Repo sync

content/README.md

@@ -290,11 +290,6 @@ journeyTracks:
 - Type: `String`, one of the `overview`, `quick_start`, `tutorial`, `how_to`, `reference`.
 - Optional.
 
-### `topics`
-- Purpose: Indicate the topics covered by the article. Refer to the content models for more details about adding topics. A full list of existing topics is located in the [allowed topics file](/data/allowed-topics.ts). If topics in article frontmatter and the allow-topics list become out of sync, the [topics CI test](/src/search/tests/topics.ts) will fail.
-- Type: Array of `String`s
-- Optional: Topics are preferred for each article, but, there may be cases where existing articles don't yet have topics, or adding a topic to a new article may not add value.
-
 ### `communityRedirect`
 - Purpose: Set a custom link and link name for `Ask the GitHub community` link in the footer.
 - Type: `Object`. Properties are `name` and `href`.

content/code-security/concepts/code-scanning/about-code-scanning-alerts.md

@@ -113,14 +113,6 @@ The severity level for a {% data variables.product.prodname_code_scanning %} ale
 
 When an alert has a security severity level, {% data variables.product.prodname_code_scanning %} displays and uses this level in preference to the `severity`. Security severity levels follow the industry-standard Common Vulnerability Scoring System (CVSS) that is also used for advisories in the {% data variables.product.prodname_advisory_database %}. For more information, see [CVSS: Qualitative Severity Rating Scale](https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale).
 
-### Pull request check failures for {% data variables.product.prodname_code_scanning %} alerts
-
-You can use rulesets to prevent pull requests from being merged when one of the following conditions is met:
-
-{% data reusables.code-scanning.merge-protection-rulesets-conditions %}
-
-For more information, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/set-code-scanning-merge-protection). For more general information about rulesets, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets).
-
 ### Calculation of security severity levels
 
 When a security query is added to the {% data variables.product.prodname_codeql %} Default or Extended query suite, the {% data variables.product.prodname_codeql %} engineering team calculates the security severity as follows.
@@ -131,3 +123,14 @@ When a security query is added to the {% data variables.product.prodname_codeql
 1. When displaying alerts found by the query, translate the numerical scores to `Critical`, `High`, `Medium`, or `Low` using the CVSS definitions.
 
 For more information, see [{% data variables.product.prodname_codeql %} CWE coverage](https://codeql.github.com/codeql-query-help/codeql-cwe-coverage/) on the {% data variables.product.prodname_codeql %} documentation site.
+
+## About alerts in pull requests
+
+{% data variables.product.prodname_code_scanning_caps %} alerts can appear on pull requests as check results and annotations. This happens in repositories where {% data variables.product.prodname_code_scanning %} either:
+
+* Is configured as a pull request check (by default, this is limited to pull requests that target the default branch)
+* Is configured to scan each time code is pushed (the results are mapped to any open pull requests)
+
+You will only see an alert in a pull request if **all** the lines of code identified by the alert exist in the pull request diff.
+
+Depending on branch protection rules, the "{% data variables.product.prodname_code_scanning_caps %} results" check may be a required check that prevents pull requests from being merged until it passes.

content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md

@@ -23,59 +23,25 @@ topics:
   - Repositories
 ---
 
+Depending on your configuration, {% data variables.product.prodname_code_scanning %} results may appear as check results and annotations on pull requests. For more information, see [AUTOTITLE](/code-security/concepts/code-scanning/about-code-scanning-alerts#about-alerts-in-pull-requests).
 
-## About {% data variables.product.prodname_code_scanning %} results on pull requests
-
-In repositories where {% data variables.product.prodname_code_scanning %} is configured as a pull request check, {% data variables.product.prodname_code_scanning %} checks the code in the pull request. By default, this is limited to pull requests that target the default branch, but you can change this configuration within {% data variables.product.prodname_actions %} or in a third-party CI/CD system.
-
-If the lines of code changed in the pull request generate {% data variables.product.prodname_code_scanning %} alerts, the alerts are reported in the following places on the pull request.
-
-* Check results in the pull request
-* The **Conversation** tab of the pull request, as part of a pull request review
-* The **Files changed** tab of the pull request
-
-> [!NOTE]
-> {% data variables.product.prodname_code_scanning_caps %} displays alerts in pull requests only when all the lines of code identified by the alert exist in the pull request diff. For more information, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#source-file-locations).
-
-{% ifversion code-scanning-autofix %}
-
-{% data variables.copilot.copilot_autofix %} will suggest fixes for alerts from {% data variables.product.prodname_code_scanning %} analysis (including {% data variables.product.prodname_codeql %} analysis) in private repositories. For more information on working with suggestions from {% data variables.copilot.copilot_autofix_short %} in pull requests, see [Working with {% data variables.copilot.copilot_autofix_short %} suggestions for alerts on a pull request](#working-with-copilot-autofix-suggestions-for-alerts-on-a-pull-request).
-
-{% endif %}
-
-If you have write permission for the repository, you can see any existing {% data variables.product.prodname_code_scanning %} alerts on the **Security** tab. For information about repository alerts, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository).
-
-In repositories where {% data variables.product.prodname_code_scanning %} is configured to scan each time code is pushed, {% data variables.product.prodname_code_scanning %} will also map the results to any open pull requests and add the alerts as annotations in the same places as other pull request checks. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#scanning-on-push).
-
-If your pull request targets a protected branch that uses {% data variables.product.prodname_code_scanning %}, and the repository owner has configured required status checks, then the "{% data variables.product.prodname_code_scanning_caps %} results" check must pass before you can merge the pull request. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches#require-status-checks-before-merging).
-
-{% ifversion copilot-chat-ghas-alerts %}
-
-With a {% data variables.copilot.copilot_enterprise %} license, you can also ask {% data variables.copilot.copilot_chat %} for help to better understand {% data variables.product.prodname_code_scanning %} alerts in repositories in your organization. For more information, see [AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-questions-about-alerts-from-github-advanced-security-features).
-
-{% endif %}
-
-## About {% data variables.product.prodname_code_scanning %} as a pull request check
-
-There are many options for configuring {% data variables.product.prodname_code_scanning %} as a pull request check, so the exact configuration of each repository will vary and some will have more than one check.
-
-### {% data variables.product.prodname_code_scanning_caps %} results check
+## Viewing results of the {% data variables.product.prodname_code_scanning %} check
 
