Merge pull request #26026 from github/repo-sync

Repo sync

Author: Octomerger

assets/images/help/security-overview/security-coverage-view-highlights-enterprise.png

@@ -89,10 +89,15 @@ Each repository is shown in security overview with an indicator for each type of
 {% ifversion ghec or ghes > 3.4 or ghae > 3.4 %}
 ## About security overview for enterprises
 
-You can find security overview on the **Code Security** tab for your enterprise. Each page displays aggregated and repository-specific security information for your enterprise. You can view repositories owned by your enterprise that have security alerts, view all security alerts, or security feature-specific alerts from across your enterprise.
+You can find security overview on the **Code Security** tab for your enterprise. Each page displays aggregated and repository-specific security information for your enterprise. {% ifversion security-overview-org-risk-coverage-enterprise %}
 
-Enterprise owners can view alerts for organizations that they are an owner or a security manager of.{% ifversion ghec or ghes > 3.5 or ghae > 3.5 %} Enterprise owners will need to join an organization as an organization owner to see all of its alerts in the enterprise-level security overview. For more information, see "[AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise)."{% endif %}
+As with security overview for organizations, security overview for enterprises has multiple views that provide different ways to explore enablement and alert data.
 
+- Use the "Security coverage" view to assess the adoption of code security features across organizations in the enterprise. 
+- Use the "Security risk" view to assess the risk from security alerts of all types across organizations in the enterprise.
+- Use the individual security alert views to identify your risk from specific vulnerable dependencies, code weaknesses, or leaked secrets.{% else %}You can view repositories owned by your enterprise that have security alerts, view all security alerts, or view security feature-specific alerts from across your enterprise.{% endif %}
+
+For information about permissions, see "[Permission to view data in security overview](#permission-to-view-data-in-security-overview)."
 
 {% endif %}
 
@@ -109,9 +114,11 @@ At the team level, security overview displays repository-specific security infor
 
 ## Permission to view data in security overview
 
-If you are an owner or security manager for an organization, you will see data for all the repositories in the organization in all views. 
+If you are an owner or security manager for an organization, you can see data for all the repositories in the organization in all views.{% ifversion security-overview-org-risk-coverage-enterprise %} You can see the data in the organization-level security overview, or see data for all organizations where you are an owner or security manager in the enterprise-level security overview.{% endif %}
+
+{% ifversion ghec or ghes > 3.5 or ghae > 3.5 %}If you are an enterprise owner, you will need to join an organization as an organization owner to view data for the organization's repositories in either the organization-level or enterprise-level overview. For more information, see "[AUTOTITLE](/admin/user-management/managing-organizations-in-your-enterprise/managing-your-role-in-an-organization-owned-by-your-enterprise)."{% endif %}
 
-If you are an organization member, you will see data only where you have access to that data at the repository level.
+If you are an organization member, you can view security overview for the organization and see data for repositories where you have access.{% ifversion security-overview-org-risk-coverage-enterprise %} You can view this data in the organization-level overview, but you cannot access the enterprise-level overview.{% endif %}
 
 {% rowheaders %}
 

assets/images/help/security-overview/security-coverage-view-highlights.png

@@ -24,25 +24,45 @@ You can use security overview to see which repositories and teams have already e
 
 ![Screenshot of the header section of the "Security coverage" view on the "Security" tab for an organization. The options for filtering are outlined in dark orange, including "enabled" and "not enabled" links, "Teams" selector, and search field.](/assets/images/help/security-overview/security-coverage-view-summary.png)
 
-## Viewing the enablement of code security features across repositories
+## Viewing the enablement of code security features for an organization
 
-{% data reusables.security-overview.information-varies-GHAS %} For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview#permission-to-view-data-in-security-overview)."
+{% data reusables.security-overview.information-varies-GHAS %}
 
