Add more specifics to PVR notifications (#37229)

Co-authored-by: Sophie <29382425+sophietheking@users.noreply.github.com>
2023-06-01 15:08:12 +01:00 · 2023-06-01 15:08:12 +01:00 · 0137f56def
--- a/assets/images/help/notifications/repository-watching-notification-options.png
+++ b/assets/images/help/notifications/repository-watching-notification-options.png
--- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning.md
+++ b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning.md
@ -135,10 +135,10 @@ Notifications are different for incremental scans and historical scans.
 1. On your notification settings page, under "Subscriptions", then under "Watching", select the **Notify me** dropdown.
 1. Select "Email" as a notification option, then click **Save**.

-   ![Screenshot of the notification settings for a user account. An element header, titled "Subscriptions", and a sub-header, titled "Watching", are shown. A checkbox, titled "Email", is highlighted with an orange outline.](/assets/images/help/notifications/secret-scanning-notification-options.png)
+   ![Screenshot of the notification settings for a user account. An element header, titled "Subscriptions", and a sub-header, titled "Watching", are shown. A checkbox, titled "Email", is highlighted with an orange outline.](/assets/images/help/notifications/repository-watching-notification-options.png)
 {% endif %}

-{% data reusables.secret-scanning.notification-settings %}
+{% data reusables.notifications.watch-settings %}

 {% ifversion secret-scanning-backfills %}
 ### Historical scans
@ -150,7 +150,7 @@ For historical scans, {% data variables.product.product_name %} notifies the fol

 We do _not_ notify commit authors.

-{% data reusables.secret-scanning.notification-settings %}
+{% data reusables.notifications.watch-settings %}

 {% endif %}

--- a/content/code-security/security-advisories/guidance-on-reporting-and-writing/managing-privately-reported-security-vulnerabilities.md
+++ b/content/code-security/security-advisories/guidance-on-reporting-and-writing/managing-privately-reported-security-vulnerabilities.md
@ -22,7 +22,9 @@ When a security researcher reports a vulnerability privately, you are notified a

 ## Managing security vulnerabilities that are privately reported

-{% data variables.product.prodname_dotcom %} notifies repository maintainers when security researchers privately report vulnerabilities in their repository, and sends notifications if maintainers watch the repository or if they have notifications enabled for the repository. For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/setting-up-notifications/configuring-notifications)."
+{% data reusables.security-advisory.private-vulnerability-reporting-configure-notifications %}
+
+For more information about configuring notification preferences, see "[AUTOTITLE](/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository#configuring-notifications-for-private-vulnerability-reporting)."

 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-security %}
--- a/content/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository.md
+++ b/content/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository.md
@ -34,3 +34,26 @@ The instructions in this article refer to enablement at repository level. For in
 {% data reusables.security-advisory.private-vulnerability-reporting-security-researcher %}

 {% data reusables.security-advisory.private-vulnerability-api %}
+
+## Configuring notifications for private vulnerability reporting
+
+{% data reusables.security-advisory.private-vulnerability-reporting-configure-notifications %}
+
+Notifications depend on the user's notification preferences. You will receive an email notification if:
+- You are watching the repository.
+- You have enabled notifications for "All Activity".
+- In your notification settings, under "Subscriptions", then under "Watching", you have selected to receive notifications by email.
+
+{% data reusables.repositories.navigate-to-repo %}
+1. To start watching the repository, select **{% octicon "eye" aria-hidden="true" %} Watch**.
+
+   ![Screenshot of the repository's main page. A dropdown menu, titled "Watch", is highlighted with an orange outline.](/assets/images/help/repository/repository-watch-dropdown.png)
+
+1. In the dropdown menu, click **All Activity**.
+1. Navigate to the notification settings for your personal account. These are available at [https://github.com/settings/notifications](https://github.com/settings/notifications).
+1. On your notification settings page, under "Subscriptions," then under "Watching," select the **Notify me** dropdown.
+1. Select "Email" as a notification option, then click **Save**.
+
+   ![Screenshot of the notification settings for a user account. An element header, titled "Subscriptions", and a sub-header, titled "Watching", are shown. A checkbox, titled "Email", is highlighted with an orange outline.](/assets/images/help/notifications/repository-watching-notification-options.png)
+
+{% data reusables.notifications.watch-settings %}
--- a/content/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization.md
+++ b/content/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization.md
@ -23,6 +23,10 @@ For organization owners and security managers, the benefits of using private vul

 The instructions below refer to enablement at organization level. For information about enabling the feature for a repository, see "[AUTOTITLE](/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository)."

+{% data reusables.security-advisory.private-vulnerability-reporting-configure-notifications %}
+
+For more information about configuring notification preferences, see "[AUTOTITLE](/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository#configuring-notifications-for-private-vulnerability-reporting)."
+
 ## Enabling or disabling private vulnerability reporting for all the existing public repositories in an organization

 {% data reusables.profile.access_org %}
--- a/data/reusables/secret-scanning/notification-settings.md
+++ b/data/reusables/secret-scanning/notification-settings.md
--- a/data/reusables/security-advisory/private-vulnerability-reporting-configure-notifications.md
+++ b/data/reusables/security-advisory/private-vulnerability-reporting-configure-notifications.md
@ -0,0 +1,4 @@
+When a new vulnerability is privately reported on a repository where private vulnerability reporting is enabled, {% data variables.product.product_name %} notifies repository maintainers and security managers if:
+
+- They're watching the repository for all activity.
+- They have notifications enabled for the repository.