Merge branch 'main' into 33905

content/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox.md

@@ -73,11 +73,12 @@ You can add up to 15 of your own custom filters.
 ## Custom filter limitations
 
 Custom filters do not currently support:
-* Full text search in your inbox, including searching for pull request or issue titles.
+
+* Full text search in your inbox, including searching for pull request or issue titles
 * Distinguishing between the `is:issue`, `is:pr`, and `is:pull-request` query filters. These queries will return both issues and pull requests.
-* Creating more than 15 custom filters.
-* Changing the default filters or their order.
-* Search [exclusion](/search-github/getting-started-with-searching-on-github/understanding-the-search-syntax#exclude-certain-results) using `NOT` or `-QUALIFIER`.
+* Creating more than 15 custom filters
+* Changing the default filters or their order
+* Search [exclusion](/search-github/getting-started-with-searching-on-github/understanding-the-search-syntax#exclude-certain-results) using `NOT` or `-QUALIFIER`
 
 ## Supported queries for custom filters
 

content/authentication/keeping-your-account-and-data-secure/switching-between-accounts.md

@@ -18,7 +18,7 @@ When you are signed in to multiple accounts and using the account switcher, thos
 
 If you are signed in to multiple accounts and follow a link to {% data variables.product.product_name %} from an external source, such as a request to install or approve a {% data variables.product.prodname_github_app %}, you will first be prompted to choose which account you want to use.
 
-Your SSO sessions will persist when you switch away from an account and return, this means you will not always need to authenticate with your identity provider (IdP) each time you want to use your SSO-linked account. If you're a member of an enterprise that uses {% data variables.product.prodname_emus %} and add your {% data variables.enterprise.prodname_managed_user %} to the account switcher, the {% data variables.enterprise.prodname_managed_user %} will appear grayed out if your session has expired. Selecting the expired account will send you to reauthenticate with your IdP.
+Your SSO sessions will persist when you switch away from an account and return. This means you will not always need to authenticate with your identity provider (IdP) each time you want to use your SSO-linked account. If you're a member of an enterprise that uses {% data variables.product.prodname_emus %} and add your {% data variables.enterprise.prodname_managed_user %} to the account switcher, the {% data variables.enterprise.prodname_managed_user %} will appear grayed out if your session has expired. Selecting the expired account will send you to reauthenticate with your IdP.
 
 ## Adding an account to the account switcher
 

content/billing/managing-billing-for-github-copilot/about-billing-for-github-copilot.md

@@ -76,11 +76,7 @@ For a {% data variables.product.prodname_copilot_enterprise %} subscription, all
 For {% data variables.product.prodname_copilot %} in {% data variables.product.prodname_ghe_cloud %}, policy settings and the usage overview are available at the enterprise level. For more information, see "[AUTOTITLE](/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-policies-and-features-for-copilot-in-your-enterprise)" and "[AUTOTITLE](/enterprise-cloud@latest/billing/managing-billing-for-github-copilot/viewing-your-github-copilot-usage)."
 {% endif %}
 
-{% note %}
-
-**Note:** {% data variables.product.prodname_copilot %} billing operates in Coordinated Universal Time (UTC), but it calculates your bill according to the timezone of your billing cycle. For example, if you're billed through Azure and your current billing cycle ends at 11:59 PM EST on December 1st, canceling a seat at 7:00 PM EST on December 1st might show the seat cancellation at 12:00 AM UTC on December 2nd. However, the seat would end within the billing cycle that you requested the cancellation, and you would not pay for that seat in the following cycle.
-
-{% endnote %}
+> [!NOTE] {% data variables.product.prodname_copilot %} billing operates in Coordinated Universal Time (UTC), but it calculates your bill according to the timezone of your billing cycle. For example, if you're billed through Azure and your current billing cycle ends at 11:59 PM EST on December 1st, canceling a seat at 7:00 PM EST on December 1st might show the seat cancellation at 12:00 AM UTC on December 2nd. However, the seat would end within the billing cycle that you requested the cancellation, and you would not pay for that seat in the following cycle.
 
