diff --git a/content/code-security/concepts/code-scanning/index.md b/content/code-security/concepts/code-scanning/index.md
index a94806e064d9..53caf7afba9c 100644
--- a/content/code-security/concepts/code-scanning/index.md
+++ b/content/code-security/concepts/code-scanning/index.md
@@ -18,5 +18,6 @@ children:
- /setup-types
- /about-integration-with-code-scanning
- /sarif-files
+ - /merge-protection
- /codeql
---
diff --git a/content/code-security/concepts/code-scanning/merge-protection.md b/content/code-security/concepts/code-scanning/merge-protection.md
new file mode 100644
index 000000000000..e78a9f051c82
--- /dev/null
+++ b/content/code-security/concepts/code-scanning/merge-protection.md
@@ -0,0 +1,46 @@
+---
+title: Code scanning merge protection
+shortTitle: Merge protection
+intro: Code scanning rules prevent pull requests with potential vulnerabilities from being merged.
+topics:
+ - Code Security
+ - Code scanning
+product: 'Rulesets are available in public repositories with {% data variables.product.prodname_free_user %} and {% data variables.product.prodname_free_team %} for organizations, and in public and private repositories with {% data variables.product.prodname_pro %}, {% data variables.product.prodname_team %}, and {% data variables.product.prodname_ghe_cloud %}. {% data reusables.gated-features.more-info %}'
+permissions: 'Repository administrators and organization owners'
+versions:
+ fpt: '*'
+ ghes: '*'
+ ghec: '*'
+contentType: concepts
+---
+
+## Rulesets for {% data variables.product.prodname_code_scanning %} merge protection
+
+A ruleset is a named list of rules that control how people can interact with branches and tags in your repositories. You can add {% data variables.product.prodname_code_scanning %} rules to rulesets to prevent pull requests from being merged when any of the following conditions are met:
+
+{% data reusables.code-scanning.merge-protection-rulesets-conditions %}
+
+Typically, you should use {% data variables.product.prodname_code_scanning %} merge protection on long-lived feature branches, where you want to guarantee code has been analyzed before pull requests can be merged.
+
+Configuring a {% data variables.product.prodname_code_scanning %} rule will not automatically enable {% data variables.product.prodname_code_scanning %}. To learn how to enable code scanning, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning).
+
+> [!NOTE]
+> * Merge protection with rulesets is not related to status checks. For more information about status checks, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks).
+
+## Availability
+
+You can set {% data variables.product.prodname_code_scanning %} merge protection with rulesets:
+* At the repository level
+* At the organization level ({% data variables.product.prodname_enterprise %} plans only)
+
+## Exceptions and limitations
+
+Merge protection with rulesets will **not apply** to:
+* Merge queue groups
+* {% data variables.product.prodname_dependabot %} pull requests analyzed by default setup
+
+Additionally, all the lines of code identified by an alert must exist in the pull request diff. For more information, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#source-file-locations).
+
+## Next steps
+
+To configure a ruleset that requires {% data variables.product.prodname_code_scanning %} results, see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/set-code-scanning-merge-protection).
diff --git a/content/code-security/concepts/supply-chain-security/dependabot-job-logs.md b/content/code-security/concepts/supply-chain-security/dependabot-job-logs.md
new file mode 100644
index 000000000000..5ac07cb9c9cd
--- /dev/null
+++ b/content/code-security/concepts/supply-chain-security/dependabot-job-logs.md
@@ -0,0 +1,55 @@
+---
+title: Dependabot job logs
+intro: '{% data variables.product.github %} logs every update job run by {% data variables.product.prodname_dependabot %}, giving you visibility into version updates, security patches, and automated rebases across your dependencies.'
+shortTitle: Dependabot job logs
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '*'
+contentType: concepts
+topics:
+ - Dependabot
+ - Troubleshooting
+ - Dependencies
+ - Security updates
+---
+
+
+> [!NOTE]
+> Job logs are only available for repositories with {% data variables.product.prodname_dependabot_version_updates %} enabled.
+
+Whenever a {% data variables.product.prodname_dependabot %} job runs, the details of the job are captured in the job logs list, which is accessible from the dependency graph.
+
+## What job logs contain
+
+For each manifest file in your repository, {% data variables.product.prodname_dependabot %} maintains a list of recent job runs. Every log entry includes:
+
+* **Job type**: The kind of update {% data variables.product.prodname_dependabot %} performed (_version_ update, _security_ update, or _rebase_ update)
+* **Job ID**: A unique identifier for the run
+* **Timestamp**: When the job executed
+* **Associated pull requests**: Links to any pull requests created or updated by the job
+* **Error messages**: Brief diagnostic information when jobs fail
+
+If you need to troubleshoot further, you can click **view logs** to access the full log files for a specific run.
+
+## Job types
+
+You will see the following job types recorded in the log list:
+
+**Version update**: {% data variables.product.prodname_dependabot %} checked your manifest files for outdated dependencies and opened or updated pull requests to bring them current. These runs happen on the schedule defined in your `dependabot.yml` configuration file.
+
+**Security update**: {% data variables.product.prodname_dependabot %} detected a security vulnerability in one of your dependencies and opened a pull request to upgrade to a patched version. These updates happen automatically when {% data variables.product.github %} identifies new security advisories.
+
+**Rebase update**: {% data variables.product.prodname_dependabot %} automatically rebased an existing pull request to resolve a merge conflict with your target branch. This can apply to pull requests for either {% data variables.product.prodname_dependabot_version_updates %} or {% data variables.product.prodname_dependabot_security_updates %}.