 For all configurations of {% data variables.product.prodname_code_scanning %}, the check that contains the results of {% data variables.product.prodname_code_scanning %} is: **{% data variables.product.prodname_code_scanning_caps %} results**. The results for each analysis tool used are shown separately. Any new alerts on lines of code changed in the pull request are shown as annotations.
 
 To see the full set of alerts for the analyzed branch, click **View all branch alerts**. This opens the full alert view where you can filter all the alerts on the branch by type, severity, tag, etc. For more information, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository#filtering-and-searching-for-code-scanning-alerts).
 
 ![Screenshot of the {% data variables.product.prodname_code_scanning_caps %} results check on a pull request. The "View all branch alerts" link is highlighted with a dark orange outline.](/assets/images/help/repository/code-scanning-results-check.png)
 
-### {% data variables.product.prodname_code_scanning_caps %} results check failures
+## Managing severity levels for check failures
 
 If the {% data variables.product.prodname_code_scanning %} results check finds any problems with a severity of `error`, `critical`, or `high`, the check fails and the error is reported in the check results. If all the results found by {% data variables.product.prodname_code_scanning %} have lower severities, the alerts are treated as warnings or notes and the check succeeds.
 
 ![Screenshot of the merge box for a pull request. The "Code scanning results / CodeQL" check has "1 new alert including 1 high severity security v..."](/assets/images/help/repository/code-scanning-check-failure.png)
 
 You can override the default behavior in your repository settings, by specifying the level of severities and security severities that will cause a pull request check failure. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#defining-the-severities-causing-pull-request-check-failure).
 
-### Other {% data variables.product.prodname_code_scanning %} checks
+## Diagnosing issues with your {% data variables.product.prodname_code_scanning %} configuration
 
 Depending on your configuration, you may see additional checks running on pull requests with {% data variables.product.prodname_code_scanning %} configured. These are usually workflows that analyze the code or that upload {% data variables.product.prodname_code_scanning %} results. These checks are useful for troubleshooting when there are problems with the analysis.
 

content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-the-command-line/specifying-command-options-in-a-codeql-configuration-file.md

@@ -1,7 +1,7 @@
 ---
 title: Specifying command options in a CodeQL configuration file
 shortTitle: Specify command options in a CodeQL configuration file
-intro: You can save default command options in a {% data variables.product.prodname_codeql %} configuration file.
+intro: Save time by adding your frequently used command options and custom {% data variables.product.prodname_codeql %} packs to a {% data variables.product.prodname_codeql %} configuration file.
 product: '{% data reusables.gated-features.codeql %}'
 versions:
   fpt: '*'
@@ -18,36 +18,24 @@ redirect_from:
 contentType: how-tos
 ---
 
-## About specifying command options in a {% data variables.product.prodname_codeql %} configuration file
-
-You can save default or frequently used options for your commands in a per-user configuration file.
-
-You can specify {% data variables.product.prodname_codeql_cli %} command options in two ways:
-
-* Directly in the command line, using the appropriate flag.
-* In a configuration (or `config`) file that {% data variables.product.prodname_codeql %} scans for relevant options each time a command is executed.
-
-For options that are likely to change each time you execute a command, specifying the value on the command line is the most convenient way of passing the information to {% data variables.product.prodname_codeql %}. Saving options in a `config` file is a good way to specify options you use frequently. It’s also a good way to add custom {% data variables.product.prodname_codeql %} packs that you use regularly to your search path.
-
 ## Using a {% data variables.product.prodname_codeql %} configuration file
 
-You need to save the `config` file under your home (Linux and macOS) or user profile (Windows) directory in the `.config/codeql/` subdirectory. For example, `$HOME/.config/codeql/config`.
-
-The syntax for specifying options is as follows:
+1. Create and save a `config` file under your home (Linux and macOS) or user profile (Windows) directory in the `.config/codeql/` subdirectory. For example, `$HOME/.config/codeql/config`.
+1. In the `config` file, specify the options you want to apply to your {% data variables.product.prodname_codeql %} commands. The syntax for specifying options is as follows:
 
