanning repositories for vulnerabilities](/assets/images/enterprise/site-admin-settings/enable-vulnerability-scanning-in-repositories.png)
+
+   {% tip %}
+   
+   **Tip**: We recommend configuring {% data variables.product.prodname_dependabot_alerts %} without notifications for the first few days to avoid an overload of emails. After a few days, you can enable notifications to receive {% data variables.product.prodname_dependabot_alerts %} as usual.
+
+   {% endtip %}
+
+## Viewing vulnerable dependencies on {% data variables.product.product_location %}
+
+You can view all vulnerabilities in {% data variables.product.product_location %} and manually sync vulnerability data from {% data variables.product.prodname_dotcom_the_website %} to update the list.
+
+{% data reusables.enterprise_site_admin_settings.access-settings %}
+2. In the left sidebar, click **Vulnerabilities**.
+  ![Vulnerabilities tab in the site admin sidebar](/assets/images/enterprise/business-accounts/vulnerabilities-tab.png)
+3. To sync vulnerability data, click **Sync Vulnerabilities now**.
+  ![Sync vulnerabilities now button](/assets/images/enterprise/site-admin-settings/sync-vulnerabilities-button.png)

content/admin/configuration/managing-connections-between-your-enterprise-accounts/index.md

@@ -18,7 +18,7 @@ children:
   - /connecting-your-enterprise-account-to-github-enterprise-cloud
   - /enabling-unified-search-between-your-enterprise-account-and-githubcom
   - /enabling-unified-contributions-between-your-enterprise-account-and-githubcom
-  - /enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server
+  - /enabling-the-dependency-graph-and-dependabot-alerts-on-your-enterprise-account
   - /enabling-automatic-user-license-sync-between-github-enterprise-server-and-github-enterprise-cloud
 shortTitle: Connect enterprise accounts
 ---

content/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository.md

@@ -8,6 +8,7 @@ versions:
   fpt: '*'
   ghes: '>=3.0'
   ghae: '*'
+miniTocMaxHeadingLevel: 3
 redirect_from:
   - /github/managing-security-vulnerabilities/managing-alerts-from-automated-code-scanning
   - /github/finding-security-vulnerabilities-and-errors-in-your-code/managing-alerts-from-code-scanning
@@ -58,6 +59,25 @@ To calculate the security severity of an alert, we use Common Vulnerability Scor
 
 By default, any code scanning results with a security severity of `Critical` or `High` will cause a check failure. You can specify which security severity level for code scanning results should cause a check failure. For more information, see "[Defining the severities causing pull request check failure](/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#defining-the-severities-causing-pull-request-check-failure)."{% endif %}
 
+### About labels for alerts that are not found in application code
+
+{% data variables.product.product_name %} assigns a category label to alerts that are not found in application code. The label relates to the location of the alert.
+
+- **Generated**: Code generated by the build process
+- **Test**: Test code
+- **Library**: Library or third-party code
+- **Documentation**: Documentation
+
+{% data variables.product.prodname_code_scanning_capc %} categorizes files by file path. You cannot manually categorize source files.
+
+Here is an example from the {% data variables.product.prodname_code_scanning %} alert list of an alert marked as occuring in library code.
+
+![Code scanning library alert in list](/assets/images/help/repository/code-scanning-library-alert-index.png)
+
+On the alert page, you can see that the filepath is marked as library code (`Library` label).
+
+![Code scanning library alert details](/assets/images/help/repository/code-scanning-library-alert-show.png)
+
 ## Viewing the alerts for a repository
 
 Anyone with read permission for a repository can see {% data variables.product.prodname_code_scanning %} annotations on pull requests. For more information, see "[Triaging {% data variables.product.prodname_code_scanning %} alerts in pull requests](/code-security/secure-coding/triaging-code-scanning-alerts-in-pull-requests)."
@@ -112,14 +132,7 @@ If you enter multiple filters, the view will show alerts matching _all_ these fi
 
 ### Restricting results to application code only
 
-You can use the "Only alerts in application code" filter or `autofilter:true` keyword and value to restrict results to alerts in application code. Application code excludes the following.
-
-- Code generated by the build process
-- Test code
-- Library or third-party code
-- Documentation
-
-{% data variables.product.prodname_code_scanning_capc %} categorizes files by file path. At this time, you cannot manually categorize source files.
+You can use the "Only alerts in application code" filter or `autofilter:true` keyword and value to restrict results to alerts in application code. See "[About labels for alerts not in application code](#about-labels-for-alerts-that-are-not-found-in-application-code)" above for more information about the types of code that are not application code.
 
 {% ifversion fpt or ghes > 3.1 %}
 

content/code-security/getting-started/github-security-features.md

@@ -19,9 +19,9 @@ topics:
 
 The {% data variables.product.prodname_advisory_database %} contains a curated list of security vulnerabilities that you can view, search, and filter. {% data reusables.security-advisory.link-browsing-advisory-db %}
 
-{% ifversion fpt or ghes > 2.22 %}
+{% ifversion fpt or ghes > 2.22 or ghae-issue-4864 %}
 ## Available for all repositories
-
+{% endif %}
 {% ifversion fpt or ghes > 3.0 or ghae-next %}
 ### Security policy
   
@@ -39,9 +39,11 @@ View alerts about dependencies that are known to contain security vulnerabilitie
 and "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)."
 {% endif %}
 
-{% ifversion ghes > 2.22 %}
+{% ifversion ghes > 2.22 or ghae-issue-4864 %}
 ### {% data variables.product.prodname_dependabot_alerts %}
 
+{% data reusables.dependabot.dependabot-alerts-beta %}
+
 View alerts about dependencies that are known to contain security vulnerabilities, and manage these alerts. For more information, see "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies)."
 {% endif %}
 
@@ -51,6 +53,7 @@ View alerts about dependencies that are known to contain security vulnerabilitie
 Use {% data variables.product.prodname_dependabot %} to automatically raise pull requests to keep your dependencies up-to-date. This helps reduce your exposure to older versions of dependencies. Using newer versions makes it easier to apply patches if security vulnerabilities are discovered, and also makes it easier for {% data variables.product.prodname_dependabot_security_updates %} to successfully raise pull requests to upgrade vulnerable dependencies. For more information, see "[About {% data variables.product.prodname_dependabot_version_updates %}](/github/administering-a-repository/about-dependabot-version-updates)."
 {% endif %}
 
+{% ifversion fpt or ghes > 2.22 or ghae-issue-4864 %}
 ### Dependency graph
 The dependency graph allows you to explore the ecosystems and packages that your repository depends on and the repositories and packages that depend on your repository.
 
@@ -75,7 +78,7 @@ Automatically detect security vulnerabilities and coding errors in new or modifi
 
 {% endif %}
 
-{% ifversion fpt or ghes > 3.1 %}
+{% ifversion fpt or ghes > 3.1 or ghae-issue-4864 %}
 ### Dependency review
 
 Show the full impact of changes to dependencies and see details of any vulnerable versions before you merge a pull request. For more information, see "[About dependency review](/code-security/supply-chain-security/about-dependency-review)."

content/code-security/getting-started/securing-your-repository.md

@@ -46,36 +46,47 @@ For more information, see "[Adding a security policy to your repository](/code-s
 
 {% endif %}
 
-{% ifversion fpt or ghes > 2.22 %}
+{% ifversion fpt or ghes > 2.22 or ghae-issue-4864 %}
 ## Managing the dependency graph
 
-Once you have [enabled the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#enabling-the-dependency-graph), it is automatically generated for {% ifversion fpt or ghes > 2.22 %} all public repositories, and you can choose to enable it for private repositories.{% else %} all repositories.{% endif %}
+{% ifversion fpt %}
+Once you have [enabled the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#enabling-the-dependency-graph), it is automatically generated for all public repositories, and you can choose to enable it for private repositories.
 
 1. From the main page of your repository, click **{% octicon "gear" aria-label="The Settings gear" %} Settings**.
 2. Click **Security & analysis**.
 3. Next to Dependency graph, click **Enable** or **Disable**.
+{% endif %}
+
+{% data reusables.dependabot.dependabot-alerts-dependency-graph-enterprise %}
 
 For more information, see "[Exploring the dependencies of a repository](/code-security/supply-chain-security/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)."
 
 {% endif %}
 
-{% ifversion fpt or ghes > 2.22 %}
+{% ifversion fpt or ghes > 2.22 or ghae-issue-4864 %}
 ## Managing {% data variables.product.prodname_dependabot_alerts %}
 
-By default, {% data variables.product.prodname_dotcom %} detects vulnerabilities in public repositories and generates {% data variables.product.prodname_dependabot_alerts %}. {% data variables.product.prodname_dependabot_alerts %} can also be enabled for private repositories.
+{% ifversion fpt %}By default, {% data variables.product.prodname_dotcom %} detects vulnerabilities in public repositories and generates {% data variables.product.prodname_dependabot_alerts %}. {% data variables.product.prodname_dependabot_alerts %} can also be enabled for private repositories.
 
 1. Click your profile photo, then click **Settings**.
 2. Click **Security & analysis**.
 3. Click **Enable all** next to {% data variables.product.prodname_dependabot_alerts %}.
+{% endif %}
+
+{% data reusables.dependabot.dependabot-alerts-beta %}
+{% data reusables.dependabot.dependabot-alerts-dependency-graph-enterprise %}
 
 For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies){% ifversion fpt %}" and "[Managing security and analysis settings for your user account](/github/setting-up-and-managing-your-github-user-account/managing-security-and-analysis-settings-for-your-user-account){% endif %}."
 