+
+## Debugging with job logs
+
+Job logs give you two levels of detail for troubleshooting:
+
+**Log list entries** show a quick summary of each job, including short error messages that often point directly to the problem, like authentication failures, unreachable registries, or incompatible version constraints.
+
+**Full log files** provide complete output from the {% data variables.product.prodname_dependabot %} job, including every dependency checked, version resolution details, and the full stack trace for any errors. Access these when you need to investigate complex failures or understand exactly what {% data variables.product.prodname_dependabot %} attempted.
+
+## Next steps
+
+Now that you know what {% data variables.product.prodname_dependabot %} job logs are, you may want to find out how to access them. See [AUTOTITLE](/code-security/how-tos/view-and-interpret-data/viewing-dependabot-job-logs).
diff --git a/content/code-security/concepts/supply-chain-security/index.md b/content/code-security/concepts/supply-chain-security/index.md
index 41982e137cb7..ff6ed1e6d2dc 100644
--- a/content/code-security/concepts/supply-chain-security/index.md
+++ b/content/code-security/concepts/supply-chain-security/index.md
@@ -21,6 +21,7 @@ children:
- about-the-dependabot-yml-file
- about-dependabot-auto-triage-rules
- about-dependabot-on-github-actions-runners
+ - dependabot-job-logs
- immutable-releases
- linked-artifacts
---
diff --git a/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/enabling-delegated-alert-dismissal-for-code-scanning.md b/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/enabling-delegated-alert-dismissal-for-code-scanning.md
index 9936c63a2769..e1431663bb6f 100644
--- a/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/enabling-delegated-alert-dismissal-for-code-scanning.md
+++ b/content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/enabling-delegated-alert-dismissal-for-code-scanning.md
@@ -33,7 +33,7 @@ redirect_from:
You must configure delegated dismissal for your organization using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your organization.
-1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration#creating-a-custom-security-configuration).
+{% data reusables.security-configurations.custom-security-configurations-org %}
1. When creating the custom security configuration, under "{% data variables.product.prodname_code_scanning_caps %}", set "Prevent direct alert dismissals" to **Enabled**.
1. Click **Save configuration**.
1. Apply the security configuration to all (or selected) repositories in your organization. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration).
@@ -42,7 +42,7 @@ You must configure delegated dismissal for your organization using a custom secu
You must configure delegated dismissal for your enterprise using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your enterprise.
-1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise).
+{% data reusables.security-configurations.custom-security-configurations-enterprise %}
1. When creating the custom security configuration, under "{% data variables.product.prodname_code_scanning %}", ensure that the dropdown menu for "Prevent direct alert dismissals" is set to **Enabled**.
1. Click **Save configuration**.
1. Apply the security configuration to all (or selected) repositories in your enterprise. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise).
diff --git a/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/enabling-delegated-alert-dismissal-for-secret-scanning.md b/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/enabling-delegated-alert-dismissal-for-secret-scanning.md
index 61dd7dfcccbf..eda4b2aac61c 100644
--- a/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/enabling-delegated-alert-dismissal-for-secret-scanning.md
+++ b/content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/enabling-delegated-alert-dismissal-for-secret-scanning.md
@@ -32,7 +32,7 @@ redirect_from:
You must configure delegated dismissal for your organization using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your organization.
-1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration#creating-a-custom-security-configuration).
+{% data reusables.security-configurations.custom-security-configurations-org %}
1. When defining the custom security configuration, under "{% data variables.product.prodname_secret_scanning_caps %}", ensure that the dropdown menu for "Prevent direct alert dismissals" is set to **Enabled**.
1. Click **Save configuration**.
1. Apply the security configuration to all (or selected) repositories in your organization. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration).
@@ -47,7 +47,7 @@ To learn more about security configurations, see [AUTOTITLE](/code-security/secu
## Configuring delegated dismissal for an enterprise
-1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise).
+{% data reusables.security-configurations.custom-security-configurations-enterprise %}
1. When defining the custom security configuration, under "{% data variables.product.prodname_secret_protection %}", ensure that the dropdown menu for "Prevent direct alert dismissals" is set to **Enabled**.
1. Click **Save configuration**.
1. Apply the security configuration to all (or selected) repositories in your enterprise. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise).
diff --git a/content/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/set-code-scanning-merge-protection.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/set-code-scanning-merge-protection.md
index 9c38db1b9b6a..b0e34125edb1 100644
--- a/content/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/set-code-scanning-merge-protection.md
+++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/set-code-scanning-merge-protection.md
@@ -1,7 +1,7 @@
---
title: Set code scanning merge protection
shortTitle: Set merge protection
-intro: You can use rulesets to set {% data variables.product.prodname_code_scanning %} merge protection for pull requests.
+intro: 'Secure your codebase by blocking pull requests that fail {% data variables.product.prodname_code_scanning %} checks.'
permissions: '{% data reusables.permissions.security-org-enable %}'
product: '{% data reusables.gated-features.code-scanning %}'
versions:
@@ -16,27 +16,6 @@ redirect_from:
contentType: how-tos
---
-## About using rulesets for {% data variables.product.prodname_code_scanning %} merge protection
-
-> [!NOTE]
-> * Merge protection with rulesets is not related to status checks. For more information about status checks, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks).
