Merge pull request #35526 from github/repo-sync

Repo sync

content/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows.md

@@ -1353,19 +1353,26 @@ jobs:
                artifact_id: matchArtifact.id,
                archive_format: 'zip',
             });
-            let fs = require('fs');
-            fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/pr_number.zip`, Buffer.from(download.data));
+            const fs = require('fs');
+            const path = require('path');
+            const temp = '{% raw %}${{ runner.temp }}{% endraw %}/artifacts';
+            if (!fs.existsSync(temp)){
+              fs.mkdirSync(temp);
+            }
+            fs.writeFileSync(path.join(temp, 'pr_number.zip'), Buffer.from(download.data));
 
       - name: 'Unzip artifact'
-        run: unzip pr_number.zip
+        run: unzip pr_number.zip -d "{% raw %}${{ runner.temp }}{% endraw %}/artifacts"
 
       - name: 'Comment on PR'
         uses: {% data reusables.actions.action-github-script %}
         with:
           github-token: {% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %}
           script: |
-            let fs = require('fs');
-            let issue_number = Number(fs.readFileSync('./pr_number'));
+            const fs = require('fs');
+            const path = require('path');
+            const temp = '{% raw %}${{ runner.temp }}{% endraw %}/artifacts';
+            const issue_number = Number(fs.readFileSync(path.join(temp, 'pr_number')));
             await github.rest.issues.createComment({
               owner: context.repo.owner,
               repo: context.repo.repo,

content/admin/managing-iam/understanding-iam-for-enterprises/abilities-and-restrictions-of-managed-user-accounts.md

@@ -25,7 +25,7 @@ With {% data variables.product.prodname_emus %}, you can control the user accoun
 ## {% data variables.product.prodname_actions %}
 
 * {% data variables.enterprise.prodname_managed_users_caps %} cannot create workflow templates for {% data variables.product.prodname_actions %}.
-* Entitlement minutes for {% data variables.product.company_short %}-hosted runners are not available for {% data variables.enterprise.prodname_managed_users %}.
+* While {% data variables.product.company_short %}-hosted runners can be used in repositories owned by organizations, they are not available for repositories owned by {% data variables.enterprise.prodname_managed_users %}.
 * {% data variables.product.prodname_emus %} can trigger workflows in organizations where they are not members by forking the organization repository, then creating a pull request targeting the organization repository.
 
 ## {% data variables.product.prodname_github_apps %}

content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md

@@ -1,7 +1,7 @@
 ---
 title: Configuring global security settings for your organization
 shortTitle: Configure global settings
-intro: 'Customize {% data variables.product.prodname_GH_advanced_security %} features and create security managers to strengthen the security of your organization.'
+intro: 'Customize {% data variables.product.prodname_GH_advanced_security %} features to strengthen the security of your organization.'
 permissions: '{% data reusables.permissions.security-org-enable %}'
 versions:
   feature: security-configurations
@@ -13,7 +13,7 @@ topics:
 
 ## About {% data variables.product.prodname_global_settings %}
 
-Alongside {% data variables.product.prodname_security_configurations %}, which determine repository-level security settings, you should also configure {% data variables.product.prodname_global_settings %} for your organization. {% data variables.product.prodname_global_settings_caps %} apply to your entire organization, and can customize {% data variables.product.prodname_GH_advanced_security %} features based on your needs. You can also create security managers on the {% data variables.product.prodname_global_settings %} page to monitor and maintain your organization's security.
+Alongside {% data variables.product.prodname_security_configurations %}, which determine repository-level security settings, you should also configure {% data variables.product.prodname_global_settings %} for your organization. {% data variables.product.prodname_global_settings_caps %} apply to your entire organization, and can customize {% data variables.product.prodname_GH_advanced_security %} features based on your needs. {% ifversion ghes < 3.16 %}You can also create a team of security managers to monitor and maintain your organization's security.{% endif %}
 
 ## Accessing the {% data variables.product.prodname_global_settings %} page for your organization
 
@@ -131,6 +131,12 @@ You can define custom patterns for {% data variables.product.prodname_secret_sca
 
 ## Creating security managers for your organization
 
-The security manager role grants members of your organization the ability to manage security settings and alerts across your organization. To grant all members of a team the security manager role, in the "Search for teams" text box, type the name of the desired team. In the dropdown menu that appears, click the team, then click **I understand, grant security manager permissions**.
+The security manager role grants members of your organization the ability to manage security settings and alerts across your organization. Security managers can view data for all repositories in your organization through security overview.
 