 ### About seat assignment for {% data variables.product.prodname_copilot_for_business %} and {% data variables.product.prodname_copilot_enterprise %}
 
@@ -98,11 +94,7 @@ If you are a member of an organization or enterprise with a {% data variables.pr
 
 When you connect an Azure subscription to your organization or enterprise account and enable metered billing via Azure, metered usage will start to be sent to Azure. You will be billed through {% data variables.product.prodname_dotcom %} for usage from the start of the current billing cycle to when you enabled metered billing via Azure, on your next billing date. The period between the date you connected your Azure subscription and enabled metered billing via Azure, and the end of the calendar month will be charged in Azure on the first of the month. For more information, see "[AUTOTITLE](/billing/managing-the-plan-for-your-github-account/connecting-an-azure-subscription)."
 
-{% note %}
-
-**Note:** Usage data is sent to Azure daily, but you are billed at the end of the month based on the number of seats used. This means that although you can track your daily spending (number of seats in this case), actual payments are processed monthly.
-
-{% endnote %}
+> [!NOTE] Usage data is sent to Azure daily, but you are billed at the end of the month based on the number of seats used. This means that although you can track your daily spending (number of seats in this case), actual payments are processed monthly.
 
 ### About changes to your {% data variables.product.prodname_copilot_enterprise %} subscription
 

content/code-security/secret-scanning/working-with-push-protection.md

@@ -104,7 +104,9 @@ For a blocked commit, you can remove the secret from the file using the web UI.
 
 Organization owners can provide a custom link that will be displayed when a push is blocked. This custom link can contain resources and advice specific to your organization. For example, the custom link can point to a README file with information about the organization's secret vault, which teams and individuals to escalate questions to, or the organization's approved policy for working with secrets and rewriting commit history.
 
-You can bypass the block by specifying a reason for allowing the secret. For more information on how to bypass push protection and commit the blocked secret, see "[Bypassing push protection when working with the web UI](#bypassing-push-protection-when-working-with-the-web-ui)."
+You may be able to bypass the block by specifying a reason for allowing the secret. For more information on how to bypass push protection and commit the blocked secret, see "[Bypassing push protection when working with the web UI](#bypassing-push-protection-when-working-with-the-web-ui)."
+
+{% ifversion push-protection-delegated-bypass %} Alternatively, you may be required to submit a request for "bypass privileges" in order to commit your changes. For information on how to request permission to bypass push protection and allow the commit containing the secret, see "[Requesting bypass privileges when working with the web UI](#requesting-bypass-privileges-when-working-with-the-web-ui)."{% endif %}
 
 ### Bypassing push protection when working with the web UI
 
@@ -118,11 +120,41 @@ If {% data variables.product.prodname_dotcom %} blocks a secret that you believe
 
 {% data reusables.secret-scanning.push-protection-allow-email %}
 
+{% ifversion push-protection-delegated-bypass %}
+
+If you don't see the option to bypass the block, the repository administrator or organization owner has configured tighter controls around push protection. Instead, you should remove the secret from the commit, or submit a request for "bypass privileges" in order to commit your changes. For more information, see "[Requesting bypass privileges when working with the web UI](#requesting-bypass-privileges-when-working-with-the-web-ui)."
+
+{% endif %}
+
 1. In dialog box that appeared when {% data variables.product.prodname_dotcom %} blocked your commit, review the name and location of the secret.
 {% data reusables.secret-scanning.push-protection-choose-allow-secret-options %}
 {% data reusables.secret-scanning.push-protection-public-repos-bypass %}
 1. Click **Allow secret**.
 
+{% ifversion push-protection-delegated-bypass %}
+
+### Requesting bypass privileges when working with the web UI
+
+{% data reusables.secret-scanning.push-protection-delegate-bypass-beta-note %}
+
+If your commit has been blocked by push protection, you can request permission to bypass the block. The request is sent to a designated group of reviewers, who will either approve or deny the request.
+
+Requests expire after 7 days.
+
+1. In dialog box that appeared when {% data variables.product.prodname_dotcom %} blocked your commit, review the name and location of the secret.
+1. Click **Start request**. The request will open in a new tab.
+{% data reusables.secret-scanning.push-protection-bypass-request-add-comment %}
+{% data reusables.secret-scanning.push-protection-submit-bypass-request %}
+{% data reusables.secret-scanning.push-protection-bypass-request-check-email %}
+
+{% data reusables.secret-scanning.push-protection-bypass-request-decision-email %}
+
+If your request is approved, you can commit the changes containing the secret to the file. You can also commit any future changes that contain the same secret.
+
+If your request is denied, you will need to remove the secret from the file before you can commit your changes.
+
+{% endif %}
+
 ## Further reading
 