-> * Merge protection with rulesets will not apply to merge queue groups or {% data variables.product.prodname_dependabot %} pull requests analyzed by default setup.
-> * All the lines of code identified by an alert must exist in the pull request diff. For more information, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#source-file-locations).
-
-You can use rulesets to prevent pull requests from being merged when one of the following conditions is met:
-
-{% data reusables.code-scanning.merge-protection-rulesets-conditions %}
-
-Typically you should use rulesets target long-lived feature branches, where you would like to guarantee that code has been analyzed before pull requests can be merged.
-
-Configuring a {% data variables.product.prodname_code_scanning %} rule will not automatically enable {% data variables.product.prodname_code_scanning %}. For more information about how to enable code scanning, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning).
-
-For more information about {% data variables.product.prodname_code_scanning %} alerts, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts).
-
-You can set merge protection with rulesets at the repository {% ifversion ghec or ghes %}or organization levels{% else %}level{% endif %}, and for repositories configured with either default setup or advanced setup. You can also use the REST API to set merge protection with rulesets.
-
-For more information about rulesets, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets).
-
## Creating a merge protection ruleset for a repository
{% data reusables.repositories.navigate-to-repo %}
diff --git a/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/exploring-data-flow-with-path-queries.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/exploring-data-flow-with-path-queries.md
index 53bfe43e1737..4984e9a92a7d 100644
--- a/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/exploring-data-flow-with-path-queries.md
+++ b/content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-vs-code/exploring-data-flow-with-path-queries.md
@@ -9,25 +9,21 @@ topics:
- Code Security
- Code scanning
- CodeQL
-intro: You can run {% data variables.product.prodname_codeql %} queries in {% data variables.product.prodname_vscode %} to help you track the flow of data through a program, highlighting areas that are potential security vulnerabilities.
+intro: Detect potential vulnerabilities by running path queries and analyzing your data flow.
redirect_from:
- /code-security/codeql-for-vs-code/exploring-data-flow-with-path-queries
- /code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/exploring-data-flow-with-path-queries
contentType: how-tos
---
-## About path queries
+## Prerequisites
-A path query is a {% data variables.product.prodname_codeql %} query with the property `@kind path-problem`. You can find a number of these in the standard {% data variables.product.prodname_codeql %} libraries.
-
-You can run the standard {% data variables.product.prodname_codeql %} path queries to identify security vulnerabilities and manually look through the results. For more information about how {% data variables.product.prodname_codeql %} tracks data flow, see [About data flow analysis](https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/) in the {% data variables.product.prodname_codeql %} documentation.
-
-Once you're familiar with data flow analysis and existing queries, you can write your own path queries in {% data variables.product.prodname_codeql %}. For more information, see [Next steps](#next-steps).
+Before you can effectively use path queries, you should understand the basics of data flow analysis. See [About data flow analysis](https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/) in the {% data variables.product.prodname_codeql %} documentation.
## Running path queries in {% data variables.product.prodname_vscode_shortname %} locally
-1. Open a path query in {% data variables.product.prodname_vscode_shortname %}.
-1. Right-click in the window with the query open, and select **{% data variables.product.prodname_codeql %}: Run Query on Selected Database**. Alternatively, you can also run this from the {% data variables.product.prodname_vscode_command_palette_shortname %}.
+1. Open a path query in {% data variables.product.prodname_vscode_shortname %}. A path query is a {% data variables.product.prodname_codeql %} query with the property `@kind path-problem`.
+1. Right-click in the window with the query open, then select **{% data variables.product.prodname_codeql %}: Run Query on Selected Database**. Alternatively, you can also run this from the {% data variables.product.prodname_vscode_command_palette_shortname %}.
1. Once the query has finished running, you can see the results in the "Results" view (under `alerts` in the dropdown menu). Each query result describes the flow of information between a source and a sink.
1. Expand the result to see the individual steps that the data follows.
1. Click each step to jump to it in the source code and investigate the problem further.
@@ -36,8 +32,8 @@ Once you're familiar with data flow analysis and existing queries, you can write
{% ifversion codeql-vs-code-mrva %}
-When you are ready to run a path query at scale, you can use the "Variant Analysis Repositories" view to run the query against up to 1,000 repositories on {% data variables.product.prodname_dotcom_the_website %}. For more information, see [AUTOTITLE](/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries-at-scale-with-multi-repository-variant-analysis).
+You can use the "Variant Analysis Repositories" view to run a query against up to 1,000 repositories on {% data variables.product.prodname_dotcom_the_website %}. See [AUTOTITLE](/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries-at-scale-with-multi-repository-variant-analysis).
{% endif %}
-For information about how to use the correct format and metadata for your own path queries, see [Creating path queries](https://codeql.github.com/docs/writing-codeql-queries/creating-path-queries/#creating-path-queries) in the {% data variables.product.prodname_codeql %} documentation. The {% data variables.product.prodname_codeql %} documentation also contains detailed information about how to define new sources and sinks, as well as templates and examples of how to extend the standard {% data variables.product.prodname_codeql %} libraries to suit your analysis.