 {% endif %}
 
-{% ifversion fpt or ghes > 3.1 %}
+{% ifversion fpt or ghes > 3.1 or ghae-issue-4864 %}
 ## Managing dependency review
 
-Dependency review lets you visualize dependency changes in pull requests before they are merged into your repository. Dependency review is available in all public repositories and in repositories owned by organizations with an {% data variables.product.prodname_advanced_security %} license that have the dependency graph enabled. For more information, see "[About dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)."
+Dependency review lets you visualize dependency changes in pull requests before they are merged into your repositories. 
+{%- ifversion fpt %}Dependency review is available in all public repositories. For private and internal repositories you require a license for {% data variables.product.prodname_advanced_security %}. To enable dependency review for a repository, enable the dependency graph and enable {% data variables.product.prodname_advanced_security %}. 
+{%- elsif ghes or ghae %}Dependency review is available when dependency graph is enabled for {% data variables.product.product_location %} and you enable {% data variables.product.prodname_advanced_security %} for the repository (see below).{% endif %}
+For more information, see "[About dependency review](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review)."
 
 {% endif %}
 

content/code-security/supply-chain-security/index.md

@@ -8,6 +8,7 @@ redirect_from:
 versions:
   fpt: '*'
   ghes: '>=3.0'
+  ghae: "issue-4864"
 topics:
   - Dependabot
   - Dependencies

content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-managing-vulnerable-dependencies.md

@@ -1,12 +1,13 @@
 ---
 title: About managing vulnerable dependencies
-intro: '{% data variables.product.prodname_dotcom %} helps you to avoid using third-party software that contains known vulnerabilities.'
+intro: '{% data variables.product.product_name %} helps you to avoid using third-party software that contains known vulnerabilities.'
 redirect_from:
   - /github/managing-security-vulnerabilities/about-managing-vulnerable-dependencies
   - /code-security/supply-chain-security/about-managing-vulnerable-dependencies
 versions:
   fpt: '*'
   ghes: '>=3.2'
+  ghae: "issue-4864"
 type: overview
 topics:
   - Dependabot
@@ -20,7 +21,7 @@ shortTitle: Vulnerable dependencies
 ---
 <!--Marketing-LINK: From /features/security/software-supply-chain page "Managing vulnerabilities in your project’s dependencies ".-->
 
-{% data variables.product.prodname_dotcom %} provides the following tools for removing and avoiding vulnerable dependencies.
+{% data variables.product.product_name %} provides the following tools for removing and avoiding vulnerable dependencies.
 
 ## Dependency graph
 The dependency graph is a summary of the manifest and lock files stored in a repository. It shows you the ecosystems and packages your codebase depends on (its dependencies) and the repositories and packages that depend on your project (its dependents). The information in the dependency graph is used by dependency review and {% data variables.product.prodname_dependabot %}.
@@ -33,13 +34,12 @@ For more information, see "[About the dependency graph](/github/visualizing-repo
 By checking the dependency reviews on pull requests you can avoid introducing vulnerabilities from dependencies into your codebase. If the pull requests adds a vulnerable dependency, or changes a dependency to a vulnerable version, this is highlighted in the dependency review. You can change the dependency to a patched version before merging the pull request. For more information, see "[About dependency review](/code-security/supply-chain-security/about-dependency-review)."
 
 ## {% data variables.product.prodname_dependabot_alerts %}
-{% data variables.product.prodname_dotcom %} can create {% data variables.product.prodname_dependabot_alerts %} when it detects vulnerable dependencies in your repository. The alert is displayed on the Security tab for the repository. The alert includes a link to the affected file in the project, and information about a fixed version. {% data variables.product.prodname_dotcom %} also notifies the maintainers of the repository, according to their notification preferences. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."
+{% data variables.product.product_name %}} can create {% data variables.product.prodname_dependabot_alerts %} when it detects vulnerable dependencies in your repository. The alert is displayed on the Security tab for the repository. The alert includes a link to the affected file in the project, and information about a fixed version. {% data variables.product.product_name %} also notifies the maintainers of the repository, according to their notification preferences. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."
 
 {% ifversion fpt %}
 ## {% data variables.product.prodname_dependabot_security_updates %}
-When {% data variables.product.prodname_dotcom %} generates a {% data variables.product.prodname_dependabot %} alert for a vulnerable dependency in your repository, {% data variables.product.prodname_dependabot %} can automatically try to fix it for you. {% data variables.product.prodname_dependabot_security_updates %} are automatically generated pull requests that update a vulnerable dependency to a fixed version. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)."
+When {% data variables.product.product_name %} generates a {% data variables.product.prodname_dependabot %} alert for a vulnerable dependency in your repository, {% data variables.product.prodname_dependabot %} can automatically try to fix it for you. {% data variables.product.prodname_dependabot_security_updates %} are automatically generated pull requests that update a vulnerable dependency to a fixed version. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)."
 
 ## {% data variables.product.prodname_dependabot_version_updates %}
 Enabling {% data variables.product.prodname_dependabot_version_updates %} takes the effort out of maintaining your dependencies. With {% data variables.product.prodname_dependabot_version_updates %}, whenever {% data variables.product.prodname_dotcom  %} identifies an outdated dependency, it raises a pull request to update the manifest to the latest version of the dependency. By contrast, {% data variables.product.prodname_dependabot_security_updates %} only raises pull requests to fix vulnerable dependencies. For more information, see "[About Dependabot version updates](/github/administering-a-repository/about-dependabot-version-updates)."
-
 {% endif %}

content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies.md

@@ -8,6 +8,7 @@ redirect_from:
 versions:
   fpt: '*'
   ghes: '>=3.0'
+  ghae: "issue-4864"
 type: how_to
 topics:
   - Dependabot
@@ -27,10 +28,11 @@ When {% data variables.product.prodname_dependabot %} detects vulnerable depende
 {% ifversion fpt %}If you're an organization owner, you can enable or disable {% data variables.product.prodname_dependabot_alerts %} for all repositories in your organization with one click. You can also set whether the detection of vulnerable dependencies will be enabled or disabled for newly-created repositories. For more information, see "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization#enabling-or-disabling-a-feature-for-all-new-repositories-when-they-are-added)."
 {% endif %}
 
-{% ifversion ghes %}
-By default, if your site administrator has configured email for notifications on your enterprise, you will receive {% data variables.product.prodname_dependabot_alerts %} by email.{% endif %}
+{% ifversion ghes or ghae-issue-4864 %}
+By default, if your enterprise owner has configured email for notifications on your enterprise, you will receive {% data variables.product.prodname_dependabot_alerts %} by email.
 
-{% ifversion ghes %}Site administrators can also enable {% data variables.product.prodname_dependabot_alerts %} without notifications. For more information, see "[Enabling {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies on {% data variables.product.prodname_ghe_server %}](/admin/configuration/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server#enabling-dependabot-alerts)."{% endif %}
+Enterprise owners can also enable {% data variables.product.prodname_dependabot_alerts %} without notifications. For more information, see "[Enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} on your enterprise account](/admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-the-dependency-graph-and-dependabot-alerts-on-your-enterprise-account)."
+{% endif %}
 
 ## Configuring notifications for {% data variables.product.prodname_dependabot_alerts %}
 

content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/index.md

@@ -10,6 +10,7 @@ redirect_from:
 versions:
   fpt: '*'
   ghes: '>=3.0'
+  ghae: "issue-4864"
 topics:
   - Repositories
   - Dependabot

content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/troubleshooting-the-detection-of-vulnerable-dependencies.md

@@ -8,6 +8,7 @@ redirect_from:
 versions:
   fpt: '*'
   ghes: '>=3.0'
+  ghae: "issue-4864"
 type: how_to
 topics:
   - Dependabot
@@ -33,7 +34,7 @@ The results of dependency detection reported by {% data variables.product.produc
 *   {% data variables.product.prodname_dependabot %} scans any push, to the default branch, that contains a manifest file. When a new vulnerability record is added, it scans all existing repositories and generates an alert for each vulnerable repository. {% data variables.product.prodname_dependabot_alerts %} are aggregated at the repository level, rather than creating one alert per vulnerability. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."
 *   {% ifversion fpt %}{% data variables.product.prodname_dependabot_security_updates %} are triggered when you receive an alert about a vulnerable dependency in your repository. Where possible, {% data variables.product.prodname_dependabot %} creates a pull request in your repository to upgrade the vulnerable dependency to the minimum possible secure version needed to avoid the vulnerability. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)" and "[Troubleshooting {% data variables.product.prodname_dependabot %} errors](/github/managing-security-vulnerabilities/troubleshooting-dependabot-errors)."
   
-    {% endif %}{% data variables.product.prodname_dependabot %} doesn't scan repositories for vulnerable dependencies on a schedule, but rather when something changes. For example, a scan is triggered when a new dependency is added ({% data variables.product.prodname_dotcom %} checks for this on every push), or when a new vulnerability is added to the advisory database{% ifversion ghes > 2.22 %} and synchronized to {% data variables.product.prodname_ghe_server %}{% endif %}. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#detection-of-vulnerable-dependencies)."
+    {% endif %}{% data variables.product.prodname_dependabot %} doesn't scan repositories for vulnerable dependencies on a schedule, but rather when something changes. For example, a scan is triggered when a new dependency is added ({% data variables.product.prodname_dotcom %} checks for this on every push), or when a new vulnerability is added to the advisory database{% ifversion ghes > 2.22 or ghae-issue-4864 %} and synchronized to {% data variables.product.product_location %}{% endif %}. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies#detection-of-vulnerable-dependencies)."
 
