diff --git a/assets/images/help/billing/ghas-billing-table-repository-csv.png b/assets/images/help/billing/ghas-billing-table-repository-csv.png
index cd66d33a9710..3dbb65556797 100644
Binary files a/assets/images/help/billing/ghas-billing-table-repository-csv.png and b/assets/images/help/billing/ghas-billing-table-repository-csv.png differ
diff --git a/assets/images/help/enterprises/ghas-add-licenses.png b/assets/images/help/enterprises/ghas-add-licenses.png
new file mode 100644
index 000000000000..5f99ce81511f
Binary files /dev/null and b/assets/images/help/enterprises/ghas-add-licenses.png differ
diff --git a/assets/images/help/enterprises/ghas-download-report.png b/assets/images/help/enterprises/ghas-download-report.png
index 8fce4e66ce52..c9c30b1fa596 100644
Binary files a/assets/images/help/enterprises/ghas-download-report.png and b/assets/images/help/enterprises/ghas-download-report.png differ
diff --git a/assets/images/help/enterprises/ghas-licenses-dropdown.png b/assets/images/help/enterprises/ghas-licenses-dropdown.png
new file mode 100644
index 000000000000..6e2a1bfe72cc
Binary files /dev/null and b/assets/images/help/enterprises/ghas-licenses-dropdown.png differ
diff --git a/assets/images/help/repository/ghas-enterprise-policy-block-ghas.png b/assets/images/help/repository/ghas-enterprise-policy-block-ghas.png
new file mode 100644
index 000000000000..64f422f25be9
Binary files /dev/null and b/assets/images/help/repository/ghas-enterprise-policy-block-ghas.png differ
diff --git a/assets/images/help/repository/ghas-enterprise-policy-block.png b/assets/images/help/repository/ghas-enterprise-policy-block.png
index 64f422f25be9..61f04b7939a2 100644
Binary files a/assets/images/help/repository/ghas-enterprise-policy-block.png and b/assets/images/help/repository/ghas-enterprise-policy-block.png differ
diff --git a/assets/images/help/repository/secret-scanning-create-custom-pattern-ghas.png b/assets/images/help/repository/secret-scanning-create-custom-pattern-ghas.png
new file mode 100644
index 000000000000..6ba382bdff63
Binary files /dev/null and b/assets/images/help/repository/secret-scanning-create-custom-pattern-ghas.png differ
diff --git a/assets/images/help/repository/secret-scanning-create-custom-pattern-ghes17.png b/assets/images/help/repository/secret-scanning-create-custom-pattern-ghes17.png
new file mode 100644
index 000000000000..71c655e3d772
Binary files /dev/null and b/assets/images/help/repository/secret-scanning-create-custom-pattern-ghes17.png differ
diff --git a/assets/images/help/repository/secret-scanning-create-custom-pattern.png b/assets/images/help/repository/secret-scanning-create-custom-pattern.png
index 6ba382bdff63..a330fbd8848c 100644
Binary files a/assets/images/help/repository/secret-scanning-create-custom-pattern.png and b/assets/images/help/repository/secret-scanning-create-custom-pattern.png differ
diff --git a/assets/images/help/security-configurations/current-sp-cs-license-usage.png b/assets/images/help/security-configurations/current-sp-cs-license-usage.png
new file mode 100644
index 000000000000..1357ecba330b
Binary files /dev/null and b/assets/images/help/security-configurations/current-sp-cs-license-usage.png differ
diff --git a/assets/images/help/security-overview/security-coverage-view-summary-pre-config.png b/assets/images/help/security-overview/security-coverage-view-summary-pre-config.png
new file mode 100644
index 000000000000..5d4079b49f93
Binary files /dev/null and b/assets/images/help/security-overview/security-coverage-view-summary-pre-config.png differ
diff --git a/assets/images/help/security-overview/security-coverage-view-summary.png b/assets/images/help/security-overview/security-coverage-view-summary.png
index 5d4079b49f93..5092135a2844 100644
Binary files a/assets/images/help/security-overview/security-coverage-view-summary.png and b/assets/images/help/security-overview/security-coverage-view-summary.png differ
diff --git a/assets/images/help/security/advanced-code-scanning-setup-ghas.png b/assets/images/help/security/advanced-code-scanning-setup-ghas.png
new file mode 100644
index 000000000000..51d3800d55a1
Binary files /dev/null and b/assets/images/help/security/advanced-code-scanning-setup-ghas.png differ
diff --git a/assets/images/help/security/advanced-code-scanning-setup.png b/assets/images/help/security/advanced-code-scanning-setup.png
index 51d3800d55a1..1bdfcb262443 100644
Binary files a/assets/images/help/security/advanced-code-scanning-setup.png and b/assets/images/help/security/advanced-code-scanning-setup.png differ
diff --git a/assets/images/help/security/default-code-scanning-setup-ghas.png b/assets/images/help/security/default-code-scanning-setup-ghas.png
new file mode 100644
index 000000000000..56aa04ac9def
Binary files /dev/null and b/assets/images/help/security/default-code-scanning-setup-ghas.png differ
diff --git a/assets/images/help/security/default-code-scanning-setup.png b/assets/images/help/security/default-code-scanning-setup.png
index 56aa04ac9def..556f37c304a1 100644
Binary files a/assets/images/help/security/default-code-scanning-setup.png and b/assets/images/help/security/default-code-scanning-setup.png differ
diff --git a/assets/images/help/security/push-protection-example.png b/assets/images/help/security/push-protection-example.png
new file mode 100644
index 000000000000..a7cc1c395665
Binary files /dev/null and b/assets/images/help/security/push-protection-example.png differ
diff --git a/content/admin/data-residency/about-github-enterprise-cloud-with-data-residency.md b/content/admin/data-residency/about-github-enterprise-cloud-with-data-residency.md
index e8436d700d34..6a240b6d9594 100644
--- a/content/admin/data-residency/about-github-enterprise-cloud-with-data-residency.md
+++ b/content/admin/data-residency/about-github-enterprise-cloud-with-data-residency.md
@@ -47,7 +47,7 @@ To pay for user licenses and services, you can:
 
 You will be on our latest billing platform, which allows you to estimate spending, create cost centers to manage expenses, and pay flexibly for the services you use.
 
-You can also sign up for usage-based billing for {% data variables.product.prodname_enterprise %} and {% data variables.product.prodname_GHAS %}{% ifversion ghas-products-cloud %} products{% endif %}, meaning you won't need to purchase a pre-defined number of licenses in advance.
+You can also sign up for usage-based billing for {% data variables.product.prodname_enterprise %} and {% data variables.product.prodname_GHAS %} products, meaning you won't need to purchase a pre-defined number of licenses in advance.
 
 ## Developer experience
 
diff --git a/content/admin/managing-code-security/securing-your-enterprise/about-security-configurations.md b/content/admin/managing-code-security/securing-your-enterprise/about-security-configurations.md
index 9ec6f09712af..cd54ad6ee007 100644
--- a/content/admin/managing-code-security/securing-your-enterprise/about-security-configurations.md
+++ b/content/admin/managing-code-security/securing-your-enterprise/about-security-configurations.md
@@ -2,7 +2,6 @@
 title: About security configurations
 shortTitle: Security configurations
 intro: 'Security configurations are collections of security settings that you can apply across your enterprise.'
-product: '{% data reusables.gated-features.security-configurations-enterprise %}'
 versions:
   feature: security-configuration-enterprise-level
 topics:
@@ -17,9 +16,16 @@ topics:
 
 {% data reusables.security-configurations.overview %}
 
+{% ifversion ghec %}
+
+When you create a security configuration with {% data variables.product.prodname_AS %} features enabled, your enterprise will incur usage costs when you apply the configuration to repositories if your enterprise account has metered billing. If you have bought volume/subscription licenses for {% data variables.product.prodname_GHAS %}, {% data variables.product.prodname_GH_code_security %}, or {% data variables.product.prodname_GH_secret_protection %}, you will need enough licenses to cover any additional unique committers.
+
+{% endif %}
+
 {% ifversion security-configurations-ghes-only %}
 
 When creating a security configuration, keep in mind that:
+
 * Only features installed by a site administrator on your {% data variables.product.prodname_ghe_server %} instance will appear in the UI.
 * {% data variables.product.prodname_AS %} features will only be visible if your enterprise or {% data variables.product.prodname_ghe_server %} instance holds a {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %}, {% data variables.product.prodname_GH_code_security %}, or {% data variables.product.prodname_GH_secret_protection %}{% endif %} license.
 * Certain features, like {% data variables.product.prodname_dependabot_security_updates %} and {% data variables.product.prodname_code_scanning %} default setup, also require that {% data variables.product.prodname_actions %} is installed on the {% data variables.product.prodname_ghe_server %} instance.
diff --git a/content/admin/managing-code-security/securing-your-enterprise/applying-the-github-recommended-security-configuration-to-your-enterprise.md b/content/admin/managing-code-security/securing-your-enterprise/applying-the-github-recommended-security-configuration-to-your-enterprise.md
index af20b2864184..a2b4eedc05eb 100644
--- a/content/admin/managing-code-security/securing-your-enterprise/applying-the-github-recommended-security-configuration-to-your-enterprise.md
+++ b/content/admin/managing-code-security/securing-your-enterprise/applying-the-github-recommended-security-configuration-to-your-enterprise.md
@@ -15,14 +15,16 @@ topics:
 
 The {% data variables.product.prodname_github_security_configuration %} is a set of industry best practices and features that provide a robust, baseline security posture for enterprises. This configuration is created and maintained by subject matter experts at {% data variables.product.github %}, with the help of multiple industry leaders and experts. The {% data variables.product.prodname_github_security_configuration %} is designed to successfully reduce the security risks for low- and high-impact repositories. We recommend you apply this configuration to all the repositories in your enterprise.
 
+The {% data variables.product.prodname_github_security_configuration %} includes {% data variables.product.prodname_GH_code_security %} and {% data variables.product.prodname_GH_secret_protection %} features. Applying the configuration to private and internal repositories will incur usage costs or require GHAS licenses. For more information, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
+
 {% data reusables.security-configurations.github-recommended-warning-enterprise %}
 
-## Applying the {% data variables.product.prodname_github_security_configuration %} to  repositories in your enterprise
+## Applying the {% data variables.product.prodname_github_security_configuration %} to repositories in your enterprise
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.advanced-security-tab %}
-1. In the "{% data variables.product.company_short %} recommended" row of the configurations table for your enterprise, select the **Apply to** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **All repositories** or **All repositories without configurations**.
+1. In the "{% data variables.product.github %} recommended" row of the configurations table for your enterprise, select the **Apply to** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **All repositories** or **All repositories without configurations**.
 {% data reusables.security-configurations.apply-configuration-by-default %}
 
 {% data reusables.security-configurations.apply-configuration %}
@@ -36,5 +38,6 @@ The {% data variables.product.prodname_github_security_configuration %} is a set
 {% data reusables.enterprise-accounts.advanced-security-tab %}
 1. In the "Configurations" section, select "{% data variables.product.company_short %} recommended".
 1. In the "Policy" section, next to "Enforce configuration", select **Enforce** from the dropdown menu.
+1. Click **Save configuration** to save your change to the {% data variables.product.prodname_github_security_configuration %}.
 
 {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases-enterprise %}
diff --git a/content/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise.md b/content/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise.md
index 9fd3a29bc6b5..8278177c53cc 100644
--- a/content/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise.md
+++ b/content/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise.md
@@ -15,8 +15,7 @@ topics:
 
 There are some additional {% data variables.product.prodname_secret_scanning %} settings that cannot be applied to repositories using {% data variables.product.prodname_security_configurations %}, so you must configure these settings separately:
 
-* [Configuring a resource link for push protection](/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise#configuring-a-resource-link-for-push-protection){% ifversion secret-scanning-ai-generic-secret-detection %}
-* [Configuring AI detection to find additional secrets](/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise#configuring-ai-detection-to-find-additional-secrets){% endif %}
+* [Configuring a resource link for push protection](/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise#configuring-a-resource-link-for-push-protection)
 
 These additional settings only apply to repositories with {% data variables.product.prodname_secret_scanning %} enabled and {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %} or {% data variables.product.prodname_GH_secret_protection %}{% endif %}.
 
@@ -33,17 +32,3 @@ To provide context for developers when {% data variables.product.prodname_secret
 
 1. Under "Additional settings", to the right of "Resource link for push protection", click **{% octicon "pencil" aria-hidden="true" %}**.
 1. In the text box, type the link to the desired resource, then click **{% octicon "check" aria-label="Save" %}**.
-
-{% ifversion secret-scanning-ai-generic-secret-detection %}
-
-### Configuring AI detection to find additional secrets
-
-{% data variables.secret-scanning.copilot-secret-scanning %}'s {% data variables.secret-scanning.generic-secret-detection %} is an AI-powered expansion of {% data variables.product.prodname_secret_scanning %} that scans and creates alerts for unstructured secrets, such as passwords.
-
-1. Under "Additional settings", to the right of "Use AI detection to find additional secrets", ensure the setting is toggled to "On".
-
-{% data reusables.secret-scanning.copilot-secret-scanning-generic-secrets-subscription-note %}
-
-To learn more about generic secrets, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).
-
-{% endif %}
diff --git a/content/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise.md b/content/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise.md
index 3d85466b4a5b..1e3a385b5853 100644
--- a/content/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise.md
+++ b/content/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise.md
@@ -21,6 +21,14 @@ We recommend securing your enterprise with the {% data variables.product.prodnam
 
 With {% data variables.product.prodname_custom_security_configurations %}, you can create collections of enablement settings for {% data variables.product.company_short %}'s security products to meet the specific security needs of your enterprise. For example, you can create a different {% data variables.product.prodname_custom_security_configuration %} for each organization or group of organizations to reflect their unique security requirements and compliance obligations.
 
+{% ifversion ghas-products %}
+
+You can also choose whether or not you want to include {% data variables.product.prodname_GH_code_security %} or {% data variables.product.prodname_GH_secret_protection %} features in a configuration.
+
+If you do, keep in mind that these features incur usage costs (or require {% data variables.product.prodname_GHAS %} licenses) when applied to private and internal repositories. For more information, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
+
+{% endif %}
+
 {% ifversion security-configurations-ghes-only %}
 
 When creating a security configuration, keep in mind that:
@@ -32,8 +40,8 @@ When creating a security configuration, keep in mind that:
 
 ## Creating a {% data variables.product.prodname_custom_security_configuration %}
 
-{% ifversion security-configurations-cloud %}
-<!-- Note: this article has two entirely separate procedures for cloud and server users. -->
+{% ifversion ghec %}
+<!-- Note: this article has two entirely separate procedures for cloud and server enterprises. The GHES 3.17+ version of the procedure is still to come. -->
 
 >[!NOTE]
 > The enablement status of some security features is dependent on other, higher-level security features. For example, disabling dependency graph will also disable automatic dependency submission, {% data variables.product.prodname_dependabot_alerts %}, vulnerability exposure analysis, and security updates.
@@ -43,30 +51,39 @@ When creating a security configuration, keep in mind that:
 {% data reusables.enterprise-accounts.advanced-security-tab %}
 1. In the "Configurations" section, click **New configuration**.
 1. To help identify your {% data variables.product.prodname_custom_security_configuration %} and clarify its purpose on the "Configurations" page, name your configuration and create a description.
-1. In the "{% data variables.product.prodname_GH_advanced_security %} features" row, choose whether to include or exclude {% data variables.product.prodname_GH_advanced_security %} (GHAS) features. If you plan to apply a {% data variables.product.prodname_custom_security_configuration %} with GHAS features to private repositories, you must have available GHAS licenses for each active unique committer to those repositories, or the features will not be enabled. See [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
-1. In the "Dependency graph and {% data variables.product.prodname_dependabot %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for the following security features:
-    * Dependency graph. To learn about dependency graph, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph).{%- ifversion maven-transitive-dependencies %}
-    * Automatic dependency submission. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %}
-    * {% data variables.product.prodname_dependabot_alerts %}. To learn about {% data variables.product.prodname_dependabot_alerts %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
-    * Security updates. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).
-
-    > [!NOTE]
-    > You cannot manually change the enablement settings for vulnerable function calls. If {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %} or {% data variables.product.prodname_GH_code_security %}{% endif %} features and {% data variables.product.prodname_dependabot_alerts %} are enabled, vulnerable function calls is also enabled. Otherwise, it is disabled.
-
-1. In the "{% data variables.product.prodname_code_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for {% data variables.product.prodname_code_scanning %} default setup. To learn about default setup, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#about-default-setup).
-1. In the "{% data variables.product.prodname_secret_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for the following security features:
-    * Alerts. To learn about {% data variables.product.prodname_secret_scanning %}, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning).{% ifversion org-npp-enablement-security-configurations %}
-    * Non-provider patterns. To learn more about scanning for non-provider patterns, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#non-provider-patterns) and [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts).{% endif %}
-    * Push protection. To learn about push protection, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).
-1. In the "Private vulnerability reporting" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for private vulnerability reporting. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).
-1. Optionally, in the "Policy" section, you can choose to automatically apply the {% data variables.product.prodname_security_configuration %} to newly created repositories depending on their visibility. Select the **None** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**.
-1. Optionally, in the "Policy" section, you can enforce the configuration and block repository owners from changing features that are enabled or disabled by the configuration (features that are not set aren't enforced). Next to "Enforce configuration", select **Enforce** from the dropdown menu.
-
-    {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases-enterprise %}
+1. Optionally, enable "{% data variables.product.prodname_secret_protection %}", a paid feature for private {% ifversion ghec %}and internal {% endif %} repositories. Enabling {% data variables.product.prodname_secret_protection %} enables alerts for {% data variables.product.prodname_secret_scanning %}. In addition, you can choose whether to enable, disable, or keep the existing settings for the following {% data variables.product.prodname_secret_scanning %} features:
+    {% ifversion secret-scanning-validity-check-partner-patterns %}
+    * **Validity checks**. To learn more about validity checks for partner patterns, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity).{% endif %}{% ifversion org-npp-enablement-security-configurations %}
+    * **Non-provider patterns**. To learn more about scanning for non-provider patterns, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#non-provider-patterns) and [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts).{% endif %}{% ifversion secret-scanning-ai-generic-secret-detection %}
+    * **Scan for generic passwords**. To learn more, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).{% endif %}
+    * **Push protection**. To learn about push protection, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).{% ifversion security-delegated-alert-dismissal %}
+    * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning).{% endif %}
+1. Optionally, enable "{% data variables.product.prodname_code_security %}", a paid feature for private and internal repositories. You can choose whether to enable, disable, or keep the existing settings for the following {% data variables.product.prodname_code_scanning %} features:
+   * **Default setup**. To learn more, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#about-default-setup). {% ifversion code-scanning-default-setup-customize-labels %}
+   * **Runner type**. If you want to target specific runners for {% data variables.product.prodname_code_scanning %}, you can choose to use custom-labeled runners at this step. See [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#assigning-labels-to-runners).{% endif %} {% ifversion security-delegated-alert-dismissal %}
+    * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning).{% endif %}
+1. Still under "{% data variables.product.prodname_code_security %}", in the "Dependency scanning" table, choose whether you want to enable, disable, or keep the existing settings for the following dependency scanning features:
+   * **Dependency graph**. To learn about dependency graph, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph).
+      > [!TIP]
+      > When both "{% data variables.product.prodname_code_security %}" and Dependency graph are enabled, this enables dependency review, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).{%- ifversion maven-transitive-dependencies %}
+   * **Automatic dependency submission**. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %}
+   * **{% data variables.product.prodname_dependabot %} alerts**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
+   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).
+1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).
+1. Optionally, in the "Policy" section, you can use additional options to control how the configuration is applied:
+   * **Use as default for newly created repositories**. Select the **None** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**.
+   * **Enforce configuration**. Block repository owners from changing features that are enabled or disabled by the configuration (features that are not set aren't enforced). Select **Enforce** from the dropdown menu.
+
+        {% data reusables.security-configurations.default-configuration-exception-repo-transfers %}
 
 1. To finish creating your {% data variables.product.prodname_custom_security_configuration %}, click **Save configuration**.
 
-{% elsif security-configurations-ghes-only %}
+{% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases-enterprise %}
+
+<!-- expires 2025-05-01 -->
+<!-- The updated procedure for GHES 3.17+ will be added here later, see ref: #17613 -->
+<!-- end expires 2025-05-01 -->
+{% elsif ghes < 3.17 %}
 
 >[!NOTE]
 > The enablement status of some security features is dependent on other, higher-level security features. For example, disabling {% data variables.secret-scanning.alerts %} will also disable non-provider patterns and push protection.
@@ -78,16 +95,16 @@ When creating a security configuration, keep in mind that:
 1. To help identify your {% data variables.product.prodname_custom_security_configuration %} and clarify its purpose on the "Configurations" page, name your configuration and create a description.
 1. In the "{% data variables.product.prodname_GH_advanced_security %} features" row, choose whether to include or exclude {% data variables.product.prodname_GH_advanced_security %} (GHAS) features. If you plan to apply a {% data variables.product.prodname_custom_security_configuration %} with GHAS features to private repositories, you must have available GHAS licenses for each active unique committer to those repositories, or the features will not be enabled. See [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
 1. In the "Dependency graph and {% data variables.product.prodname_dependabot %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for the following security features:
-    * {% data variables.product.prodname_dependabot_alerts %}. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
+    * **{% data variables.product.prodname_dependabot_alerts %}**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
     > [!NOTE] {% data variables.dependabot.auto_triage_rules %} are not available to set at enterprise level. If an enterprise-level security configuration is applied to a repository, it can still have {% data variables.dependabot.auto_triage_rules %} enabled, but you can't turn off these rules at the level of the enterprise.
-    * Security updates. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).
+    * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).
     > [!NOTE]
     > You cannot manually change the enablement setting for the dependency graph. This setting is installed and managed by a site administrator at the instance level.
 1. In the "{% data variables.product.prodname_code_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for {% data variables.product.prodname_code_scanning %} default setup. To learn about default setup, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#about-default-setup).
 1. In the "{% data variables.product.prodname_secret_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for the following security features:
-    * Alerts. To learn about {% data variables.secret-scanning.alerts %}, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning).{% ifversion org-npp-enablement-security-configurations %}
-    * Non-provider patterns. To learn more about scanning for non-provider patterns, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#non-provider-patterns) and [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts).{% endif %}
-    * Push protection. To learn about push protection, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).
+    * **Alerts**. To learn about {% data variables.secret-scanning.alerts %}, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning).{% ifversion org-npp-enablement-security-configurations %}
+    * **Non-provider patterns**. To learn more about scanning for non-provider patterns, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#non-provider-patterns) and [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts).{% endif %}
+    * **Push protection**. To learn about push protection, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).
 1. Optionally, in the "Policy" section, you can choose to automatically apply the {% data variables.product.prodname_security_configuration %} to newly created repositories depending on their visibility. Select the **None** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **Public**, or **Private and internal**, or **All repositories**.
 
 1. Optionally, in the "Policy" section, you can enforce the configuration and block repository owners from changing features that are enabled or disabled by the configuration (features that are not set aren't enforced). Next to "Enforce configuration", select **Enforce** from the dropdown menu.
diff --git a/content/admin/managing-code-security/securing-your-enterprise/deleting-a-custom-security-configuration.md b/content/admin/managing-code-security/securing-your-enterprise/deleting-a-custom-security-configuration.md
index 6c56d7d0cde4..061e9ce6fd27 100644
--- a/content/admin/managing-code-security/securing-your-enterprise/deleting-a-custom-security-configuration.md
+++ b/content/admin/managing-code-security/securing-your-enterprise/deleting-a-custom-security-configuration.md
@@ -24,5 +24,5 @@ If you no longer need a {% data variables.product.prodname_custom_security_confi
 {% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.advanced-security-tab %}
 1. In the configurations table, click the name of the {% data variables.product.prodname_custom_security_configuration %} you want to delete.
-1. In the "Edit configuration" page, scroll to the bottom of the "Policy" section, then click **Delete configuration**.
+1. In the "Edit configuration" page, scroll to the bottom of the page, then click **Delete configuration**.
 1. Ensure you read the warning in the "Delete this configuration?" dialog, to confirm you are comfortable deleting the {% data variables.product.prodname_custom_security_configuration %}, then click **Delete configuration**.
diff --git a/content/admin/managing-code-security/securing-your-enterprise/editing-a-custom-security-configuration.md b/content/admin/managing-code-security/securing-your-enterprise/editing-a-custom-security-configuration.md
index 57df14c45a13..4b2f03dea2c8 100644
--- a/content/admin/managing-code-security/securing-your-enterprise/editing-a-custom-security-configuration.md
+++ b/content/admin/managing-code-security/securing-your-enterprise/editing-a-custom-security-configuration.md
@@ -29,7 +29,7 @@ After creating and applying a {% data variables.product.prodname_custom_security
 {% data reusables.enterprise-accounts.advanced-security-tab %}
 1. In the "Configurations" section, click the name of the {% data variables.product.prodname_custom_security_configuration %} you want to edit.
 1. Edit the name and description of your {% data variables.product.prodname_custom_security_configuration %} as desired.
-1. In the "Security settings" section, edit the enablement settings of your {% data variables.product.prodname_custom_security_configuration %} as desired.
+1. Edit the enablement settings of your {% data variables.product.prodname_custom_security_configuration %} as desired.
 1. In the "Policy" section, you can modify the configuration's enforcement status. Enforcing a configuration will block repository owners from changing features that are enabled or disabled by the configuration, but features that are not set aren't enforced. Next to "Enforce configuration", select **Enforce** or **Don't enforce** from the dropdown menu.
 
     {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases-enterprise %}
diff --git a/content/admin/overview/setting-up-a-trial-of-github-enterprise-cloud.md b/content/admin/overview/setting-up-a-trial-of-github-enterprise-cloud.md
index 3079862afa4d..ebe99f5dd21e 100644
--- a/content/admin/overview/setting-up-a-trial-of-github-enterprise-cloud.md
+++ b/content/admin/overview/setting-up-a-trial-of-github-enterprise-cloud.md
@@ -16,16 +16,12 @@ shortTitle: Enterprise Cloud trial
 
 {% data reusables.enterprise.about-ghec %} See [AUTOTITLE](/enterprise-cloud@latest/admin/overview/about-github-enterprise-cloud).
 
->You can set up a trial to evaluate features that require {% data variables.product.prodname_ghe_cloud %}, such as SAML single sign-on (SSO) and {% data variables.product.prodname_GH_advanced_security %}. For a full list of available features, see our [Pricing](https://github.com/pricing) page.
-
-Your trial **won't** include {% data variables.enterprise.data_residency_short %} on {% data variables.enterprise.data_residency_site %} or access to {% data variables.product.prodname_ghe_server %}. To test these features, contact {% data variables.contact.contact_enterprise_sales %}.
+To set up a trial, you must be signed in to a personal account. If you don't have a personal account, see [AUTOTITLE](/free-pro-team@latest/get-started/start-your-journey/creating-an-account-on-github).
 
 <a href="https://github.com/account/enterprises/new?ref_cta=GHEC+trial&ref_loc=setting+up+a+trial+of+github+enterprise+cloud&ref_page=docs" target="_blank" class="btn btn-primary mt-3 mr-3 no-underline"><span>Set up a trial of {% data variables.product.prodname_ghe_cloud %}</span> {% octicon "link-external" height:16 %}</a>
 
 >[!IMPORTANT] Your trial enterprise will be hosted in the USA. If you require {% data variables.enterprise.data_residency_short %} outside the USA, contact {% data variables.contact.contact_sales_data_residency %}.
 
-To set up a trial, you must be signed in to a personal account. If you don't have a personal account, see [AUTOTITLE](/free-pro-team@latest/get-started/start-your-journey/creating-an-account-on-github).
-
 {% data reusables.enterprise.enterprise-types %}
 
 ## What is included in the trial?
@@ -34,11 +30,13 @@ The trial lasts for **{% data reusables.enterprise.ghec-trial-length %} days** a
 
 * Access to **most** {% data variables.product.prodname_ghe_cloud %} features.{% ifversion metered-ghe-ghas %}
 * {% data variables.product.prodname_copilot_for_business %}
-* {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %} products{% endif %}
+* {% data variables.product.prodname_GH_cs_and_sp %}
 * Access to the **new billing platform**.{% ifversion enhanced-billing-platform %} See [AUTOTITLE](/billing/using-the-new-billing-platform/about-the-new-billing-platform-for-enterprises).{% endif %}{% endif %}
 * An **enterprise account**, which allows you to manage multiple organizations. See [AUTOTITLE](/enterprise-cloud@latest/get-started/learning-about-github/types-of-github-accounts).
 * Up to **50 licenses** to grant access to users.
 
+Your trial **won't** include {% data variables.enterprise.data_residency_short %} on {% data variables.enterprise.data_residency_site %} or access to {% data variables.product.prodname_ghe_server %}. To test these features, contact {% data variables.contact.contact_enterprise_sales %}.
+
 ## Features not included in the trial
 
 * {% data variables.product.prodname_github_codespaces %}
@@ -77,7 +75,7 @@ You can end your trial at any time by purchasing {% data variables.product.prodn
 If you **purchase {% data variables.product.prodname_enterprise %}**:
 
 {% ifversion metered-ghe-ghas %}
-* You can use usage-based billing for {% data variables.product.prodname_ghe_cloud %} and {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %} products{% endif %}, which means you pay monthly for the number of licenses you use. You will not need to buy a predefined number of licenses in advance. See, [AUTOTITLE](/billing/using-the-new-billing-platform/about-usage-based-billing-for-licenses).
+* You can use usage-based billing for {% data variables.product.prodname_ghe_cloud %} and {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %} products{% endif %}, which means you pay monthly for the number of licenses you use. You will not need to buy a predefined number of licenses in advance. See [AUTOTITLE](/billing/using-the-new-billing-platform/about-usage-based-billing-for-licenses).
 
   If you did not set up a free trial and you want to use usage-based billing to pay for {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %} products{% endif %} after the {% data variables.product.prodname_ghe_cloud %} trial ends, contact [{% data variables.product.prodname_dotcom %}'s Sales team](https://enterprise.github.com/contact).{% endif %}
 
diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-github-actions/about-billing-for-github-actions.md b/content/billing/managing-billing-for-your-products/managing-billing-for-github-actions/about-billing-for-github-actions.md
index 4ea8f6a9d27d..9c3aa6585674 100644
--- a/content/billing/managing-billing-for-your-products/managing-billing-for-github-actions/about-billing-for-github-actions.md
+++ b/content/billing/managing-billing-for-your-products/managing-billing-for-github-actions/about-billing-for-github-actions.md
@@ -20,12 +20,8 @@ shortTitle: Billing for GitHub Actions
 
 ## About billing for {% data variables.product.prodname_actions %}
 
-{% ifversion billing-auth-and-capture %}
-
 {% data reusables.billing.authorization-charge %}
 
-{% endif %}
-
 {% data reusables.actions.actions-billing %}
 
 {% data reusables.actions.actions-spending-limit-brief %} For more information, see [About spending limits](#about-spending-limits).
diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security.md b/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security.md
index e6e13e2c94c8..6d7ea5c927d9 100644
--- a/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security.md
+++ b/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security.md
@@ -1,7 +1,8 @@
 ---
-title: About billing for GitHub Advanced Security
-intro: 'Learn how {% data variables.product.prodname_GH_advanced_security %} costs are calculated and how to get the most from your license.'
-product: '{% data reusables.gated-features.ghas-ghec %}'
+title: About billing for {% data variables.product.prodname_GHAS %}
+intro: '{% ifversion ghes = 3.12 %}Learn how the use of {% data variables.product.prodname_GHAS %} licenses is calculated.{% else %}Learn about the licensing models for {% data variables.product.prodname_AS %} products and how the use of {% data variables.product.prodname_GHAS_cs_and_sp %} licenses is calculated.{% endif %}'
+allowTitleToDifferFromFilename: true
+product: '{% data reusables.gated-features.ghas-billing %}'
 redirect_from:
   - /admin/advanced-security/about-licensing-for-github-advanced-security
   - /billing/managing-licensing-for-github-advanced-security/about-licensing-for-github-advanced-security
@@ -20,173 +21,186 @@ topics:
 shortTitle: Advanced Security billing
 ---
 
-{% ifversion metered-ghe-ghas %}
-
-## Metered billing for {% data variables.product.prodname_GH_advanced_security %}
+{% ifversion fpt or ghec %}
+{% data variables.product.github %} makes a subset of {% data variables.product.prodname_AS %} features available, free of charge, to all public repositories on {% data variables.product.prodname_dotcom_the_website %}. In addition, you can get insight into your exposure to leaked secrets with a free {% data variables.product.prodname_secret_risk_assessment %}. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization).
 
-If you started a trial of {% data variables.product.prodname_GH_advanced_security %} (GHAS) during your {% data variables.product.prodname_ghe_cloud %} trial on or after August 1, 2024, or if your account is onboarded into metered billing outside of the trial, your billing will be usage-based. This means:
+You need pay to use {% data variables.product.prodname_AS %} features in private repositories. If you change the visibility of a public repository to private and don't pay for {% data variables.product.prodname_AS %}, {% data variables.product.prodname_AS %} features will be disabled for that repository.
 
-* You pay for the number of licenses used each month.
-* This applies to both {% data variables.product.prodname_ghe_cloud %} and {% data variables.product.prodname_GH_advanced_security %}.
+{% endif %}
 
-There are a few key differences between metered and volume billing for {% data variables.product.prodname_GH_advanced_security %}.
+{% ifversion ghas-products %}
 
-* **GHAS Metered billing**
+## License types for {% data variables.product.prodname_AS %} products
 
-  * Billed per active committer, with no pre-defined license limit.
-  * No overage state, pay only for what you use.
-  * Server-only users will be added to metered billing. These users are de-duplicated with email matching to avoid double billing.
+Licensing for {% data variables.product.prodname_AS %} products is flexible, making it easy for you to choose options that fit your business needs. {% ifversion ghec or ghes %}You can buy volume/subscription licenses for any combination of the following products or use metered billing to pay for your use:{% endif %}
 
-* **GHAS Volume/Subscription billing**
+{% data reusables.advanced-security.ghas-products-bullets %}{% ifversion ghec or ghes %}
+* **{% data variables.product.prodname_GHAS %}**, which includes all features in {% data variables.product.prodname_GH_secret_protection %} and {% data variables.product.prodname_GH_code_security %}.{% endif %}
 
-  * Purchase a defined number of licenses (for example, 100 licenses).
-  * If usage exceeds purchased licenses, you will need to purchase additional licenses to cover this overage usage.
+For example, you might start by using {% data variables.product.prodname_GH_secret_protection %} across all repositories, and pilot {% data variables.product.prodname_GH_code_security %} in high-risk repositories. You {% ifversion ghec or ghes %}buy or {% endif %}pay only for the products you need, and expand as you see the benefits to the security of your code.
 
-For more detailed information about these two types of billing, see [AUTOTITLE](/billing/using-the-new-billing-platform/about-usage-based-billing-for-licenses).
+For more information, see [feature summary and pricing information](https://github.com/enterprise/advanced-security#pricing) and [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
 
-### Managing committers and repositories
+{% else %}
+You can make extra features available to users with a license for {% data variables.product.prodname_AS %} products. For more information, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
 
-{% data variables.product.prodname_GH_advanced_security %} is billed per committer and enabled by repository. If you remove a committer from an organization or enterprise, or if you disable {% data variables.product.prodname_GH_advanced_security %} on a repository, the committers will remain billable until the end of the current monthly billing cycle. Prorated billing applies only when a committer starts partway through the month. For examples of how committers are tracked and billed, see [Understanding usage](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security#understanding-usage).
+{% endif %}
 
-If you have further questions about using {% data variables.product.prodname_GH_advanced_security %}, you can contact your account manager in {% data variables.contact.contact_enterprise_sales %}.
+{% ifversion metered-ghe-ghas %}
 
-{% data reusables.billing.actions-usage-delay %}
+## Billing models for {% data variables.product.prodname_AS %} products
 
-{% endif %}
+Each active committer to at least one repository with an {% data variables.product.prodname_AS %} product enabled uses one license. A committer is considered active if one of their commits has been pushed to the repository within the last 90 days, regardless of when it was originally authored.
 
-## About licenses for {% data variables.product.prodname_GH_advanced_security %}
+There are two different ways to pay for licenses.
 
-{% ifversion billing-auth-and-capture %}
+* **Metered billing** {% ifversion ghec %}introduced from June 2024 onward{% elsif ghes %}available from {% data variables.product.prodname_ghe_server %} 3.13 onward with {% data variables.product.prodname_github_connect %}{% endif %}
 
-{% data reusables.billing.authorization-charge %}
+  * Users can enable {% data variables.product.prodname_GH_cs_or_sp %} independently.
+  * Monthly bill for the number of licenses used by active committers.
+  * No pre-defined license limit.
+  * No overage state, you pay only for what you use.{% ifversion ghec or ghes %}
+  * {% data variables.product.prodname_ghe_server %} use of {% data variables.product.prodname_AS %} products is billed through the linked enterprise account on {% data variables.product.prodname_ghe_cloud %} for hybrid systems.{% endif %}
 
-{% endif %}
+* **Volume/subscription billing** available for {% data variables.product.prodname_enterprise %} plans only
 
-{% ifversion fpt %}
+  * Users must ask the sales team to set up billing.
+  * Purchase a specific number of {% data variables.product.prodname_GHAS_cs_or_sp %} licenses that last for a defined period, typically at least a year.
+  * If the usage of {% data variables.product.prodname_AS %} by active committers exceeds the number of licenses purchased, you need to purchase additional licenses to cover this overage usage.
 
