Repo sync

content/actions/how-tos/create-and-publish-actions/manage-custom-actions.md

@@ -50,7 +50,7 @@ To use a specific action version, users can configure their {% data variables.pr
 
 ### Using tags for release management
 
-{% ifversion fpt or ghec %}
+{% ifversion immutable-releases %}
 > [!NOTE] If you have enabled immutable releases to help prevent supply chain attacks and accidental changes to your releases, instead see [AUTOTITLE](/actions/how-tos/create-and-publish-actions/using-immutable-releases-and-tags-to-manage-your-actions-releases).
 {% endif %}
 

content/actions/how-tos/create-and-publish-actions/release-and-maintain-actions.md

@@ -55,7 +55,7 @@ To support the developer process in the next section, add two {% data variables.
 1. Add a workflow that triggers when a commit is pushed to a feature branch or to `main` or when a pull request is created. Configure the workflow to run your unit and integration tests. For an example, see [this workflow](https://github.com/actions/javascript-action/blob/main/.github/workflows/ci.yml).
 1. Add a workflow that triggers when a release is published or edited. Configure the workflow to ensure semantic tags are in place. You can use an action like [JasonEtco/build-and-tag-action](https://github.com/JasonEtco/build-and-tag-action) to compile and bundle the JavaScript and metadata file and force push semantic major, minor, and patch tags. For more information about semantic tags, see [About semantic versioning](https://docs.npmjs.com/about-semantic-versioning).
 
-    {% ifversion fpt or ghec %}
+    {% ifversion immutable-releases %}
     > [!NOTE]
     > If you enable immutable releases for your repository, you cannot use this action to force push tags tied to releases on {% data variables.product.github %}. To learn how to manage your releases with immutable releases, see [AUTOTITLE](/actions/how-tos/create-and-publish-actions/using-immutable-releases-and-tags-to-manage-your-actions-releases).
     {% endif %}

content/actions/how-tos/create-and-publish-actions/using-immutable-releases-and-tags-to-manage-your-actions-releases.md

@@ -3,8 +3,7 @@ title: Using immutable releases and tags to manage your action's releases
 shortTitle: Use immutable releases
 intro: 'Learn how you can use a combination of immutable releases on {% data variables.product.github %} and Git tags to manage your action''s releases.'
 versions:
-  fpt: '*'
-  ghec: '*'
+  feature: immutable-releases
 topics:
   - Actions
   - Code Security

content/admin/all-releases.md

@@ -58,6 +58,7 @@ If you run analysis in an external CI system, we recommend using the same versio
 
 | {% data variables.product.prodname_ghe_server %} version | Recommended {% data variables.product.prodname_codeql_cli %} version |
 | ------------------------------------------------- | ---------------------- |
+| 3.20 | 2.23.9 ([changelog](https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.23.9/)) |
 | 3.19 | 2.22.4 ([changelog](https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.22.4/)) |
 | 3.18 | 2.21.4 ([changelog](https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.21.4/)) |
 | 3.17 | 2.20.7 ([changelog](https://codeql.github.com/docs/codeql-overview/codeql-changelog/codeql-cli-2.20.7/)) |
@@ -79,6 +80,7 @@ For instances with {% data variables.product.prodname_actions %} enabled, self-h
 
 | {% data variables.product.prodname_ghe_server %} version | Minimum Runner version |
 | ------------------------------------------------- | ---------------------- |
+| 3.20 | 2.330.0 ([release notes](https://github.com/actions/runner/releases/tag/v2.330.0)) |
 | 3.19 | 2.328.0 ([release notes](https://github.com/actions/runner/releases/tag/v2.328.0)) |
 | 3.18 | 2.324.0 ([release notes](https://github.com/actions/runner/releases/tag/v2.324.0)) |
 | 3.17 | 2.322.0 ([release notes](https://github.com/actions/runner/releases/tag/v2.322.0)) |

content/admin/concepts/enterprise-fundamentals/automations-in-your-enterprise.md

@@ -51,7 +51,7 @@ A {% data variables.product.prodname_github_app %} provides the **identity, perm
 
 ## {% data variables.product.prodname_actions %}
 
-{% data variables.product.prodname_actions %} provide {% data variables.product.github %}’s built-in **runtime** for executing automation logic inside repositories. Workflows run on hosted or self-hosted runners and are ideal for tasks tied to code changes or repository events.
+{% data variables.product.prodname_actions %} provide {% data variables.product.github %}’s built-in **runtime** for executing automation logic inside repositories. Workflows run on {% ifversion ghec %}hosted or {% endif %}self-hosted runners and are ideal for tasks tied to code changes or repository events.
 