 {% data reusables.organizations.navigate-to-org %}
 {% data reusables.organizations.security-overview %}
 1. To display the "Security coverage" view, in the sidebar, click **{% octicon "meter" aria-hidden="true"  %} Coverage**.
-1. Use options in the page summary to filter results to show the repositories you want to assess. The list of repositories and metrics displayed on the page automatically update to match your current selection. For more information on filtering, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
-    - Use the **Teams** dropdown to show information only for the repositories owned by one or more teams. For more information, see "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-team-access-to-an-organization-repository)."
-    - Click **NUMBER enabled** or **NUMBER not enabled** in the header for any feature to show only the repositories with that feature enabled or not enabled.
-    - At the top of the list of repositories, click **NUMBER Archived** to show only repositories that are archived.
-    - Click in the search box to add further filters to the repositories displayed.
-
-    ![Screenshot of the header section of the "Security coverage" view on the "Security" tab for an organization. The options for filtering are outlined in dark orange, including "enabled" and "not enabled" links, "Teams" selector, archived repositories, and search field.](/assets/images/help/security-overview/security-coverage-view-highlights.png)
+{% data reusables.code-scanning.using-security-overview-coverage %}
 
+   ![Screenshot of the header section of the "Security coverage" view on the "Security" tab for an organization. The options for filtering are outlined in dark orange, including "enabled" and "not enabled" links, "Teams" selector, archived repositories, and search field.](/assets/images/help/security-overview/security-coverage-view-highlights.png)
+   
 1. Optionally, click **{% octicon "gear" aria-hidden="true" %} Security settings** to enable code security features for a repository and click **Save security settings** to confirm the changes. If a feature is not shown, it has more complex configuration requirements and you need to use the repository settings dialog. For more information, see "[AUTOTITLE](/code-security/getting-started/securing-your-repository)."
 {% ifversion code-security-multi-repo-enablement %}
 1. Optionally, select some or all of the repositories that match your current search and click **Security settings** in the table header to display a side panel where you can enable security features for the selected repositories. When you've finished, click **Apply changes** to confirm the changes. For more information, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)."
 {% endif %}
+
+{% ifversion security-overview-org-risk-coverage-enterprise %}
+
+## Viewing the enablement of code security features for an enterprise
+
+You can view data to assess the enablement of code security features across organizations in an enterprise. {% data reusables.security-overview.information-varies-GHAS %}
+
+In the enterprise-level view, you can view data about the enablement of features, but you cannot enable or disable features. For more information about enabling features, see "[AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories)."
+
+{% tip %}
+
+**Tip:** You can use the `org:` filter in the search field to filter the data by organization. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
+
+{% endtip %}
+
+{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}
+{% data reusables.code-scanning.click-code-security-enterprise %}
+1. To display the "Security coverage" view, in the sidebar, click **Coverage**.
+{% data reusables.code-scanning.using-security-overview-coverage %}
+
+   ![Screenshot of the header section of the "Security coverage" view for an enterprise. The options for filtering are outlined in dark orange, including "enabled" and "not enabled" links, "Teams" selector, archived repositories, and search field.](/assets/images/help/security-overview/security-coverage-view-highlights-enterprise.png)
+
+{% endif %}
+
 ## Interpreting and acting on the enablement data
 
 Some code security features can and should be enabled on all repositories. For example, secret scanning alerts and push protection. These features reduce the risk of a security leak no matter what information is stored in the repository. If you see repositories that don't already use these features, you should either enable them or discuss an enablement plan with the team who owns the repository. For information on enabling features for a whole organization, see "[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization)."

assets/images/help/security-overview/security-risk-view-highlights-enterprise.png

@@ -28,7 +28,7 @@ redirect_from:
 