-{% data reusables.advanced-security.ghas-license-info-for-fpt %}
+{% endif %}
 
-> [!NOTE]
-> If you change the visibility of a public repository to private then {% data variables.product.prodname_GH_advanced_security %} will be disabled for that repository.
+{% ifversion metered-ghe-ghas %}
 
-For pricing details for {% data variables.product.prodname_GH_advanced_security %}, see our [pricing information](https://github.com/enterprise/advanced-security#pricing).
+## Managing committers and costs
 
-{% data reusables.advanced-security.ghas-products-tip %}
+{% ifversion fpt %}
 
-{% elsif ghec %}
+With a {% data variables.product.prodname_team %} plan, you manage committers and costs by controlling usage. The options available depend on your billing platform.
 
-If you want to use {% data variables.product.prodname_GH_advanced_security %} features on any repository apart from a public repository on {% data variables.product.prodname_dotcom_the_website %}, you will need a {% data variables.product.prodname_GH_advanced_security %} license. For more information about {% data variables.product.prodname_GH_advanced_security %}, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
+{% else %}
 
-{% data reusables.advanced-security.ghas-products-tip %}
+The options available for managing committers and costs depend on your billing model and the billing platform you use.
 
-{% ifversion security-configurations %}
-{% data reusables.security-configurations.managing-GHAS-licenses %}
+### Metered billing
+<!--Metered billing is the only option for GitHub Teams so no heading required -->
 
 {% endif %}
 
-{% data reusables.advanced-security.ghas-trial-availability %} See [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security).
+Your use of {% data variables.product.prodname_AS %} is billed per committer and enabled by repository. If you remove a committer from an organization{% ifversion ghec or ghes %} or enterprise{% endif %}, or if you disable all {% data variables.product.prodname_GH_cs_or_sp %} features for a repository, the committers will remain billable until the end of the current monthly billing cycle. Prorated billing applies only when a committer starts partway through the month. For examples of how committers are tracked and billed, see [Understanding usage](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security#understanding-usage).
 
-{% data reusables.advanced-security.ghas-trial-invoiced %}
+You can control usage and costs with {% ifversion ghec %}cost centers, policies, {% endif %}budgets and alerts. See {% data reusables.advanced-security.control-use-cost-links %}.
 
-For other billing-related questions, contact {% data variables.contact.github_support %}.
+{% data reusables.billing.actions-usage-delay %}
 
-{% elsif ghes %}
+{% ifversion ghas-in-license-sync %}
+If your enterprise uses {% data variables.product.prodname_GH_advanced_security %} on both {% data variables.product.prodname_ghe_server %} and {% data variables.product.prodname_ghe_cloud %}, you can ensure users aren't consuming multiple licenses unnecessarily by synchronizing license usage between environments.{% ifversion ghec %} {% data variables.product.prodname_GH_advanced_security %} is included in license sync in {% data variables.product.prodname_ghe_server %} version 3.12 and later.{% endif %} See [AUTOTITLE](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud).
+{% endif %}
 
-You can make extra features available to users by buying and uploading a license for {% data variables.product.prodname_GH_advanced_security %}. For more information about {% data variables.product.prodname_GH_advanced_security %}, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
+{% endif %}
 
-{% data reusables.advanced-security.ghas-products-tip %}
+{% ifversion ghec or ghes > 3.12 %}
+<!--Volume/Subscription billing for GHCS and GH SP is not available for GitHub Teams-->
+### Volume/subscription billing
 
-{% ifversion security-configurations %}
-{% data reusables.security-configurations.managing-GHAS-licenses %}
+{% elsif ghes < 3.13 %}
+<!--Volume/Subscription billing is the only option for GHES 3.12-->
+## License size
 
 {% endif %}
 
-{% endif %}
+Each license specifies a maximum number of accounts that can use {% data variables.product.prodname_AS %}. Each active committer to at least one repository with the product enabled consumes one license. When you remove a user from your {% data variables.enterprise.enterprise_or_org %} account, the user's license is freed within 24 hours.
 
-{% ifversion ghes or ghec %}
+If you exceed your license limit, features controlled by {% data variables.product.prodname_AS %} licensing continue to work on all repositories where they are already enabled. However, you will not be able to enable {% data variables.product.prodname_GH_cs_or_sp %} on any additional repositories. Any new repositories created in organizations where {% data variables.product.prodname_GH_cs_or_sp %} are configured to be enabled automatically will be created with the products disabled.
 
-## License size
+As soon as you make licenses available, by disabling {% data variables.product.prodname_GH_cs_or_sp %} in some repositories, or by increasing your license size, the options for enabling {% data variables.product.prodname_GH_cs_and_sp %} will work again as normal. {% ifversion ghes %}All standalone instances of {% data variables.product.prodname_ghe_server %} use volume/subscription licenses. Contact [{% data variables.product.github %}'s Sales team](https://enterprise.github.com/contact) if you want to make changes to your license.{% endif %}
 
-{% ifversion metered-ghe-ghas %}
+You can enforce policies to allow or disallow the use of {% data variables.product.prodname_advanced_security %} by organizations owned by your enterprise account. See [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-advanced-security-in-your-enterprise).
 
-> [!IMPORTANT] If you have access to usage-based billing for {% data variables.product.prodname_GH_advanced_security %}, you will pay for the licenses you use each month and will not have a license limit. See [AUTOTITLE](/billing/using-the-enhanced-billing-platform-for-enterprises/about-usage-based-billing-for-licenses).
+## Active and unique committers
 
-{% endif %}
+The number of unique, active committers who use {% data variables.product.prodname_GH_cs_or_sp %} controls your license use.
 
-Each license for {% data variables.product.prodname_GH_advanced_security %} specifies a maximum number of accounts that can use these features. Each active committer to at least one repository with the feature enabled uses one license. A committer is considered active if one of their commits has been pushed to the repository within the last 90 days, regardless of when it was originally authored.
+{% ifversion security-configurations %}You can see the active and unique committers to an organization on the Global settings page for {% data variables.product.UI_advanced_security %}. Under "{% data variables.product.prodname_secret_protection %} repositories" and "{% data variables.product.prodname_code_security %} repositories" summary and repository-level details are reported. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization).{% endif %}
 
-When you remove a user from your enterprise account, the user's license is freed within 24 hours.
+{% ifversion fpt %}
+* **Active committers** is the number of committers who contributed to at least one organization-owned repository, and who use a license in your organization. That is, they are also an organization member, an external collaborator, or have a pending invitation to join your organization, and they are not a {% data variables.product.prodname_github_app %} bot.
+{% else %}
+* **Active committers** is the number of committers who contributed to at least one organization-owned repository{% ifversion secret-scanning-user-owned-repos %} or one user-owned repository{% endif %}, and who use a license in your enterprise. That is, they are also an organization member, an external collaborator, or have a pending invitation to join an organization in your enterprise, and they are not a {% data variables.product.prodname_github_app %} bot.
+{% endif %} For information about differences between bot and machine accounts, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/differences-between-github-apps-and-oauth-apps#machine-vs-bot-accounts).
+* **Unique committers** is the number of active committers who contributed only to a repository, or to repositories in an organization. This number shows how many licenses you can free up by disabling {% data variables.product.prodname_GH_cs_or_sp %} for that repository or organization.
 
-{% ifversion ghes %}
-You can determine how many licenses you'll need for {% data variables.product.prodname_GH_advanced_security %} by generating a count of your instance's active committers in the site admin dashboard. See [AUTOTITLE](/admin/configuration/configuring-your-enterprise/site-admin-dashboard#advanced-security-committers).
-{% endif %}
+If there are no unique committers to a repository or organization, all active committers also contribute to other repositories or organizations that use {% data variables.product.prodname_AS %} licenses. Disabling a product for that repository or organization would not free any licenses or lower your usage costs.
 
-If you are over your license limit, {% data variables.product.prodname_GH_advanced_security %} continues to work on all repositories where it is already enabled. However, in organizations where {% data variables.product.prodname_GH_advanced_security %} is enabled for new repositories, repositories will be created with the feature deactivated. In addition, the option to enable {% data variables.product.prodname_GH_advanced_security %} for existing repositories will not be available.
+{% ifversion fpt or ghec %}
 
-As soon as you free up some licenses, by deactivating {% data variables.product.prodname_GH_advanced_security %} for some repositories or by increasing your license size, the options for activating {% data variables.product.prodname_GH_advanced_security %} will work again as normal.
+<!--GHES does not have a billing platform, it is either part of a hybrid GHEC/GHES instance where billing (metered or volume) is managed through the linked GHEC enterprise account, or it is a standalone GHES instance that uses a volume/subscription license.-->
 
-You can enforce policies to allow or disallow the use of {% data variables.product.prodname_advanced_security %} by organizations owned by your enterprise account. See [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-advanced-security-in-your-enterprise).
+## Billing platforms
 
-For more information on viewing license usage, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage).
+In June 2024 {% data variables.product.github %} introduced a new billing platform to provide greater insight and control over the use of paid products. {% ifversion fpt or ghec %}All {% data variables.enterprise.enterprise_or_org %}s are being migrated over to the new billing platform.{% endif %}
 
-## Active committers and unique committers
+### New billing platform
 
-We record and display two numbers of active committers for {% data variables.product.prodname_GH_advanced_security %} on {% data variables.location.product_location %}:
+{% ifversion fpt %}
+1. In the upper-right corner of any page on {% data variables.product.prodname_dotcom %}, select your profile photo.
+1. For **organizations**, click **Your organizations**, then next to the organization, click **Settings**.
 
-* **Active committers** is the number of committers who contributed to at least one {% ifversion fpt or ghec %}private {% endif %}organization-owned repository{% ifversion secret-scanning-user-owned-repos %} or one user-owned repository{% ifversion ghec %} when using {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_emus %}{% endif %}{% endif %}, and who use a license in your enterprise. That is, they are also an organization member, an external collaborator, or have a pending invitation to join an organization in your enterprise, and they are not a {% data variables.product.prodname_github_app %} bot. For information about differences between bot and machine accounts, see [AUTOTITLE](/apps/creating-github-apps/setting-up-a-github-app/differences-between-github-apps-and-oauth-apps#machine-vs-bot-accounts).
-* **Unique to this repository/organization** is the number of active committers who contributed only to this repository, or to repositories in this organization. This number shows how many licenses you can free up by deactivating {% data variables.product.prodname_GH_advanced_security %} for that repository or organization.
+If your organization uses the new billing platform, there will be a **{% octicon "credit-card" aria-hidden="true" %} Billing & Licensing** option in the sidebar, see [AUTOTITLE](/billing/using-the-new-billing-platform).
+{% elsif ghec %}
+{% data reusables.enterprise-accounts.access-enterprise %}
 
-If there are no unique active committers, all active committers also contribute to other repositories or organizations that use {% data variables.product.prodname_GH_advanced_security %}. Deactivating the feature for that repository or organization would not free any licenses for {% data variables.product.prodname_GH_advanced_security %}.
+If your enterprise uses the new billing platform, there will be a **{% octicon "credit-card" aria-hidden="true" %} Billing & Licensing** tab, see [AUTOTITLE](/billing/using-the-new-billing-platform).
+{% endif %}
 
-> [!NOTE] Users can contribute to multiple repositories or organizations. Usage is measured across the whole enterprise account to ensure that each member uses one license regardless of how many repositories or organizations the user contributes to.
+### Original billing platform
 
-When you activate or deactivate {% data variables.product.prodname_advanced_security %} for repositories, {% data variables.product.prodname_dotcom %} displays an overview of changes to the use of your license. If you deactivate access to {% data variables.product.prodname_GH_advanced_security %}, any licenses used by unique active committers are freed up.
+Each {% data variables.enterprise.enterprise_or_org %} on the original billing platform is contacted by {% data variables.product.github %} in advance of their migration to the new billing platform. If you have not been contacted yet, then you probably use the original billing platform, see [AUTOTITLE](/billing/using-the-billing-platform).
 
-{% ifversion ghec %}
-For more information on managing the number of committers, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/managing-your-github-advanced-security-licensing).
 {% endif %}
 
 ## Understanding usage
 
+Users can contribute to multiple repositories or organizations. Usage is measured across the whole {% data variables.enterprise.enterprise_or_org %} to ensure that each member uses one license regardless of how many repositories or organizations the user contributes to.
+
+When you enable or disable {% data variables.product.prodname_GH_cs_or_sp %} for one or more repositories, {% data variables.product.github %} displays an overview of how this will change your usage.
+
 {% ifversion metered-ghe-ghas %}
 
-The following example timeline demonstrates how active committer count for {% data variables.product.prodname_GH_advanced_security %} could change over time in an enterprise. For each month, you will find events, along with the resulting committer count and the effect on usage-based billing.
+* Metered billing, showing an increase or reduction in the number of active committers using licenses.
+* Volume/subscription billing, showing the number of licenses used or freed by unique active committers.
+
+The following example timeline demonstrates how the active committer count for {% data variables.product.prodname_AS %} products could change over time in an enterprise. For each month, you will find events, along with the resulting committer count and the effect on usage-based billing.
+
+> [!NOTE] A user is flagged as active when their commits are pushed to any branch of a repository, even if the commits were authored more than 90 days ago.
 
 | Date | Events during the month | Total committers | Effect on usage-based billing |
 | :- | :- | -: | :- |
-| <span style="white-space: nowrap;">April 15</span> | A member of your enterprise enables {% data variables.product.prodname_GH_advanced_security %} for repository **X**. Repository **X** has 50 committers over the past 90 days. | **50** | Billing begins for 50 committers. |
+| <span style="white-space: nowrap;">April 15</span> | A member of your enterprise enables {% data variables.product.prodname_GH_cs_and_sp %} for repository **X**. Repository **X** has 50 committers over the past 90 days. | **50** | Billing begins for 50 committers. |
 | <span style="white-space: nowrap;">May 1</span> | Developer **A** leaves the team working on repository **X**. Developer **A**'s contributions continue to count for 90 days. | **50** | No immediate change. Developer **A** continues to be billed until their contributions are inactive for 90 days. |
 | <span style="white-space: nowrap;">August 1</span> | Developer **A**'s contributions no longer count towards the licenses required, because 90 days have passed. | 50 - 1 =<br>**49** | Developer **A** is removed from the billing count, reducing the billable committers to 49. |
-| <span style="white-space: nowrap;">August 15</span> | A member of your enterprise enables {% data variables.product.prodname_GH_advanced_security %} for a second repository, repository **Y**. In the last 90 days, a total of 20 developers contributed to that repository. Of those 20 developers, 10 also recently worked on repo **X** and do not require additional licenses. | 49 + 10 =<br>**59** | Billing increases to 59 committers, accounting for the 10 additional unique contributors. |
-| <span style="white-space: nowrap;">August 16</span> | A member of your enterprise disables {% data variables.product.prodname_GH_advanced_security %} for repository **X**. Of the 49 developers who were working on repository **X**, 10 still also work on repository **Y**, which has a total of 20 developers contributing in the last 90 days. | 49 - 29 =<br>**20** | Billing for repository **X** continues until the end of the monthly billing cycle, but the overall billing count decreases to 20 committers for the next cycle. |
+| <span style="white-space: nowrap;">August 15</span> | A member of your enterprise enables {% data variables.product.prodname_GH_cs_and_sp %} for a second repository, repository **Y**. In the last 90 days, a total of 20 developers contributed to that repository. Of those 20 developers, 10 also recently worked on repo **X** and do not require additional licenses. | 49 + 10 =<br>**59** | Billing increases to 59 committers, accounting for the 10 additional unique contributors. |
+| <span style="white-space: nowrap;">August 16</span> | A member of your enterprise disables {% data variables.product.prodname_GH_cs_and_sp %} for repository **X**. Of the 49 developers who were working on repository **X**, 10 still also work on repository **Y**, which has a total of 20 developers contributing in the last 90 days. | 49 - 29 =<br>**20** | Billing for repository **X** continues until the end of the monthly billing cycle, but the overall billing count decreases to 20 committers for the next cycle. |
 
 {% else %}
 
-The following example timeline demonstrates how active committer count for {% data variables.product.prodname_GH_advanced_security %} could change over time in an enterprise. For each month, you will find events, along with the resulting committer count.
+The following example timeline demonstrates how active committer count for {% data variables.product.prodname_AS %} could change over time in an enterprise. For each month, you will find events, along with the resulting committer count.
 
 | Date | Events during the month | Total committers |
 | :- | :- | -: |
-| <span style="white-space: nowrap;">April 15</span> | A member of your enterprise enables {% data variables.product.prodname_GH_advanced_security %} for repository **X**. Repository **X** has 50 committers over the past 90 days. | **50** |
+| <span style="white-space: nowrap;">April 15</span> | A member of your enterprise enables {% data variables.product.prodname_GHAS %} for repository **X**. Repository **X** has 50 committers over the past 90 days. | **50** |
 | <span style="white-space: nowrap;">May 1</span> | Developer **A** leaves the team working on repository **X**. Developer **A**'s contributions continue to count for 90 days. | **50** | **50** |
 | <span style="white-space: nowrap;">August 1</span> | Developer **A**'s contributions no longer count towards the licenses required, because 90 days have passed. | 50 - 1 =<br>**49** |
-| <span style="white-space: nowrap;">August 15</span> | A member of your enterprise enables {% data variables.product.prodname_GH_advanced_security %} for a second repository, repository **Y**. In the last 90 days, a total of 20 developers contributed to that repository. Of those 20 developers, 10 also recently worked on repo **X** and do not require additional licenses. | 49 + 10 =<br>**59** |
-| <span style="white-space: nowrap;">August 16</span> | A member of your enterprise disables {% data variables.product.prodname_GH_advanced_security %} for repository **X**. Of the 49 developers who were working on repository **X**, 10 still also work on repository **Y**, which has a total of 20 developers contributing in the last 90 days. | 49 - 29 =<br>**20** |
+| <span style="white-space: nowrap;">August 15</span> | A member of your enterprise enables {% data variables.product.prodname_GHAS %} for a second repository, repository **Y**. In the last 90 days, a total of 20 developers contributed to that repository. Of those 20 developers, 10 also recently worked on repo **X** and do not require additional licenses. | 49 + 10 =<br>**59** |
+| <span style="white-space: nowrap;">August 16</span> | A member of your enterprise disables {% data variables.product.prodname_GHAS %} for repository **X**. Of the 49 developers who were working on repository **X**, 10 still also work on repository **Y**, which has a total of 20 developers contributing in the last 90 days. | 49 - 29 =<br>**20** |
 
 {% endif %}
 
-> [!NOTE] A user will be flagged as active when their commits are pushed to any branch of a repository, even if the commits were authored more than 90 days ago.
-
-## Getting the most out of {% data variables.product.prodname_GH_advanced_security %}
-
-When you decide which repositories and organizations to prioritize for {% data variables.product.prodname_GH_advanced_security %}, you should review them and identify:
-
-* Codebases that are the most critical to your company's success. These are the projects for which the introduction of vulnerable code, hard-coded secrets, or insecure dependencies would have the greatest impact on your company.
-* Codebases with the highest commit frequency. These are the most actively developed projects, consequently there is a higher risk that security problems could be introduced.
-
-When you have enabled {% data variables.product.prodname_GH_advanced_security %} for these organizations or repositories, assess which other codebases you could add without incurring billing for unique active committers. Finally, review the remaining important and busy codebases. If you want to increase the number of licensed active committers, contact {% data variables.contact.contact_enterprise_sales %}.
-
-{% ifversion ghas-in-license-sync %}
-If your enterprise uses {% data variables.product.prodname_GH_advanced_security %} on both {% data variables.product.prodname_ghe_server %} and {% data variables.product.prodname_ghe_cloud %}, you can ensure users aren't consuming multiple licenses unnecessarily by synchronizing license usage between environments.{% ifversion ghec %} {% data variables.product.prodname_GH_advanced_security %} is included in license sync in {% data variables.product.prodname_ghe_server %} version 3.12 and later.{% endif %} See [AUTOTITLE](/billing/managing-your-license-for-github-enterprise/syncing-license-usage-between-github-enterprise-server-and-github-enterprise-cloud).
-{% endif %}
+## Further reading
 
+* [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage)
+{%- ifversion metered-ghe-ghas %}{% ifversion ghec %}
+* [AUTOTITLE](/enterprise-cloud@latest/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/managing-your-github-advanced-security-licensing){% elsif ghes %}
+* [AUTOTITLE](/enterprise-cloud@latest/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/managing-your-github-advanced-security-licensing) in the documentation for {% data variables.product.prodname_ghe_cloud %}{% endif %}
+* {% ifversion fpt or ghec %}[AUTOTITLE](/billing/using-the-new-billing-platform/preventing-overspending){% elsif ghes %}[AUTOTITLE](/enterprise-cloud@latest/billing/using-the-new-billing-platform/preventing-overspending) in the documentation for {% data variables.product.prodname_ghe_cloud %}{% endif %}
 {% endif %}
diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/index.md b/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/index.md
index ced255a6ea04..f8b7b7165ba5 100644
--- a/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/index.md
+++ b/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/index.md
@@ -1,8 +1,7 @@
 ---
-title: Managing billing for GitHub Advanced Security
-shortTitle: GitHub Advanced Security
-intro: 'You can view and manage your use of seats on a license for {% data variables.product.prodname_GH_advanced_security %}.'
-product: '{% data reusables.gated-features.ghas-ghec %}'
+title: 'Managing billing for {% data variables.product.prodname_GHAS %} products'
+shortTitle: '{% data variables.product.prodname_GHAS %}'
+intro: 'You can view and manage the cost of {% data variables.product.prodname_GHAS %} products{% ifversion ghec %}, whether you have volume/subscription licenses or are using the new metered-billing license consumption model{% endif %}.'
 redirect_from:
   - /billing/managing-licensing-for-github-advanced-security
   - /github/setting-up-and-managing-billing-and-payments-on-github/managing-licensing-for-github-advanced-security
@@ -12,11 +11,12 @@ versions:
   ghes: '*'
   ghec: '*'
 children:
-  - /setting-up-a-trial-of-github-advanced-security
   - /about-billing-for-github-advanced-security
+  - /setting-up-a-trial-of-github-advanced-security
   - /signing-up-for-github-advanced-security
+  - /viewing-your-github-advanced-security-usage
+  - /migrating-from-ghas-to-cs-and-sp
   - /viewing-committer-information-for-github-advanced-security
   - /managing-your-github-advanced-security-licensing
-  - /viewing-your-github-advanced-security-usage
 
 ---
diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/managing-your-github-advanced-security-licensing.md b/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/managing-your-github-advanced-security-licensing.md
index c512b2a6b744..3133566db271 100644
--- a/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/managing-your-github-advanced-security-licensing.md
+++ b/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/managing-your-github-advanced-security-licensing.md
@@ -1,8 +1,8 @@
 ---
-title: Managing your GitHub Advanced Security licensing
-intro: 'You can add or remove {% data variables.product.prodname_GH_advanced_security %} licenses for your enterprise.'
-permissions: 'Enterprise owners can manage licensing for {% data variables.product.prodname_GH_advanced_security %}.'
-product: '{% data reusables.gated-features.ghas-ghec %}'
+title: Managing volume/subscription licenses for {% data variables.product.prodname_AS %}
+intro: 'You can monitor and control the availability and consumption of licenses for {% data variables.product.prodname_AS %} in repositories in your enterprise.'
+allowTitleToDifferFromFilename: true
+permissions: 'Enterprise owners with **volume/subscription licenses** for {% data variables.product.prodname_AS %}. </br>For metered usage on the new platform, see [AUTOTITLE](/billing/using-the-new-billing-platform/preventing-overspending).'
 versions:
   ghec: '*'
 type: how_to
@@ -11,40 +11,31 @@ redirect_from:
 topics:
   - Advanced Security
   - Enterprise
-shortTitle: Manage Advanced Security licensing
+shortTitle: Volume/subscription GHAS license
 ---
-## About licensing for {% data variables.product.prodname_GH_advanced_security %}
 
-Each license for {% data variables.product.prodname_GH_advanced_security %} specifies a maximum number of accounts that can use these features. Each active committer to at least one repository with the feature enabled uses one license. A committer is considered active if one of their commits has been pushed to the repository within the last 90 days, regardless of when it was originally authored. For more information about committer numbers, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security). For information about purchasing a license, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/signing-up-for-github-advanced-security).
+There are two different ways to pay for {% data variables.product.prodname_GHAS_cs_and_sp %} licenses: volume/subscription licenses purchased in advance or usage-based metered billing paid in arrears. This article is about volume/subscription licenses. For information about the two different billing models, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
 
-{% data reusables.advanced-security.ghas-products-tip %}
+For information about using policies to control use of licenses in your enterprise, see [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-advanced-security-in-your-enterprise).
 
-## Managing the number of committers in your subscription
+## Changing the size of your license
 
-{% ifversion security-configurations %}
-
-{% data reusables.security-configurations.managing-GHAS-licenses %}
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.licensing-tab-both-platforms %}
+1. Under "{% data variables.product.prodname_AS %}" you will see the consumption of licenses for {% data variables.product.prodname_GH_cs_and_sp %}.
 
-{% endif %}
+   ![Screenshot of the {% data variables.product.prodname_GH_advanced_security %} licensing screen. The "Manage licenses" button is outlined in orange.](/assets/images/help/enterprises/ghas-licenses-dropdown.png)
 
-{% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.license-tab %}
-1. Under "{% data variables.product.prodname_GH_advanced_security %}", click **Committers**.
+1. To add new licenses, select {% octicon "kebab-horizontal" aria-label="Open menu" %}, then click **Manage licenses**.
+1. Under "Total licenses", click the plus or minus buttons to add or remove licenses.
 
-   ![Screenshot of the {% data variables.product.prodname_GH_advanced_security %} licensing screen. The "Committers" dropdown is highlighted with an orange line.](/assets/images/help/enterprises/ghas-committers-dropdown.png)
-1. Under "Committers", click **Manage committers**.
-1. Under "Total committers", click the plus or minus buttons to add or remove committers.
+   ![Screenshot of the {% data variables.product.prodname_AS %} license screen. A text box with the number 5, with a minus and a plus button, are outlined in orange.](/assets/images/help/enterprises/ghas-add-licenses.png)
 
-   ![Screenshot of the {% data variables.product.prodname_GH_advanced_security %} committers screen. A text box with the number 5, with a minus and a plus button, are outlined in orange.](/assets/images/help/enterprises/ghas-add-committers.png)
-1. Click **Update committers**.
+1. Click **Confirm licenses**.
 
 ## Canceling your {% data variables.product.prodname_GH_advanced_security %} subscription
 
 {% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.license-tab %}
-1. To the right of "{% data variables.product.prodname_GH_advanced_security %}", click **Manage**, then click **Cancel Subscription**.
-
-   ![Screenshot of the "Manage" dropdown in the {% data variables.product.prodname_GH_advanced_security %} licensing screen. The "Cancel Subscription" button is outlined in orange.](/assets/images/help/enterprises/ghas-cancel-subscription.png)
-1. To confirm your cancellation, click **I understand, cancel Advanced Security**.
+{% data reusables.enterprise-accounts.licensing-tab-both-platforms %}
+1. To the right of "{% data variables.product.prodname_AS %}", select {% octicon "kebab-horizontal" aria-label="Open menu" %}, then click **Cancel subscription**.
+1. To confirm your cancellation, click **I understand, cancel {% data variables.product.prodname_AS %}**.
diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/migrating-from-ghas-to-cs-and-sp.md b/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/migrating-from-ghas-to-cs-and-sp.md
new file mode 100644
index 000000000000..0c62cdcf0a84
--- /dev/null
+++ b/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/migrating-from-ghas-to-cs-and-sp.md
@@ -0,0 +1,64 @@
+---
+title: Migrating from {% data variables.product.prodname_GHAS %} to {% data variables.product.prodname_cs_and_sp %}
+intro: 'Learn how you can migrate from a combined license for {% data variables.product.prodname_AS %} features to one of the new SKUs.'
+allowTitleToDifferFromFilename: true
+product: '{% data reusables.gated-features.ghas-billing %}'
+versions:
+  ghec: '*'
+  ghes: '> 3.16'
+type: how_to
+topics:
+  - Advanced Security
+  - Enterprise
+  - Licensing
+  - Code Security
+  - Secret Protection
+shortTitle: Migrating to new GHAS SKUs
+---
+
+## New SKUs for {% data variables.product.prodname_AS %} features
+
+<!-- expires 2025-05-31 -->
+
+<!-- On expiry, check with the stakeholder. If nothing else, remove the date from the start of this paragraph and check the information for Metered-billing users is still appropriate. Possibly the whole article can be deleted. Reference: release 5202 -->
+
+From April 1, 2025, {% data variables.product.prodname_AS %} features are available under two separate stock keeping units (SKUs) for {% data variables.product.prodname_team %} and {% data variables.product.prodname_ghe_cloud %} users. {% data variables.product.prodname_ghe_server %} users will be able to use the two new SKUs from version 3.17.
+
+<!-- end expires 2025-05-31 -->
+
+{% data reusables.advanced-security.ghas-products-bullets %}
+
+For detailed information about the separate SKUs, see [feature summary and pricing information](https://github.com/enterprise/advanced-security#pricing) and [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
+
+## New users of {% data variables.product.prodname_AS %}
+
+{% data variables.product.prodname_ghe_cloud %} users who don't already use {% data variables.product.prodname_GHAS %}, and {% data variables.product.prodname_team %} users, can start using {% data variables.product.prodname_cs_and_sp %} with metered billing immediately.
+
+To get started, apply the GitHub-recommended security configuration or a custom configuration to one or more repositories. Applying a configuration with {% data variables.product.prodname_cs_or_sp %} enabled to internal or private repositories will be tracked and billed by active, unique committer.
+
+For more information, see:
+
+* [Metered billing](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security#metered-billing)
+* [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization)
+* [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration)
+* [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage)
+
+In addition, enterprise customers can talk to their existing account team or [request a demo](https://github.com/security/advanced-security/secret-protection).
+
+## Existing  {% data variables.product.prodname_AS %} users
+
+If you already pay to use {% data variables.product.prodname_AS %} features, the migration options available to you depend on your existing billing model.
+
+### Metered billing users
+
+If you are an existing self-serve customer, instructions on how to transition from the combined {% data variables.product.prodname_GHAS %} product to the new {% data variables.product.prodname_GH_cs_and_sp %} SKUs will be announced over the next 30 days.
+
+You'll receive an email notification when the new plans are available to your enterprise. Transitioning to the two separate products will be self-serve and optional.
+
+### Volume/subscription billing users
+
+When your license is due for renewal, you can choose to continue with licenses for {% data variables.product.prodname_GHAS %}, migrate to {% data variables.product.prodname_cs_or_sp %} subscription licenses, or migrate to metered billing.
+
+### Questions?
+
+If you have any questions, contact [{% data variables.product.github %}'s Sales team](https://enterprise.github.com/contact).
diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security.md b/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security.md
index e9f1529d4657..31314d18f1ca 100644
--- a/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security.md
+++ b/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security.md
@@ -1,8 +1,10 @@
 ---
-title: Setting up a trial of GitHub Advanced Security
-intro: 'You can try {% data variables.product.prodname_GH_advanced_security %} for free.'
-product: '{% data reusables.gated-features.ghas-ghec %}'
+title: Setting up a trial of {% data variables.product.prodname_GHAS %}
+intro: 'You can try the full set of {% data variables.product.prodname_GHAS %} features for free.'
+product: 'Enterprise owners <br> Otherwise, you need a trial of {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_GHAS %}. See [AUTOTITLE](/enterprise-cloud@latest/admin/overview/setting-up-a-trial-of-github-enterprise-cloud) in the {% data variables.product.prodname_ghe_cloud %} docs.'
+allowTitleToDifferFromFilename: true
 versions:
+  fpt: '*'
   ghec: '*'
 type: how_to
 redirect_from:
@@ -13,58 +15,46 @@ topics:
 shortTitle: Set up an Advanced Security trial
 ---
 
-{% ifversion metered-ghe-ghas %}
-
-{% data reusables.billing.ghas-metered-billing-note-with-link %}
-
-{% endif %}
-
-## About {% data variables.product.prodname_GH_advanced_security %}
-
-{% data variables.product.prodname_GH_advanced_security %} provides features that help you improve and maintain the security and quality of code, such as {% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_secret_scanning %}, and dependency review. For more information, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
-
-{% data reusables.advanced-security.ghas-products-tip %}
-
-## About trials of {% data variables.product.prodname_GH_advanced_security %}
-
-There are a few ways to trial {% data variables.product.prodname_GH_advanced_security %}:
-
-* If you are **an existing {% data variables.product.prodname_ghe_cloud %} customer** paying by credit card or PayPal, and you have not yet purchased {% data variables.product.prodname_GH_advanced_security %} or participated in a trial, you can start a trial of {% data variables.product.prodname_GH_advanced_security %} at any time. For more information, see [Setting up your trial of {% data variables.product.prodname_GH_advanced_security %}](#setting-up-your-trial-of-github-advanced-security).
-* If you are **a new {% data variables.product.prodname_ghe_cloud %} customer**, you can start a trial of {% data variables.product.prodname_ghe_cloud %}, which includes {% data variables.product.prodname_GH_advanced_security %}. For more information, see [AUTOTITLE](/enterprise-cloud@latest/admin/overview/setting-up-a-trial-of-github-enterprise-cloud).
-* If you **pay by invoice**, contact {% data variables.contact.contact_enterprise_sales %} to discuss trialing {% data variables.product.prodname_GH_advanced_security %} for your enterprise.
+## Prerequisites
 
-During a trial of {% data variables.product.prodname_GH_advanced_security %} in a {% data variables.product.prodname_ghe_cloud %} account with a paid subscription, you can add any number of committers and enable {% data variables.product.prodname_GH_advanced_security %} for any number of organizations. During a trial of {% data variables.product.prodname_ghe_cloud %}, you can enable {% data variables.product.prodname_GH_advanced_security %} for your whole enterprise.
+To set up a trial of {% data variables.product.prodname_GHAS %} using this method, you must meet the following criteria:
 
-## Prerequisites
+1. Be an owner of an enterprise account. See [AUTOTITLE](/enterprise-cloud@latest/admin/overview/about-enterprise-accounts).
+1. Pay by credit card or PayPal.
+1. Have not previously purchased or had a trial of {% data variables.product.prodname_GHAS %}.
 
-To set up a trial of {% data variables.product.prodname_GH_advanced_security %}, you must be an owner of an enterprise account. For more information, see [AUTOTITLE](/admin/overview/about-enterprise-accounts) and [AUTOTITLE](/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/roles-in-an-enterprise#enterprise-owners).
+> [!TIP]
+> * **No enterprise account?** Start a trial of {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_GHAS %}. See [AUTOTITLE](/enterprise-cloud@latest/admin/overview/setting-up-a-trial-of-github-enterprise-cloud).
+> * **Pay by invoice** Contact {% data variables.contact.contact_enterprise_sales %} to arrange a trial.
 
-## Setting up your trial of {% data variables.product.prodname_GH_advanced_security %}
+## Setting up your trial of {% data variables.product.prodname_GHAS %}
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.license-tab %}
-1. To the right of "{% data variables.product.prodname_GH_advanced_security %}", click **Start free trial**.
+{% data reusables.enterprise-accounts.licensing-tab-both-platforms %}
+1. To the right of "{% data variables.product.prodname_GHAS %}", click **Start free trial**.
 1. Click **Start trial**.
 
+   During a trial of {% data variables.product.prodname_GHAS %}, you can add any number of committers and enable {% data variables.product.prodname_GH_cs_and_sp %} for any number of organizations.
+
 ## Finishing your trial
 
-You can finish your trial at any time by purchasing {% data variables.product.prodname_GH_advanced_security %}. If you haven't purchased {% data variables.product.prodname_GH_advanced_security %} by the end of the 30 days, your trial will expire.
+You can finish your trial at any time by purchasing licenses for {% data variables.product.prodname_GH_cs_or_sp %}. If you haven't made a purchase by the end of the 30 days, your trial will expire.
 
 {% ifversion metered-ghe-ghas %}
 
-If you pay for {% data variables.product.prodname_ghe_cloud %} with usage-based billing, but did not set up a free trial of {% data variables.product.prodname_GH_advanced_security %}, you can still use usage-based billing to pay for {% data variables.product.prodname_GH_advanced_security %} after the {% data variables.product.prodname_ghe_cloud %} trial ends. For more information, contact [{% data variables.product.prodname_dotcom %}'s Sales team](https://enterprise.github.com/contact).
+If you pay for {% data variables.product.prodname_ghe_cloud %} with metered billing, but did not set up a free trial of {% data variables.product.prodname_GHAS %}, you can still use metered-based billing to pay for {% data variables.product.prodname_AS %} products after the {% data variables.product.prodname_ghe_cloud %} trial ends. For more information, contact [{% data variables.product.prodname_dotcom %}'s Sales team](https://enterprise.github.com/contact).
 
