[2022-10-07]: Security Features Enablement Enterprise-Level Policies - [GA] (#31406)

Co-authored-by: Sarah Schneider <sarahs@github.com>
Co-authored-by: github-actions <github-actions@github.com>
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
Co-authored-by: Sarita Iyer <saritai@github.com>

content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-advanced-security-in-your-enterprise.md

@@ -1,39 +0,0 @@
----
-title: Enforcing policies for Advanced Security in your enterprise
-intro: 'You can enforce policies to manage {% data variables.product.prodname_GH_advanced_security %} features within your enterprise''s organizations, or allow policies to be set in each organization.'
-permissions: 'Enterprise owners can enforce policies for {% data variables.product.prodname_GH_advanced_security %} in an enterprise.'
-product: '{% data reusables.gated-features.ghas %}'
-versions:
-  ghec: '*'
-  ghes: '*'
-  ghae: '*'
-type: how_to
-topics:
-  - Advanced Security
-  - Code scanning
-  - Enterprise
-  - Policies
-  - Secret scanning
-  - Security
-redirect_from:
-  - /admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise
-  - /github/setting-up-and-managing-your-enterprise/enforcing-policies-for-advanced-security-in-your-enterprise-account
-  - /github/setting-up-and-managing-your-enterprise/setting-policies-for-organizations-in-your-enterprise-account/enforcing-policies-for-advanced-security-in-your-enterprise-account
-shortTitle: Advanced Security policies
----
-
-## About policies for {% data variables.product.prodname_GH_advanced_security %} in your enterprise
-
-{% data reusables.advanced-security.ghas-helps-developers %} For more information, see "[About {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)."
-
-{% ifversion ghes or ghec %}If you purchase a license for {% data variables.product.prodname_GH_advanced_security %}, any{% else %}Any{% endif %} organization on {% data variables.product.product_location %} can use {% data variables.product.prodname_advanced_security %} features. You can enforce policies to control how members of your enterprise on {% data variables.product.product_name %} use {% data variables.product.prodname_advanced_security %}.
-
-## Enforcing a policy for the use of {% data variables.product.prodname_GH_advanced_security %} in your enterprise
-
-{% data reusables.advanced-security.about-ghas-organization-policy %}
-
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.policies-tab %}
-{% data reusables.enterprise-accounts.advanced-security-policies %}
-{% data reusables.enterprise-accounts.advanced-security-organization-policy-drop-down %}
-{% data reusables.enterprise-accounts.advanced-security-individual-organization-policy-drop-down %}