 ## About security risks in your code
 
-You can use security overview to see which repositories and teams are free from any security alerts and which have unresolved security alerts. The "Security risk" page shows a summary and detailed information on which repositories in an organization are affected by security alerts, with a breakdown of alert by severity. You can filter the view to show a subset of repositories using the "affected" and "unaffected" links, the links under "Open alerts", the "Teams" dropdown menu, and a search field in the page header. This view is a great way to understand the broader picture for a repository, team, or group of repositories because you can see security alerts of all types in one view.
+You can use security overview to see which repositories and teams are free from any security alerts and which have unresolved security alerts. The "Security risk" page shows a summary and detailed information on which repositories in an organization {% ifversion security-overview-org-risk-coverage-enterprise %}or enterprise {% endif %}are affected by security alerts, with a breakdown of alert by severity. You can filter the view to show a subset of repositories using the "affected" and "unaffected" links, the links under "Open alerts", the "Teams" dropdown menu, and a search field in the page header. This view is a great way to understand the broader picture for a repository, team, or group of repositories because you can see security alerts of all types in one view.
 
 ![Screenshot of the header section of the "Security risk" view on the "Security" tab for an organization. The options for filtering are outlined in dark orange, including "affected"/"unaffected" links, "Teams" selector, and search field.](/assets/images/help/security-overview/security-risk-view-summary.png)
 
@@ -40,22 +40,16 @@ You can use security overview to see which repositories and teams are free from
 
 ## Viewing organization-level code security risks
 
-{% data reusables.security-overview.information-varies-GHAS %} For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview#permission-to-view-data-in-security-overview)."
-
+{% data reusables.security-overview.information-varies-GHAS %}
 
 {% ifversion security-overview-org-risk-coverage %}
 
 {% data reusables.organizations.navigate-to-org %}
 {% data reusables.organizations.security-overview %}
 1. To display the "Security risk" view, in the sidebar, click **{% octicon "shield" aria-hidden="true"  %} Risk**.
-1. Use options in the page summary to filter results to show the repositories you want to assess. The list of repositories and metrics displayed on the page automatically update to match your current selection. For more information on filtering, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
-    - Use the **Teams** dropdown to show information only for the repositories owned by one or more teams.
-    - Click **NUMBER affected** or **NUMBER unaffected** in the header for any feature to show only the repositories with open alerts or no open alerts of that type.
-    - Click any of the descriptions of "Open alerts" in the header to show only repositories with alerts of that type and category. For example, **1 critical** to show the repository with a critical alert for {% data variables.product.prodname_dependabot %}.
-    - At the top of the list of repositories, click **NUMBER Archived** to show only repositories that are archived.
-    - Click in the search box to add further filters to the repositories displayed.
+{% data reusables.code-scanning.using-security-overview-risk %}
 
-    ![Screenshot of the header section of the "Security risk" view on the "Security" tab for an organization. The options for filtering are outlined in dark orange, including "affected"/"unaffected" links, alert severity links, "Teams" selector, archived repositories, and search field.](/assets/images/help/security-overview/security-risk-view-highlights.png)
+   ![Screenshot of the header section of the "Security risk" view on the "Security" tab for an organization. The options for filtering are outlined in dark orange, including "affected"/"unaffected" links, alert severity links, "Teams" selector, archived repositories, and search field.](/assets/images/help/security-overview/security-risk-view-highlights.png)
 
 {% data reusables.organizations.security-overview-feature-specific-page %}
 
@@ -76,10 +70,26 @@ You can use security overview to see which repositories and teams are free from
 
 ## Viewing enterprise-level code security risks
 
+{% ifversion security-overview-org-risk-coverage-enterprise %}
+
+You can view data for security alerts across organizations in an enterprise. {% data reusables.security-overview.information-varies-GHAS %}
+
+{% tip %}
+
+**Tip:** You can use the `org:` filter in the search field to filter the data by organization. For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
+
+{% endtip %}
+
+{% endif %}
+
 {% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}
-1. In the left sidebar, click **{% octicon "shield" aria-hidden="true" %} Code Security**.
-{% ifversion security-overview-feature-specific-alert-page %}
-{% data reusables.organizations.security-overview-feature-specific-page %}
+{% data reusables.code-scanning.click-code-security-enterprise %}
+{% ifversion security-overview-feature-specific-alert-page %}{% ifversion security-overview-org-risk-coverage-enterprise %}
+1. To display the "Security coverage" view, in the sidebar, click **Risk**.
+{% data reusables.code-scanning.using-security-overview-risk %}
+
+   ![Screenshot of the "Security risk" view for an enterprise. The options for filtering are outlined in dark orange, including "affected"/"unaffected" links, alert severity links, "Teams" selector, archived repositories, and search field.](/assets/images/help/security-overview/security-risk-view-highlights-enterprise.png){% else %}
+{% data reusables.organizations.security-overview-feature-specific-page %}{% endif %}
 {% endif %}
 