+To start writing your own path queries, see [Creating path queries](https://codeql.github.com/docs/writing-codeql-queries/creating-path-queries/#creating-path-queries) in the {% data variables.product.prodname_codeql %} documentation.
diff --git a/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/creating-a-custom-security-configuration-for-your-enterprise.md b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/creating-a-custom-security-configuration-for-your-enterprise.md
index 8a681b3c1397..7f3a06ea92e9 100644
--- a/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/creating-a-custom-security-configuration-for-your-enterprise.md
+++ b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/creating-a-custom-security-configuration-for-your-enterprise.md
@@ -59,7 +59,8 @@ When creating a security configuration, keep in mind that:
* **Validity checks**. To learn more about validity checks for partner patterns, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity).{% endif %}{% ifversion org-npp-enablement-security-configurations %}
* **Non-provider patterns**. To learn more about scanning for non-provider patterns, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#non-provider-patterns) and [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts).{% endif %}{% ifversion secret-scanning-ai-generic-secret-detection %}
* **Scan for generic passwords**. To learn more, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).{% endif %}
- * **Push protection**. To learn about push protection, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).{% ifversion security-delegated-alert-dismissal %}
+ * **Push protection**. To learn about push protection, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).{% ifversion push-protection-delegated-bypass-configurations-enterprise %}
+ * **Bypass privileges**. By assigning bypass privileges, selected repository, organization, and business members can bypass push protection. There is a review and approval process for all other contributors. See [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection).{% endif %}{% ifversion security-delegated-alert-dismissal %}
* **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning).{% endif %}
1. Optionally, enable "{% data variables.product.prodname_code_security %}", a paid feature for private {% ifversion ghec %}and internal {% endif %} repositories. You can choose whether to enable, disable, or keep the existing settings for the following {% data variables.product.prodname_code_scanning %} features:
* **Default setup**. To learn more about default setup, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#about-default-setup).
diff --git a/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/enabling-delegated-bypass-for-push-protection.md b/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/enabling-delegated-bypass-for-push-protection.md
index c58fb4900542..1dffc63abd78 100644
--- a/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/enabling-delegated-bypass-for-push-protection.md
+++ b/content/code-security/how-tos/secure-your-secrets/manage-bypass-requests/enabling-delegated-bypass-for-push-protection.md
@@ -54,7 +54,10 @@ When you enable this feature, you will create a bypass list of roles and teams w
You must configure delegated bypass for your organization using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your organization.
-1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration#creating-a-custom-security-configuration).
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.org_settings %}
+{% data reusables.security-configurations.view-configurations-page %}
+{% data reusables.security-configurations.custom-security-configurations-org %}
1. When defining the custom security configuration, under "{% data variables.product.prodname_secret_scanning_caps %}," ensure that {% ifversion ghas-products %}"Push protection" is set to **Enabled**{% else %}the dropdown menus for "Alerts" and "Push protection" are set to **Enabled**{% endif %}.
1. Under "Push protection," to the right of "Bypass privileges," select the dropdown menu, then click **Specific actors**.
@@ -91,6 +94,33 @@ To learn more about security configurations, see [AUTOTITLE](/code-security/secu
{% ifversion push-protection-bypass-fine-grained-permissions %}
+{% ifversion push-protection-delegated-bypass-configurations-enterprise %}
+
+## Enabling delegated bypass for an enterprise
+
+You can configure delegated bypass for your enterprise using a custom security configuration. You can then apply the security configuration to all (or selected) repositories, organizations, or businesses in your enterprise.
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+{% data reusables.enterprise-accounts.advanced-security-tab %}
+{% data reusables.security-configurations.view-configurations-page %}
+{% data reusables.security-configurations.custom-security-configurations-enterprise %}
+1. Under **Secret scanning**, ensure **Push protection** is enabled.
+1. Under "Push protection," to the right of "Bypass privileges," select the dropdown menu, then click **Specific actors**.
+
+ > [!NOTE]
+ > When you assign bypass privileges to selected actors, these organizations' members are granted the ability to bypass push protection, and they also review and manage the requests from all other contributors to bypass push protection.
+ >
+ > You can't add secret teams to the bypass list.
+
+1. Click the "Select actors" dropdown menu, then select the roles and teams you want to assign bypass privileges to.
+1. Click **Save configuration**.
+1. Apply the security configuration to all (or selected) organizations and repositories in your enterprise. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration).
+
+When you apply the configuration, delegated bypass settings are enforced for the organizations and repositories in scope of that enterprise security configuration. Repositories outside the scope of the configuration aren’t affected.
+
+{% endif %}
+
## Using fine-grained permissions to control who can review and manage bypass requests
You can grant specific individuals or teams in your organization the ability to review and manage bypass requests using fine-grained permissions.
diff --git a/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot.md b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot.md
index df9b0e2b4e01..2a83cde15799 100644
--- a/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot.md
+++ b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot.md
@@ -136,7 +136,51 @@ With OIDC-based authentication, {% data variables.product.prodname_dependabot %}
* Azure DevOps Artifacts
* JFrog Artifactory
-To configure OIDC authentication, you need to specify `tenant-id` and `client-id` instead of `username` and `password` in your registry configuration.
+To configure OIDC authentication, you need to specify different values instead of `username` and `password` in your registry configuration.
+
+### AWS CodeArtifact
+
+AWS CodeArtifact requires the values `aws-region`, `account-id`, `role-name`, `domain`, and `domain-owner`. The `audience` field is optional.