-Security managers can view data for all repositories in your organization through security overview. To learn more about the security manager role, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization)."
+To learn more about the security manager role, see "[AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization)."
+
+{% ifversion ghes < 3.16 %}
+
+To grant all members of a team the security manager role, in the "Search for teams" text box, type the name of the desired team. In the dropdown menu that appears, click the team, then click **I understand, grant security manager permissions**.
+
+{% endif %}

content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale.md

@@ -48,7 +48,7 @@ You can also create and manage security configurations using the REST API. For m
 
 ## About {% data variables.product.prodname_global_settings %}
 
-While {% data variables.product.prodname_security_configurations %} determine repository-level security settings, {% data variables.product.prodname_global_settings %} determine your organization-level security settings, which are then inherited by all repositories. With {% data variables.product.prodname_global_settings %}, you can customize how security features analyze your organization, as well as create security managers with permission to manage security alerts and settings across your organization.
+While {% data variables.product.prodname_security_configurations %} determine repository-level security settings, {% data variables.product.prodname_global_settings %} determine your organization-level security settings, which are then inherited by all repositories. With {% data variables.product.prodname_global_settings %}, you can customize how security features analyze your organization{% ifversion ghes < 3.16 %}, as well as grant a team permission to manage security alerts and settings across your organization{% endif %}.
 
 ## Next steps
 

content/code-security/security-overview/assessing-adoption-code-security.md

@@ -66,7 +66,7 @@ You can view data to assess the enablement of code security features across orga
 In the enterprise-level view, you can view data about the enablement of features, but you cannot enable or disable features.
 {% endif %}
 
-{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}
+{% ifversion ghes %}{% data reusables.enterprise-accounts.access-enterprise-ghes %}{% else %}{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}{% endif %}
 {% data reusables.code-scanning.click-code-security-enterprise %}
 1. To display the "Security coverage" view, in the sidebar, click **Coverage**.
 {% data reusables.code-scanning.using-security-overview-coverage %}
@@ -111,7 +111,7 @@ You can view data to assess the enablement status and enablement status trends o
 
 You can view data to assess the enablement status and enablement status trends of code security features across organizations in an enterprise.
 
-{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}
+{% ifversion ghes %}{% data reusables.enterprise-accounts.access-enterprise-ghes %}{% else %}{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}{% endif %}
 {% data reusables.code-scanning.click-code-security-enterprise %}
 1. To display the "Enablement trends" view, in the sidebar, click **Enablement trends**.
 1. Click on one of the tabs for "{% data variables.product.prodname_dependabot %}", "{% data variables.product.prodname_code_scanning_caps %}", or "{% data variables.product.prodname_secret_scanning_caps %}" to view enablement trends and the percentage of repositories across organizations in your enterprise with that feature enabled. This data is displayed as a graph and a detailed table.

content/code-security/security-overview/assessing-code-security-risk.md

@@ -60,15 +60,16 @@ You can view data for security alerts across organizations in an enterprise.
 
 {% data reusables.security-overview.enterprise-filters-tip %}
 
-{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}
+{% ifversion ghes %}{% data reusables.enterprise-accounts.access-enterprise-ghes %}{% else %}{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}{% endif %}
 {% data reusables.code-scanning.click-code-security-enterprise %}
 1. To display the "Security risk" view, in the sidebar, click **{% octicon "shield" aria-hidden="true" %} Risk**.
 {% data reusables.code-scanning.using-security-overview-risk %}
 
     ![Screenshot of the "Security risk" view for an enterprise. The options for filtering are outlined in dark orange.](/assets/images/help/security-overview/security-risk-view-highlights-enterprise.png)
 