 {% endif %}

content/code-security/security-overview/about-security-overview.md

@@ -22,7 +22,7 @@ topics:
 
 ## About enabling security features
 
-If you're a security manager, repository administrator, or organization owner, you can use security overview to enable or disable security features for multiple repositories at the same time. You can enable or disable security features for all repositories visible on the "Security coverage" view in security overview. You can also use the search bar to narrow down to a specific subset of repositories, and enable or disable security features for that group.
+If you're a security manager, repository administrator, or organization owner, you can use security overview to enable or disable security features for multiple repositories at the same time. You can enable or disable security features for all repositories visible on the "Security coverage" view in security overview for an organization. You can also use the search bar to narrow down to a specific subset of repositories, and enable or disable security features for that group.
 
 ## Enabling security features for multiple repositories
 

content/code-security/security-overview/assessing-adoption-code-security.md

@@ -44,6 +44,18 @@ To perform an exact search for a single repository, use the `repo` qualifier. If
 | -------- | -------- |
 | `repo:REPOSITORY-NAME` | Displays data for the specified repository. |
 
+{% ifversion security-overview-org-risk-coverage-enterprise %}
+
+## Filter by organization
+
+In the enterprise-level views, you can filter the data by organization.
+
+| Qualifier | Description |
+| -------- | -------- |
+| `org:ORGANIZATION-NAME` | Displays data for the specified organization. |
+
+{% endif %}
+
 ## Filter by whether security features are enabled
 
 In the examples below, replace `:enabled` with `:not-enabled` to see repositories where security features are not enabled. These qualifiers are available in the main summary views.
@@ -83,7 +95,7 @@ These qualifiers are available in the main summary views.
 | `archived:true` | Display archived repositories. |
 | `archived:false` | Omit archived repositories. |
 
-{% ifversion ghec or ghes > 3.4 or ghae > 3.4 %}
+{% ifversion security-overview-org-risk-coverage-enterprise %}{% else %}
 ## Filter by level of risk for repositories
 
 The level of risk for a repository is determined by the number and severity of alerts from security features. If one or more security features are not enabled for a repository, the repository will have an unknown level of risk. If a repository has no risks that are detected by security features, the repository will have a clear level of risk.
@@ -103,7 +115,15 @@ These qualifiers are available in the enterprise-level view.
 
 ## Filter by number of alerts
 
-{% ifversion security-overview-org-risk-coverage %}These qualifiers are available in the enterprise-level "Overview" and in the organization-level "Security risk" view.{% else %}These qualifiers are available in the main summary views.{% endif %}
+{% ifversion security-overview-org-risk-coverage %}
+
+These qualifiers are available in the{% ifversion security-overview-org-risk-coverage-enterprise %}{% else %} enterprise-level "Overview" and in the organization-level{% endif %} "Security risk" view.
+
+{% else %}
+
+These qualifiers are available in the main summary views.
+
+{% endif %}
 
 | Qualifier | Description |
 | -------- | -------- |

content/code-security/security-overview/assessing-code-security-risk.md

@@ -0,0 +1,5 @@
+# Reference: #10312
+# Documentation for the enterprise-level security "Risk" and "Coverage" views
+versions:
+  ghes: '> 3.9'
+  ghec: '*'

content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md

@@ -0,0 +1 @@
+1. In the left sidebar, click **{% octicon "shield" aria-hidden="true" %} Code Security**.