 ## Why don't I get vulnerability alerts for some ecosystems?
 

content/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/viewing-and-updating-vulnerable-dependencies-in-your-repository.md

@@ -6,10 +6,11 @@ redirect_from:
   - /github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository
   - /code-security/supply-chain-security/viewing-and-updating-vulnerable-dependencies-in-your-repository
 permissions: Repository administrators and organization owners can view and update dependencies.
-shortTitle: Fix vulnerable dependencies
+shortTitle: View vulnerable dependencies
 versions:
   fpt: '*'
   ghes: '>=3.0'
+  ghae: "issue-4864"
 type: how_to
 topics:
   - Dependabot
@@ -19,7 +20,7 @@ topics:
   - Pull requests
   - Repositories
 ---
-Your repository's {% data variables.product.prodname_dependabot %} alerts tab lists all open and closed {% data variables.product.prodname_dependabot_alerts %}{% ifversion fpt %} and corresponding {% data variables.product.prodname_dependabot_security_updates %}{% endif %}. You can sort the list of alerts using the drop-down menu, and you can click into specific alerts for more details. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."
+Your repository's {% data variables.product.prodname_dependabot %} alerts tab lists all open and closed {% data variables.product.prodname_dependabot_alerts %}{% ifversion fpt %} and corresponding {% data variables.product.prodname_dependabot_security_updates %}{% endif %}. You can sort the list of alerts by selecting the drop-down menu, and you can click into specific alerts for more details. For more information, see "[About alerts for vulnerable dependencies](/code-security/supply-chain-security/about-alerts-for-vulnerable-dependencies)."
 
 {% ifversion fpt %}
 You can enable automatic security updates for any repository that uses {% data variables.product.prodname_dependabot_alerts %} and the dependency graph. For more information, see "[About {% data variables.product.prodname_dependabot_security_updates %}](/github/managing-security-vulnerabilities/about-dependabot-security-updates)."
@@ -43,17 +44,17 @@ You can enable automatic security updates for any repository that uses {% data v
 1. Optionally, if there isn't already a {% data variables.product.prodname_dependabot_security_updates %} update for the alert, to create a pull request to resolve the vulnerability, click **Create {% data variables.product.prodname_dependabot %} security update**.
   ![Create {% data variables.product.prodname_dependabot %} security update button](/assets/images/help/repository/create-dependabot-security-update-button.png)
 1. When you're ready to update your dependency and resolve the vulnerability, merge the pull request. Each pull request raised by {% data variables.product.prodname_dependabot %} includes information on commands you can use to control {% data variables.product.prodname_dependabot %}. For more information, see "[Managing pull requests for dependency updates](/github/administering-a-repository/managing-pull-requests-for-dependency-updates#managing-dependabot-pull-requests-with-comment-commands)."
-1. Optionally, if the alert is being fixed, if it's incorrect, or located in unused code, use the "Dismiss" drop-down, and click a reason for dismissing the alert.
+1. Optionally, if the alert is being fixed, if it's incorrect, or located in unused code, select the "Dismiss" drop-down, and click a reason for dismissing the alert.
    ![Choosing reason for dismissing the alert via the "Dismiss" drop-down](/assets/images/help/repository/dependabot-alert-dismiss-drop-down.png)
 
-{% elsif ghes > 3.0 %}
+{% elsif ghes > 3.0 or ghae-issue-4864 %}
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-security %}
 {% data reusables.repositories.sidebar-dependabot-alerts %}
 1. Click the alert you'd like to view.
   ![Alert selected in list of alerts](/assets/images/enterprise/graphs/click-alert-in-alerts-list.png)
 1. Review the details of the vulnerability and determine whether or not you need to update the dependency.
-1. When you merge a pull request that updates the manifest or lock file to a secure version of the dependency, this will resolve the alert. Alternatively, if you decide not to update the dependency, click the **Dismiss** drop-down, and select a reason for dismissing the alert.
+1. When you merge a pull request that updates the manifest or lock file to a secure version of the dependency, this will resolve the alert. Alternatively, if you decide not to update the dependency, select the **Dismiss** drop-down, and click a reason for dismissing the alert.
    ![Choosing reason for dismissing the alert via the "Dismiss" drop-down](/assets/images/enterprise/repository/dependabot-alert-dismiss-drop-down.png)
 
 {% else %}

content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md

@@ -6,6 +6,7 @@ shortTitle: Dependency review
 versions:
   fpt: '*'
   ghes: '>= 3.2'
+  ghae: "issue-4864"
 type: overview
 topics:
   - Advanced Security
@@ -25,10 +26,14 @@ redirect_from:
 
 If a pull request targets your repository's default branch and contains changes to package manifests or lock files, you can display a dependency review to see what has changed. The dependency review includes details of changes to indirect dependencies in lock files, and it tells you if any of the added or updated dependencies contain known vulnerabilities.
 
+{% ifversion fpt %}
 Dependency review is available in:
 
 * All public repositories. 
 * Private repositories owned by organizations with an {% data variables.product.prodname_advanced_security %} license that have the dependency graph enabled. For more information, see "[Exploring the dependencies of a repository](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph-for-a-private-repository)."
+{% elsif ghes or ghae %}
+Dependency review is available when dependency graph is enabled for {% data variables.product.product_location %} and {% data variables.product.prodname_advanced_security %} is enabled for the organization or repository.
+{% endif %}
 
 Sometimes you might just want to update the version of one dependency in a manifest and generate a pull request. However, if the updated version of this direct dependency also has updated dependencies, your pull request may have more changes than you expected. The dependency review for each manifest and lock file provides an easy way to see what has changed, and whether any of the new dependency versions contain known vulnerabilities.
 
@@ -40,4 +45,4 @@ Dependency review supports the same languages and package management ecosystems
 
 ## Enabling dependency review
 
-The dependency review feature becomes available when you enable the dependency graph. {% ifversion fpt %}For more information, see "[Enabling the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#enabling-the-dependency-graph)."{% endif %}{% ifversion ghes > 3.1 %}For more information, see "[Enabling alerts for vulnerable dependencies on {% data variables.product.prodname_ghe_server %}](/admin/configuration/managing-connections-between-github-enterprise-server-and-github-enterprise-cloud/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server)."{% endif %}
+The dependency review feature becomes available when you enable the dependency graph. {% ifversion fpt %}For more information, see "[Enabling the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#enabling-the-dependency-graph)."{% endif %}{% ifversion ghes or ghae %}For more information, see "[Enabling the dependency graph and Dependabot alerts on your enterprise account](/admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-the-dependency-graph-and-dependabot-alerts-on-your-enterprise-account)."{% endif %}

content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md

@@ -7,6 +7,7 @@ redirect_from:
 versions:
   fpt: '*'
   ghes: '>=3.0'
+  ghae: "issue-4864"
 type: overview
 topics:
   - Dependency graph
@@ -19,18 +20,20 @@ shortTitle: Dependency graph
 
 ## Dependency graph availability
 
-The dependency graph is available for every{% ifversion fpt %} public{% endif %} repository that defines dependencies in a supported package ecosystem using a supported file format.{% ifversion fpt %} Repository administrators can also set up the dependency graph for private repositories.{% endif %}
+{% ifversion fpt %}The dependency graph is available for every public repository that defines dependencies in a supported package ecosystem using a supported file format. Repository administrators can also set up the dependency graph for private repositories.{% endif %}
+
+{% data reusables.dependabot.dependabot-alerts-dependency-graph-enterprise %}
 
 ## About the dependency graph
 
 The dependency graph is a summary of the manifest and lock files stored in a repository. For each repository, it shows{% ifversion fpt %}:
 
 - Dependencies, the ecosystems and packages it depends on
-- Dependents, the repositories and packages that depend on it{% else %} dependencies, that is, the ecosystems and packages it depends on. {% data variables.product.prodname_ghe_server %} does not calculate information about dependents, the repositories and packages that depend on a repository.{% endif %}
+- Dependents, the repositories and packages that depend on it{% else %} dependencies, that is, the ecosystems and packages it depends on. {% data variables.product.product_name %} does not calculate information about dependents, the repositories and packages that depend on a repository.{% endif %}
 
 When you push a commit to {% data variables.product.product_name %} that changes or adds a supported manifest or lock file to the default branch, the dependency graph is automatically updated.{% ifversion fpt %} In addition, the graph is updated when anyone pushes a change to the repository of one of your dependencies.{% endif %} For information on the supported ecosystems and manifest files, see "[Supported package ecosystems](#supported-package-ecosystems)" below.
 
-{% ifversion fpt or ghes > 3.1 %}
+{% ifversion fpt or ghes > 3.1 or ghae %}
 When you create a pull request containing changes to dependencies that targets the default branch, {% data variables.product.prodname_dotcom %} uses the dependency graph to add dependency reviews to the pull request. These indicate whether the dependencies contain vulnerabilities and, if so, the version of the dependency in which the vulnerability was fixed. For more information, see "[About dependency review](/code-security/supply-chain-security/about-dependency-review)."
 {% endif %}
 
@@ -61,7 +64,7 @@ You can use the dependency graph to:
 
 {% ifversion fpt %}To generate a dependency graph, {% data variables.product.product_name %} needs read-only access to the dependency manifest and lock files for a repository. The dependency graph is automatically generated for all public repositories and you can choose to enable it for private repositories. For information about enabling or disabling it for private repositories, see "[Exploring the dependencies of a repository](/github/visualizing-repository-data-with-graphs/exploring-the-dependencies-of-a-repository)."{% endif %}
 
-{% ifversion ghes %}If the dependency graph is not available in your system, your site administrator can enable the dependency graph and {% data variables.product.prodname_dependabot_alerts %}. For more information, see "[Enabling alerts for vulnerable dependencies on {% data variables.product.prodname_ghe_server %}](/admin/configuration/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server)."{% endif %}
+{% ifversion ghes or ghae %}If the dependency graph is not available in your system, your enterprise owner can enable the dependency graph and {% data variables.product.prodname_dependabot_alerts %}. For more information, see  "[Enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} on your enterprise account](/admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-the-dependency-graph-and-dependabot-alerts-on-your-enterprise-account)."{% endif %}
 
 When the dependency graph is first enabled, any manifest and lock files for supported ecosystems are parsed immediately. The graph is usually populated within minutes but this may take longer for repositories with many dependencies. Once enabled, the graph is automatically updated with every push to the repository{% ifversion fpt %} and every push to other repositories in the graph{% endif %}.
 