content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise.md

@@ -0,0 +1,89 @@
+---
+title: Enforcing policies for code security and analysis for your enterprise
+intro: 'You can enforce policies to manage the use of {% ifversion security-feature-enablement-policies %}code security and analysis{% else %}{% data variables.product.prodname_GH_advanced_security %}{% endif %} features within your enterprise''s organizations.'
+permissions: 'Enterprise owners can enforce {% ifversion security-feature-enablement-policies %}code security and analysis{% endif %} policies for {% data variables.product.prodname_GH_advanced_security %} in an enterprise.'
+product: '{% data reusables.gated-features.ghas %}'
+versions:
+  ghec: '*'
+  ghes: '*'
+  ghae: '*'
+type: how_to
+topics:
+  - Advanced Security
+  - Code scanning
+  - Enterprise
+  - Policies
+  - Secret scanning
+  - Security
+redirect_from:
+  - /admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise
+  - /github/setting-up-and-managing-your-enterprise/enforcing-policies-for-advanced-security-in-your-enterprise-account
+  - /github/setting-up-and-managing-your-enterprise/setting-policies-for-organizations-in-your-enterprise-account/enforcing-policies-for-advanced-security-in-your-enterprise-account
+  - /admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-advanced-security-in-your-enterprise
+shortTitle: Code security & analysis
+---
+{% ifversion security-feature-enablement-policies %}
+## About policies for code security and analysis in your enterprise
+
+You can enforce policies to manage the use of code security and analysis features within organizations owned by your enterprise. You can allow or disallow people with admin access to a repository to enable or disable the security and analysis features.
+{% else %}
+## About policies for {% data variables.product.prodname_GH_advanced_security %} in your enterprise
+{% endif %}
+
+{% data reusables.advanced-security.ghas-helps-developers %} For more information, see "[About {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)."
+
+{% ifversion ghes or ghec %}If you purchase a license for {% data variables.product.prodname_GH_advanced_security %}, any{% else %}Any{% endif %} organization{% ifversion ghec %} owned by your enterprise{% endif %} on {% data variables.product.product_location %} can use {% data variables.product.prodname_advanced_security %} features. You can enforce policies to control how members of your enterprise on {% data variables.product.product_name %} use {% data variables.product.prodname_advanced_security %}.
+
+{% ifversion security-feature-enablement-policies %}
+## Enforcing a policy to manage the use of {% data variables.product.prodname_dependabot_alerts %} in your enterprise
+
+Across all organizations owned by your enterprise, you can allow members with admin permissions for repositories to enable or disable {% data variables.product.prodname_dependabot_alerts %} and change {% data variables.product.prodname_dependabot_alerts %} settings.
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
+1. Under "Change {% data variables.product.prodname_dependabot_alerts %} settings", use the dropdown menu and choose a policy.
+
+   ![Screenshot of "Change Dependabot alert settings" dropdown](/assets/images/help/enterprises/change-dependabot-alerts-settings.png)
+
+{% endif %}
+
+## Enforcing a policy for the use of {% data variables.product.prodname_GH_advanced_security %} in your enterprise's organizations
+
+{% data reusables.advanced-security.about-ghas-organization-policy %}
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}{% ifversion security-feature-enablement-policies %}
+{% data reusables.enterprise-accounts.code-security-and-analysis-policies %}{% else %}
+{% data reusables.enterprise-accounts.advanced-security-policies %}{% endif %}{% ifversion security-feature-enablement-policies %}
+1. In the "{% data variables.product.prodname_GH_advanced_security %} policies section, under "Availability", select the dropdown menu and click a policy for the organizations owned by your enterprise.
+
+   ![Screenshot of "Availability" dropdown](/assets/images/help/enterprises/advanced-security-policies-availability.png){% else %}
+
+{% data reusables.enterprise-accounts.advanced-security-organization-policy-drop-down %}{% endif %}
+{% data reusables.enterprise-accounts.advanced-security-individual-organization-policy-drop-down %}
+
+{% ifversion security-feature-enablement-policies %}
+## Enforcing a policy to manage the use of {% data variables.product.prodname_GH_advanced_security %} features in your enterprise's repositories
+
+Across all of your enterprise's organizations, you can allow or disallow people with admin access to repositories to manage the use of {% data variables.product.prodname_GH_advanced_security %} features in the repositories. {% data reusables.advanced-security.ghas-must-be-enabled %}
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
+1. In the "{% data variables.product.prodname_GH_advanced_security %} policies section, under "Enable or disable {% data variables.product.prodname_GH_advanced_security %}", use the dropdown menu and choose a policy.
+
+   ![Screenshot of the "Enable or disable {% data variables.product.prodname_GH_advanced_security %}" dropdown](/assets/images/help/enterprises/advanced-security-policies-enable-or-disable.png)
+
+## Enforcing a policy to manage the use of {% data variables.product.prodname_secret_scanning %} in your enterprise's repositories
+
+Across all of your enterprise's organizations, you can allow or disallow people with admin access to repositories to manage and configure {% data variables.product.prodname_secret_scanning %} for the repositories. {% data reusables.advanced-security.ghas-must-be-enabled %}
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
+1. In the "{% data variables.product.prodname_GH_advanced_security %} policies section, under "Change {% data variables.product.prodname_secret_scanning %} settings", use the dropdown menu and choose a policy.
+
+   ![Screenshot of the "Change {% data variables.product.prodname_secret_scanning %} settings" dropdown](/assets/images/help/enterprises/advanced-security-policies-secret-scanning.png)
+
+{% endif %}

content/admin/policies/enforcing-policies-for-your-enterprise/index.md

@@ -21,6 +21,7 @@ children:
   - /enforcing-policies-for-security-settings-in-your-enterprise
   - /enforcing-policies-for-dependency-insights-in-your-enterprise
   - /enforcing-policies-for-github-actions-in-your-enterprise
-  - /enforcing-policies-for-advanced-security-in-your-enterprise
+  - /enforcing-policies-for-code-security-and-analysis-for-your-enterprise
 shortTitle: Enforce policies
 ---
+

content/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning.md

@@ -155,9 +155,11 @@ Before defining a custom pattern, you must ensure that you enable secret scannin
 {% endnote %}
 
 {% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.policies-tab %}{% ifversion security-feature-enablement-policies %}
+{% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
+1. Under "Code security and analysis", click **Security features**.{% else %}
 {% data reusables.enterprise-accounts.advanced-security-policies %}
-{% data reusables.enterprise-accounts.advanced-security-security-features %}
+{% data reusables.enterprise-accounts.advanced-security-security-features %}{% endif %}
 1. Under "Secret scanning custom patterns", click {% ifversion ghes = 3.2 %}**New custom pattern**{% else %}**New pattern**{% endif %}.
 {% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}
 {%- ifversion secret-scanning-custom-enterprise-36 or custom-pattern-dry-run-ga %}

content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md

@@ -33,7 +33,9 @@ When you create a pull request containing changes to dependencies that targets t
 
