complete work (hopefully)

content/code-security/secret-scanning/about-secret-scanning.md

@@ -40,7 +40,7 @@ Service providers can partner with {% data variables.product.company_short %} to
 
 {% if secret-scanning-push-protection %}
 
-You can also enable {% data variables.product.prodname_secret_scanning %} as a push protection for a repository or an organization. When this feature is enabled, {% data variables.product.prodname_secret_scanning %} prevents contributors from pushing their changes via the CLI whenever a new secret is detected in the push. To proceed, contributors must either remove the secret(s) from the push, or bypass the protection through a custom URL provided in the CLI message. The URL points to a page on {% data variables.product.product_name %} where contributors can allow their secret past the protection as a false positive, a test secret, or a real secret that they’ll fix later. For more information, see "[Protecting pushes with {% data variables.product.prodname_secret_scanning %}](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)."
+You can also enable {% data variables.product.prodname_secret_scanning %} as a push protection for a repository or an organization. When this feature is enabled, {% data variables.product.prodname_secret_scanning %} prevents contributors from pushing their changes via the CLI whenever a new secret is detected. To proceed, contributors must either remove the secret(s) from the push, or bypass the protection through a custom URL provided in a CLI message. For more information, see "[Protecting pushes with {% data variables.product.prodname_secret_scanning %}](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)."
 
 {% endif %}
 

content/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories.md

@@ -35,7 +35,10 @@ You can enable {% data variables.product.prodname_secret_scanning_GHAS %} for an
 5. Review the impact of enabling {% data variables.product.prodname_advanced_security %}, then click **Enable {% data variables.product.prodname_GH_advanced_security %} for this repository**.
 6. When you enable {% data variables.product.prodname_advanced_security %}, {% data variables.product.prodname_secret_scanning %} may automatically be enabled for the repository due to the organization's settings. If "{% data variables.product.prodname_secret_scanning_caps %}" is shown with an **Enable** button, you still need to enable {% data variables.product.prodname_secret_scanning %} by clicking **Enable**. If you see a **Disable** button, {% data variables.product.prodname_secret_scanning %} is already enabled. 
    ![Enable {% data variables.product.prodname_secret_scanning %} for your repository](/assets/images/help/repository/enable-secret-scanning-dotcom.png)
-   
+{% if secret-scanning-push-protection %}
+7. Optionally, if you want to enable push protection, click **Enable** to the right of "Push protection." {% data reusables.secret-scanning.push-protection-overview %} For more information, see "[Protecting pushes with {% data variables.product.prodname_secret_scanning %}](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)."
+   ![Enable push protection for your repository](/assets/images/help/repository/secret-scanning-enable-push-protection.png)
+{% endif %}
 {% ifversion ghae %}
 1. Before you can enable {% data variables.product.prodname_secret_scanning %}, you need to enable {% data variables.product.prodname_GH_advanced_security %} first. To the right of "{% data variables.product.prodname_GH_advanced_security %}", click **Enable**.
    ![Enable {% data variables.product.prodname_GH_advanced_security %} for your repository](/assets/images/enterprise/github-ae/repository/enable-ghas-ghae.png)

content/code-security/secret-scanning/protecting-pushes-with-secret-scanning.md

@@ -22,7 +22,7 @@ shortTitle: Push protection
 
 ## About push protection for secrets
 
-Up to now, {% data variables.product.prodname_secret_scanning %} for {% data variables.product.prodname_advanced_security %} checks for secrets _after_ a push and alerts users of exposed secrets. When you enable push protection, {% data variables.product.prodname_secret_scanning %} will also check for high-confidence secrets (those identified with a low false positive rate) and block the push. The author of the push then has the opportunity to review the detected secrets and allow those secrets to be pushed.
+Up to now, {% data variables.product.prodname_secret_scanning %} for {% data variables.product.prodname_advanced_security %} checks for secrets _after_ a push and alerts users of exposed secrets. {% data reusables.secret-scanning.push-protection-overview %}
 
 {% data variables.product.prodname_secret_scanning_caps %} as a push protection currently scans private repositories for secrets issued by the following service providers.
 

content/get-started/learning-about-github/about-github-advanced-security.md

@@ -26,7 +26,7 @@ A {% data variables.product.prodname_GH_advanced_security %} license provides th
 
 - **{% data variables.product.prodname_code_scanning_capc %}** - Search for potential security vulnerabilities and coding errors in your code. For more information, see "[About {% data variables.product.prodname_code_scanning %}](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning)."
 