 Use {% data variables.product.prodname_actions %} for:
 

content/admin/data-residency/feature-overview-for-github-enterprise-cloud-with-data-residency.md

@@ -25,7 +25,7 @@ The following features are currently unavailable on {% data variables.enterprise
 | Repository traffic metrics | Currently unavailable through both the UI and REST API. | [AUTOTITLE](/repositories/viewing-activity-and-data-for-your-repository/viewing-traffic-to-a-repository) |
 | {% data variables.product.prodname_spark_short %} | Currently unavailable. | [AUTOTITLE](/copilot/concepts/spark) |
 | {% data variables.product.prodname_marketplace %} | {% data variables.product.prodname_marketplace %}, as a means of searching for, purchasing, and directly installing apps and actions, is unavailable. Ecosystem apps and actions can still be discovered and installed from their source, but they may require modification to work on {% data variables.enterprise.data_residency_site %}. | [{% data variables.product.prodname_actions %} workflows from {% data variables.product.prodname_marketplace %}](#github-actions-workflows-from-github-marketplace) |
-| Certain features of {% data variables.product.prodname_github_connect %} | Although you can connect an enterprise on {% data variables.enterprise.data_residency_site %} to a {% data variables.product.prodname_ghe_server %} instance, certain features of {% data variables.product.prodname_github_connect %} are not available, including resolution of actions from {% data variables.product.prodname_dotcom_the_website %}. | [{% data variables.product.prodname_github_connect %}](#github-connect) |
+| Certain features of {% data variables.product.prodname_github_connect %} | Although you can connect an enterprise on {% data variables.enterprise.data_residency_site %} to a {% data variables.product.prodname_ghe_server %} instance, certain features of {% data variables.product.prodname_github_connect %} are not available. | [{% data variables.product.prodname_github_connect %}](#github-connect) |
 | Some features currently in {% data variables.release-phases.public_preview %} or {% data variables.release-phases.private_preview %} | Certain features that are in a preview phase on {% data variables.product.prodname_dotcom_the_website %} may not be available on {% data variables.enterprise.data_residency_site %} until GA. | |
 | Migrations REST API | Currently unavailable. | [AUTOTITLE](/rest/migrations) |
 | Streaming audit logs to Amazon S3 with OpenID Connect (OIDC) | Currently unavailable. | [AUTOTITLE](/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise) |

content/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/create-enterprise-teams.md

@@ -23,6 +23,12 @@ Adding a user to a team grants them the privileges associated with the team. Rem
 
 {% data reusables.enterprise-onboarding.create-enterprise-teams %}
 
+{% ifversion ghes %}
+
+## 4. Assign roles
+
+{% else %}
+
 ## 4. Assign licenses
 
 You can assign {% data variables.product.prodname_copilot %} licenses to an enterprise team. This allows you to manage {% data variables.product.prodname_copilot_short %} access through team membership, independent of organizations. Once you have assigned licenses to a team, users will gain or lose access to {% data variables.product.prodname_copilot_short %} when they are added or removed from the team.
@@ -31,4 +37,6 @@ For instructions, see [AUTOTITLE](/copilot/how-tos/administer-copilot/manage-for
 
 ## 5. Assign roles
 
+{% endif %}
+
 You can assign custom enterprise roles and certain predefined roles to enterprise teams. This allows you to delegate administrative duties to specific teams or provide non-administrators with permissions that will help them work independently. See [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-roles-in-your-enterprise/assign-roles).

