From 5cf248470b5e0e70a47776a3e06ba3c5584d2ee7 Mon Sep 17 00:00:00 2001 From: John Clement <70238417+jclement136@users.noreply.github.com> Date: Mon, 23 Feb 2026 18:29:38 -0500 Subject: [PATCH 1/9] [EDI] Viewing and filtering alerts from secret scanning (#59342) --- .../concepts/secret-security/about-alerts.md | 68 +++++++++++---- .../viewing-alerts.md | 82 +++---------------- 2 files changed, 63 insertions(+), 87 deletions(-) diff --git a/content/code-security/concepts/secret-security/about-alerts.md b/content/code-security/concepts/secret-security/about-alerts.md index fa0666477c11..c82f319c56dc 100644 --- a/content/code-security/concepts/secret-security/about-alerts.md +++ b/content/code-security/concepts/secret-security/about-alerts.md @@ -25,45 +25,83 @@ contentType: concepts ## About {% ifversion fpt or ghec %}user alerts {% else %}{% data variables.secret-scanning.alerts %}{% endif %} -When {% data variables.product.company_short %} detects a supported secret in a repository that has {% data variables.product.prodname_secret_scanning %} enabled, a {% ifversion fpt or ghec %}user {% else %}{% data variables.product.prodname_secret_scanning %}{% endif %} alert is generated and displayed in the **Security** tab of the repository. +{% data reusables.secret-scanning.secret-scanning-about-alerts %} {% data reusables.secret-scanning.repository-alert-location %} -{% ifversion fpt or ghec %}User {% else %}{% data variables.product.prodname_secret_scanning_caps %} {% endif %}alerts can be of the following types: +To help you triage alerts more effectively, {% data variables.product.company_short %} separates alerts into two lists: -* {% ifversion secret-scanning-alert-experimental-list %}Default{% else %}High confidence{% endif %} alerts, which relate to supported patterns and specified custom patterns. -* {% ifversion secret-scanning-generic-tab %}Generic{% elsif ghes = 3.16 %}Experimental{% else %}Other{% endif %} alerts, which can have a higher ratio of false positives or secrets used in tests. +{% ifversion secret-scanning-alert-experimental-list %} +* **Default** alerts{% ifversion secret-scanning-generic-tab %} +* **Generic** alerts{% elsif ghes = 3.16 %} +* **Experimental** alerts{% endif %} -{% data variables.product.prodname_dotcom %} displays {% ifversion secret-scanning-generic-tab %}generic{% elsif ghes = 3.16 %}experimental{% else %}these "other"{% endif %} alerts in a different list to {% ifversion secret-scanning-alert-experimental-list %}default{% else %}high confidence{% endif %} alerts, making triaging a better experience for users. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts). +{% ifversion ghes = 3.16 %} +![Screenshot of the {% data variables.product.prodname_secret_scanning %} alert view. The button to toggle between "Default" and "Experimental" alerts is highlighted with an orange outline.](/assets/images/enterprise/3.16/help/security/secret-scanning-default-alert-view.png) +{% endif %} + +{% else %} +* **High confidence** alerts. +* **Other** alerts. + +![Screenshot of the {% data variables.product.prodname_secret_scanning %} alert view. The button to toggle between "High confidence" and "Other" alerts is highlighted with an orange outline.](/assets/images/help/security/secret-scanning-high-confidence-alert-view.png) + +{% endif %} + +{% ifversion secret-scanning-alert-experimental-list %} + +### Default alerts list + +The default alerts list displays alerts that relate to supported patterns and specified custom patterns. This is the main view for alerts. + +### {% ifversion secret-scanning-generic-tab %}Generic{% elsif ghes = 3.16 %}Experimental{% endif %} alerts list + +The {% ifversion secret-scanning-generic-tab %}generic{% elsif ghes = 3.16 %}experimental{% endif %} alerts list displays alerts that relate to non-provider patterns (such as private keys){% ifversion secret-scanning-ai-generic-secret-detection %}, or generic secrets detected using AI (such as passwords){% endif %}. These types of alerts can have a higher rate of false positives or secrets used in tests. You can toggle to the {% ifversion secret-scanning-generic-tab %}generic{% elsif ghes = 3.16 %}experimental{% endif %} alerts list from the default alerts list. + +{% data variables.product.github %} will continue to release new patterns and secret types to the {% ifversion secret-scanning-generic-tab %}generic{% elsif ghes = 3.16 %}experimental{% endif %} alerts list and will promote them to the default list when feature-complete (that is, when they have an appropriately low volume and false positive rate). + +{% else %} + +### High confidence alerts list + +The "High confidence" alerts list displays alerts that relate to supported patterns and specified custom patterns. This list is always the default view for the alerts page. + +### Other alerts list + +The "Other" alerts list displays alerts that relate to non-provider patterns (such as private keys){% ifversion secret-scanning-ai-generic-secret-detection %}, or generic secrets detected using AI (such as passwords){% endif %}. These types of alerts have a higher rate of false positives. + +{% endif %} + +In addition, alerts that fall into this category: +* Are limited in quantity to 5000 alerts per repository (this includes open and closed alerts). +* Are not shown in the summary views for security overview, only in the "{% data variables.product.prodname_secret_scanning_caps %}" view. +* Only have the first five detected locations shown on {% data variables.product.prodname_dotcom %} for non-provider patterns{% ifversion secret-scanning-ai-generic-secret-detection %}, and only the first detected location shown for AI-detected generic secrets{% endif %}. + +For {% data variables.product.company_short %} to scan for non-provider patterns{% ifversion secret-scanning-ai-generic-secret-detection %} and generic secrets{% endif %}, you must first enable the feature{% ifversion secret-scanning-ai-generic-secret-detection %}s{% endif %} for your repository or organization. For more information, see [AUTOTITLE](/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-secret-scanning-for-non-provider-patterns){% ifversion secret-scanning-ai-generic-secret-detection %} and [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/enabling-ai-powered-generic-secret-detection){% endif %}. {% data reusables.secret-scanning.secret-scanning-pattern-pair-matches %} ## About push protection alerts -Push protection scans pushes for supported secrets. If push protection detects a supported secret, it will block the push. When a contributor bypasses push protection to push a secret to the repository, a push protection alert is generated and displayed in the **Security** tab of the repository. To see all push protection alerts for a repository, you must filter by `bypassed: true` on the alerts page. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts#filtering-alerts). +Push protection scans pushes for supported secrets. If push protection detects a supported secret, it will block the push. When a contributor bypasses push protection to push a secret to the repository, a push protection alert is generated and displayed in the **Security** tab of the repository. To see all push protection alerts for a repository, you must filter by `bypassed: true` on the alerts page. For more information, see [AUTOTITLE](/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/viewing-alerts#filtering-alerts). {% data reusables.secret-scanning.secret-scanning-pattern-pair-matches %} >[!NOTE] > {% ifversion secret-scanning-push-protection-for-users %}You can also enable push protection for your personal account, called "push protection for users", which prevents you from accidentally pushing supported secrets to _any_ public repository. Alerts are _not_ created if you choose to bypass your user-based push protection only. Alerts are only created if the repository itself has push protection enabled. For more information, see [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users).{% endif %} > -> {% data reusables.secret-scanning.push-protection-older-tokens %} For more information about push protection limitations, see [AUTOTITLE](/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/troubleshooting-secret-scanning#push-protection-and-pattern-versions). +> {% data reusables.secret-scanning.push-protection-older-tokens %} For more information about push protection limitations, see [AUTOTITLE](/code-security/how-tos/secure-your-secrets/troubleshooting-secret-scanning#push-protection-and-pattern-versions). {% ifversion fpt or ghec %} ## About partner alerts -When {% data variables.product.company_short %} detects a leaked secret in a public repository or npm package, an alert is sent directly to the secret provider, if they are part of {% data variables.product.company_short %}'s secret scanning partner program. For more information about {% data variables.secret-scanning.partner_alerts %}, see [AUTOTITLE](/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program) and [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns). +When {% data variables.product.company_short %} detects a leaked secret in a public repository or npm package, an alert is sent directly to the secret provider, if they are part of {% data variables.product.company_short %}'s secret scanning partner program. For more information about {% data variables.secret-scanning.partner_alerts %}, see [AUTOTITLE](/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program) and [AUTOTITLE](/code-security/reference/secret-security/supported-secret-scanning-patterns). Partner alerts are not sent to repository administrators, so you do not need to take any action for this type of alert. {% endif %} -## Next steps - -* [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts) ## Further reading -* [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns) -* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning) -* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns){% ifversion secret-scanning-ai-generic-secret-detection %} -* [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets){% endif %} +* [AUTOTITLE](/code-security/reference/secret-security/supported-secret-scanning-patterns) +* [AUTOTITLE](/code-security/how-tos/secure-your-secrets/detect-secret-leaks/enabling-secret-scanning-for-non-provider-patterns) diff --git a/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/viewing-alerts.md b/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/viewing-alerts.md index edcbea0d2dd8..5bfb4d02f352 100644 --- a/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/viewing-alerts.md +++ b/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/viewing-alerts.md @@ -18,69 +18,7 @@ redirect_from: - /code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts --- -## About the {% data variables.product.prodname_secret_scanning %} alerts page - -{% data reusables.secret-scanning.secret-scanning-about-alerts %} {% data reusables.secret-scanning.repository-alert-location %} - -To help you triage alerts more effectively, {% data variables.product.company_short %} separates alerts into two lists: - -{% ifversion secret-scanning-alert-experimental-list %} -* **Default** alerts{% ifversion secret-scanning-generic-tab %} -* **Generic** alerts{% elsif ghes = 3.16 %} -* **Experimental** alerts{% endif %} - -{% ifversion ghes = 3.16 %} - -{% ifversion secret-scanning-alert-experimental-list-toggle %} -![Screenshot of the {% data variables.product.prodname_secret_scanning %} alert view. The button to toggle between "Default" and "Experimental" alerts is highlighted with an orange outline.](/assets/images/enterprise/3.16/help/security/secret-scanning-default-alert-view.png) -{% else %} -![Screenshot of the {% data variables.product.prodname_secret_scanning %} alert view. The sidebar menu items for "Default" and "Experimental" alerts are highlighted with an orange outline.](/assets/images/help/security/secret-scanning-default-alert-view.png) -{% endif %} - -{% endif %} - -{% else %} -* **High confidence** alerts. -* **Other** alerts. - -![Screenshot of the {% data variables.product.prodname_secret_scanning %} alert view. The button to toggle between "High confidence" and "Other" alerts is highlighted with an orange outline.](/assets/images/help/security/secret-scanning-high-confidence-alert-view.png) - -{% endif %} - -{% ifversion secret-scanning-alert-experimental-list %} - -### Default alerts list - -The default alerts list displays alerts that relate to supported patterns and specified custom patterns. This is the main view for alerts. - -### {% ifversion secret-scanning-generic-tab %}Generic{% elsif ghes = 3.16 %}Experimental{% endif %} alerts list - -The {% ifversion secret-scanning-generic-tab %}generic{% elsif ghes = 3.16 %}experimental{% endif %} alerts list displays alerts that relate to non-provider patterns (such as private keys){% ifversion secret-scanning-ai-generic-secret-detection %}, or generic secrets detected using AI (such as passwords){% endif %}. These types of alerts can have a higher rate of false positives or secrets used in tests. You can toggle to the {% ifversion secret-scanning-generic-tab %}generic{% elsif ghes = 3.16 %}experimental{% endif %} alerts list from the default alerts list. - -{% else %} - -### High confidence alerts list - -The "High confidence" alerts list displays alerts that relate to supported patterns and specified custom patterns. This list is always the default view for the alerts page. - -### Other alerts list - -The "Other" alerts list displays alerts that relate to non-provider patterns (such as private keys){% ifversion secret-scanning-ai-generic-secret-detection %}, or generic secrets detected using AI (such as passwords){% endif %}. These types of alerts have a higher rate of false positives. - -{% endif %} - -In addition, alerts that fall into this category: -* Are limited in quantity to 5000 alerts per repository (this includes open and closed alerts). -* Are not shown in the summary views for security overview, only in the "{% data variables.product.prodname_secret_scanning_caps %}" view. -* Only have the first five detected locations shown on {% data variables.product.prodname_dotcom %} for non-provider patterns{% ifversion secret-scanning-ai-generic-secret-detection %}, and only the first detected location shown for AI-detected generic secrets{% endif %}. - -For {% data variables.product.company_short %} to scan for non-provider patterns{% ifversion secret-scanning-ai-generic-secret-detection %} and generic secrets{% endif %}, you must first enable the feature{% ifversion secret-scanning-ai-generic-secret-detection %}s{% endif %} for your repository or organization. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns){% ifversion secret-scanning-ai-generic-secret-detection %} and [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/enabling-ai-powered-generic-secret-detection){% endif %}. - -{% ifversion secret-scanning-alert-experimental-list %} - -{% data variables.product.github %} will continue to release new patterns and secret types to the {% ifversion secret-scanning-generic-tab %}generic{% elsif ghes = 3.16 %}experimental{% endif %} alerts list and will promote them to the default list when feature-complete (e.g. when they have an appropriately low volume and false positive rate). - -{% endif %} +You can find and filter {% data variables.secret-scanning.user_alerts %} through your repository's **Security** tab. To learn more about alerts and the different types you may encounter, see [AUTOTITLE](/code-security/concepts/secret-security/about-alerts). ## Viewing alerts @@ -105,28 +43,28 @@ You can apply various filters to the alerts list to help you find the alerts you |Qualifier|Description| |---------|-----------| -|`bypassed`|Display alerts for secrets where push protection has been bypassed (`true`). For more information, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).| +|`bypassed`|Display alerts for secrets where push protection has been bypassed (`true`). For more information, see [AUTOTITLE](/code-security/concepts/secret-security/about-push-protection).| |{% ifversion ghes < 3.16 %}| -|`confidence`|Display alerts for high-confidence secrets which relate to supported secrets and custom patterns (`high`), or non-provider patterns such as private keys (`other`). See [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns).| +|`confidence`|Display alerts for high-confidence secrets which relate to supported secrets and custom patterns (`high`), or non-provider patterns such as private keys (`other`). See [AUTOTITLE](/code-security/reference/secret-security/supported-secret-scanning-patterns).| |{% endif %}| |`is`|Display alerts that are open (`open`){% ifversion ghes < 3.17 %} or closed (`closed`){% else %}, closed (`closed`), found in a public repository (`publicly-leaked`), or found in more than one repository within the same organization or enterprise (`multi-repository`){% endif %}.| |`props`|Display alerts for repositories with a specific custom property (`CUSTOM_PROPERTY_NAME`) set. For example, `props:data_sensitivity:high` display results for repositories with the `data_sensitivity` property set to the value `high`. | -|`provider`|Display alerts for a specific provider (`PROVIDER-NAME`), for example, `provider:github`. For a list of supported partners, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets).| +|`provider`|Display alerts for a specific provider (`PROVIDER-NAME`), for example, `provider:github`. For a list of supported partners, see [AUTOTITLE](/code-security/reference/secret-security/supported-secret-scanning-patterns#supported-secrets).| |`repo`|Display alerts detected in a specified repository (`REPOSITORY-NAME`), for example: `repo:octo-repository`.| |`resolution`|Display alerts closed as "false positive" (`false-positive`), "hidden by config" (`hidden-by-config`), "pattern deleted" (`pattern-deleted`), "pattern edited" (`pattern-edited`), "revoked" (`revoked`), "used in tests" (`used-in-tests`), or "won't fix" (`wont-fix`).| |{% ifversion fpt or ghec %}| -|`results`|Display alerts for supported secrets and custom patterns (`default`), or for non-provider patterns (`generic`) such as private keys, and AI-detected generic secrets such as passwords. See [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns), and for more information about AI-detected generic secrets, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).| +|`results`|Display alerts for supported secrets and custom patterns (`default`), or for non-provider patterns (`generic`) such as private keys, and AI-detected generic secrets such as passwords. See [AUTOTITLE](/code-security/reference/secret-security/supported-secret-scanning-patterns), and for more information about AI-detected generic secrets, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).| |{% elsif ghes > 3.16 %}| -|`results`|Display alerts for supported secrets and custom patterns (`default`), or non-provider patterns such as private keys (`generic`). See [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns).| +|`results`|Display alerts for supported secrets and custom patterns (`default`), or non-provider patterns such as private keys (`generic`). See [AUTOTITLE](/code-security/reference/secret-security/supported-secret-scanning-patterns).| |{% elsif ghes = 3.16 %}| -|`results`|Display alerts for supported secrets and custom patterns (`default`), or non-provider patterns such as private keys (`experimental`). See [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns).| +|`results`|Display alerts for supported secrets and custom patterns (`default`), or non-provider patterns such as private keys (`experimental`). See [AUTOTITLE](/code-security/reference/secret-security/supported-secret-scanning-patterns).| |{% endif %}| -|`secret-type`|Display alerts for a specific secret type (`SECRET-NAME`), for example, `secret-type:github_personal_access_token`. For a list of supported secret types, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secret).| +|`secret-type`|Display alerts for a specific secret type (`SECRET-NAME`), for example, `secret-type:github_personal_access_token`. For a list of supported secret types, see [AUTOTITLE](/code-security/reference/secret-security/supported-secret-scanning-patterns#supported-secrets).| |`sort`|Display alerts from newest to oldest (`created-desc`), oldest to newest (`created-asc`), most recently updated (`updated-desc`), or least recently updated (`updated-asc`).| |`team`|Display alerts owned by members of the specified team, for example: `team:octocat-dependabot-team`.| |`topic`|Display alerts with the matching repository topic, for example: `topic:asdf`.| -|`validity`|Display alerts for secrets with a specific validity (`active`, `inactive`, or `unknown`). {% ifversion fpt or ghec %}Applies only to {% data variables.product.github %} tokens unless you enable validity checks.{% endif %} For more information about validity statuses, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity).| +|`validity`|Display alerts for secrets with a specific validity (`active`, `inactive`, or `unknown`). {% ifversion fpt or ghec %}Applies only to {% data variables.product.github %} tokens unless you enable validity checks.{% endif %} For more information about validity statuses, see [AUTOTITLE](/code-security/tutorials/remediate-leaked-secrets/evaluating-alerts#checking-a-secrets-validity).| ## Next steps -* [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts) +* [AUTOTITLE](/code-security/tutorials/remediate-leaked-secrets/evaluating-alerts) From 35522a7230c5126e2391500a20c7dbe952a0c955 Mon Sep 17 00:00:00 2001 From: Steve Ward Date: Mon, 23 Feb 2026 18:45:53 -0500 Subject: [PATCH 2/9] Add bespoke landing page for Copilot CLI (#59428) Co-authored-by: SiaraMist Co-authored-by: Siara <108543037+SiaraMist@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: hubwriter --- .../concepts/agents/about-agent-skills.md | 1 + .../agents/copilot-cli/about-cli-plugins.md | 3 +- .../agents/copilot-cli/about-copilot-cli.md | 3 +- .../concepts/agents/copilot-cli/autopilot.md | 3 +- .../copilot-cli/comparing-cli-features.md | 3 +- .../how-tos/copilot-cli/cli-best-practices.md | 5 +- .../copilot-cli/cli-getting-started.md | 5 +- .../add-custom-instructions.md | 3 ++ .../create-custom-agents-for-cli.md | 5 +- .../customize-copilot/create-skills.md | 5 +- .../customize-copilot/plugins-creating.md | 5 +- .../plugins-finding-installing.md | 5 +- .../customize-copilot/plugins-marketplace.md | 5 +- .../quickstart-for-customizing.md | 3 +- .../customize-copilot/use-hooks.md | 5 +- content/copilot/how-tos/copilot-cli/index.md | 53 +++++++++++++++++-- .../configure-copilot-cli.md | 3 +- .../set-up-copilot-cli/install-copilot-cli.md | 3 +- .../how-tos/copilot-cli/use-copilot-cli.md | 3 +- content/copilot/index.md | 1 + content/copilot/reference/acp-server.md | 3 +- .../reference/cli-command-reference.md | 5 +- .../copilot/reference/cli-plugin-reference.md | 3 +- .../copilot/reference/hooks-configuration.md | 1 + .../copilot/responsible-use/copilot-cli.md | 1 + .../copilot/tutorials/copilot-cli-hooks.md | 5 +- content/index.md | 2 +- 27 files changed, 107 insertions(+), 35 deletions(-) diff --git a/content/copilot/concepts/agents/about-agent-skills.md b/content/copilot/concepts/agents/about-agent-skills.md index 5c9872839104..35f8ad6eaf47 100644 --- a/content/copilot/concepts/agents/about-agent-skills.md +++ b/content/copilot/concepts/agents/about-agent-skills.md @@ -9,6 +9,7 @@ topics: - Copilot category: - Learn about Copilot + - Learn about Copilot CLI --- > [!NOTE] diff --git a/content/copilot/concepts/agents/copilot-cli/about-cli-plugins.md b/content/copilot/concepts/agents/copilot-cli/about-cli-plugins.md index 78ebd4a4227b..3fa95b361bc2 100644 --- a/content/copilot/concepts/agents/copilot-cli/about-cli-plugins.md +++ b/content/copilot/concepts/agents/copilot-cli/about-cli-plugins.md @@ -10,7 +10,8 @@ topics: - Copilot contentType: concepts category: - - Learn about Copilot + - Learn about Copilot # Copilot discovery page + - Learn about Copilot CLI # Copilot CLI bespoke page --- Plugins provide a way to distribute custom CLI functionality. You can use a plugin to add a preconfigured set of capabilities to {% data variables.copilot.copilot_cli_short %}. diff --git a/content/copilot/concepts/agents/copilot-cli/about-copilot-cli.md b/content/copilot/concepts/agents/copilot-cli/about-copilot-cli.md index 3db80eba22db..de0155789ea3 100644 --- a/content/copilot/concepts/agents/copilot-cli/about-copilot-cli.md +++ b/content/copilot/concepts/agents/copilot-cli/about-copilot-cli.md @@ -10,7 +10,8 @@ topics: - Copilot contentType: concepts category: - - Learn about Copilot + - Learn about Copilot # Copilot discovery page + - Learn about Copilot CLI # Copilot CLI bespoke page redirect_from: - /copilot/concepts/agents/about-copilot-cli --- diff --git a/content/copilot/concepts/agents/copilot-cli/autopilot.md b/content/copilot/concepts/agents/copilot-cli/autopilot.md index 743918bc65e9..f7b959f92009 100644 --- a/content/copilot/concepts/agents/copilot-cli/autopilot.md +++ b/content/copilot/concepts/agents/copilot-cli/autopilot.md @@ -9,7 +9,8 @@ topics: - CLI contentType: concepts category: - - Learn about Copilot CLI + - Learn