+
+```yaml
+registries:
+ my-aws-codeartifact-feed:
+ type: npm-registry
+ url: https://MY_DOMAIN-MY-ACCOUNT_ID.d.codeartifact.REGION.amazonaws.com/npm/MY_REPOSITORY/
+ aws-region: REGION
+ account-id: '123456789012'
+ role-name: MY_ROLE_NAME
+ domain: MY_DOMAIN
+ domain-owner: '987654321098'
+ audience: MY_AUDIENCE # if required by your feed
+```
+
+### Azure DevOps Artifacts
+
+Azure DevOps Artifacts requires the values `tenant-id` and `client-id`:
+
+```yaml
+registries:
+ my-azure-devops-artifacts-feed:
+ type: npm-registry
+ url: https://pkgs.dev.azure.com/MY-ORGANIZATION/MY-PROJECT/_packaging/MY-FEED/npm/registry/
+ tenant-id: {% raw %}${{ secrets.AZURE_TENANT_ID }}{% endraw %}
+ client-id: {% raw %}${{ secrets.AZURE_CLIENT_ID }}{% endraw %}
+```
+
+### JFrog Artifactory
+
+JFrog Artifactory requires the values `url` and `jfrog-oidc-provider-name`. The values `audience` and `identity-mapping-name` are optional:
+
+```yaml
+registries:
+ my-jfrog-artifactory-feed:
+ type: npm-registry
+ url: https://JFROG-PLATFORM-URL/artifactory/api/npm/MY-REPOSITORY
+ jfrog-oidc-provider-name: MY-PROVIDER
+ audience: MY-AUDIENCE # if required by your feed
+ identity-mapping-name: MY-IDENTITY-MAPPING # if required by your feed
+```
For more information about how OIDC works, see [AUTOTITLE](/actions/concepts/security/openid-connect).
diff --git a/content/code-security/how-tos/view-and-interpret-data/viewing-dependabot-job-logs.md b/content/code-security/how-tos/view-and-interpret-data/viewing-dependabot-job-logs.md
index f3a236012e4a..9c9ca0d00b14 100644
--- a/content/code-security/how-tos/view-and-interpret-data/viewing-dependabot-job-logs.md
+++ b/content/code-security/how-tos/view-and-interpret-data/viewing-dependabot-job-logs.md
@@ -1,6 +1,6 @@
---
title: Viewing Dependabot job logs
-intro: To support debugging of {% data variables.product.prodname_dependabot %} pull requests, {% data variables.product.github %} provides logs of all {% data variables.product.prodname_dependabot %} jobs.
+intro: Access job logs to troubleshoot failed {% data variables.product.prodname_dependabot_updates %} and understand what is happening.
shortTitle: View Dependabot logs
permissions: '{% data reusables.permissions.dependabot-various-tasks %}'
versions:
@@ -19,20 +19,7 @@ redirect_from:
- /code-security/dependabot/troubleshooting-dependabot/viewing-dependabot-job-logs
---
-## About {% data variables.product.prodname_dependabot %} job logs
-
-Job logs are only available if {% data variables.product.prodname_dependabot_version_updates %} are enabled for the repository.
-
-Whenever a {% data variables.product.prodname_dependabot %} job runs, the details of the job are captured in the job logs list, which is accessible from the dependency graph.
-
-For each manifest file, the job logs record the most recent runs of {% data variables.product.prodname_dependabot %}, with each log entry displaying the job type, job ID, timestamp, and, where necessary, a link to the pull request(s) associated with the job.
-
-You may find that the log entry contains a short error message, which can be useful for debugging issues with a particular pull request or run. If you need to troubleshoot further, you can click **view logs** to access the full log files for a specific run.
-
-You will see the following job types recorded in the log list:
-* **Version update** - refers to a {% data variables.product.prodname_dependabot_version_updates %} run.
-* **Security update** - refers to a {% data variables.product.prodname_dependabot_security_updates %} run.
-* **Rebase update** - refers to a run where {% data variables.product.prodname_dependabot %} has automatically rebased the pull request to resolve a conflict with the target branch. This update could apply to a pull request from a {% data variables.product.prodname_dependabot_version_updates %} job, or a {% data variables.product.prodname_dependabot_security_updates %} job.
+When {% data variables.product.prodname_dependabot_updates %} fail or behave unexpectedly, job logs show you exactly what happened. Access job logs from the dependency graph to debug issues quickly. For background on what job logs contain and the types of jobs {% data variables.product.github %} records, see [AUTOTITLE](/code-security/concepts/supply-chain-security/dependabot-job-logs).
## Viewing {% data variables.product.prodname_dependabot %} job logs
diff --git a/content/copilot/concepts/tools/about-copilot-integrations.md b/content/copilot/concepts/tools/about-copilot-integrations.md
index d9f85d93a63e..60bbf096c490 100644
--- a/content/copilot/concepts/tools/about-copilot-integrations.md
+++ b/content/copilot/concepts/tools/about-copilot-integrations.md
@@ -26,7 +26,7 @@ Currently, {% data variables.copilot.copilot_coding_agent %} supports integratio
* **Microsoft Teams**: [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/integrate-coding-agent-with-teams) - Learn how to set up the Microsoft Teams integration to trigger {% data variables.copilot.copilot_coding_agent %} directly from your Teams channels.
* **Slack**: [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/integrate-coding-agent-with-slack) - Learn how to set up the Slack integration to trigger {% data variables.copilot.copilot_coding_agent %} directly from your Slack workspace.
* **Linear**: [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/integrate-coding-agent-with-linear) - Learn how to set up the Linear integration to trigger {% data variables.copilot.copilot_coding_agent %} directly from your Linear issues.
-* **Azure Boards**: (currently in {% data variables.release-phases.private_preview %}).