 {% endif %}
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.license-tab %}
-1. To the right of "{% data variables.product.prodname_GH_advanced_security %} trial", select the **Manage** dropdown menu and click **Purchase**.
+{% data reusables.enterprise-accounts.licensing-tab-both-platforms %}
+1. To the right of "{% data variables.product.prodname_GHAS %} trial", select the **Manage** dropdown menu and click **Purchase**.
 {% data reusables.advanced-security.purchase-ghas %}
 
 ## Further reading
 
 * [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)
-* [AUTOTITLE](/code-security/adopting-github-advanced-security-at-scale)
 * [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale)
+* [AUTOTITLE](/code-security/adopting-github-advanced-security-at-scale)
diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/signing-up-for-github-advanced-security.md b/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/signing-up-for-github-advanced-security.md
index cf64b88941cd..1b0908f5f94e 100644
--- a/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/signing-up-for-github-advanced-security.md
+++ b/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/signing-up-for-github-advanced-security.md
@@ -1,9 +1,11 @@
 ---
-title: Signing up for GitHub Advanced Security
-intro: "You can sign up for {% data variables.product.prodname_GH_advanced_security %} from your enterprise account's settings to take advantage of extra security features that {% data variables.product.prodname_dotcom %} makes available to customers under a {% data variables.product.prodname_GH_advanced_security %} license."
-permissions: 'Enterprise owners can sign up for {% data variables.product.prodname_GH_advanced_security %}.'
-product: '{% data reusables.gated-features.ghas-ghec %}'
+title: Signing up for {% data variables.product.prodname_GHAS %}
+intro: "You can sign up for {% data variables.product.prodname_GHAS %} products from your {% data variables.enterprise.enterprise_or_org %} account's settings to prevent data leaks and keep vulnerablities out of your codebase."
+allowTitleToDifferFromFilename: true
+permissions: '{% ifversion fpt %}Organization{% else %}Enterprise{% endif %} owners can sign up for {% data variables.product.prodname_GH_cs_or_sp %}'
+product: '{% data reusables.gated-features.ghas-billing %}'
 versions:
+  fpt: '*'
   ghec: '*'
 type: how_to
 redirect_from:
@@ -13,26 +15,43 @@ topics:
   - Enterprise
 shortTitle: Sign up for Advanced Security
 ---
-{% ifversion metered-ghe-ghas %}
 
-{% data reusables.billing.ghas-metered-billing-note-with-link %}
+## Checking your current plan
 
-{% endif %}
+Your organization must use a {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %} plan before you can enable {% data variables.product.prodname_GH_cs_or_sp %} on private repositories.
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+{% data reusables.organizations.billing_plans_or_licensing %}
+
+Your current plan is shown with any options to upgrade to a different plan.
+
+## Starting to use {% data variables.product.prodname_AS %}
+
+{% ifversion fpt %}
+If your organization uses a {% data variables.product.prodname_team %} plan, you are ready to start enabling {% data variables.product.prodname_GH_cs_and_sp %} at the organization and repository level. Whenever you enable a feature or apply a configuration, a modal dialog shows detailed information with estimated billing changes. You can confirm your change or return to the page without making changes.
 
-## Purchasing {% data variables.product.prodname_GH_advanced_security %}
+The most effective way to control and enable these features is using security configurations, see [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/choosing-a-security-configuration-for-your-repositories).
 
-{% data reusables.advanced-security.ghas-products-tip %}
+{% elsif ghec %}
+If you use volume/subscription billing, then you will need to purchase licenses before you can start using {% data variables.product.prodname_GH_cs_or_sp %} on private or internal repositories.
+
+If your enterprise uses metered billing, then you are ready to start enabling {% data variables.product.prodname_GH_cs_and_sp %} at the enterprise, organization, and repository level. Whenever you enable a feature or apply a configuration, a modal dialog shows detailed information with estimated billing changes. You can confirm your change or return to the page without making changes.
+
+## Purchasing licenses for {% data variables.product.prodname_GH_cs_or_sp %}
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.license-tab %}
+{% data reusables.enterprise-accounts.licensing-tab-both-platforms %}
 1. To the right of "GitHub Advanced Security", click **Buy Advanced Security**.
 
    ![Screenshot of the {% data variables.product.prodname_GH_advanced_security %} section of the enterprise licensing screen. The "Buy Advanced Security" button is outlined in orange.](/assets/images/help/enterprises/ghas-buy-advanced-security-button.png)
 
 {% data reusables.advanced-security.purchase-ghas %}
 
+{% endif %}
+
 ## Further reading
 
-* [Introduction to adopting {% data variables.product.prodname_GH_advanced_security %} at scale](/code-security/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale)
-* [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale)
+* [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale){% ifversion ghec %}
+* [AUTOTITLE](/code-security/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale){% endif %}
diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-committer-information-for-github-advanced-security.md b/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-committer-information-for-github-advanced-security.md
index 1b23d97549a3..6f57282b4186 100644
--- a/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-committer-information-for-github-advanced-security.md
+++ b/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-committer-information-for-github-advanced-security.md
@@ -1,7 +1,8 @@
 ---
-title: Viewing committer information for GitHub Advanced Security
+title: Viewing committer information for volume/subscription licenses for GitHub Advanced Security
 intro: 'You can view information about the {% data variables.product.prodname_GH_advanced_security %} committers for your enterprise and calculate the cost for additional committers with the site admin dashboard.'
-permissions: 'Site administrators can view committer information for {% data variables.product.prodname_GH_advanced_security %}.'
+allowTitleToDifferFromFilename: true
+permissions: 'Site administrators'
 product: '{% data reusables.gated-features.ghas-ghec %}'
 versions:
   ghes: '*'
diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md b/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md
index 5e4b33bc9ee4..019c908c9f06 100644
--- a/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md
+++ b/content/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage.md
@@ -1,8 +1,9 @@
 ---
-title: Viewing your GitHub Advanced Security usage
-intro: 'You can view usage of {% data variables.product.prodname_GH_advanced_security %} for your enterprise.'
-permissions: 'Enterprise owners can view usage for {% data variables.product.prodname_GH_advanced_security %}.'
-product: '{% data reusables.gated-features.ghas-ghec %}'
+title: Viewing and downloading licensed use of {% data variables.product.prodname_AS %}
+intro: 'You can view and download consumption of {% data variables.product.prodname_GH_advanced_security %} licenses by your {% data variables.enterprise.enterprise_or_org %}: volume/subscription licenses or metered usage.'
+allowTitleToDifferFromFilename: true
+permissions: '{% ifversion fpt %}Organization{% else %}Enterprise{% endif %} owners with {% data variables.product.prodname_AS %}'
+product: '{% data reusables.gated-features.ghas-billing %}'
 redirect_from:
   - /billing/managing-licensing-for-github-advanced-security/viewing-your-github-advanced-security-usage
   - /admin/advanced-security/viewing-your-github-advanced-security-usage
@@ -11,156 +12,154 @@ redirect_from:
   - /github/setting-up-and-managing-billing-and-payments-on-github/viewing-your-github-advanced-security-usage
   - /billing/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage
 versions:
+  fpt: '*'
   ghes: '*'
   ghec: '*'
 type: how_to
 topics:
   - Advanced Security
   - Enterprise
-shortTitle: View Advanced Security usage
+shortTitle: View or download GHAS license use
 ---
 
-{% ifversion enhanced-billing-platform %}
-
-{% data reusables.billing.enhanced-billing-platform-licenses %}
+{% ifversion ghec or ghes %}
+<!--For FPT version see separate procedure below-->
 
-{% endif %}
+## Viewing {% data variables.product.prodname_AS %} usage for your enterprise{% ifversion ghec %} account{% endif %}
 
-## About licenses for {% data variables.product.prodname_GH_advanced_security %}
+You can view the current license limits and usage for your enterprise.
 
-Each license for {% data variables.product.prodname_GH_advanced_security %} specifies a maximum number of licenses that can use these features. Periodically you should check that your use is within your license capacity. For more information, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
-
-{% ifversion ghas-committers-calculator %}
-You can estimate the number of licenses your enterprise would need to purchase {% data variables.product.prodname_GH_advanced_security %} or to enable {% data variables.product.prodname_GH_advanced_security %} for additional organizations and repositories. For more information, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-committer-information-for-github-advanced-security).
-{% endif %}
-
-{% ifversion security-configurations %}
-
-{% data reusables.security-configurations.managing-GHAS-licenses %}
+{% ifversion ghec %}
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.licensing-tab-both-platforms %}
+   * The "{% data variables.product.prodname_GHAS %}" section shows details of the licenses you currently **consume**.
+   * If you have a volume/subscription license, the number of licenses **available** to use is also displayed.
+   * If you run out of licenses, for volume/subscription only, the section is red and reports "Limit exceeded." You should either reduce your use or purchase more licenses.
 
-{% endif %}
+1. Optionally, to see a detailed breakdown of usage per organization{% ifversion secret-scanning-user-owned-repos %} and user namespace when using {% data variables.product.prodname_emus %}{% endif %}, in the "{% data variables.product.prodname_GHAS %}" section click **More details**.
 
-## Viewing {% data variables.product.prodname_GH_advanced_security %} license usage for your enterprise account
+   In the "{% data variables.product.prodname_GHAS %}" section, you can see a summary of your current license usage, as well as the number of committers and unique committers for each organization{% ifversion secret-scanning-user-owned-repos %} and user namespace when using {% data variables.product.prodname_emus %}{% endif %}. The organizations{% ifversion secret-scanning-user-owned-repos %} and user namespaces{% endif %} in the billing table are sorted by the highest number of unique committers in descending order.
 
-You can view the enterprise account's current license limits and usage.
+1. Optionally, to see a detailed breakdown of usage by repositories within an organization, click an organization name to display the "Global code security settings" for the organization.
 
-{% ifversion ghec %}
+   On the "Global code security settings" page, scroll to the "{% data variables.product.prodname_GH_advanced_security %} repositories" section to see a detailed breakdown of usage by repository for this organization. See [AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage).
 
+{% elsif ghes and security-configurations %}
 {% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.license-tab %}
-   The "{% data variables.product.prodname_GH_advanced_security %}" section shows details of the current usage.
 
-   If you run out of licenses, the section will be red and show "Limit exceeded." You should either reduce your use of {% data variables.product.prodname_GH_advanced_security %} or purchase more licenses. For more information, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security#getting-the-most-out-of-github-advanced-security) and [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/managing-your-github-advanced-security-licensing).
+   The "{% data variables.product.prodname_GHAS %}" section shows details of the current usage. You can see the total number of licenses used, as well as a table with the number of committers and unique committers for each organization.
 
-{% ifversion security-configurations %}
-      {% data reusables.security-configurations.managing-GHAS-licenses %}
-{% endif %}
+1. Optionally, to see a detailed breakdown of usage by repositories within an organization, click an organization name to display the "Global code security settings" for the organization.
 
-{% elsif ghes %}
+   On the "Global code security settings" settings page, scroll to the "{% data variables.product.prodname_GH_advanced_security %} repositories" section to see a detailed breakdown of usage by repository for this organization, see [AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage).
 
+{% elsif pre-security-configurations %}
 {% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.license-tab %}
-   The "{% data variables.product.prodname_GH_advanced_security %}" section shows details of the current usage. You can see the total number of licenses used, as well as a table with the number of committers and unique committers for each organization.
 
-{% endif %}
-{%- ifversion ghec -%}
-1. Optionally, to see a detailed breakdown of usage per organization{% ifversion secret-scanning-user-owned-repos %} and user namespace when using {% data variables.product.prodname_emus %}{% endif %}, click {% octicon "credit-card" aria-hidden="true" %} **Billing & Licensing**.
+   The "{% data variables.product.prodname_GHAS %}" section shows details of the current usage. You can see the total number of licenses used, as well as a table with the number of committers and unique committers for each organization.
 
-   In the “{% data variables.product.prodname_GH_advanced_security %}” section, you can see a summary of your current license usage, as well as the number of committers and unique committers for each organization{% ifversion secret-scanning-user-owned-repos %} and user namespace when using {% data variables.product.prodname_emus %}{% endif %}. The organizations{% ifversion secret-scanning-user-owned-repos %} and user namespaces{% endif %} in the billing table are sorted by the highest number of unique committers in descending order.
+1. Optionally, to see a detailed breakdown of usage by repositories within an organization, click an organization name to display the "Security & analysis" for the organization.
+
+   * On the "Security & analysis" settings page, scroll to the "{% data variables.product.prodname_GH_advanced_security %} repositories" section to see a detailed breakdown of usage by repository for this organization. For more information, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization).
 {% endif %}
-1. Optionally, display the security and analysis settings for an organization.
-   * Click the name of the organization.
 
-{% ifversion ghec %}
-   * On the "{% data variables.product.UI_advanced_security_ent %}" settings page, scroll to the "{% data variables.product.prodname_GH_advanced_security %} repositories" section to see an overview of your organization's license usage, as well as a detailed breakdown of usage by repository for this organization.
+{% endif %}
 
-      For more information, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization).
+{% ifversion fpt %}
 
-{% else %}
-   * On the "Security & analysis" settings page, scroll to the "{% data variables.product.prodname_GH_advanced_security %} repositories" section to see a detailed breakdown of usage by repository for this organization.
+## Viewing {% data variables.product.prodname_AS %} usage for your organization account
 
-  For more information, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization).
+You can view the organization account's current license limits and usage.
 
-{% ifversion security-configurations %}
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+{% data reusables.organizations.billing_plans_or_licensing %}
 
-{% data reusables.security-configurations.managing-GHAS-licenses %}
+   The "{% data variables.product.prodname_GHAS %}" section shows details of the current usage.
 
 {% endif %}
+
+{% ifversion enhanced-billing-platform %}
+> [!TIP]
+> If you have access to the new billing platform, see also [AUTOTITLE](/billing/using-the-new-billing-platform/gathering-insights-on-your-spending) and [AUTOTITLE](/billing/using-the-new-billing-platform/preventing-overspending).
 {% endif %}
 
-## Downloading {% data variables.product.prodname_GH_advanced_security %} license usage information
+## Downloading {% data variables.product.prodname_AS %} license usage information
 
-You can download a CSV file with {% data variables.product.prodname_GH_advanced_security %} license usage information at both the enterprise and organization levels. The CSV file contains information about each {% data variables.product.prodname_advanced_security %} license that is in use, including:
+You can download a CSV file with {% data variables.product.prodname_GHAS %} license usage information at both the {% data variables.enterprise.enterprise_and_org %} level. The CSV file contains information about each {% data variables.product.prodname_AS %} license that is in use, including:
 
-* The username of the person using the license
-* The {% data variables.product.prodname_advanced_security %}-enabled repositories where commits were made
+* The username of the person using the {% data variables.product.prodname_GHAS_cs_or_sp %} license
+* The {% data variables.product.prodname_GH_cs_and_sp %}-enabled repositories where commits were made
 * The organizations{% ifversion secret-scanning-user-owned-repos %}{% ifversion ghec %} and user namespaces for {% data variables.product.prodname_emus %}{% endif %}{% endif %} that people using licenses belong to
 * The most recent commit dates and associated email addresses
 
-You can use this information for insights into your {% data variables.product.prodname_advanced_security %} usage, such as which members of your enterprise are using an {% data variables.product.prodname_advanced_security %} license or how {% data variables.product.prodname_advanced_security %} licenses are being consumed across your organizations.
+You can use this information for insights into your {% data variables.product.prodname_AS %} usage, such as which members of your enterprise are using a license or how licenses are being consumed across your organizations.
 
-You can download the {% data variables.product.prodname_advanced_security %} license usage CSV through the {% data variables.product.github %} user interface or the REST API.
+You can download a CSV report of license usage through the {% data variables.product.github %} user interface or the REST API.
 
-### Downloading {% data variables.product.prodname_advanced_security %} license usage information through the UI
+### Downloading license usage information from the UI
 
-{% ifversion ghec %}
+{% ifversion fpt %}You can download a CSV report for a repository or an organization.{% endif %}
+{% ifversion ghec %}You can download a CSV report for a repository, an organization, or an enterprise.{% endif %}
+
+{% ifversion fpt or ghec %}
 
-#### At the repository-level
+#### For a repository
 
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}
 1. In the "Security" section of the sidebar, select the {% data variables.product.UI_advanced_security %} dropdown menu, then click **{% data variables.product.prodname_global_settings_caps %}**.
-1. In the "{% data variables.product.prodname_GH_advanced_security %} repositories" section, next to the repository you want usage information for, select {% octicon "kebab-horizontal" aria-label="GHAS repository actions" %}, then click **Download CSV report**.
+1. In the "{% data variables.product.prodname_GH_cs_or_sp %} repositories" section, next to the repository you want usage information for, select {% octicon "kebab-horizontal" aria-label="GHAS repository actions" %}, then click **Download CSV report**.
 
-   ![Screenshot of the committers by repository table. The horizontal kebab icon and "Download CSV report" button are highlighted with an orange outline.](/assets/images/help/billing/ghas-billing-table-repository-csv.png)
-
-{% endif %}
-
-{% ifversion ghec %}
+   ![Screenshot of the table for {% data variables.product.prodname_GH_secret_protection %} usage. The horizontal kebab icon and "Download CSV report" button are outlined in orange.](/assets/images/help/billing/ghas-billing-table-repository-csv.png)
 
-#### At the organization-level
+#### For an organization
 
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}
-{% data reusables.organizations.billing_plans %}
-1. Underneath "{% data variables.product.prodname_GH_advanced_security %}," next to "Committers", click **{% octicon "download" aria-hidden="true" %} CSV report**.
+1. In the "Access" section of the sidebar click **{% octicon "credit-card" aria-hidden="true" %} Billing & licensing** and then **Usage**.
+1. Filter the metered usage to show `product:ghas` and choose "Group: SKU".
+1. Optionally, use the "Time Frame" field to set the period to report on.
+1. Click **{% octicon "download" aria-hidden="true" %}Get usage report** to download the report.
+
 {% endif %}
 
 {% ifversion ghec %}
 
-#### At the enterprise-level
-
-{% endif %}
+#### For an enterprise
 
 {% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.settings-tab %}
-{% data reusables.enterprise-accounts.license-tab %}
+1. Click **{% octicon "credit-card" aria-hidden="true" %} Billing & licensing** to display an overview.
 
-{%- ifversion ghec %}
-1. Under "{% data variables.product.prodname_GH_advanced_security %}," click the **Manage** dropdown and then click **Download report**.
+   **License consumption:**
+   1. Click **{% octicon "law" aria-hidden="true" %} Licensing**.
+   1. Under "{% data variables.product.prodname_GHAS %}," click the **Download report** dropdown and then click either **{% octicon "download" aria-hidden="true" %} {% data variables.product.prodname_code_security %}** or **{% octicon "download" aria-hidden="true" %} {% data variables.product.prodname_secret_protection %}**.
 
-   ![Screenshot of the "Manage" dropdown in the {% data variables.product.prodname_GH_advanced_security %} licensing screen. The "Download Report" button is outlined in orange.](/assets/images/help/enterprises/ghas-download-report.png)
+   **Metered usage:**
+   1. Scroll to the tabbed usage information at the bottom of the "Overview" page and click **{% data variables.product.prodname_AS %}** to show usage.
+   1. In the summary box, click "View details" to show metered usage for {% data variables.product.prodname_AS %} grouped by SKU.
+   1. Select a time frame and click **{% octicon "download" aria-hidden="true" %}Get usage report** to download a detailed report.
 
-{%- elsif ghes %}
-1. Under "{% data variables.product.prodname_GH_advanced_security %}," click **{% octicon "download" aria-hidden="true" %} CSV report** in the header of the "Committers" table.
+{% elsif ghes %}
 
-   ![Screenshot of the {% data variables.product.prodname_GH_advanced_security %} licensing screen. The "CSV Report" button is highlighted with an orange outline.](/assets/images/enterprise/ghas/download-csv-report-ghes-3.9.png)
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.license-tab %}
+1. Under "{% data variables.product.prodname_GHAS %}," click **{% octicon "download" aria-hidden="true" %} CSV report**.
 
-{%- else %}
-1. Under "{% data variables.product.prodname_GH_advanced_security %}," {% octicon "download" aria-label="The download icon" %} in the header of the "Committers" table.
+   ![Screenshot of the licensing screen. The "CSV Report" button is highlighted with an orange outline.](/assets/images/enterprise/ghas/download-csv-report-ghes-3.9.png)
 
-{%- endif %}
+{% endif %}
 
-### Downloading {% data variables.product.prodname_advanced_security %} license usage information through the REST API
+### Downloading {% data variables.product.prodname_AS %} license usage information through the REST API
 
-You can retrieve {% data variables.product.prodname_advanced_security %} usage information via the billing API.
+You can retrieve {% data variables.product.prodname_AS %} usage information via the billing API.
 
-{% ifversion ghec %}
+{% ifversion fpt or ghec %}
 
-For organization-level data, use the `/orgs/{org}/settings/billing/advanced-security` endpoint. For more information, see [AUTOTITLE](/rest/billing/billing#get-github-advanced-security-active-committers-for-an-organization).
+For organization-level data, use the `/organizations/{org}/settings/billing/usage` endpoint. For more information, see [AUTOTITLE](/rest/billing/enhanced-billing?apiVersion=2022-11-28).
 
 {% endif %}
 
-For enterprise-level data, use the `/enterprises/{enterprise}/settings/billing/advanced-security` endpoint. For more information, see [AUTOTITLE](/rest/enterprise-admin#get-github-advanced-security-active-committers-for-an-enterprise) in the {% data variables.product.prodname_dotcom %} REST API documentation.
+For enterprise-level data, use the `/enterprises/{enterprise}/settings/billing/usage` endpoint. For more information, see [AUTOTITLE](/enterprise-cloud@latest/rest/enterprise-admin/billing?apiVersion=2022-11-28#get-billing-usage-report-for-an-enterprise) in the {% data variables.product.prodname_ghe_cloud %} documentation.
diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces.md b/content/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces.md
index 3e54dfc34325..ab2b61cdb2d4 100644
--- a/content/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces.md
+++ b/content/billing/managing-billing-for-your-products/managing-billing-for-github-codespaces/about-billing-for-github-codespaces.md
@@ -23,9 +23,7 @@ redirect_from:
 
 ## About {% data variables.product.prodname_github_codespaces %} pricing
 
-{% ifversion billing-auth-and-capture %}
 {% data reusables.billing.authorization-charge %}
-{% endif %}
 
 {% data reusables.codespaces.codespaces-free-for-personal-intro %}
 
diff --git a/content/billing/managing-billing-for-your-products/managing-billing-for-github-packages/about-billing-for-github-packages.md b/content/billing/managing-billing-for-your-products/managing-billing-for-github-packages/about-billing-for-github-packages.md
index 9f14a662dcb5..15c98cab6c56 100644
--- a/content/billing/managing-billing-for-your-products/managing-billing-for-github-packages/about-billing-for-github-packages.md
+++ b/content/billing/managing-billing-for-your-products/managing-billing-for-github-packages/about-billing-for-github-packages.md
@@ -20,12 +20,8 @@ shortTitle: About billing
 
 ## About billing for {% data variables.product.prodname_registry %}
 
-{% ifversion billing-auth-and-capture %}
-
 {% data reusables.billing.authorization-charge %}
 
-{% endif %}
-
 {% data reusables.package_registry.packages-billing %}
 
 {% data reusables.package_registry.packages-spending-limit-brief %} For more information, see [About spending limits](#about-spending-limits).
diff --git a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md
index e49e5285864f..4d04656f30eb 100644
--- a/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md
+++ b/content/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning.md
@@ -62,13 +62,21 @@ You can customize your {% data variables.product.prodname_codeql %} analysis by
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.user-settings.security-analysis %}
-1. Scroll down to the "{% data variables.product.prodname_code_scanning_caps %}" section, select **Set up** {% octicon "triangle-down" aria-hidden="true" %}, then click **Advanced**.
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+1. Scroll down to "{% data variables.product.UI_code_security_scanning %}", select **Set up** {% octicon "triangle-down" aria-hidden="true" %}, then click **Advanced**.
 
    > [!NOTE]
-   > If you are switching from default setup to advanced setup, in the "{% data variables.product.prodname_code_scanning_caps %}" section, select {% octicon "kebab-horizontal" aria-label="Menu" %}, then click **{% octicon "workflow" aria-hidden="true" %} Switch to advanced**. In the pop-up window that appears, click **Disable {% data variables.product.prodname_codeql %}**.
+   > If you are switching from default setup to advanced setup, in the "{% data variables.product.UI_code_security_scanning %}" section, select {% octicon "kebab-horizontal" aria-label="Menu" %}, then click **{% octicon "workflow" aria-hidden="true" %} Switch to advanced**. In the pop-up window that appears, click **Disable {% data variables.product.prodname_codeql %}**.
 
-   ![Screenshot of the "{% data variables.product.prodname_code_scanning_caps %}" section of "{% data variables.product.UI_advanced_security %}" settings. The "Advanced setup" button is highlighted with an orange outline.](/assets/images/help/security/advanced-code-scanning-setup.png)
+   {% ifversion ghas-products %}
+
+   ![Screenshot of the "{% data variables.product.UI_code_security_scanning %}" section of "{% data variables.product.UI_advanced_security %}" settings. The "Advanced setup" button is highlighted with an orange outline.](/assets/images/help/security/advanced-code-scanning-setup.png)
+
+   {% else %}
+
+    ![Screenshot of the "{% data variables.product.prodname_code_scanning_caps %}" section of "{% data variables.product.UI_advanced_security %}" settings. The "Advanced setup" button is highlighted with an orange outline.](/assets/images/help/security/advanced-code-scanning-setup-ghas.png)
+
+    {% endif %}
 
 1. To customize how {% data variables.product.prodname_code_scanning %} scans your code, edit the workflow.
 
diff --git a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md b/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md
index d67a5d3d4d50..70f08574ecb3 100644
--- a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md
+++ b/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale.md
@@ -44,7 +44,7 @@ For repositories that are not eligible for default setup, you can configure adva
 
 A repository must meet all the following criteria to be eligible for default setup, otherwise you need to use advanced setup.
 
-* {% ifversion fpt %}{% data variables.product.prodname_code_scanning_caps %}{% else %}Advanced setup for {% data variables.product.prodname_code_scanning %}{% endif %} is not already enabled.
+* Advanced setup for {% data variables.product.prodname_code_scanning %} is not already enabled.
 * {% data variables.product.prodname_actions %} are enabled.{% ifversion default-setup-pre-enablement %}
 * Uses Go, JavaScript/TypeScript, Python, or Ruby.{% endif %}
 {% data reusables.code-scanning.require-actions-ghcs %}
diff --git a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md b/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md
index 1ec5843d001d..bd5c9ec27250 100644
--- a/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md
+++ b/content/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning.md
@@ -85,10 +85,18 @@ Compiled languages are not automatically included in default setup configuration
    > If you are configuring default setup on a fork, you must first enable {% data variables.product.prodname_actions %}. To enable {% data variables.product.prodname_actions %}, under your repository name, click **{% octicon "play" aria-hidden="true" %} Actions**, then click **I understand my workflows, go ahead and enable them**. Be aware that this will enable all existing workflows on your fork.
 
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.user-settings.security-analysis %}
-1. In the "{% data variables.product.prodname_code_scanning_caps %}" section, select **Set up** {% octicon "triangle-down" aria-hidden="true" %}, then click **Default**.
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+{% data reusables.repositories.code-scanning-enable %}
 
-   ![Screenshot of the "{% data variables.product.prodname_code_scanning_caps %}" section of "{% data variables.product.UI_advanced_security %}" settings. The "Default setup" button is highlighted with an orange outline.](/assets/images/help/security/default-code-scanning-setup.png)
+   {% ifversion ghas-products %}
+
+   ![Screenshot of the "{% data variables.product.UI_code_security_scanning %}" section of "{% data variables.product.UI_advanced_security %}" settings. The "Default setup" button is highlighted with an orange outline.](/assets/images/help/security/default-code-scanning-setup.png)
+
+   {% else %}
+
+   ![Screenshot of the "{% data variables.product.prodname_code_scanning_caps %}" section of "{% data variables.product.UI_advanced_security %}" settings. The "Default setup" button is highlighted with an orange outline.](/assets/images/help/security/default-code-scanning-setup-ghas.png)
+
+   {% endif %}
 
    You will then see a "{% data variables.product.prodname_codeql %} default configuration" dialog summarizing the {% data variables.product.prodname_code_scanning %} configuration automatically created by default setup.
 
diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning.md b/content/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning.md
index aa06131dfd57..bd64bba0d4aa 100644
--- a/content/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning.md
+++ b/content/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning.md
@@ -56,5 +56,5 @@ If {% data variables.product.prodname_copilot_autofix_short %} is allowed at the
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.user-settings.security-analysis %}
-1. In the "{% data variables.product.prodname_code_scanning_caps %}" section, deselect **{% data variables.product.prodname_copilot_autofix_short %}** or **{% data variables.product.prodname_copilot_autofix_short %} for third-party tools**.
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+1. In the "{% data variables.product.UI_code_security_scanning %}" section, deselect **{% data variables.product.prodname_copilot_autofix_short %}** or **{% data variables.product.prodname_copilot_autofix_short %} for third-party tools**.
diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning.md b/content/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning.md
index a0d8e8f852a6..85b9e535e465 100644
--- a/content/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning.md
+++ b/content/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning.md
@@ -26,7 +26,7 @@ redirect_from:
 
 {% data variables.product.prodname_copilot_autofix_short %} is allowed by default and enabled for every repository using {% data variables.product.prodname_codeql %}, but you can choose to opt out and disable {% data variables.product.prodname_copilot_autofix_short %}. To learn how to disable {% data variables.product.prodname_copilot_autofix_short %} at the enterprise, organization and repository levels, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning).
 
-In an organization's security overview dashboard, you can view the total number of code suggestions generated on open and closed pull requests in the organization for a given time period. For more information, see {% ifversion ghas-products-cloud %}[AUTOTITLE](/code-security/security-overview/viewing-security-insights#autofix-suggestions){% elsif fpt %}[AUTOTITLE](/enterprise-cloud@latest/code-security/security-overview/viewing-security-insights#autofix-suggestions) in the {% data variables.product.prodname_ghe_cloud %} documentation{% endif %}.
+In an organization's security overview dashboard, you can view the total number of code suggestions generated on open and closed pull requests in the organization for a given time period. For more information, see [AUTOTITLE](/code-security/security-overview/viewing-security-insights#autofix-suggestions).
 
 ## Developer experience
 
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md
index 116279301ef3..6432740fc893 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup.md
@@ -29,8 +29,8 @@ If you need to change any other aspects of your {% data variables.product.prodna
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.user-settings.security-analysis %}
-1. In the "{% data variables.product.prodname_codeql %} analysis" row of the "{% data variables.product.prodname_code_scanning_caps %}" section, select {% octicon "kebab-horizontal" aria-label="Menu" %}, then click **{% octicon "gear" aria-hidden="true" %} View {% data variables.product.prodname_codeql %} configuration**.
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+1. In the "{% data variables.product.prodname_codeql %} analysis" row of the "{% data variables.product.UI_code_security_scanning %}" section, select {% octicon "kebab-horizontal" aria-label="Menu" %}, then click **{% octicon "gear" aria-hidden="true" %} View {% data variables.product.prodname_codeql %} configuration**.
 1. In the "{% data variables.product.prodname_codeql %} default configuration" window, click **{% octicon "pencil" aria-hidden="true" %} Edit**.
 1. Optionally, in the "Languages" section, select or deselect languages for analysis.
 1. Optionally, in the "Query suite" row of the "Scan settings" section, select a different query suite to run against your code.{% ifversion codeql-threat-models %}
diff --git a/content/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning.md b/content/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning.md
index bb7d452e7e74..8a8bf57656cb 100644
--- a/content/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning.md
+++ b/content/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning.md
@@ -25,10 +25,9 @@ shortTitle: Enable delegated alert dismissal
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-code-security-and-analysis %}
-{% data reusables.repositories.navigate-to-ghas-settings %}
-
-1. Under "{% data variables.product.prodname_code_scanning_caps %}",  click **Enable** for "Prevent direct alert dismissals".
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghas-products %}{% else %}
+{% data reusables.repositories.navigate-to-ghas-settings %}{% endif %}
+1. Under "{% data variables.product.UI_code_security_scanning %}",  click **Enable** for "Prevent direct alert dismissals".
 