about Copilot CLI # Copilot CLI bespoke page + - Learn about Copilot # Copilot discovery page --- ## Overview diff --git a/content/copilot/concepts/agents/copilot-cli/comparing-cli-features.md b/content/copilot/concepts/agents/copilot-cli/comparing-cli-features.md index 45962eea5f6a..9a3bb4a0683e 100644 --- a/content/copilot/concepts/agents/copilot-cli/comparing-cli-features.md +++ b/content/copilot/concepts/agents/copilot-cli/comparing-cli-features.md @@ -9,7 +9,8 @@ topics: - Copilot contentType: concepts category: - - Learn about Copilot + - Learn about Copilot # Copilot discovery page + - Learn about Copilot CLI # Copilot CLI bespoke page --- ## Introduction diff --git a/content/copilot/how-tos/copilot-cli/cli-best-practices.md b/content/copilot/how-tos/copilot-cli/cli-best-practices.md index 7d1e5352f261..8121d149238b 100644 --- a/content/copilot/how-tos/copilot-cli/cli-best-practices.md +++ b/content/copilot/how-tos/copilot-cli/cli-best-practices.md @@ -9,8 +9,9 @@ topics: - Copilot contentType: get-started category: - - Learn about Copilot - - Author and optimize with Copilot + - Build with Copilot CLI # Copilot CLI bespoke page + - Copilot in the CLI # Copilot CLI bespoke page + - Author and optimize with Copilot # Copilot discovery page --- ## Introduction diff --git a/content/copilot/how-tos/copilot-cli/cli-getting-started.md b/content/copilot/how-tos/copilot-cli/cli-getting-started.md index 0c2d95c519be..4176edbe158d 100644 --- a/content/copilot/how-tos/copilot-cli/cli-getting-started.md +++ b/content/copilot/how-tos/copilot-cli/cli-getting-started.md @@ -10,8 +10,9 @@ topics: - Copilot contentType: get-started category: - - Learn about Copilot - - Author and optimize with Copilot + - Build with Copilot CLI # Copilot CLI bespoke page + - Quickstarts # Copilot CLI bespoke page + - Author and optimize with Copilot # Copilot discovery page --- ## Introduction diff --git a/content/copilot/how-tos/copilot-cli/customize-copilot/add-custom-instructions.md b/content/copilot/how-tos/copilot-cli/customize-copilot/add-custom-instructions.md index 451e9aa484ef..c4c7312ef6cd 100644 --- a/content/copilot/how-tos/copilot-cli/customize-copilot/add-custom-instructions.md +++ b/content/copilot/how-tos/copilot-cli/customize-copilot/add-custom-instructions.md @@ -6,6 +6,9 @@ versions: feature: copilot topics: - Copilot +category: + - Configure Copilot # Copilot discovery page + - Configure Copilot CLI # Copilot CLI bespoke page redirect_from: - /copilot/how-tos/copilot-cli/add-repository-instructions - /copilot/how-tos/copilot-cli/add-custom-instructions diff --git a/content/copilot/how-tos/copilot-cli/customize-copilot/create-custom-agents-for-cli.md b/content/copilot/how-tos/copilot-cli/customize-copilot/create-custom-agents-for-cli.md index b48b5c612636..7dcd79d1ac21 100644 --- a/content/copilot/how-tos/copilot-cli/customize-copilot/create-custom-agents-for-cli.md +++ b/content/copilot/how-tos/copilot-cli/customize-copilot/create-custom-agents-for-cli.md @@ -8,8 +8,9 @@ versions: topics: - Copilot category: - - Configure Copilot - - Author and optimize with Copilot + - Configure Copilot # Copilot discovery page + - Author and optimize with Copilot # Copilot discovery page + - Configure Copilot CLI # Copilot CLI bespoke page contentType: how-tos --- diff --git a/content/copilot/how-tos/copilot-cli/customize-copilot/create-skills.md b/content/copilot/how-tos/copilot-cli/customize-copilot/create-skills.md index 90e66442bb04..f163466b4628 100644 --- a/content/copilot/how-tos/copilot-cli/customize-copilot/create-skills.md +++ b/content/copilot/how-tos/copilot-cli/customize-copilot/create-skills.md @@ -9,8 +9,9 @@ topics: - Copilot contentType: how-tos category: - - Configure Copilot - - Author and optimize with Copilot + - Configure Copilot # Copilot discovery page + - Author and optimize with Copilot # Copilot discovery page + - Configure Copilot CLI # Copilot CLI bespoke page --- Agent skills are folders of instructions, scripts, and resources that {% data variables.product.prodname_copilot_short %} can load when relevant to improve its performance in specialized tasks. For more information, see [AUTOTITLE](/copilot/concepts/agents/about-agent-skills). diff --git a/content/copilot/how-tos/copilot-cli/customize-copilot/plugins-creating.md b/content/copilot/how-tos/copilot-cli/customize-copilot/plugins-creating.md index dffcd8615b99..49a45cfa0e3f 100644 --- a/content/copilot/how-tos/copilot-cli/customize-copilot/plugins-creating.md +++ b/content/copilot/how-tos/copilot-cli/customize-copilot/plugins-creating.md @@ -8,8 +8,9 @@ versions: topics: - Copilot category: - - Configure Copilot - - Author and optimize with Copilot + - Configure Copilot # Copilot discovery page + - Author and optimize with Copilot # Copilot discovery page + - Configure Copilot CLI # Copilot CLI bespoke page contentType: how-tos --- diff --git a/content/copilot/how-tos/copilot-cli/customize-copilot/plugins-finding-installing.md b/content/copilot/how-tos/copilot-cli/customize-copilot/plugins-finding-installing.md index 408811f510ad..669ed413d7cf 100644 --- a/content/copilot/how-tos/copilot-cli/customize-copilot/plugins-finding-installing.md +++ b/content/copilot/how-tos/copilot-cli/customize-copilot/plugins-finding-installing.md @@ -8,8 +8,9 @@ versions: topics: - Copilot category: - - Configure Copilot - - Author and optimize with Copilot + - Configure Copilot # Copilot discovery page + - Author and optimize with Copilot # Copilot discovery page + - Configure Copilot CLI # Copilot CLI bespoke page contentType: how-tos --- diff --git a/content/copilot/how-tos/copilot-cli/customize-copilot/plugins-marketplace.md b/content/copilot/how-tos/copilot-cli/customize-copilot/plugins-marketplace.md index 6b4a3df537f1..cce771c0c25d 100644 --- a/content/copilot/how-tos/copilot-cli/customize-copilot/plugins-marketplace.md +++ b/content/copilot/how-tos/copilot-cli/customize-copilot/plugins-marketplace.md @@ -8,8 +8,9 @@ versions: topics: - Copilot category: - - Configure Copilot - - Author and optimize with Copilot + - Configure Copilot # Copilot discovery page + - Author and optimize with Copilot # Copilot discovery page + - Configure Copilot CLI # Copilot CLI bespoke page contentType: how-tos --- diff --git a/content/copilot/how-tos/copilot-cli/customize-copilot/quickstart-for-customizing.md b/content/copilot/how-tos/copilot-cli/customize-copilot/quickstart-for-customizing.md index ae42896ae406..11d77f9cd9bc 100644 --- a/content/copilot/how-tos/copilot-cli/customize-copilot/quickstart-for-customizing.md +++ b/content/copilot/how-tos/copilot-cli/customize-copilot/quickstart-for-customizing.md @@ -9,7 +9,8 @@ topics: - Copilot contentType: how-tos category: - - Configure Copilot + - Configure Copilot # Copilot discovery page + - Configure Copilot CLI # Copilot CLI bespoke page --- You can download and install {% data variables.copilot.copilot_cli_short %}, and start using it straight away, without any additional configuration. However, you'll find that you can improve {% data variables.product.prodname_copilot_short %}'s responses if you spend a little time providing it with guidelines and context, and giving it access to tools that are relevant to your project. This article introduces the various ways in which you can customize {% data variables.copilot.copilot_cli_short %}. diff --git a/content/copilot/how-tos/copilot-cli/customize-copilot/use-hooks.md b/content/copilot/how-tos/copilot-cli/customize-copilot/use-hooks.md index 68af445988af..de0527892431 100644 --- a/content/copilot/how-tos/copilot-cli/customize-copilot/use-hooks.md +++ b/content/copilot/how-tos/copilot-cli/customize-copilot/use-hooks.md @@ -7,8 +7,9 @@ versions: topics: - Copilot contentType: how-tos -category: - - Configure Copilot +category: + - Author and optimize with Copilot # Copilot discovery page + - Build with Copilot CLI # Copilot CLI bespoke page redirect_from: - /copilot/how-tos/copilot-cli/use-hooks --- diff --git a/content/copilot/how-tos/copilot-cli/index.md b/content/copilot/how-tos/copilot-cli/index.md index a7d37bfdce80..6ee000da2409 100644 --- a/content/copilot/how-tos/copilot-cli/index.md +++ b/content/copilot/how-tos/copilot-cli/index.md @@ -1,15 +1,60 @@ --- -title: GitHub Copilot CLI -shortTitle: Copilot CLI -intro: Learn how to use {% data variables.product.prodname_copilot %} in your terminal. +title: '{% data variables.copilot.copilot_cli %}' +shortTitle: '{% data variables.copilot.copilot_cli_short %}' +intro: 'Use {% data variables.product.prodname_copilot_short %} directly from your terminal to answer questions, write and debug code, and interact with {% data variables.product.github %}.' versions: feature: copilot +topics: + - Copilot +contentType: landing +layout: bespoke-landing +heroImage: /assets/images/banner-images/hero-4 +sidebarLink: + text: All articles + href: /copilot/how-tos/copilot-cli +introLinks: + overview: /copilot/concepts/agents/copilot-cli/about-copilot-cli + quickstart: /copilot/how-tos/copilot-cli/cli-getting-started children: + # Top-level articles and sub-categories in the Copilot How-to's are listed at the top of this list. + # This sets the order we show them in the side nav. + # All content from other directories and in any sub-directories can be added in any order underneath. - /cli-getting-started - /cli-best-practices - /set-up-copilot-cli - /customize-copilot - /use-copilot-cli - /automate-with-actions -contentType: how-tos + - /content/copilot/concepts/agents/copilot-cli/about-copilot-cli + - /content/copilot/concepts/agents/copilot-cli/comparing-cli-features + - /content/copilot/concepts/agents/copilot-cli/about-cli-plugins + - /content/copilot/concepts/agents/copilot-cli/autopilot + - /set-up-copilot-cli/install-copilot-cli + - /set-up-copilot-cli/configure-copilot-cli + - /customize-copilot/add-custom-instructions + - /customize-copilot/create-custom-agents-for-cli + - /customize-copilot/create-skills + - /customize-copilot/plugins-creating + - /customize-copilot/plugins-finding-installing + - /customize-copilot/plugins-marketplace + - /customize-copilot/quickstart-for-customizing + - /customize-copilot/use-hooks + - /content/copilot/concepts/agents/about-agent-skills + - /content/copilot/reference/cli-command-reference + - /content/copilot/reference/hooks-configuration + - /content/copilot/reference/cli-plugin-reference + - /content/copilot/reference/acp-server + - /content/copilot/tutorials/copilot-cli-hooks + - /content/copilot/responsible-use/copilot-cli +carousels: + recommended: + - /copilot/how-tos/copilot-cli/use-copilot-cli + - /copilot/how-tos/copilot-cli/cli-best-practices + - /copilot/reference/cli-command-reference +includedCategories: + - Quickstarts + - Learn about Copilot CLI + - Configure Copilot CLI + - Build with Copilot CLI + - Administer Copilot CLI --- diff --git a/content/copilot/how-tos/copilot-cli/set-up-copilot-cli/configure-copilot-cli.md b/content/copilot/how-tos/copilot-cli/set-up-copilot-cli/configure-copilot-cli.md index b077e8d9ec4b..76ee4991d4c6 100644 --- a/content/copilot/how-tos/copilot-cli/set-up-copilot-cli/configure-copilot-cli.md +++ b/content/copilot/how-tos/copilot-cli/set-up-copilot-cli/configure-copilot-cli.md @@ -9,7 +9,8 @@ topics: - CLI contentType: how-tos category: - - Configure Copilot + - Configure Copilot # Copilot discovery page + - Configure Copilot CLI # Copilot CLI bespoke page --- {% data reusables.cli.preview-note-cli %} diff --git a/content/copilot/how-tos/copilot-cli/set-up-copilot-cli/install-copilot-cli.md b/content/copilot/how-tos/copilot-cli/set-up-copilot-cli/install-copilot-cli.md index 7111bef3f9f1..19e60c91dbca 100644 --- a/content/copilot/how-tos/copilot-cli/set-up-copilot-cli/install-copilot-cli.md +++ b/content/copilot/how-tos/copilot-cli/set-up-copilot-cli/install-copilot-cli.md @@ -20,7 +20,8 @@ redirect_from: - /copilot/how-tos/copilot-cli/install-copilot-cli contentType: how-tos category: - - Configure Copilot + - Configure Copilot # Copilot discovery page + - Configure Copilot CLI # Copilot CLI bespoke page --- {% data reusables.cli.preview-note-cli %} diff --git a/content/copilot/how-tos/copilot-cli/use-copilot-cli.md b/content/copilot/how-tos/copilot-cli/use-copilot-cli.md index 7526ab4a3a66..e9be2d3cccbd 100644 --- a/content/copilot/how-tos/copilot-cli/use-copilot-cli.md +++ b/content/copilot/how-tos/copilot-cli/use-copilot-cli.md @@ -13,7 +13,8 @@ topics: - CLI contentType: how-tos category: - - Author and optimize with Copilot + - Author and optimize with Copilot # Copilot discovery page + - Build with Copilot CLI # Copilot CLI bespoke page --- The command-line interface (CLI) for {% data variables.product.prodname_copilot %} allows you to use {% data variables.product.prodname_copilot_short %} directly from your terminal. For more information, see [AUTOTITLE](/copilot/concepts/agents/about-copilot-cli). diff --git a/content/copilot/index.md b/content/copilot/index.md index bfe83b34558f..8eebf93b3bee 100644 --- a/content/copilot/index.md +++ b/content/copilot/index.md @@ -33,4 +33,5 @@ includedCategories: - Track Copilot usage - Troubleshooting Copilot - Responsible use + - Copilot in the CLI --- diff --git a/content/copilot/reference/acp-server.md b/content/copilot/reference/acp-server.md index a26cc3fa3cb3..67e260e74997 100644 --- a/content/copilot/reference/acp-server.md +++ b/content/copilot/reference/acp-server.md @@ -7,7 +7,8 @@ versions: topics: - Copilot category: - - Configure Copilot + - Configure Copilot # Copilot discovery page + - Configure Copilot CLI # Copilot CLI bespoke page contentType: reference --- diff --git a/content/copilot/reference/cli-command-reference.md b/content/copilot/reference/cli-command-reference.md index fe320554de80..46a31d7fbdcb 100644 --- a/content/copilot/reference/cli-command-reference.md +++ b/content/copilot/reference/cli-command-reference.md @@ -5,9 +5,10 @@ intro: 'Find commands and keyboard shortcuts to help you use {% data variables.c versions: feature: copilot category: - - Author and optimize with Copilot + - Author and optimize with Copilot # Copilot discovery page + - Build with Copilot CLI # Copilot CLI bespoke landing page topics: - - Copilot + - Copilot contentType: reference --- diff --git a/content/copilot/reference/cli-plugin-reference.md b/content/copilot/reference/cli-plugin-reference.md index b5782d199f62..41eaf0d812b7 100644 --- a/content/copilot/reference/cli-plugin-reference.md +++ b/content/copilot/reference/cli-plugin-reference.md @@ -5,7 +5,8 @@ intro: 'Find commands and configuration details for CLI plugins.' versions: feature: copilot category: - - Author and optimize with Copilot + - Author and optimize with Copilot # Copilot discovery page + - Configure Copilot CLI # Copilot CLI bespoke page topics: - Copilot contentType: reference diff --git a/content/copilot/reference/hooks-configuration.md b/content/copilot/reference/hooks-configuration.md index 860d0b6f0d07..cef5c2559e15 100644 --- a/content/copilot/reference/hooks-configuration.md +++ b/content/copilot/reference/hooks-configuration.md @@ -9,6 +9,7 @@ topics: contentType: reference category: - Configure Copilot + - Configure Copilot CLI --- This reference article describes the available hook types with examples, including their input and output formats, script best practices, and advanced patterns for logging, security enforcement, and external integrations. For general information about creating hooks, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/use-hooks). For a tutorial on creating hooks for the CLI, see [AUTOTITLE](/copilot/tutorials/copilot-cli-hooks). diff --git a/content/copilot/responsible-use/copilot-cli.md b/content/copilot/responsible-use/copilot-cli.md index af7850043719..549363e1d9a6 100644 --- a/content/copilot/responsible-use/copilot-cli.md +++ b/content/copilot/responsible-use/copilot-cli.md @@ -16,6 +16,7 @@ redirect_from: contentType: rai category: - Responsible use + - Learn about Copilot CLI --- {% data reusables.cli.preview-note-cli %} diff --git a/content/copilot/tutorials/copilot-cli-hooks.md b/content/copilot/tutorials/copilot-cli-hooks.md index 3b79078feb15..9cae20d63fcc 100644 --- a/content/copilot/tutorials/copilot-cli-hooks.md +++ b/content/copilot/tutorials/copilot-cli-hooks.md @@ -8,8 +8,9 @@ versions: feature: copilot contentType: tutorials category: - - Accelerate PR velocity - - Author and optimize with Copilot + - Accelerate PR velocity # Copilot tutorials bespoke page + - Author and optimize with Copilot # Copilot discovery page + - Administer Copilot CLI # Copilot CLI bespoke page allowTitleToDifferFromFilename: true --- diff --git a/content/index.md b/content/index.md index b255d3c68d3f..987c9b192dc3 100644 --- a/content/index.md +++ b/content/index.md @@ -111,11 +111,11 @@ childGroups: children: - copilot - copilot/get-started/plans - - copilot/how-tos/get-code-suggestions/get-ide-code-suggestions - copilot/how-tos/use-copilot-agents/coding-agent - copilot/tutorials - copilot/tutorials/copilot-chat-cookbook - copilot/tutorials/customization-library + - copilot/how-tos/copilot-cli - name: CI/CD and DevOps octicon: GearIcon children: From 11e4bd9736b056ef8c315372729a4e5de96b369d Mon Sep 17 00:00:00 2001 From: Kevin Heis Date: Mon, 23 Feb 2026 17:11:12 -0800 Subject: [PATCH 3/9] Fix broken external links found by link checker (#59775) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .../installing-github-enterprise-server-on-vmware.md | 4 ++-- content/copilot/how-tos/chat-with-copilot/chat-in-ide.md | 2 +- .../provide-context/use-mcp/extend-copilot-chat-with-mcp.md | 2 +- .../privacy-policies/github-candidate-privacy-policy.md | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-vmware.md b/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-vmware.md index 5f8905b7331d..2ccadfd1ec59 100644 --- a/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-vmware.md +++ b/content/admin/installing-your-enterprise-server/setting-up-a-github-enterprise-server-instance/installing-github-enterprise-server-on-vmware.md @@ -40,10 +40,10 @@ shortTitle: Install on VMware {% data reusables.enterprise_installation.create-ghe-instance %} -1. Using the vSphere Windows Client or the vCenter Web Client, import the {% data variables.product.prodname_ghe_server %} image you downloaded. For instructions, see the VMware guide [Deploy an OVF or OVA Template](https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/6-5/vsphere-virtual-machine-administration-guide-6-5/deploying-ovf-templates/deploy-an-ovf-template-flex-and-h5.html). +1. Using the vSphere Windows Client or the vCenter Web Client, import the {% data variables.product.prodname_ghe_server %} image you downloaded. For instructions, see the VMware guide [Deploy and Export OVF and OVA Templates](https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/deploying-ovf-templates.html). * When selecting a datastore, choose one with sufficient space to host the VM's disks. For the minimum hardware specifications recommended for your instance size, see [Hardware considerations](#hardware-considerations). We recommend thick provisioning with lazy zeroing. * Leave the **Power on after deployment** box unchecked, as you will need to add an attached storage volume for your repository data after provisioning the VM. -{% data reusables.enterprise_installation.create-attached-storage-volume %} For instructions, see the VMware guide [Add a New Hard Disk to a Virtual Machine](https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/6-5/add-a-new-hard-disk-to-a-virtual-machine.html). +{% data reusables.enterprise_installation.create-attached-storage-volume %} For instructions, see the VMware guide [Add a Hard Disk to a Virtual Machine](https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/add-a-hard-disk-to-a-virtual-machine.html). ## Configuring the {% data variables.product.prodname_ghe_server %} instance diff --git a/content/copilot/how-tos/chat-with-copilot/chat-in-ide.md b/content/copilot/how-tos/chat-with-copilot/chat-in-ide.md index 5df05fde789b..5613f14cc9ed 100644 --- a/content/copilot/how-tos/chat-with-copilot/chat-in-ide.md +++ b/content/copilot/how-tos/chat-with-copilot/chat-in-ide.md @@ -199,7 +199,7 @@ When the {% data variables.copilot.subagent_short %} completes its task, its res {% data reusables.copilot.plan-agent-steps %} -For more information, see [Planning in VS Code chat](https://code.visualstudio.com/docs/copilot/chat/chat-planning) in the {% data variables.product.prodname_vscode %} documentation. +For more information, see [Planning in VS Code chat](https://code.visualstudio.com/docs/copilot/chat/copilot-chat) in the {% data variables.product.prodname_vscode %} documentation. ## Using images in {% data variables.copilot.copilot_chat_short %} diff --git a/content/copilot/how-tos/provide-context/use-mcp/extend-copilot-chat-with-mcp.md b/content/copilot/how-tos/provide-context/use-mcp/extend-copilot-chat-with-mcp.md index 6b418b3d815a..ab61b4e01d9b 100644 --- a/content/copilot/how-tos/provide-context/use-mcp/extend-copilot-chat-with-mcp.md +++ b/content/copilot/how-tos/provide-context/use-mcp/extend-copilot-chat-with-mcp.md @@ -99,7 +99,7 @@ For information on configuring the {% data variables.product.github %} MCP serve ![Screenshot of the {% data variables.copilot.copilot_chat_short %} box in {% data variables.product.prodname_vscode %}. The "Agent" option is outlined in dark orange.](/assets/images/help/copilot/copilot-chat-agent-option.png) 1. To view your list of available MCP servers, click the tools icon in the top left corner of the chat box. This will open the MCP server list, where you can see all the MCP servers and associated tools that are currently available in your {% data variables.product.prodname_vscode %} instance. - * Optionally, you can define toolsets, groups of related tools that you can reference in chat. Toolsets make it easier to group related MCP tools together and quickly enable or disable them. For information on how to define and use a toolset, see the [{% data variables.product.prodname_vscode_shortname %} docs](https://code.visualstudio.com/docs/copilot/chat/chat-tools#_group-tools-with-tool-sets). + * Optionally, you can define toolsets, groups of related tools that you can reference in chat. Toolsets make it easier to group related MCP tools together and quickly enable or disable them. For information on how to define and use a toolset, see the [{% data variables.product.prodname_vscode_shortname %} docs](https://code.visualstudio.com/docs/copilot/agents/agent-tools#_group-tools-with-tool-sets). For more information on configuring MCP servers in {% data variables.product.prodname_vscode %}, see [Use MCP servers in {% data variables.product.prodname_vscode %}](https://aka.ms/vscode-add-mcp) in the {% data variables.product.prodname_vscode %} documentation. diff --git a/content/site-policy/privacy-policies/github-candidate-privacy-policy.md b/content/site-policy/privacy-policies/github-candidate-privacy-policy.md index 3037ca4edb33..e59e6e037170 100644 --- a/content/site-policy/privacy-policies/github-candidate-privacy-policy.md +++ b/content/site-policy/privacy-policies/github-candidate-privacy-policy.md @@ -54,7 +54,7 @@ Your privacy is important to GitHub (“we”, “us”, “our” or “GitHub Please note that this privacy notice applies to the handling of your personal data as a candidate. -This notice does not cover your use of GitHub consumer products as a consumer, or outside of your candidacy with GitHub. GitHub consumer products may include services, websites, apps, software, servers, and devices. To learn more about GitHub’s data collection practices that cover your use of GitHub products as a consumer, please read our [GitHub Privacy Statement](https://site-policy/privacy-policies/github-general-privacy-statement). +This notice does not cover your use of GitHub consumer products as a consumer, or outside of your candidacy with GitHub. GitHub consumer products may include services, websites, apps, software, servers, and devices. To learn more about GitHub’s data collection practices that cover your use of GitHub products as a consumer, please read our [GitHub Privacy Statement](/site-policy/privacy-policies/github-general-privacy-statement). This notice is not intended and shall not be read to create any express or implied promise or contract for employment, for any benefit, or for specific treatment in specific situations. Nothing in this notice should be construed to interfere with GitHub’s ability to process candidate data for purposes of complying with our legal obligations, or for investigating alleged misconduct or violations of company policy or law, subject to compliance with local legal requirements. From 5d6442cb82529ef6fc273b4b7897c122e3e8e323 Mon Sep 17 00:00:00 2001 From: Andy Feller Date: Tue, 24 Feb 2026 01:14:52 -0800 Subject: [PATCH 4/9] Improve responsible Copilot CLI readability (#59782) Co-authored-by: hubwriter --- .../agents/coding-agent/about-custom-agents.md | 2 +- content/copilot/responsible-use/copilot-cli.md | 18 ++++++++++-------- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/content/copilot/concepts/agents/coding-agent/about-custom-agents.md b/content/copilot/concepts/agents/coding-agent/about-custom-agents.md index 65305d668e5e..afa625ce18a8 100644 --- a/content/copilot/concepts/agents/coding-agent/about-custom-agents.md +++ b/content/copilot/concepts/agents/coding-agent/about-custom-agents.md @@ -27,7 +27,7 @@ The {% data variables.copilot.agent_profile %} defines the {% data variables.cop * **Prompt**: Custom instructions that define the agent's behavior and expertise. * **Tools** (optional): Specific tools the agent can access. By default, agents can access all available tools, including built-in tools and MCP server tools. -{% data variables.copilot.agent_profiles_caps %} can also include MCP server configurations using the `mcp-server` property. +{% data variables.copilot.agent_profiles_caps %} can also include MCP server configurations using the `mcp-server` property. ### Example {% data variables.copilot.agent_profile %} diff --git a/content/copilot/responsible-use/copilot-cli.md b/content/copilot/responsible-use/copilot-cli.md index 549363e1d9a6..f2ea20e44ab2 100644 --- a/content/copilot/responsible-use/copilot-cli.md +++ b/content/copilot/responsible-use/copilot-cli.md @@ -14,7 +14,7 @@ redirect_from: - /copilot/responsible-use-of-github-copilot-features/copilot-in-the-cli - /copilot/responsible-use/copilot-in-the-cli contentType: rai -category: +category: - Responsible use - Learn about Copilot CLI --- @@ -35,11 +35,11 @@ The agent works by using a combination of natural language processing and machin ### Input processing -The input prompt from the user is combined with other relevant, contextual information to form a prompt. That prompt is sent to a large language model for processing. Inputs can take the form of plain natural language, code snippets, or references to files in your terminal. +Your input is combined with relevant contextual information to form a prompt. That prompt is sent to a large language model for processing. Inputs can take the form of plain natural language, code snippets, or references to files in your terminal. ### Language model analysis -The prompt is then passed through a large language model, which is a neural network that has been trained on a large body of data. The language model analyzes the input prompt to help the agent reason on the task and leverage necessary tools. +The prompt is then passed through a large language model, which is a neural network that has been trained on a large body of data. The language model analyzes the input prompt to help the agent reason about the task and use the necessary tools. ### Response generation @@ -76,7 +76,7 @@ For more information about limitations, see the section [Limitations of {% data ### Ensure your tasks are well-scoped -{% data variables.copilot.copilot_cli %} leverages your prompt as key context when generating a pull request. The more clear and well-scoped the prompt you assign to the agent, the better the results you will get. An ideal issue includes: +{% data variables.copilot.copilot_cli %} leverages your prompt as key context when completing a task. The clearer and more well-scoped the prompt you provide, the better the results you will get. An ideal prompt includes: * A clear description of the problem to be solved or the work required. * Complete acceptance criteria on what a good solution looks like (for example, should there be unit tests?). @@ -84,7 +84,7 @@ For more information about limitations, see the section [Limitations of {% data ### Customize your experience with additional context -{% data variables.copilot.copilot_cli %} leverages your prompt, comments and the repository’s code as context when generating suggested changes. To enhance {% data variables.product.prodname_copilot_short %}’s performance, consider implementing custom {% data variables.product.prodname_copilot_short %} instructions to help the agent better understand your project and how to build, test and validate its changes. For more information, see "Add custom instructions to your repository" in [AUTOTITLE](/copilot/tutorials/coding-agent/get-the-best-results#adding-custom-instructions-to-your-repository). +{% data variables.copilot.copilot_cli %} leverages your prompt and the repository’s code as context when generating suggested changes. To enhance {% data variables.product.prodname_copilot_short %}’s performance, consider implementing custom {% data variables.product.prodname_copilot_short %} instructions to help the agent better understand your project and how to build, test and validate its changes. For more information, see [AUTOTITLE](/copilot/how-tos/copilot-cli/customize-copilot/add-custom-instructions). ### Use {% data variables.copilot.copilot_cli %} as a tool, not a replacement @@ -102,11 +102,13 @@ If you encounter any issues or limitations with {% data variables.copilot.copilo ### Constraining {% data variables.product.prodname_copilot_short %}’s permissions -By default, {% data variables.product.prodname_copilot_short %} only has access to files and folders in, and below, the directory from which {% data variables.copilot.copilot_cli %} was invoked. Ensure you trust the files in this directory. If {% data variables.product.prodname_copilot_short %} wishes to access files outside the current directory, it will ask for permission. Only grant it permission if you trust the contents of that directory. +By default, {% data variables.copilot.copilot_cli_short %}: -{% data variables.product.prodname_copilot_short %} will ask for permission before modifying files. Ensure that it is modifying the correct files before granting permission. +* Only has access to files and folders in, and below, the directory from which {% data variables.copilot.copilot_cli %} was invoked. Ensure you trust the files in this directory. If {% data variables.product.prodname_copilot_short %} wishes to access files outside the current directory, it will ask for permission. Only grant it permission if you trust the contents of that directory. +* Will ask for permission before modifying files. Ensure that it is modifying the correct files before granting permission. +* Will ask for permission before executing commands that may be dangerous. Review these commands carefully before giving it permission to run. -{% data variables.product.prodname_copilot_short %} will also ask for permission before executing commands that may be dangerous. Review these commands carefully before giving it permission to run. +You can grant {% data variables.copilot.copilot_cli_short %} specific permissions, or all permissions, by using the various command line options: for example, `--allow-tool [TOOLS...]`, `--allow-all-tools`, `--allow-all` (or its slash command equivalent `/allow-all` for use in an interactive session). For more information, see [AUTOTITLE](/copilot/reference/cli-command-reference#command-line-options). Typically, when you use {% data variables.copilot.copilot_cli_short %} in autopilot mode, you will grant it full permissions to allow it to complete a task autonomously, without requiring you to approve activity as it works on the task. For more information, see [AUTOTITLE](/copilot/concepts/agents/copilot-cli/autopilot). For more information about security practices while using {% data variables.copilot.copilot_cli %}, see "Security considerations" in [AUTOTITLE](/copilot/concepts/agents/about-copilot-cli#security-considerations). From 28665b317b3fbf79855f2c4dffa2a0d1a907723f Mon Sep 17 00:00:00 2001 From: Kevin Heis Date: Tue, 24 Feb 2026 02:13:13 -0800 Subject: [PATCH 5/9] Fix broken AUTOTITLE links causing search indexing failures (#59786) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .../analyzing-your-code-with-codeql-queries.md | 4 ++-- .../customize-code-scanning/creating-codeql-query-suites.md | 2 +- .../migrations/overview/planning-your-migration-to-github.md | 2 ++ ...sing-your-migration-logs-for-github-enterprise-importer.md | 2 +- .../reclaiming-mannequins-for-github-enterprise-importer.md | 2 +- ...shooting-your-migration-with-github-enterprise-importer.md | 4 ++++ .../about-github-enterprise-importer.md | 2 ++ 7 files changed, 13 insertions(+), 5 deletions(-) diff --git a/content/code-security/tutorials/customize-code-scanning/analyzing-your-code-with-codeql-queries.md b/content/code-security/tutorials/customize-code-scanning/analyzing-your-code-with-codeql-queries.md index f1c4f1c8211e..5a12a1638407 100644 --- a/content/code-security/tutorials/customize-code-scanning/analyzing-your-code-with-codeql-queries.md +++ b/content/code-security/tutorials/customize-code-scanning/analyzing-your-code-with-codeql-queries.md @@ -68,7 +68,7 @@ You must specify ``, `--format`, and `--output`. You can specify addit | --output | {% octicon "check" aria-label="Required" %} | Specify the location where you want to save the SARIF results file, including the desired filename with the `.sarif` extension. | | --sarif-category | {% octicon "question" aria-label="Required with multiple results sets" %} | Optional for single database analysis. Required to define the language when you analyze multiple databases for a single commit in a repository.

Specify a category to include in the SARIF results file for this analysis. A category is used to distinguish multiple analyses for the same tool and commit, but performed on different languages or different parts of the code. | | --sarif-add-baseline-file-info | {% octicon "x" aria-label="Optional" %} | **Recommended.** Use to submit file coverage information to the {% data variables.code-scanning.tool_status_page %}. For more information, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/about-the-tool-status-page#how-codeql-defines-scanned-files). | -| --sarif-include-query-help | {% octicon "x" aria-label="Optional" %} | Specify whether to include query help in the SARIF output. One of: `always`: Include query help for all queries. `custom_queries_only` (default): Include query help only for custom queries, that is, queries in query packs which are not of the form `codeql/-queries`. `never`: Do not include query help for any queries. Any query help for custom queries included in the SARIF output will be displayed in any code scanning alerts for the query. For more information, see [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/using-custom-queries-with-the-codeql-cli#including-query-help-for-custom-codeql-queries-in-sarif-files). | +| --sarif-include-query-help | {% octicon "x" aria-label="Optional" %} | Specify whether to include query help in the SARIF output. One of: `always`: Include query help for all queries. `custom_queries_only` (default): Include query help only for custom queries, that is, queries in query packs which are not of the form `codeql/-queries`. `never`: Do not include query help for any queries. Any query help for custom queries included in the SARIF output will be displayed in any code scanning alerts for the query. For more information, see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-the-command-line/writing-and-sharing-custom-queries-for-the-codeql-cli#including-query-help-for-custom-codeql-queries-in-sarif-files). | | `` | {% octicon "x" aria-label="Optional" %} | Use if you want to include {% data variables.product.prodname_codeql %} query packs in your analysis. For more information, see [Downloading and using {% data variables.product.prodname_codeql %} packs](/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs#downloading-and-using-codeql-query-packs). | | --download | {% octicon "x" aria-label="Optional" %} | Use if some of your {% data variables.product.prodname_codeql %} query packs are not yet on disk and need to be downloaded before running queries. | | --threads | {% octicon "x" aria-label="Optional" %} | Use if you want to use more than one thread to run queries. The default value is `1`. You can specify more threads to speed up query execution. To set the number of threads to the number of logical processors, specify `0`. | @@ -155,7 +155,7 @@ codeql database analyze ../ql/javascript/ql/src/Declaratio You can also run your own custom queries with the `database analyze` command. For more information about preparing your queries to use with the {% data variables.product.prodname_codeql_cli %}, -see [AUTOTITLE](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/using-custom-queries-with-the-codeql-cli). +see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-the-command-line/writing-and-sharing-custom-queries-for-the-codeql-cli). ### Running all queries in a directory diff --git a/content/code-security/tutorials/customize-code-scanning/creating-codeql-query-suites.md b/content/code-security/tutorials/customize-code-scanning/creating-codeql-query-suites.md index a0f1ac713d4c..665a8ea0e18d 100644 --- a/content/code-security/tutorials/customize-code-scanning/creating-codeql-query-suites.md +++ b/content/code-security/tutorials/customize-code-scanning/creating-codeql-query-suites.md @@ -22,7 +22,7 @@ contentType: tutorials You can create query suites for the queries that you want to frequently use in your {% data variables.product.prodname_codeql %} analyses. For more information, see [AUTOTITLE](/code-security/concepts/code-scanning/codeql/codeql-query-suites). > [!NOTE] -> Any custom queries that you want to add to a query suite must be in a [{% data variables.product.prodname_codeql %} pack](/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs) and contain the correct query metadata. For more information, see [Using custom queries with the {% data variables.product.prodname_codeql_cli %}](/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/using-custom-queries-with-the-codeql-cli). +> Any custom queries that you want to add to a query suite must be in a [{% data variables.product.prodname_codeql %} pack](/code-security/codeql-cli/getting-started-with-the-codeql-cli/customizing-analysis-with-codeql-packs) and contain the correct query metadata. For more information, see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-the-command-line/writing-and-sharing-custom-queries-for-the-codeql-cli). ## Locating queries to add to a query suite diff --git a/content/migrations/overview/planning-your-migration-to-github.md b/content/migrations/overview/planning-your-migration-to-github.md index 18cb593c149c..b9391f677974 100644 --- a/content/migrations/overview/planning-your-migration-to-github.md +++ b/content/migrations/overview/planning-your-migration-to-github.md @@ -59,7 +59,9 @@ If you’re migrating from {% data variables.product.prodname_ghe_cloud %} or {% {% data reusables.enterprise-migration-tool.gh-repo-stats-not-supported %} +{% ifversion fpt or ghec %} If you’re migrating from Azure DevOps, we recommend the `inventory-report` command in the {% data variables.product.prodname_ado2gh_cli %}. The `inventory-report` command will connect with the Azure DevOps API, then build a simple CSV with some of the fields suggested above. For more information about how to install the {% data variables.product.prodname_ado2gh_cli %}, see [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/migrating-repositories-from-azure-devops-to-github-enterprise-cloud). +{% endif %} If you’re migrating from Bitbucket Server or Bitbucket Data Center, we recommend the `inventory-report` command in the {% data variables.product.prodname_bbs2gh_cli %}. The `inventory-report` command will use your Bitbucket instance's API to build a simple CSV. For more information about how to install the {% data variables.product.prodname_bbs2gh_cli %}, see [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/migrating-repositories-from-bitbucket-server-to-github-enterprise-cloud). diff --git a/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/accessing-your-migration-logs-for-github-enterprise-importer.md b/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/accessing-your-migration-logs-for-github-enterprise-importer.md index 9b381fed413e..7786b393a314 100644 --- a/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/accessing-your-migration-logs-for-github-enterprise-importer.md +++ b/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/accessing-your-migration-logs-for-github-enterprise-importer.md @@ -62,7 +62,7 @@ If your migration source is Azure DevOps, you can download the latest migration gh ado2gh download-logs --github-target-org DESTINATION --target-repo REPOSITORY --migration-log-file FILENAME ``` -* {% data reusables.enterprise-migration-tool.add-pat-to-download-logs %} For {% data variables.product.pat_generic %} requirements, see [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/managing-access-for-a-migration-from-azure-devops#required-scopes-for-personal-access-tokens). +* {% data reusables.enterprise-migration-tool.add-pat-to-download-logs %}{% ifversion fpt or ghec %} For {% data variables.product.pat_generic %} requirements, see [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/managing-access-for-a-migration-from-azure-devops#required-scopes-for-personal-access-tokens).{% endif %} * {% data reusables.enterprise-migration-tool.add-target-api-url %} ### Downloading a repository migration log with the {% data variables.product.prodname_bbs2gh_cli_short %} diff --git a/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/reclaiming-mannequins-for-github-enterprise-importer.md b/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/reclaiming-mannequins-for-github-enterprise-importer.md index 163e3fcbcb24..798cca57ff85 100644 --- a/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/reclaiming-mannequins-for-github-enterprise-importer.md +++ b/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/reclaiming-mannequins-for-github-enterprise-importer.md @@ -93,7 +93,7 @@ If your migration source is a {% data variables.product.prodname_dotcom %} produ If your migration source is Azure DevOps, you can reclaim mannequins with the {% data variables.product.prodname_ado2gh_cli %}. -* {% data reusables.enterprise-migration-tool.add-pat-to-reclaim-mannequins %} For {% data variables.product.pat_generic %} requirements, see [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/managing-access-for-a-migration-from-azure-devops#required-scopes-for-personal-access-tokens). +* {% data reusables.enterprise-migration-tool.add-pat-to-reclaim-mannequins %}{% ifversion fpt or ghec %} For {% data variables.product.pat_generic %} requirements, see [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/managing-access-for-a-migration-from-azure-devops#required-scopes-for-personal-access-tokens).{% endif %} * {% data reusables.enterprise-migration-tool.add-target-api-url %} {% data reusables.enterprise-migration-tool.create-csv-mannequins %} diff --git a/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/troubleshooting-your-migration-with-github-enterprise-importer.md b/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/troubleshooting-your-migration-with-github-enterprise-importer.md index e91da6d1090e..5c2feddcbacd 100644 --- a/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/troubleshooting-your-migration-with-github-enterprise-importer.md +++ b/content/migrations/using-github-enterprise-importer/completing-your-migration-with-github-enterprise-importer/troubleshooting-your-migration-with-github-enterprise-importer.md @@ -24,7 +24,9 @@ Before you investigate further, try these troubleshooting steps that commonly re 1. Verify that you're using the latest version of the {% data variables.product.prodname_cli %} extension you're using to migrate. If you're not, upgrade to the latest version. 1. Verify that you meet all the access requirements. For more information, see the appropriate article for your migration path. + {% ifversion fpt or ghec %} * [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/managing-access-for-a-migration-from-azure-devops) + {% endif %} * [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/managing-access-for-a-migration-from-bitbucket-server) * [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products) @@ -65,7 +67,9 @@ This error indicates that a {% data variables.product.pat_generic %} you provide Failures that include a `401` status code usually indicate that the {% data variables.product.pat_generic %} you provided to the {% data variables.product.prodname_cli %} does not have the required scopes. Verify the scopes on the {% data variables.product.pat_generic %}s you provided. For more information about required scopes, see the appropriate article for your migration path. + {% ifversion fpt or ghec %} * [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/managing-access-for-a-migration-from-azure-devops#required-scopes-for-personal-access-tokens) + {% endif %} * [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/managing-access-for-a-migration-from-bitbucket-server#required-scopes-for-personal-access-tokens) * [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products#required-scopes-for-personal-access-tokens) diff --git a/content/migrations/using-github-enterprise-importer/understanding-github-enterprise-importer/about-github-enterprise-importer.md b/content/migrations/using-github-enterprise-importer/understanding-github-enterprise-importer/about-github-enterprise-importer.md index 1d9c4fbd3c84..99e68b7e27f3 100644 --- a/content/migrations/using-github-enterprise-importer/understanding-github-enterprise-importer/about-github-enterprise-importer.md +++ b/content/migrations/using-github-enterprise-importer/understanding-github-enterprise-importer/about-github-enterprise-importer.md @@ -43,6 +43,8 @@ You can migrate on a repository-by-repository basis or, if your migration source To learn more about the migration path you require, and the data that {% data variables.product.prodname_importer_proper_name %} migrates, see the following articles. +{% ifversion fpt or ghec %} * [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/about-migrations-from-azure-devops-to-github-enterprise-cloud) +{% endif %} * [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-from-bitbucket-server-to-github-enterprise-cloud/about-migrations-from-bitbucket-server-to-github-enterprise-cloud) * [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-between-github-products/about-migrations-between-github-products) From 707898913fa561f20fa5906893a8e438abce07e3 Mon Sep 17 00:00:00 2001 From: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com> Date: Tue, 24 Feb 2026 11:31:34 +0000 Subject: [PATCH 6/9] [EDI] Multi-repository variant analysis (#59732) Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- .../concepts/code-scanning/index.md | 1 + .../multi-repository-variant-analysis.md | 26 +++++++++++++++++++ ...-with-multi-repository-variant-analysis.md | 14 ++-------- 3 files changed, 29 insertions(+), 12 deletions(-) create mode 100644 content/code-security/concepts/code-scanning/multi-repository-variant-analysis.md diff --git a/content/code-security/concepts/code-scanning/index.md b/content/code-security/concepts/code-scanning/index.md index 8f4726dc27c1..828ddac60559 100644 --- a/content/code-security/concepts/code-scanning/index.md +++ b/content/code-security/concepts/code-scanning/index.md @@ -19,6 +19,7 @@ children: - /about-integration-with-code-scanning - /sarif-files - /merge-protection + - /multi-repository-variant-analysis - /codeql - /tool-status-page --- diff --git a/content/code-security/concepts/code-scanning/multi-repository-variant-analysis.md b/content/code-security/concepts/code-scanning/multi-repository-variant-analysis.md new file mode 100644 index 000000000000..9001db879ea2 --- /dev/null +++ b/content/code-security/concepts/code-scanning/multi-repository-variant-analysis.md @@ -0,0 +1,26 @@ +--- +title: Multi-repository variant analysis +intro: MRVA lets you test a query in {% data variables.product.prodname_vscode %} by running it against a large number of repositories. +topics: + - Code Security + - Code scanning +versions: + feature: codeql-vs-code-mrva +contentType: concepts +--- + +## About MRVA + +With multi-repository variant analysis (MRVA), you can run {% data variables.product.prodname_codeql %} queries on a list of up to 1,000 repositories on {% data variables.product.github %} from {% data variables.product.prodname_vscode %}. + +When you run MRVA against a list of repositories, your query is run against each repository that has a {% data variables.product.prodname_codeql %} database available to analyze. {% data variables.product.github %} creates and stores the latest {% data variables.product.prodname_codeql %} database for the default branch of thousands of public repositories, including every repository that runs {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}. + +## How MRVA runs queries + +When you run MRVA, the analysis is run entirely using {% data variables.product.prodname_actions %}. You don't need to create any workflows, but you must specify which repository the {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode %} extension should use as a controller repository. As the analysis of each repository completes, the results are sent to {% data variables.product.prodname_vscode_shortname %} for you to view. + +The {% data variables.product.prodname_codeql %} extension builds a {% data variables.product.prodname_codeql %} pack with your library and any library dependencies. The {% data variables.product.prodname_codeql %} pack and your selected repository list are posted to an API endpoint on {% data variables.product.github %}, which triggers a {% data variables.product.prodname_actions %} dynamic workflow in your controller repository. The workflow spins up multiple parallel jobs to execute the {% data variables.product.prodname_codeql %} query against the repositories in the list, optimizing query execution. As each repository is analyzed, the results are processed and displayed in {% data variables.product.prodname_vscode_shortname %}. + +## Next steps + +To get started, see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/running-codeql-queries-at-scale-with-multi-repository-variant-analysis). diff --git a/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/running-codeql-queries-at-scale-with-multi-repository-variant-analysis.