 * "[AUTOTITLE](/code-security/secret-scanning/pushing-a-branch-blocked-by-push-protection)"

content/code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-is-using-advanced-setup-for-code-scanning.md

@@ -0,0 +1,42 @@
+---
+title: A repository is using advanced setup for code scanning
+shortTitle: Active advanced setup
+intro: 'You cannot attach a {% data variables.product.prodname_security_configuration %} with code scanning enabled to repositories that are using advanced setup for code scanning.'
+permissions: '{% data reusables.security-configurations.security-configurations-permissions %}'
+versions:
+  feature: security-configurations
+redirect_from:
+  - /code-security/securing-your-organization/troubleshooting-security-configurations/a-repository-has-an-existing-advanced-setup-for-code-scanning
+topics:
+  - Advanced Security
+  - Organizations
+  - Security
+---
+
+## About the problem
+
+You cannot successfully apply a {% data variables.product.prodname_security_configuration %} with {% data variables.product.prodname_code_scanning %} default setup enabled to a target repository that uses advanced setup for {% data variables.product.prodname_code_scanning %}. Advanced setups are tailored to the specific security needs of their repositories, so they are not intended to be overridden at scale.
+
+If you try to attach a {% data variables.product.prodname_security_configuration %} with {% data variables.product.prodname_code_scanning %} enabled to a repository already using advanced setup, security settings will be applied as follows:
+
+* **{% data variables.product.prodname_code_scanning_caps %} default setup will not be enabled**, and advanced setup will continue to run as normal.
+* **All other security features enabled in the configuration will be enabled.**
+* **The {% data variables.product.prodname_security_configuration %} will not be attached** to the repository, since only some features from the configuration are enabled.
+
+For all repositories without an active advanced setup, the {% data variables.product.prodname_security_configuration %} will be applied as expected, and {% data variables.product.prodname_code_scanning %} default setup will be enabled.
+
+{% note %}
+
+**Note:** If advanced setup is considered inactive for a repository, default setup _will_ still be enabled for that repository. Advanced setup is considered inactive for a repository if the repository meets any of the following criteria:
+* The latest {% data variables.product.prodname_codeql %} analysis is more than 90 days old
+* All {% data variables.product.prodname_codeql %} configurations have been deleted
+* The workflow file has been deleted or disabled (exclusively for YAML-based advanced setup)
+
+{% endnote %}
+
+## Solving the problem
+
+There are two ways you can solve this problem:
+
+1. **Update the affected repositories to use default setup** for {% data variables.product.prodname_code_scanning %} at the repository level and then reapply your {% data variables.product.prodname_security_configuration %} to the repositories. For more information, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning)."
+1. **Create a new custom {% data variables.product.prodname_security_configuration %}** that does not include a setting for {% data variables.product.prodname_code_scanning %} and apply this {% data variables.product.prodname_security_configuration %} to repositories that use advanced setup. For more information, see "[AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration)."

content/code-security/securing-your-organization/troubleshooting-security-configurations/index.md

@@ -9,6 +9,6 @@ topics:
   - Organizations
   - Security
 children:
-  - /a-repository-has-an-existing-advanced-setup-for-code-scanning
+  - /a-repository-is-using-advanced-setup-for-code-scanning
   - /not-enough-github-advanced-security-licenses
 ---

content/copilot/index.md

@@ -11,12 +11,13 @@ introLinks:
   quickstart: /copilot/quickstart
 featuredLinks:
   startHere:
-    - /copilot/using-github-copilot/getting-code-suggestions-in-your-ide-with-github-copilot
+    - /copilot/about-github-copilot/what-is-github-copilot
+    - /copilot/quickstart
   popular:
     - /copilot/using-github-copilot/prompt-engineering-for-github-copilot
-    - /billing/managing-billing-for-github-copilot/about-billing-for-github-copilot
-    - /copilot/managing-copilot/configure-personal-settings/configuring-github-copilot-in-your-environment
-    - /copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-copilot-policies-as-an-individual-subscriber
+    - /copilot/using-github-copilot/getting-code-suggestions-in-your-ide-with-github-copilot
+    - /copilot/using-github-copilot/asking-github-copilot-questions-in-your-ide
+    - /copilot/using-github-copilot/using-github-copilot-in-the-command-line
 layout: product-landing
 versions:
   feature: copilot