[December 15, 2022] - Secret Scanning Experience for Free Public Repos (Public Beta) (#32702)

Co-authored-by: Sophie <29382425+sophietheking@users.noreply.github.com>
Co-authored-by: github-actions <github-actions@github.com>
Co-authored-by: Aakash Shah <aashah@github.com>
Co-authored-by: amstead <am-stead@github.com>
Co-authored-by: Mariam <15mariams@github.com>
Co-authored-by: Felicity Chapman <felicitymay@github.com>
Co-authored-by: Anne-Marie <102995847+am-stead@users.noreply.github.com>

content/code-security/adopting-github-advanced-security-at-scale/phase-2-preparing-to-enable-at-scale.md

@@ -118,6 +118,14 @@ Before you can proceed with pilot programs and rolling out {% data variables.pro
 
 ## Preparing to enable {% data variables.product.prodname_secret_scanning %}
 
+{% note %}
+
+**Note:** When {% data variables.product.prodname_secret_scanning %} detects a secret in repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_advanced_security %}, {% data variables.product.prodname_dotcom %} alerts all users with access to security alerts for the repository. {% ifversion ghec %}
+
+Secrets found in public repositories using {% data variables.product.prodname_secret_scanning_partner_alerts%} are reported directly to the partner, without creating an alert on {% data variables.product.product_name %}. For details about the supported partner patterns, see "[Supported secrets for partner alerts](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets-for-partner-alerts)."{% endif %}
+
+{% endnote %}
+
 If a project communicates with an external service, it might use a token or private key for authentication. If you check a secret into a repository, anyone who has read access to the repository can use the secret to access the external service with your privileges. {% data variables.product.prodname_secret_scanning_caps %} will scan your entire Git history on all branches present in your {% data variables.product.prodname_dotcom %} repositories for secrets and alert you{% ifversion secret-scanning-push-protection %} or block the push containing the secret{% endif %}. For more information, see "[About secret scanning](/code-security/secret-scanning/about-secret-scanning)."
 
 ### Considerations when enabling {% data variables.product.prodname_secret_scanning %}

content/code-security/getting-started/github-security-features.md

@@ -68,6 +68,15 @@ The security overview allows you to review security configurations and alerts, m
 The security overview shows which security features are enabled for the repository, and offers you the option of configuring any available security features that are not already enabled.
 {% endif %}
 
+
+{% ifversion fpt or ghec %}
+## Available for free public repositories
+
+### {% data variables.product.prodname_secret_scanning_partner_alerts_caps %}
+
+Automatically detect leaked secrets across all public repositories. {% data variables.product.company_short %} informs the relevant service provider that the secret may be compromised. For details of the supported secrets and service providers, see "[Supported secrets for partner alerts](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets-for-partner-alerts)."
+
+{% endif %}
 ## Available with {% data variables.product.prodname_GH_advanced_security %}
 
 {% ifversion fpt %}
@@ -87,21 +96,18 @@ Many {% data variables.product.prodname_GH_advanced_security %} features are ava
 
 Automatically detect security vulnerabilities and coding errors in new or modified code. Potential problems are highlighted, with detailed information, allowing you to fix the code before it's merged into your default branch. For more information, see "[About code scanning](/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning)."
 
-{% ifversion fpt or ghec %}
-### {% data variables.product.prodname_secret_scanning_partner_caps %}
+### {% data variables.product.prodname_secret_scanning_user_alerts_caps %}
 
-Automatically detect leaked secrets across all public repositories. {% data variables.product.company_short %} informs the relevant service provider that the secret may be compromised. For details of the supported secrets and service providers, see "[{% data variables.product.prodname_secret_scanning_caps %} patterns](/code-security/secret-scanning/secret-scanning-patterns)."
+{% ifversion fpt %}
+{% data reusables.secret-scanning.secret-scanning-alerts-beta %} 
+Limited to free public repositories.
 {% endif %}
 
-{% ifversion ghec or ghes or ghae %}
-### {% data variables.product.prodname_secret_scanning_GHAS_caps %}
-
 {% ifversion ghec %}
 Available only with a license for {% data variables.product.prodname_GH_advanced_security %}.
 {% endif %}
 
-Automatically detect tokens or credentials that have been checked into a repository. You can view alerts for any secrets that {% data variables.product.company_short %} finds in your code, so that you know which tokens or credentials to treat as compromised. For more information, see "[About secret scanning](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-for-advanced-security)."
-{% endif %}
+Automatically detect tokens or credentials that have been checked into a repository. You can view alerts for any secrets that {% data variables.product.company_short %} finds in your code, in the "Security" tab of the repository, so that you know which tokens or credentials to treat as compromised. For more information, see {% ifversion fpt or ghec %}"[About {% data variables.product.prodname_secret_scanning_user_alerts %}](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users)"{% elsif ghes %}"[About {% data variables.product.prodname_secret_scanning_user_alerts %} on {% data variables.product.product_name %}](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-on-github-enterprise-server){% elsif ghae %}"[About {% data variables.product.prodname_secret_scanning_user_alerts %} on {% data variables.product.product_name %}](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-on-github-ae){% endif %}."
 
 ### Dependency review
 

content/code-security/getting-started/securing-your-repository.md

@@ -122,7 +122,12 @@ You can set up {% data variables.product.prodname_code_scanning %} to automatica
 
 ## Configuring {% data variables.product.prodname_secret_scanning %}
 
-{% data variables.product.prodname_secret_scanning_caps %} is {% ifversion fpt or ghec %}enabled for all public repositories and is available for private repositories owned by organizations that are part of an enterprise with a license for {% else %}available for organization-owned repositories if your enterprise uses {% endif %}{% data variables.product.prodname_GH_advanced_security %}. {% ifversion fpt %}For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/getting-started/securing-your-repository#configuring-secret-scanning).{% else %}{% data variables.product.prodname_secret_scanning_caps %} may already be enabled for your repository, depending upon your organization's settings.
+{% ifversion fpt %}
+{% data variables.product.prodname_secret_scanning_partner_alerts_caps %} runs automatically on public repositories in all products on {% data variables.product.prodname_dotcom_the_website %}. {% data variables.product.prodname_secret_scanning_user_alerts_caps %} are available for public repositories, as well as repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_advanced_security %}. {% data reusables.advanced-security.more-info-ghas %}{% endif %}
+
+{% ifversion ghec or ghes or ghae %}
+
+{% data variables.product.prodname_secret_scanning_caps %} is {% ifversion ghec %}enabled for all public repositories and is available for private repositories owned by organizations that are part of an enterprise with a license for {% else %}available for organization-owned repositories if your enterprise uses {% endif %}{% data variables.product.prodname_GH_advanced_security %}. {% ifversion fpt %}For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/getting-started/securing-your-repository#configuring-secret-scanning).{% else %}{% data variables.product.prodname_secret_scanning_caps %} may already be enabled for your repository, depending upon your organization's settings.
 
 1. From the main page of your repository, click **{% octicon "gear" aria-label="The Settings gear" %}Settings**.
 2. Click **Security & analysis**.
@@ -130,6 +135,8 @@ You can set up {% data variables.product.prodname_code_scanning %} to automatica
 4. Next to {% data variables.product.prodname_secret_scanning_caps %}, click **Enable**. 
 {% endif %}
 
+{% endif %}
+
 ## Next steps
 You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see {% ifversion fpt or ghes or ghec %} "[Viewing and updating {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts),"{% endif %} {% ifversion fpt or ghec or ghes %}"[Managing pull requests for dependency updates](/code-security/supply-chain-security/managing-pull-requests-for-dependency-updates)," {% endif %}"[Managing {% data variables.product.prodname_code_scanning %} for your repository](/code-security/secure-coding/managing-code-scanning-alerts-for-your-repository)," and "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."
 

content/code-security/secret-scanning/about-secret-scanning.md

@@ -1,7 +1,7 @@
 ---
 title: About secret scanning
 intro: '{% data variables.product.product_name %} scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally.'
-product: '{% data reusables.gated-features.secret-scanning-partner %}'
+product: '{% data reusables.gated-features.secret-scanning %}'
 redirect_from:
   - /github/administering-a-repository/about-token-scanning
   - /articles/about-token-scanning
@@ -31,9 +31,16 @@ If your project communicates with an external service, you might use a token or
 {% ifversion fpt or ghec %}
 {% data variables.product.prodname_secret_scanning_caps %} is available on {% data variables.product.prodname_dotcom_the_website %} in two forms:
 
-1. **{% data variables.product.prodname_secret_scanning_partner_caps %}.** Runs automatically on all public repositories. Any strings that match patterns that were provided by secret scanning partners are reported directly to the relevant partner.
+1. **{% data variables.product.prodname_secret_scanning_partner_alerts_caps %}.** Runs automatically on all public repositories. Any strings that match patterns that were provided by secret scanning partners are reported directly to the relevant partner. For more information, see the "[About {% data variables.product.prodname_secret_scanning_partner_alerts %}](#about-secret-scanning-alerts-for-partners)" section below.
+
+2. **{% data variables.product.prodname_secret_scanning_user_alerts_caps %}.** {% ifversion fpt %}The following users can enable and configure additional scanning:
+   - Owners of repositories on {% data variables.product.prodname_dotcom_the_website %}, on any _public_ repositories they own.
+   - Organizations owning _public_ repositories, on any of these repositories.
+   - Organizations using {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_advanced_security %}, on repositories owned by the organization, including _private_ and _internal_ repositories.{% elsif ghec %}You can enable and configure additional scanning for repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_advanced_security %}. This includes private and internal repositories.{% endif %} 
+  {%- indented_data_reference reusables.secret-scanning.secret-scanning-alerts-beta %}
+  
+  Any strings that match patterns provided by secret scanning partners, by other service providers, or defined by you or your organization, are reported as alerts in the "Security" tab of repositories. If a string in a public repository matches a partner pattern, it is also reported to the partner. For more information, see the "[About {% data variables.product.prodname_secret_scanning_user_alerts %}](#about-secret-scanning-alerts-for-users)" section below.{% endif %}
 
-2. **{% data variables.product.prodname_secret_scanning_GHAS_caps %}.** {% ifversion fpt %}Organizations using {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_advanced_security %} can enable and configure additional scanning for repositories owned by the organization.{% elsif ghec %}You can enable and configure additional scanning for repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_advanced_security %}.{% endif %} Any strings that match patterns provided by secret scanning partners, by other service providers, or defined by your organization, are reported as alerts in the "Security" tab of repositories. If a string in a public repository matches a partner pattern, it is also reported to the partner.{% endif %}{% ifversion fpt %} For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/secret-security/about-secret-scanning#about-secret-scanning-for-advanced-security).{% endif %}
 
 Service providers can partner with {% data variables.product.company_short %} to provide their secret formats for scanning. {% data reusables.secret-scanning.partner-program-link %}
 
@@ -44,31 +51,18 @@ You can also enable {% data variables.product.prodname_secret_scanning %} as a p
 {% endif %}
 
 {% ifversion fpt or ghec %}
-## About {% data variables.product.prodname_secret_scanning_partner %}
+## About {% data variables.product.prodname_secret_scanning_partner_alerts %}
 
-When you make a repository public, or push changes to a public repository, {% data variables.product.product_name %} always scans the code for secrets that match partner patterns. {% ifversion secret-scanning-issue-body-comments %}{% data reusables.secret-scanning.scan-issue-description-and-comments %}{% endif %} If {% data variables.product.prodname_secret_scanning %} detects a potential secret, we notify the service provider who issued the secret. The service provider validates the string and then decides whether they should revoke the secret, issue a new secret, or contact you directly. Their action will depend on the associated risks to you or them. For more information, see "[Supported secrets for partner patterns](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets-for-partner-patterns)."
+When you make a repository public, or push changes to a public repository, {% data variables.product.product_name %} always scans the code for secrets that match partner patterns. {% ifversion secret-scanning-issue-body-comments %}{% data reusables.secret-scanning.scan-issue-description-and-comments %}{% endif %} If {% data variables.product.prodname_secret_scanning %} detects a potential secret, we notify the service provider who issued the secret. The service provider validates the string and then decides whether they should revoke the secret, issue a new secret, or contact you directly. Their action will depend on the associated risks to you or them. For more information, see "[Supported secrets for partner alerts](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets-for-partner-alerts)."
 