 ## Configuring delegated dismissal for an organization
 
diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/advanced-security-must-be-enabled.md b/content/code-security/code-scanning/troubleshooting-code-scanning/advanced-security-must-be-enabled.md
index 82a0acdc322d..0fe0d058bd1b 100644
--- a/content/code-security/code-scanning/troubleshooting-code-scanning/advanced-security-must-be-enabled.md
+++ b/content/code-security/code-scanning/troubleshooting-code-scanning/advanced-security-must-be-enabled.md
@@ -21,38 +21,44 @@ versions:
 403: {% data variables.product.prodname_GH_advanced_security %} is not enabled
 ```
 
-This error is reported if you try to run {% data variables.product.prodname_code_scanning %} in a repository where {% data variables.product.prodname_GH_advanced_security %} is not enabled or where use of this feature is blocked by a policy.
+This error is reported if you try to run {% data variables.product.prodname_code_scanning %} in a repository where {% data variables.product.prodname_GH_code_security %} is not enabled or where use of this feature is blocked by a policy.
 
-{% ifversion fpt or ghec %}You will only see this error for repositories with private or internal visibility. {% data variables.product.prodname_GH_advanced_security %} is enabled by default for all public repositories.{% endif %}
-
-## Confirming the cause of the error
+{% ifversion fpt or ghec %}You will only see this error for repositories with private or internal visibility. {% data variables.product.prodname_GH_code_security %} is enabled by default for all public repositories.{% endif %}
 
 {% ifversion fpt %}
-If you are on a free, pro, or team plan, you can only use {% data variables.product.prodname_code_scanning %} on repositories that are publicly available. To enable {% data variables.product.prodname_code_scanning %} for private or internal repositories, you must upgrade to GitHub Enterprise with {% data variables.product.prodname_GH_advanced_security %} and enable {% data variables.product.prodname_GH_advanced_security %} for the repository. For more information, see [AUTOTITLE](/get-started/learning-about-github/githubs-products#github-enterprise) and [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
+If you are on a **{% data variables.product.prodname_free_team %}** or **{% data variables.product.prodname_pro %}** plan, you can only use {% data variables.product.prodname_code_scanning %} on repositories that are publicly available. To enable {% data variables.product.prodname_code_scanning %} for private or internal repositories, you must upgrade to {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %} with {% data variables.product.prodname_GH_code_security %} and enable {% data variables.product.prodname_code_security %} for the repository. For more information, see [AUTOTITLE](/get-started/learning-about-github/githubs-products#github-team) and [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
+{% endif %}
 
-{% else %}
+## Confirming the cause of the error
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.user-settings.security-analysis %}
-1. Scroll down to "{% data variables.product.prodname_GH_advanced_security %}."
-1. If there is an associated and active **Enable** button, {% data variables.product.prodname_GH_advanced_security %} is available for this repository but not yet enabled.
-1. If use of {% data variables.product.prodname_GH_advanced_security %} is blocked by a policy, the **Enable** button is inactive and the owner of the policy is listed.
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+1. On the settings page, scroll down to "{% data variables.product.prodname_code_security %}."
+1. If there is an associated and active **Enable** button, {% data variables.product.prodname_GH_code_security %} is available for this repository but not yet enabled.
+{% ifversion ghas-products %}
+1. If use of {% data variables.product.prodname_GH_code_security %} is blocked by a policy, "{% octicon "shield" aria-hidden="true" %} Disabled" is shown in place of the **Enable** button.
 
-   ![Screenshot of the "{% data variables.product.prodname_GH_advanced_security %}" setting. The owner of the enterprise policy and the inactive "Enable" button are outlined in orange.](/assets/images/help/repository/ghas-enterprise-policy-block.png)
+   !["Screenshot of the {% data variables.product.prodname_GH_advanced_security %}" setting. The disabled option is highlighted in dark orange.](/assets/images/help/repository/ghas-enterprise-policy-block.png)
+{% else %}
+1. If use of {% data variables.product.prodname_GH_code_security %} is blocked by a policy, the **Enable** button is inactive and the owner of the policy is listed.
+
+   !["Screenshot of the {% data variables.product.prodname_GH_advanced_security %}" setting. The enterprise policy owner and the inactive "Enable" button are highlighted in dark orange.](/assets/images/help/repository/ghas-enterprise-policy-block-ghas.png)
+{% endif %}
 
 ## Fixing the problem
 
-If {% data variables.product.prodname_GH_advanced_security %} is available to your repository, you can enable it on the settings page. If {% data variables.product.prodname_GH_advanced_security %} is blocked by a policy, you first need to request access.
+If {% data variables.product.prodname_GH_code_security %} is available to your repository, you can enable it on the settings page.
+
+If {% data variables.product.prodname_GH_code_security %} is blocked by a policy, you first need to request access.
 
-### Requesting access to {% data variables.product.prodname_GH_advanced_security %}
+### Requesting access to {% data variables.product.prodname_GH_code_security %}
 
-1. In the "{% data variables.product.prodname_GH_advanced_security %}" settings, click the enterprise name to display a list of users with access to edit the policy that controls access to {% data variables.product.prodname_GH_advanced_security %}. For more information, see [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise#enforcing-a-policy-for-the-use-of-github-advanced-security-in-your-enterprises-organizations).
+1. In the "{% data variables.product.prodname_code_security %}" settings, click the enterprise name to display a list of users with access to edit the policy that controls access to {% data variables.product.prodname_advanced_security %} products. For more information, see [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise#enforcing-a-policy-for-the-use-of-github-advanced-security-in-your-enterprises-organizations).
 1. Follow your company's policy for requesting access to additional features.
 
-### Enabling {% data variables.product.prodname_GH_advanced_security %}
+### Enabling {% data variables.product.prodname_GH_code_security %}
 
-1. In the "{% data variables.product.prodname_GH_advanced_security %}" settings, click **Enable**.
+1. Open the "Code security" settings page.
+1. Next to the "{% data variables.product.prodname_code_security %}" feature, click **Enable**.
 1. Rerun {% data variables.product.prodname_code_scanning %}.
-
-{% endif %}
diff --git a/content/code-security/code-scanning/troubleshooting-code-scanning/cannot-enable-codeql-in-a-private-repository.md b/content/code-security/code-scanning/troubleshooting-code-scanning/cannot-enable-codeql-in-a-private-repository.md
index 47257621972c..d0309907215a 100644
--- a/content/code-security/code-scanning/troubleshooting-code-scanning/cannot-enable-codeql-in-a-private-repository.md
+++ b/content/code-security/code-scanning/troubleshooting-code-scanning/cannot-enable-codeql-in-a-private-repository.md
@@ -14,34 +14,34 @@ versions:
 ---
 
 {% ifversion fpt %}
-{% ifversion ghas-products-cloud %}
-If you are on a free or pro plan, you can only use {% data variables.product.prodname_code_scanning %} on repositories that are publicly available. To enable {% data variables.product.prodname_code_scanning %} for private or internal repositories, you must upgrade to {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %} with {% data variables.product.prodname_GH_code_security %} and enable {% data variables.product.prodname_GH_code_security %} for the repository. For more information, see [AUTOTITLE](/get-started/learning-about-github/githubs-products#github-team) and [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
-{% else %}
-If you are on a free, pro, or team plan, you can only use {% data variables.product.prodname_code_scanning %} on repositories that are publicly available. To enable {% data variables.product.prodname_code_scanning %} for private or internal repositories, you must upgrade to {% data variables.product.prodname_enterprise %} with {% data variables.product.prodname_GHAS %} and enable {% data variables.product.prodname_GHAS %} for the repository. For more information, see [AUTOTITLE](/get-started/learning-about-github/githubs-products#github-enterprise) and [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
-{% endif %}
+If you are on a **{% data variables.product.prodname_free_team %}** or **{% data variables.product.prodname_pro %}** plan, you can only use {% data variables.product.prodname_code_scanning %} on repositories that are publicly available. To enable {% data variables.product.prodname_code_scanning %} for private or internal repositories, you must upgrade to {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %} with {% data variables.product.prodname_GH_code_security %} and enable {% data variables.product.prodname_code_security %} for the repository. For more information, see [AUTOTITLE](/get-started/learning-about-github/githubs-products#github-team) and [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
 {% endif %}
 
-{% ifversion ghas-products-cloud or ghec or ghes %}
-
 ## Confirm whether {% data variables.product.prodname_GH_code_security %} is enabled
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.user-settings.security-analysis %}
-1. Scroll down to "{% data variables.product.prodname_GH_advanced_security %}."
-1. If there is an associated and active **Enable** button, {% data variables.product.prodname_GH_advanced_security %} is available for this repository but not yet enabled.
-1. If use of {% data variables.product.prodname_GH_advanced_security %} is blocked by a policy, the **Enable** button is inactive and the owner of the policy is listed.
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+1. On the settings page, scroll down to "{% data variables.product.prodname_code_security %}."
+1. If there is an associated and active **Enable** button, {% data variables.product.prodname_code_security %} is available for this repository but not yet enabled.
 
-   !["Screenshot of the {% data variables.product.prodname_GH_advanced_security %}" setting. The enterprise policy owner and the inactive "Enable" button are highlighted in dark orange.](/assets/images/help/repository/ghas-enterprise-policy-block.png)
+{% ifversion ghas-products %}
+1. If use of {% data variables.product.prodname_GH_code_security %} is blocked by a policy, "{% octicon "shield" aria-hidden="true" %} Disabled" is shown in place of the **Enable** button.
 
-### Requesting access to {% data variables.product.prodname_GH_advanced_security %}
+   !["Screenshot of the {% data variables.product.prodname_GH_advanced_security %}" setting. The disabled option is highlighted in dark orange.](/assets/images/help/repository/ghas-enterprise-policy-block.png)
+{% else %}
+1. If use of {% data variables.product.prodname_GH_code_security %} is blocked by a policy, the **Enable** button is inactive and the owner of the policy is listed.
 
-1. In the "{% data variables.product.prodname_GH_advanced_security %}" settings, click the enterprise or organization name to display a list of users with access to edit the policy that controls access to {% data variables.product.prodname_GH_advanced_security %}. For more information, see [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise#enforcing-a-policy-for-the-use-of-github-advanced-security-in-your-enterprises-organizations).
+   !["Screenshot of the {% data variables.product.prodname_GH_advanced_security %}" setting. The enterprise policy owner and the inactive "Enable" button are highlighted in dark orange.](/assets/images/help/repository/ghas-enterprise-policy-block-ghas.png)
+{% endif %}
+
+### Requesting access to {% data variables.product.prodname_GH_code_security %}
+
+1. In the "{% data variables.product.prodname_code_security %}" settings, click the enterprise or organization name to display a list of users with access to edit the policy that controls access to {% data variables.product.prodname_GH_code_security %}. For more information, see [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise#enforcing-a-policy-for-the-use-of-github-advanced-security-in-your-enterprises-organizations).
 1. Follow your company's policy for requesting access to additional features.
 
-### Enabling {% data variables.product.prodname_GH_advanced_security %}
+### Enabling {% data variables.product.prodname_GH_code_security %}
 
-1. In the "{% data variables.product.prodname_GH_advanced_security %}" settings, click **Enable**.
+1. Open the "Code security" settings page.
+1. Next to the "{% data variables.product.prodname_code_security %}" feature, click **Enable**.
 1. Rerun {% data variables.product.prodname_code_scanning %}.
-
-{% endif %}
diff --git a/content/code-security/code-scanning/troubleshooting-sarif-uploads/default-setup-enabled.md b/content/code-security/code-scanning/troubleshooting-sarif-uploads/default-setup-enabled.md
index d4d5be78f6b9..564785f01355 100644
--- a/content/code-security/code-scanning/troubleshooting-sarif-uploads/default-setup-enabled.md
+++ b/content/code-security/code-scanning/troubleshooting-sarif-uploads/default-setup-enabled.md
@@ -31,8 +31,8 @@ You will only see this error for SARIF files that contain results created using
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.user-settings.security-analysis %}
-1. In the "{% data variables.product.prodname_code_scanning_caps %}" section of the page, next to "{% data variables.product.prodname_codeql %} analysis," click {% octicon "kebab-horizontal" aria-label="Menu" %}.
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+1. In the "{% data variables.product.UI_code_security_scanning %}" section of the page, next to "{% data variables.product.prodname_codeql %} analysis," click {% octicon "kebab-horizontal" aria-label="Menu" %}.
 1. If there is a **{% octicon "workflow" aria-hidden="true" %} Switch to advanced** option, default setup is enabled for the repository.
 
 ## Fixing the problem
diff --git a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github.md b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github.md
index b8caf2b1af80..585de6fcccbc 100644
--- a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github.md
+++ b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github.md
@@ -65,7 +65,7 @@ codeql github upload-results \
 
 | Option | Required | Usage |
 | ------ | :------: | ----- |
-| <code><span style="white-space: nowrap;">--repository</span></code> | {% octicon "check" aria-label="Required" %} | Specify the _OWNER/NAME_ of the repository to upload data to. The owner must be an organization{% ifversion ghas-products-cloud %}{% ifversion fpt or ghec %} within an enterprise, or on a team plan,{% endif %}{% endif %} with {% data variables.product.prodname_GH_code_security %} enabled for the repository{% ifversion fpt or ghec %}, unless the repository is public{% endif %}. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository). |
+| <code><span style="white-space: nowrap;">--repository</span></code> | {% octicon "check" aria-label="Required" %} | Specify the _OWNER/NAME_ of the repository to upload data to. The owner must be an organization{% ifversion fpt or ghec %} within an enterprise, or on a {% data variables.product.prodname_team %} plan,{% endif %} with {% data variables.product.prodname_GH_code_security %} enabled for the repository{% ifversion fpt or ghec %}, unless the repository is public{% endif %}. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository). |
 | <code><span style="white-space: nowrap;">--ref</span></code> | {% octicon "check" aria-label="Required" %} | Specify the name of the `ref` you checked out and analyzed so that the results can be matched to the correct code. For a branch use: `refs/heads/BRANCH-NAME`, for the head commit of a pull request use `refs/pull/NUMBER/head`, or for the {% data variables.product.prodname_dotcom %}-generated merge commit of a pull request use `refs/pull/NUMBER/merge`. |
 | <code><span style="white-space: nowrap;">--commit</span></code> | {% octicon "check" aria-label="Required" %} | Specify the full SHA of the commit you analyzed. |
 | <code><span style="white-space: nowrap;">--sarif</span></code> | {% octicon "check" aria-label="Required" %} | Specify the SARIF file to load. |
diff --git a/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md b/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md
index 4e9234172a9c..c80584042d6f 100644
--- a/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md
+++ b/content/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts.md
@@ -116,12 +116,7 @@ You can enable or disable {% data variables.product.prodname_dependabot_alerts %
 
 {% endif %}
 
-{% ifversion dependabot-alerts-enterprise-enablement %}
-
-> [!NOTE]
-> When {% data variables.product.prodname_dependabot_alerts %} are enabled or disabled at the enterprise level, it overrides the organization and repository level settings for {% data variables.product.prodname_dependabot_alerts %}.
-
-{% endif %}
+{% ifversion ghes < 3.16 %}
 
 {% ifversion dependabot-alerts-enterprise-enablement or ghes %}
 {% data reusables.enterprise-accounts.access-enterprise %}
@@ -130,3 +125,17 @@ You can enable or disable {% data variables.product.prodname_dependabot_alerts %
 1. In the "{% data variables.product.prodname_dependabot %}" section, to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Disable all** or **Enable all**.
 1. Optionally, select **Automatically enable for new repositories** to enable {% data variables.product.prodname_dependabot_alerts %} by default for your organizations' new repositories.
 {% endif %}
+
+{% ifversion dependabot-alerts-enterprise-enablement or security-configuration-enterprise-level %}
+
+> [!NOTE]
+> When {% data variables.product.prodname_dependabot_alerts %} are enabled or disabled at the enterprise level, it overrides the organization and repository level settings for {% data variables.product.prodname_dependabot_alerts %}.
+
+{% data variables.product.prodname_security_configurations_caps %}, which are collections of security settings,  allow you to manage {% data variables.product.prodname_dependabot_alerts %} for your enterprise. You can:
+
+* Use the {% data variables.product.prodname_github_security_configuration %}. This configuration is maintained by {% data variables.product.github %} and is a set of industry best practices and features that provide a robust, baseline security posture for enterprises. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/applying-the-github-recommended-security-configuration-to-your-enterprise).
+* Configure your own {% data variables.product.prodname_custom_security_configuration %} if you prefer the enablement settings to meet the specific security needs of your enterprise. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise).
+
+{% endif %}
+
+{% endif %}
diff --git a/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md b/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md
index fc76bff7e304..70b1b7923d47 100644
--- a/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md
+++ b/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md
@@ -71,7 +71,7 @@ The alert details page of alerts on development-scoped packages shows a "Tags" s
 
 {% data reusables.dependabot.where-to-view-dependabot-alerts %} You can sort and filter {% data variables.product.prodname_dependabot_alerts %} by selecting a filter from the dropdown menu.
 
-{% ifversion ghec or ghes %}To view summaries of alerts for all or a subset of repositories owned by your organization, use security overview. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview#about-security-overview-for-organizations).{% endif %}
+To view summaries of alerts for all or a subset of repositories owned by your organization, use security overview. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview#about-security-overview-for-organizations).
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-security %}
diff --git a/content/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules.md b/content/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules.md
index 940a679e4f52..d71ae8559afb 100644
--- a/content/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules.md
+++ b/content/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules.md
@@ -44,7 +44,7 @@ The rule is enabled by default for public repositories and can be opted into for
 
 With {% data variables.dependabot.custom_rules %}, you can create your own rules to automatically dismiss or reopen alerts based on targeted metadata, such as severity, package name, CWE, and more. You can also specify which alerts you want {% data variables.product.prodname_dependabot %} to open pull requests for. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts).
 
-You can create custom rules from the **Settings** tab of the repository{% ifversion ghec or ghes %}, provided the repository belongs to an organization that has a license for {% ifversion ghas-products %}{% data variables.product.prodname_GH_code_security %} or {% endif %}{% data variables.product.prodname_GHAS %}{% endif %}. For more information, see [Adding custom auto-triage rules to your repository](/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts#adding-custom-auto-triage-rules-to-your-repository).
+You can create custom rules from the **Settings** tab of the repository, provided the repository belongs to an organization that has a license for {% data variables.product.prodname_GHAS_or_code_security %}. For more information, see [Adding custom auto-triage rules to your repository](/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts#adding-custom-auto-triage-rules-to-your-repository).
 
 ### About auto-dismissing alerts
 
diff --git a/content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md b/content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md
index f2432fbadff5..0028e13365db 100644
--- a/content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md
+++ b/content/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts.md
@@ -1,6 +1,7 @@
 ---
 title: Customizing auto-triage rules to prioritize Dependabot alerts
 intro: 'You can create your own {% data variables.dependabot.auto_triage_rules_short %} to control which alerts are dismissed or snoozed, and which alerts you want {% data variables.product.prodname_dependabot %} to open pull requests for.'
+product: '{% data reusables.gated-features.dependabot-auto-triage-rules %}'
 permissions: '{% data reusables.permissions.dependabot-auto-triage-rules %}'
 versions:
   fpt: '*'
@@ -24,9 +25,9 @@ You can create your own {% data variables.dependabot.auto_triage_rules %} based
 
 Since any rules that you create apply to both future and current alerts, you can also use {% data variables.dependabot.auto_triage_rules_short %} to manage your {% data variables.product.prodname_dependabot_alerts %} in bulk.
 
-Repository administrators can create {% data variables.dependabot.custom_rules %} for their {% ifversion fpt %}public{% elsif ghec or ghes %}public, private, and internal{% endif %} repositories.
+Repository administrators can create {% data variables.dependabot.custom_rules %} for their repositories. {% ifversion fpt or ghec %}For private or internal repositories, this requires {% data variables.product.prodname_GH_code_security %}.{% elsif ghes %}This requires {% data variables.product.prodname_GH_code_security %}.{% endif %}
 
-Organization owners and security managers can set {% data variables.dependabot.custom_rules %} at the organization-level, and then choose if a rule is enforced or enabled across all public {% ifversion ghec %}and private {% endif %} repositories in the organization.
+Organization owners and security managers can set {% data variables.dependabot.custom_rules %} at the organization-level, and then choose if a rule is enforced or enabled across all public and private repositories in the organization.
 
    * **Enforced:** If an organization-level rule is "enforced", repository administrators cannot edit, disable, or delete the rule.
    * **Enabled:** If an organization-level rule is "enabled", repository administrators can still disable the rule for their repository.
diff --git a/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md b/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md
index d6175f79e71b..7950d34f620d 100644
--- a/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md
+++ b/content/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates.md
@@ -57,7 +57,7 @@ You can also enable or disable {% data variables.product.prodname_dependabot_sec
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.repositories.navigate-to-code-security-and-analysis %}
-1. Under "{% data variables.product.UI_advanced_security %}", to the right of "{% data variables.product.prodname_dependabot %} security updates", click **Enable** to enable the feature or **Disable** to disable it. {% ifversion fpt or ghec %}For public repositories, the button is disabled if the feature is always enabled.{% endif %}
+1. To the right of "{% data variables.product.prodname_dependabot %} security updates", click **Enable** to enable the feature or **Disable** to disable it. {% ifversion fpt or ghec %}For public repositories, the button is disabled if the feature is always enabled.{% endif %}
 
 {% ifversion dependabot-grouped-security-updates-config %}
 
@@ -82,7 +82,7 @@ Repository administrators can enable or disable grouped security updates for the
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.repositories.navigate-to-code-security-and-analysis %}
-1. Under "{% data variables.product.UI_advanced_security %}", to the right of "Grouped security updates", click **Enable** to enable the feature or **Disable** to disable it.
+1. Under "{% ifversion ghas-products %}{% data variables.product.prodname_dependabot %}{% else %}{% data variables.product.UI_advanced_security %}{% endif %}", to the right of "Grouped security updates", click **Enable** to enable the feature or **Disable** to disable it.
 
 ### Enabling or disabling grouped {% data variables.product.prodname_dependabot_security_updates %} for an organization
 
diff --git a/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md b/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md
index 085e7b43911f..beb9e630b9ff 100644
--- a/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md
+++ b/content/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates.md
@@ -43,7 +43,7 @@ You enable {% data variables.product.prodname_dependabot_version_updates %} by c
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.repositories.navigate-to-code-security-and-analysis %}
-1. Under "{% data variables.product.UI_advanced_security %}", to the right of "{% data variables.product.prodname_dependabot_version_updates %}", click **Enable** to open a basic `dependabot.yml` configuration file in the `.github` directory of your repository. {% data reusables.dependabot.link-to-yml-config-file %}
+1. Under "{% ifversion ghas-products %}{% data variables.product.prodname_dependabot %}{% else %}{% data variables.product.UI_advanced_security %}{% endif %}", to the right of "{% data variables.product.prodname_dependabot_version_updates %}", click **Enable** to open a basic `dependabot.yml` configuration file in the `.github` directory of your repository. {% data reusables.dependabot.link-to-yml-config-file %}
 {% else %}
 1. Create a `dependabot.yml` configuration file in the `.github` directory of your repository. You can use the snippet below as a starting point. {% data reusables.dependabot.link-to-yml-config-file %}
 {% endif %}
@@ -117,7 +117,7 @@ On a fork, you also need to explicitly enable {% data variables.product.prodname
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.repositories.navigate-to-code-security-and-analysis %}
-1. Under "{% data variables.product.UI_advanced_security %}", to the right of "{% data variables.product.prodname_dependabot_version_updates %}", click **Enable** to allow {% data variables.product.prodname_dependabot %} to initiate version updates.
+1. Under "{% ifversion ghas-products %}{% data variables.product.prodname_dependabot %}{% else %}{% data variables.product.UI_advanced_security %}{% endif %}", to the right of "{% data variables.product.prodname_dependabot_version_updates %}", click **Enable** to allow {% data variables.product.prodname_dependabot %} to initiate version updates.
 
 ## Checking the status of version updates
 
diff --git a/content/code-security/dependabot/maintain-dependencies/best-practices-for-maintaining-dependencies.md b/content/code-security/dependabot/maintain-dependencies/best-practices-for-maintaining-dependencies.md
index d29d1ffd8bf3..c649516b685a 100644
--- a/content/code-security/dependabot/maintain-dependencies/best-practices-for-maintaining-dependencies.md
+++ b/content/code-security/dependabot/maintain-dependencies/best-practices-for-maintaining-dependencies.md
@@ -109,7 +109,7 @@ By following these practices, you can significantly reduce the risk posed by out
 
 **Security overview**
 
-   * You can keep an eye on the dashboards on the security overview page, which provide  insights about your organization or enterprise's security landscape and progress. It helps users identify repositories that need attention and monitor the health of their application security program.{% ifversion ghec or ghes %} For example, you can see a summary of an organization's security risk, trends in detection, remediation, and prevention of security alerts, as well as the enablement status of {% data variables.product.github %}'s security features.{% endif %} For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview).
+   * You can keep an eye on the dashboards on the security overview page, which provide  insights about your organization or enterprise's security landscape and progress. It helps users identify repositories that need attention and monitor the health of their application security program. For example, you can see a summary of an organization's security risk, trends in detection, remediation, and prevention of security alerts, as well as the enablement status of {% data variables.product.github %}'s security features. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview).
 
 **Security policy**
 
diff --git a/content/code-security/getting-started/auditing-security-alerts.md b/content/code-security/getting-started/auditing-security-alerts.md
index 4376e0fea1d3..828b49091621 100644
--- a/content/code-security/getting-started/auditing-security-alerts.md
+++ b/content/code-security/getting-started/auditing-security-alerts.md
@@ -32,7 +32,7 @@ Many of the events in the timeline also create an event in the audit log, which
 
 Security overview consolidates information about security alerts and provides high-level summaries of the security status of your enterprise or organization.
 
-In security overview you can see repositories with open security alerts{% ifversion ghec or ghes %}, as well as which repositories have enabled specific security features{% endif %}. You can also use security overview to filter and sort security alerts using interactive views.
+In security overview you can see repositories with open security alerts, as well as which repositories have enabled specific security features. You can also use security overview to filter and sort security alerts using interactive views.
 
 For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview).
 
diff --git a/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md b/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md
index be7a0aa4d4ff..a1f7bfcdd415 100644
--- a/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md
+++ b/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md
@@ -78,16 +78,23 @@ There are two forms of {% data variables.product.prodname_secret_scanning %} ava
   When enabled, {% data variables.secret-scanning.user_alerts %} can be detected on the following types of repository:{% ifversion fpt %}
    * Public repositories owned by personal accounts on {% data variables.product.prodname_dotcom_the_website %}
    * Public repositories owned by organizations
-   * Private and internal repositories owned by organizations using {% ifversion ghas-products-cloud %}{% data variables.product.prodname_team %} or {% endif %}{% data variables.product.prodname_ghe_cloud %}, with a license for {% data variables.product.prodname_GH_code_security %}{% elsif ghec %}
+   * Private and internal repositories owned by organizations using {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %}, with a license for {% data variables.product.prodname_GH_code_security %}{% elsif ghec %}
    * Public repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %}
    * Private and internal repositories when you have a license for {% data variables.product.prodname_GH_code_security %}{% endif %}
 {% endif %}
 
+{% ifversion ghas-products %}{% ifversion secret-risk-assessment %}
+
+> [!TIP]
+> Regardless of the enablement status of {% data variables.product.prodname_secret_scanning %} and push protection, organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %} can run a free report to scan the code in the organization for leaked secrets. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment).{% endif %}{% else %}
+
+{% endif %}
+
 {% ifversion ghes %}Your site administrator must enable {% data variables.product.prodname_secret_scanning %} for your instance before you can use this feature. For more information, see [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-secret-scanning-for-your-appliance).{% endif %}
 
 For more information about {% data variables.product.prodname_secret_scanning %}, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning).
 
-{% data reusables.secret-scanning.push-protection-high-level %} For more information, see [AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning).{% ifversion ghec or ghes %} Finally, you can also extend the detection to include custom secret string structures. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning).{% endif %}
+{% data reusables.secret-scanning.push-protection-high-level %} For more information, see [AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning). Finally, you can also extend the detection to include custom secret string structures. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning).
 
 ### Review the audit log for your organization
 
diff --git a/content/code-security/getting-started/dependabot-quickstart-guide.md b/content/code-security/getting-started/dependabot-quickstart-guide.md
index f1bd749b2e4f..943e4cf145d5 100644
--- a/content/code-security/getting-started/dependabot-quickstart-guide.md
+++ b/content/code-security/getting-started/dependabot-quickstart-guide.md
@@ -44,11 +44,12 @@ You need to follow the steps below on the repository you forked in [Prerequisite
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.repositories.navigate-to-code-security-and-analysis %}
-1. Under "{% data variables.product.UI_advanced_security %}", to the right of {% data variables.product.prodname_dependabot_alerts %}, click **Enable** for {% data variables.product.prodname_dependabot_alerts %}, {% data variables.product.prodname_dependabot_security_updates %}, and {% data variables.product.prodname_dependabot_version_updates %}.
-1. Optionally, if you are interested in experimenting with {% data variables.product.prodname_dependabot_version_updates %}, click **.github/dependabot.yml**. This will create a default `dependabot.yml` configuration file in the `/.github` directory of your repository. To enable {% data variables.product.prodname_dependabot_version_updates %} for your repository, you typically configure this file to suit your needs by editing the default file, and committing your changes. You can refer to the snippet provided in [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#example-dependabotyml-file) for an example.
+1. Under "{% data variables.product.prodname_dependabot %}", click **Enable** for {% data variables.product.prodname_dependabot_alerts %}, {% data variables.product.prodname_dependabot_security_updates %}, and {% data variables.product.prodname_dependabot_version_updates %}.
+1. If you clicked **Enable** for {% data variables.product.prodname_dependabot_version_updates %}, you can edit the default `dependabot.yml` configuration file that {% data variables.product.github %} creates for you in the `/.github` directory of your repository.
+   To enable {% data variables.product.prodname_dependabot_version_updates %} for your repository, you typically configure this file to suit your needs by editing the default file, and committing your changes. You can refer to the snippet provided in [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#example-dependabotyml-file) for an example.
 
 > [!NOTE]
-> If the dependency graph is not already enabled for the repository, {% data variables.product.prodname_dotcom %} will enable it automatically when you enable {% data variables.product.prodname_dependabot %}.
+> If the dependency graph is not already enabled for the repository, {% data variables.product.github %} will enable it automatically when you enable {% data variables.product.prodname_dependabot %}.
 
 For more information about configuring each of these {% data variables.product.prodname_dependabot %} features, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts), [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates), and [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates).
 
diff --git a/content/code-security/getting-started/github-security-features.md b/content/code-security/getting-started/github-security-features.md
index 7e28e94d4dca..9ceed55dc8cf 100644
--- a/content/code-security/getting-started/github-security-features.md
+++ b/content/code-security/getting-started/github-security-features.md
@@ -1,6 +1,6 @@
 ---
 title: GitHub security features
-intro: 'An overview of {% data variables.product.prodname_dotcom %} security features.'
+intro: 'An overview of {% data variables.product.github %}''s security features.'
 versions:
   fpt: '*'
   ghes: '*'
@@ -14,30 +14,47 @@ topics:
   - Secret Protection
 ---
 
-## About {% data variables.product.prodname_dotcom %}'s security features
+## About {% data variables.product.github %}'s security features
 
-{% data variables.product.prodname_dotcom %} has security features that help keep code and secrets secure in repositories and across organizations. {% data reusables.advanced-security.security-feature-availability %}
+{% data variables.product.github %}'s security features help keep your code and secrets secure in repositories and across organizations.
 
-The {% data variables.product.prodname_advisory_database %} contains a curated list of security vulnerabilities that you can view, search, and filter. {% data reusables.security-advisory.link-browsing-advisory-db %}
+{% ifversion ghas-products %}
 
-## Available for all repositories
+{% ifversion fpt or ghec %}
 
-### Security policy
+* Some features are available for all {% data variables.product.github %} plans.
+* Additional features are available to organizations {% ifversion ghec %}and enterprises{% endif %} on {% data variables.product.prodname_team %} and {% data variables.product.prodname_ghe_cloud %} that purchase a {% data variables.product.prodname_GHAS %} product:
+  * [{% data variables.product.prodname_GH_secret_protection %}](#available-with-github-secret-protection)
+  * [{% data variables.product.prodname_GH_code_security %}](#available-with-github-code-security)
+* In addition, a number of {% data variables.product.prodname_GH_secret_protection %} and {% data variables.product.prodname_GH_code_security %} features can be run on public repositories for free.{% endif %}
 
-Make it easy for your users to confidentially report security vulnerabilities they've found in your repository. For more information, see [AUTOTITLE](/code-security/getting-started/adding-a-security-policy-to-your-repository).
+{%- ifversion ghes %}
 
-### {% data variables.product.prodname_dependabot_alerts %} and security updates
+* Some features are available for all repositories by default.
+* Additional features are available to enterprises that purchase a {% data variables.product.prodname_GHAS %} product:
+  * [{% data variables.product.prodname_GH_secret_protection %}](#available-with-github-secret-protection)
+  * [{% data variables.product.prodname_GH_code_security %}](#available-with-github-code-security){% endif %}
 
-View alerts about dependencies that are known to contain security vulnerabilities, and choose whether to have pull requests generated automatically to update these dependencies. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)
-and [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).
+{%- else %}
+* Some features are available for all {% data variables.product.github %} plans.
+* Additional features are available to enterprises that purchase {% data variables.product.prodname_GHAS %}.
 
-You can use default {% data variables.dependabot.auto_triage_rules %} curated by {% data variables.product.prodname_dotcom %} to automatically filter out a substantial amount of false positives. {% data reusables.dependabot.dismiss-low-impact-rule %}
+{% endif %}
 
-{% data reusables.dependabot.quickstart-link %}
+## Available for all {% data variables.product.github %} plans
 
-### {% data variables.product.prodname_dependabot_version_updates %}
+The following security features are available for you to use, regardless of the {% data variables.product.github %} plan you are on. {% ifversion ghas-products %}You don't need to purchase {% data variables.product.prodname_GH_cs_or_sp %} to use these features.{% endif %}
 
-Use {% data variables.product.prodname_dependabot %} to automatically raise pull requests to keep your dependencies up-to-date. This helps reduce your exposure to older versions of dependencies. Using newer versions makes it easier to apply patches if security vulnerabilities are discovered, and also makes it easier for {% data variables.product.prodname_dependabot_security_updates %} to successfully raise pull requests to upgrade vulnerable dependencies. You can also customize {% data variables.product.prodname_dependabot_version_updates %} to streamline their integration into your repositories. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates).
+{% ifversion fpt or ghec %}
+
+Most of these features are available for public{% ifversion ghec %}, internal,{% endif %} and private repositories.
+Some features are _only_ available for public repositories.
+
+{% endif %}
+
+### Security policy
+
+Make it easy for your users to confidentially report security vulnerabilities they've found in your repository. For more information, see [AUTOTITLE](/code-security/getting-started/adding-a-security-policy-to-your-repository).
 
 ### Dependency graph
 
@@ -45,36 +62,53 @@ The dependency graph allows you to explore the ecosystems and packages that your
 
 You can find the dependency graph on the **Insights** tab for your repository. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph).
 
-{% data reusables.dependency-graph.sbom-export %}
+### Software Bill of Materials (SBOM)
 
-{% ifversion security-overview-displayed-alerts %}
+You can export the dependency graph of your repository as an SPDX-compatible, Software Bill of Materials (SBOM). For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exporting-a-software-bill-of-materials-for-your-repository).
 
-### Security overview
+### {% data variables.product.prodname_advisory_database %}
 
-Security overview allows you to review the overall security landscape of your organization, view trends and other insights, and manage security configurations, making it easy to monitor your organization's security status and identify the repositories and organizations at greatest risk. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview).
+The {% data variables.product.prodname_advisory_database %} contains a curated list of security vulnerabilities that you can view, search, and filter. {% data reusables.security-advisory.link-browsing-advisory-db %}
 
-{% else %}
+### {% data variables.product.prodname_dependabot_alerts %} and security updates
 
-### Security overview for repositories
+View alerts about dependencies that are known to contain security vulnerabilities, and choose whether to have pull requests generated automatically to update these dependencies. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)
+and [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).
 
-Security overview shows which security features are enabled for the repository, and lets you configure any available security features that are not already enabled.
-{% endif %}
+You can also use default {% data variables.dependabot.auto_triage_rules %} curated by {% data variables.product.github %} to automatically filter out a substantial amount of false positives.
 
-{% ifversion fpt or ghec %}
+{% data reusables.dependabot.quickstart-link %}
+
+### {% data variables.product.prodname_dependabot_version_updates %}
 
-## Available for free public repositories
+Use {% data variables.product.prodname_dependabot %} to automatically raise pull requests to keep your dependencies up-to-date. This helps reduce your exposure to older versions of dependencies. Using newer versions makes it easier to apply patches if security vulnerabilities are discovered, and also makes it easier for {% data variables.product.prodname_dependabot_security_updates %} to successfully raise pull requests to upgrade vulnerable dependencies. You can also customize {% data variables.product.prodname_dependabot_version_updates %} to streamline their integration into your repositories. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates).
 
 {% ifversion fpt or ghec %}
 
 ### Security advisories
 
-Privately discuss and fix security vulnerabilities in your repository's code. You can then publish a security advisory to alert your community to the vulnerability and encourage community members to upgrade. For more information, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories).
+Privately discuss and fix security vulnerabilities in your public repository's code. You can then publish a security advisory to alert your community to the vulnerability and encourage community members to upgrade. For more information, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories).
 
 {% endif %}
 
-### {% data variables.secret-scanning.user_alerts_caps %}
+### Repository rulesets
+
+Enforce consistent code standards, security, and compliance across branches and tags. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets).
+
+{% ifversion fpt or ghec %}
+
+### Artifact attestations
 
-Automatically detect tokens or credentials that have been checked into a {% ifversion ghec %}user-owned {% endif %}public repository. You can view alerts for any secrets that {% data variables.product.company_short %} finds in your code, in the **Security** tab of the repository, so that you know which tokens or credentials to treat as compromised. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts#about-user-alerts).
+Create unfalsifiable provenance and integrity guarantees for the software you build. For more information, see [AUTOTITLE](/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds).