@@ -73,7 +76,7 @@ The recommended formats explicitly define which versions are used for all direct
 | --- | --- | --- | ---|
 | Composer             | PHP           | `composer.lock` | `composer.json`, `composer.lock` |
 | `dotnet` CLI | .NET languages (C#, C++, F#, VB)  |   `.csproj`, `.vbproj`, `.nuspec`, `.vcxproj`, `.fsproj` |  `.csproj`, `.vbproj`, `.nuspec`, `.vcxproj`, `.fsproj`, `packages.config` |
-{%- ifversion fpt or ghes > 3.2 %}
+{%- ifversion fpt or ghes > 3.2 or ghae %}
 | Go modules | Go | `go.sum` | `go.mod`, `go.sum` |
 {%- elsif ghes = 3.2 %}
 | Go modules | Go | `go.mod` | `go.mod` |

content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md

@@ -12,6 +12,7 @@ redirect_from:
 versions:
   fpt: '*'
   ghes: '>=3.0'
+  ghae: "issue-4864"
 type: how_to
 topics:
   - Dependency graph
@@ -23,8 +24,6 @@ shortTitle: Explore dependencies
 
 ## Viewing the dependency graph
 
-{% data reusables.repositories.enable-security-alerts %}
-
 The dependency graph shows the dependencies{% ifversion fpt %} and dependents{% endif %} of your repository. For information about the detection of dependencies and which ecosystems are supported, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)."
 
 {% data reusables.repositories.navigate-to-repo %}
@@ -33,6 +32,10 @@ The dependency graph shows the dependencies{% ifversion fpt %} and dependents{%
 4. Optionally, under "Dependency graph", click **Dependents**.
 ![Dependents tab on the dependency graph page](/assets/images/help/graphs/dependency-graph-dependents-tab.png){% endif %}
 
+{% ifversion ghes or ghae-issue-4864 %}
+Enterprise owners can configure the dependency graph at an enterprise level. For more information, see "[Enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} on your enterprise account](/admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-the-dependency-graph-and-dependabot-alerts-on-your-enterprise-account)."
+{% endif %}
+
 ### Dependencies view
 
 {% ifversion fpt %}
@@ -44,14 +47,14 @@ If vulnerabilities have been detected in the repository, these are shown at the
 
 {% endif %}
 
-{% ifversion ghes %}
+{% ifversion ghes or ghae %}
 Any direct and indirect dependencies that are specified in the repository's manifest or lock files are listed, grouped by ecosystem. If vulnerabilities have been detected in the repository, these are shown at the top of the view for users with access to {% data variables.product.prodname_dependabot_alerts %}.
 
 ![Dependencies graph](/assets/images/help/graphs/dependencies_graph_server.png)
 
 {% note %}
 
-**Note:** {% data variables.product.prodname_ghe_server %} does not populate the **Dependents** view.
+**Note:** {% data variables.product.product_name %} does not populate the **Dependents** view.
 
 {% endnote %}
 

content/code-security/supply-chain-security/understanding-your-software-supply-chain/index.md

@@ -3,6 +3,7 @@ title: Understanding your software supply chain
 versions:
   fpt: '*'
   ghes: '>=3.0'
+  ghae: "issue-4864"
 topics:
   - Dependency graph
   - Dependencies

content/codespaces/managing-codespaces-for-your-organization/managing-repository-access-for-your-organizations-codespaces.md

@@ -17,7 +17,7 @@ redirect_from:
   - /codespaces/working-with-your-codespace/managing-access-and-security-for-codespaces
 ---
 
-By default, a codespace can only access the repository where it was created. When you enable access and security for a repository owned by your organization, any codespaces that are created for that repository will also have read and write permissions to all other repositories the organization owns and the codespace creator has permissions to access. If you want to restrict the repositories a codespace can access, you can limit to it to either the repository where the codespace was created, or to specific repositories. You should only enable access and security for repositories you trust.
+By default, a codespace can only access the repository where it was created. When you enable access and security for a repository owned by your organization, any codespaces that are created for that repository will also have read and write permissions to all other repositories the organization owns and the codespace creator has permissions to access. If you want to restrict the repositories a codespace can access, you can limit it to either the repository where the codespace was created, or to specific repositories. You should only enable access and security for repositories you trust.
 
 To manage which users in your organization can use {% data variables.product.prodname_codespaces %}, see "[Managing user permissions for your organization](/codespaces/managing-codespaces-for-your-organization/managing-user-permissions-for-your-organization)."
 

content/developers/apps/building-github-apps/creating-a-github-app-using-url-parameters.md

@@ -97,7 +97,7 @@ Permission | Description
 [`single_file`](/rest/reference/permissions-required-for-github-apps/#permission-on-single-file) | Grants access to the [Contents API](/rest/reference/repos#contents). Can be one of: `none`, `read`, or `write`.
 [`starring`](/rest/reference/permissions-required-for-github-apps/#permission-on-starring) | Grants access to the [Starring API](/rest/reference/activity#starring). Can be one of: `none`, `read`, or `write`.
 [`statuses`](/rest/reference/permissions-required-for-github-apps/#permission-on-statuses) | Grants access to the [Statuses API](/rest/reference/repos#statuses). Can be one of: `none`, `read`, or `write`.
-[`team_discussions`](/rest/reference/permissions-required-for-github-apps/#permission-on-team-discussions) | Grants access to the [Team Discussions API](/rest/reference/teams#discussions) and the [Team Discussion Comments API](/rest/reference/teams#discussion-comments). Can be one of: `none`, `read`, or `write`.{% ifversion fpt or ghes %}
+[`team_discussions`](/rest/reference/permissions-required-for-github-apps/#permission-on-team-discussions) | Grants access to the [Team Discussions API](/rest/reference/teams#discussions) and the [Team Discussion Comments API](/rest/reference/teams#discussion-comments). Can be one of: `none`, `read`, or `write`.{% ifversion fpt or ghes or ghae-issue-4864 %}
 `vulnerability_alerts`| Grants access to receive security alerts for vulnerable dependencies in a repository. See "[About alerts for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies/)" to learn more. Can be one of: `none` or `read`.{% endif %}
 `watching` | Grants access to list and change repositories a user is subscribed to. Can be one of: `none`, `read`, or `write`.
 

content/get-started/using-git/pushing-commits-to-a-remote-repository.md

@@ -112,7 +112,7 @@ For more information on working with forks, see "[Syncing a fork](/articles/sync
 ## Further reading
 
 - [The "Remotes" chapter from the "Pro Git" book](https://git-scm.com/book/ch5-2.html)
-- [`git remote` man page](https://git-scm.com/docs/git-remote.html)
+- [`git remote` main page](https://git-scm.com/docs/git-remote.html)
 - "[Git cheatsheet](/articles/git-cheatsheet)"
 - "[Git workflows](/github/getting-started-with-github/git-workflows)"
 - "[Git Handbook](https://guides.github.com/introduction/git-handbook/)"

content/github/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request.md

@@ -5,6 +5,7 @@ product: '{% data reusables.gated-features.dependency-review %}'
 versions:
   fpt: '*'
   ghes: '>= 3.2'
+  ghae: "issue-4864"
 type: how_to
 topics:
   - Pull requests

content/github/managing-security-vulnerabilities/managing-vulnerabilities-in-your-projects-dependencies/configuring-notifications-for-vulnerable-dependencies.md

@@ -18,7 +18,7 @@ redirect_from:
 {% ifversion ghes %}
 By default, if your site administrator has configured email for notifications on your enterprise, you will receive {% ifversion ghes %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %} by email.{% endif %}
 
-{% ifversion ghes %}Site administrators can also enable {% data variables.product.prodname_dependabot_alerts %} without notifications. For more information, see "[Enabling {% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies on {% data variables.product.prodname_ghe_server %}](/enterprise/{{ currentVersion }}/admin/configuration/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server)."{% endif %}
+{% ifversion ghes %}Site administrators can also enable {% data variables.product.prodname_dependabot_alerts %} without notifications. For more information, see "[Enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} on your enterprise account](/admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-the-dependency-graph-and-dependabot-alerts-on-your-enterprise-account)."{% endif %}
 
 ## Configuring notifications for {% ifversion ghes %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %}
 

content/organizations/collaborating-with-groups-in-organizations/customizing-your-organizations-profile.md

@@ -3,8 +3,6 @@ title: Customizing your organization's profile
 intro: You can share information about your organization by customizing your organization's profile
 versions:
   fpt: '*'
-  ghes: '*'
-  ghae: '*'
 topics:
   - Organizations
 shortTitle: Customize organization profile

content/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization.md

@@ -34,7 +34,7 @@ The page that's displayed allows you to enable or disable all security and analy
 
 {% ifversion ghes > 3.0 %}If you have a license for {% data variables.product.prodname_GH_advanced_security %}, the page will also contain options to enable and disable {% data variables.product.prodname_advanced_security %} features. Any repositories that use {% data variables.product.prodname_GH_advanced_security %} are listed at the bottom of the page.{% endif %}
 
-{% ifversion ghae %}The page will also contain options to enable and disable {% data variables.product.prodname_advanced_security %} features.{% endif %}
+{% ifversion ghae %}The page will also contain options to enable and disable {% data variables.product.prodname_advanced_security %} features. Any repositories that use {% data variables.product.prodname_GH_advanced_security %} are listed at the bottom of the page.{% endif %}
 
 ## Enabling or disabling a feature for all existing repositories
 
@@ -91,10 +91,10 @@ You can enable or disable features for all repositories. {% ifversion fpt %}The
 