-You cannot change the configuration of {% data variables.product.prodname_secret_scanning %} on public repositories.
-
-{% ifversion fpt %}
-{% note %}
-
-{% data reusables.secret-scanning.fpt-GHAS-scans %}
-
-{% endnote %}
-{% endif %}
+You cannot change the configuration of {% data variables.product.prodname_secret_scanning %} for partner patterns on public repositories.
 
 {% endif %}
 
-{% ifversion not fpt %}
+## About {% data variables.product.prodname_secret_scanning_user_alerts %}{% ifversion ghes or ghae %} on {% data variables.product.product_name %}{% endif %}
 
-{% ifversion ghec %}
-## About {% data variables.product.prodname_secret_scanning_GHAS %}
-{% elsif ghes or ghae %}
-## About {% data variables.product.prodname_secret_scanning %} on {% data variables.product.product_name %}
-{% endif %}
-
-{% data variables.product.prodname_secret_scanning_GHAS_caps %} is available on all organization-owned repositories as part of {% data variables.product.prodname_GH_advanced_security %}. It is not available on user-owned repositories. When you enable {% data variables.product.prodname_secret_scanning %} for a repository, {% data variables.product.prodname_dotcom %} scans the code for patterns that match secrets used by many service providers. {% ifversion secret-scanning-issue-body-comments %}{% data reusables.secret-scanning.scan-issue-description-and-comments %}{% endif %} {% ifversion secret-scanning-backfills %}{% data variables.product.prodname_dotcom %} will also periodically run a full git history scan of existing content in {% data variables.product.prodname_GH_advanced_security %} repositories where {% data variables.product.prodname_secret_scanning %} is enabled, and send alert notifications following the {% data variables.product.prodname_secret_scanning %} alert notification settings. {% endif %}For more information, see "{% ifversion ghec %}[Supported secrets for advanced security](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets-for-advanced-security){% else %}[{% data variables.product.prodname_secret_scanning_caps %} patterns](/code-security/secret-scanning/secret-scanning-patterns){% endif %}."
+{% ifversion ghec or ghes or ghae %}
+{% data variables.product.prodname_secret_scanning_user_alerts_caps %} {% ifversion ghec %}are{% else %}is{% endif %} available on all organization-owned repositories as part of {% data variables.product.prodname_GH_advanced_security %}. The feature is not available on user-owned repositories. {% endif %}{% ifversion fpt %}{% data variables.product.prodname_secret_scanning_user_alerts_caps %} are available for all public repositories.{% endif %} When you enable {% data variables.product.prodname_secret_scanning %} for a repository, {% data variables.product.prodname_dotcom %} scans the code for patterns that match secrets used by many service providers. {% ifversion secret-scanning-issue-body-comments %}{% data reusables.secret-scanning.scan-issue-description-and-comments %}{% endif %} When a supported secret is leaked, {% data variables.product.product_name %} generates a {% data variables.product.prodname_secret_scanning %} alert. {% ifversion secret-scanning-backfills %}{% data variables.product.prodname_dotcom %} will also periodically run a full git history scan of existing content in {% data variables.product.prodname_GH_advanced_security %} repositories where {% data variables.product.prodname_secret_scanning %} is enabled, and send alert notifications following the {% data variables.product.prodname_secret_scanning %} alert notification settings. {% endif %}For more information, see "{% ifversion fpt or ghec %}[Supported secrets for user alerts](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets-for-user-alerts){% else %}[{% data variables.product.prodname_secret_scanning_caps %} patterns](/code-security/secret-scanning/secret-scanning-patterns){% endif %}."
 
 {% ifversion secret-scanning-issue-body-comments %}
 {% note %}
@@ -78,39 +72,33 @@ You cannot change the configuration of {% data variables.product.prodname_secret
 {% endnote %}
 {% endif %}
 
-If you're a repository administrator you can enable {% data variables.product.prodname_secret_scanning_GHAS %} for any repository{% ifversion ghec or ghes > 3.4 or ghae > 3.4 %}, including archived repositories{% endif %}. Organization owners can also enable {% data variables.product.prodname_secret_scanning_GHAS %} for all repositories or for all new repositories within an organization. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)" and "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)."
+If you're a repository administrator, you can enable {% data variables.product.prodname_secret_scanning_user_alerts %} for any {% ifversion fpt %}public{% endif %} repository{% ifversion ghec or ghes > 3.4 or ghae > 3.4 %}, including archived repositories{% endif %}. Organization owners can also enable {% data variables.product.prodname_secret_scanning_user_alerts %} for all repositories or for all new repositories within an organization. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)" and "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)."
 
 {% ifversion ghes or ghae or ghec %}You can also define custom {% data variables.product.prodname_secret_scanning %} patterns for a repository, organization, or enterprise. For more information, see "[Defining custom patterns for {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/defining-custom-patterns-for-secret-scanning)."
 {% endif %}
 
-{% ifversion secret-scanning-ghas-store-tokens %}
+{% ifversion secret-scanning-store-tokens %}
 {% data variables.product.company_short %} stores detected secrets using symmetric encryption, both in transit and at rest.{% endif %}{% ifversion ghes > 3.7 %} To rotate the encryption keys used for storing the detected secrets, you can contact {% data variables.contact.contact_ent_support %}.{% endif %}
 
-### About {% data variables.product.prodname_secret_scanning %} alerts
+### Accessing {% data variables.product.prodname_secret_scanning_alerts %}
 
 When you enable {% data variables.product.prodname_secret_scanning %} for a repository or push commits to a repository with {% data variables.product.prodname_secret_scanning %} enabled, {% data variables.product.prodname_dotcom %} scans the contents of those commits for secrets that match patterns defined by service providers{% ifversion ghes or ghae or ghec %} and any custom patterns defined in your enterprise, organization, or repository{% endif %}. {% ifversion secret-scanning-issue-body-comments %}{% data reusables.secret-scanning.scan-issue-description-and-comments %}{% endif %} {% ifversion secret-scanning-backfills %}{% data variables.product.prodname_dotcom %} also periodically runs a scan of all historical content in repositories with {% data variables.product.prodname_secret_scanning %} enabled.{% endif%}
 
 If {% data variables.product.prodname_secret_scanning %} detects a secret, {% data variables.product.prodname_dotcom %} generates an alert.
 
 - {% data variables.product.prodname_dotcom %} sends an email alert to the repository administrators and organization owners. You'll receive an alert if you are watching the repository, and if you have enabled notifications either for security alerts or for all the activity on the repository.
-{% ifversion ghes or ghae or ghec %}
 - If the contributor who committed the secret isn't ignoring the repository, {% data variables.product.prodname_dotcom %} will also send an email alert to the contributor. The emails contains a link to the related {% data variables.product.prodname_secret_scanning %} alert. The commit author can then view the alert in the repository, and resolve the alert.
-{% endif %}
 - {% data variables.product.prodname_dotcom %} displays an alert in the "Security" tab of the repository.
 
-{% ifversion ghes or ghae or ghec %}
-For more information about viewing and resolving {% data variables.product.prodname_secret_scanning %} alerts, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/github/administering-a-repository/managing-alerts-from-secret-scanning)."{% endif %}
+For more information about viewing and resolving {% data variables.product.prodname_secret_scanning_alerts %}, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/github/administering-a-repository/managing-alerts-from-secret-scanning)."
 
-Repository administrators and organization owners can grant users and teams access to {% data variables.product.prodname_secret_scanning %} alerts. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)."
+Repository administrators and organization owners can grant users and teams access to {% data variables.product.prodname_secret_scanning_alerts %}. For more information, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts)."
 
 {% ifversion ghec or ghes or ghae > 3.4 %}
 You can use the security overview to see an organization-level view of which repositories have enabled {% data variables.product.prodname_secret_scanning %} and the alerts found. For more information, see "[Viewing the security overview](/code-security/security-overview/viewing-the-security-overview)."
 {% endif %}
 
-{%- ifversion ghec or ghes or ghae %}You can also use the REST API to 
-monitor results from {% data variables.product.prodname_secret_scanning %} across your {% ifversion ghec %}private {% endif %}repositories{% ifversion ghes %} or your organization{% endif %}. For more information about API endpoints, see "[{% data variables.product.prodname_secret_scanning_caps %}](/rest/reference/secret-scanning)."{% endif %}
-
-{% endif %}
+You can also use the REST API to monitor results from {% data variables.product.prodname_secret_scanning %} across your repositories{% ifversion ghes %} or your organization{% endif %}. For more information about API endpoints, see "[{% data variables.product.prodname_secret_scanning_caps %}](/rest/reference/secret-scanning)."
 