+
+{% ifversion fpt %}
+
+> [!NOTE]
+> If you are on a {% data variables.product.prodname_free_user %}, {% data variables.product.prodname_pro %}, or {% data variables.product.prodname_team %} plan, artifact attestations are only available for public repositories. To use artifact attestations in private or internal repositories, you must be on a {% data variables.product.prodname_ghe_cloud %} plan.{% endif %}
+
+### {% data variables.secret-scanning.partner_alerts_caps %}
+
+When {% data variables.product.github %} detects a leaked secret in a public repository, or a public npm packages, {% data variables.product.github %} informs the relevant service provider that the secret may be compromised. For details of the supported secrets and service providers, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets).
 
 {% ifversion secret-scanning-push-protection-for-users %}
 
@@ -84,42 +118,107 @@ Push protection for users automatically protects you from accidentally committin
 
 {% endif %}
 
-### {% data variables.secret-scanning.partner_alerts_caps %}
+{% endif %}
+
+{% ifversion ghas-products %}
+
+## Available with {% data variables.product.prodname_GH_secret_protection %}
+
+For accounts on {% ifversion fpt or ghec %}{% data variables.product.prodname_team %} and {% data variables.product.prodname_ghe_cloud %}{% endif %}{% ifversion ghes %} {% data variables.product.prodname_ghe_server %}{% endif %}, you can access additional security features when you purchase **{% data variables.product.prodname_GH_secret_protection %}**.  
+
+{% data variables.product.prodname_GH_secret_protection %} includes features that help you detect and prevent secret leaks, such as {% data variables.product.prodname_secret_scanning %} and push protection.
 
-Automatically detect leaked secrets across all public repositories, as well as public npm packages. {% data variables.product.company_short %} informs the relevant service provider that the secret may be compromised. For details of the supported secrets and service providers, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets).
+These features are available for all repository types. {% ifversion fpt or ghec %}Some of these features are available for public repositories free of charge, meaning that you don't need to purchase {% data variables.product.prodname_GH_secret_protection %} to enable the feature on a public repository.{% endif %}
+
+<!--Hiding information on setting up a trial for now, as there is no available link for fpt yet. Needs versioning for fpt, ghec and ghes.
+For information about how you can try {% data variables.product.prodname_GH_secret_protection %} for free, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security).
+-->
+
+{% else %}
+
+## Available with {% data variables.product.prodname_GHAS %}
+
+{% data variables.product.prodname_GHAS %} features are available for enterprises with a license for {% data variables.product.prodname_GHAS %}. The features are restricted to repositories owned by an organization.
 
 {% endif %}
 
-## Available with {% data variables.product.prodname_GH_advanced_security %}
+### {% data variables.secret-scanning.user_alerts_caps %}
+
+Automatically detect tokens or credentials that have been checked into a repository. You can view alerts for any secrets that {% data variables.product.github %} finds in your code, in the **Security** tab of the repository, so that you know which tokens or credentials to treat as compromised. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts#about-user-alerts).
 
-{% ifversion fpt %}
-The following {% data variables.product.prodname_GH_advanced_security %} features are available and free of charge for public repositories on {% data variables.product.prodname_dotcom %}. Organizations that use {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_advanced_security %} can use the full set of features in any of their repositories. For a list of the features available with {% data variables.product.prodname_ghe_cloud %}, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/getting-started/github-security-features#available-with-github-advanced-security).
+{% data reusables.advanced-security.available-for-public-repos %}
+
+{% ifversion secret-scanning-ai-generic-secret-detection %}
 
-{% elsif ghec %}
-Many {% data variables.product.prodname_GH_advanced_security %} features are available and free of charge for public repositories on {% data variables.product.prodname_dotcom %}. Organizations within an enterprise that have a {% data variables.product.prodname_GH_advanced_security %} license can use the following features on all their repositories. {% data reusables.advanced-security.more-info-ghas %}
+### {% data variables.secret-scanning.copilot-secret-scanning %}
 
-{% elsif ghes %}
-{% data variables.product.prodname_GH_advanced_security %} features are available for enterprises with a license for {% data variables.product.prodname_GH_advanced_security %}. The features are restricted to repositories owned by an organization. {% data reusables.advanced-security.more-info-ghas %}
+{% data variables.secret-scanning.copilot-secret-scanning %}'s generic secret detection is an AI-powered expansion of {% data variables.product.prodname_secret_scanning %} that identifies unstructured secrets (passwords) in your source code and then generates an alert. For more information, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).
 
 {% endif %}
 
-{% ifversion copilot-chat-ghas-alerts %}
+### Push protection
+
+Push protection proactively scans your code, and any repository contributors' code, for secrets during the push process and blocks the push if any secrets are detected. If a contributor bypasses the block, {% data variables.product.github %} creates an alert. For more information, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).
+
+{% data reusables.advanced-security.available-for-public-repos %}
 
-With a {% data variables.product.prodname_copilot_enterprise %} license, you can also ask {% data variables.product.prodname_copilot_chat %} for help to better understand security alerts in repositories in your organization from {% data variables.product.prodname_GH_advanced_security %} features ({% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_secret_scanning %}, and {% data variables.product.prodname_dependabot_alerts %}). For more information, see [AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-questions-about-alerts-from-github-advanced-security-features).
+{% ifversion push-protection-delegated-bypass %}
+
+### Delegated bypass for push protection
+
+Delegated bypass for push protection lets you control which individuals, roles and teams can bypass push protection, and implements a review and approval cycle for pushes containing secrets. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection).
 
 {% endif %}
 
-{% data reusables.advanced-security.ghas-trial %}
+### Custom patterns
+
+You can define custom patterns to identify secrets that are not detected by the default patterns supported by {% data variables.product.prodname_secret_scanning %}, such as patterns that are internal to your organization. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning).
+
+<!--Hiding security overview for earlier GHES versions, so it isn't duplicated below-->
+{% ifversion ghas-products %}
+
+### Security overview
+
+Security overview allows you to review the overall security landscape of your organization, view trends and other insights, and manage security configurations, making it easy to monitor your organization's security status and identify the repositories and organizations at greatest risk. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview).
+
+## Available with {% data variables.product.prodname_GH_code_security %}
+
+For accounts on {% ifversion fpt or ghec %}{% data variables.product.prodname_team %} and {% data variables.product.prodname_ghe_cloud %}{% endif %}{% ifversion ghes %} {% data variables.product.prodname_ghe_server %}{% endif %}, you can access additional security features when you purchase **{% data variables.product.prodname_GH_code_security %}**.  
+
+{% data variables.product.prodname_GH_code_security %} includes features that help you find and fix vulnerabilities, like {% data variables.product.prodname_code_scanning %}, premium {% data variables.product.prodname_dependabot %} features, and dependency review.
+
+These features are available for all repository types. {% ifversion fpt or ghec %}Some of these features are available for public repositories free of charge, meaning that you don't need to purchase {% data variables.product.prodname_GH_code_security %} to enable the feature on a public repository.{% endif %}
+
+<!--Hiding information on setting up a trial for now, as there is no available link for fpt yet. Needs versioning for fpt, ghec & ghes.
+
+For information about how you can try {% data variables.product.prodname_GH_code_security %} for free, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security).
+
+-->
+{% endif %}
 
 ### {% data variables.product.prodname_code_scanning_caps %}
 
 Automatically detect security vulnerabilities and coding errors in new or modified code. Potential problems are highlighted, with detailed information, allowing you to fix the code before it's merged into your default branch. For more information, see [AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning).
 
-### {% data variables.secret-scanning.user_alerts_caps %}
+{% data reusables.advanced-security.available-for-public-repos %}
+
+### {% data variables.product.prodname_codeql_cli %}
+
+Run {% data variables.product.prodname_codeql %} processes locally on software projects or to generate {% data variables.product.prodname_code_scanning %} results for upload to {% data variables.product.github %}. For more information, see [AUTOTITLE](/code-security/codeql-cli/getting-started-with-the-codeql-cli/about-the-codeql-cli).
+
+{% data reusables.advanced-security.available-for-public-repos %}
+
+{% ifversion code-scanning-autofix %}
+
+### {% data variables.product.prodname_copilot_autofix_short %}
+
+Get automatically generated fixes for {% data variables.product.prodname_code_scanning %} alerts. For more information, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning).
+
+{% data reusables.advanced-security.available-for-public-repos %}
 
-Automatically detect tokens or credentials that have been checked into a repository. You can view alerts for any secrets that {% data variables.product.company_short %} finds in your code, in the **Security** tab of the repository, so that you know which tokens or credentials to treat as compromised. {% data reusables.secret-scanning.alert-type-links %}
+{% endif %}
 
-### {% data variables.dependabot.custom_rules_caps %}
+### {% data variables.dependabot.custom_rules_caps %} for {% data variables.product.prodname_dependabot %}
 
 {% data reusables.dependabot.dependabot-custom-rules-ghas %}
 
@@ -127,18 +226,30 @@ Automatically detect tokens or credentials that have been checked into a reposit
 
 Show the full impact of changes to dependencies and see details of any vulnerable versions before you merge a pull request. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).
 
-{% ifversion security-overview-displayed-alerts %}<!--Section appears in non-GHAS features above-->
+{% data reusables.advanced-security.available-for-public-repos %}
 
-{% elsif fpt %}<!--Feature requires enterprise product-->
+{% ifversion security-campaigns %}
 
-{% else %}
+### Security campaigns
+
+Fix security alerts at scale by creating security campaigns and collaborating with developers to reduce your security backlog. For more information, see [AUTOTITLE](/code-security/securing-your-organization/fixing-security-alerts-at-scale/about-security-campaigns).
+
+{% endif %}
+
+### Security overview
+
+Security overview allows you to review the overall security landscape of your organization, view trends and other insights, and manage security configurations, making it easy to monitor your organization's security status and identify the repositories and organizations at greatest risk. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview).
+
+{% ifversion copilot-chat-ghas-alerts %}
+
+## Leveraging {% data variables.product.prodname_copilot_chat %} to understand security alerts
 
-### Security overview for organizations{% ifversion ghes %}, enterprises,{% endif %} and teams
+With a {% data variables.product.prodname_copilot_enterprise %} license, you can also ask {% data variables.product.prodname_copilot_chat %} for help to better understand security alerts in repositories in your organization from {% data variables.product.prodname_GHAS %} features ({% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_secret_scanning %}, and {% data variables.product.prodname_dependabot_alerts %}). For more information, see [AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-questions-about-alerts-from-github-advanced-security-features).
 
-Review the security configuration and alerts for your organization and identify the repositories at greatest risk. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview).
 {% endif %}
 
 ## Further reading
 
 * [AUTOTITLE](/get-started/learning-about-github/githubs-plans)
+* [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)
 * [AUTOTITLE](/get-started/learning-about-github/github-language-support)
diff --git a/content/code-security/getting-started/quickstart-for-securing-your-repository.md b/content/code-security/getting-started/quickstart-for-securing-your-repository.md
index e6ada1c89cfd..aa4bc7be5146 100644
--- a/content/code-security/getting-started/quickstart-for-securing-your-repository.md
+++ b/content/code-security/getting-started/quickstart-for-securing-your-repository.md
@@ -22,7 +22,7 @@ shortTitle: Secure repository quickstart
 
 ## Introduction
 
-This guide shows you how to configure security features for a repository. You must be a repository administrator or organization owner to configure security settings for a repository.
+This guide shows you how to configure security features for a repository.
 
 Your security needs are unique to your repository, so you may not need to enable every feature for your repository. For more information, see [AUTOTITLE](/code-security/getting-started/github-security-features).
 
@@ -35,7 +35,7 @@ The first step to securing a repository is to establish who can see and modify y
 From the main page of your repository, click **{% octicon "gear" aria-hidden="true" %} Settings**, then scroll down to the "Danger Zone."
 
 * To change who can view your repository, click **Change visibility**. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/setting-repository-visibility).
-* To change who can access your repository and adjust permissions, click **Manage access**. For more information, see[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-teams-and-people-with-access-to-your-repository).
+* To change who can access your repository and adjust permissions, click **Manage access**. For more information, see [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-teams-and-people-with-access-to-your-repository).
 
 ## Managing the dependency graph
 
@@ -62,13 +62,11 @@ For more information, see [AUTOTITLE](/code-security/supply-chain-security/under
 {% ifversion fpt or ghec %}
 1. Click your profile photo, then click **Settings**.
 1. Click **{% data variables.product.UI_advanced_security %}**.
-1. Click **Enable all** next to {% data variables.product.prodname_dependabot_alerts %}.
+1. Click **Enable** next to {% data variables.product.prodname_dependabot_alerts %}.
 {% endif %}
 
-{% ifversion dependabot-alerts-ghes-enablement %}
+{% ifversion ghes %}
 {% data reusables.dependabot.dependabot-alerts-enterprise-server-repo-org-enablement %}
-{% else %}
-{% data reusables.dependabot.dependabot-alerts-dependency-graph-enterprise %}
 {% endif %}
 
 For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts){% ifversion fpt or ghec %} and [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-security-and-analysis-settings-for-your-personal-account){% endif %}.
@@ -77,14 +75,16 @@ For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alert
 
 Dependency review lets you visualize dependency changes in pull requests before they are merged into your repositories. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).
 
-Dependency review is a {% data variables.product.prodname_GH_code_security %} feature. {% ifversion fpt or ghec %}Dependency review is already enabled for all public repositories. {% ifversion fpt %}Organizations that use {% ifversion ghas-products-cloud %}{% data variables.product.prodname_team %} or {% endif %}{% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_GH_code_security %} can additionally enable dependency review for private and internal repositories. For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/getting-started/quickstart-for-securing-your-repository#managing-dependency-review). {% endif %}{% endif %}{% ifversion ghec or ghes %}To enable dependency review for a {% ifversion ghec %}private or internal {% endif %}repository, ensure that the dependency graph is enabled and enable {% data variables.product.prodname_GH_code_security %}.
+Dependency review is a {% data variables.product.prodname_GH_code_security %} feature. {% ifversion fpt or ghec %}Dependency review is already enabled for all public repositories. Organizations that use {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_GH_code_security %} can additionally enable dependency review for private and internal repositories.{% endif %}
 
-1. From the main page of your repository, click **{% octicon "gear" aria-hidden="true" %} Settings**.
-1. Click **{% data variables.product.UI_advanced_security %}**.
-1. {% ifversion ghec %}If dependency graph is not already enabled, click **Enable**.{% elsif ghes %}Check that dependency graph is configured for your enterprise.{% endif %}
-1. If {% data variables.product.prodname_GH_advanced_security %} is not already enabled, click **Enable**.
+To enable dependency review for a repository, ensure that the dependency graph is enabled and enable {% data variables.product.prodname_GH_code_security %}.
 
-{% endif %}
+1. From the main page of your repository, click **{% octicon "gear" aria-hidden="true" %} Settings**.
+1. Click **{% data variables.product.UI_advanced_security %}**.{% ifversion fpt or ghec %}
+1. To the right of {% data variables.product.prodname_code_security %}, click **Enable**.
+1. Under {% data variables.product.prodname_code_security %}, check that dependency graph is enabled for the repository.
+   * For public repositories, dependency graph is always enabled.{% elsif ghes %}
+1. Check that dependency graph is configured for your enterprise.{% endif %}
 
 ## Managing {% data variables.product.prodname_dependabot_security_updates %}
 
@@ -110,29 +110,37 @@ You can enable {% data variables.product.prodname_dependabot %} to automatically
 To enable {% data variables.product.prodname_dependabot_version_updates %}, you must create a `dependabot.yml` configuration file. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates).
 {% endif %}
 
-## Configuring {% data variables.product.prodname_code_scanning %}
+## Configuring {% ifversion ghas-products %}{% data variables.product.prodname_code_security %}{% else %}{% data variables.product.prodname_code_scanning %}{% endif %}
 
 > [!NOTE]
-> {% data variables.product.prodname_code_scanning_caps %} is available {% ifversion fpt or ghec %}for all public repositories, and for private repositories owned by organizations that are part of {% ifversion ghas-products-cloud %}a team or {% endif %}an enterprise with a license for {% else %}for organization-owned repositories if your enterprise uses {% endif %}{% data variables.product.prodname_GH_code_security %}.
+> {% ifversion ghas-products %}{% data variables.product.prodname_code_security %} features are available {% else %}{% data variables.product.prodname_code_scanning_caps %} is available {% endif %}{% ifversion fpt or ghec %}for all public repositories, and for private repositories owned by organizations that are part of a team or an enterprise that uses {% else %}for organization-owned repositories if your enterprise uses {% endif %}{% data variables.product.prodname_GH_code_security %}.
+
+{% ifversion ghas-products %}{% data variables.product.prodname_GH_code_security %} includes {% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_codeql_cli %} and {% data variables.product.prodname_copilot_autofix_short %}, as well as other features that find and fix vulnerabilities in your codebase.{% endif %}
 
-You can configure {% data variables.product.prodname_code_scanning %} to automatically identify vulnerabilities and errors in the code stored in your repository by using a {% data variables.code-scanning.codeql_workflow %} or third-party tool. Depending on the programming languages in your repository, you can configure {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %} using default setup, in which {% data variables.product.prodname_dotcom %} automatically determines the languages to scan, query suites to run, and events that will trigger a new scan. For more information, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning).
+You can configure {% data variables.product.prodname_code_scanning %} to automatically identify vulnerabilities and errors in the code stored in your repository by using a {% data variables.code-scanning.codeql_workflow %} or third-party tool. Depending on the programming languages in your repository, you can configure {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %} using default setup, in which {% data variables.product.github %} automatically determines the languages to scan, query suites to run, and events that will trigger a new scan. For more information, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning).
 
 1. From the main page of your repository, click **{% octicon "gear" aria-hidden="true" %} Settings**.
-1. In the "Security" section of the sidebar, click **{% octicon "shield-lock" aria-hidden="true" %} {% data variables.product.UI_advanced_security %}**.
-1. In the "{% data variables.product.prodname_code_scanning_caps %}" section, select **Set up** {% octicon "triangle-down" aria-hidden="true" %}, then click **Default**.
-1. In the pop-up window that appears, review the default configuration settings for your repository, then click **Enable {% data variables.product.prodname_codeql %}**.
+1. In the "Security" section of the sidebar, click **{% octicon "shield-lock" aria-hidden="true" %} {% data variables.product.UI_advanced_security %}**.{% ifversion ghas-products %}
+1. If "{% data variables.product.prodname_code_security %}" is not already enabled, click **Enable**.
+1. Under "{% data variables.product.prodname_code_security %}", to the right of "CodeQL analysis", select **Set up** {% octicon "triangle-down" aria-hidden="true" %}, then click **Default**.{% else %}
+1. In the "{% data variables.product.prodname_code_scanning_caps %}" section, select **Set up** {% octicon "triangle-down" aria-hidden="true" %}, then click **Default**.{% endif %}
+1. In the pop-up window that appears, review the default configuration settings for your repository, then click **Enable {% data variables.product.prodname_codeql %}**.{% ifversion code-scanning-autofix %}
+1. Choose whether you want to enable addition features, such as {% data variables.product.prodname_copilot_autofix_short %}.{% endif %}
 
-Alternatively, you can use advanced setup, which generates a workflow file you can edit to customize your {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %}. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning#configuring-advanced-setup-for-code-scanning-with-codeql).
+As an alternative to default setup, you can use advanced setup, which generates a workflow file you can edit to customize your {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %}. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning#configuring-advanced-setup-for-code-scanning-with-codeql).
 
-## Configuring {% data variables.product.prodname_secret_scanning %}
+## Configuring {% ifversion ghas-products %}{% data variables.product.prodname_secret_protection %}{% else %}{% data variables.product.prodname_secret_scanning %}{% endif %}
+
+> [!NOTE]
+> {% ifversion ghas-products %}{% data variables.product.prodname_secret_protection %} features are available {% else %}{% data variables.product.prodname_secret_scanning_caps %} is available {% endif %}{% ifversion fpt or ghec %}for all public repositories, and for user-owned and organization-owned repositories that are part of a team or an enterprise that uses {% else %}for organization-owned repositories if your enterprise uses {% endif %}{% data variables.product.prodname_GH_secret_protection %}.
 
-{% data reusables.gated-features.secret-scanning %}
+{% ifversion ghas-products %}{% data variables.product.prodname_GH_secret_protection %} includes {% data variables.product.prodname_secret_scanning %} and push protection, as well as other features that help you detect and prevent secret leaks in your repository.{% endif %}
 
 1. From the main page of your repository, click **{% octicon "gear" aria-hidden="true" %} Settings**.
 1. Click **{% data variables.product.UI_advanced_security %}**.
-{% ifversion ghec or ghes %}
-1. If {% data variables.product.prodname_GH_advanced_security %} is not already enabled, click **Enable**.{% endif %}
-1. Next to {% data variables.product.prodname_secret_scanning_caps %}, click **Enable**.
+1. If {% data variables.product.prodname_secret_protection %} is not already enabled, click **Enable**.{% ifversion ghes < 3.17 %}
+1. Next to {% data variables.product.prodname_secret_scanning_caps %}, click **Enable**.{% endif %}{% ifversion ghas-products %}
+1. Choose whether you want to enable additional features, such as validity checks, scanning for non-provider patterns, and push protection.{% endif %}
 
 ## Setting a security policy
 
@@ -149,7 +157,7 @@ For more information, see [AUTOTITLE](/code-security/getting-started/adding-a-se
 
 You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts), [AUTOTITLE](/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates), [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository), and [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning).
 
-You can also use {% data variables.product.prodname_dotcom %}'s tools to audit responses to security alerts. For more information, see [AUTOTITLE](/code-security/getting-started/auditing-security-alerts).
+You can also use {% data variables.product.github %}'s tools to audit responses to security alerts. For more information, see [AUTOTITLE](/code-security/getting-started/auditing-security-alerts).
 
 {% ifversion fpt or ghec %}If you have a security vulnerability in a public repository, you can create a security advisory to privately discuss and fix the vulnerability. For more information, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories) and [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory).
 {% endif %}
diff --git a/content/code-security/index.md b/content/code-security/index.md
index 8df92c6787e0..0ef24369bfc8 100644
--- a/content/code-security/index.md
+++ b/content/code-security/index.md
@@ -7,6 +7,7 @@ redirect_from:
 introLinks:
   overview: /code-security/getting-started/github-security-features
   try_ghas_for_free: '{% ifversion ghec %}/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security{% endif %}'
+  generate_secret_risk_assessment_report_for_free: '{% ifversion secret-risk-assessment %}/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization{% endif %}'
 featuredLinks:
   startHere: # Links aimed at the builder audience
     - /code-security/getting-started/quickstart-for-securing-your-repository
@@ -20,6 +21,7 @@ featuredLinks:
     - /code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates
     - /code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates
   popular: # Links aimed at the driver audience
+    - '{% ifversion secret-risk-assessment %}/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment{% endif %}'
     - '{% ifversion ghes %}/admin/release-notes{% endif %}'
     - /code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/about-coordinated-disclosure-of-security-vulnerabilities
     - /code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization
diff --git a/content/code-security/secret-scanning/copilot-secret-scanning/enabling-ai-powered-generic-secret-detection.md b/content/code-security/secret-scanning/copilot-secret-scanning/enabling-ai-powered-generic-secret-detection.md
index 933e39d8441a..dcd8c18cb2ba 100644
--- a/content/code-security/secret-scanning/copilot-secret-scanning/enabling-ai-powered-generic-secret-detection.md
+++ b/content/code-security/secret-scanning/copilot-secret-scanning/enabling-ai-powered-generic-secret-detection.md
@@ -21,7 +21,7 @@ redirect_from:
 
 {% data reusables.secret-scanning.generic-secret-detection-policy-note %}
 
-You can then enable {% data variables.secret-scanning.generic-secret-detection %} in the security settings page of your repository or organization.
+You can enable {% data variables.secret-scanning.generic-secret-detection %} in the security settings page of your repository or organization.
 
 {% data reusables.secret-scanning.copilot-secret-scanning-generic-secrets-subscription-note %}
 
@@ -30,15 +30,14 @@ You can then enable {% data variables.secret-scanning.generic-secret-detection %
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.repositories.navigate-to-code-security-and-analysis %}
-{% data reusables.repositories.navigate-to-ghas-settings %}
-1. Under "Secret scanning", select the checkbox next to "Scan for generic secrets".
+1. Under "{% data variables.product.prodname_secret_protection %}", to the right of "Scan for generic passwords", click **Enable**.
 
 ### Enabling {% data variables.secret-scanning.generic-secret-detection %} for your organization
 
 You must configure {% data variables.secret-scanning.generic-secret-detection %} for your organization using a {% data variables.product.prodname_custom_security_configuration %}. You can then apply the {% data variables.product.prodname_security_configuration %} to all (or selected) repositories in your organization.
 
 1. Create a new {% data variables.product.prodname_custom_security_configuration %}, or edit an existing one. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration#creating-a-custom-security-configuration).
-1. When creating the custom security configuration, under "{% data variables.product.prodname_secret_scanning_caps %}", ensure that the dropdown menus for "Alerts" and "Generic secrets" are set to **Enabled**.
+1. When creating the custom security configuration, ensure that "{% data variables.product.prodname_secret_protection %}" is set to **Enabled**, and that the dropdown menu for "Scan for generic secrets" is also set to **Enabled**.
 1. Apply the {% data variables.product.prodname_custom_security_configuration %} to one or more repositories. For more information, see [Applying a {% data variables.product.prodname_custom_security_configuration %}](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/applying-a-custom-security-configuration).
 
 For information on how to view alerts for generic secrets that have been detected using AI, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts).
diff --git a/content/code-security/secret-scanning/copilot-secret-scanning/generating-regular-expressions-for-custom-patterns-with-copilot-secret-scanning.md b/content/code-security/secret-scanning/copilot-secret-scanning/generating-regular-expressions-for-custom-patterns-with-copilot-secret-scanning.md
index 97292c925ef7..85851a8ad76d 100644
--- a/content/code-security/secret-scanning/copilot-secret-scanning/generating-regular-expressions-for-custom-patterns-with-copilot-secret-scanning.md
+++ b/content/code-security/secret-scanning/copilot-secret-scanning/generating-regular-expressions-for-custom-patterns-with-copilot-secret-scanning.md
@@ -25,8 +25,7 @@ redirect_from:
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.repositories.navigate-to-code-security-and-analysis %}
-{% data reusables.repositories.navigate-to-ghas-settings %}
-{% data reusables.advanced-security.secret-scanning-new-custom-pattern %}
+1. Under "{% data variables.product.prodname_secret_protection %}", under "Custom patterns", click **New pattern**.
 {% data reusables.advanced-security.secret-scanning-generate-regular-expression-custom-pattern %}
 1. When you're ready to test your new custom pattern, to identify matches in the repository without creating alerts, click **Save and dry run**.
 {% data reusables.advanced-security.secret-scanning-dry-run-results %}
diff --git a/content/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-regex-generator.md b/content/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-regex-generator.md
index 64f846ed7739..b22bad0c63a3 100644
--- a/content/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-regex-generator.md
+++ b/content/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-regex-generator.md
@@ -6,7 +6,6 @@ product: '{% data reusables.rai.secret-scanning.copilot-secret-scanning-gated-fe
 allowTitleToDifferFromFilename: true
 versions:
   feature: secret-scanning-custom-pattern-ai-generated
-  fpt: '*'
 type: rai
 topics:
   - Secret Protection
@@ -43,7 +42,7 @@ The model returns up to three regular expressions for you to review. You can cli
 
 Some results may be quite similar, and some results may not find every instance of the secret that the pattern is intended to detect. It is also possible that the regular expression generator may produce results which are invalid or inappropriate.
 
-When you click **Use result** on a regular expression, the expression and any examples inputted will be copied over to the main custom pattern form. There, you can perform a dry run of the pattern to see how it performs across your repository or organization.{% ifversion secret-scanning-custom-pattern-ai-generated %} For more information on how to define a custom pattern for your repository or organization, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning). {% endif %}
+When you click **Use result** on a regular expression, the expression and any examples inputted will be copied over to the main custom pattern form. There, you can perform a dry run of the pattern to see how it performs across your repository or organization. For more information on how to define a custom pattern for your repository or organization, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning).
 
 ## Improving performance when generating regular expressions with AI
 
@@ -61,24 +60,14 @@ Also, the model used by the {% data variables.secret-scanning.custom-pattern-reg
 
 Note that {% data variables.secret-scanning.copilot-secret-scanning %}'s {% data variables.secret-scanning.custom-pattern-regular-expression-generator %} is only suitable for creating regular expressions to detect structured patterns.
 
-{% ifversion secret-scanning-custom-pattern-ai-generated %}
-
 ## Next steps
 
 * [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/generating-regular-expressions-for-custom-patterns-with-copilot-secret-scanning)
 * [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)
-{% endif %}
 
 ## Further reading
 
-{% ifversion ghas-products-cloud %}
-<!-- Nothing to show because the bullets controlled by the feature version below will be visible to fpt -->
-{% elsif fpt %}
 * [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)
 * [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning)
-{% endif %}
-
-{% ifversion secret-scanning-custom-pattern-ai-generated %}
 * [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning)
 * [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)
-{% endif %}
diff --git a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md
index 308dc8be248c..b74848ca9bec 100644
--- a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md
+++ b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository.md
@@ -16,11 +16,11 @@ topics:
 
 ## About enabling push protection
 
-To enable push protection for a repository, you must first enable {% data variables.product.prodname_secret_scanning %}. You can then enable push protection in the repository's "{% data variables.product.UI_advanced_security %}" settings page following the steps outlined in this article.
+To enable push protection for a repository, you must first enable {% ifversion ghas-products %}{% data variables.product.prodname_secret_protection %}{% else %}{% data variables.product.prodname_secret_scanning %}{% endif %}. You can then enable push protection in the repository's "{% data variables.product.UI_advanced_security %}" settings page following the steps outlined in this article.
 
 {% ifversion secret-scanning-push-protection-for-users %}
 
-You can additionally enable push protection for your own personal account, which prevents you from pushing secrets to _any_ public repository on {% data variables.product.prodname_dotcom %}. For more information, see [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users).
+You can additionally enable push protection for your own personal account, which prevents you from pushing secrets to _any_ public repository on {% data variables.product.github %}. For more information, see [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/push-protection-for-users).
 
 {% endif %}
 
@@ -50,9 +50,10 @@ If your organization is owned by an enterprise account, an enterprise owner can
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghas-products %}
+1. Under "{% data variables.product.prodname_secret_protection %}", to the right of "Push Protection", click **Enable**.{% else %}
 {% data reusables.repositories.navigate-to-ghas-settings %}
-{% data reusables.advanced-security.secret-scanning-push-protection-repo %}
+{% data reusables.advanced-security.secret-scanning-push-protection-repo %}{% endif %}
 
 ## Further reading
 
diff --git a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository.md b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository.md
index b1b9e116a560..941742026291 100644
--- a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository.md
+++ b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository.md
@@ -20,12 +20,10 @@ topics:
 
 {% data variables.secret-scanning.user_alerts_caps %} can be enabled on any free public repository that you own.
 
-{% endif %}{% ifversion ghec or ghes %}
+{% endif %}
 
 {% data variables.secret-scanning.user_alerts_caps %} can be enabled for any repository that is owned by an organization{% ifversion secret-scanning-user-owned-repos %}, and for repositories owned by user accounts when using {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_emus %}{% endif %}.
 
-{% endif %}
-
 {% ifversion security-configurations %}
 
 If you're an organization owner, you can enable {% data variables.product.prodname_secret_scanning %} for multiple repositories at a time using {% data variables.product.prodname_security_configurations %}. For more information, see [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale).
@@ -48,15 +46,16 @@ If your organization is owned by an enterprise account, an enterprise owner can
 
 ## Enabling {% data variables.secret-scanning.user_alerts %}
 
+{% ifversion ghas-products %}
+{% data variables.secret-scanning.user_alerts_caps %} are enabled when you enable {% data variables.product.prodname_secret_protection %} for your repository.
+{% endif %}
+
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghec or ghes %}
-1. If {% data variables.product.prodname_advanced_security %} is not already enabled for the repository, to the right of "{% data variables.product.prodname_GH_advanced_security %}", click **Enable**.
-1. Review the impact of enabling {% data variables.product.prodname_advanced_security %}, then click **Enable {% data variables.product.prodname_GH_advanced_security %} for this repository**.
-1. When you enable {% data variables.product.prodname_advanced_security %}, {% data variables.product.prodname_secret_scanning %} may automatically be enabled for the repository due to the organization's settings. If "{% data variables.product.prodname_secret_scanning_caps %}" is shown with an **Enable** button, you still need to enable {% data variables.product.prodname_secret_scanning %} by clicking **Enable**. If you see a **Disable** button, {% data variables.product.prodname_secret_scanning %} is already enabled.
-
-   ![Screenshot of the "{% data variables.product.prodname_secret_scanning_caps %}" section of the "{% data variables.product.UI_advanced_security %}" page, with the "Enable" button highlighted in a dark orange outline.](/assets/images/help/repository/enable-secret-scanning-alerts.png){% endif %}{% ifversion fpt %}
-1. Scroll down to the bottom of the page, and click **Enable** for {% data variables.product.prodname_secret_scanning %}. If you see a **Disable** button, it means that {% data variables.product.prodname_secret_scanning %} is already enabled for the repository.
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghas-products %}
+1. To the right of "{% data variables.product.prodname_secret_protection %}", click **Enable**.
+1. Review the impact of enabling {% data variables.product.prodname_secret_protection %}, then click **Enable {% data variables.product.prodname_secret_protection %}**.{% elsif ghes < 3.17 %}
+1. When you enable {% data variables.product.prodname_AS %}, {% data variables.product.prodname_secret_scanning %} may automatically be enabled for the repository due to the organization's settings. If "{% data variables.product.prodname_secret_scanning_caps %}" is shown with an **Enable** button, you still need to enable {% data variables.product.prodname_secret_scanning %} by clicking **Enable**. If you see a **Disable** button, {% data variables.product.prodname_secret_scanning %} is already enabled.
 
    ![Screenshot of the "{% data variables.product.prodname_secret_scanning_caps %}" section of the "{% data variables.product.UI_advanced_security %}" page, with the "Enable" button highlighted in a dark orange outline.](/assets/images/help/repository/enable-secret-scanning-alerts.png){% endif %}
 
diff --git a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository.md b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository.md
index 06e4deec8b6a..dea3ead38c52 100644
--- a/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository.md
+++ b/content/code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository.md
@@ -33,8 +33,9 @@ For more information on using validity checks, see [AUTOTITLE](/code-security/se
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-code-security-and-analysis %}
-{% data reusables.secret-scanning.validity-check-auto-enable %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghas-products %}
+1. Under "{% data variables.product.prodname_secret_protection %}", to the right of "Validity checks", click **Enable**.{% else %}
+{% data reusables.secret-scanning.validity-check-auto-enable %}{% endif %}
 
 You can also use the REST API to enable validity checks for partner patterns for your repository. For more information, see [AUTOTITLE](/rest/repos/repos#update-a-repository).
 
diff --git a/content/code-security/secret-scanning/introduction/about-push-protection.md b/content/code-security/secret-scanning/introduction/about-push-protection.md
index 16a2b23c2bfb..fea81dede0ee 100644
--- a/content/code-security/secret-scanning/introduction/about-push-protection.md
+++ b/content/code-security/secret-scanning/introduction/about-push-protection.md
@@ -34,6 +34,13 @@ You can enable push protection:
 
 {% endif %}
 
+{% ifversion ghas-products %}{% ifversion secret-risk-assessment %}
+
+> [!TIP]
+> Regardless of the enablement status of push protection, organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %} can run a free report to scan the code in the organization for leaked secrets. The report also tells you how many secret leaks in your organization could have been prevented by push protection. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment).{% endif %}{% else %}
+
+{% endif %}
+
 For information about the secrets and service providers supported by push protection, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets).
 
 Push protection has some limitations. For more information, see [AUTOTITLE](/code-security/secret-scanning/troubleshooting-secret-scanning-and-push-protection/troubleshooting-secret-scanning#push-protection-limitations).
@@ -69,7 +76,7 @@ By default, anyone with write access to the repository can choose to bypass push
 
 * **Integration with CI/CD pipelines:** Push Protection can be integrated into your Continuous Integration/Continuous Deployment (CI/CD) pipelines, ensuring that every push is scanned for secrets before it gets deployed. This adds an extra layer of security to your DevOps practices.
 
-{% ifversion secret-scanning-push-protection-custom-patterns %}* **Ability to detect custom patterns:** Organizations can define custom patterns for detecting secrets unique to their environment. This customization ensures that push Protection can effectively identify and block even non-standard secrets.{% endif %}
+* **Ability to detect custom patterns:** Organizations can define custom patterns for detecting secrets unique to their environment. This customization ensures that push Protection can effectively identify and block even non-standard secrets.
 
 {% ifversion push-protection-delegated-bypass %}* **Delegated bypass for flexibility:** For cases where false positives occur or when certain patterns are necessary, the delegated bypass feature allows designated users to approve specific pushes. This provides flexibility without compromising overall security.{% endif %}
 
@@ -87,14 +94,10 @@ Once push protection is enabled, you can customize it further:
 
 Integrate push protection with your Continuous Integration/Continuous Deployment (CI/CD) pipelines to ensure that it runs scans during automated processes. This typically involves adding steps in your pipeline configuration file to call GitHub's APIs or using {% data variables.product.prodname_actions %}.
 
-{% ifversion secret-scanning-push-protection-custom-patterns %}
-
 ### Define custom patterns
 
 Define custom patterns that push protection can use to identify secrets and block pushes containing these secrets. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning).
 
-{% endif %}
-
 {% ifversion push-protection-delegated-bypass %}
 
 ### Configure delegated bypass
@@ -107,6 +110,6 @@ Define contributors who can bypass push protection and add an approval process f
 
 * [AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-push-protection-for-your-repository)
 * [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line)
-* [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui){% ifversion secret-scanning-push-protection-custom-patterns %}
-* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning){% endif %}{% ifversion push-protection-delegated-bypass %}
+* [AUTOTITLE](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-in-the-github-ui)
+* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning){% ifversion push-protection-delegated-bypass %}
 * [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection){% endif %}
diff --git a/content/code-security/secret-scanning/introduction/about-secret-scanning.md b/content/code-security/secret-scanning/introduction/about-secret-scanning.md
index ee1c7429d46b..a8b38ea6c4fa 100644
--- a/content/code-security/secret-scanning/introduction/about-secret-scanning.md
+++ b/content/code-security/secret-scanning/introduction/about-secret-scanning.md