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/running-codeql-queries-at-scale-with-multi-repository-variant-analysis.md index 524f3f4ccf9d..0328468f1b99 100644 --- a/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/running-codeql-queries-at-scale-with-multi-repository-variant-analysis.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/running-codeql-queries-at-scale-with-multi-repository-variant-analysis.md @@ -14,21 +14,11 @@ redirect_from: contentType: how-tos --- -## About running {% data variables.product.prodname_codeql %} queries at scale with multi-repository variant analysis - With multi-repository variant analysis (MRVA), you can run {% data variables.product.prodname_codeql %} queries on a list of up to 1,000 repositories on {% data variables.product.github %} from {% data variables.product.prodname_vscode %}. -When you run MRVA against a list of repositories, your query is run against each repository that has a {% data variables.product.prodname_codeql %} database available to analyze. {% data variables.product.github %} creates and stores the latest {% data variables.product.prodname_codeql %} database for the default branch of thousands of public repositories, including every repository that runs {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}. - -You need to enable {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %} on {% data variables.product.github %}, using either default setup or advanced setup, before adding your repository to a list for analysis. For information about enabling {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/configure-code-scanning/configuring-default-setup-for-code-scanning). - -### How MRVA runs queries against {% data variables.product.prodname_codeql %} databases on {% data variables.product.prodname_dotcom_the_website %} - -When you run MRVA, the analysis is run entirely using {% data variables.product.prodname_actions %}. You don't need to create any workflows, but you must specify which repository the {% data variables.product.prodname_codeql %} for {% data variables.product.prodname_vscode %} extension should use as a controller repository. As the analysis of each repository completes, the results are sent to {% data variables.product.prodname_vscode_shortname %} for you to view. - -The {% data variables.product.prodname_codeql %} extension builds a {% data variables.product.prodname_codeql %} pack with your library and any library dependencies. The {% data variables.product.prodname_codeql %} pack and your selected repository list are posted to an API endpoint on {% data variables.product.github %}, which triggers a {% data variables.product.prodname_actions %} dynamic workflow in your controller repository. The workflow spins up multiple parallel jobs to execute the {% data variables.product.prodname_codeql %} query against the repositories in the list, optimizing query execution. As each repository is analyzed, the results are processed and displayed in {% data variables.product.prodname_vscode_shortname %}. +## Prerequisites -### Prerequisites +* You need to enable {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %} on {% data variables.product.github %}, using either default setup or advanced setup, before adding your repository to a list for analysis. For information about enabling {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/configure-code-scanning/configuring-default-setup-for-code-scanning). * You must define a controller repository before you can run your first multi-repository variant analysis. From d068abd3e25476565aca9ef617443325d0ca4ae7 Mon Sep 17 00:00:00 2001 From: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com> Date: Tue, 24 Feb 2026 11:32:08 +0000 Subject: [PATCH 7/9] [EDI] Configuring access to the CodeQL CLI (#59728) Co-authored-by: Sophie <29382425+sophietheking@users.noreply.github.com> --- .../configuring-access-to-the-codeql-cli.md | 22 ++++++++++--------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/configuring-access-to-the-codeql-cli.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/configuring-access-to-the-codeql-cli.md index 1ce5abc3c947..3b8b04641c29 100644 --- a/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/configuring-access-to-the-codeql-cli.md +++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/configuring-access-to-the-codeql-cli.md @@ -1,5 +1,5 @@ --- -title: Configuring access to the CodeQL CLI +title: Managing the CodeQL CLI in the VS Code extension shortTitle: CodeQL CLI access versions: fpt: '*' @@ -16,18 +16,20 @@ redirect_from: contentType: how-tos --- -## Configuring access to the {% data variables.product.prodname_codeql_cli %} +The {% data variables.product.prodname_codeql %} extension automatically installs a compatible version of the {% data variables.product.prodname_codeql_cli %}. This instance of the {% data variables.product.prodname_codeql_cli %} is not accessible from the terminal. -If you already have the {% data variables.product.prodname_codeql_cli %} installed and added to your `PATH`, the extension will use that version. This might be the case if you create your own {% data variables.product.prodname_codeql %} databases instead of downloading them from {% data variables.product.github %}. For more information, see [AUTOTITLE](/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis). +If you already have the {% data variables.product.prodname_codeql_cli %} installed and added to your `PATH`, the extension will use that version. -Otherwise, the extension automatically manages access to the executable of the {% data variables.product.prodname_codeql_cli %} for you. This ensures that the {% data variables.product.prodname_codeql_cli %} is compatible with the {% data variables.product.prodname_codeql %} extension. You can also check for updates with the **{% data variables.product.prodname_codeql %}: Check for CLI Updates** command from the {% data variables.product.prodname_vscode_command_palette_shortname %}. +## Installing version updates -> [!NOTE] -> * The extension-managed {% data variables.product.prodname_codeql_cli %} is not accessible from the terminal. If you intend to use the CLI outside of the extension (for example to create databases), we recommend that you install your own copy of the {% data variables.product.prodname_codeql_cli %}." -> * To override the default behavior and use a specific version of the {% data variables.product.prodname_codeql_cli %}, you can specify the {% data variables.product.prodname_codeql_cli %} **Executable Path** in the extension settings. For more information, see [AUTOTITLE](/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/customizing-settings). +The extension checks for updates to the {% data variables.product.prodname_codeql_cli %} automatically and prompts you to accept the updated version. -## Troubleshooting +You can check for updates manually with the **{% data variables.product.prodname_codeql %}: Check for CLI Updates** command from the {% data variables.product.prodname_vscode_command_palette_shortname %}. + +## Using a different {% data variables.product.prodname_codeql_cli %} installation -If you have any difficulty setting up access to the {% data variables.product.prodname_codeql_cli %}, check the {% data variables.product.prodname_codeql %} Extension log for error messages or to see the location of the {% data variables.product.prodname_codeql_cli %} being used. For more information, see [AUTOTITLE](/code-security/codeql-for-vs-code/troubleshooting-codeql-for-vs-code/accessing-logs). In particular, in the Extension log you can see the location of the {% data variables.product.prodname_codeql_cli %} that is being used. This is useful if you want to see whether this is an extension-managed CLI or an external one. +To override the default behavior and use a specific version of the {% data variables.product.prodname_codeql_cli %}, you can specify the {% data variables.product.prodname_codeql_cli %} **Executable Path** in the extension settings. See [AUTOTITLE](/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/customizing-settings). + +## Troubleshooting -If you use the extension-managed {% data variables.product.prodname_codeql_cli %}, the extension checks for updates automatically (or with the **{% data variables.product.prodname_codeql %}: Check for CLI Updates** command) and prompts you to accept the updated version. If you use an external CLI, you need to update it manually (when updates are necessary). +You can check the {% data variables.product.prodname_codeql %} Extension log for error messages or to see the location of the {% data variables.product.prodname_codeql_cli %} being used. See [AUTOTITLE](/code-security/codeql-for-vs-code/troubleshooting-codeql-for-vs-code/accessing-logs). From 3cda4debe4032c684cba19e3a6c5c544d02d45e2 Mon Sep 17 00:00:00 2001 From: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com> Date: Tue, 24 Feb 2026 11:34:11 +0000 Subject: [PATCH 8/9] [EDI] Dependabot "low impact" preset rule (#59729) Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- .../about-dependabot-auto-triage-rules.md | 15 ++++- ...t-rules-to-prioritize-dependabot-alerts.md | 56 +------------------ .../criteria-for-preset-rules.md | 54 ++++++++++++++++++ .../reference/supply-chain-security/index.md | 1 + .../dependabot/dismiss-low-impact-rule.md | 2 +- 5 files changed, 71 insertions(+), 57 deletions(-) create mode 100644 content/code-security/reference/supply-chain-security/criteria-for-preset-rules.md diff --git a/content/code-security/concepts/supply-chain-security/about-dependabot-auto-triage-rules.md b/content/code-security/concepts/supply-chain-security/about-dependabot-auto-triage-rules.md index a4df89b333ab..1d79ac750c05 100644 --- a/content/code-security/concepts/supply-chain-security/about-dependabot-auto-triage-rules.md +++ b/content/code-security/concepts/supply-chain-security/about-dependabot-auto-triage-rules.md @@ -1,6 +1,6 @@ --- title: About Dependabot auto-triage rules -intro: '{% data variables.dependabot.auto_triage_rules %} are a powerful tool to help you better manage your security alerts at scale. {% data variables.dependabot.github_presets %} are rules curated by {% data variables.product.company_short %} that you can use to filter out a substantial amount of false positives. {% data variables.dependabot.custom_rules_caps %} provide control over which alerts are ignored, snoozed, or trigger a {% data variables.product.prodname_dependabot %} security update to resolve the alert.' +intro: 'Control how {% data variables.product.prodname_dependabot %} handles security alerts, including filtering, ignoring, snoozing, or triggering security updates.' product: '{% data reusables.gated-features.dependabot-auto-triage-rules %}' versions: fpt: '*' @@ -35,9 +35,18 @@ There are two types of {% data variables.dependabot.auto_triage_rules %}: > [!NOTE] > {% data reusables.dependabot.dependabot-github-preset-auto-triage-rules %} -{% data variables.dependabot.github_presets %} are rules curated by {% data variables.product.company_short %}. {% data reusables.dependabot.dismiss-low-impact-rule %} +{% data variables.dependabot.github_presets %} are rules curated by {% data variables.product.company_short %}. -The rule is enabled by default for public repositories and can be opted into for private repositories. You can enable the rule for a private repository via the **Settings** tab for the repository. For more information, see [Enabling the `Dismiss low impact issues for development-scoped dependencies` rule for your private repository](/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts#enabling-the-dismiss-low-impact-issues-for-development-scoped-dependencies-rule-for-your-private-repository). +{% data reusables.dependabot.dismiss-low-impact-rule %} These alerts cover cases that feel like false alarms to most developers as the associated vulnerabilities: + +* Are unlikely to be exploitable in a developer (non-production or runtime) environment. +* May