 ## Further reading
 

content/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories.md

@@ -1,13 +1,14 @@
 ---
 title: Configuring secret scanning for your repositories
-intro: 'You can configure how {% data variables.product.prodname_dotcom %} scans your repositories for secrets that match advanced security patterns.'
+intro: 'You can configure how {% data variables.product.prodname_dotcom %} scans your repositories for leaked secrets and generates alerts.'
 product: '{% data reusables.gated-features.secret-scanning %}'
-permissions: 'People with admin permissions to a repository can enable {% data variables.product.prodname_secret_scanning_GHAS %} for the repository.'
+permissions: 'People with admin permissions to a {% ifversion fpt %}public {% endif %}repository can enable {% data variables.product.prodname_secret_scanning %} for the repository.'
 redirect_from:
   - /github/administering-a-repository/configuring-secret-scanning-for-private-repositories
   - /github/administering-a-repository/configuring-secret-scanning-for-your-repositories
   - /code-security/secret-security/configuring-secret-scanning-for-your-repositories
 versions:
+  fpt: '*'
   ghes: '*'
   ghae: '*'
   ghec: '*'
@@ -22,9 +23,11 @@ shortTitle: Configure secret scans
 {% data reusables.secret-scanning.beta %}
 {% data reusables.secret-scanning.enterprise-enable-secret-scanning %}
 
-## Enabling {% data variables.product.prodname_secret_scanning_GHAS %}
+## Enabling {% data variables.product.prodname_secret_scanning_user_alerts %}
 
-You can enable {% data variables.product.prodname_secret_scanning_GHAS %} for any repository that is owned by an organization. Once enabled, {% data reusables.secret-scanning.secret-scanning-process %} {% ifversion secret-scanning-issue-body-comments %}{% data reusables.secret-scanning.scan-issue-description-and-comments %}
+{% data reusables.secret-scanning.secret-scanning-alerts-beta %} 
+
+You can enable {% data variables.product.prodname_secret_scanning_user_alerts %} for any {% ifversion fpt %}free public{% endif %} repository{% ifversion ghec or ghes or ghae %} that is owned by an organization{% else %} that you own{% endif %}. Once enabled, {% data reusables.secret-scanning.secret-scanning-process %}  {% ifversion secret-scanning-issue-body-comments %}{% data reusables.secret-scanning.scan-issue-description-and-comments %}
 
 {% note %}
 
@@ -43,13 +46,16 @@ You can enable {% data variables.product.prodname_secret_scanning_GHAS %} for an
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghec or ghes or ghae %}
 1. If {% data variables.product.prodname_advanced_security %} is not already enabled for the repository, to the right of "{% data variables.product.prodname_GH_advanced_security %}", click **Enable**.
-   {% ifversion fpt or ghec %}![Enable {% data variables.product.prodname_GH_advanced_security %} for your repository](/assets/images/help/repository/enable-ghas-dotcom.png)
+   {% ifversion ghec %}![Enable {% data variables.product.prodname_GH_advanced_security %} for your repository](/assets/images/help/repository/enable-ghas-dotcom.png)
    {% elsif ghes or ghae %}![Enable {% data variables.product.prodname_GH_advanced_security %} for your repository](/assets/images/enterprise/3.1/help/repository/enable-ghas.png){% endif %}
-2. Review the impact of enabling {% data variables.product.prodname_advanced_security %}, then click **Enable {% data variables.product.prodname_GH_advanced_security %} for this repository**.
-3. When you enable {% data variables.product.prodname_advanced_security %}, {% data variables.product.prodname_secret_scanning %} may automatically be enabled for the repository due to the organization's settings. If "{% data variables.product.prodname_secret_scanning_caps %}" is shown with an **Enable** button, you still need to enable {% data variables.product.prodname_secret_scanning %} by clicking **Enable**. If you see a **Disable** button, {% data variables.product.prodname_secret_scanning %} is already enabled. 
-   ![Enable {% data variables.product.prodname_secret_scanning %} for your repository](/assets/images/help/repository/enable-secret-scanning-dotcom.png)
+1. Review the impact of enabling {% data variables.product.prodname_advanced_security %}, then click **Enable {% data variables.product.prodname_GH_advanced_security %} for this repository**.
+1. When you enable {% data variables.product.prodname_advanced_security %}, {% data variables.product.prodname_secret_scanning %} may automatically be enabled for the repository due to the organization's settings. If "{% data variables.product.prodname_secret_scanning_caps %}" is shown with an **Enable** button, you still need to enable {% data variables.product.prodname_secret_scanning %} by clicking **Enable**. If you see a **Disable** button, {% data variables.product.prodname_secret_scanning %} is already enabled. 
+   ![Enable {% data variables.product.prodname_secret_scanning %} for your repository](/assets/images/help/repository/enable-secret-scanning-ghec.png){% endif %}{% ifversion fpt %}
+2. Scroll down to the bottom of the page, and click **Enable** for {% data variables.product.prodname_secret_scanning %}. If you see a **Disable** button, it means that {% data variables.product.prodname_secret_scanning %} is already enabled for the repository. 
+   ![Enable {% data variables.product.prodname_secret_scanning %} for your repository](/assets/images/help/repository/enable-secret-scanning-alerts-fpt.png){% endif %}
+
 {% ifversion secret-scanning-push-protection %}
 1. Optionally, if you want to enable push protection, click **Enable** to the right of "Push protection." {% data reusables.secret-scanning.push-protection-overview %} For more information, see "[Protecting pushes with {% data variables.product.prodname_secret_scanning %}](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)."
    ![Enable push protection for your repository](/assets/images/help/repository/secret-scanning-enable-push-protection.png)
@@ -63,7 +69,7 @@ You can enable {% data variables.product.prodname_secret_scanning_GHAS %} for an
    ![Enable {% data variables.product.prodname_secret_scanning %} for your repository](/assets/images/enterprise/github-ae/repository/enable-secret-scanning-ghae.png)
 {% endif %}
 
-## Excluding directories from {% data variables.product.prodname_secret_scanning_GHAS %}
+## Excluding directories from {% data variables.product.prodname_secret_scanning_user_alerts %}
 
 You can use a *secret_scanning.yml* file to exclude directories from {% data variables.product.prodname_secret_scanning %}. For example, you can exclude directories that contain tests or randomly generated content.
 
@@ -88,7 +94,9 @@ You can use a *secret_scanning.yml* file to exclude directories from {% data var
 
 You can also ignore individual alerts from {% data variables.product.prodname_secret_scanning %}. For more information, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/github/administering-a-repository/managing-alerts-from-secret-scanning#managing-secret-scanning-alerts)."
 
+{% ifversion not fpt %}
 ## Further reading
 
 - "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)"
 - "[Defining custom patterns for {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/defining-custom-patterns-for-secret-scanning)"
+{% endif %}

content/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning.md

@@ -1,7 +1,7 @@
 ---
 title: Defining custom patterns for secret scanning
 shortTitle: Define custom patterns
-intro: 'You can extend {% data variables.product.prodname_secret_scanning_GHAS %} to detect secrets beyond the default patterns.'
+intro: 'You can extend {% data variables.product.prodname_secret_scanning %} to detect secrets beyond the default patterns.'
 product: '{% data reusables.gated-features.secret-scanning %}'
 redirect_from:
   - /code-security/secret-security/defining-custom-patterns-for-secret-scanning
@@ -22,9 +22,11 @@ You can define custom patterns to identify secrets that are not detected by the
 
 You can define custom patterns for your enterprise, organization, or repository. {% data variables.product.prodname_secret_scanning_caps %} supports up to 500 custom patterns for each organization or enterprise account, and up to 100 custom patterns per repository.
 
+{% ifversion secret-scanning-push-protection-custom-patterns %}You can also enable push protection for custom patterns. For more information about push protection, see "[Protecting pushes with secret scanning](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)."{% endif %}
+
 ## Regular expression syntax for custom patterns
 
-You can specify custom patterns for {% data variables.product.prodname_secret_scanning_GHAS %} as one or more regular expressions.
+You can specify custom patterns for {% data variables.product.prodname_secret_scanning %} as one or more regular expressions.
 
 - **Secret format:** an expression that describes the format of the secret itself.
 - **Before secret:** an expression that describes the characters that come before the secret. By default, this is set to `\A|[^0-9A-Za-z]` which means that the secret must be at the start of a line or be preceded by a non-alphanumeric character.
@@ -49,9 +51,21 @@ Before defining a custom pattern, you must ensure that {% data variables.product
 {% data reusables.advanced-security.secret-scanning-dry-run-results %}
 {%- ifversion secret-scanning-custom-enterprise-35 %}{% indented_data_reference reusables.secret-scanning.beta-dry-runs spaces=3 %}{% endif %}
 {% endif %}
-{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}
+{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}{% ifversion secret-scanning-push-protection-custom-patterns %}
+1. Optionally, to enable push protection for your custom pattern, click **Enable**.
 
-After your pattern is created, {% data reusables.secret-scanning.secret-scanning-process %} For more information on viewing {% data variables.product.prodname_secret_scanning %} alerts, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."
+   {% note %}
+
+   **Note:**
+
+   - Push protection for custom patterns will only apply to repositories that have {% data variables.product.prodname_secret_scanning %} as push protection enabled. For more information, see "[Enabling secret scanning as a push protection for a repository](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-a-repository)."
+   - Enabling push protection for commonly found custom patterns can be disruptive to contributors.
+
+   {% endnote %}
+
+   ![Screenshot of custom pattern page with the button to enable push protection emphasized](/assets/images/help/repository/secret-scanning-custom-pattern-enable-push-protection.png){% endif %}
+
+After your pattern is created, {% data reusables.secret-scanning.secret-scanning-process %} For more information on viewing {% data variables.product.prodname_secret_scanning_alerts %}, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."
 
 ### Example of a custom pattern specified using additional requirements
 
@@ -89,7 +103,7 @@ Before defining a custom pattern, you must ensure that you enable {% data variab
 {% ifversion ghes < 3.5 or ghae %}
 {% note %}
 
-**Note:** As there is no dry-run functionality, we recommend that you test your custom patterns in a repository before defining them for your entire organization. That way, you can avoid creating excess false-positive {% data variables.product.prodname_secret_scanning %} alerts.
+**Note:** As there is no dry-run functionality, we recommend that you test your custom patterns in a repository before defining them for your entire organization. That way, you can avoid creating excess false-positive {% data variables.product.prodname_secret_scanning_alerts %}.
 
 {% endnote %}
 {% endif %}
@@ -106,9 +120,20 @@ Before defining a custom pattern, you must ensure that you enable {% data variab
 {% data reusables.advanced-security.secret-scanning-dry-run-results %}
 {%- ifversion secret-scanning-custom-enterprise-35 %}{% indented_data_reference reusables.secret-scanning.beta-dry-runs spaces=3 %}{% endif %}
 {%- endif %}
-{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}
+{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}{% ifversion secret-scanning-push-protection-custom-patterns %}
+1. Optionally, to enable push protection for your custom pattern, click **Enable**.
 
-After your pattern is created, {% data variables.product.prodname_secret_scanning %} scans for any secrets in repositories in your organization, including their entire Git history on all branches. Organization owners and repository administrators will be alerted to any secrets found and can review the alert in the repository where the secret is found. For more information on viewing {% data variables.product.prodname_secret_scanning %} alerts, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."
+   {% note %}
+
+   **Note:**
+   - Push protection for custom patterns will only apply to repositories in your organization that have {% data variables.product.prodname_secret_scanning %} as push protection enabled. For more information, see "[Enabling secret scanning as a push protection for an organization](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-for-an-organization)."
+   - Enabling push protection for commonly found custom patterns can be disruptive to contributors.
+
+   {% endnote %}
+
+   ![Screenshot of custom pattern page with the button to enable push protection emphasized](/assets/images/help/repository/secret-scanning-custom-pattern-enable-push-protection.png){% endif %}
+
+After your pattern is created, {% data variables.product.prodname_secret_scanning %} scans for any secrets in repositories in your organization, including their entire Git history on all branches. Organization owners and repository administrators will be alerted to any secrets found and can review the alert in the repository where the secret is found. For more information on viewing {% data variables.product.prodname_secret_scanning_alerts %}, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."
 