-```shell
-<command> <subcommand> <option> <value>
-```
+    ```shell
+    <command> <subcommand> <option> <value>
+    ```
 
-To apply the same options to more than one command you can:
+1. To apply the same options to more than one command, you can:
 
-* Omit the `<subcommand>`, which will specify the option for every `<subcommand>` to which it’s relevant.
-* Omit both `<command>` and `<subcommand>`, which will globally specify the option for every `<command>` and `<subcommand>` to which it’s relevant.
+    * Omit `<subcommand>`, which will specify the option for every relevant `<subcommand>`
+    * Omit both `<command>` and `<subcommand>`, which will specify the option globally for every relevant `<command>` and `<subcommand>`
 
 > [!NOTE]
-> * `config` files only accept spaces between option flags and values—{% data variables.product.prodname_codeql %} will throw an error if you use `=` to specify an option value.
-> * If you specify an option in the command line, this overrides the `config` value defined for that option.
-> * If you want to specify more than one option for a `<command>`, `<subcommand>` or globally, use one line per option.
+> * `config` files only accept spaces, not `=`, between option flags and values.
+> * Specifying an option on the command line overrides any `config` value defined for that option.
+> * To specify more than one option for a `<command>`, `<subcommand>`, or globally, use one line per option.
 
 ### Examples
 

content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/creating-a-custom-query.md

@@ -15,15 +15,12 @@ redirect_from:
 contentType: how-tos
 ---
 
-## About custom queries
-
-> [!NOTE]
-> Creating a custom query is optional, and the [`github/codeql`](https://github.com/github/codeql)?target=https://github.com repository contains a large number of example queries you can use instead.
-
-You create a new query file from a template for a given language, which imports the standard libraries for analyzing that language. For more information, see [About {% data variables.product.prodname_codeql %} queries](https://codeql.github.com/docs/writing-codeql-queries/about-codeql-queries/) in the {% data variables.product.prodname_codeql %} documentation.
+You can write custom {% data variables.product.prodname_codeql %} queries to find specific issues relevant to your own project. This is optional, and the [`github/codeql`](https://github.com/github/codeql)?target=https://github.com repository contains a large number of example queries you can use instead.
 
 ## Creating a custom query
 
+You create a new query file from a template for a given language, which imports the standard libraries for analyzing that language.
+
 1. In the extension sidebar, open the "Queries" view, then click the **Create query** icon.
 
 1. In the {% data variables.product.prodname_vscode_command_palette_shortname %}, select the target language for your query. If you've chosen not to create your custom query in an existing directory, selecting a language will autogenerate a directory labeled `codeql-custom-queries-LANGUAGE`, where `LANGUAGE` is the name of the selected language. A query template labeled `example.ql` will then be added to the existing or autogenerated directory.
@@ -32,7 +29,7 @@ You create a new query file from a template for a given language, which imports
 
 ## Further reading
 
-You can read about how to create queries for supported languages in the {% data variables.product.prodname_codeql %} documentation:
+You can read about how to write queries for supported languages in the {% data variables.product.prodname_codeql %} documentation:
 
 * [{% data variables.product.prodname_codeql %} for C and C++](https://codeql.github.com/docs/codeql-language-guides/codeql-for-cpp/)
 * [{% data variables.product.prodname_codeql %} for C#](https://codeql.github.com/docs/codeql-language-guides/codeql-for-csharp/)

content/code-security/how-tos/secure-at-scale/configure-enterprise-security/configure-specific-tools/configuring-secret-scanning-for-your-appliance.md

@@ -44,7 +44,7 @@ The SSSE3 set of instructions is required because {% data variables.product.prod
 1. Enter the following command:
 
    ```shell
-   grep -iE '^flags.*ssse3' /proc/cpuinfo >/dev/null | echo $?
+   grep -iE '^flags.*ssse3' /proc/cpuinfo >/dev/null; echo $?
    ```
 
    If this returns the value `0`, it means that the SSSE3 flag is available and enabled. You can now enable {% data variables.product.prodname_secret_scanning %}. See [Enabling {% data variables.product.prodname_secret_scanning %}](#enabling-secret-scanning) below.

content/code-security/reference/code-scanning/sarif-files/sarif-support-for-code-scanning.md

@@ -169,8 +169,6 @@ This is where you store details of the rules that are run during analysis. Infor
 
 Each `result` object contains details for one alert in the codebase. Within the `results` object, you can reference the rule that detected the alert. For more information, see [Rules and results](#rules-and-results) above.
 
-{% data reusables.code-scanning.upload-sarif-alert-limit %}
-
 | Name | Required | Description |
 |----|----|----|
 | `ruleId`| {% octicon "x" aria-label="Optional" %} | The unique identifier of the rule (`reportingDescriptor.id`). For more information, see the [`reportingDescriptor` object](#reportingdescriptor-object). {% data variables.product.prodname_code_scanning_caps %} uses the rule identifier to filter results by rule on {% data variables.product.prodname_dotcom %}.