+* **Azure Boards**: [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/integrate-coding-agent-with-azure-boards) - Learn how to set up the Azure Boards integration to trigger {% data variables.copilot.copilot_coding_agent %} directly from your Azure Boards work items.
## Benefits of integrations
diff --git a/content/copilot/how-tos/use-copilot-agents/coding-agent/create-a-pr.md b/content/copilot/how-tos/use-copilot-agents/coding-agent/create-a-pr.md
index 9e7af18303fb..cb768a940a0b 100644
--- a/content/copilot/how-tos/use-copilot-agents/coding-agent/create-a-pr.md
+++ b/content/copilot/how-tos/use-copilot-agents/coding-agent/create-a-pr.md
@@ -37,7 +37,7 @@ You can ask {% data variables.product.prodname_copilot_short %} to create a new
* {% data variables.product.prodname_github_issues %}, by [assigning an issue to {% data variables.product.prodname_copilot_short %}](#assigning-an-issue-to-copilot)
* The [agents tab or panel](#asking-copilot-to-create-a-pull-request-from-the-agents-tab-or-panel) on {% data variables.product.github %}
* The [dashboard](#asking-copilot-to-create-a-pull-request-from-the-dashboard) on {% data variables.product.github %}
-* {% data variables.copilot.copilot_chat_short %} in [{% data variables.product.prodname_vscode %}](#asking-copilot-to-create-a-pull-request-from-copilot-chat-in-visual-studio-code), [JetBrains IDEs](#asking-copilot-to-create-a-pull-request-from-copilot-chat-in-jetbrains-ides), [Eclipse](#asking-copilot-to-create-a-pull-request-from-copilot-chat-in-eclipse) and [{% data variables.product.prodname_vs %}](#asking-copilot-to-create-a-pull-request-from-copilot-chat-in-visual-studio)
+* {% data variables.copilot.copilot_chat_short %} in [{% data variables.product.prodname_vscode %}](#asking-copilot-to-create-a-pull-request-from-copilot-chat-in-visual-studio-code), [JetBrains IDEs](#asking-copilot-to-create-a-pull-request-from-copilot-chat-in-jetbrains-ides), [Eclipse](#asking-copilot-to-create-a-pull-request-from-copilot-chat-in-eclipse) and [{% data variables.product.prodname_vs %} 2026](#asking-copilot-to-create-a-pull-request-from-copilot-chat-in-visual-studio-2026)
* {% data variables.copilot.copilot_chat_short %} on [{% data variables.product.prodname_dotcom_the_website %}](#asking-copilot-to-create-a-pull-request-from-copilot-chat-in-githubcom)
* The [{% data variables.product.prodname_cli %}](#asking-copilot-to-create-a-pull-request-from-the-github-cli)
* On [{% data variables.product.prodname_mobile %}](#asking-copilot-to-create-a-pull-request-from-github-mobile)
@@ -491,22 +491,25 @@ You can ask {% data variables.product.prodname_copilot_short %} to open a pull r
{% data variables.product.prodname_copilot_short %} will start a new session and respond with a link to the pull request it creates. It will work on the task and push changes to the pull request, and then add you as a reviewer when it has finished, triggering a notification from {% data variables.product.github %} and in the IDE.
-## Asking {% data variables.product.prodname_copilot_short %} to create a pull request from {% data variables.copilot.copilot_chat_short %} in {% data variables.product.prodname_vs %}
+## Asking {% data variables.product.prodname_copilot_short %} to create a pull request from {% data variables.copilot.copilot_chat_short %} in {% data variables.product.prodname_vs %} 2026
-1. Open {% data variables.copilot.copilot_chat %} in {% data variables.product.prodname_vs %}.
-1. Type a prompt, starting with `@github`, asking {% data variables.product.prodname_copilot_short %} to create a pull request, and giving details of what you want {% data variables.product.prodname_copilot_short %} to change.
+> [!NOTE] To use {% data variables.copilot.copilot_coding_agent %} in {% data variables.product.prodname_vs %}, you'll need to be running at least [December Update 18.1.0](https://learn.microsoft.com/en-us/visualstudio/releases/2026/release-notes#github-copilot-1) of {% data variables.product.prodname_vs %} 2026.
- For example, `@github Create a PR to put backticks around file names and variables in output.`
+1. Enable {% data variables.copilot.copilot_coding_agent %} support in {% data variables.product.prodname_vs %}.
+ 1. Open the **Tools** menu, then click **Options**.
+ 1. In the sidebar, select **{% data variables.product.github %}**.
+ 1. Check the **Enable Copilot Coding agent (preview)** box.
+ 1. Restart {% data variables.product.prodname_vs %}.
+1. Open {% data variables.copilot.copilot_chat %} in {% data variables.product.prodname_vs %}.
+1. Enter a prompt, giving details of what you want {% data variables.product.prodname_copilot_short %} to change.
- > [!TIP]
- > * To help {% data variables.product.prodname_copilot_short %}, you can select the relevant line(s) of code before submitting your prompt.
- > * From {% data variables.copilot.copilot_chat_short %}, you can ask {% data variables.product.prodname_copilot_short %} to open a pull request using a specific branch as the base branch by including it in your prompt.
+ For example, `Put backticks around file names and variables in log output.`
-1. Submit your prompt.
+1. Submit your prompt by clicking the **Delegate this task to the GitHub Copilot coding agent** button, next to the **Send** button.
{% data variables.product.prodname_copilot_short %} asks you to confirm that you want to use the coding agent to create a pull request.