 1. Go to the security and analysis settings for your organization. For more information, see "[Displaying the security and analysis settings](#displaying-the-security-and-analysis-settings)."
 2. Under "Configure security and analysis features", to the right of the feature, enable or disable the feature by default for new repositories{% ifversion fpt %}, or all new private repositories,{% endif %} in your organization.
-   {% ifversion fpt or ghes > 3.1 %}
+   {% ifversion fpt %}
    ![Checkbox for enabling or disabling a feature for new repositories](/assets/images/help/organizations/security-and-analysis-enable-or-disable-feature-checkbox-dotcom.png)
    {% endif %}
-   {% ifversion ghes = 3.1 %}
+   {% ifversion ghes > 3.0 %}
    ![Checkbox for enabling or disabling a feature for new repositories](/assets/images/enterprise/3.1/help/organizations/security-and-analysis-enable-or-disable-feature-checkbox.png)
    {% endif %}
    {% ifversion ghes = 3.0 %}

content/organizations/keeping-your-organization-secure/reviewing-the-audit-log-for-your-organization.md

@@ -66,9 +66,9 @@ To search for specific events, use the `action` qualifier in your query. Actions
 | [`protected_branch`](#protected_branch-category-actions) | Contains all activities related to protected branches.
 | [`repo`](#repo-category-actions) | Contains activities related to the repositories owned by your organization.{% ifversion fpt %}
 | [`repository_advisory`](#repository_advisory-category-actions) | Contains repository-level activities related to security advisories in the {% data variables.product.prodname_advisory_database %}.  For more information, see "[About {% data variables.product.prodname_dotcom %} Security Advisories](/github/managing-security-vulnerabilities/about-github-security-advisories)."
-| [`repository_content_analysis`](#repository_content_analysis-category-actions) | Contains all activities related to [enabling or disabling data use for a private repository](/articles/about-github-s-use-of-your-data).{% endif %}{% ifversion not ghae %}
+| [`repository_content_analysis`](#repository_content_analysis-category-actions) | Contains all activities related to [enabling or disabling data use for a private repository](/articles/about-github-s-use-of-your-data).{% endif %}{% ifversion fpt %}
 | [`repository_dependency_graph`](#repository_dependency_graph-category-actions) | Contains repository-level activities related to enabling or disabling the dependency graph for a {% ifversion fpt %}private {% endif %}repository. For more information, see "[About the dependency graph](/github/visualizing-repository-data-with-graphs/about-the-dependency-graph)."{% endif %}{% ifversion fpt or ghes > 2.22 or ghae %}
-| [`repository_secret_scanning`](#repository_secret_scanning-category-actions) | Contains repository-level activities related to secret scanning. For more information, see "[About secret scanning](/github/administering-a-repository/about-secret-scanning)." {% endif %}{% ifversion not ghae %}
+| [`repository_secret_scanning`](#repository_secret_scanning-category-actions) | Contains repository-level activities related to secret scanning. For more information, see "[About secret scanning](/github/administering-a-repository/about-secret-scanning)." {% endif %}{% ifversion fpt or ghes or ghae-issue-4864 %}
 | [`repository_vulnerability_alert`](#repository_vulnerability_alert-category-actions) | Contains all activities related to [{% data variables.product.prodname_dependabot_alerts %} for vulnerable dependencies](/github/managing-security-vulnerabilities/about-alerts-for-vulnerable-dependencies).{% endif %}{% ifversion fpt %}
 | [`repository_vulnerability_alerts`](#repository_vulnerability_alerts-category-actions) | Contains repository-level configuration activities for {% data variables.product.prodname_dependabot %} alerts. {% endif %}{% ifversion fpt or ghes > 2.22 or ghae %}
 | [`secret_scanning`](#secret_scanning-category-actions) | Contains organization-level configuration activities for secret scanning in existing repositories. For more information, see "[About secret scanning](/github/administering-a-repository/about-secret-scanning)."
@@ -636,7 +636,7 @@ For more information, see "[Managing the publication of {% data variables.produc
 | `enable` | Triggered when an organization owner or person with admin access to the repository [enables data use settings for a private repository](/github/understanding-how-github-uses-and-protects-your-data/managing-data-use-settings-for-your-private-repository).
 | `disable` | Triggered when an organization owner or person with admin access to the repository [disables data use settings for a private repository](/github/understanding-how-github-uses-and-protects-your-data/managing-data-use-settings-for-your-private-repository).
 
-{% endif %}{% ifversion not ghae %}
+{% endif %}{% ifversion fpt %}
 
 ### `repository_dependency_graph` category actions
 
@@ -653,7 +653,7 @@ For more information, see "[Managing the publication of {% data variables.produc
 | `disable` | Triggered when a repository owner or person with admin access to the repository disables secret scanning for a {% ifversion fpt %}private {% endif %}repository. For more information, see "[About secret scanning](/github/administering-a-repository/about-secret-scanning)."
 | `enable` | Triggered when a repository owner or person with admin access to the repository enables secret scanning for a {% ifversion fpt %}private {% endif %}repository.
 
-{% endif %}{% ifversion not ghae %}
+{% endif %}{% ifversion fpt or ghes or ghae-issue-4864 %}
 ### `repository_vulnerability_alert` category actions
 
 | Action | Description

content/repositories/viewing-activity-and-data-for-your-repository/about-the-dependency-graph.md

@@ -42,7 +42,7 @@ You can use the dependency graph to:
 
 ## Enabling the dependency graph
 
-{% ifversion ghes %}If the dependency graph is not available in your system, your site administrator can enable the dependency graph and {% data variables.product.prodname_dependabot_alerts %}. For more information, see "[Enabling alerts for vulnerable dependencies on {% data variables.product.prodname_ghe_server %}](/enterprise/{{ currentVersion }}/admin/configuration/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server)."{% endif %}
+{% ifversion ghes %}If the dependency graph is not available in your system, your site administrator can enable the dependency graph and {% data variables.product.prodname_dependabot_alerts %}. For more information, see "[Enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} on your enterprise account](/admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-the-dependency-graph-and-dependabot-alerts-on-your-enterprise-account)."{% endif %}
 
 
 When the dependency graph is first enabled, any manifest and lock files for supported ecosystems are parsed immediately. The graph is usually populated within minutes but this may take longer for repositories with many dependencies. Once enabled, the graph is automatically updated with every push to the repository.

content/repositories/viewing-activity-and-data-for-your-repository/understanding-connections-between-repositories.md

@@ -1,6 +1,7 @@
 ---
 title: Understanding connections between repositories
 intro: "You can better understand the connections that exist between repositories by viewing a repository's network and forks and the projects that depend on the repository."
+product: '{% data reusables.gated-features.repository-insights %}'
 redirect_from:
   - /articles/viewing-a-repository-s-network
   - /articles/viewing-a-repositorys-network
@@ -24,8 +25,7 @@ shortTitle: Connections between repositories
 
 ## Viewing a repository's network
 
-'The network graph displays the branch history of the entire repository network, including branches of the root repository and branches of forks that contain commits unique to the network.'
-product: '{% data reusables.gated-features.repository-insights %}'
+The network graph displays the branch history of the entire repository network, including branches of the root repository and branches of forks that contain commits unique to the network.
 
 ![Repository network graph](/assets/images/help/graphs/repo_network_graph.png)
 
@@ -65,7 +65,7 @@ Forks are listed alphabetically by the username of the person who forked the rep
 3. In the left sidebar, click **Forks**.
 ![Forks tab](/assets/images/help/graphs/graphs-sidebar-forks-tab.png)
 
-{% ifversion fpt or ghes > 2.22 %}
+{% ifversion fpt or ghes > 2.22 or ghae-issue-4864 %}
 ## Viewing the dependencies of a repository
 
 You can use the dependency graph to explore the code your repository depends on.

content/rest/reference/permissions-required-for-github-apps.md

@@ -142,11 +142,11 @@ _Search_
 - [`POST /orgs/:org/repos`](/rest/reference/repos#create-an-organization-repository) (:write)
 - [`PATCH /repos/:owner/:repo`](/rest/reference/repos#update-a-repository) (:write)
 - [`DELETE /repos/:owner/:repo`](/rest/reference/repos#delete-a-repository) (:write)
-{% ifversion fpt -%}
 - [`GET /repos/:owner/:repo/actions/runners/downloads`](/rest/reference/actions#list-runner-applications-for-a-repository) (:read)
 - [`GET /repos/:owner/:repo/actions/runners`](/rest/reference/actions#list-self-hosted-runners-for-a-repository) (:read)
 - [`GET /repos/:owner/:repo/actions/runners/:runner_id`](/rest/reference/actions#get-a-self-hosted-runner-for-a-repository) (:read)
 - [`DELETE /repos/:owner/:repo/actions/runners/:runner_id`](/rest/reference/actions#delete-a-self-hosted-runner-from-a-repository) (:write)
+{% ifversion fpt or ghes -%}
 - [`POST /repos/:owner/:repo/actions/runners/registration-token`](/rest/reference/actions#create-a-registration-token-for-a-repository) (:write)
 - [`POST /repos/:owner/:repo/actions/runners/remove-token`](/rest/reference/actions#create-a-remove-token-for-a-repository) (:write)
 {% endif -%}
@@ -894,7 +894,7 @@ _Teams_
 - [`GET /repos/:owner/:repo/code-scanning/sarifs/:sarif_id`](/rest/reference/code-scanning#get-information-about-a-sarif-upload) (:read)
 {% endif -%}
 
-{% ifversion fpt %}
+{% ifversion fpt or ghes %}
 ### Permission on "self-hosted runners"
 - [`GET /orgs/:org/actions/runners/downloads`](/rest/reference/actions#list-runner-applications-for-an-organization) (:read)
 - [`POST /orgs/:org/actions/runners/registration-token`](/rest/reference/actions#create-a-registration-token-for-an-organization) (:write)

contributing/content-style-guide.md

@@ -4,7 +4,7 @@ Welcome to the content style guide for [GitHub Docs](https://docs.github.com/).
 