 ## Defining a custom pattern for an enterprise account
 
@@ -122,10 +147,10 @@ Before defining a custom pattern, you must ensure that you enable secret scannin
 
 {% ifversion secret-scanning-custom-enterprise-36 or custom-pattern-dry-run-ga %}
 **Notes:**
-- At the enterprise level, only the creator of a custom pattern can edit the pattern, and use it in a dry run. 
+- At the enterprise level, only the creator of a custom pattern can edit the pattern, and use it in a dry run.
 - Enterprise owners can only make use of dry runs on repositories that they have access to, and enterprise owners do not necessarily have access to all the organizations or repositories within the enterprise.
 {% else %}
-**Note:** As there is no dry-run functionality, we recommend that you test your custom patterns in a repository before defining them for your entire enterprise. That way, you can avoid creating excess false-positive {% data variables.product.prodname_secret_scanning %} alerts.
+**Note:** As there is no dry-run functionality, we recommend that you test your custom patterns in a repository before defining them for your entire enterprise. That way, you can avoid creating excess false-positive {% data variables.product.prodname_secret_scanning_alerts %}.
 
 {% endif %}
 
@@ -147,19 +172,23 @@ Before defining a custom pattern, you must ensure that you enable secret scannin
 {%- endif %}
 {% data reusables.advanced-security.secret-scanning-create-custom-pattern %}
 
-After your pattern is created, {% data variables.product.prodname_secret_scanning %} scans for any secrets in repositories within your enterprise's organizations with {% data variables.product.prodname_GH_advanced_security %} enabled, including their entire Git history on all branches. Organization owners and repository administrators will be alerted to any secrets found, and can review the alert in the repository where the secret is found. For more information on viewing {% data variables.product.prodname_secret_scanning %} alerts, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."
+After your pattern is created, {% data variables.product.prodname_secret_scanning %} scans for any secrets in repositories within your enterprise's organizations with {% data variables.product.prodname_GH_advanced_security %} enabled, including their entire Git history on all branches. Organization owners and repository administrators will be alerted to any secrets found, and can review the alert in the repository where the secret is found. For more information on viewing {% data variables.product.prodname_secret_scanning_alerts %}, see "[Managing alerts from {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/managing-alerts-from-secret-scanning)."
 
 ## Editing a custom pattern
 
-When you save a change to a custom pattern, this closes all the {% data variables.product.prodname_secret_scanning %} alerts that were created using the previous version of the pattern.
+When you save a change to a custom pattern, this closes all the {% data variables.product.prodname_secret_scanning_alerts %} that were created using the previous version of the pattern.
 1. Navigate to where the custom pattern was created. A custom pattern can be created in a repository, organization, or enterprise account.
    * For a repository or organization, display the "Security & analysis" settings for the repository or organization where the custom pattern was created. For more information, see "[Defining a custom pattern for a repository](#defining-a-custom-pattern-for-a-repository)" or "[Defining a custom pattern for an organization](#defining-a-custom-pattern-for-an-organization)" above.
    * For an enterprise, under "Policies" display the "Advanced Security" area, and then click **Security features**. For more information, see "[Defining a custom pattern for an enterprise account](#defining-a-custom-pattern-for-an-enterprise-account)" above.
-2. Under "{% data variables.product.prodname_secret_scanning_caps %}", to the right of the custom pattern you want to edit, click {% octicon "pencil" aria-label="The edit icon" %}.
+1. Under "{% data variables.product.prodname_secret_scanning_caps %}", to the right of the custom pattern you want to edit, click {% octicon "pencil" aria-label="The edit icon" %}.
 {%- ifversion secret-scanning-custom-enterprise-36 or custom-pattern-dry-run-ga  %}
-3. When you're ready to test your edited custom pattern, to identify matches without creating alerts, click **Save and dry run**.
+1. When you're ready to test your edited custom pattern, to identify matches without creating alerts, click **Save and dry run**.
 {%- endif %}
-4. When you have reviewed and tested your changes, click **Save changes**.
+1. When you have reviewed and tested your changes, click **Publish changes**.{% ifversion secret-scanning-push-protection-custom-patterns %}
+{% data reusables.advanced-security.secret-scanning-enable-push-protection-custom-pattern %}
+1. Optionally, to disable push protection for your custom pattern, click **Disable**.
+
+   ![Screenshot of custom pattern page with the button to disable push protection emphasized](/assets/images/help/repository/secret-scanning-disable-push-protection-custom-pattern.png){% endif %}
 
 ## Removing a custom pattern
 

content/code-security/secret-scanning/index.md

@@ -2,7 +2,7 @@
 title: Keeping secrets secure with secret scanning
 shortTitle: Secret scanning
 intro: 'Let {% data variables.product.company_short %} do the hard work of ensuring that tokens, private keys, and other code secrets are not exposed in your repository.'
-product: '{% data reusables.gated-features.secret-scanning-partner %}'
+product: '{% data reusables.gated-features.secret-scanning %}'
 redirect_from:
   - /code-security/secret-security
 versions:

content/code-security/secret-scanning/managing-alerts-from-secret-scanning.md

@@ -1,12 +1,13 @@
 ---
 title: Managing alerts from secret scanning
 intro: You can view and close alerts for secrets checked in to your repository.
-permissions: 'People with admin access to a repository can view and dismiss alerts.'
+permissions: 'People with admin access to a {% ifversion fpt %}public {% endif %}repository can view and dismiss secret scanning alerts for the repository.'
 product: '{% data reusables.gated-features.secret-scanning %}'
 redirect_from:
   - /github/administering-a-repository/managing-alerts-from-secret-scanning
   - /code-security/secret-security/managing-alerts-from-secret-scanning
 versions:
+  fpt: '*'
   ghes: '*'
   ghae: '*'
   ghec: '*'
@@ -20,13 +21,14 @@ shortTitle: Manage secret alerts
 ---
 
 {% data reusables.secret-scanning.beta %}
+{% data reusables.secret-scanning.secret-scanning-alerts-beta %} 
 
-## Managing {% data variables.product.prodname_secret_scanning %} alerts
+## Managing {% data variables.product.prodname_secret_scanning_alerts%}
 
-{% ifversion ghec %}
+{% ifversion fpt or ghec %}
 {% note %}
 
-**Note:** Alerts are created only for repositories with {% data variables.product.prodname_secret_scanning_GHAS %} enabled. Secrets found in public repositories using the free {% data variables.product.prodname_secret_scanning_partner%} service are reported directly to the partner, without creating an alert.
+**Note:** Alerts are created only for repositories with {% data variables.product.prodname_secret_scanning_user_alerts %} enabled. Secrets found in public repositories using the free {% data variables.product.prodname_secret_scanning_partner_alerts%} service are reported directly to the partner, without creating an alert. For more information, see "[Supported secrets for partner alerts](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets-for-partner-alerts)."
 
 {% endnote %}
 {% endif %}
@@ -34,27 +36,32 @@ shortTitle: Manage secret alerts
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-security %}
 1. In the left sidebar, click **Secret scanning alerts**.
-   {% ifversion ghes or ghec %}
+   {% ifversion fpt or ghes or ghec %}
    !["Secret scanning alerts" tab](/assets/images/help/repository/sidebar-secrets.png)
    {% endif %}
    {% ifversion ghae %}
    !["Secret scanning alerts" tab](/assets/images/enterprise/github-ae/repository/sidebar-secrets-ghae.png)
    {% endif %}
 1. Under "Secret scanning" click the alert you want to view.
+   {% ifversion fpt %}
+   ![List of alerts from secret scanning](/assets/images/help/repository/secret-scanning-alerts-click-alert-fpt.png)
+   {% endif %}
    {% ifversion ghec %}
-   ![List of alerts from secret scanning](/assets/images/help/repository/secret-scanning-click-alert.png)
+   ![List of alerts from secret scanning](/assets/images/help/repository/secret-scanning-click-alert-ghec.png)
    {% endif %}
    {% ifversion ghes %}
    ![List of alerts from secret scanning](/assets/images/help/repository/secret-scanning-click-alert-ghe.png)
    {% endif %}
    {% ifversion ghae %}
    ![List of alerts from secret scanning](/assets/images/enterprise/github-ae/repository/secret-scanning-click-alert-ghae.png)
-   {% endif %}{% ifversion secret-scanning-dismissal-comment %}
+   {% endif %}{% ifversion secret-scanning-partner-documentation-link-UI %}
 1. To dismiss an alert, select the "Dismiss alert" dropdown menu and click a reason for resolving an alert.
 
-   ![Screenshot of the dropdown menu for dismissing an alert from secret scanning](/assets/images/help/repository/secret-scanning-dismiss-alert.png){% else %}
-1. To dismiss an alert, select the "Mark as" dropdown menu and click a reason for resolving an alert. 
-  
+   ![Screenshot of the dropdown menu for dismissing an alert from secret scanning showing link to partner documentation](/assets/images/help/repository/secret-scanning-dismiss-alert-web-ui-link-partner-documentation.png)
+
+   {% else %}
+1. To dismiss an alert, select the "Mark as" dropdown menu and click a reason for resolving an alert.
+
    ![Screenshot of the dropdown menu for resolving an alert from secret scanning](/assets/images/enterprise/3.2/repository/secret-scanning-resolve-alert-ghe.png)
 
    {% endif %}{% ifversion secret-scanning-dismissal-comment %}
@@ -75,15 +82,15 @@ Once a secret has been committed to a repository, you should consider the secret
 {%- endif %}
 - For all other secrets, first verify that the secret committed to {% data variables.product.product_name %} is valid. If so, create a new secret, update any services that use the old secret, and then delete the old secret.
 
-{% ifversion ghec %}
+{% ifversion fpt or ghec %}
 {% note %}
 
-**Note:** If a secret is detected in a public repository on {% data variables.product.prodname_dotcom_the_website %} and the secret also matches a partner pattern, an alert is generated and the potential secret is reported to the service provider. For details of partner patterns, see "[Supported secrets for partner patterns](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets-for-partner-patterns)."
+**Note:** If a secret is detected in a public repository on {% data variables.product.prodname_dotcom_the_website %} and the secret also matches a partner pattern, an alert is generated and the potential secret is reported to the service provider. For details of partner patterns, see "[Supported secrets for partner alerts](/code-security/secret-scanning/secret-scanning-patterns#supported-secrets-for-partner-alerts)."
 