@@ -26,12 +26,16 @@ shortTitle: Secret scanning
 
 <!-- expires 2025-04-04 -->
 
-{% data variables.product.prodname_secret_scanning_caps %} scans your entire Git history on all branches present in your {% data variables.product.prodname_dotcom %} repository for secrets{% ifversion ghec or ghes %}, even if the repository is archived{% endif %}. {% data variables.product.prodname_dotcom %} will also periodically run a full Git history scan for new secret types in existing content in {% ifversion fpt %}public repositories{% else %}repositories with {% data variables.product.prodname_GH_secret_protection %} enabled{% endif %} where {% data variables.product.prodname_secret_scanning %} is enabled when new supported secret types are added.
+{% data variables.product.prodname_secret_scanning_caps %} scans your entire Git history on all branches present in your {% data variables.product.prodname_dotcom %} repository for secrets, even if the repository is archived. {% data variables.product.prodname_dotcom %} will also periodically run a full Git history scan for new secret types in existing content in {% ifversion fpt or ghec %}public repositories{% else %}repositories with {% data variables.product.prodname_GH_secret_protection %} enabled{% endif %} where {% data variables.product.prodname_secret_scanning %} is enabled when new supported secret types are added.
 
 <!-- end expires 2025-04-04 -->
 
 {% data reusables.secret-scanning.what-is-scanned %}
 
+{% ifversion ghas-products %}{% ifversion secret-risk-assessment %}
+> [!TIP]
+> Regardless of the enablement status of {% data variables.product.prodname_AS %} features, organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %} can run a free report to scan the code in the organization for leaked secrets, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment).{% endif %}{% else %}{% endif %}
+
 When a supported secret is leaked, {% data variables.product.github %} generates a {% data variables.product.prodname_secret_scanning %} alert. Alerts are reported on the **Security** tab of repositories on {% data variables.product.github %}, where you can view, evaluate, and resolve them. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning).
 
 {% ifversion fpt or ghec %}Service providers can partner with {% data variables.product.company_short %} to provide their secret formats for scanning. We automatically run {% data variables.product.prodname_secret_scanning %} for partner patterns on all public repositories and public npm packages.{% data reusables.secret-scanning.partner-program-link %}
@@ -40,11 +44,9 @@ Any strings that match patterns that were provided by secret scanning partners a
 
 For information about the secrets and service providers supported by {% data variables.product.prodname_secret_scanning %}, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets).
 
-You can use the REST API to monitor results from {% data variables.product.prodname_secret_scanning %} across your repositories{% ifversion ghes %} or your organization{% endif %}. For more information about API endpoints, see [AUTOTITLE](/rest/secret-scanning).
+You can use the REST API to monitor results from {% data variables.product.prodname_secret_scanning %} across your repositories or organization. For more information about API endpoints, see [AUTOTITLE](/rest/secret-scanning).
 
-{% ifversion ghec or ghes %}
 You can also use security overview to see an organization-level view of which repositories have enabled {% data variables.product.prodname_secret_scanning %} and the alerts found. For more information, see [AUTOTITLE](/code-security/security-overview/about-security-overview).
-{% endif %}
 
 {% data reusables.secret-scanning.audit-secret-scanning-events %}
 
@@ -82,42 +84,26 @@ Below is a typical workflow that explains how {% data variables.product.prodname
 
 {% endif %}
 
-{% ifversion ghec or ghes %}
-
 * **Custom pattern support:** Organizations can define custom patterns to detect proprietary or unique types of secrets that may not be covered by default patterns. This flexibility allows for tailored security measures specific to your environment.
 
-{% endif %}
-
-{% ifversion secret-scanning-non-provider-patterns %}
-
 * **Ability to detect non-provider patterns:** You can expand the detection to include non-provider patterns such as connection strings, authentication headers, and private keys, for your repository or organization.
 
-{% endif %}
-
 ## Customizing {% data variables.product.prodname_secret_scanning %}
 
 Once {% data variables.product.prodname_secret_scanning %} is enabled, you can customize it further:
 
-{% ifversion secret-scanning-non-provider-patterns %}
-
 ### Detection of non-provider patterns
 
 Scan for and detect secrets that are not specific to a service provider, such as private keys and generic API keys. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns).
 
-{% endif %}
-
 ### Performing validity checks
 
 Validity checks help you prioritize alerts by telling you which secrets are `active` or `inactive`. For more information, see{% ifversion secret-scanning-validity-check-partner-patterns %} [AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository) and{% endif %} [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity).
 
-{% ifversion ghec or ghes %}
-
 ### Defining custom patterns
 
 Define your own patterns for secrets used by your organization that {% data variables.product.prodname_secret_scanning %} can scan for and detect. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning).
 
-{% endif %}
-
 {% ifversion secret-scanning-ai-generic-secret-detection %}
 
 ### {% data variables.secret-scanning.copilot-secret-scanning %}
diff --git a/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md b/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md
index 4de417f97297..fca8c0bca707 100644
--- a/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md
+++ b/content/code-security/secret-scanning/introduction/supported-secret-scanning-patterns.md
@@ -35,19 +35,17 @@ This table lists the secrets supported by {% data variables.product.prodname_sec
 
 * **Provider:** Name of the token provider.{% ifversion fpt or ghec %}
 * **Partner:** Token for which leaks are reported to the relevant token partner. Applies to public repositories only.
-* **User:** Token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}.{% ifversion secret-scanning-non-provider-patterns %}
+* **User:** Token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}.
   * Applies to public repositories, and to private repositories where {% data variables.product.prodname_GH_secret_protection %} and {% data variables.product.prodname_secret_scanning %} are enabled.
   * Includes {% ifversion secret-scanning-alert-experimental-list %}default{% else %}high confidence{% endif %} tokens, which relate to supported patterns and specified custom patterns, as well as non-provider tokens such as private keys, which usually have a higher ratio of false positives.
   * For {% data variables.product.prodname_secret_scanning %} to scan for non-provider patterns, the detection of non-provider patterns must be enabled for the repository or the organization. For more information, see [AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository).
-  {% data reusables.secret-scanning.non-provider-patterns-beta %}{% endif %}{% endif %}{% ifversion ghes %}
-* **{% data variables.product.prodname_secret_scanning_caps %} alert:** Token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}.{% ifversion secret-scanning-non-provider-patterns %}
+  {% data reusables.secret-scanning.non-provider-patterns-beta %}{% endif %}{% ifversion ghes %}
+* **{% data variables.product.prodname_secret_scanning_caps %} alert:** Token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}.
   * Applies to private repositories where {% data variables.product.prodname_GH_secret_protection %} and {% data variables.product.prodname_secret_scanning %} are enabled.
-  * Includes {% ifversion secret-scanning-alert-experimental-list %}default{% else %}high confidence{% endif %} tokens, which relate to supported patterns and specified custom patterns, as well as non-provider tokens such as private keys, which often result in false positives.{% else %} Applies to private repositories where {% data variables.product.prodname_GH_secret_protection %} and {% data variables.product.prodname_secret_scanning %} enabled.{% endif %}{% endif %}
+  * Includes {% ifversion secret-scanning-alert-experimental-list %}default{% else %}high confidence{% endif %} tokens, which relate to supported patterns and specified custom patterns, as well as non-provider tokens such as private keys, which often result in false positives.{% endif %}
 * **Push protection:** Token for which leaks are reported to users on {% data variables.product.prodname_dotcom %}. Applies to repositories with {% data variables.product.prodname_secret_scanning %} and push protection enabled.
 
-* **Validity check:** Token for which a validity check is implemented. {% ifversion secret-scanning-validity-check-partner-patterns %}For partner tokens, {% data variables.product.prodname_dotcom %} sends the token to the relevant partner. Note that not all partners are based in the United States. For more information, see [{% data variables.product.prodname_AS %}](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security) in the Site Policy documentation.{% else %} {% ifversion ghes %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens.{% endif %} {% ifversion fpt %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens, and not shown in the table. For more information about validity check support see [AUTOTITLE](/enterprise-cloud@latest/code-security/secret-scanning/secret-scanning-patterns#supported-secrets) in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}{% endif %}
-
-{% ifversion secret-scanning-non-provider-patterns %}
+* **Validity check:** Token for which a validity check is implemented. {% ifversion secret-scanning-validity-check-partner-patterns %}For partner tokens, {% data variables.product.prodname_dotcom %} sends the token to the relevant partner. Note that not all partners are based in the United States. For more information, see [{% data variables.product.prodname_AS %}](/free-pro-team@latest/site-policy/github-terms/github-terms-for-additional-products-and-features#advanced-security) in the Site Policy documentation.{% else %} {% ifversion ghes %}Currently only applies to {% data variables.product.prodname_dotcom %} tokens.{% endif %}{% endif %}
 
 ### Non-provider patterns
 
@@ -69,21 +67,11 @@ This table lists the secrets supported by {% data variables.product.prodname_sec
 
 ### {% ifversion secret-scanning-alert-experimental-list %}Default{% else %}High confidence{% endif %} patterns
 
-{% endif %}
-
-<!-- FPT version of table -->
-{% ifversion fpt %}
-
-| Provider | Token | Partner | User | Push protection
-|----|:----|:----:|:----:|:----:|
-{%- for entry in secretScanningData %}
-| {{ entry.provider }} | {{ entry.secretType }} | {% if entry.isPublic %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Unsupported" %}{% endif %} | {% if entry.isPrivateWithGhas %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Unsupported" %}{% endif %} | {% if entry.hasPushProtection %}{% octicon "check" aria-label="Supported" %}{% else %}{% octicon "x" aria-label="Unsupported" %}{% endif %} |
-{%- endfor %}
-
-{% endif %}
+<!-- Team plan and GHEC version of table -->
+{% ifversion fpt or ghec %}
 
-<!-- GHEC version of table -->
-{% ifversion ghec %}
+> [!NOTE]
+> Validity checks are only available to users with {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %} who enable the feature as part of {% data variables.product.prodname_GH_secret_protection %}.
 
 | Provider | Token | Partner | User | Push protection | Validity check |
 |----|:----|:----:|:----:|:----:|:----:|
diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts.md
index 90f9fa925820..18c297c8574b 100644
--- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts.md
+++ b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts.md
@@ -25,15 +25,13 @@ allowTitleToDifferFromFilename: true
 
 When {% data variables.product.company_short %} detects a supported secret in a repository that has {% data variables.product.prodname_secret_scanning %} enabled, a {% ifversion fpt or ghec %}user {% else %}{% data variables.product.prodname_secret_scanning %}{% endif %} alert is generated and displayed in the **Security** tab of the repository.
 
-{% ifversion secret-scanning-non-provider-patterns %}{% ifversion fpt or ghec %}User {% else %}{% data variables.product.prodname_secret_scanning %}{% endif %} alerts can be of the following types:
+{% ifversion fpt or ghec %}User {% else %}{% data variables.product.prodname_secret_scanning %} {% endif %}alerts can be of the following types:
 
 * {% ifversion secret-scanning-alert-experimental-list %}Default{% else %}High confidence{% endif %} alerts, which relate to supported patterns and specified custom patterns.
 * {% ifversion secret-scanning-alert-experimental-list %}Experimental{% else %}Other{% endif %} alerts, which can have a higher ratio of false positives or secrets used in tests.
 
 {% data variables.product.prodname_dotcom %} displays {% ifversion secret-scanning-alert-experimental-list %}experimental{% else %}these "other"{% endif %} alerts in a different list to {% ifversion secret-scanning-alert-experimental-list %}default{% else %}high confidence{% endif %} alerts, making triaging a better experience for users. For more information, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts).
 
-{% endif %}
-
 {% data reusables.secret-scanning.secret-scanning-pattern-pair-matches %}
 
 ## About push protection alerts
@@ -63,7 +61,7 @@ Partner alerts are not sent to repository administrators, so you do not need to
 
 ## Further reading
 
-* [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns){% ifversion ghec or ghes %}
-* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning){% endif %}{% ifversion secret-scanning-non-provider-patterns %}
-* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns){% endif %}{% ifversion secret-scanning-ai-generic-secret-detection %}
+* [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns)
+* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning)
+* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns){% ifversion secret-scanning-ai-generic-secret-detection %}
 * [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets){% endif %}
diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts.md
index 52a6b8b88962..69267e364804 100644
--- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts.md
+++ b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts.md
@@ -20,7 +20,7 @@ allowTitleToDifferFromFilename: true
 
 There are some additional features that can help you to evaluate alerts in order to better prioritize and manage them. You can:
 
-* Check the validity of a secret, to see if the secret is still active. {% ifversion fpt or ghes %}**Applies to {% data variables.product.company_short %} tokens only**.{% endif %} For more information, see [Checking a secret's validity](#checking-a-secrets-validity).{% ifversion secret-scanning-validity-check-partner-patterns %}
+* Check the validity of a secret, to see if the secret is still active. {% ifversion fpt or ghec %}**Applies to {% data variables.product.company_short %} tokens only**.{% endif %} For more information, see [Checking a secret's validity](#checking-a-secrets-validity).{% ifversion secret-scanning-validity-check-partner-patterns %}
 * Perform an "on-demand" validity check, to get the most up to date validation status. For more information, see [Performing an on-demand validity check](#performing-an-on-demand-validity-check).{% endif %}
 * Review a token's metadata. **Applies to {% data variables.product.company_short %} tokens only**. For example, to see when the token was last used. For more information, see [Reviewing {% data variables.product.company_short %} token metadata](#reviewing-github-token-metadata).{% ifversion secret-scanning-multi-repo-public-leak %}
 * Review the labels assigned to the alert. For more information, see [Reviewing alert labels](#reviewing-alert-labels).{% endif %}
@@ -31,11 +31,7 @@ Validity checks help you prioritize alerts by telling you which secrets are `act
 
 By default, {% data variables.product.company_short %} checks the validity of {% data variables.product.company_short %} tokens and displays the validation status of the token in the alert view.
 
-{% ifversion fpt %}
-
-Organizations using {% ifversion ghas-products-cloud %}{% data variables.product.prodname_team %} or {% endif %}{% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_secret_protection %} can also enable validity checks for partner patterns. For more information, see [Checking a secret's validity](/enterprise-cloud@latest/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity) in the {% data variables.product.prodname_ghe_cloud %} documentation.
-
-{% endif %}
+Organizations using {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GH_secret_protection %} can also enable validity checks for partner patterns. For more information, see [Checking a secret's validity](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity).
 
 {% data reusables.secret-scanning.validity-check-table %}
 
diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts.md
index dc87ea699dd9..5dff57de2778 100644
--- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts.md
+++ b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/resolving-alerts.md
@@ -20,7 +20,7 @@ allowTitleToDifferFromFilename: true
 
 Once a secret has been committed to a repository, you should consider the secret compromised. {% data variables.product.github %} recommends the following actions for compromised secrets:
 
-* Verify that the secret committed to {% data variables.product.github %} is valid. {% ifversion fpt or ghes %}**Applies to {% data variables.product.github %} tokens only**. See [Checking a secret's validity](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity).{% endif %}{% ifversion secret-scanning-validity-check-partner-patterns %}See [Performing an on-demand validity check](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#performing-an-on-demand-validity-check).{% endif %}{% ifversion secret-scanning-report-secret-github-pat %}
+* Verify that the secret committed to {% data variables.product.github %} is valid. {% ifversion fpt or ghec %}**Applies to {% data variables.product.github %} tokens only**. See [Checking a secret's validity](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity).{% endif %}{% ifversion secret-scanning-validity-check-partner-patterns %}See [Performing an on-demand validity check](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#performing-an-on-demand-validity-check).{% endif %}{% ifversion secret-scanning-report-secret-github-pat %}
 * For secrets detected in private repositories, report the leaked secret to {% data variables.product.github %}, who will treat it like any publicly leaked secret and revoke it. **Applies to {% data variables.product.github %} {% data variables.product.pat_generic %}s only**. See [Reporting a leaked secret](#reporting-a-leaked-secret). {% endif %}
 * Review and update any services that use the old token. For {% data variables.product.github %} {% data variables.product.pat_generic %}s, delete the compromised token and create a new token. See [AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token).
 * Depending on the secret provider, check your security logs for any unauthorized activity.
diff --git a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts.md b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts.md
index a004bea680ac..32c754f0c5b4 100644
--- a/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts.md
+++ b/content/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts.md
@@ -20,8 +20,6 @@ allowTitleToDifferFromFilename: true
 
 {% data reusables.secret-scanning.secret-scanning-about-alerts %} {% data reusables.secret-scanning.repository-alert-location %}
 
-{% ifversion secret-scanning-non-provider-patterns %}
-
 To help you triage alerts more effectively, {% data variables.product.company_short %} separates alerts into two lists:
 
 {% ifversion secret-scanning-alert-experimental-list %}
@@ -77,16 +75,14 @@ For {% data variables.product.company_short %} to scan for non-provider patterns
 
 {% endif %}
 
-{% endif %}
-
 ## Viewing alerts
 
 Alerts for {% data variables.product.prodname_secret_scanning %} are displayed under the **Security** tab of the repository.
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-security %}
-1. In the left sidebar, under "Vulnerability alerts", click **{% data variables.product.prodname_secret_scanning_caps %}**. {% ifversion secret-scanning-non-provider-patterns %}
-1. Optionally, toggle to {% ifversion secret-scanning-alert-experimental-list %}"Experimental"{% else %}"Other"{% endif %} to see alerts for non-provider patterns{% ifversion secret-scanning-ai-generic-secret-detection %} or generic secrets detected using AI{% endif %}.{% endif %}
+1. In the left sidebar, under "Vulnerability alerts", click **{% data variables.product.prodname_secret_scanning_caps %}**.
+1. Optionally, toggle to {% ifversion secret-scanning-alert-experimental-list %}"Experimental"{% else %}"Other"{% endif %} to see alerts for non-provider patterns{% ifversion secret-scanning-ai-generic-secret-detection %} or generic secrets detected using AI{% endif %}.
 1. Under "{% data variables.product.prodname_secret_scanning_caps %}", click the alert you want to view.
    {% ifversion secret-scanning-user-owned-repos %}
 
@@ -110,15 +106,13 @@ You can apply various filters to the alerts list to help you find the alerts you
 | {% ifversion secret-scanning-bypass-filter %} |
 |`bypassed: true`|Displays alerts for secrets where push protection has been bypassed. For more information, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).|
 | {% endif %} |
-|`validity:active`| Displays alerts for secrets that are known to be active. {% ifversion fpt %}Applies to {% data variables.product.company_short %} tokens only.{% endif %} For more information about validity statuses, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity).|
+|`validity:active`| Displays alerts for secrets that are known to be active. {% ifversion fpt or ghec %}Applies only to {% data variables.product.github %} tokens unless you enable validity checks.{% endif %}For more information about validity statuses, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity).|
 |`validity:inactive`| Displays alerts for secrets that are no longer active.|
 |`validity:unknown`| Displays alerts for secrets where the validity status of the secret is unknown.|
 |`secret-type:SECRET-NAME`| Displays alerts for a specific secret type, for example, `secret-type:github_personal_access_token`. For a list of supported secret types, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secret). |
 |`provider:PROVIDER-NAME`|Displays alerts for a specific provider, for example, `provider:github`. For a list of supported partners, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets).|
-| {% ifversion secret-scanning-non-provider-patterns %} |
 |{% ifversion secret-scanning-alert-experimental-list %}`results:default`{% else %}`confidence:high`{% endif %}| Displays alerts for {% ifversion secret-scanning-alert-experimental-list %}{% else %}high-confidence secrets, which relate to {% endif %}supported secrets and custom patterns. For a list of supported patterns, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns). |
 |{% ifversion secret-scanning-alert-experimental-list %}`results:experimental`{% else %}`confidence:other`{% endif %}| Displays alerts for non-provider patterns, such as private keys{% ifversion secret-scanning-ai-generic-secret-detection %}, and AI-detected generic secrets, such as passwords{% endif %}. For a list of supported non-provider patterns, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#non-provider-patterns). {% ifversion secret-scanning-ai-generic-secret-detection %}For more information about AI-detected generic secrets, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).{% endif %}|
-| {% endif %} |
 
 ## Next steps
 
diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md
index bbd408060fe5..62258d63de30 100644
--- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning.md
@@ -8,6 +8,7 @@ redirect_from:
   - /code-security/secret-security/defining-custom-patterns-for-secret-scanning
   - /code-security/secret-scanning/defining-custom-patterns-for-secret-scanning
 versions:
+  fpt: '*'
   ghes: '*'
   ghec: '*'
 type: how_to
@@ -22,7 +23,7 @@ You can define custom patterns to identify secrets that are not detected by the
 
 You can define custom patterns for your enterprise, organization, or repository. {% data variables.product.prodname_secret_scanning_caps %} supports up to 500 custom patterns for each organization or enterprise account, and up to 100 custom patterns per repository.
 
-{% ifversion secret-scanning-push-protection-custom-patterns %}You can also enable push protection for custom patterns. For more information about push protection, see [AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning).{% endif %}
+You can also enable push protection for custom patterns. For more information about push protection, see [AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning).
 
 ## About using regular expressions for custom patterns
 
@@ -53,17 +54,18 @@ For simple tokens you will usually only need to specify a secret format. The oth
 
 ## Defining a custom pattern for a repository
 
-Before defining a custom pattern, you must ensure that {% data variables.product.prodname_secret_scanning %} is enabled on your repository. For more information, see [AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository).
+Before defining a custom pattern, you must ensure that {% ifversion ghas-products %}{% data variables.product.prodname_secret_protection %}{% else %}{% data variables.product.prodname_secret_scanning %}{% endif %} is enabled on your repository. For more information, see [AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository).
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghas-products %}
+1. Under "{% data variables.product.prodname_secret_protection %}", to the right of "Custom patterns", click **New pattern**.{% else %}
 {% data reusables.repositories.navigate-to-ghas-settings %}
-{% data reusables.advanced-security.secret-scanning-new-custom-pattern %}
+{% data reusables.advanced-security.secret-scanning-new-custom-pattern %}{% endif %}
 {% data reusables.advanced-security.secret-scanning-add-custom-pattern-details %}
 1. When you're ready to test your new custom pattern, to identify matches in the repository without creating alerts, click **Save and dry run**.
 {% data reusables.advanced-security.secret-scanning-dry-run-results %}
-{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}{% ifversion secret-scanning-push-protection-custom-patterns %}
+{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}
 1. Optionally, to enable push protection for your custom pattern, click **Enable**.
 
    > [!NOTE]
@@ -71,8 +73,6 @@ Before defining a custom pattern, you must ensure that {% data variables.product
 
    For more information about push protection, see [AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning).
 
-{% endif %}
-
 After your pattern is created, {% data reusables.secret-scanning.secret-scanning-process %} For more information on viewing {% data variables.secret-scanning.alerts %}, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning).
 
 ### Example of a custom pattern specified using additional requirements
@@ -123,16 +123,20 @@ To enable {% data variables.product.prodname_secret_scanning %} on all repositor
 1. When you're ready to test your new custom pattern, to identify matches in select repositories without creating alerts, click **Save and dry run**.
 {% data reusables.advanced-security.secret-scanning-dry-run-select-repos %}
 {% data reusables.advanced-security.secret-scanning-dry-run-results %}
-{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}{% ifversion secret-scanning-push-protection-custom-patterns %}
+{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}
 1. Optionally, to enable push protection for your custom pattern, click **Enable**. For more information, see [AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning#enabling-secret-scanning-as-a-push-protection-in-an-organization-for-a-custom-pattern).
 
-{% indented_data_reference reusables.secret-scanning.push-protection-org-notes spaces=3 %}{% endif %}
+{% indented_data_reference reusables.secret-scanning.push-protection-org-notes spaces=3 %}
 
 After your pattern is created, {% data variables.product.prodname_secret_scanning %} scans for any secrets in repositories in your organization, including their entire Git history on all branches. Organization owners and repository administrators will be alerted to any secrets found and can review the alert in the repository where the secret is found. For more information on viewing {% data variables.secret-scanning.alerts %}, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning).
 
 ## Defining a custom pattern for an enterprise account
 
-Before defining a custom pattern, you must ensure that you enable secret scanning for your enterprise account. For more information, see [AUTOTITLE]({% ifversion fpt or ghec %}/enterprise-server@latest/{% endif %}/admin/advanced-security/enabling-github-advanced-security-for-your-enterprise).
+{% ifversion ghes %}
+
+Before defining a custom pattern, you must ensure that you enable secret scanning for your enterprise account. For more information, see [AUTOTITLE](/admin/advanced-security/enabling-github-advanced-security-for-your-enterprise).
+
+{% endif %}
 
 > [!NOTE]
 > * At the enterprise level, only the creator of a custom pattern can edit the pattern, and use it in a dry run.
@@ -147,13 +151,13 @@ Before defining a custom pattern, you must ensure that you enable secret scannin
 1. When you're ready to test your new custom pattern, to identify matches in the enterprise without creating alerts, click **Save and dry run**.
 {% data reusables.advanced-security.secret-scanning-dry-run-select-enterprise-repos %}
 {% data reusables.advanced-security.secret-scanning-dry-run-results %}
-{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}{% ifversion secret-scanning-push-protection-custom-patterns %}
+{% data reusables.advanced-security.secret-scanning-create-custom-pattern %}
 1. Optionally, to enable push protection for your custom pattern, click **Enable**. For more information, see [AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning).
-{% indented_data_reference reusables.secret-scanning.push-protection-enterprise-note spaces=3 %}{% endif %}
+{% indented_data_reference reusables.secret-scanning.push-protection-enterprise-note spaces=3 %}
 
 After your pattern is created, {% data variables.product.prodname_secret_scanning %} scans for any secrets in repositories within your organizations with {% data variables.product.prodname_GH_secret_protection %} enabled, including their entire Git history on all branches. Organization owners and repository administrators will be alerted to any secrets found, and can review the alert in the repository where the secret is found. For more information on viewing {% data variables.secret-scanning.alerts %}, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning).
 
 ## Further reading
 
-* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns) {% ifversion secret-scanning-custom-patterns-metrics %}
-* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/metrics-for-custom-patterns){% endif %}
+* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns)
+* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/metrics-for-custom-patterns)
diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/index.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/index.md
index 363603bf1bb0..97aa6ed566ab 100644
--- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/index.md
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/index.md
@@ -5,6 +5,7 @@ allowTitleToDifferFromFilename: true
 intro: 'You can extend the capabilities of {% data variables.product.prodname_secret_scanning %} to search for your own patterns. These custom patterns can range from your service API keys to connection strings into cloud resources.'
 product: '{% data reusables.gated-features.secret-scanning-custom-patterns %}'
 versions:
+  fpt: '*'
   ghes: '*'
   ghec: '*'
 topics:
diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md
index 73823129e421..0ba9c75f4561 100644
--- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/managing-custom-patterns.md
@@ -4,6 +4,7 @@ shortTitle: Manage custom patterns
 intro: 'You can view, edit, and remove custom patterns, as well as enable push protection for custom patterns.'
 permissions: '{% data reusables.permissions.security-enterprise-enable %}'
 versions:
+  fpt: '*'
   ghes: '*'
   ghec: '*'
 type: how_to
@@ -21,25 +22,23 @@ At the enterprise level, only the creator of a custom pattern can edit the patte
 When you save a change to a custom pattern, this closes all the {% data variables.secret-scanning.alerts %} that were created using the previous version of the pattern.
 
 {% data reusables.secret-scanning.view-custom-pattern %}
-1. Under "{% data variables.product.prodname_secret_scanning_caps %}", to the right of the custom pattern you want to edit, click {% octicon "pencil" aria-label="Edit pattern" %}.
+1. Under {% ifversion ghas-products %}"Custom patterns"{% else %}"{% data variables.product.prodname_secret_scanning_caps %}"{% endif %}, to the right of the custom pattern you want to edit, click {% octicon "pencil" aria-label="Edit pattern" %}.
 1. When you're ready to test your edited custom pattern, to identify matches without creating alerts, click **Save and dry run**.
-1. When you have reviewed and tested your changes, click **Publish changes**.{% ifversion secret-scanning-push-protection-custom-patterns %}
+1. When you have reviewed and tested your changes, click **Publish changes**.
 {% data reusables.advanced-security.secret-scanning-enable-push-protection-custom-pattern %}
 1. Optionally, to disable push protection for your custom pattern, click **Disable**.
 
-   ![Screenshot of the custom pattern page with the button to disable push protection highlighted with a dark orange outline.](/assets/images/help/repository/secret-scanning-disable-push-protection-custom-pattern.png){% endif %}
+   ![Screenshot of the custom pattern page with the button to disable push protection highlighted with a dark orange outline.](/assets/images/help/repository/secret-scanning-disable-push-protection-custom-pattern.png)
 
 ## Removing a custom pattern
 
-When you remove a custom pattern, {% data variables.product.prodname_dotcom %} gives you the option to close the {% data variables.secret-scanning.alerts %} relating to the pattern, or keep these alerts.
+When you remove a custom pattern, {% data variables.product.github %} gives you the option to close the {% data variables.secret-scanning.alerts %} relating to the pattern, or keep these alerts.
 
 {% data reusables.secret-scanning.view-custom-pattern %}
 1. To the right of the custom pattern you want to remove, click {% octicon "trash" aria-label="Remove pattern" %}.
 1. Review the confirmation, and select a method for dealing with any open alerts relating to the custom pattern.
 1. Click **Yes, delete this pattern**.
 
-{% ifversion secret-scanning-push-protection-custom-patterns %}
-
 ## Enabling push protection for a custom pattern
 
 You can enable {% data variables.product.prodname_secret_scanning %} as a push protection for custom patterns stored at the enterprise, organization, or repository level.
@@ -89,13 +88,12 @@ Before enabling push protection for a custom pattern at repository level, you mu
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-code-security-and-analysis %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghas-products %}
+1. Under "{% data variables.product.prodname_secret_protection %}", under "Custom patterns", click {% octicon "pencil" aria-label="Edit custom pattern" %} for the pattern of interest.{% else %}
 {% data reusables.repositories.navigate-to-ghas-settings %}
-{% data reusables.advanced-security.secret-scanning-edit-custom-pattern %}
+{% data reusables.advanced-security.secret-scanning-edit-custom-pattern %}{% endif %}
 1. To enable push protection for your custom pattern, scroll down to "Push Protection", and click **Enable**.
 
    {% data reusables.secret-scanning.custom-pattern-push-protection-enable-button %}
 
    ![Screenshot of the "Push protection" section of the custom pattern page. A button, labeled "Enable", is outlined in dark orange.](/assets/images/help/repository/secret-scanning-custom-pattern-enable-push-protection.png)
-
-{% endif %}
diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/metrics-for-custom-patterns.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/metrics-for-custom-patterns.md
index ad947918ee28..b7d9b3db32b5 100644
--- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/metrics-for-custom-patterns.md
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/metrics-for-custom-patterns.md
@@ -4,7 +4,9 @@ shortTitle: Custom pattern metrics
 intro: 'You can view alert metrics for custom patterns at the repository, organization, and enterprise levels.'
 permissions: '{% data reusables.permissions.security-enterprise-enable %}'
 versions:
-  feature: secret-scanning-custom-patterns-metrics
+  fpt: '*'
+  ghec: '*'
+  ghes: '*'
 type: how_to
 topics:
   - Secret Protection
@@ -20,6 +22,6 @@ Organization owners and people with admin permission for a repository can see an
 ## Viewing metrics for custom patterns
 
 {% data reusables.secret-scanning.view-custom-pattern %}
-1. Under "{% data variables.product.prodname_secret_scanning_caps %}", click the custom pattern you want to view.
+1. Under "Custom patterns", click the custom pattern you want to view.
 
 The metrics are displayed under the custom pattern's name.
diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md
index 8a30cd4e423e..dc44f5908cfe 100644
--- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection.md
@@ -31,8 +31,9 @@ When you enable this feature, you will create a bypass list of roles and teams w
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
-{% data reusables.repositories.navigate-to-code-security-and-analysis %}
-{% data reusables.repositories.navigate-to-ghas-settings %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghas-products %}
+1. Under "{% data variables.product.prodname_secret_protection %}", ensure that push protection is enabled for the repository.{% else %}
+{% data reusables.repositories.navigate-to-ghas-settings %}{% endif %}
 1. Under "Push protection", to the right of "Who can bypass push protection for {% data variables.product.prodname_secret_scanning %}", select the dropdown menu, then click **Specific roles or teams**.
 1. Under "Bypass list", click **Add role or team**.
 
@@ -50,7 +51,7 @@ When you enable this feature, you will create a bypass list of roles and teams w
 You must configure delegated bypass for your organization using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your organization.
 
 1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration#creating-a-custom-security-configuration).
-1. When creating the custom security configuration, under "{% data variables.product.prodname_secret_scanning_caps %}", ensure that the dropdown menus for "Alerts" and "Push protection" are set to **Enabled**.
+1. When defining the custom security configuration, under "{% data variables.product.prodname_secret_scanning_caps %}", ensure that {% ifversion ghas-products %}"Push protection" is set to **Enabled**{% else %}the dropdown menus for "Alerts" and "Push protection" are set to **Enabled**{% endif %}.
 1. Under "Push protection", to the right of "Bypass privileges", select the dropdown menu, then click **Specific actors**.
 
    > [!NOTE]
diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning.md
index 5d226679d6fc..2a981362652d 100644
--- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning.md
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning.md
@@ -10,7 +10,7 @@ topics:
   - Advanced Security
   - Alerts
   - Repositories
-shortTitle: Enable delegated alert dismissal
+shortTitle: Delegated alert dismissal
 ---
 
 ## About enabling delegated alert dismissal
@@ -26,16 +26,14 @@ shortTitle: Enable delegated alert dismissal
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.repositories.navigate-to-code-security-and-analysis %}
-{% data reusables.repositories.navigate-to-ghas-settings %}
-
-1. Under "{% data variables.product.prodname_secret_scanning_caps %}", click **Enable** for "Prevent direct alert dismissals".
+1. Under "{% data variables.product.prodname_secret_protection %}", to the right of "Prevent direct alert dismissals", click **Enable**.
 
 ## Configuring delegated dismissal for an organization
 
 You must configure delegated dismissal for your organization using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your organization.
 
 1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration#creating-a-custom-security-configuration).
-1. When creating the custom security configuration, under "{% data variables.product.prodname_secret_scanning_caps %}", ensure that the dropdown menus for "Alerts" and "Prevent direct alert dismissals" are set to **Enabled**.
+1. When defining the custom security configuration, under "{% data variables.product.prodname_secret_scanning_caps %}", ensure that the dropdown menu for "Prevent direct alert dismissals" is set to **Enabled**.
 1. Click **Save configuration**.
 1. Apply the security configuration to all (or selected) repositories in your organization. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration).
 
diff --git a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns.md b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns.md
index ef9dfa71b322..cba773fa0c69 100644
--- a/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns.md
+++ b/content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/non-provider-patterns/enabling-secret-scanning-for-non-provider-patterns.md
@@ -32,7 +32,7 @@ For more information about non-provider patterns, see "{% ifversion fpt or ghec
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.repositories.navigate-to-code-security-and-analysis %}
-1. Under {% data variables.product.prodname_secret_scanning_caps %}, to the right of "Non-provider patterns", click **Enable**.
+1. Under "{% data variables.product.UI_secret_protection_scanning %}", to the right of "Non-provider patterns", click **Enable**.
 
 {% ifversion security-configurations %}
 
diff --git a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line.md b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line.md
index 0400de528a88..fa065e631490 100644
--- a/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line.md
+++ b/content/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line.md
@@ -125,7 +125,7 @@ If {% data variables.product.prodname_dotcom %} blocks a secret that you believe
 
 {% data reusables.secret-scanning.push-protection-allow-email %}
 
-If you don't see the option to bypass the block, the repository administrator or organization owner has configured tighter controls around push protection. Instead, you should remove the secret from the commit, or submit a request for "bypass privileges" in order to push the blocked secret. For more information, see [Requesting bypass privileges](/enterprise-cloud@latest/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line#requesting-bypass-privileges) in the {% data variables.product.prodname_ghe_cloud %} documentation.
+If you don't see the option to bypass the block, the repository administrator or organization owner has configured tighter controls around push protection. Instead, you should remove the secret from the commit{% ifversion push-protection-delegated-bypass %}, or submit a request for "bypass privileges" in order to push the blocked secret. For more information, see [Requesting bypass privileges](/code-security/secret-scanning/working-with-secret-scanning-and-push-protection/working-with-push-protection-from-the-command-line#requesting-bypass-privileges){% endif %}.
 
 {% data reusables.secret-scanning.push-protection-visit-URL %}
 {% data reusables.secret-scanning.push-protection-choose-allow-secret-options %}
diff --git a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration.md b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration.md
index 9cd051e3b372..c0def9485fcc 100644
--- a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration.md
+++ b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration.md
@@ -24,19 +24,16 @@ After you create a {% data variables.product.prodname_custom_security_configurat
 {% data reusables.organizations.org_settings %}
 {% data reusables.security-configurations.view-configurations-page %}
 1. Optionally, in the "Apply configurations" section, filter for specific repositories you would like to apply your {% data variables.product.prodname_custom_security_configuration %} to. To learn how to filter the repository table, see [AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/filtering-repositories-in-your-organization-using-the-repository-table).
-1. In the repository table, select repositories with one of three methods:
-     * Select each repository you would like to apply the {% data variables.product.prodname_security_configuration %} to.
-     * To select all repositories displayed on the current page of the repository table, select **NUMBER repositories**.
-     * After selecting **NUMBER repositories**, to select _all_ repositories in your organization that match any filters you have applied, click **Select all**.
-     >[!NOTE]
-     > The repository table will show which repositories have an enforced configuration. This means that repository owners will be blocked from changing features that have been enabled or disabled in the configuration, but features that are not set aren't enforced.
+{% data reusables.security-configurations.select-repos %}
 1. Select the **Apply configuration** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **YOUR-CONFIGURATION-NAME**.
-{% data reusables.security-configurations.apply-configuration-by-default %}
 
     {% data reusables.security-configurations.default-configuration-exception-repo-transfers %}
 
 {% data reusables.security-configurations.apply-configuration %}
 
+>[!NOTE]
+> If you apply an enforced configuration, this information is reported in the list of repositories. An enforced configuration means that repository owners are blocked from changing features that have been enabled or disabled in the configuration, but features that are not set aren't enforced.
+
 ## Next steps
 
 To learn how to interpret security findings from your {% data variables.product.prodname_custom_security_configuration %} on a repository, see [AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings).
diff --git a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization.md b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization.md
index 9266d9ebf2f1..95c3a4e774cd 100644
--- a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization.md
+++ b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization.md
@@ -16,13 +16,15 @@ topics:
 