 ## Dependency graph availability
 
-{% ifversion fpt or ghec %}The dependency graph is available for every public repository that defines dependencies in a supported package ecosystem using a supported file format. Repository administrators can also set up the dependency graph for private repositories. For more information, see "[Configuring the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph)."{% endif %}
+{% ifversion fpt or ghec %}The dependency graph is available for every public repository that defines dependencies in a supported package ecosystem using a supported file format. Repository administrators can also set up the dependency graph for private repositories. {% endif %}For more information {% ifversion ghes %}about configuration of the dependency graph{% endif %}, see "[Configuring the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph)."
+
+{% data reusables.code-scanning.enterprise-enable-dependency-graph %}
 
 {% data reusables.dependabot.dependabot-alerts-dependency-graph-enterprise %}
 

content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph.md

@@ -29,11 +29,14 @@ To generate a dependency graph, {% data variables.product.product_name %} needs
 {% endif %}
 
 {% ifversion ghes %} ## Enabling the dependency graph
+{% data reusables.code-scanning.enterprise-enable-dependency-graph %}
 {% data reusables.dependabot.ghes-ghae-enabling-dependency-graph %}{% endif %}{% ifversion fpt or ghec %}
 
 ### Enabling and disabling the dependency graph for a private repository
 
 {% data reusables.dependabot.enabling-disabling-dependency-graph-private-repo %}
+
+{% data reusables.code-scanning.enterprise-enable-dependency-graph %}
 {% endif %}
 
 When the dependency graph is first enabled, any manifest and lock files for supported ecosystems are parsed immediately. The graph is usually populated within minutes but this may take longer for repositories with many dependencies. Once enabled, the graph is automatically updated with every push to the repository{% ifversion fpt or ghec %} and every push to other repositories in the graph{% endif %}.

data/features/security-feature-enablement-policies.yml

@@ -0,0 +1,6 @@
+# Reference: #7661.
+# Documentation for Security Features Enablement Enterprise-Level Policies.
+versions:
+  ghec: '*'
+  ghes: '>=3.8'
+  ghae: '>=3.8'

data/reusables/advanced-security/about-ghas-organization-policy.md

@@ -1,4 +1,4 @@
-{% data variables.product.company_short %} bills for {% data variables.product.prodname_advanced_security %} on a per-committer basis. {% ifversion fpt or ghec %}For more information, see "[Managing licensing for {% data variables.product.prodname_GH_advanced_security %}](/billing/managing-licensing-for-github-advanced-security)."{% elsif ghes %}For more information, see "[Managing {% data variables.product.prodname_GH_advanced_security %} for your Enterprise](/admin/advanced-security)."{% endif %}
+{% ifversion fpt or ghec or ghes %}{% data variables.product.company_short %} bills for {% data variables.product.prodname_advanced_security %} on a per-committer basis. For more information, see "[Managing licensing for {% data variables.product.prodname_GH_advanced_security %}](/billing/managing-licensing-for-github-advanced-security)."{% elsif ghes %}For more information, see "[Managing {% data variables.product.prodname_GH_advanced_security %} for your Enterprise](/admin/advanced-security)."{% endif %}
 
 You can enforce a policy that controls whether repository administrators are allowed to enable features for {% data variables.product.prodname_advanced_security %} in an organization's repositories. You can configure a policy for all organizations owned by your enterprise account, or for individual organizations that you choose.
 

data/reusables/advanced-security/ghas-must-be-enabled.md

@@ -0,0 +1 @@
+{% data variables.product.prodname_GH_advanced_security %} features must be available to the organization for this policy to take effect. For more information, see "[Enforcing a policy for the use of {% data variables.product.prodname_GH_advanced_security %} in your enterprise's organizations](#enforcing-a-policy-for-the-use-of-github-advanced-security-in-your-enterprises-organizations)."

data/reusables/code-scanning/enterprise-enable-code-scanning.md

@@ -4,6 +4,8 @@
 
 **Note:** Your site administrator must enable {% data variables.product.prodname_code_scanning %} for {% data variables.product.product_location %} before you can use this feature. For more information, see "[Configuring {% data variables.product.prodname_code_scanning %} for your appliance](/enterprise/admin/configuration/configuring-code-scanning-for-your-appliance)."
 