 {% endnote %}
 {% endif %}
 
-## Configuring notifications for {% data variables.product.prodname_secret_scanning %} alerts
+## Configuring notifications for {% data variables.product.prodname_secret_scanning_alerts %}
 
 When a new secret is detected, {% data variables.product.product_name %} notifies all users with access to security alerts for the repository according to their notification preferences. You will receive an email notification if you are watching the repository, have enabled notifications for security alerts or for all the activity on the repository, or are the author of the commit that contains the secret and are not ignoring the repository.
 

content/code-security/secret-scanning/protecting-pushes-with-secret-scanning.md

@@ -22,7 +22,7 @@ shortTitle: Enable push protection
 
 ## About push protection for secrets
 
-Up to now, {% data variables.product.prodname_secret_scanning_GHAS %} checks for secrets _after_ a push and alerts users to exposed secrets. {% data reusables.secret-scanning.push-protection-overview %}
+Up to now, {% data variables.product.prodname_secret_scanning %} checks for secrets _after_ a push and alerts users to exposed secrets. {% data reusables.secret-scanning.push-protection-overview %} {% ifversion secret-scanning-push-protection-custom-patterns %}{% data variables.product.prodname_secret_scanning_caps %} can also check pushes for custom patterns. For more information, see "[Defining custom patterns for secret scanning](/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning)."{% endif %}
 
 If a contributor bypasses a push protection block for a secret, {% data variables.product.prodname_dotcom %}:
 - creates an alert in the "Security" tab of the repository in the state described in the table below.
@@ -46,7 +46,7 @@ Enterprise administrators can also enable or disable {% data variables.product.p
 ### Enabling {% data variables.product.prodname_secret_scanning %} as a push protection for your enterprise
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}
-1. In the left sidebar, click **Code security and analysis**. 
+1. In the left sidebar, click **Code security and analysis**.
 {% data reusables.advanced-security.secret-scanning-push-protection-enterprise %}
 {% endif %}
 
@@ -70,9 +70,9 @@ Enterprise administrators can also enable or disable {% data variables.product.p
 
 {% data reusables.secret-scanning.push-protection-command-line-choice %}
 
-Up to five detected secrets will be displayed at a time on the command line. If a particular secret has already been detected in the repository and an alert already exists, {% data variables.product.prodname_dotcom %} will not block that secret. 
+Up to five detected secrets will be displayed at a time on the command line. If a particular secret has already been detected in the repository and an alert already exists, {% data variables.product.prodname_dotcom %} will not block that secret.
 
-{% ifversion push-protection-custom-link-orgs %} 
+{% ifversion push-protection-custom-link-orgs %}
 
 Organization admins can provide a custom link that will be displayed when a push is blocked. This custom link can contain organization-specific resources and advice, such as directions on using a recommended secrets vault or who to contact for questions relating to the blocked secret.
 
@@ -121,7 +121,7 @@ If {% data variables.product.prodname_dotcom %} blocks a secret that you believe
 
 {% data variables.product.prodname_dotcom %} will only display one detected secret at a time in the web UI. If a particular secret has already been detected in the repository and an alert already exists, {% data variables.product.prodname_dotcom %} will not block that secret.
 
-{% ifversion push-protection-custom-link-orgs %} 
+{% ifversion push-protection-custom-link-orgs %}
 
 Organization admins can provide a custom link that will be displayed when a push is blocked. This custom link can contain resources and advice specific to your organization. For example, the custom link can point to a README file with information about the organization's secret vault, which teams and individuals to escalate questions to, or the organization's approved policy for working with secrets and rewriting commit history.
 {% endif %}
@@ -132,7 +132,7 @@ You can remove the secret from the file using the web UI. Once you remove the se
 
 ### Bypassing push protection for a secret
 
-{% data reusables.secret-scanning.push-protection-remove-secret %} For more information about remediating blocked secrets, see "[Pushing a branch blocked by push protection](/code-security/secret-scanning/pushing-a-branch-blocked-by-push-protection#resolving-a-blocked-push-in-the-web-ui)." 
+{% data reusables.secret-scanning.push-protection-remove-secret %} For more information about remediating blocked secrets, see "[Pushing a branch blocked by push protection](/code-security/secret-scanning/pushing-a-branch-blocked-by-push-protection#resolving-a-blocked-push-in-the-web-ui)."
 
 If you confirm a secret is real and that you intend to fix it later, you should aim to remediate the secret as soon as possible. For more information, see "[Removing sensitive data from a repository](/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository)."
 

content/code-security/secret-scanning/secret-scanning-patterns.md

@@ -1,7 +1,7 @@
 ---
 title: Secret scanning patterns
 intro: 'Lists of supported secrets and the partners that {% data variables.product.company_short %} works with to prevent fraudulent use of secrets that were committed accidentally.'
-product: '{% data reusables.gated-features.secret-scanning-partner %}'
+product: '{% data reusables.gated-features.secret-scanning %}'
 versions:
   fpt: '*'
   ghes: '*'
@@ -23,27 +23,28 @@ redirect_from:
 
 {% data variables.product.product_name %} maintains these different sets of {% data variables.product.prodname_secret_scanning %} patterns:
 
-1. **Partner patterns.** Used to detect potential secrets in all public repositories. For details, see "[Supported secrets for partner patterns](#supported-secrets-for-partner-patterns)."
-2. **Advanced security patterns.** Used to detect potential secrets in repositories with {% data variables.product.prodname_secret_scanning %} enabled. {% ifversion ghec %} For details, see "[Supported secrets for advanced security](#supported-secrets-for-advanced-security)."{% endif %}{% ifversion secret-scanning-push-protection %}
+1. **Partner patterns.** Used to detect potential secrets in all public repositories. For details, see "[Supported secrets for partner alerts](#supported-secrets-for-partner-alerts)."
+2. **User alert patterns.** Used to detect potential secrets in {% ifversion fpt %}public{% endif %} repositories with {% data variables.product.prodname_secret_scanning_user_alerts %} enabled. For details, see "[Supported secrets for user alerts](#supported-secrets-for-user-alerts)."{% ifversion secret-scanning-push-protection %}
 3. **Push protection patterns.** Used to detect potential secrets in repositories with {% data variables.product.prodname_secret_scanning %} as a push protection enabled. For details, see "[Supported secrets for push protection](#supported-secrets-for-push-protection)."{% endif %}
 
 {% ifversion fpt %}
-Organizations using {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_GH_advanced_security %} can enable {% data variables.product.prodname_secret_scanning_GHAS %} on their repositories. For details of these patterns, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/secret-scanning/secret-scanning-patterns#supported-secrets-for-advanced-security).
+Owners of public repositories, as well as organizations using {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_GH_advanced_security %}, can enable {% data variables.product.prodname_secret_scanning_user_alerts %} on their repositories. For details of these patterns, see the "[Supported secrets for user alerts](#supported-secrets-for-user-alerts) section below.
 {% endif %}
 
-## Supported secrets for partner patterns
+## Supported secrets for partner alerts
 
-{% data variables.product.product_name %} currently scans public repositories for secrets issued by the following service providers and alerts the relevant service provider whenever a secret is detected in a commit. For more information about {% data variables.product.prodname_secret_scanning_partner %}, see "[About {% data variables.product.prodname_secret_scanning_partner %}](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-for-partner-patterns)."
+{% data variables.product.product_name %} currently scans public repositories for secrets issued by the following service providers and alerts the relevant service provider whenever a secret is detected in a commit. For more information about {% data variables.product.prodname_secret_scanning_partner_alerts %}, see "[About {% data variables.product.prodname_secret_scanning_partner_alerts %}](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-partners)."
 
 {% data reusables.secret-scanning.secret-scanning-pattern-pair-matches %}
 
 {% data reusables.secret-scanning.partner-secret-list-public-repo %}
 {% endif %}
 
-{% ifversion ghec or ghae or ghes %}
-## Supported secrets{% ifversion ghec %} for advanced security{% endif %}
+## Supported secrets for {% ifversion fpt or ghec %}user {% endif %}alerts
 
-When {% data variables.product.prodname_secret_scanning_GHAS %} is enabled, {% data variables.product.prodname_dotcom %} scans for secrets issued by the following service providers. {% ifversion ghec %}For more information about {% data variables.product.prodname_secret_scanning_GHAS %}, see "[About {% data variables.product.prodname_secret_scanning_GHAS %}](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-for-advanced-security)."{% endif %}
+{% data reusables.secret-scanning.secret-scanning-alerts-beta %} 
+
+When {% data variables.product.prodname_secret_scanning_user_alerts %} {% ifversion fpt or ghec %}are{% else %}is{% endif %} enabled, {% data variables.product.prodname_dotcom %} scans repositories for secrets issued by the following service providers and generates {% data variables.product.prodname_secret_scanning_alerts %}. You can see these alerts on the "Security" tab of the repository. {% ifversion fpt or ghec %}For more information about {% data variables.product.prodname_secret_scanning_user_alerts %}, see "[About {% data variables.product.prodname_secret_scanning_user_alerts %}](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users)."{% endif %}
 
 {% data reusables.secret-scanning.secret-scanning-pattern-pair-matches %}
 
@@ -58,7 +59,6 @@ If you use the REST API for secret scanning, you can use the `Secret type` to re
 {% endif %}
 
 {% data reusables.secret-scanning.partner-secret-list-private-repo %}
-{% endif %}
 
 {% ifversion secret-scanning-push-protection %}
 ## Supported secrets for push protection

content/code-security/security-overview/about-the-security-overview.md

@@ -33,17 +33,19 @@ shortTitle: About the security overview
 {% ifversion ghec or ghes or ghae %}
 The security overview shows which security features are enabled for repositories and consolidate alerts for each feature. 
 
-- Risk and coverage information about {% data variables.product.prodname_dependabot %} features and alerts is shown for all repositories. 
-- Risk and coverage information for {% data variables.product.prodname_GH_advanced_security %} features, such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}, is shown only for enterprises that use {% data variables.product.prodname_GH_advanced_security %}.
+- Risk and coverage information about {% data variables.product.prodname_dependabot %} features and alerts is shown for all repositories. {% ifversion ghes or ghae %}
+- Risk and coverage information for {% data variables.product.prodname_GH_advanced_security %} features, such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}, is shown for enterprises that use {% data variables.product.prodname_GH_advanced_security %} and for public repositories.
 
-For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies)" and "[About {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)."
+{% endif %}
+
+For more information, see "[About {% data variables.product.prodname_dependabot_alerts %}](/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/about-alerts-for-vulnerable-dependencies#dependabot-alerts-for-vulnerable-dependencies){% ifversion ghes or ghae %}" and{% elsif ghec %}," "[About {% data variables.product.prodname_secret_scanning_user_alerts %}](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users)" and{% endif %} "[About {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)."
 
 ## About filtering and sorting alerts
 
 The security overview provides a powerful way to understand the security of a group of repositories. The views are interactive with filters that allow you to drill into the aggregated data and identify sources of high risk or low feature coverage. As you apply multiple filters to focus on narrower areas of interest, the data across the view changes to reflect your selection. For more information, see "[Filtering alerts in the security overview](/code-security/security-overview/filtering-alerts-in-the-security-overview)."
 