-1. Click **Allow**.
+1. Click **Confirm**.
{% data variables.product.prodname_copilot_short %} will start a new session and respond with a link to the pull request it creates. It will work on the task and push changes to the pull request, and then add you as a reviewer when it has finished, triggering a notification.
diff --git a/content/copilot/how-tos/use-copilot-agents/coding-agent/index.md b/content/copilot/how-tos/use-copilot-agents/coding-agent/index.md
index e4d0a8bd441c..d45f880afd9c 100644
--- a/content/copilot/how-tos/use-copilot-agents/coding-agent/index.md
+++ b/content/copilot/how-tos/use-copilot-agents/coding-agent/index.md
@@ -18,6 +18,7 @@ children:
- /integrate-coding-agent-with-slack
- /integrate-coding-agent-with-teams
- /integrate-coding-agent-with-linear
+ - /integrate-coding-agent-with-azure-boards
- /changing-the-ai-model
- /customize-the-agent-environment
- /customize-the-agent-firewall
diff --git a/content/copilot/how-tos/use-copilot-agents/coding-agent/integrate-coding-agent-with-azure-boards.md b/content/copilot/how-tos/use-copilot-agents/coding-agent/integrate-coding-agent-with-azure-boards.md
new file mode 100644
index 000000000000..46f1ef6c4f11
--- /dev/null
+++ b/content/copilot/how-tos/use-copilot-agents/coding-agent/integrate-coding-agent-with-azure-boards.md
@@ -0,0 +1,62 @@
+---
+title: Integrating Copilot coding agent with Azure Boards
+shortTitle: Integrate coding agent with Azure Boards
+intro: 'Use the {% data variables.product.prodname_copilot_short %} integration in Azure Boards to send work items directly to {% data variables.copilot.copilot_coding_agent %} and generate pull requests, all from within your Azure DevOps workspace.'
+versions:
+ feature: copilot
+topics:
+ - Copilot
+contentType: how-tos
+category:
+ - Integrate Copilot with your tools
+---
+
+The Azure Boards {% data variables.product.github %} integration allows you to invoke {% data variables.copilot.copilot_coding_agent %} without leaving your workspace. From within a Azure Boards work item you can initiate {% data variables.copilot.copilot_coding_agent_short %} sessions and open pull requests, using the context of your work item description and comments.
+
+For information about additional {% data variables.product.prodname_copilot_short %} integrations, see [AUTOTITLE](/copilot/concepts/tools/about-copilot-integrations).
+
+> [!NOTE]
+> When you send a work item to {% data variables.copilot.copilot_coding_agent %}, the agent will capture content from text fields (such as the description and reproduction steps), along with the last 50 comments. This context is stored in the pull request, and is visible to anyone with access to the repository.
+
+## Prerequisites
+
+* You must have a {% data variables.product.github %} account with access to {% data variables.product.prodname_copilot_short %} through {% data variables.copilot.copilot_pro_short %}, {% data variables.copilot.copilot_pro_plus_short %}, {% data variables.copilot.copilot_business_short %}, or {% data variables.copilot.copilot_enterprise_short %}.
+* The repositories connected to the Azure DevOps project must have {% data variables.copilot.copilot_coding_agent %} enabled.
+
+## Installing the Azure Boards application on {% data variables.product.github %}
+
+> [!NOTE]
+> To install the Azure Boards application, you must be an owner or App manager of the organization or enterprise on {% data variables.product.github %}.
+
+The Azure Boards app only needs to be installed once in an organization. After the app is installed, any member of the organization can connect their {% data variables.product.github %} account to the app and start using it.
+
+1. Go to the [Azure Boards installation page](https://github.com/marketplace/azure-boards).
+1. Scroll to the bottom of the page, then use the **Account** dropdown menu to select an account you would like to install the app in.
+1. Click **Install**.
+1. Select the repositories you would like the Azure Boards app to have access to.
+1. Follow the prompts on screen to configure and authorize the app in your Azure DevOps organization and project.
+
+## Approving the Azure Boards application permissions
+
+If you already have the Azure Boards application installed on {% data variables.product.github %}, you will need to approve the required permission changes to allow the app to communicate with {% data variables.product.prodname_copilot %}.
+
+1. Navigate to [your installed {% data variables.product.github %} Apps](https://github.com/settings/installations).
+1. Find the Azure Boards application, then click the **Review request** link.
+1. Review the permissions, then click **Accept new permission**.
+
+## Creating a pull request from a work item
+
+1. In Azure Boards, open the work item you want to send to {% data variables.copilot.copilot_coding_agent %}.
+1. Click the {% octicon "copilot" aria-label="Copilot" %} icon on the work item.
+1. Select **Create a pull request with {% data variables.product.prodname_copilot_short %}**.
+1. Under **{% data variables.product.github %} repository**, select the repository where {% data variables.product.prodname_copilot_short %} should create the pull request.
+1. Optionally, change the base branch that {% data variables.product.prodname_copilot_short %} should use for the pull request.
+1. Optionally, add any additional instructions to provide {% data variables.product.prodname_copilot_short %} with more context.
+1. Click **Create**.
+
+{% data variables.copilot.copilot_coding_agent %} will begin processing the work item and create a draft pull request linked back to the work item.