+{% ifversion security-feature-enablement-policies %} You may not be able to enable or disable {% data variables.product.prodname_code_scanning %} if an enterprise owner has set a policy at the enterprise level. For more information, see "[Enforcing policies for code security and analysis for your enterprise](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise)."{% endif %}
+
 {% endnote %}
 
 {% endif %}

data/reusables/code-scanning/enterprise-enable-dependency-graph.md

@@ -0,0 +1,5 @@
+{% ifversion security-feature-enablement-policies %}
+
+You may not be able to enable or disable the dependency graph if an enterprise owner has set a policy at the enterprise level. For more information, see "[Enforcing policies for code security and analysis for your enterprise](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise#enforcing-a-policy-to-manage-the-use-of-github-advanced-security-features-in-your-enterprises-repositories)."
+
+{% endif %}

data/reusables/dependabot/enterprise-enable-dependabot.md

@@ -2,7 +2,9 @@
 
 {% note %}
 
-**Note:** Your site administrator must set up {% data variables.product.prodname_dependabot_updates %} for {% data variables.product.product_location %} before you can use this feature. For more information, see "[Enabling {% data variables.product.prodname_dependabot %} for your enterprise](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."
+**Note:** Your site administrator must set up {% data variables.product.prodname_dependabot_updates %} for {% data variables.product.product_location %} before you can use this feature. For more information, see "[Enabling {% data variables.product.prodname_dependabot %} for your enterprise](/admin/configuration/configuring-github-connect/enabling-dependabot-for-your-enterprise)."  
+  
+{% ifversion security-feature-enablement-policies %} You may not be able to enable or disable {% data variables.product.prodname_dependabot_updates %} if an enterprise owner has set a policy at the enterprise level. For more information, see "[Enforcing policies for code security and analysis for your enterprise](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise)."{% endif %}
 
 {% endnote %}
 

data/reusables/enterprise-accounts/advanced-security-organization-policy-drop-down.md

@@ -1,2 +1,2 @@
-1. Under "GitHub Advanced Security", select the drop-down menu and click a policy for the organizations owned by your enterprise.
+1. Under "GitHub Advanced Security", select the dropdown menu, then click a policy for the organizations owned by your enterprise.
   ![Drop-down to select Advanced Security policy for organizations in the enterprise account](/assets/images/help/enterprises/select-advanced-security-organization-policy.png)

data/reusables/enterprise-accounts/code-security-and-analysis-policies.md

@@ -0,0 +1,2 @@
+1. Under {% octicon "law" aria-label="The law icon" %} **Policies**, click "Code security and analysis."
+  ![Screenshot of "Code security and analysis" policies in sidebar](/assets/images/help/enterprises/code-security-and-analysis-policies.png)

data/reusables/getting-started/enterprise-advanced-security.md

@@ -1 +1 @@
-If you have a GitHub Advanced Security license for your enterprise account, you can enforce policies to manage {% data variables.product.prodname_dotcom %} Advanced Security features for organizations owned by an enterprise account. For more information, see "[Enforcing policies for Advanced Security in your enterprise account](/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-advanced-security-in-your-enterprise)."
+If you have a GitHub Advanced Security license for your enterprise account, you can enforce policies to manage {% data variables.product.prodname_GH_advanced_security %} features for organizations owned by an enterprise account. For more information, see "[Enforcing policies for code security and analysis for your enterprise](/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-advanced-security-in-your-enterprise)."

data/reusables/secret-scanning/enterprise-enable-secret-scanning.md

@@ -2,7 +2,8 @@
 
 {% note %}
 
-**Note:** Your site administrator must enable {% data variables.product.prodname_secret_scanning %} for {% data variables.product.product_location %} before you can use this feature. For more information, see "[Configuring {% data variables.product.prodname_secret_scanning %} for your appliance](/enterprise/admin/configuration/configuring-secret-scanning-for-your-appliance)."
+**Note:** Your site administrator must enable {% data variables.product.prodname_secret_scanning %} for {% data variables.product.product_location %} before you can use this feature. For more information, see "[Configuring {% data variables.product.prodname_secret_scanning %} for your appliance](/enterprise/admin/configuration/configuring-secret-scanning-for-your-appliance)."   
+{% ifversion security-feature-enablement-policies %} You may not be able to enable or disable {% data variables.product.prodname_secret_scanning %}, if an enterprise owner has set a policy at the enterprise level. For more information, see "[Enforcing policies for code security and analysis for your enterprise](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise)."{% endif %}
 
 {% endnote %}
 

tests/fixtures/versionless-redirects.txt

@@ -60,7 +60,7 @@
 - /github/setting-up-and-managing-your-enterprise/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-enterprise-account
 - /github/setting-up-and-managing-your-enterprise/setting-policies-for-organizations-in-your-enterprise-account/configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-enterprise-account
 
-/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-advanced-security-in-your-enterprise
+/enterprise-cloud@latest/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise
 - /github/setting-up-and-managing-your-enterprise/enforcing-policies-for-advanced-security-in-your-enterprise-account
 - /github/setting-up-and-managing-your-enterprise/setting-policies-for-organizations-in-your-enterprise-account/enforcing-policies-for-advanced-security-in-your-enterprise-account