relate to resource management, programming and logic, and information disclosure issues. +* At worst, have limited effects like slow builds or long-running tests. +* Are not indicative of issues in production. + +The rule is enabled by default for public repositories and can be opted into for private repositories. For instructions, see [Enabling the `Dismiss low impact issues for development-scoped dependencies` rule for your private repository](/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts#enabling-the-dismiss-low-impact-issues-for-development-scoped-dependencies-rule-for-your-private-repository). + +For more information about the criteria used by the rule, see [AUTOTITLE](/code-security/reference/supply-chain-security/criteria-for-preset-rules). ### About {% data variables.dependabot.custom_rules %} diff --git a/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/using-github-preset-rules-to-prioritize-dependabot-alerts.md b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/using-github-preset-rules-to-prioritize-dependabot-alerts.md index 6c6f8da4be01..a15eaec10af9 100644 --- a/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/using-github-preset-rules-to-prioritize-dependabot-alerts.md +++ b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/using-github-preset-rules-to-prioritize-dependabot-alerts.md @@ -1,6 +1,6 @@ --- title: Using GitHub preset rules to prioritize Dependabot alerts -intro: You can use {% data variables.dependabot.github_presets %}, which are rules curated by {% data variables.product.company_short %}, to auto-dismiss low impact development alerts for npm dependencies. +intro: Focus on alerts that matter by auto-dismissing low impact development alerts for npm dependencies. permissions: '{% data reusables.permissions.dependabot-github-presets %}' versions: fpt: '*' @@ -20,23 +20,9 @@ redirect_from: contentType: how-tos --- -## About {% data variables.dependabot.github_presets %} +{% data reusables.dependabot.dismiss-low-impact-rule %} For more information about the rule, see [AUTOTITLE](/code-security/concepts/supply-chain-security/about-dependabot-auto-triage-rules#about-github-presets). -The `Dismiss low impact issues for development-scoped dependencies` rule is a {% data variables.product.company_short %} preset that auto-dismisses certain types of vulnerabilities that are found in npm dependencies used in development. These alerts cover cases that feel like false alarms to most developers as the associated vulnerabilities: - -* Are unlikely to be exploitable in a developer (non-production or runtime) environment. -* May relate to resource management, programming and logic, and information disclosure issues. -* At worst, have limited effects like slow builds or long-running tests. -* Are not indicative of issues in production. - -> [!NOTE] -> Automatic dismissal of low impact development alerts is currently only supported for npm. - -The `Dismiss low impact issues for development-scoped dependencies` rule includes vulnerabilities relating to resource management, programming and logic, and information disclosure issues. For more information, see [Publicly disclosed CWEs used by the `Dismiss low impact issues for development-scoped dependencies` rule](#publicly-disclosed-cwes-used-by-the-dismiss-low-impact-issues-for-development-scoped-dependencies-rule). - -Filtering out these low impact alerts allows you to focus on alerts that matter to you, without having to worry about missing potentially high-risk development-scoped alerts. - -The `Dismiss low impact issues for development-scoped dependencies` rule is enabled by default on public repositories and disabled for private repositories. Administrators of private repositories can opt in by enabling the rule for their repository. +This rule is enabled by default on public repositories and disabled for private repositories. Administrators of private repositories can opt in by enabling the rule for their repository. ## Enabling the `Dismiss low impact issues for development-scoped dependencies` rule for your private repository @@ -52,39 +38,3 @@ The `Dismiss low impact issues for development-scoped dependencies` rule is enab 1. Under "{% data variables.product.company_short %} presets", to the right of "Dismiss low impact issues for development-scoped dependencies", click {% octicon "pencil" aria-label="Edit rule" %}. 1. Under "State", select the dropdown menu, then click "Enabled". 1. Click **Save rule**. - -## Publicly disclosed CWEs used by the `Dismiss low impact issues for development-scoped dependencies` rule - -Along with the `ecosystem:npm` and `scope:development` alert metadata, we use the following {% data variables.product.company_short %}-curated Common Weakness Enumerations (CWEs) to filter out low impact alerts for the `Dismiss low impact issues for development-scoped dependencies` rule. We regularly improve this list and vulnerability patterns covered by built-in rules. - -### Resource Management Issues - -* CWE-400 Uncontrolled Resource Consumption -* CWE-770 Allocation of Resources Without Limits or Throttling -* CWE-409 Improper Handling of Highly Compressed Data (Data Amplification) -* CWE-908 Use of Uninitialized Resource -* CWE-1333 Inefficient Regular Expression Complexity -* CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') -* CWE-674 Uncontrolled Recursion -* CWE-1119 Excessive Use of Unconditional Branching - -### Programming and Logic Errors - -* CWE-185 Incorrect Regular Expression -* CWE-754 Improper Check for Unusual or Exceptional Conditions -* CWE-755 Improper Handling of Exceptional Conditions -* CWE-248 Uncaught Exception -* CWE-252 Unchecked Return Value -* CWE-391 Unchecked Error Condition -* CWE-696 Incorrect Behavior Order -* CWE-1254 Incorrect Comparison Logic Granularity -* CWE-665 Improper Initialization -* CWE-703 Improper Check or Handling of Exceptional Conditions -* CWE-178 Improper Handling of Case Sensitivity - -### Information Disclosure Issues - -* CWE-544 Missing Standardized Error Handling Mechanism -* CWE-377 Insecure Temporary File -* CWE-451 User Interface (UI) Misrepresentation of Critical Information -* CWE-668 Exposure of Resource to Wrong Sphere diff --git a/content/code-security/reference/supply-chain-security/criteria-for-preset-rules.md b/content/code-security/reference/supply-chain-security/criteria-for-preset-rules.md new file mode 100644 index 000000000000..af44705ab886 --- /dev/null +++ b/content/code-security/reference/supply-chain-security/criteria-for-preset-rules.md @@ -0,0 +1,54 @@ +--- +title: CWEs used by GitHub's preset Dependabot rules +intro: '{% data variables.product.github %} uses industry-standard criteria to help you filter {% data variables.product.prodname_dependabot_alerts %}.' +versions: + fpt: '*' + ghec: '*' + ghes: '*' +topics: + - Dependabot + - Version updates + - Repositories + - Dependencies + - Pull requests +shortTitle: Criteria for preset rules +contentType: reference +--- + +## `Dismiss low impact issues for development-scoped dependencies` + +{% data reusables.dependabot.dismiss-low-impact-rule %} + +Along with the `ecosystem:npm` and `scope:development` alert metadata, we use the following {% data variables.product.company_short %}-curated Common Weakness Enumerations (CWEs) to filter out low impact alerts for the `Dismiss low impact issues for development-scoped dependencies` rule. We regularly improve this list and vulnerability patterns covered by built-in rules. + +### Resource Management Issues + +* CWE-400 Uncontrolled Resource Consumption +* CWE-770 Allocation of Resources Without Limits or Throttling +* CWE-409 Improper Handling of Highly Compressed Data (Data Amplification) +* CWE-908 Use of Uninitialized Resource +* CWE-1333 Inefficient Regular Expression Complexity +* CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') +* CWE-674 Uncontrolled Recursion +* CWE-1119 Excessive Use of Unconditional Branching + +### Programming and Logic Errors + +* CWE-185 Incorrect Regular Expression +* CWE-754 Improper Check for Unusual or Exceptional Conditions +* CWE-755 Improper Handling of Exceptional Conditions +* CWE-248 Uncaught Exception +* CWE-252 Unchecked Return Value +* CWE-391 Unchecked Error Condition +* CWE-696 Incorrect Behavior Order +* CWE-1254 Incorrect Comparison Logic Granularity +* CWE-665 Improper Initialization +* CWE-703 Improper Check or Handling of Exceptional Conditions +* CWE-178 Improper Handling of Case Sensitivity + +### Information Disclosure Issues + +* CWE-544 Missing Standardized Error Handling Mechanism +* CWE-377 Insecure Temporary File +* CWE-451 User Interface (UI) Misrepresentation of Critical Information +* CWE-668 Exposure of Resource to Wrong Sphere diff --git a/content/code-security/reference/supply-chain-security/index.md b/content/code-security/reference/supply-chain-security/index.md index f34b75cf0fbe..5d2cc455a9b8 100644 --- a/content/code-security/reference/supply-chain-security/index.md +++ b/content/code-security/reference/supply-chain-security/index.md @@ -25,6 +25,7 @@ children: - /dependabot-security-updates - /dependency-graph-supported-package-ecosystems - /dependabot-on-actions + - /criteria-for-preset-rules - /troubleshoot-dependabot redirect_from: - /code-security/dependabot/ecosystems-supported-by-dependabot diff --git a/data/reusables/dependabot/dismiss-low-impact-rule.md b/data/reusables/dependabot/dismiss-low-impact-rule.md index d944cfc3247c..2894ecf4fedf 100644 --- a/data/reusables/dependabot/dismiss-low-impact-rule.md +++ b/data/reusables/dependabot/dismiss-low-impact-rule.md @@ -1 +1 @@ -The `Dismiss low impact issues for development-scoped dependencies` is a {% data variables.product.company_short %} preset rule. This rule auto-dismisses certain types of vulnerabilities that are found in npm dependencies used in development. The rule has been curated to reduce false positives and reduce alert fatigue. You cannot modify {% data variables.dependabot.github_presets %}. For more information about {% data variables.dependabot.github_presets %}, see [AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/using-github-preset-rules-to-prioritize-dependabot-alerts). +The `Dismiss low impact issues for development-scoped dependencies` rule is a {% data variables.product.company_short %} preset that auto-dismisses certain types of vulnerabilities that are found in npm dependencies used in development. From bd8a0230c7546c511c444f83f20e52e110446906 Mon Sep 17 00:00:00 2001 From: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com> Date: Tue, 24 Feb 2026 11:49:26 +0000 Subject: [PATCH 9/9] [EDI] Enforcing dependency review across an organization (#59762) Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- .../enforcing-dependency-review-across-an-organization.md | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/enforcing-dependency-review-across-an-organization.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/enforcing-dependency-review-across-an-organization.md index 5e2298a866ff..5bbe8a00b837 100644 --- a/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/enforcing-dependency-review-across-an-organization.md +++ b/content/code-security/how-tos/secure-at-scale/configure-organization-security/configure-specific-tools/enforcing-dependency-review-across-an-organization.md @@ -18,13 +18,7 @@ redirect_from: contentType: how-tos --- -## About dependency review enforcement - -{% data reusables.dependency-review.action-enterprise %} - -{% data reusables.dependency-review.about-dependency-review-action %} For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#about-the-dependency-review-action). - -You can enforce the use of the {% data variables.dependency-review.action_name %} in your organization by setting up a repository ruleset that will require the `dependency-review-action` workflow to pass before pull requests can be merged. Repository rulesets are rule settings that allow you to control how users can interact with selected branches and tags in your repositories. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets) and [Require workflows to pass before merging](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/available-rules-for-rulesets#require-workflows-to-pass-before-merging). +You can enforce the use of the {% data variables.dependency-review.action_name %} in your organization by setting up a repository ruleset that will require a workflow that runs dependency review to pass before pull requests can be merged. For more information about the action, see [AUTOTITLE](/code-security/concepts/supply-chain-security/about-dependency-review#about-the-dependency-review-action). ## Prerequisites