 {% ifversion security-overview-alert-views %}
-There are also dedicated views for each type of security alert that you can use to limit your analysis to a specific set of alerts, and then narrow the results further with a range of filters specific to each view. For example, in the {% data variables.product.prodname_secret_scanning %} alert view, you can use the `Secret type` filter to view only {% data variables.product.prodname_secret_scanning %} alerts for a specific secret, like a GitHub {% data variables.product.pat_generic %}.
+There are also dedicated views for each type of security alert that you can use to limit your analysis to a specific set of alerts, and then narrow the results further with a range of filters specific to each view. For example, in the {% data variables.product.prodname_secret_scanning %} alert view, you can use the `Secret type` filter to view only {% data variables.product.prodname_secret_scanning_alerts %} for a specific secret, like a GitHub {% data variables.product.pat_generic %}.
 {% endif %}
 
 {% note %}
@@ -58,7 +60,7 @@ There are also dedicated views for each type of security alert that you can use
 
 You can find the security overview on the **Security** tab for any organization that's owned by an enterprise. Each view shows aggregated data that you can drill down into, as you add each filter, the data is updated to reflect the repositories or alerts that you've selected.
 
-The application security team at your company can use the different views for both broad and specific analyses of your organization's security status. {% ifversion security-overview-org-risk-coverage %}For example, the team can use the "Security Coverage" page to monitor the adoption of features across your organization or by a specific team as you rollout {% data variables.product.prodname_GH_advanced_security %}, or use the "Security Risk" page to identify repositories with more than five open {% data variables.product.prodname_secret_scanning %} alerts.{% else %}For example, they can use the overview page to monitor adoption of features by your organization or by a specific team as you rollout {% data variables.product.prodname_GH_advanced_security %} to your enterprise, or to review all alerts of a specific type and severity level across all repositories in your organization.{% endif %}
+The application security team at your company can use the different views for both broad and specific analyses of your organization's security status. {% ifversion security-overview-org-risk-coverage %}For example, the team can use the "Security Coverage" page to monitor the adoption of features across your organization or by a specific team as you rollout {% data variables.product.prodname_GH_advanced_security %}, or use the "Security Risk" page to identify repositories with more than five open {% data variables.product.prodname_secret_scanning_alerts %}.{% else %}For example, they can use the overview page to monitor adoption of features by your organization or by a specific team as you rollout {% data variables.product.prodname_GH_advanced_security %} to your enterprise, or to review all alerts of a specific type and severity level across all repositories in your organization.{% endif %}
 
 Organization owners and security managers for organizations have access to the security overview for their organizations. {% ifversion ghec or ghes > 3.6 or ghae > 3.6 %}Organization members can also access the organization-level security overview to view results for repositories where they have admin privileges or have been granted access to security alerts. For more information on managing security alert access, see "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)."{% endif %}
 

content/code-security/security-overview/filtering-alerts-in-the-security-overview.md

@@ -46,7 +46,7 @@ In the examples below, replace `:enabled` with `:not-enabled` to see repositorie
 | -------- | -------- |
 | `code-scanning:enabled` | Display repositories that have set up {% data variables.product.prodname_code_scanning %}. | 
 | `dependabot:enabled` | Display repositories that have enabled {% data variables.product.prodname_dependabot_alerts %}. |
-| `secret-scanning:enabled` | Display repositories that have enabled {% data variables.product.prodname_secret_scanning %} alerts. {% ifversion security-overview-org-risk-coverage %} |
+| `secret-scanning:enabled` | Display repositories that have enabled {% data variables.product.prodname_secret_scanning_alerts %}. {% ifversion security-overview-org-risk-coverage %} |
 | `any-feature:enabled` | Display repositories where at least one security feature is enabled. |{% else %}
 | `not-enabled:any` | Display repositories with at least one security feature that is not enabled. |{% endif %}
 
@@ -101,7 +101,7 @@ These qualifiers are available in the enterprise-level view.
 | Qualifier | Description |
 | -------- | -------- |
 | <code>code-scanning:<em>n</em></code> | Display repositories that have *n* {% data variables.product.prodname_code_scanning %} alerts. This qualifier can use `=`, `>` and `<` comparison operators. |
-| <code>secret-scanning:<em>n</em></code> | Display repositories that have *n* {% data variables.product.prodname_secret_scanning %} alerts. This qualifier can use `=`, `>` and `<` comparison operators. |
+| <code>secret-scanning:<em>n</em></code> | Display repositories that have *n* {% data variables.product.prodname_secret_scanning_alerts %}. This qualifier can use `=`, `>` and `<` comparison operators. |
 | <code>dependabot:<em>n</em></code> | Display repositories that have *n* {% data variables.product.prodname_dependabot_alerts %}. This qualifier can use `=`, `>` and `<` comparison operators. |
 
 

content/code-security/supply-chain-security/end-to-end-supply-chain/securing-code.md

@@ -70,20 +70,23 @@ Code often needs to communicate with other systems over a network, and requires
 
 {% note %}
 
-**Note:** {% data reusables.gated-features.secret-scanning-partner %}
+**Note:** {% data reusables.gated-features.secret-scanning %}
 
 {% endnote %}
 
 {% data reusables.secret-scanning.enterprise-enable-secret-scanning %}
 
 {% ifversion fpt or ghec %}
-{% data variables.product.prodname_dotcom %} partners with many providers to automatically detect when secrets are committed to or stored in your public repositories, and will notify the provider so they can take appropriate actions to ensure your account remains secure. For more information, see "[About {% data variables.product.prodname_secret_scanning %} for partner patterns](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-for-partner-patterns)."
+{% data variables.product.prodname_dotcom %} partners with many providers to automatically detect when secrets are committed to or stored in your public repositories, and will notify the provider so they can take appropriate actions to ensure your account remains secure. For more information, see "[About {% data variables.product.prodname_secret_scanning_partner_alerts %}](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-partners)."
 {% endif %}
 
 {% ifversion fpt %}
-{% data reusables.secret-scanning.fpt-GHAS-scans %}
+You can can enable and configure additional scanning that will alert you about accidentally leaked secrets on {% data variables.product.product_name %} if you own:
+   - public repositories on {% data variables.product.prodname_dotcom_the_website %}.
+   - an organization using {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_advanced_security %}. {% data variables.product.prodname_secret_scanning_caps %} will also analyze your private repositories.
+
 {% elsif ghec %}
-If your organization uses {% data variables.product.prodname_GH_advanced_security %}, you can enable {% data variables.product.prodname_secret_scanning_GHAS %} on any repository owned by the organization. You can also define custom patterns to detect additional secrets at the repository, organization, or enterprise level. For more information, see "[About {% data variables.product.prodname_secret_scanning_GHAS %}](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-for-advacned-security)."
+Additionally, if your organization uses {% data variables.product.prodname_GH_advanced_security %}, you can enable {% data variables.product.prodname_secret_scanning_user_alerts %} on any repository owned by the organization, including private repositories. You can also define custom patterns to detect additional secrets at the repository, organization, or enterprise level. For more information, see "[About {% data variables.product.prodname_secret_scanning_user_alerts %}](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users)."
 {% else %}
 You can configure {% data variables.product.prodname_secret_scanning %} to check for secrets issued by many service providers and to notify you when any are detected. You can also define custom patterns to detect additional secrets at the repository, organization, or enterprise level. For more information, see "[About secret scanning](/code-security/secret-scanning/about-secret-scanning)" and "[Secret scanning patterns](/code-security/secret-scanning/secret-scanning-patterns)."
 {% endif %}

content/get-started/learning-about-github/about-github-advanced-security.md

@@ -26,7 +26,7 @@ A {% data variables.product.prodname_GH_advanced_security %} license provides th
 
 - **{% data variables.product.prodname_code_scanning_capc %}** - Search for potential security vulnerabilities and coding errors in your code. For more information, see "[About {% data variables.product.prodname_code_scanning %}](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning)."
 
-- **{% data variables.product.prodname_secret_scanning_caps %}** - Detect secrets, for example keys and tokens, that have been checked into the repository.{% ifversion secret-scanning-push-protection %} If push protection is enabled, also detects secrets when they are pushed to your repository. For more information, see "[About {% data variables.product.prodname_secret_scanning %}](/code-security/secret-scanning/about-secret-scanning)" and "[Protecting pushes with {% data variables.product.prodname_secret_scanning %}](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)."{% else %} For more information, see "[About {% data variables.product.prodname_secret_scanning %}](/code-security/secret-scanning/about-secret-scanning)."{% endif %}
+- **{% data variables.product.prodname_secret_scanning_caps %}** - Detect secrets, for example keys and tokens, that have been checked into {% ifversion fpt %} private repositories{% else %} the repository{% endif %}. {% ifversion fpt%}{% data variables.product.prodname_secret_scanning_user_alerts_caps %} and {% data variables.product.prodname_secret_scanning_partner_alerts %} are available and free of charge for public repositories on {% data variables.product.prodname_dotcom_the_website %}.{% endif %}{% ifversion secret-scanning-push-protection %} If push protection is enabled, also detects secrets when they are pushed to your repository. For more information, see "[About {% data variables.product.prodname_secret_scanning %}](/code-security/secret-scanning/about-secret-scanning)" and "[Protecting pushes with {% data variables.product.prodname_secret_scanning %}](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)."{% else %} For more information, see "[About {% data variables.product.prodname_secret_scanning %}](/code-security/secret-scanning/about-secret-scanning)."{% endif %}
 
 - **Dependency review** - Show the full impact of changes to dependencies and see details of any vulnerable versions before you merge a pull request. For more information, see "[About dependency review](/code-security/supply-chain-security/about-dependency-review)."
 
@@ -41,7 +41,7 @@ The table below summarizes the availability of {% data variables.product.prodnam
 |                   | Public repository           | Private repository without {% data variables.product.prodname_advanced_security %} | Private repository with {% data variables.product.prodname_advanced_security %} |
 | :-----------------: | :---------------------------: | :--------------------------------------------: | :-----------------------------------------: |
 | Code scanning     | Yes                         | No                                           | Yes                                        |
-| Secret scanning   | Yes **(limited functionality only)** | No                                           | Yes                                       |
+| Secret scanning   | Yes  | No                                           | Yes                                       |
 | Dependency review | Yes                         | No                                           | Yes                                       |
 {% endif %}
 

content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization.md

@@ -48,7 +48,7 @@ You can enable or disable features for all repositories.
 - **{% data variables.product.prodname_dependabot_security_updates %}** - Your changes affect all repositories.
 {%- ifversion ghec %}
 - **{% data variables.product.prodname_GH_advanced_security %}** - Your changes affect only private repositories because {% data variables.product.prodname_GH_advanced_security %} and the related features are always enabled for public repositories.
-- **{% data variables.product.prodname_secret_scanning_caps %}** - Your changes affect repositories where {% data variables.product.prodname_GH_advanced_security %} is also enabled. This option controls whether or not {% data variables.product.prodname_secret_scanning_GHAS %} is enabled. {% data variables.product.prodname_secret_scanning_partner_caps %} always runs on all public repositories.
+- **{% data variables.product.prodname_secret_scanning_caps %}** - Your changes affect repositories where {% data variables.product.prodname_GH_advanced_security %} is also enabled. This option controls whether or not {% data variables.product.prodname_secret_scanning_user_alerts %} are enabled. {% data variables.product.prodname_secret_scanning_partner_alerts_caps %} always runs on all public repositories.
 {% endif %}
 
 {% endif %}

content/organizations/managing-user-access-to-your-organizations-repositories/repository-roles-for-an-organization.md