 The {% data variables.product.prodname_github_security_configuration %} is a collection of enablement settings for {% data variables.product.company_short %}'s security features that is created and maintained by subject matter experts at {% data variables.product.company_short %}. The {% data variables.product.prodname_github_security_configuration %} is designed to successfully reduce the security risks for low- and high-impact repositories. We recommend you apply this configuration to all the repositories in your organization.
 
+> [!NOTE]
+> The {% data variables.product.prodname_github_security_configuration %} includes {% data variables.product.prodname_GH_code_security %} and {% data variables.product.prodname_GH_secret_protection %} features. Applying the configuration to private and internal repositories in your organization will incur usage costs or require licenses.
+
 ## Applying the {% data variables.product.prodname_github_security_configuration %} to all repositories in your organization
 
 {% data reusables.profile.access_org %}
 {% data reusables.organizations.org_settings %}
 {% data reusables.security-configurations.view-configurations-page %}
 1. In the "{% data variables.product.company_short %} recommended" row of the configurations table for your organization, select the **Apply to** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **All repositories** or **All repositories without configurations**.
-{% data reusables.security-configurations.apply-configuration-by-default %}
 
     {% data reusables.security-configurations.default-configuration-exception-repo-transfers %}
 
@@ -34,12 +36,8 @@ The {% data variables.product.prodname_github_security_configuration %} is a col
 {% data reusables.organizations.org_settings %}
 {% data reusables.security-configurations.view-configurations-page %}
 1. Optionally, in the "Apply configurations" section, filter the view to find the repositories you would like to apply the {% data variables.product.prodname_github_security_configuration %} to. To learn how to filter the repository table, see [AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/filtering-repositories-in-your-organization-using-the-repository-table).
-1. In the repository table, select repositories with one of three methods:
-     * Select each individual repository you would like to apply the {% data variables.product.prodname_security_configuration %} to.
-     * To select all repositories on the current page of the repository table, select **NUMBER repositories**.
-     * After selecting **NUMBER repositories**, to select all repositories in your organization that match your filter criteria, click **Select all**.
+{% data reusables.security-configurations.select-repos %}
 1. Select the **Apply configuration** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **{% data variables.product.company_short %} recommended**.
-{% data reusables.security-configurations.apply-configuration-by-default %}
 
     {% data reusables.security-configurations.default-configuration-exception-repo-transfers %}
 
@@ -50,7 +48,7 @@ The {% data variables.product.prodname_github_security_configuration %} is a col
 {% data reusables.profile.access_org %}
 {% data reusables.organizations.org_settings %}
 {% data reusables.security-configurations.view-configurations-page %}
-1. In the "Code security configurations" section, select "{% data variables.product.company_short %} recommended".
+1. In the "Security configurations" section, select "{% data variables.product.company_short %} recommended".
 1. In the "Policy" section, next to "Enforce configuration", select **Enforce** from the dropdown menu.
 
 {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases %}
diff --git a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md
index faff085a80e5..6d19d02be7cc 100644
--- a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md
+++ b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization.md
@@ -36,7 +36,7 @@ You can customize several {% data variables.product.prodname_global_settings %}
 
 ### Creating and managing {% data variables.dependabot.auto_triage_rules %}
 
-You can create and manage {% data variables.dependabot.auto_triage_rules %} to instruct {% data variables.product.prodname_dependabot %} to automatically dismiss or snooze {% data variables.product.prodname_dependabot_alerts %}, and even open pull requests to attempt to resolve them. To configure {% data variables.dependabot.auto_triage_rules %}, click {% octicon "gear" aria-label="Configure {% data variables.product.prodname_dependabot %} rules" %}, then create or edit a rule:
+You can create and manage {% data variables.dependabot.auto_triage_rules %} to instruct {% data variables.product.prodname_dependabot %} to automatically dismiss or snooze {% data variables.product.prodname_dependabot_alerts %}, and even open pull requests to attempt to resolve them. To configure {% data variables.dependabot.auto_triage_rules %}, click {% octicon "gear" aria-label="Configure Dependabot rules" %}, then create or edit a rule:
   * You can create a new rule by clicking **New rule**, then entering the details for your rule and clicking **Create rule**.
   * You can edit an existing rule by clicking {% octicon "pencil" aria-label="Edit CURATED-OR-CUSTOM rule" %}, then making the desired changes and clicking **Save rule**.
 
@@ -72,8 +72,8 @@ You can customize several {% data variables.product.prodname_global_settings %}
 
 * [Recommending the extended query suite for default setup](#recommending-the-extended-query-suite-for-default-setup){% ifversion code-scanning-autofix %}
 * [Enabling {% data variables.product.prodname_copilot_autofix_short %} for {% data variables.product.prodname_codeql %}](#enabling-copilot-autofix-for-codeql)
-* [Enabling {% data variables.product.prodname_copilot_autofix_short %} for third-party {% data variables.product.prodname_code_scanning %} tools](#enabling-copilot-autofix-for-third-party-code-scanning-tools) {% endif %}
-* [Setting a failure threshold for {% data variables.product.prodname_code_scanning %} checks in pull requests](#setting-a-failure-threshold-for-code-scanning-checks-in-pull-requests)
+* [Enabling {% data variables.product.prodname_copilot_autofix_short %} for third-party {% data variables.product.prodname_code_scanning %} tools](#enabling-copilot-autofix-for-third-party-code-scanning-tools) {% endif %}{% ifversion ghes < 3.17 %}
+* [Setting a failure threshold for {% data variables.product.prodname_code_scanning %} checks in pull requests](#setting-a-failure-threshold-for-code-scanning-checks-in-pull-requests){% endif %}
 
 ### Recommending the extended query suite for default setup
 
@@ -94,49 +94,42 @@ You can select **{% data variables.product.prodname_copilot_autofix_short %} for
 
 {% endif %}
 
+{% ifversion ghes < 3.17 %}
+
 ### Setting a failure threshold for {% data variables.product.prodname_code_scanning %} checks in pull requests
 
 You can choose the severity levels at which {% data variables.product.prodname_code_scanning %} check runs on pull requests will fail. To choose a security severity level, select the **Security: SECURITY-SEVERITY-LEVEL** dropdown menu, then click a security severity level. To choose an alert severity level, select the **OTHER: ALERT-SEVERITY-LEVEL** dropdown menu, then click an alert severity level. For more information, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels).
 
+{% endif %}
+
 ## Configuring global {% data variables.product.prodname_secret_scanning %} settings
 
 {% data reusables.security-configurations.secret-scanning-security-configs-summary %}
 
 You can customize several {% data variables.product.prodname_global_settings %} for {% data variables.product.prodname_secret_scanning %}:
 
-{% ifversion secret-scanning-ai-generic-secret-detection %}
-* [Generic secret detection with {% data variables.secret-scanning.copilot-secret-scanning %}](#generic-secret-detection-with-copilot-secret-scanning){% endif %}
-* [Adding a resource link for blocked commits](#adding-a-resource-link-for-blocked-commits){% ifversion ghec or ghes %}
-* [Defining custom patterns](#defining-custom-patterns){% endif %}
-
-{% ifversion secret-scanning-ai-generic-secret-detection %}
-
-### {% data variables.secret-scanning.generic-secret-detection-caps %} with {% data variables.secret-scanning.copilot-secret-scanning %}
-
-{% data variables.secret-scanning.copilot-secret-scanning %}'s {% data variables.secret-scanning.generic-secret-detection %} is an AI-powered expansion of {% data variables.product.prodname_secret_scanning %} that scans and creates alerts for unstructured secrets, such as passwords. To enable these scans, select **Scan for generic secrets**. Be aware that generic secrets often have a higher rate of false positives than other types of alert. To learn more about generic secrets, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).
-
-{% data reusables.secret-scanning.copilot-secret-scanning-generic-secrets-subscription-note %}
-
-{% endif %}
+* [Adding a resource link for blocked commits](#adding-a-resource-link-for-blocked-commits)
+* [Defining custom patterns](#defining-custom-patterns)
 
 ### Adding a resource link for blocked commits
 
 To provide context for developers when {% data variables.product.prodname_secret_scanning %} blocks a commit, you can display a link with more information on why the commit was blocked. To include a link, select **Add a resource link in the CLI and the web UI when a commit is blocked**. In the text box, type the link to the desired resource, then click **Save**.
-{% ifversion ghec or ghes %}
 
 ### Defining custom patterns
 
 You can define custom patterns for {% data variables.product.prodname_secret_scanning %} with regular expressions. Custom patterns can identify secrets that are not detected by the default patterns supported by {% data variables.product.prodname_secret_scanning %}. To create a custom pattern, click **New pattern**, then enter the details for your pattern and click **Save and dry run**. For more information on custom patterns, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning).
 
-{% endif %}
-
 ## Creating security managers for your organization
 
 The security manager role grants members of your organization the ability to manage security settings and alerts across your organization. Security managers can view data for all repositories in your organization through security overview.
 
 To learn more about the security manager role, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization).
 
-{% ifversion ghes < 3.16 %}
+{% ifversion fpt or ghec or ghes > 3.15 %}
+
+To assign the security manager role, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/using-organization-roles#assigning-an-organization-role).
+
+{% else %}
 
 To grant all members of a team the security manager role, in the "Search for teams" text box, type the name of the desired team. In the dropdown menu that appears, click the team, then click **I understand, grant security manager permissions**.
 
diff --git a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration.md b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration.md
index 1ccb34dbdc0d..e7c3664aa321 100644
--- a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration.md
+++ b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration.md
@@ -16,7 +16,7 @@ redirect_from:
 
 ## About {% data variables.product.prodname_custom_security_configurations %}
 
-{% ifversion security-configurations-cloud %}
+{% ifversion fpt or ghec %}
 
 We recommend securing your organization with the {% data variables.product.prodname_github_security_configuration %}, then evaluating the security findings on your repositories before configuring {% data variables.product.prodname_custom_security_configurations %}. For more information, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization).
 
@@ -24,56 +24,70 @@ We recommend securing your organization with the {% data variables.product.prodn
 
 With {% data variables.product.prodname_custom_security_configurations %}, you can create collections of enablement settings for {% data variables.product.company_short %}'s security products to meet the specific security needs of your organization. For example, you can create a different {% data variables.product.prodname_custom_security_configuration %} for each group of repositories to reflect their different levels of visibility, risk tolerance, and impact.
 
-{% ifversion security-configurations-ghes-only %}
+{% ifversion ghas-products %}
 
-When creating a security configuration, keep in mind that:
-* Only features installed by a site administrator on your {% data variables.product.prodname_ghe_server %} instance will appear in the UI.
-* {% data variables.product.prodname_GH_advanced_security %} features will only be visible if your organization or {% data variables.product.prodname_ghe_server %} instance holds a {% data variables.product.prodname_GH_advanced_security %} license.
-* Certain features, like {% data variables.product.prodname_dependabot_security_updates %} and {% data variables.product.prodname_code_scanning %} default setup, also require that {% data variables.product.prodname_actions %} is installed on the {% data variables.product.prodname_ghe_server %} instance.
+You can also choose whether or not you want to include {% data variables.product.prodname_GH_code_security %} or {% data variables.product.prodname_GH_secret_protection %} features in a configuration.
+
+{%- ifversion fpt or ghec %} If you do, keep in mind that these features incur usage costs (or require {% data variables.product.prodname_GHAS %} licenses) when applied to private and internal repositories.{% endif %} For more information, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
 
 {% endif %}
 
+{% ifversion ghes %}
+
+* Only features installed by a site administrator on your {% data variables.product.prodname_ghe_server %} instance will appear in the UI.
+* {% ifversion ghas-products %}Some features will only be visible if your organization or {% data variables.product.prodname_ghe_server %} instance has purchased the relevant {% data variables.product.prodname_GHAS %} product ({% data variables.product.prodname_GH_code_security %} or {% data variables.product.prodname_GH_secret_protection %}){% else %}{% data variables.product.prodname_GHAS %} features will only be visible if your organization or {% data variables.product.prodname_ghe_server %} instance holds a {% data variables.product.prodname_GHAS %} license{% endif %}.
+* Certain features, like {% data variables.product.prodname_dependabot_security_updates %} and {% data variables.product.prodname_code_scanning %} default setup, also require that {% data variables.product.prodname_actions %} is installed on the {% data variables.product.prodname_ghe_server %} instance.{% endif %}
+
 ## Creating a {% data variables.product.prodname_custom_security_configuration %}
 
-{% ifversion security-configurations-cloud %}
+{% ifversion fpt or ghec %}
 <!-- Note: this article has two entirely separate procedures for cloud and server users. -->
 
 >[!NOTE]
-> The enablement status of some security features is dependent on other, higher-level security features. For example, disabling dependency graph will also disable {% data variables.product.prodname_dependabot %}, and security updates. For {% data variables.product.prodname_security_configurations %}, dependent security features are indicated with indentation and {% octicon "reply" aria-hidden="true" %}.
+> The enablement status of some security features is dependent on other, higher-level security features. For example, disabling dependency graph will also disable {% data variables.product.prodname_dependabot %}, and security updates. For {% data variables.product.prodname_security_configurations %}, dependent security features are indicated with indentation.
 
 {% data reusables.profile.access_org %}
 {% data reusables.organizations.org_settings %}
 {% data reusables.security-configurations.view-configurations-page %}
-1. In the "Code security configurations" section, click **New configuration**.
-1. To help identify your {% data variables.product.prodname_custom_security_configuration %} and clarify its purpose on the "Code {% data variables.product.prodname_security_configurations %}" page, name your configuration and create a description.
-1. In the "{% data variables.product.prodname_GH_advanced_security %} features" row, choose whether to include or exclude {% data variables.product.prodname_GH_advanced_security %} (GHAS) features. If you plan to apply a {% data variables.product.prodname_custom_security_configuration %} with GHAS features to private repositories, you must have available GHAS licenses for each active unique committer to those repositories, or the features will not be enabled. See [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
-1. In the "Dependency graph" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for the following security features:
-    * Dependency graph. To learn about dependency graph, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph).{%- ifversion maven-transitive-dependencies %}
-    * Automatic dependency submission. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %}
-    * {% data variables.product.prodname_dependabot %}. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
-    * Security updates. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).
+1. In the "{% data variables.product.prodname_security_configurations_caps %}" section, click **New configuration**.
+1. To help identify your {% data variables.product.prodname_custom_security_configuration %} and clarify its purpose on the "{% data variables.product.prodname_security_configurations_caps %}" page, name your configuration and create a description.
+1. Optionally, enable "{% data variables.product.prodname_secret_protection %}", a paid feature for private {% ifversion ghec %}and internal {% endif %} repositories. Enabling {% data variables.product.prodname_secret_protection %} enables alerts for {% data variables.product.prodname_secret_scanning %}. In addition, you can choose whether to enable, disable, or keep the existing settings for the following {% data variables.product.prodname_secret_scanning %} features:
+    {% ifversion secret-scanning-validity-check-partner-patterns %}
+    * **Validity checks**. To learn more about validity checks for partner patterns, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity).{% endif %}{% ifversion org-npp-enablement-security-configurations %}
+    * **Non-provider patterns**. To learn more about scanning for non-provider patterns, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#non-provider-patterns) and [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts).{% endif %}{% ifversion secret-scanning-ai-generic-secret-detection %}
+    * **Scan for generic passwords**. To learn more, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).{% endif %}
+    * **Push protection**. To learn about push protection, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).{% ifversion push-protection-delegated-bypass-configurations %}
+    * **Bypass privileges**. By assigning bypass privileges, selected organization members can bypass push protection, and there is a review and approval process for all other contributors. See [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection).{% endif %}{% ifversion security-delegated-alert-dismissal %}
+    * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning).{% endif %}
+1. Optionally, enable "{% data variables.product.prodname_code_security %}", a paid feature for private {% ifversion ghec %}and internal {% endif %} repositories. You can choose whether to enable, disable, or keep the existing settings for the following {% data variables.product.prodname_code_scanning %} features:
+   * **Default setup**. To learn more, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#about-default-setup). {% ifversion code-scanning-default-setup-customize-labels %}
+   * **Runner type**. If you want to target specific runners for {% data variables.product.prodname_code_scanning %}, you can choose to use custom-labeled runners at this step. See [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#assigning-labels-to-runners).{% endif %} {% ifversion security-delegated-alert-dismissal %}
+    * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning).{% endif %}
+1. Still under "{% data variables.product.prodname_code_security %}", in the "Dependency scanning" table, choose whether you want to enable, disable, or keep the existing settings for the following dependency scanning features:
+   * **Dependency graph**. To learn about dependency graph, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph).
+      > [!TIP]
+      > When both "{% data variables.product.prodname_code_security %}" and Dependency graph are enabled, this enables dependency review, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).{%- ifversion maven-transitive-dependencies %}
+   * **Automatic dependency submission**. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %}
+   * **{% data variables.product.prodname_dependabot %} alerts**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
+   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).
+1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).
+1. Optionally, in the "Policy" section, you can use additional options to control how the configuration is applied:
+   * **Use as default for newly created repositories**. Select the **None** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**.
+        {% data reusables.security-configurations.default-configuration-exception-repo-transfers %}
+   * **Enforce configuration**. Block repository owners from changing features that are enabled or disabled by the configuration (features that are not set aren't enforced). Select **Enforce** from the dropdown menu.
 
-1. In the "{% data variables.product.prodname_code_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for {% data variables.product.prodname_code_scanning %} default setup.{% ifversion code-scanning-default-setup-customize-labels %}
- If you want to target specific runners for {% data variables.product.prodname_code_scanning %}, you can also choose to use custom-labeled runners at this step.{% endif %} See [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#about-default-setup).
-1. In the "{% data variables.product.prodname_secret_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for the following security features:
-    * {% data variables.product.prodname_secret_scanning_caps %}. To learn about {% data variables.product.prodname_secret_scanning %}, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning).{% ifversion secret-scanning-validity-check-partner-patterns %}
-    * Validity check. To learn more about validity checks for partner patterns, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/evaluating-alerts#checking-a-secrets-validity).{% endif %}{% ifversion org-npp-enablement-security-configurations %}
-    * Non-provider patterns. To learn more about scanning for non-provider patterns, see [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#non-provider-patterns) and [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts).{% endif %}
-    * Push protection. To learn about push protection, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).
-{% ifversion push-protection-delegated-bypass-configurations %}
-1. Optionally, under "Push protection", choose whether you want to assign bypass privileges to selected actors in your organization. By assigning bypass privileges, selected organization members can bypass push protection, and there is a review and approval process for all other contributors. For further guidance on how to configure this setting, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#configuring-delegated-bypass-for-an-organization).
-{% endif %}
-1. In the "Private vulnerability reporting" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for private vulnerability reporting. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).
-1. Optionally, in the "Policy" section, you can choose to automatically apply the {% data variables.product.prodname_security_configuration %} to newly created repositories depending on their visibility. Select the **None** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **Public**, or **Private and internal**, or both.
+1. To finish creating your {% data variables.product.prodname_custom_security_configuration %}, click **Save configuration**.
 
-    {% data reusables.security-configurations.default-configuration-exception-repo-transfers %}
-1. Optionally, in the "Policy" section, you can enforce the configuration and block repository owners from changing features that are enabled or disabled by the configuration (features that are not set aren't enforced). Next to "Enforce configuration", select **Enforce** from the dropdown menu.
+{% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases-enterprise %}
 
-    {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases %}
+{% endif %}
 
-1. To finish creating your {% data variables.product.prodname_custom_security_configuration %}, click **Save configuration**.
+<!-- expires 2025-05-01 -->
+<!-- The updated procedure for GHES 3.17+ will be added here later, see ref: #17613 -->
+<!-- end expires 2025-05-01 -->
 
-{% elsif security-configurations-ghes-only %}
+<!-- This content will be updated when there is a GHES 3.17+ test instance available. Issue #17613 -->
+{% ifversion ghes < 3.17 %}
 
 >[!NOTE]
 > The enablement status of some security features is dependent on other, higher-level security features. For example, disabling {% data variables.secret-scanning.alerts %} will also disable non-provider patterns and push protection.
diff --git a/content/code-security/securing-your-organization/index.md b/content/code-security/securing-your-organization/index.md
index 25fbec895f28..cc8a21a4fff0 100644
--- a/content/code-security/securing-your-organization/index.md
+++ b/content/code-security/securing-your-organization/index.md
@@ -15,6 +15,7 @@ children:
   - /introduction-to-securing-your-organization-at-scale
   - /enabling-security-features-in-your-organization
   - /managing-the-security-of-your-organization
+  - /understanding-your-organizations-exposure-to-leaked-secrets
   - /fixing-security-alerts-at-scale
   - /troubleshooting-security-configurations
 ---
diff --git a/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale.md b/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale.md
index 4e5bd7361d41..2650553f69e0 100644
--- a/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale.md
+++ b/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale.md
@@ -13,9 +13,19 @@ topics:
 
 ## About securing your organization
 
-{% data variables.product.company_short %} offers many security features including {% data variables.product.prodname_GH_advanced_security %}, a suite of features designed to protect your organization from vulnerabilities in your code, insecure dependencies, leaked secrets, and more. For more information on {% data variables.product.prodname_GH_advanced_security %}, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
+{% ifversion ghas-products %}
 
-You can easily enable and manage {% data variables.product.company_short %}'s security features throughout your organization with {% data variables.product.prodname_security_configurations %}, which control repository-level security features, and {% data variables.product.prodname_global_settings %}, which control security features at the organization level. We recommend applying {% data variables.product.prodname_security_configurations %} _and_ customizing your {% data variables.product.prodname_global_settings %} to create a system that best meets the security needs of your organization.
+{% data variables.product.github %} has many features that help you improve and maintain the quality of your code. Some features are included in all {% data variables.product.github %} plans. Additional features are available to organizations {% ifversion ghec %}and enterprises{% endif %} on {% data variables.product.prodname_team %}{% ifversion ghec %} and {% data variables.product.prodname_ghe_cloud %}{% endif %} that purchase a {% data variables.product.prodname_GHAS %} product:
+  * **{% data variables.product.prodname_GH_code_security %}**, which includes features that help you find and fix vulnerabilities, like {% data variables.product.prodname_code_scanning %}, premium {% data variables.product.prodname_dependabot %} features, and dependency review.
+  * **{% data variables.product.prodname_GH_secret_protection %}**, which includes features that help you detect and prevent secret leaks, such as {% data variables.product.prodname_secret_scanning %} and push protection.
+
+{% else %}
+
+{% data variables.product.github %} offers many security features including {% data variables.product.prodname_GH_advanced_security %}, a suite of features designed to protect your organization from vulnerabilities in your code, insecure dependencies, leaked secrets, and more.{% endif %}
+
+You can easily enable and manage {% data variables.product.github %}'s security features throughout your organization with {% data variables.product.prodname_security_configurations %}, which control repository-level security features, and {% data variables.product.prodname_global_settings %}, which control security features at the organization level. We recommend applying {% data variables.product.prodname_security_configurations %} _and_ customizing your {% data variables.product.prodname_global_settings %} to create a system that best meets the security needs of your organization.
+
+For more information on purchasing {% data variables.product.prodname_GH_cs_or_sp %}, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
 
 ## About {% data variables.product.prodname_security_configurations %}
 
diff --git a/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/choosing-a-security-configuration-for-your-repositories.md b/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/choosing-a-security-configuration-for-your-repositories.md
index 29552f1b4c8f..0711ce802aa5 100644
--- a/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/choosing-a-security-configuration-for-your-repositories.md
+++ b/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/choosing-a-security-configuration-for-your-repositories.md
@@ -31,6 +31,8 @@ The {% data variables.product.prodname_github_security_configuration %} offers a
 * It is the quickest {% data variables.product.prodname_security_configuration %} to apply to all repositories in your organization.
 * It is designed to effectively secure both low- and high-impact repositories.
 
+The {% data variables.product.prodname_github_security_configuration %} includes {% data variables.product.prodname_GH_code_security %} and {% data variables.product.prodname_GH_secret_protection %} features. Applying the configuration to private and internal repositories in your organization will incur usage costs or require licenses.
+
 To start securing repositories in your organization with the {% data variables.product.prodname_github_security_configuration %}, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization).
 
 ## Choosing a {% data variables.product.prodname_custom_security_configuration %}
@@ -39,6 +41,6 @@ If you are familiar with {% data variables.product.company_short %}'s security p
 
 * Edit the enablement settings for different security features
 * Create several configurations for repositories with different security needs
-* Manage your {% data variables.product.prodname_GH_advanced_security %} licensing by including or excluding {% data variables.product.prodname_GH_advanced_security %} features for a particular configuration
+* Control your usage and costs by including or excluding {% data variables.product.prodname_GH_code_security %} or {% data variables.product.prodname_GH_secret_protection %} features for a particular configuration
 
 To start securing repositories in your organization with {% data variables.product.prodname_custom_security_configurations %}, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration).
diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/deleting-a-custom-security-configuration.md b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/deleting-a-custom-security-configuration.md
index 66f027efa54f..bf8834e753c0 100644
--- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/deleting-a-custom-security-configuration.md
+++ b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/deleting-a-custom-security-configuration.md
@@ -25,5 +25,5 @@ If you no longer need a {% data variables.product.prodname_custom_security_confi
 {% data reusables.organizations.org_settings %}
 {% data reusables.security-configurations.view-configurations-page %}
 1. In the configurations table, click the name of the {% data variables.product.prodname_custom_security_configuration %} you want to delete.
-1. Scroll to the bottom of the "Security settings" section, then click **Delete configuration**.
+1. Scroll to the bottom of the page, then click **Delete configuration**.
 1. In the "Delete this configuration?" window, read the warning to confirm you are comfortable deleting the {% data variables.product.prodname_custom_security_configuration %}, then click **Delete configuration**.
diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/detaching-repositories-from-their-security-configurations.md b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/detaching-repositories-from-their-security-configurations.md
index 490f3a341741..e6a324cea5cf 100644
--- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/detaching-repositories-from-their-security-configurations.md
+++ b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/detaching-repositories-from-their-security-configurations.md
@@ -24,9 +24,6 @@ Alternatively, if you want to apply a {% data variables.product.prodname_securit
 {% data reusables.organizations.org_settings %}
 {% data reusables.security-configurations.view-configurations-page %}
 1. Optionally, in the "Apply configurations" section, filter for specific repositories you would like to detach from their configurations. To learn more, see [AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/filtering-repositories-in-your-organization-using-the-repository-table).
-1. In the repository table, select repositories with one of three methods:
-    * Select each individual repository you would like to detach.
-    * To select all repositories displayed on the current page of the repository table, select **NUMBER repositories**.
-    * After selecting **NUMBER repositories**, to select _all_ repositories in your organization that match any filters you have applied, click **Select all**.
+{% data reusables.security-configurations.select-repos %}
 1. Select the **Apply configuration** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **No configuration**.
 1. To finish detaching your repositories from their linked {% data variables.product.prodname_security_configurations %}, in the "No configuration?" window, click **No configuration**.
diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md
index eaca8f835a6e..2d5a1adaf201 100644
--- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md
+++ b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md
@@ -30,12 +30,12 @@ To determine if your {% data variables.product.prodname_custom_security_configur
 {% data reusables.profile.access_org %}
 {% data reusables.organizations.org_settings %}
 {% data reusables.security-configurations.view-configurations-page %}
-1. In the "Code {% data variables.product.prodname_security_configurations %}" section, click the name of the {% data variables.product.prodname_custom_security_configuration %} you want to edit.
+1. {% ifversion ghas-products %}Under "{% data variables.product.prodname_security_configurations_caps %}"{% else %}In the "Code {% data variables.product.prodname_security_configurations %}" section{% endif %}, click the name of the {% data variables.product.prodname_custom_security_configuration %} you want to edit.
 
     {% data reusables.security-configurations.default-configuration-exception-repo-transfers %}
 
 1. Edit the name and description of your {% data variables.product.prodname_custom_security_configuration %} as desired.
-1. In the "Security settings" section, edit the enablement settings of your {% data variables.product.prodname_custom_security_configuration %} as desired.
+1. Edit the enablement settings of your {% data variables.product.prodname_custom_security_configuration %} as desired.
 1. In the "Policy" section, you can modify the configuration's enforcement status. Enforcing a configuration will block repository owners from changing features that are enabled or disabled by the configuration, but features that are not set aren't enforced. Next to "Enforce configuration", select **Enforce** or **Don't enforce** from the dropdown menu.
 
     {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases %}
diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings.md b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings.md
index 89ac4808d8b3..61c2bdcc5be3 100644
--- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings.md
+++ b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings.md
@@ -20,8 +20,6 @@ After you apply a {% data variables.product.prodname_security_configuration %} t
 
 To best secure your organization, you should encourage contributors to review and resolve security alerts and pull requests. {% ifversion security-campaigns %}In addition, you can collaborate with contributors to fix historical security alerts, see [AUTOTITLE](/code-security/securing-your-organization/fixing-security-alerts-at-scale/best-practice-fix-alerts-at-scale).{% endif %}
 
-{% ifversion ghec or ghes %}
-
 ## Finding repositories with security alerts using security overview
 
 {% data reusables.security-overview.information-varies-GHAS %}
@@ -32,12 +30,7 @@ To best secure your organization, you should encourage contributors to review an
     * `tool:secret-scanning` to only show alerts for secrets identified by {% data variables.product.prodname_secret_scanning %}.
     * `tool:codeql` to show only alerts for potential security vulnerabilities identified by {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}.
 1. You can add further filters to show only the repositories you want to assess. The list of repositories and metrics displayed on the page automatically update to match your current selection. For more information on filtering, see [AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview).
-    * Use the **Teams** dropdown to show information only for the repositories owned by one or more teams.
-    * Click **NUMBER affected** or **NUMBER unaffected** in the header for any feature to show only the repositories with open alerts or no open alerts of that type.
-    * Click any of the descriptions of "Open alerts" in the header to show only repositories with alerts of that type and category. For example, **1 critical** to show the repository with a critical alert for {% data variables.product.prodname_dependabot %}.
-    * At the top of the list of repositories, click **NUMBER Archived** to show only repositories that are archived.
 {% data reusables.organizations.security-overview-feature-specific-page %}
-{% endif %}
 
 ## Interpreting {% data variables.product.prodname_secret_scanning %} alerts
 
@@ -47,7 +40,10 @@ To best secure your organization, you should encourage contributors to review an
 * {% data variables.secret-scanning.user_alerts_caps %}, which appear on {% data variables.product.github %} and can be resolved
 
 {% endif %}
-You can view {% data variables.product.prodname_secret_scanning %} alerts for an organization by navigating to the main page of that organization, clicking the **{% octicon "shield" aria-hidden="true" %} Security** tab, then clicking **{% octicon "key" aria-hidden="true" %} {% data variables.product.prodname_secret_scanning_caps %}**.
+You can view {% data variables.product.prodname_secret_scanning %} alerts for an organization by navigating to the main page of that organization, clicking the **{% octicon "shield" aria-hidden="true" %} Security** tab, then clicking **{% octicon "key" aria-hidden="true" %} {% data variables.product.prodname_secret_scanning_caps %}** in the "Metrics" or "Alerts" section.
+
+* **Metrics**. To see detailed information on push protection events, see [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection).
+* **Alerts**. To see detailed information on **Default** and **Generic** alerts for exposed secrets in the organization.
 
 For an introduction to {% data variables.product.prodname_secret_scanning %} alerts, see [AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/about-alerts).
 
@@ -57,7 +53,10 @@ To learn how to evaluate {% data variables.product.prodname_secret_scanning %} a
 
 {% data reusables.code-scanning.about-code-scanning %} These problems are raised as {% data variables.product.prodname_code_scanning %} alerts, which contain detailed information on the vulnerability or error detected.
 
-You can view the {% data variables.product.prodname_code_scanning %} alerts for an organization by navigating to the main page of that organization, clicking the **{% octicon "shield" aria-hidden="true" %} Security** tab, then clicking **{% octicon "codescan" aria-hidden="true" %} {% data variables.product.prodname_code_scanning_caps %}**.
+You can view the {% data variables.product.prodname_code_scanning %} alerts for an organization by navigating to the main page of that organization, clicking the **{% octicon "shield" aria-hidden="true" %} Security** tab, then clicking:
+
+* **{% data variables.product.prodname_codeql %} pull request alerts**. To see information on {% data variables.product.prodname_code_scanning %} alerts found and remediated in pull requests.
+* **{% data variables.product.prodname_code_scanning_caps %}**. To see detailed information on alerts for potentially vulnerable code in the organization, see [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts).
 
 For an introduction to {% data variables.product.prodname_code_scanning %} alerts, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts).
 
diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage.md b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage.md
index be00ae32ecfe..46bf7671b1d0 100644
--- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage.md
+++ b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage.md
@@ -1,8 +1,10 @@
 ---
-title: Managing your GitHub Advanced Security license usage
-shortTitle: Manage GHAS licenses
-intro: 'You can understand and control {% data variables.product.prodname_GH_advanced_security %} license usage for repositories in your organization.'
+title: Managing your paid use of {% data variables.product.prodname_AS %}
+shortTitle: Manage paid GHAS use
+intro: 'You can understand and control the costs of using {% data variables.product.prodname_GH_cs_and_sp %} in repositories in your organization.'
+allowTitleToDifferFromFilename: true
 permissions: '{% data reusables.permissions.security-org-enable %}'
+product: '{% data reusables.gated-features.ghas-billing %}'
 versions:
   feature: security-configurations
 topics:
@@ -12,55 +14,47 @@ topics:
   - Security
 ---
 
-## About {% data variables.product.prodname_GH_advanced_security %} billing and licenses
+## Requirements for enabling {% data variables.product.prodname_AS %} products
 
-{% ifversion fpt %}
+To use {% data variables.product.prodname_GH_cs_or_sp %} on private or internal repositories with unique active committers, you must have licenses available. The user-interface and options depend on how you pay for {% data variables.product.prodname_AS %}.
 
-{% data reusables.advanced-security.ghas-license-info-for-fpt %}
+* **Metered billing:** by default, there is no limit on how many licenses you can consume. See {% data reusables.advanced-security.control-use-cost-links %}.
+* **Volume/subscription billing** ({% data variables.product.prodname_enterprise %} only)**:**  once the licenses you have purchased are all in use, you cannot enable {% data variables.product.prodname_cs_or_sp %} on additional repositories until you free up or buy additional licenses.
 
-For information on managing your {% data variables.product.prodname_GH_advanced_security %} license usage, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/securing-your-organization/managing-the-security-of-your-organization/managing-your-github-advanced-security-license-usage).
+With {% data variables.product.prodname_security_configurations %}, you can easily understand the license usage of repositories in your organization{% ifversion ghec or ghes %}, as well as the number of available {% data variables.product.prodname_GH_cs_and_sp %} licenses in your organization or enterprise. Additionally, if you need to make more licenses available to secure a high-impact repository, you can quickly disable {% data variables.product.prodname_GH_cs_and_sp %} on private and internal repositories at scale{% endif %}.
 
-{% else %}
+To learn about licensing for {% data variables.product.prodname_GH_cs_and_sp %}, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
 
-To use {% data variables.product.prodname_GH_advanced_security %} (GHAS) features on private or internal repositories with unique active committers, you must have available GHAS licenses. With {% data variables.product.prodname_security_configurations %}, you can easily understand the GHAS license usage of repositories in your organization, as well as the number of available GHAS licenses in your enterprise. Additionally, if you need to make more GHAS licenses available to secure a high-impact repository, you can quickly disable GHAS features on private and internal repositories at scale.
-
-To learn about GHAS licenses, as well as unique and active committers, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
-
-## Understanding your {% data variables.product.prodname_GH_advanced_security %} license usage
+## Understanding your license usage
 
 {% data reusables.profile.access_org %}
 {% data reusables.organizations.org_settings %}
 {% data reusables.security-configurations.view-configurations-page %}
-1. In the "Apply configurations" section, your current license usage will be displayed as "NUMBER-USED out of NUMBER-PURCHASED available {% data variables.product.prodname_GH_advanced_security %} licenses in use by YOUR-ENTERPRISE."
-
-    ![Screenshot of the "Apply configurations" section. The current GHAS license usage for the enterprise is outlined in dark orange.](/assets/images/help/security-configurations/current-ghas-license-usage.png)
+1. In the "Apply configurations" section, your current license usage will be displayed as:
+   {% ifversion ghas-products %}
+   `# {% data variables.product.prodname_secret_protection %} licenses • # {% data variables.product.prodname_code_security %} licenses in use{% ifversion ghec %} by YOUR-ENTERPRISE{% endif %}.`
+    ![Screenshot of the "Apply configurations" section. The current license use for the enterprise is outlined in dark orange.](/assets/images/help/security-configurations/current-sp-cs-license-usage.png)
+   {% else %}
+   `NUMBER-USED out of NUMBER-PURCHASED available GitHub Advanced Security licenses in use by YOUR-ENTERPRISE.`
+    ![Screenshot of the "Apply configurations" section. The current license use for the enterprise is outlined in dark orange.](/assets/images/help/security-configurations/current-ghas-license-usage.png)
+    {% endif %}
 
 1. Optionally, to find specific repositories in your organization, filter the repository table. To learn more, see [AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/filtering-repositories-in-your-organization-using-the-repository-table).
-1. To quickly identify the number of GHAS licenses needed to enable GHAS features on a specific repository, in that repository's row of the repository table, read "NUMBER licenses required".