 These guidelines are specific to GitHub’s documentation. For general style questions or guidance on topics not covered here, see the [GitHub Brand Guide](https://brand.github.com/content/) first, then the [Microsoft Style Guide](https://docs.microsoft.com/style-guide/welcome/). For markup specific to source content on docs.github.com, see our [markup reference guide](content-markup-reference.md).
 
-Use table of contents icon <img src="../assets/images/table-of-contents.png" width="25" height="25" /> on the top left corner of the this document to get to a specific section of this guide quickly.
+Use table of contents icon <img src="../assets/images/table-of-contents.png" width="25" height="25" /> on the top left corner of this document to get to a specific section of this guide quickly.
 
 ## The GitHub Docs approach to style
 

data/learning-tracks/actions.yml

@@ -7,38 +7,35 @@ getting_started:
     - /actions/learn-github-actions/essential-features-of-github-actions
     - /actions/learn-github-actions/managing-complex-workflows
     - /actions/learn-github-actions/reusing-workflows
-    - /actions/learn-github-actions/security-hardening-for-github-actions
+    - /actions/security-guides/security-hardening-for-github-actions
   featured_track: true
 continuous_integration:
   title: 'Build and test code'
   description: 'You can create custom continuous integration (CI) workflows right in your repository.'
   guides:
-    - /actions/guides/about-continuous-integration
-    - /actions/guides/setting-up-continuous-integration-using-workflow-templates
-    - /actions/guides/about-service-containers
-    - /actions/guides/building-and-testing-nodejs
-    - /actions/guides/building-and-testing-powershell
-    - /actions/guides/building-and-testing-python
-    - /actions/guides/building-and-testing-ruby
-    - /actions/guides/building-and-testing-java-with-maven
-    - /actions/guides/building-and-testing-java-with-gradle
-    - /actions/guides/building-and-testing-java-with-ant
+    - /actions/automating-builds-and-tests/about-continuous-integration
+    - /actions/automating-builds-and-tests/building-and-testing-powershell
+    - /actions/automating-builds-and-tests/building-and-testing-ruby
+    - /actions/automating-builds-and-tests/building-and-testing-java-with-maven
+    - /actions/automating-builds-and-tests/building-and-testing-java-with-gradle
+    - /actions/automating-builds-and-tests/building-and-testing-java-with-ant
+    - /actions/automating-builds-and-tests/building-and-testing-swift
 continuous_deployment:
   title: 'Automate your deployments'
   description: 'Learn how to automate release publishing for your project with a custom continuous deployment (CD) workflow in {% data variables.product.prodname_actions %}.'
   guides:
-    - /actions/guides/about-packaging-with-github-actions
-    - /actions/guides/publishing-nodejs-packages
-    - /actions/guides/publishing-java-packages-with-maven
-    - /actions/guides/publishing-java-packages-with-gradle
-    - /actions/guides/publishing-docker-images
+    - /actions/publishing-packages/about-packaging-with-github-actions
+    - /actions/publishing-packages/publishing-nodejs-packages
+    - /actions/publishing-packages/publishing-java-packages-with-maven
+    - /actions/publishing-packages/publishing-java-packages-with-gradle
+    - /actions/publishing-packages/publishing-docker-images
 deploy_to_the_cloud:
   title: 'Deploy to the cloud'
   description: 'Learn how to use {% data variables.product.prodname_actions %} to build an application and deploy it to various cloud-based platforms.'
   guides:
-    - /actions/guides/deploying-to-amazon-elastic-container-service
-    - /actions/guides/deploying-to-azure-app-service
-    - /actions/guides/deploying-to-google-kubernetes-engine
+    - /actions/deployment/deploying-to-amazon-elastic-container-service
+    - /actions/deployment/deploying-to-azure-app-service
+    - /actions/deployment/deploying-to-google-kubernetes-engine
 hosting_your_own_runners:
   title: 'Host your own runners'
   description: 'You can create self-hosted runners to run workflows in a highly customizable environment.'
@@ -55,7 +52,7 @@ create_actions:
   title: 'Create an action'
   description: 'Do you have an idea for a new action? Have you built something custom for your project? Learn how to build shareable actions and publish them to GitHub Marketplace.'
   guides:
-    - /actions/creating-actions/about-actions
+    - /actions/creating-actions/about-custom-actions
     - /actions/creating-actions/creating-a-docker-container-action
     - /actions/creating-actions/creating-a-javascript-action
     - /actions/creating-actions/creating-a-composite-action

data/release-notes/enterprise-server/3-0/17.yml

@@ -0,0 +1,25 @@
+date: '2021-10-12'
+sections:
+  security_fixes:
+    - 'Packages have been updated to the latest security versions. {% comment %} https://github.com/github/enterprise2/pull/27034, https://github.com/github/enterprise2/pull/27010 {% endcomment %}'
+  bugs:
+    - 'Custom pre-receive hooks could have failed due to too restrictive virtual memory or CPU time limits. {% comment %} https://github.com/github/enterprise2/pull/26971, https://github.com/github/enterprise2/pull/26955 {% endcomment %}'
+    - 'Attempting to wipe all existing configuration settings with `ghe-cleanup-settings` failed to restart the Management Console service. {% comment %} https://github.com/github/enterprise2/pull/26986, https://github.com/github/enterprise2/pull/26901 {% endcomment %}'
+    - 'During replication teardown via `ghe-repl-teardown` Memcached failed to be restarted. {% comment %} https://github.com/github/enterprise2/pull/26992, https://github.com/github/enterprise2/pull/26983 {% endcomment %}'
+    - 'During periods of high load, users would receive HTTP 503 status codes when upstream services failed internal healthchecks. {% comment %} https://github.com/github/enterprise2/pull/27081, https://github.com/github/enterprise2/pull/26999 {% endcomment %}'
+    - 'Pre-receive hook environments were forbidden from calling the cat command via BusyBox on Alpine. {% comment %} https://github.com/github/enterprise2/pull/27114, https://github.com/github/enterprise2/pull/27094 {% endcomment %}'
+    - 'The external database password was logged in plaintext. {% comment %} https://github.com/github/enterprise2/pull/27172, https://github.com/github/enterprise2/pull/26413 {% endcomment %}'
+    - 'An erroneous `jq` error message may have been displayed when running `ghe-config-apply`. {% comment %} https://github.com/github/enterprise2/pull/27203, https://github.com/github/enterprise2/pull/26784 {% endcomment %}'
+    - 'Failing over from a primary Cluster datacenter to a secondary Cluster datacenter succeeds, but then failing back over to the original primary Cluster datacenter failed to promote Elasticsearch indicies. {% comment %} https://github.com/github/github/pull/193180, https://github.com/github/github/pull/192447 {% endcomment %}'
+    - 'The Site Admin page for repository self-hosted runners returned an HTTP 500. {% comment %} https://github.com/github/github/pull/194205 {% endcomment %}'
+    - 'In some cases, GitHub Enterprise Administrators attempting to view the `Dormant users` page received `502 Bad Gateway` or `504 Gateway Timeout` response. {% comment %} https://github.com/github/github/pull/194259, https://github.com/github/github/pull/193609 {% endcomment %}'
+  changes:
+    - 'More effectively delete Webhook logs that fall out of the Webhook log retention window. {% comment %} https://github.com/github/enterprise2/pull/27157 {% endcomment %}'
+  known_issues:
+    - On a freshly set up {% data variables.product.prodname_ghe_server %} without any users, an attacker could create the first admin user.
+    - Custom firewall rules are removed during the upgrade process.
+    - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+    - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+    - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
+    - When a replica node is offline in a high availability configuration, {% data variables.product.product_name %} may still route {% data variables.product.prodname_pages %} requests to the offline node, reducing the availability of {% data variables.product.prodname_pages %} for users.
+    - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.