@@ -163,9 +163,9 @@ In this section, you can find the access required for security features, such as
 | [View dependency reviews](/code-security/supply-chain-security/about-dependency-review) | **✔️** | **✔️** | **✔️** | **✔️** | **✔️** |{% endif %}
 | [View {% data variables.product.prodname_code_scanning %} alerts on pull requests](/github/finding-security-vulnerabilities-and-errors-in-your-code/triaging-code-scanning-alerts-in-pull-requests) | **✔️** | **✔️** | **✔️** | **✔️** | **✔️** |
 | [List, dismiss, and delete {% data variables.product.prodname_code_scanning %} alerts](/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-code-scanning-alerts-for-your-repository) | | | **✔️** | **✔️** | **✔️** |
-| [View and dismiss {% data variables.product.prodname_secret_scanning %} alerts in a repository](/github/administering-a-repository/managing-alerts-from-secret-scanning) | | | **✔️**{% ifversion not ghae %}<sup>[1]</sup>{% endif %} | **✔️**{% ifversion not ghae %}<sup>[1]</sup>{% endif %} | **✔️** |{% ifversion ghes or ghae or ghec %}<!--Not available for FPT-->
-| [Resolve, revoke, or re-open {% data variables.product.prodname_secret_scanning %} alerts](/github/administering-a-repository/managing-alerts-from-secret-scanning) | | | **✔️**{% ifversion not ghae %}<sup>[1]</sup>{% endif %} | **✔️**{% ifversion not ghae %}<sup>[1]</sup>{% endif %} | **✔️** |{% endif %}{% ifversion ghes or ghae or ghec %}
-| [Designate additional people or teams to receive {% data variables.product.prodname_secret_scanning %} alerts](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts) in repositories | | | | | **✔️** |{% endif %}
+| [View and dismiss {% data variables.product.prodname_secret_scanning_alerts %} in a repository](/github/administering-a-repository/managing-alerts-from-secret-scanning) | | | **✔️**{% ifversion not ghae %}<sup>[1]</sup>{% endif %} | **✔️**{% ifversion not ghae %}<sup>[1]</sup>{% endif %} | **✔️** |{% ifversion ghes or ghae or ghec %}<!--Not available for FPT-->
+| [Resolve, revoke, or re-open {% data variables.product.prodname_secret_scanning_alerts %}](/github/administering-a-repository/managing-alerts-from-secret-scanning) | | | **✔️**{% ifversion not ghae %}<sup>[1]</sup>{% endif %} | **✔️**{% ifversion not ghae %}<sup>[1]</sup>{% endif %} | **✔️** |{% endif %}{% ifversion ghes or ghae or ghec %}
+| [Designate additional people or teams to receive {% data variables.product.prodname_secret_scanning_alerts %}](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository#granting-access-to-security-alerts) in repositories | | | | | **✔️** |{% endif %}
 
 [1] Repository writers and maintainers can only see alert information for their own commits.
 

content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository.md

@@ -27,7 +27,7 @@ shortTitle: Security & analysis
 {% ifversion fpt or ghec %}
 ## Enabling or disabling security and analysis features for public repositories
 
-You can manage a subset of security and analysis features for public repositories. Other features are permanently enabled, including dependency graph and secret scanning.
+You can manage a subset of security and analysis features for public repositories. Other features are permanently enabled, including dependency graph and {% data variables.product.prodname_secret_scanning_partner_alerts %}.
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
@@ -56,7 +56,7 @@ You can manage the security and analysis features for your {% ifversion fpt or g
   {% ifversion not fpt %}
   {% note %}
 
-  **Note:** If you disable {% data variables.product.prodname_GH_advanced_security %}, {% ifversion ghec %}dependency review, {% endif %}{% data variables.product.prodname_secret_scanning %} and {% data variables.product.prodname_code_scanning %} are disabled. Any workflows, SARIF uploads, or API calls for {% data variables.product.prodname_code_scanning %} will fail.
+  **Note:** If you disable {% data variables.product.prodname_GH_advanced_security %}, {% ifversion ghec %}dependency review, {% endif %}{% data variables.product.prodname_secret_scanning_user_alerts %} and {% data variables.product.prodname_code_scanning %} are disabled. Any workflows, SARIF uploads, or API calls for {% data variables.product.prodname_code_scanning %} will fail.
   {% endnote %}{% endif %}
 
   {% endif %}
@@ -72,14 +72,14 @@ Security alerts for a repository are visible to people with admin access to the
 
 {% note %}
 
-Organization owners and repository administrators can only grant access to view security alerts, such as {% data variables.product.prodname_secret_scanning %} alerts, to people or teams who have write access to the repo.
+Organization owners and repository administrators can only grant access to view security alerts, such as {% data variables.product.prodname_secret_scanning_alerts %}, to people or teams who have write access to the repo.
 
 {% endnote %}
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.repositories.navigate-to-code-security-and-analysis %}
-4. Under "Access to alerts", in the search field, start typing the name of the person or team you'd like to find, then click a name in the list of matches.
+1. Under "Access to alerts", in the search field, start typing the name of the person or team you'd like to find, then click a name in the list of matches.
    {% ifversion fpt or ghec or ghes %}
    ![Search field for granting people or teams access to security alerts](/assets/images/help/repository/security-and-analysis-security-alerts-person-or-team-search.png)
    {% endif %}
@@ -88,7 +88,7 @@ Organization owners and repository administrators can only grant access to view
    ![Search field for granting people or teams access to security alerts](/assets/images/enterprise/github-ae/repository/security-and-analysis-security-alerts-person-or-team-search-ghae.png)
    {% endif %}
    
-5. Click **Save changes**.
+2. Click **Save changes**.
    {% ifversion fpt or ghes or ghec %}
    !["Save changes" button for changes to security alert settings](/assets/images/help/repository/security-and-analysis-security-alerts-save-changes.png)
    {% endif %}

content/rest/secret-scanning.md

@@ -2,6 +2,7 @@
 title: Secret scanning
 intro: Use the Secret scanning API to retrieve and update secret alerts from a repository.
 versions:
+  fpt: '*'
   ghes: '*'
   ghae: '*'
   ghec: '*'
@@ -19,6 +20,6 @@ redirect_from:
 The {% data variables.product.prodname_secret_scanning %} API lets you:
 
 - Enable or disable {% data variables.product.prodname_secret_scanning %}{% ifversion secret-scanning-push-protection %} and push protection{% endif %} for a repository. For more information, see "[Repositories](/rest/repos/repos#update-a-repository)" and expand the "Properties of the `security_and_analysis` object" section in the REST API documentation.
-- Retrieve and update {% data variables.product.prodname_secret_scanning_GHAS %} alerts from a repository. For further details, see the sections below.
+- Retrieve and update {% data variables.product.prodname_secret_scanning_alerts %} from a repository. For further details, see the sections below.
 
 For more information about {% data variables.product.prodname_secret_scanning %}, see "[About {% data variables.product.prodname_secret_scanning %}](/code-security/secret-security/about-secret-scanning)."

data/features/secret-scanning-alert-audit-log.yml

@@ -1,6 +1,7 @@
 # Reference: #7046.
 # Documentation for new audit log events for alerts for secret scanning.
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>=3.6'
   ghae: '>= 3.6'

data/features/secret-scanning-dismissal-comment.yml

@@ -1,6 +1,7 @@
 # Reference: #7524.
 # Documentation for allowing users to add a comment when dismissing a secret scanning alert.
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>=3.8'
   ghae: '>=3.8'

data/features/secret-scanning-enterprise-level-api.yml

@@ -1,6 +1,7 @@
 # Reference: #7526.
 # Secret scanning: Enable at Enterprise level with REST API
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>=3.8'
   ghae: '>=3.8'

data/features/secret-scanning-partner-documentation-link-UI.yml

@@ -0,0 +1,7 @@
+# Reference: issue  #8552
+# Adding link to partner documentation in the secret scanning alert, so secret can be revoked.
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>= 3.8'
+  ghae: '>= 3.8'

data/features/secret-scanning-push-protection-custom-patterns.yml

@@ -0,0 +1,6 @@
+# Reference: #8542
+# Secret scanning: Push protection for custom patterns
+versions:
+  ghec: '*'
+  ghes: '>=3.9'
+  ghae: '>=3.9'

data/features/secret-scanning-store-tokens.yml

@@ -1,5 +1,6 @@
 # Issue 8348
 # Secret Scanning - Persist detected secrets in encrypted storage
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>=3.8'

data/learning-tracks/code-security.yml

@@ -61,16 +61,16 @@ dependency_version_updates:
     - /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates
     - /code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors
 
-# Feature available in GHEC, GHES 3.0 up, and GHAE. Feature limited on FPT so hidden there.
+# Feature available in GHEC, GHES 3.0 up, and GHAE. Feature limited on FPT.
 secret_scanning:
   title: 'Scan for secrets'
   description: 'Set up secret scanning to guard against accidental check-ins of tokens, passwords, and other secrets to your repository.'
   guides:
-    - '{% ifversion not fpt %}/code-security/secret-scanning/about-secret-scanning{% endif %}'
-    - '{% ifversion not fpt %}/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories{% endif %}'
+    - '/code-security/secret-scanning/about-secret-scanning'
+    - '/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories'
     - '{% ifversion not fpt %}/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning{% endif %}'
-    - '{% ifversion not fpt %}/code-security/secret-scanning/managing-alerts-from-secret-scanning{% endif %}'
-    - '{% ifversion not fpt %}/code-security/secret-scanning/secret-scanning-patterns{% endif %}'
+    - '/code-security/secret-scanning/managing-alerts-from-secret-scanning'
+    - '/code-security/secret-scanning/secret-scanning-patterns'
     - '{% ifversion secret-scanning-push-protection %}/code-security/secret-scanning/protecting-pushes-with-secret-scanning{% endif %}'
     - '{% ifversion secret-scanning-push-protection %}/code-security/secret-scanning/pushing-a-branch-blocked-by-push-protection{% endif %}'
 

data/reusables/advanced-security/more-info-ghas-secret-scanning.md

@@ -0,0 +1 @@
+For more information, see {% ifversion fpt or ghec %}"[About {% data variables.product.prodname_secret_scanning_user_alerts %}](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-alerts-for-users)"{% elsif ghes %}"[About {% data variables.product.prodname_secret_scanning_user_alerts %} on {% data variables.product.product_name %}](/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-on-github-enterprise-server)"{% endif %} and "[About {% data variables.product.prodname_GH_advanced_security %}](/github/getting-started-with-github/about-github-advanced-security)."

data/reusables/advanced-security/secret-scanning-enable-push-protection-custom-pattern.md