+
+## Further reading
+
+* [AUTOTITLE](/copilot/concepts/agents/coding-agent/about-coding-agent)
+* [AUTOTITLE](/copilot/concepts/agents/coding-agent/access-management)
\ No newline at end of file
diff --git a/data/features/push-protection-delegated-bypass-configurations-enterprise.yml b/data/features/push-protection-delegated-bypass-configurations-enterprise.yml
new file mode 100644
index 000000000000..5df70d2de1eb
--- /dev/null
+++ b/data/features/push-protection-delegated-bypass-configurations-enterprise.yml
@@ -0,0 +1,5 @@
+# Issue 1518825892 - Secret scanning push protection bypass added to enterprises
+versions:
+ fpt: '*'
+ ghec: '*'
+ ghes: '>=3.20'
diff --git a/data/reusables/billing/actions-standard-runner-prices.md b/data/reusables/billing/actions-standard-runner-prices.md
index 93080551d8d9..569d08abd4c6 100644
--- a/data/reusables/billing/actions-standard-runner-prices.md
+++ b/data/reusables/billing/actions-standard-runner-prices.md
@@ -1,6 +1,8 @@
-| Operating system | Billing SKU | Per-minute rate (USD) |
-| ------------------------------------ | -------------| ----------------------|
-| Linux 1-core | `linux_slim` | $0.002 |
-| Linux 2-core | `linux` | $0.006 |
-| Windows 2-core | `windows` | $0.010 |
-| macOS 3-core or 4-core (M1 or Intel) | `macos` | $0.062 |
+| Operating system | Billing SKU | Per-minute rate (USD) |
+| ------------------------------------ | --------------------- | --------------------- |
+| Linux 1-core (x64) | `actions_linux_slim` | $0.002 |
+| Linux 2-core (x64) | `actions_linux` | $0.006 |
+| Linux 2-core (arm64) | `actions_linux_arm` | $0.005 |
+| Windows 2-core (x64) | `actions_windows` | $0.010 |
+| Windows 2-core (arm64) | `actions_windows_arm` | $0.010 |
+| macOS 3-core or 4-core (M1 or Intel) | `actions_macos` | $0.062 |
diff --git a/data/reusables/code-scanning/merge-protection-rulesets-conditions.md b/data/reusables/code-scanning/merge-protection-rulesets-conditions.md
index e350d73dc92c..1a3f3a9715ee 100644
--- a/data/reusables/code-scanning/merge-protection-rulesets-conditions.md
+++ b/data/reusables/code-scanning/merge-protection-rulesets-conditions.md
@@ -1,3 +1,3 @@
-* A required tool found a {% data variables.product.prodname_code_scanning %} alert of a severity that is defined in a ruleset.
-* A required {% data variables.product.prodname_code_scanning %} tool's analysis is still in progress.
-* A required {% data variables.product.prodname_code_scanning %} tool is not configured for the repository.
+* A required tool finds a {% data variables.product.prodname_code_scanning %} alert of a severity that is defined in the ruleset.
+* A required tool's analysis is still in progress.
+* A required tool is not configured for the repository.
diff --git a/data/reusables/copilot/grok-promo-period.md b/data/reusables/copilot/grok-promo-period.md
index fbda965f2191..183e5f4db5aa 100644
--- a/data/reusables/copilot/grok-promo-period.md
+++ b/data/reusables/copilot/grok-promo-period.md
@@ -1 +1 @@
-> [!Important] Complimentary access to {% data variables.copilot.copilot_grok_code %} is continuing past the previously announced end time. A new end date has not been set. We may update or conclude this promotion at any time. [Regular pricing](/copilot/reference/ai-models/supported-models#model-multipliers) applies after the extension ends.
+> [!Important] Complimentary access to {% data variables.copilot.copilot_grok_code %} will end on February 17, 2026. [Regular pricing](/copilot/reference/ai-models/supported-models#model-multipliers) applies after complimentary access ends.
diff --git a/data/reusables/security-configurations/custom-security-configurations-enterprise.md b/data/reusables/security-configurations/custom-security-configurations-enterprise.md
new file mode 100644
index 000000000000..24a5f1f5ba9d
--- /dev/null
+++ b/data/reusables/security-configurations/custom-security-configurations-enterprise.md
@@ -0,0 +1 @@
+1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise).
diff --git a/data/reusables/security-configurations/custom-security-configurations-org.md b/data/reusables/security-configurations/custom-security-configurations-org.md
new file mode 100644
index 000000000000..6892a9c5c0d7
--- /dev/null
+++ b/data/reusables/security-configurations/custom-security-configurations-org.md
@@ -0,0 +1,2 @@
+1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration#creating-a-custom-security-configuration).
+
diff --git a/src/frame/lib/page-data.ts b/src/frame/lib/page-data.ts
index 5424d7f362d2..ab40fef20809 100644
--- a/src/frame/lib/page-data.ts
+++ b/src/frame/lib/page-data.ts
@@ -383,9 +383,14 @@ export async function loadPageList(
if (!item.childPages) return
await Promise.all(
- item.childPages.map(
- async (childPage: UnversionedTree) => await addToCollection(childPage, collection),
- ),
+ item.childPages
+ // Cross-product children are pages included from other parts of the
+ // tree via absolute `/content/` paths in a bespoke landing page's
+ // children list. They already exist in their original location, so
+ // including them again would create duplicate entries in the flat
+ // page list which breaks search-index uniqueness constraints.
+ .filter((childPage: UnversionedTree) => !childPage.crossProductChild)
+ .map(async (childPage: UnversionedTree) => await addToCollection(childPage, collection)),
)
}