content/code-security/concepts/secret-security/custom-patterns.md

@@ -0,0 +1,20 @@
+---
+title: Custom patterns
+intro: 'Detect secret types specific to your organization with custom patterns.'
+versions:
+  fpt: '*'
+  ghes: '*'
+  ghec: '*'
+topics:
+  - Secret scanning
+  - Secret Protection
+contentType: concepts
+---
+
+You can define custom patterns to identify secrets that are not detected by the default patterns supported by {% data variables.product.prodname_secret_scanning %}. For example, you might have a secret pattern that is internal to your organization. For a list of supported secrets and service providers, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns).
+
+Custom patterns for {% data variables.product.prodname_secret_scanning %} are defined as regular expressions, and can be created at the enterprise, organization, or repository level. You can also enable push protection for custom patterns, stopping those secrets from ever reaching your repository.
+
+## Next steps
+
+To start using custom patterns, see [AUTOTITLE](/code-security/how-tos/secure-your-secrets/customize-leak-detection/defining-custom-patterns-for-secret-scanning).

content/code-security/concepts/secret-security/index.md

@@ -15,6 +15,7 @@ children:
   - /about-push-protection
   - /about-secret-security-with-github
   - /about-alerts
+  - /custom-patterns
   - /about-validity-checks
   - /about-delegated-bypass-for-push-protection
   - /about-bypass-requests-for-push-protection

content/code-security/concepts/supply-chain-security/immutable-releases.md

@@ -2,8 +2,7 @@
 title: Immutable releases
 intro: Learn about immutable releases and how they can help you maintain the integrity of your software supply chain.
 versions:
-  fpt: '*'
-  ghec: '*'
+  feature: immutable-releases
 topics:
   - Code Security
   - Vulnerabilities

content/code-security/how-tos/secure-your-secrets/customize-leak-detection/defining-custom-patterns-for-secret-scanning.md

@@ -1,7 +1,7 @@
 ---
 title: Defining custom patterns for secret scanning
 shortTitle: Define custom patterns
-intro: You can define your own custom patterns to extend the capabilities of {% data variables.product.prodname_secret_scanning %} by generating one or more regular expressions.
+intro: Protect your unique secret types by defining custom patterns with regular expressions.
 product: '{% data reusables.gated-features.secret-scanning-custom-patterns %}'
 permissions: '{% data reusables.permissions.security-enterprise-enable %}'
 redirect_from:
@@ -19,38 +19,11 @@ topics:
   - Secret scanning
 ---
 
-## About custom patterns for {% data variables.product.prodname_secret_scanning %}
-
-You can define custom patterns to identify secrets that are not detected by the default patterns supported by {% data variables.product.prodname_secret_scanning %}. For example, you might have a secret pattern that is internal to your organization. For details of the supported secrets and service providers, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns).
-
-You can define custom patterns for your enterprise, organization, or repository. {% data variables.product.prodname_secret_scanning_caps %} supports up to 500 custom patterns for each organization or enterprise account, and up to 100 custom patterns per repository.
-
-You can also enable push protection for custom patterns. For more information about push protection, see [AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning).
-
-## About using regular expressions for custom patterns
-
-You can specify custom patterns for {% data variables.product.prodname_secret_scanning %} as one or more regular expressions.
-
-{% data variables.product.prodname_secret_scanning_caps %} uses the [Hyperscan library](https://github.com/intel/hyperscan) and only supports Hyperscan regex constructs, which are a subset of PCRE syntax. Hyperscan option modifiers are not supported. For more information on Hyperscan pattern constructs, see [Pattern support](http://intel.github.io/hyperscan/dev-reference/compilation.html#pattern-support) in the Hyperscan documentation.
-
-{% ifversion secret-scanning-custom-pattern-ai-generated %}Regular expressions can be entered manually or generated using {% data variables.secret-scanning.copilot-secret-scanning %}'s {% data variables.secret-scanning.custom-pattern-regular-expression-generator %}.
-
-### Regular expression syntax for manually defining custom patterns {% endif %}
-
-The **More options {% octicon "chevron-down" aria-hidden="true" aria-label="chevron-down" %}** section in the UI helps you write regular expressions manually.
-
-* **Secret format:** an expression that describes the format of the secret itself.
-* **Before secret:** an expression that describes the characters that come before the secret. By default, this is set to `\A|[^0-9A-Za-z]` which means that the secret must be at the start of a line or be preceded by a non-alphanumeric character.
-* **After secret:** an expression that describes the characters that come after the secret. By default, this is set to `\z|[^0-9A-Za-z]` which means that the secret must be followed by a new line or a non-alphanumeric character.
-* **Additional match requirements:** one or more optional expressions that the secret itself must or must not match.
-
-For simple tokens you will usually only need to specify a secret format. The other fields provide flexibility so that you can specify more complex secrets without creating complex regular expressions. For an example of a custom pattern, see [Example of a custom pattern specified using additional requirements](#example-of-a-custom-pattern-specified-using-additional-requirements) below.
-
 {% ifversion secret-scanning-custom-pattern-ai-generated %}
 