     {% data reusables.security-overview.unaffected-repositories %}
-{% data reusables.organizations.security-overview-feature-specific-page %}
+{% data reusables.organizations.security-overview-feature-specific-page %}{% ifversion security-overview-export-data %}
+1. Optionally, use the {% octicon "download" aria-hidden="true" %} **Export CSV** button to download a CSV file of the data currently displayed on the page for security research and in-depth data analysis. For more information, see "[AUTOTITLE](/code-security/security-overview/exporting-data-from-security-overview)." {% endif %}
 
 {% data reusables.security-overview.alert-differences %}
 

content/code-security/security-overview/exporting-data-from-security-overview.md

@@ -1,7 +1,7 @@
 ---
 title: Exporting data from security overview
 shortTitle: Export data
-intro: You can export CSV files of your organization's overview, risk, coverage, and {% data variables.product.prodname_codeql %} pull request alerts data from security overview.
+intro: From security overview, you can export CSV files of the data used for your organization or enterprise's overview, risk, coverage, and {% data variables.product.prodname_codeql %} pull request alerts pages.
 permissions: '{% data reusables.permissions.security-overview %}'
 versions:
   feature: security-overview-export-data
@@ -20,14 +20,14 @@ redirect_from:
 
 {% data reusables.security-overview.download-csv-files %}
 
-The overview page contains data about security alerts across your organization, while the risk and coverage pages contain data about repositories and how they are affected by security alerts or covered by security features. The {% data variables.product.prodname_codeql %} pull request alerts page contains data about {% data variables.product.prodname_codeql %} alerts that were caught in pull requests merged to the default branch.
+The overview page contains data about security alerts across your organization or enterprise, while the risk and coverage pages contain data about repositories and how they are affected by security alerts or covered by security features. The {% data variables.product.prodname_codeql %} pull request alerts page contains data about {% data variables.product.prodname_codeql %} alerts that were caught in pull requests merged to the default branch.
 
 The CSV file you download will contain data corresponding to the filters you have applied to security overview. For example, if you add the filter `dependabot-alerts:enabled`, your file will only contain data for repositories that have enabled {% data variables.product.prodname_dependabot_alerts %}.
 
 > [!NOTE]
 > In the "Teams" column of the CSV file, each repository will list a maximum of 20 teams with write access to that repository. If more than 20 teams have write access to a repository, the data will be truncated.
 
-## Exporting data from your organization's security overview
+## Exporting overview, coverage, and risk data from your organization's security overview
 
 {% data reusables.profile.access_org %}
 1. In the "Organizations" section, select the organization for which you would like to download security overview data.
@@ -43,3 +43,12 @@ The CSV file you download will contain data corresponding to the filters you hav
 > The summary views ({% ifversion security-overview-dashboard %}"Overview", {% endif %}"Coverage" and "Risk") show data only for {% ifversion secret-scanning-alert-experimental-list %}default{% else %}high confidence{% endif %} alerts. {% data variables.product.prodname_code_scanning_caps %} alerts from third-party tools, and {% data variables.product.prodname_secret_scanning %} alerts for non-provider patterns or for ignored directories are all omitted from these views. Consequently, files exported from the summary views do not contain data for these types of alert.
 
 {% endif %}
+
+## Exporting overview, coverage, and risk data from your enterprise's security overview
+
+{% ifversion ghes %}{% data reusables.enterprise-accounts.access-enterprise-ghes %}{% else %}{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}{% endif %}
+{% data reusables.code-scanning.click-code-security-enterprise %}
+1. Choose the page that you want to export data from by clicking on **Overview**, **Risk**, or **Coverage**.
+1. Next to the search bar, click {% octicon "download" aria-hidden="true" %} **Export CSV**.
+
+    It may take a moment for {% data variables.product.product_name %} to generate the CSV file of your data. Once the CSV file generates, the file will automatically start downloading, and a banner will appear confirming your report is ready. If you are downloading the CSV from the overview page, you will also receive an email when your report is ready, containing a link to download the CSV.

content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md

@@ -38,8 +38,6 @@ You can also view:
 
 You can apply filters to the data. The metrics are based on activity from the default period or your selected period.
 