data/release-notes/enterprise-server/3-1/9.yml

@@ -0,0 +1,28 @@
+date: '2021-10-12'
+sections:
+  security_fixes:
+    - 'Packages have been updated to the latest security versions. {% comment %} https://github.com/github/enterprise2/pull/27035, https://github.com/github/enterprise2/pull/27010 {% endcomment %}'
+  bugs:
+    - 'Custom pre-receive hooks could have failed due to too restrictive virtual memory or CPU time limits. {% comment %} https://github.com/github/enterprise2/pull/26972, https://github.com/github/enterprise2/pull/26955 {% endcomment %}'
+    - 'Attempting to wipe all existing configuration settings with `ghe-cleanup-settings` failed to restart the Management Console service. {% comment %} https://github.com/github/enterprise2/pull/26987, https://github.com/github/enterprise2/pull/26901 {% endcomment %}'
+    - 'During replication teardown via `ghe-repl-teardown` Memcached failed to be restarted. {% comment %} https://github.com/github/enterprise2/pull/26993, https://github.com/github/enterprise2/pull/26983 {% endcomment %}'
+    - 'During periods of high load, users would receive HTTP 503 status codes when upstream services failed internal healthchecks. {% comment %} https://github.com/github/enterprise2/pull/27082, https://github.com/github/enterprise2/pull/26999 {% endcomment %}'
+    - 'With Actions configured, MSSQL replication would fail after restoring from a GitHub Enterprise Backup Utilities snapshot. {% comment %} https://github.com/github/enterprise2/pull/27097, https://github.com/github/enterprise2/pull/26254 {% endcomment %}'
+    - 'An erroneous `jq` error message may have been displayed when running `ghe-config-apply`. {% comment %} https://github.com/github/enterprise2/pull/27194, https://github.com/github/enterprise2/pull/26784 {% endcomment %}'
+    - 'Pre-receive hook environments were forbidden from calling the cat command via BusyBox on Alpine. {% comment %} https://github.com/github/enterprise2/pull/27115, https://github.com/github/enterprise2/pull/27094 {% endcomment %}'
+    - 'The external database password was logged in plaintext. {% comment %} https://github.com/github/enterprise2/pull/27173, https://github.com/github/enterprise2/pull/26413 {% endcomment %}'
+    - 'Failing over from a primary Cluster datacenter to a secondary Cluster datacenter succeeds, but then failing back over to the original primary Cluster datacenter failed to promote Elasticsearch indicies. {% comment %} https://github.com/github/github/pull/193181, https://github.com/github/github/pull/192447 {% endcomment %}'
+    - 'The "Import teams" button on the Teams page for an Organization returned an HTTP 404. {% comment %} https://github.com/github/github/pull/193302 {% endcomment %}'
+    - 'In some cases, GitHub Enterprise Administrators attempting to view the `Dormant users` page received `502 Bad Gateway` or `504 Gateway Timeout` response. {% comment %} https://github.com/github/github/pull/194260, https://github.com/github/github/pull/193609 {% endcomment %}'
+    - 'Performance was negatively impacted in certain high load situations as a result of the increased number of `SynchronizePullRequestJob` jobs. {% comment %} https://github.com/github/github/pull/195253, https://github.com/github/github/pull/194591 {% endcomment %}'
+  changes:
+    - 'More effectively delete Webhook logs that fall out of the Webhook log retention window. {% comment %} https://github.com/github/enterprise2/pull/27158 {% endcomment %}'
+  known_issues:
+    - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+    - On a freshly set up {% data variables.product.prodname_ghe_server %} without any users, an attacker could create the first admin user.
+    - Custom firewall rules are removed during the upgrade process.
+    - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+    - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+    - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
+    - If {% data variables.product.prodname_actions %} is enabled for {% data variables.product.prodname_ghe_server %}, teardown of a replica node with `ghe-repl-teardown` will succeed, but may return `ERROR:Running migrations`.
+    - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.

data/release-notes/enterprise-server/3-2/1.yml

@@ -0,0 +1,27 @@
+date: '2021-10-12'
+sections:
+  security_fixes:
+    - 'Packages have been updated to the latest security versions. {% comment %} https://github.com/github/enterprise2/pull/27118, https://github.com/github/enterprise2/pull/27110 {% endcomment %}'
+  bugs:
+    - 'Custom pre-receive hooks could have failed due to too restrictive virtual memory or CPU time limits. {% comment %} https://github.com/github/enterprise2/pull/26973, https://github.com/github/enterprise2/pull/26955 {% endcomment %}'
+    - 'In a GitHub Enterprise Server clustering configuration, Dependency Graph settings could have been incorrectly applied. {% comment %} https://github.com/github/enterprise2/pull/26981, https://github.com/github/enterprise2/pull/26861 {% endcomment %}'
+    - 'Attempting to wipe all existing configuration settings with `ghe-cleanup-settings` failed to restart the Management Console service. {% comment %} https://github.com/github/enterprise2/pull/26988, https://github.com/github/enterprise2/pull/26901 {% endcomment %}'
+    - 'During replication teardown via `ghe-repl-teardown` Memcached failed to be restarted. {% comment %} https://github.com/github/enterprise2/pull/26994, https://github.com/github/enterprise2/pull/26983 {% endcomment %}'
+    - 'During periods of high load, users would receive HTTP 503 status codes when upstream services failed internal healthchecks. {% comment %} https://github.com/github/enterprise2/pull/27083, https://github.com/github/enterprise2/pull/26999 {% endcomment %}'
+    - 'Pre-receive hook environments were forbidden from calling the cat command via BusyBox on Alpine. {% comment %} https://github.com/github/enterprise2/pull/27116, https://github.com/github/enterprise2/pull/27094 {% endcomment %}'
+    - 'Failing over from a primary Cluster datacenter to a secondary Cluster datacenter succeeds, but then failing back over to the original primary Cluster datacenter failed to promote Elasticsearch indicies. {% comment %} https://github.com/github/github/pull/193182, https://github.com/github/github/pull/192447 {% endcomment %}'
+    - 'The "Import teams" button on the Teams page for an Organization returned an HTTP 404. {% comment %} https://github.com/github/github/pull/193303 {% endcomment %}'
+    - 'Using the API to disable Secret Scanning correctly disabled the property but incorrectly returned an HTTP 422 and an error message. {% comment %} https://github.com/github/github/pull/193455, https://github.com/github/github/pull/192907 {% endcomment %}'
+    - 'In some cases, GitHub Enterprise Administrators attempting to view the `Dormant users` page received `502 Bad Gateway` or `504 Gateway Timeout` response. {% comment %} https://github.com/github/github/pull/194262, https://github.com/github/github/pull/193609 {% endcomment %}'
+    - 'Performance was negatively impacted in certain high load situations as a result of the increased number of `SynchronizePullRequestJob` jobs. {% comment %} https://github.com/github/github/pull/195256, https://github.com/github/github/pull/194591 {% endcomment %}'
+    - 'A user defined pattern created for Secret Scanning would continue getting scanned even after it was deleted. {% comment %} https://github.com/github/token-scanning-service/pull/1039, https://github.com/github/token-scanning-service/pull/822 {% endcomment %}'
+  changes:
+    - 'GitHub Apps now set the Secret Scanning feature on a repository consistently with the API. {% comment %} https://github.com/github/github/pull/193456, https://github.com/github/github/pull/193125 {% endcomment %}'
+  known_issues:
+    - On a freshly set up {% data variables.product.prodname_ghe_server %} without any users, an attacker could create the first admin user.
+    - Custom firewall rules are removed during the upgrade process.
+    - Git LFS tracked files [uploaded through the web interface](https://github.com/blog/2105-upload-files-to-your-repositories) are incorrectly added directly to the repository.
+    - Issues cannot be closed if they contain a permalink to a blob in the same repository, where the blob's file path is longer than 255 characters.
+    - When "Users can search GitHub.com" is enabled with GitHub Connect, issues in private and internal repositories are not included in GitHub.com search results.
+    - The {% data variables.product.prodname_registry %} npm registry no longer returns a time value in metadata responses. This was done to allow for substantial performance improvements. We continue to have all the data necessary to return a time value as part of the metadata response and will resume returning this value in the future once we have solved the existing performance issues.
+    - Resource limits that are specific to processing pre-receive hooks may cause some pre-receive hooks to fail.

data/reusables/dependabot/dependabot-alerts-beta.md

@@ -0,0 +1,7 @@
+{% ifversion ghae-issue-4864 %}
+{% note %}
+
+**Note:** {% data variables.product.prodname_dependabot_alerts %} is currently in beta and is subject to change.
+
+{% endnote %}
+{% endif %}

data/reusables/dependabot/dependabot-alerts-dependency-graph-enterprise.md

@@ -0,0 +1,3 @@
+{% ifversion ghes or ghae-issue-4864 %}
+The dependency graph and {% data variables.product.prodname_dependabot_alerts %} are configured at an enterprise level by the enterprise owner. For more information, see "[Enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} on your enterprise account](/admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-the-dependency-graph-and-dependabot-alerts-on-your-enterprise-account)."
+{% endif %} 

data/reusables/notifications-v2/custom-notification-types.md

@@ -1,2 +1,5 @@
-{%- ifversion fpt or ghes > 3.1 or ghae-issue-4910 %}issues, pulls requests, releases, security alerts, or discussions{% endif %}
-{%- ifversion ghes = 3.1 %}issues, pull requests, releases, or discussions{% endif %}
+{%- ifversion fpt or ghes > 3.1 or ghae-issue-4910 %}
+issues, pulls requests, releases, security alerts, or discussions
+{%- else %}issues, pull requests, releases, or discussions
+{% endif %}
+<!-- `else1` statement probably not picked up by GHES 3.1 deprecation script. Will need to review here -->

data/reusables/notifications/vulnerable-dependency-notification-delivery-method-customization.md

@@ -1,5 +1,3 @@
-{% ifversion fpt %}
+{% ifversion fpt or ghes or ghae-issue-4864 %}
 You can choose the delivery method and frequency of notifications about {% data variables.product.prodname_dependabot_alerts %} on repositories that you are watching or where you have subscribed to notifications for security alerts.
-{% else %}
-You can choose the delivery method for notifications about {% ifversion ghes %}{% data variables.product.prodname_dependabot_alerts %}{% else %}security alerts{% endif %} on repositories that you are watching, as well as the frequency at which the notifications are sent to you.
 {% endif %}

data/reusables/notifications/vulnerable-dependency-notification-options.md

@@ -1,15 +1,15 @@
-{% ifversion fpt or ghes > 3.1 %}
-{% ifversion fpt %}By default, you will receive notifications:{% endif %}{% ifversion ghes > 3.1 %}By default, if your site administrator has configured email for notifications on your instance, you will receive {% data variables.product.prodname_dependabot_alerts %}:{% endif %}
+{% ifversion fpt or ghes > 3.1 or ghae-issue-4864 %}
+{% ifversion fpt %}By default, you will receive notifications:{% endif %}{% ifversion ghes > 3.1 or ghae-issue-4864 %}By default, if your enterprise owner has configured email for notifications on your instance, you will receive {% data variables.product.prodname_dependabot_alerts %}:{% endif %}
 