-### Using {% data variables.secret-scanning.copilot-secret-scanning %}'s {% data variables.secret-scanning.custom-pattern-regular-expression-generator %}
+## Defining a custom pattern with {% data variables.product.prodname_copilot_short %}
 
-{% data reusables.secret-scanning.regular-expression-generator-overview %} For more information, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-regex-generator) and [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/generating-regular-expressions-for-custom-patterns-with-copilot-secret-scanning).
+You can use {% data variables.secret-scanning.copilot-secret-scanning %} to generate regular expressions based on a text description of the type of pattern you would like to detect, including optional example strings that should be detected. See [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/generating-regular-expressions-for-custom-patterns-with-copilot-secret-scanning).
 
 {% endif %}
 
@@ -68,44 +41,13 @@ Before defining a custom pattern, you must ensure that {% ifversion ghas-product
 1. When you're ready to test your new custom pattern, to identify matches in the repository without creating alerts, click **Save and dry run**.
 {% data reusables.advanced-security.secret-scanning-dry-run-results %}
 {% data reusables.advanced-security.secret-scanning-create-custom-pattern %}
-1. Optionally, to enable push protection for your custom pattern, click **Enable**.
+1. Optionally, to enable push protection for your custom pattern, click **Enable**. For more information, see [AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning).
 
    > [!NOTE]
    > The "Enable" button isn't available until after the dry run succeeds and you publish the pattern.
 
-   For more information about push protection, see [AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning).
-
 After your pattern is created, {% data reusables.secret-scanning.secret-scanning-process %} For more information on viewing {% data variables.secret-scanning.alerts %}, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning).
 
-### Example of a custom pattern specified using additional requirements
-
-A company has an internal token with five characteristics. They use the different fields to specify how to identify tokens as follows:
-
-| **Characteristic** | **Field and regular expression** |
-|----------------|------------------------------|
-| Length between 5 and 10 characters | Secret format: `[$#%@AA-Za-z0-9]{5,10}` |
-| Does not end in a `.` | After secret: `[^\.]` |
-| Contains numbers and uppercase letters | Additional requirements: secret must match `[A-Z]` and `[0-9]` |
-| Does not include more than one lowercase letter in a row | Additional requirements: secret must not match `[a-z]{2,}` |
-| Contains one of `$%@!` | Additional requirements: secret must match `[$%@!]` |
-
-These tokens would match the custom pattern described above:
-
-```shell
-a9@AAfT!         # Secret string match: a9@AAfT
-ee95GG@ZA942@aa  # Secret string match: @ZA942@a
-a9@AA!ee9        # Secret string match: a9@AA
-```
-
-These strings would not match the custom pattern described above:
-
-```shell
-a9@AA.!
-a@AAAAA
-aa9@AA!ee9
-aAAAe9
-```
-
 ## Defining a custom pattern for an organization
 
 Before defining a custom pattern, you must ensure that you enable {% data variables.product.prodname_secret_scanning %} for the repositories that you want to scan in your organization. {% ifversion security-configurations %} You can use {% data variables.product.prodname_security_configurations %} to enable {% data variables.product.prodname_secret_scanning %} on all repositories in your organization. For more information, see [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale).{% else %}

content/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/preventing-changes-to-your-releases.md

@@ -3,8 +3,7 @@ title: Preventing changes to your releases
 shortTitle: Prevent release changes
 intro: You can enforce immutable releases for a repository or organization to prevent potential vulnerabilities.
 versions:
-  fpt: '*'
-  ghec: '*'
+  feature: immutable-releases
 topics:
   - Code Security
   - Vulnerabilities

content/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/verifying-the-integrity-of-a-release.md

@@ -3,8 +3,7 @@ title: Verifying the integrity of a release
 shortTitle: Verify release integrity
 intro: You can avoid tampering and accidental changes by ensuring the releases you use have not been modified after publication.
 versions:
-  fpt: '*'
-  ghec: '*'
+  feature: immutable-releases
 topics:
   - Code Security
   - Vulnerabilities