-![Screenshot of the "CodeQL pull request alerts" view for an organization, showing status and trends over 90 days.](/assets/images/help/security-overview/security-overview-codeql-pull-requests-alerts-report.png)
-
 {% ifversion code-scanning-autofix %}
 > [!NOTE] Metrics for {% data variables.product.prodname_copilot_autofix_short %} will be shown only for repositories where {% data variables.product.prodname_copilot_autofix_short %} is enabled.
 {% else %}

content/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection.md

@@ -41,14 +41,10 @@ You can see {% data variables.product.prodname_secret_scanning %} metrics if you
 
 The metrics are based on activity from the default period or your selected period.
 
-![Screenshot of the top section of the "Metrics" view for secret scanning on the "Security" tab for an organization.](/assets/images/help/security-overview/security-overview-secret-scanning-metrics-additional-tools.png)
-
 {% else %}
 
 The metrics are based on activity from the default period or your selected period.
 
-![Screenshot of the top section of the "Metrics" view for secret scanning on the "Security" tab for an organization.](/assets/images/help/security-overview/security-overview-secret-scanning-metrics.png)
-
 {% endif %}
 
 ## Viewing metrics for {% data variables.product.prodname_secret_scanning %} push protection for an organization
@@ -67,7 +63,7 @@ You can view metrics for {% data variables.product.prodname_secret_scanning %} p
 
 {% data reusables.security-overview.enterprise-filters-tip %}
 
-{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}
+{% ifversion ghes %}{% data reusables.enterprise-accounts.access-enterprise-ghes %}{% else %}{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}{% endif %}
 {% data reusables.code-scanning.click-code-security-enterprise %}
 1. In the sidebar, click **{% data variables.product.prodname_secret_scanning_caps %} metrics**.
 1. Click on an individual secret type or repository to see the associated {% data variables.secret-scanning.alerts %} for your enterprise.

content/code-security/security-overview/viewing-security-insights.md

@@ -49,8 +49,8 @@ The dashboard is divided into three tabs, each focused around a different securi
 
 You can filter the overview dashboard by selecting a specific time period, and apply additional filters to focus on narrower areas of interest. All data and metrics across the dashboard will change as you apply filters. By default, the dashboard displays all alerts from {% data variables.product.prodname_dotcom %} tools, but you can use the tool filter to show alerts from a specific tool ({% data variables.product.prodname_secret_scanning %}, {% data variables.product.prodname_dependabot %}, {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, a specific third-party tool) or all third-party {% data variables.product.prodname_code_scanning %} tools. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
 
-{% ifversion security-overview-export-dashboard-data %}
-You can download a CSV file of the overview dashboard data for your organization. This data file can integrate easily with external datasets, so you may find it useful for security research, data analysis, and more. For more information, see "[AUTOTITLE](/code-security/security-overview/exporting-data-from-security-overview)."
+{% ifversion security-overview-export-data %}
+You can download a CSV file of the overview dashboard data for your organization or enterprise. This data file can integrate easily with external datasets, so you may find it useful for security research, data analysis, and more. For more information, see "[AUTOTITLE](/code-security/security-overview/exporting-data-from-security-overview)."
 {% endif %}
 
 {% ifversion security-overview-dashboard-enterprise %}Enterprise members can access the overview page for organizations in their enterprise. {% endif %}The metrics you see will depend on your role and repository permissions. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview#permission-to-view-data-in-security-overview)."
@@ -75,7 +75,7 @@ Keep in mind that the overview page tracks changes over time for security alert
 
 ## Viewing the security overview dashboard for your enterprise
 
-{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}
+{% ifversion ghes %}{% data reusables.enterprise-accounts.access-enterprise-ghes %}{% else %}{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}{% endif %}
 {% data reusables.code-scanning.click-code-security-enterprise %}{% ifversion security-overview-3-tab-dashboard %}
 1. By default, the **Detection** tab is displayed. If you want to switch to another tab to see other metrics, click **Remediation** or **Prevention**.{% endif %}
 {% data reusables.security-overview.filter-and-toggle %}