@@ -0,0 +1,11 @@
+1. Optionally, to enable push protection for your custom pattern, click **Enable**.
+
+   {% note %}
+
+   **Note:**
+   - Push protection for custom patterns will only apply to repositories that have {% data variables.product.prodname_secret_scanning %} as push protection enabled. For more information about enabling push protection, see "[Protecting pushes with secret scanning](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)."
+   - Enabling push protection for commonly found custom patterns can be disruptive to contributors.
+
+   {% endnote %}
+
+   ![Screenshot of custom pattern page with the button to enable push protection emphasized](/assets/images/help/repository/secret-scanning-custom-pattern-enable-push-protection.png)

data/reusables/gated-features/secret-scanning-partner.md

@@ -1,13 +0,0 @@
-{%- ifversion fpt %}
-{% data variables.product.prodname_secret_scanning_partner_caps %} is automatically run on public repositories in all products on {% data variables.product.prodname_dotcom_the_website %}. {% data variables.product.prodname_secret_scanning_GHAS_caps %} is available for repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_advanced_security %}.
-
-{%- elsif ghec %}
-{% data variables.product.prodname_secret_scanning_partner_caps %} is automatically run on all public repositories. If you have a license for {% data variables.product.prodname_GH_advanced_security %}, you can enable and configure {% data variables.product.prodname_secret_scanning_GHAS %} for any repository owned by an organization.
-
-{%- elsif ghes %}
-{% data variables.product.prodname_secret_scanning_caps %} is available for organization-owned repositories in {% data variables.product.product_name %} if your enterprise has a license for {% data variables.product.prodname_GH_advanced_security %}.
-
-{%- elsif ghae %}
-{% data variables.product.prodname_secret_scanning_caps %} is available for organization-owned repositories in {% data variables.product.product_name %}. This is a {% data variables.product.prodname_GH_advanced_security %} feature (free during the beta release).
-
-{%- endif %} {% ifversion not ghae %}{% data reusables.advanced-security.more-info-ghas %}{% endif %}

data/reusables/gated-features/secret-scanning.md

@@ -1,9 +1,13 @@
-<!--This reusable describes the GHAS secret scanning feature. For a reusable that also covers the free secret scanning for public repositories on GitHub.com, use `secret-scanning-partner.md`  -->
+{%- ifversion fpt %}
+{% data variables.product.prodname_secret_scanning_partner_alerts_caps %} run automatically on public repositories in all products on {% data variables.product.prodname_dotcom_the_website %}. {% data variables.product.prodname_secret_scanning_user_alerts_caps %} are available for public repositories, as well as repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_advanced_security %}.
 
-{%- ifversion ghec or ghes %}
-{% data variables.product.prodname_secret_scanning_GHAS_caps %} is available for organization-owned repositories in {% data variables.product.product_name %} if your enterprise has a license for {% data variables.product.prodname_GH_advanced_security %}.
+{%- elsif ghec %}
+{% data variables.product.prodname_secret_scanning_partner_alerts_caps %} run automatically on all public repositories. If you have a license for {% data variables.product.prodname_GH_advanced_security %}, you can enable and configure {% data variables.product.prodname_secret_scanning_user_alerts %} for any repository owned by an organization.
+
+{%- elsif ghes %}
+{% data variables.product.prodname_secret_scanning_caps %} is available for organization-owned repositories in {% data variables.product.product_name %} if your enterprise has a license for {% data variables.product.prodname_GH_advanced_security %}.
 
 {%- elsif ghae %}
 {% data variables.product.prodname_secret_scanning_caps %} is available for organization-owned repositories in {% data variables.product.product_name %}. This is a {% data variables.product.prodname_GH_advanced_security %} feature (free during the beta release).
 
-{%- endif %} {% ifversion not ghae %}{% data reusables.advanced-security.more-info-ghas %}{% endif %}
+{%- endif %} {% ifversion not ghae %}{% data reusables.advanced-security.more-info-ghas-secret-scanning %}{% endif %}

data/reusables/gated-features/security-overview.md

@@ -1,7 +1,7 @@
 {% ifversion fpt %}
 The security overview is available for organizations that use {% data variables.product.prodname_enterprise %}. For more information, see "[GitHub's products](/articles/githubs-products)."
 {% elsif security-overview-displayed-alerts %}
-All organizations and enterprises have a security overview. If you use {% data variables.product.prodname_GH_advanced_security %}{% ifversion ghae %}, which is free during the beta release,{% endif %} you will see additional information. {% data reusables.advanced-security.more-info-ghas %}
+All organizations and enterprises have a security overview. If you use {% data variables.product.prodname_GH_advanced_security %} features{% ifversion ghae %}, which are free during the beta release,{% elsif ghec %}, which are free for public repositories,{% endif %} you will see additional information. {% data reusables.advanced-security.more-info-ghas %}
 {% elsif ghes < 3.7 %}
 The security overview for your organization is available if you have a license for {% data variables.product.prodname_GH_advanced_security %}. {% data reusables.advanced-security.more-info-ghas %}
 {% elsif ghae %}

data/reusables/secret-scanning/fpt-GHAS-scans.md

@@ -1 +0,0 @@
-**Note:** Organizations using {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_GH_advanced_security %} can also enable {% data variables.product.prodname_secret_scanning_GHAS %} on any repository they own, including private repositories. For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/secret-security/about-secret-scanning#about-secret-scanning-for-advanced-security).

data/reusables/secret-scanning/secret-scanning-alerts-beta.md

@@ -0,0 +1,8 @@
+{% ifversion fpt %}
+
+{% note %}
+
+**Note:** The {% data variables.product.prodname_secret_scanning_user_alerts %} feature is available as a beta for users on {% data variables.product.prodname_free_user %}, {% data variables.product.prodname_pro %}, or {% data variables.product.prodname_team %} plans and is subject to change.
+
+{% endnote %}
+{% endif %}

data/variables/product.yml

@@ -185,14 +185,13 @@ prodname_advisory_database: 'GitHub Advisory Database'
 # Secret scanning
 prodname_secret_scanning: 'secret scanning' # Overall feature name and name for GHES and GHAE
 prodname_secret_scanning_caps: 'Secret scanning'
-prodname_secret_scanning_partner: 'secret scanning for partner patterns' # GitHub.com feature for public repos only
-prodname_secret_scanning_partner_caps: 'Secret scanning for partner patterns'
-prodname_secret_scanning_GHAS:
-  >- # Includes GitHub.com name for GHAS licenced feature
-  {% ifversion fpt or ghec %}secret scanning for advanced security{% else %}secret scanning{% endif %}
-prodname_secret_scanning_GHAS_caps: >-
-  {% ifversion fpt or ghec %}Secret scanning for advanced security{% else %}Secret scanning{% endif %}
-
+prodname_secret_scanning_partner_alerts: 'secret scanning alerts for partners' # GitHub.com feature for public repos only
+prodname_secret_scanning_partner_alerts_caps: 'Secret scanning alerts for partners'
+prodname_secret_scanning_user_alerts: >-
+  {% ifversion fpt or ghec %}secret scanning alerts for users{% else %}secret scanning{% endif %}
+prodname_secret_scanning_user_alerts_caps: >-
+  {% ifversion fpt or ghec %}Secret scanning alerts for users{% else %}Secret scanning{% endif %}
+prodname_secret_scanning_alerts: 'secret scanning alerts'
 # Code scanning
 prodname_code_scanning: 'code scanning'
 prodname_code_scanning_capc: 'Code scanning'

lib/rest/index.js

@@ -143,12 +143,6 @@ export async function getEnabledForApps(docsVersion, apiVersion) {
     // The `readCompressedJsonFileFallback()` function
     // will check for both a .br and .json extension.
     Object.assign(enabledForApps, readCompressedJsonFileFallback(ENABLED_APPS_FILENAME))
-
-    // One off edge case where secret-scanning should be removed from FPT. Docs Content #6637
-    // api.github.com will always be API calendar date versioned which is why we add the apiVersion
-    if (docsVersion.includes('api.github.com')) {
-      delete enabledForApps[`${docsVersion}.${apiVersion}`]['secret-scanning']
-    }
   }
   const openApiVersion = getOpenApiVersion(docsVersion) + (apiVersion ? `.${apiVersion}` : '')
 

script/rest/test-open-api-schema.js

@@ -27,13 +27,6 @@ export async function getDiffOpenAPIContentRest() {
   // Create categories/subcategories from OpenAPI Schemas
   const openAPISchemaCheck = await createOpenAPISchemasCheck()
 
-  // One off edge case for secret-scanning Docs-content issue 6637
-  const fptApiVersions = getOnlyApiVersions('free-pro-team@latest')
-
-  fptApiVersions.forEach((fptApiVersion) => {
-    delete openAPISchemaCheck[fptApiVersion]['secret-scanning']
-  })
-
   // Get Differences between categories/subcategories from dereferenced schemas and the content/rest directory frontmatter versions
   const differences = getDifferences(openAPISchemaCheck, checkContentDir)
   const errorMessages = {}

tests/fixtures/versionless-redirects.txt

@@ -408,21 +408,10 @@
 
 # FPT versioning for these files was removed as part of github/docs-content#5642
 
-/enterprise-cloud@latest/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories
-- /github/administering-a-repository/configuring-secret-scanning-for-private-repositories
-- /github/administering-a-repository/configuring-secret-scanning-for-your-repositories
-- /code-security/secret-security/configuring-secret-scanning-for-your-repositories
-- /code-security/secret-scanning/configuring-secret-scanning-for-your-repositories
-
 /enterprise-cloud@latest/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning
 - /code-security/secret-security/defining-custom-patterns-for-secret-scanning
 - /code-security/secret-scanning/defining-custom-patterns-for-secret-scanning
 
-/enterprise-cloud@latest/code-security/secret-scanning/managing-alerts-from-secret-scanning
-- /github/administering-a-repository/managing-alerts-from-secret-scanning
-- /code-security/secret-security/managing-alerts-from-secret-scanning
-- /code-security/secret-scanning/managing-alerts-from-secret-scanning
-
 /enterprise-cloud@latest/code-security/secret-scanning/protecting-pushes-with-secret-scanning
 - /code-security/secret-scanning/protecting-pushes-with-secret-scanning
 
@@ -486,12 +475,6 @@
 - /github/setting-up-and-managing-your-enterprise/managing-use-of-advanced-security-for-organizations-in-your-enterprise-account
 - /github/setting-up-and-managing-billing-and-payments-on-github/viewing-your-github-advanced-security-usage
 
-# FPT versioning was removed.
-# Shipped in pull #26869 on 04/19/22
-
-/enterprise-cloud@latest/rest/secret-scanning
-- /rest/reference/secret-scanning
-
 /enterprise-cloud@latest/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-your-organization
 - /organizations/collaborating-with-groups-in-organizations/viewing-insights-for-your-organization
 - /articles/viewing-insights-for-your-organization

tests/rendering/server.js

@@ -47,7 +47,7 @@ describe('server', () => {
     expect(res.statusCode).toBe(200)
   })
 
-  test('renders the homepage with links to exptected products in both the sidebar and page body', async () => {
+  test('renders the homepage with links to expected products in both the sidebar and page body', async () => {
     const $ = await getDOM('/en')
     const sidebarItems = $('[data-testid=sidebar] li a').get()
     const sidebarTitles = sidebarItems.map((el) => $(el).text().trim())