 - by email, an email is sent when {% data variables.product.prodname_dependabot %} is enabled for a repository, when a new manifest file is committed to the repository, and when a new vulnerability with a critical or high severity is found (**Email each time a vulnerability is found** option).
 - in the user interface, a warning is shown in your repository's file and code views if there are any vulnerable dependencies (**UI alerts** option).
 - on the command line, warnings are displayed as callbacks when you push to repositories with any vulnerable dependencies (**Command Line** option).
-- in your inbox, as web notifications. A web notification is sent when {% data variables.product.prodname_dependabot %} is enabled for a repository, when a new manifest file is committed to the repository, and when a new vulnerability with a critical or high severity is found (**Web** option).
-- on {% data variables.product.prodname_mobile %}, as web notifications. For more information, see "[Enabling push notifications with GitHub for mobile](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#enabling-push-notifications-with-github-for-mobile)."
+- in your inbox, as web notifications. A web notification is sent when {% data variables.product.prodname_dependabot %} is enabled for a repository, when a new manifest file is committed to the repository, and when a new vulnerability with a critical or high severity is found (**Web** option).{% ifversion not ghae %}
+- on {% data variables.product.prodname_mobile %}, as web notifications. For more information, see "[Enabling push notifications with GitHub for mobile](/github/managing-subscriptions-and-notifications-on-github/configuring-notifications#enabling-push-notifications-with-github-for-mobile)."{% endif %}
 
 {% note %}
 
-**Note:** The email and web/{% data variables.product.prodname_mobile %} notifications are:
+**Note:** The email and web{% ifversion not ghae %}/{% data variables.product.prodname_mobile %}{% endif %} notifications are:
 
 - _per repository_ when {% data variables.product.prodname_dependabot %} is enabled on the repository, or when a new manifest file is committed to the repository.
 

data/reusables/repositories/dependency-review.md

@@ -1,3 +1,3 @@
-{% ifversion fpt or ghes > 3.1 %}
+{% ifversion fpt or ghes > 3.1 or ghae-issue-4864 %}
 Additionally, {% data variables.product.prodname_dotcom %} can review any dependencies added, updated, or removed in a pull request made against the default branch of a repository, and flag any changes that would introduce a vulnerability into your project. This allows you to spot and deal with vulnerable dependencies before, rather than after, they reach your codebase. For more information, see "[Reviewing dependency changes in a pull request](/github/collaborating-with-issues-and-pull-requests/reviewing-dependency-changes-in-a-pull-request)."
 {% endif %}

data/reusables/repositories/enable-security-alerts.md

@@ -1,3 +1,3 @@
-{% ifversion ghes %}
-Your site administrator must enable {% data variables.product.prodname_dependabot %} alerts for vulnerable dependencies for {% data variables.product.product_location %} before you can use this feature. For more information, see "[Enabling alerts for vulnerable dependencies on {% data variables.product.prodname_ghe_server %}](/admin/configuration/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server)."
+{% ifversion ghes or ghae-issue-4864 %}
+Enterprise owners must enable {% data variables.product.prodname_dependabot %} alerts for vulnerable dependencies for {% data variables.product.product_location %} before you can use this feature. For more information, see "[Enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} on your enterprise account](/admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-the-dependency-graph-and-dependabot-alerts-on-your-enterprise-account)."
 {% endif %}

data/reusables/secret-scanning/partner-secret-list-private-repo.md

@@ -250,6 +250,8 @@ Tableau | Tableau Personal Access Token | tableau_personal_access_token{% endif
 Telegram | Telegram Bot Token | telegram_bot_token{% endif %}
 {%- ifversion fpt or ghes > 2.22 or ghae %}
 Tencent Cloud | Tencent Cloud Secret ID | tencent_cloud_secret_id{% endif %}
+{%- ifversion fpt or ghes > 3.3 %}
+Twilio | Twilio Access Token | twilio_access_token{% endif %}
 {%- ifversion fpt or ghes > 2.22 or ghae %}
 Twilio | Twilio Account String Identifier | twilio_account_sid{% endif %}
 {%- ifversion fpt or ghes > 2.22 or ghae %}

lib/languages.js

@@ -31,7 +31,7 @@ const languages = {
     nativeName: 'Español',
     code: 'es',
     hreflang: 'es',
-    dir: 'translations/es-XL',
+    dir: 'translations/es-ES',
     wip: false,
   },
   pt: {

lib/search/indexes/github-docs-2.22-cn-records.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b9c98b4407becaffe887f6b36e44460424af9deaef44b17fabb67d3e270588c0
-size 527287

lib/search/indexes/github-docs-2.22-cn.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:852d5b9e655e5ee3eb6cdf20f275ff998259fab7fc37ad8d6a329687aaaa0e9b
-size 883232

lib/search/indexes/github-docs-2.22-de-records.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6927172c000d51700dc637693798c4867cd92931acff77d562d75733bcdcb05f
-size 481204

lib/search/indexes/github-docs-2.22-de.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:bb7ebbb71348ae0f08aecdf891f065d097ae6b03c8ce8543d21e5b6584387dc1
-size 2140116

lib/search/indexes/github-docs-2.22-en-records.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:58184479bc89876faafdd6ee866cee68e257116f9775d19252a13e7a00421da4
-size 433922

lib/search/indexes/github-docs-2.22-en.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:74a75bf1bdac774811798e7d90edad2a75a6906d16178fea1c7ad7f6841e3316
-size 1694823

lib/search/indexes/github-docs-2.22-es-records.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6cac7c9bd4da40d4efbf80065ce1e2f66a5e10397941c4dec2a49ca684ecc518
-size 187121

lib/search/indexes/github-docs-2.22-es.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6050dfe01f42a314deb599aec39368a88cb8aa3add5259235590dc409f5a371e
-size 658076

lib/search/indexes/github-docs-2.22-ja-records.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7bdc7f970fec61fbc08833bde2da1ae983533517925320fbe89d4a65c1b4f376
-size 547746

lib/search/indexes/github-docs-2.22-ja.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9b95d74597160c63e295d1cdd49fdd3eea2ec1bdce47ed47737f7301bcbb2663
-size 2898913

lib/search/indexes/github-docs-2.22-pt-records.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3eddc142174b2ac69bf023a83ba01349e20f904455c7c1f3bbcefa052e100035
-size 457000

lib/search/indexes/github-docs-2.22-pt.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c1089f68df3504511d658a737367a2c5e51a3f85773e7dd30edb4a0a4f68b820
-size 1887397

lib/search/indexes/github-docs-3.0-cn-records.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4ad2ca4384e98d884640658cc6b4391cf2c499c76f4614da6340c03d1cc2fc1e
-size 547152

lib/search/indexes/github-docs-3.0-cn.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:77e5f16c7bc9d71c5b2db14e218b6006f047930763b8f378780d0b9c228683b8
-size 922689

lib/search/indexes/github-docs-3.0-de-records.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a8de831d9644c521cc2d7de6660c562783f3ae016091965517822468f2a8be58
-size 501747

lib/search/indexes/github-docs-3.0-de.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a8f6ead14bc8e25e92af94c8def0cd809e97899d9540b7d5de6c12c2b72fdc73
-size 2246553

lib/search/indexes/github-docs-3.0-en-records.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:eea451b16ba7bddf6c4df029ee09a348bdf56ca47afa3542bed512edcd88dc41
-size 453293

lib/search/indexes/github-docs-3.0-en.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:94aa4b6e23ecac077f304f3628b1f4c6ce4b1c4d8b32f510020144499bb68df2
-size 1770622

lib/search/indexes/github-docs-3.0-es-records.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:06e0985d368615f5b39a894f3a285bafca51a29838728b7c20f68c5470192ae7
-size 185680

lib/search/indexes/github-docs-3.0-es.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c32d7da3e28d73acdfac8b120164ccc4b603a6d59808da1988912e17077db3f9
-size 650040

lib/search/indexes/github-docs-3.0-ja-records.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:441de5be577317415c6ecc5f6037678a64f9dd2dc308da5c942bceb6b72da6c6
-size 570026

lib/search/indexes/github-docs-3.0-ja.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:26f9518ff8457d86cd215cb7b8a0edeffee1d119b2349d63dd541ba87514f985
-size 3022799

lib/search/indexes/github-docs-3.0-pt-records.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:994ab2e9c223e6e2b532cbb62f6395d7fb151b3e26f699dc80ae2d3bff3b2ac9
-size 477427

lib/search/indexes/github-docs-3.0-pt.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9d5ba80373540723e5364ad35d7a03ee9cf147772fc75ddace33638c1f32260e
-size 1971206

lib/search/indexes/github-docs-3.1-cn-records.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1e431308adf28d3cc990ed968b34d886aad9680c3c5026b365454262b22e718a
-size 560744

lib/search/indexes/github-docs-3.1-cn.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:868faf225dabc84d8cd8c44170a3d035555c16ef6bb9e18204bcedcb54699aac
-size 950744

lib/search/indexes/github-docs-3.1-de-records.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1fd821abe95d5cde4aa1522f83003eef2a9e9860d6d4c8a261450531b4eadfb7
-size 511696

lib/search/indexes/github-docs-3.1-de.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:df7734993cd902db0baa198c881f8cde87ed3e0d70463cb3302538993c01453e
-size 2304208

lib/search/indexes/github-docs-3.1-en-records.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7f4557561b7310abc0732f9f37bbdbe3bed305f514fcead6429627a1c752daaa
-size 463449

lib/search/indexes/github-docs-3.1-en.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d5b0db78fbf9c001d800045eee5bb295f7404a152663b9c6ad66ffeaeac3e716
-size 1813270

lib/search/indexes/github-docs-3.1-es-records.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8c4cc2e668dab9da1beadee42dd8a5940accbc754e4fbe478a0a34adf2821d67
-size 185776

lib/search/indexes/github-docs-3.1-es.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:25149adac341cd74eabc94b655bef6e19a44bc873fe7c69f5b1a7c306cb7464d
-size 650060

lib/search/indexes/github-docs-3.1-ja-records.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:aee889d57fc28ab42f773735b662b6b38312606220bf97edb3b5fd647c036fa2
-size 583073

lib/search/indexes/github-docs-3.1-ja.json.br

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:978b565e0f5d996c881ed2193f65cf9bd254cd2672fa9b7392502880f6f7d9f1
-size 3100628