-- **{% data variables.product.prodname_secret_scanning_caps %}** - Detect secrets, for example keys and tokens, that have been checked into the repository. For more information, see "[About {% data variables.product.prodname_secret_scanning %}](/code-security/secret-scanning/about-secret-scanning)."
+- **{% data variables.product.prodname_secret_scanning_caps %}** - Detect secrets, for example keys and tokens, that have been checked into the repository.{% if secret-scanning-push-protection %} If push protection is enabled, will also detect secrets _before_ they are pushed in to your repository.{% endif %}{% ifversion fpt or ghes < 3.5 or ghae %} For more information, see "[About {% data variables.product.prodname_secret_scanning %}](/code-security/secret-scanning/about-secret-scanning)."{% elsif secret-scanning-push-protection %} For more information, see "[About {% data variables.product.prodname_secret_scanning %}](/code-security/secret-scanning/about-secret-scanning)" and "[Protecting pushes with {% data variables.product.prodname_secret_scanning %}](/code-security/secret-scanning/protecting-pushes-with-secret-scanning)."{% endif %}
 
 {% ifversion fpt or ghes > 3.1 or ghec or ghae-issue-4864 %}
 - **Dependency review** - Show the full impact of changes to dependencies and see details of any vulnerable versions before you merge a pull request. For more information, see "[About dependency review](/code-security/supply-chain-security/about-dependency-review)."

data/features/secret-scanning-push-protection.yml

@@ -1,7 +1,6 @@
 # Reference: #5620.
 # Documentation for secret scanning as a push protection
 versions:
-  fpt: '*'
   ghes: '>=3.5'
   ghae: 'issue-5620'
   ghec: '*'

data/reusables/rest-reference/secret-scanning/secret-scanning.md

@@ -2,7 +2,7 @@
 
 The {% data variables.product.prodname_secret_scanning %} API lets you{% ifversion fpt or ghec or ghes > 3.1 or ghae %}:
 
-- Enable or disable {% data variables.product.prodname_secret_scanning %} for a repository. For more information, see "[Repositories](/rest/reference/repos#update-a-repository)" in the REST API documentation.
+- Enable or disable {% data variables.product.prodname_secret_scanning %}{% if secret-scanning-push-protection %} and push protection{% endif %} for a repository. For more information, see "[Repositories](/rest/reference/repos#update-a-repository)" and expand the "Properties of the `security_and_analysis` object" section in the REST API documentation.
 - Retrieve and update {% data variables.product.prodname_secret_scanning_GHAS %} alerts from a repository. For further details, see the sections below.
 {%- else %} retrieve and update {% data variables.product.prodname_secret_scanning %} alerts from a repository.{% endif %}
 

data/reusables/secret-scanning/partner-program-link.md

@@ -1,5 +1,5 @@
 {% ifversion fpt or ghec %}
 To find out about our partner program, see "[{% data variables.product.prodname_secret_scanning_caps %} partner program](/developers/overview/secret-scanning-partner-program)."
 {% else %}
-To find out about our partner program, see "[{% data variables.product.prodname_secret_scanning_caps %} partner program](/free-pro-team@latest/developers/overview/secret-scanning-partner-program)" in the {% data variables.product.prodname_ghe_cloud %} documentation
+To find out about our partner program, see "[{% data variables.product.prodname_secret_scanning_caps %} partner program](/free-pro-team@latest/developers/overview/secret-scanning-partner-program)" in the {% data variables.product.prodname_ghe_cloud %} documentation.
 {% endif %}

data/reusables/secret-scanning/push-protection-beta.md

@@ -1,5 +1,5 @@
 {% note %}
 
-**Note:** {% data variables.product.prodname_secret_scanning_caps %} as a protection push is currently in beta and subject to change. Organization owners, security managers, and repository administrators can request early access to the beta by joining the [waitlist](/TODO-add-link).
+**Note:** {% data variables.product.prodname_secret_scanning_caps %} as a protection push is currently in beta and subject to change. To request access to the beta release, [contact your account management team](https://github.com/enterprise/contact).
 
 {% endnote %}

data/reusables/secret-scanning/push-protection-overview.md

@@ -0,0 +1 @@
+When you enable push protection, {% data variables.product.prodname_secret_scanning %} will also check for high-confidence secrets (those identified with a low false positive rate) and block the push. The author of the push then has the opportunity to review the detected secrets and allow those secrets to be pushed.