-1. To view license usage for multiple repositories in your organization, select the repositories from the repository table. In the "Apply configurations" section, you will see the number of licenses required to apply GHAS features to the repositories, as well as the number of licenses made available if you disable GHAS features on those repositories.
+1. To quickly identify the number of licenses needed to enable {% data variables.product.prodname_GH_cs_and_sp %} on a specific repository, in that repository's row of the repository table, read "NUMBER licenses required".
+1. To view license usage for multiple repositories in your organization, select the repositories from the repository table. In the "Apply configurations" section, you will see the number of licenses required to apply {% data variables.product.prodname_GH_cs_and_sp %} to the repositories, as well as the number of licenses made available if you disable {% data variables.product.prodname_GH_cs_or_sp %} on those repositories.
 
     ![Screenshot of the "Apply configurations" section. The potential changes to GHAS license usage for the enterprise are outlined in dark orange.](/assets/images/help/security-configurations/ghas-licenses-used-or-freed.png)
 
-## Turning off {% data variables.product.prodname_GH_advanced_security %} features on select repositories in your organization
+{% ifversion ghec %}
+> [!TIP]
+> For information about buying more volume/subscription licenses, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/managing-your-github-advanced-security-licensing).
+{% endif %}
 
-{% data reusables.profile.access_org %}
-{% data reusables.organizations.org_settings %}
-{% data reusables.security-configurations.view-configurations-page %}
-1. Optionally, in the "Apply configurations" section, filter for specific repositories on which you would like to disable GHAS. To learn more, see [AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/filtering-repositories-in-your-organization-using-the-repository-table).
-1. In the repository table, select repositories with one of three methods:
-     * Select each individual repository you would like to disable GHAS features on.
-     * To select all repositories displayed on the current page of the repository table, select **NUMBER repositories**.
-     * After selecting **NUMBER repositories**, to select _all_ repositories in your organization that match any filters you have applied, click **Select all**.
+## Turning off {% data variables.product.prodname_cs_or_sp %}
 
-    Once you have selected the desired repositories, in the "Apply configurations" section, you can see how many GHAS licenses will become available when you disable GHAS features on those repositories. For more information, see [Understanding your {% data variables.product.prodname_GH_advanced_security %} license usage](#understanding-your-github-advanced-security-license-usage).
-1. Select the **Apply configuration** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **Disable {% data variables.product.prodname_GH_advanced_security %}**.
-1. To finish disabling GHAS features on the selected private or internal repositories, in the "Disable {% data variables.product.prodname_GH_advanced_security %}?" window, click **Disable {% data variables.product.prodname_GH_advanced_security %}**.
+The simplest way to turn off all {% data variables.product.prodname_cs_or_sp %} features for one or more repositories is to create a security configuration where the product is disabled at the top level. You can apply this custom configuration to repositories where you want to turn off paid features.
 
-    >[!NOTE]
-    {%- ifversion security-configurations-cloud %}
-    > * Disabling GHAS features for a private or internal repository will also detach that repository from any linked {% data variables.product.prodname_security_configuration %}.
-    > * On {% data variables.product.prodname_dotcom_the_website %}, disabling GHAS features through the repository table _will not_ disable those features on public repositories since they do not require {% data variables.product.prodname_GH_advanced_security %} licenses.{% elsif security-configurations-ghes-only %}
-    > * Disabling GHAS features for a repository will also detach that repository from any linked {% data variables.product.prodname_security_configuration %}.
-    {% endif %}
+> [!TIP]
+> Ensure that you give your custom configuration a very clear name, for example: "No Code Security" or "Secret Protection and Supply chain only" to avoid confusion.
 
-{% endif %}
+For more information, see [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration) and [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration).
diff --git a/content/code-security/securing-your-organization/troubleshooting-security-configurations/not-enough-github-advanced-security-licenses.md b/content/code-security/securing-your-organization/troubleshooting-security-configurations/not-enough-github-advanced-security-licenses.md
index 22f5e8b0b89a..4991d85c1b1f 100644
--- a/content/code-security/securing-your-organization/troubleshooting-security-configurations/not-enough-github-advanced-security-licenses.md
+++ b/content/code-security/securing-your-organization/troubleshooting-security-configurations/not-enough-github-advanced-security-licenses.md
@@ -1,7 +1,7 @@
 ---
 title: Not enough GitHub Advanced Security licenses
 shortTitle: Not enough GHAS licenses
-intro: 'You need available GHAS licenses to enable GHAS features on a private{% ifversion ghec or ghes %} or internal{% endif %} repository.'
+intro: 'If you are on a subscription-based billing model for GHAS, you need available GHAS licenses to enable GHAS features on a private{% ifversion ghec or ghes %} or internal{% endif %} repository.'
 permissions: '{% data reusables.permissions.security-org-enable %}'
 versions:
   feature: security-configurations
@@ -12,7 +12,7 @@ topics:
   - Security
 ---
 
-You must have an available {% data variables.product.prodname_GH_advanced_security %} (GHAS) license for each unique active committer to enable GHAS features on a private{% ifversion ghec or ghes %} or internal{% endif %} repository. To learn about GHAS licensing, as well as unique and active committers, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
+If you are on a volume / subscription-based billing model for {% data variables.product.prodname_GHAS %} (GHAS), you must have an available GHAS license for any additional unique active committers to enable GHAS features on a private{% ifversion ghec or ghes %} or internal{% endif %} repository. To learn about GHAS licensing, as well as unique and active committers, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
 
 If you try to apply a {% data variables.product.prodname_security_configuration %} with GHAS features to your repositories and don't have enough GHAS licenses, the configuration will only be successfully applied to public repositories. For private {% ifversion ghec or ghes %}and internal {% endif %}repositories, only free security features will be enabled due to the license limitation, resulting in the following outcomes:
 
diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment.md b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment.md
new file mode 100644
index 000000000000..14cdbdd0a587
--- /dev/null
+++ b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment.md
@@ -0,0 +1,65 @@
+---
+title: 'About the secret risk assessment'
+shortTitle: 'Secret risk assessment'
+intro: 'Learn why it''s so important to understand your organization''s exposure to data leaks and how the {% data variables.product.prodname_secret_risk_assessment %} report gives an overview of your organization’s secret leak footprint.'
+product: '{% data reusables.gated-features.secret-risk-assessment-report %}'
+allowTitleToDifferFromFilename: true
+type: overview
+versions:
+  feature: secret-risk-assessment
+topics:
+  - Secret scanning
+  - Secret Protection
+  - Code Security
+  - Organizations
+  - Security
+---
+
+## About exposure to leaked secrets
+
+Assessing your exposure to leaked secrets is crucial if you want to prevent:
+
+* **Exploitation by bad actors**. Malicious actors can use leaked secrets such as API keys, passwords, and tokens to gain unauthorized access to systems, databases, and sensitive information. If secrets are leaked, it can lead to data breaches, compromising user data and potentially causing significant financial and reputational damage.
+
+* **Regulatory problems**. Many industries have strict regulatory requirements for data protection, and leaked secrets can result in non-compliance with regulations, leading to legal penalties and fines.
+
+* **Service disruptions**. Unauthorized access to systems can lead to service disruptions, impacting the availability and reliability of services provided to users.
+
+* **Loss of trust**. Customers expect robust security measures to protect their data, and exposure to leaked secrets can erode trust and confidence in your organization's ability to safeguard information.
+
+* **Costly fallout**. Addressing the fallout from leaked secrets can be costly, involving incident response efforts, security audits, and potential compensation for affected parties.
+
+Regularly assessing your exposure to leaked secrets is good practice to help identify vulnerabilities, implement necessary security measures, and ensure that any compromised secrets are promptly rotated and invalidated.
+
+## About {% data variables.product.prodname_secret_risk_assessment %}
+
+{% data reusables.secret-risk-assessment.public-preview-note %}
+
+{% ifversion fpt %}
+
+>[!TIP] This report is only available if you are on the {% data variables.product.prodname_team %} plan. For information about the plan and how to upgrade, see [{% data variables.product.prodname_team %}](/get-started/learning-about-github/githubs-plans#github-team) and [Upgrading your organization's plan](/billing/managing-the-plan-for-your-github-account/upgrading-your-accounts-plan#upgrading-your-organizations-plan).
+
+{% endif %}
+
+{% data reusables.secret-risk-assessment.report-intro %}
+
+The {% data variables.product.prodname_secret_risk_assessment %} report provides the following insights:
+
+   * **Total secrets**—Aggregate count of exposed secrets detected within the organization.
+   * **Public leaks**—Distinct secrets found in your organization's public repositories.
+   * **Preventable leaks**—Secrets that could have been protected, using {% data variables.product.prodname_GH_secret_protection %} features such as {% data variables.product.prodname_secret_scanning %} and push protection.
+   * **Secret locations**—Locations that are scanned for the report. {% data reusables.secret-risk-assessment.what-is-scanned %}
+   * **Secret categories**—Distribution of the types of secrets that are leaked. Secrets can be partner secrets, which are strings that match secrets issued by service providers in our partner program, or generic secrets, which are non-provider patterns such as SSH keys, database connection strings, and JSON web tokens.
+   * **Repositories with leaks**—Repositories where leaked secrets were detected, out of all the repositories scanned.
+
+{% data reusables.security-overview.secret-risk-assessment-report-generation-cadence %}
+
+Because the {% data variables.product.prodname_secret_risk_assessment %} report is based on **your repositories**, regardless of the enablement status of {% data variables.product.prodname_GH_secret_protection %} features, you can see your current exposure to leaked secrets, and understand better how {% data variables.product.github %} can help you prevent future secret leaks.
+
+## Next steps
+
+Now that you know about the {% data variables.product.prodname_secret_risk_assessment %} report, you may want to learn how to:
+
+* Generate the report to see your organization risk. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization).
+* Interpret the results of the report. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results).
+* Enable {% data variables.product.prodname_GH_secret_protection %} to improve your secret leak footprint. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/choosing-github-secret-protection#enabling-secret-protection).
diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/choosing-github-secret-protection.md b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/choosing-github-secret-protection.md
new file mode 100644
index 000000000000..45a6ed970810
--- /dev/null
+++ b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/choosing-github-secret-protection.md
@@ -0,0 +1,79 @@
+---
+title: 'Choosing {% data variables.product.prodname_GH_secret_protection %}'
+shortTitle: 'Secret protection'
+intro: 'Learn how {% data variables.product.prodname_GH_secret_protection %} can help you detect secrets in your codebases and prevent leaks before they happen using continuous monitoring and prevention tools.'
+product: '{% data reusables.gated-features.secret-protection %}'
+allowTitleToDifferFromFilename: true
+type: overview
+versions:
+  feature: secret-risk-assessment
+topics:
+  - Secret scanning
+  - Secret Protection
+  - Code Security
+  - Organizations
+  - Security
+---
+
+## About {% data variables.product.prodname_GH_secret_protection %}
+
+{% data variables.product.prodname_secret_protection %} includes the following features to help you detect and prevent secret leaks, allowing continuous monitoring and detection. For details about the features and their availability, see [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security#github-secret-protection).
+
+{% data reusables.secret-protection.product-list %}
+
+In addition, {% data variables.product.prodname_secret_protection %} includes a free scanning feature, the **risk assessment** report, to help organizations understand their secret leak footprint across their {% data variables.product.github %} perimeter. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment).
+
+{% data variables.product.prodname_secret_protection %} is billed per active committer to the repositories where it is enabled. It is available to users with a {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %} plan, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
+
+## Why you should enable {% data variables.product.prodname_secret_protection %} for 100% of your organization's repositories
+
+{% data variables.product.github %} recommends enabling {% data variables.product.prodname_GH_secret_protection %} products for all repositories, in order to protect your organization from the risk of secret leaks and exposures.  {% data variables.product.prodname_GH_secret_protection %} is free to enable for public repositories, and available as a purchasable add-on for private and internal repositories.
+
+* {% data reusables.secret-risk-assessment.what-is-scanned %}. See [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)
+
+* The {% data variables.product.prodname_secret_risk_assessment %} and {% data variables.product.prodname_secret_scanning %} _scan code that has already been committed_ into your repositories. With **push protection**, your code is scanned for secrets _before_ commits are saved on {% data variables.product.github %}, during the push process, and the push is blocked if any secrets are detected. See [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).
+
+* If you have one or more secret patterns that are internal to your organization, these will not be detected by the default patterns supported by {% data variables.product.prodname_secret_scanning %}. You can define **custom patterns** that are only valid in your organization, and extend the {% data variables.product.prodname_secret_scanning %} capabilities to detect these patterns. See [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning).
+
+* Knowing which secrets could be exploited makes it easy to prioritize remediation of leaked secrets found by {% data variables.product.prodname_secret_scanning %}. **Validity checks** tell you if an active secret is one that could still be exploited, so these alerts should be reviewed and remediated as a priority. See [AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository).
+
+* You may also want to detect leaks of unstructured secrets such as passwords. This is possible with our AI-powered **{% data variables.secret-scanning.copilot-secret-scanning %}**. See [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).
+
+* Visualizing the prevention, detection, and remediation of security data is critical to understanding where to direct effort and where security initiatives are having an impact. **Security overview** has dedicated views that allow you to dig deep into the current state of your codebases at the organization and enterprise level. See [AUTOTITLE](/code-security/security-overview/about-security-overview).
+
+In addition to detecting and preventing secret leaks, you should consider building code security into all of your organization workflows to secure your software supply chain. See [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security).
+
+If you require help evaluating your security needs or options, contact [GitHub's Sales team](https://github.com/security/contact-sales).
+
+{% ifversion fpt or ghec %}
+
+Alternatively, you can trial {% data variables.product.prodname_GHAS %} for free to assess your needs. See [AUTOTITLE](/code-security/trialing-github-advanced-security/planning-a-trial-of-ghas).
+
+{% endif %}
+
+## Enabling {% data variables.product.prodname_secret_protection %}
+
+{% ifversion ghes %}
+A site administrator must enable {% data variables.product.prodname_AS %} for {% data variables.location.product_location %} before you can use these security features. See [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise).
+{% endif %}
+
+{% ifversion security-configurations %}
+{% data reusables.security-configurations.enable-security-features-with-gh-config %}
+{% endif %}
+
+{% data variables.product.prodname_security_configurations_caps %} can be applied at enterprise and organization level. You can also configure additional security settings for your organization. These settings, called {% data variables.product.prodname_global_settings %}, are then inherited by all repositories in the organization. With {% data variables.product.prodname_global_settings %}, you can customize how security features analyze your organization. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/configuring-global-security-settings-for-your-organization).
+
+In addition, repository administrators can enable security features at the repository level.
+
+## Enabling {% data variables.product.prodname_secret_protection %} from the {% data variables.product.prodname_secret_risk_assessment %}
+
+{% data reusables.secret-risk-assessment.public-preview-note %}
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.security-overview %}
+{% data reusables.security-overview.open-assessments-view %}
+1. Click the **Enable Secret Protection** dropdown in the banner display, and then select one of the options for enabling the feature in your organization's repositories.
+   * **For public repositories for free**: Click to enable for _only_ public repositories in your organization.
+   * **For all repositories**: Click **Enable Secret Protection** to enable both {% data variables.product.prodname_secret_scanning %} and push protection for all repositories in your organization, at the estimated cost displayed. You will incur usage costs or need to purchase {% data variables.product.prodname_GH_secret_protection %} licenses.
+
+       Alternatively, click **Configure in settings** to customize which repositories you want to enable {% data variables.product.prodname_secret_protection %} for. See {% ifversion fpt or ghec %}[AUTOTITLE](/code-security/securing-your-organization\enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization) and {% endif %}[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration).
diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/index.md b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/index.md
new file mode 100644
index 000000000000..35dae238b9ce
--- /dev/null
+++ b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/index.md
@@ -0,0 +1,18 @@
+---
+title: 'Understanding your organization''s exposure to leaked secrets'
+shortTitle: Exposure to leaked secrets
+intro: 'You can generate a secret risk assessment report to evaluate the extent of your organization''s vulnerability to leaked secrets. Decide whether to enable {% data variables.product.prodname_secret_protection %} to protect your organization from further leaks.'
+versions:
+  feature: secret-risk-assessment
+topics:
+  - Organizations
+  - Secret scanning
+  - Secret Protection
+  - Code Security
+  - Security
+children:
+  - /about-secret-risk-assessment
+  - /viewing-the-secret-risk-assessment-report-for-your-organization
+  - /interpreting-secret-risk-assessment-results
+  - /choosing-github-secret-protection
+---
diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results.md b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results.md
new file mode 100644
index 000000000000..4a408bd5030b
--- /dev/null
+++ b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results.md
@@ -0,0 +1,46 @@
+---
+title: 'Interpreting secret risk assessment results'
+shortTitle: 'Interpret results'
+intro: 'Use the results from your {% data variables.product.prodname_secret_risk_assessment %} report to improve your organization''s security.'
+allowTitleToDifferFromFilename: true
+type: how_to
+versions:
+  feature: secret-risk-assessment
+topics:
+  - Code Security
+  - Secret scanning
+  - Secret Protection
+  - Organizations
+  - Security
+---
+
+The {% data variables.product.prodname_secret_risk_assessment %} dashboard displays point-in-time insights into the secrets detected in your organization. {% data reusables.secret-risk-assessment.link-conceptual-information %}
+
+{% data reusables.secret-risk-assessment.public-preview-note %}
+
+## Prerequisites
+
+You need to generate a {% data variables.product.prodname_secret_risk_assessment %} report and wait for the scan to complete before being able to view and export the results. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization#generating-an-initial-secret-risk-assessment) and [Exporting the {% data variables.product.prodname_secret_risk_assessment %} to CSV](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization#exporting-the-secret-risk-assessment-to-csv).
+
+## Prioritizing high-risk leaks for remediation
+
+To understand your secrets' footprint and exposure to secrets leaks, review the **Total secrets**,**Public leaks** and **Secret locations** metrics.
+
+Next, identify the areas in your organization where leaked secrets pose the highest threat to security.
+
+* **Leaked secrets that are still active** usually present the greatest risk to security. Prioritize any active secrets for remediation ahead of inactive secrets. For more information about checking the validity of a detected credential, see [AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-validity-checks-for-your-repository).
+* Similarly, **secrets leaked in public repositories** are usually considered a higher risk and priority, than those secrets leaked in private {% ifversion ghec or ghes %}or internal {% endif %}repositories.
+* The **Repositories with leaks** metric can indicate how frequent, or the extent of, secret leaks across your organization. A large proportion of repositories with secret leaks may suggest that developer education and increased security awareness around secrets is important for your organization.
+
+## Identifying areas of exposure
+
+Review the **Preventable leaks** and **Secret categories** metrics to understand your current secret detection coverage, in addition to learning how {% data variables.product.github %} can help prevent future secret leaks.
+
+* Secret leaks that could have been prevented using {% data variables.product.prodname_GH_secret_protection %} features such as {% data variables.product.prodname_secret_scanning %} and push protection are shown by the **Preventable leaks** metric.
+* Using the **Secret categories** metric and the **Token type** table, search for patterns in the type of secrets leaked across your organization.
+  * Common areas and repeated occurrences of leaked secrets may suggest particular CI/CD workflows or development processes in your organization that are contributing to the results.
+  * You may also be able to identify specific teams, repositories, or networks that are more prone to secret leaks, and therefore require additional security measures or management to be put in place.
+
+## Adopt {% data variables.product.prodname_GH_secret_protection %} to prevent leaks
+
+We recommend purchasing {% data variables.product.prodname_GH_secret_protection %} products to improve your organization's exposure to secret leaks and optimize your secret detection rates. {% data variables.product.prodname_GH_secret_protection %} is a continuous monitoring and detection solution that is the most effective path for secure development. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/choosing-github-secret-protection).
diff --git a/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization.md b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization.md
new file mode 100644
index 000000000000..4de3f51798e2
--- /dev/null
+++ b/content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization.md
@@ -0,0 +1,81 @@
+---
+title: 'Viewing the secret risk assessment report for your organization'
+shortTitle: 'View secret risk assessment'
+intro: 'You can generate and view the {% data variables.product.prodname_secret_risk_assessment %} report for your organization from the "Security" tab.'
+permissions: '{% data reusables.permissions.secret-risk-assessment-report-generation %}'
+allowTitleToDifferFromFilename: true
+type: how_to
+versions:
+  feature: secret-risk-assessment
+topics:
+  - Code Security
+  - Secret scanning
+  - Secret Protection
+  - Organizations
+  - Security
+---
+
+{% data reusables.secret-risk-assessment.report-intro %} {% data reusables.secret-risk-assessment.link-conceptual-information %}
+
+You can generate the {% data variables.product.prodname_secret_risk_assessment %} report for your organization, review it, and export the results to CSV.
+
+{% data reusables.secret-risk-assessment.public-preview-note %}
+
+## Generating an initial {% data variables.product.prodname_secret_risk_assessment %}
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.security-overview %}
+{% data reusables.security-overview.open-assessments-view %}
+{% data reusables.security-overview.generate-secret-risk-assessment-report %}
+
+{% data reusables.secret-risk-assessment.notification-report-ready %}
+
+{% note %}
+
+Did you successfully generate the {% data variables.product.prodname_secret_risk_assessment %} report for your organization?
+
+<a href="https://docs.github.io/success-test/yes.html" target="_blank" class="btn btn-outline mt-3 mr-3 no-underline"><span>Yes</span></a>  <a href="https://docs.github.io/success-test/no.html" target="_blank" class="btn btn-outline mt-3 mr-3 no-underline"><span>No</span></a>
+
+{% endnote %}
+
+## Rerunning the {% data variables.product.prodname_secret_risk_assessment %}
+
+{% data reusables.security-overview.secret-risk-assessment-report-generation-cadence %}
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.security-overview %}
+{% data reusables.security-overview.open-assessments-view %}
+1. Towards the top right side of the existing report, click {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %}.
+1. Select **Rerun scan**.
+
+    {% data reusables.secret-risk-assessment.notification-report-ready %}
+
+## Viewing the {% data variables.product.prodname_secret_risk_assessment %}
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.security-overview %}
+{% data reusables.security-overview.open-assessments-view %} You can see the most recent report on this page.
+
+## Exporting the {% data variables.product.prodname_secret_risk_assessment %} to CSV
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.security-overview %}
+{% data reusables.security-overview.open-assessments-view %}
+1. Towards the top right side of the report, click {% octicon "kebab-horizontal" aria-label="More options" %}.
+1. Select **Download CSV**.
+
+The {% data variables.product.prodname_secret_risk_assessment %} CSV file includes the following information.
+
+| CSV column | Name                   | Description                                               |
+| ---------- | ---------------------- | --------------------------------------------------------- |
+| A          | `Organization Name`    | The name of the organization the secret was detected in |
+| B          | `Name`                 | The token name for the type of secret |
+| C          | `Slug`                 | The normalized string for the token. This corresponds to `Token` in the table of supported secrets. See [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets). |
+| D          | `Push Protected`       | A `boolean` to indicate whether the secret would be detected and blocked by push protection if it were enabled |
+| E          | `Non-Provider Pattern` | A `boolean` to indicate whether the secret matched a non-provider pattern and would generate an alert if {% data variables.product.prodname_secret_scanning %} with non-provider patterns were enabled |
+| F          | `Secret Count`         | An aggregate count of the active and inactive secrets found for the token type |
+| G          | `Repository Count`         | An aggregate count of distinct repositories in which the secret type was found, including public, private,{% ifversion ghec or ghes %} internal{% endif %}, and archived repositories |
+
+## Next steps
+
+Now that you've generated {% data variables.product.prodname_secret_risk_assessment %} for your organization, learn how to interpret the results. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results).
diff --git a/content/code-security/security-advisories/working-with-repository-security-advisories/evaluating-the-security-settings-of-a-repository.md b/content/code-security/security-advisories/working-with-repository-security-advisories/evaluating-the-security-settings-of-a-repository.md
index bc76dc6e0bbb..3c4eb05329de 100644
--- a/content/code-security/security-advisories/working-with-repository-security-advisories/evaluating-the-security-settings-of-a-repository.md
+++ b/content/code-security/security-advisories/working-with-repository-security-advisories/evaluating-the-security-settings-of-a-repository.md
@@ -20,7 +20,7 @@ Evaluating a public repository's security settings can help security researchers
 
 If a repository is public, high level information about the repository's security settings is available to anyone. For example, you can see whether the repository has a security policy, and whether private vulnerability reporting is enabled. You can also view published and closed security advisories for the repository. If no security policy is associated with a repository, you can suggest one. If the repository has private vulnerability reporting enabled, you can privately report security vulnerabilities directly to repository maintainers.
 
-If you have admin permissions to the repository, and the repository is owned by an organization, you can see more detailed information about the repository's security settings through the security overview. For more information on the security overview, see [AUTOTITLE](/enterprise-cloud@latest/code-security/security-overview/about-security-overview){% ifversion ghec %}."{% else %} in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}
+If you have admin permissions to the repository, and the repository is owned by an organization, you can see more detailed information about the repository's security settings through the security overview. For more information on the security overview, see [AUTOTITLE](/code-security/security-overview/about-security-overview).
 
  If a repository is private, you can only see the security settings if you have admin permissions to the repository or have been granted special security permissions covering the repository, for example, as an organization-wide security manager.
 
diff --git a/content/code-security/security-overview/about-security-overview.md b/content/code-security/security-overview/about-security-overview.md
index c27eca0c3fa3..122d1e7a63e8 100644
--- a/content/code-security/security-overview/about-security-overview.md
+++ b/content/code-security/security-overview/about-security-overview.md
@@ -1,7 +1,7 @@
 ---
 title: About security overview
 intro: 'You can gain insights into the overall security landscape of your organization or enterprise and identify repositories that require intervention using security overview.'
-product: '{% data reusables.gated-features.security-overview %}'
+product: '{% data reusables.gated-features.security-overview-general %}'
 redirect_from:
   - /code-security/security-overview/exploring-security-alerts
   - /code-security/security-overview/about-the-security-overview
@@ -21,22 +21,31 @@ topics:
   - Secret scanning
   - Teams
 ---
-<!-- expires 2025-04-01 -->
 
-<!-- The whole article will be suitable for GitHub Team users -->
+{% ifversion fpt %}
 
-{% ifversion fpt %}{% data reusables.security-overview.about-security-overview %} For more information, see [the {% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/security-overview/about-security-overview).{% endif %}
+Security overview provides insights into the security of code stored in repositories in your organization.
 
-{% ifversion ghec or ghes %}
+* **All organizations** on {% data variables.product.prodname_team %} can use the free **{% data variables.product.prodname_secret_risk_assessment %}** to evaluate the exposure of their organization to leaked secrets, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization).
+* {% data variables.product.prodname_team %} accounts that purchase **{% data variables.product.prodname_GH_cs_or_sp %}** have access to views with additional insights.
 
-<!-- end expires 2025-04-01 -->
+The information below describes the views available to organizations with {% data variables.product.prodname_GH_cs_or_sp %} that you can use to identify trends in detection, remediation, and prevention of security alerts and dig deep into the current state of your repositories.
+
+{% elsif ghec or ghes %}
 
 Security overview contains focused views where you can explore trends in detection, remediation, and prevention of security alerts and dig deep into the current state of your codebases.
 
-* Information about {% data variables.product.prodname_dependabot %} features and alerts is shown for all repositories.
-* Information for {% data variables.product.prodname_AS %} features, such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}, is shown for organizations and enterprises that use {% data variables.product.prodname_GHAS_cs_or_sp %}{% ifversion fpt or ghec %} and for public repositories{% endif %}.
+{% ifversion ghec %}
+All organizations on {% data variables.product.prodname_enterprise %} can use:
+* **{% data variables.product.prodname_secret_risk_assessment_caps %}** to evaluate the exposure of their organization to leaked secrets, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization).
+* **{% data variables.product.prodname_dependabot %}** data to evaluate the security of their supply chain in all repositories.
+{% else %}
+All organizations on {% data variables.product.prodname_enterprise %} can use {% data variables.product.prodname_dependabot %} data to evaluate the security of their supply chain in all repositories.
+{% endif %}
 
-For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts#dependabot-alerts-for-vulnerable-dependencies) and [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
+In addition, data for **{% data variables.product.prodname_AS %}** features, such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}, is shown for organizations and enterprises that use {% data variables.product.prodname_GHAS_cs_or_sp %}{% ifversion ghec %}, and for public repositories{% endif %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts#dependabot-alerts-for-vulnerable-dependencies) and [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
+
+{% endif %}
 
 ## About the views
 
@@ -65,10 +74,11 @@ Security overview has multiple views that provide different ways to explore enab
 {% ifversion security-overview-dashboard %}
 * **Overview:** visualize trends in **Detection**, **Remediation**, and **Prevention** of security alerts, see [AUTOTITLE](/code-security/security-overview/viewing-security-insights).{% endif %}
 * **Risk and Alert views:** explore the risk from security alerts of all types or focus on a single alert type and identify your risk from specific vulnerable dependencies, code weaknesses, or leaked secrets, see [AUTOTITLE](/code-security/security-overview/assessing-code-security-risk).
-* **Coverage:** assess the adoption of security features across repositories in the organization, see [AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security).{% ifversion security-overview-tool-adoption %}
+* **Coverage:** assess the adoption of security features across repositories in the organization, see [AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security).{% ifversion ghas-products %}{% ifversion secret-risk-assessment %}
+* **Assessments:** regardless of the enablement status of {% data variables.product.prodname_AS %} features, organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %} can run a free report to scan the code in the organization for leaked secrets, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment).{% endif %}{% endif %}{% ifversion security-overview-tool-adoption %}
 * **Enablement trends:** see how quickly different teams are adopting security features.{% endif %}{% ifversion security-overview-org-codeql-pr-alerts %}
-* **CodeQL pull request alerts:** assess the impact of running CodeQL on pull requests and how development teams are resolving code scanning alerts, see [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts).{% endif %}{% ifversion security-overview-push-protection-metrics-page %}
-* **Secret scanning:** find out which types of secret are blocked by push protection{% ifversion security-overview-delegated-bypass-requests %} and which teams are bypassing push protection{% endif %}, see [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection){% ifversion security-overview-delegated-bypass-requests %} and [AUTOTITLE](/code-security/security-overview/reviewing-requests-to-bypass-push-protection){% endif %}.{% endif %}
+* **CodeQL pull request alerts:** assess the impact of running CodeQL on pull requests and how development teams are resolving code scanning alerts, see [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts).{% endif %}
+* **Secret scanning:** find out which types of secret are blocked by push protection{% ifversion security-overview-delegated-bypass-requests %} and which teams are bypassing push protection{% endif %}, see [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection){% ifversion security-overview-delegated-bypass-requests %} and [AUTOTITLE](/code-security/security-overview/reviewing-requests-to-bypass-push-protection){% endif %}.
 
 {% ifversion security-campaigns %}
 You also create and manage security campaigns to remediate alerts from security overview, see [AUTOTITLE](/code-security/securing-your-organization/fixing-security-alerts-at-scale/creating-tracking-security-campaigns) and [AUTOTITLE](/code-security/securing-your-organization/fixing-security-alerts-at-scale/best-practice-fix-alerts-at-scale).
@@ -76,7 +86,7 @@ You also create and manage security campaigns to remediate alerts from security
 
 ## About security overview for enterprises
 
-You can find security overview on the **Code Security** tab for your enterprise. Each page displays aggregated and repository-specific security information for your enterprise.
+You can find security overview on the **Security** tab for your enterprise. Each page displays aggregated and repository-specific security information for your enterprise.
 
 As with security overview for organizations, security overview for enterprises has multiple views that provide different ways to explore data.
 
@@ -138,4 +148,3 @@ If you're an owner of an {% data variables.enterprise.prodname_emu_enterprise %}
 * [AUTOTITLE](/code-security/securing-your-organization){% else %}
 * [AUTOTITLE](/code-security/getting-started/quickstart-for-securing-your-organization){% endif %}
 * [AUTOTITLE](/code-security/adopting-github-advanced-security-at-scale/introduction-to-adopting-github-advanced-security-at-scale)
-{% endif %}
diff --git a/content/code-security/security-overview/assessing-adoption-code-security.md b/content/code-security/security-overview/assessing-adoption-code-security.md
index 5cfdea199c2f..c93046bf67bd 100644
--- a/content/code-security/security-overview/assessing-adoption-code-security.md
+++ b/content/code-security/security-overview/assessing-adoption-code-security.md
@@ -4,6 +4,7 @@ shortTitle: Assess adoption of features
 allowTitleToDifferFromFilename: true
 intro: 'You can use security overview to see which teams and repositories have already enabled features for secure coding, and identify any that are not yet protected.'
 permissions: '{% data reusables.permissions.security-overview %}'
+product: '{% data reusables.gated-features.security-overview-fpt-both %}'
 type: how_to
 topics:
   - Security overview
@@ -13,18 +14,22 @@ topics:
   - Organizations
   - Teams
 versions:
+  fpt: '*'
   ghes: '*'
   ghec: '*'
 ---
 
-
-
 ## About adoption of features for secure coding
 
 You can use security overview to see which repositories and teams have already enabled each security feature, and where people need more encouragement to adopt these features. The "Security coverage" view shows a summary and detailed information on feature enablement for an organization. You can filter the view to show a subset of repositories using the "enabled" and "not enabled" links, the "Teams" dropdown menu, and a search field in the page header.
 
+{% ifversion security-configurations %}
 ![Screenshot of the header section of the "Security coverage" view on the "Security" tab for an organization.](/assets/images/help/security-overview/security-coverage-view-summary.png)
 
+{% else %}
+![Screenshot of the header section of the "Security coverage" view on the "Security" tab for an organization.](/assets/images/help/security-overview/security-coverage-view-summary-pre-config.png)
+{% endif %}
+
 >[!NOTE] "Pull request alerts" are reported as enabled only when {% data variables.product.prodname_code_scanning %} has analyzed at least one pull request since alerts were enabled for the repository.
 
 {% ifversion security-overview-export-data %}
@@ -46,8 +51,6 @@ You can view data to assess the enablement of features for secure coding across
 1. To display the "Security coverage" view, in the sidebar, click **{% octicon "meter" aria-hidden="true" %} Coverage**.
 {% data reusables.code-scanning.using-security-overview-coverage %}
 
-   ![Screenshot of the "Security coverage" view. The options for filtering are outlined in dark orange.](/assets/images/help/security-overview/security-coverage-view-highlights.png)
-
 {% ifversion pre-security-configurations %}
 1. Optionally, click **{% octicon "gear" aria-hidden="true" %} Security settings** to enable security features for a repository and click **Save security settings** to confirm the changes. If a feature is not shown, it has more complex configuration requirements and you need to use the repository settings dialog. For more information, see [AUTOTITLE](/code-security/getting-started/securing-your-repository).
 1. Optionally, select some or all of the repositories that match your current search and click **Security settings** in the table header to display a side panel where you can enable security features for the selected repositories. When you've finished, click **Apply changes** to confirm the changes. For more information, see [AUTOTITLE](/code-security/security-overview/enabling-security-features-for-multiple-repositories).
@@ -73,9 +76,7 @@ In the enterprise-level view, you can view data about the enablement of features
 1. To display the "Security coverage" view, in the sidebar, click **Coverage**.
 {% data reusables.code-scanning.using-security-overview-coverage %}
 
-   ![Screenshot of the header section of the "Security coverage" view. The options for filtering are outlined in dark orange.](/assets/images/help/security-overview/security-coverage-view-highlights-enterprise.png)
-
-{% data reusables.security-overview.enterprise-filters-tip %}
+   {% data reusables.security-overview.enterprise-filters-tip %}
 
 {% ifversion security-overview-tool-adoption %}
 
@@ -129,6 +130,6 @@ You can view data to assess the enablement status and enablement status trends o
 
 Some security features can and should be enabled on all repositories. For example, {% data variables.secret-scanning.alerts %} and push protection reduce the risk of a security leak no matter what information is stored in the repository. If you see repositories that don't already use these features, you should either enable them or discuss an enablement plan with the team who owns the repository. For information on enabling features for a whole organization, see {% ifversion security-configurations %}[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization){% else %}[AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization){% endif %}.
 
-Other features are not available for use in all repositories. For example, there would be no point in enabling {% data variables.product.prodname_dependabot %}{% ifversion default-setup-pre-enablement %}{% else %} or {% data variables.product.prodname_code_scanning %}{% endif %} for repositories that only use ecosystems or languages that are unsupported. As such, it's normal to have some repositories where these features are not enabled.
+Other features are not suitable for use in all repositories. For example, there would be no point in enabling {% data variables.product.prodname_dependabot %}{% ifversion default-setup-pre-enablement %}{% else %} or {% data variables.product.prodname_code_scanning %}{% endif %} for repositories that only use ecosystems or languages that are unsupported. As such, it's normal to have some repositories where these features are not enabled.
 
 Your enterprise may also have configured policies to limit the use of some security features. For more information, see [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise).
diff --git a/content/code-security/security-overview/assessing-code-security-risk.md b/content/code-security/security-overview/assessing-code-security-risk.md
index 9fc75bf0986b..35f54e930ceb 100644
--- a/content/code-security/security-overview/assessing-code-security-risk.md
+++ b/content/code-security/security-overview/assessing-code-security-risk.md
@@ -4,6 +4,7 @@ shortTitle: Assess security risk of code
 allowTitleToDifferFromFilename: true
 intro: 'You can use security overview to see which teams and repositories are affected by security alerts, and identify repositories for urgent remedial action.'
 permissions: '{% data reusables.permissions.security-overview %}'
+product: '{% data reusables.gated-features.security-overview-fpt-both %}'
 type: how_to
 topics:
   - Security overview
@@ -13,14 +14,13 @@ topics:
   - Organizations
   - Teams
 versions:
+  fpt: '*'
   ghes: '*'
   ghec: '*'
 redirect_from:
   - /code-security/security-overview/viewing-the-security-overview
 ---
 
-
-
 ## Exploring the security risks in your code
 
 You can use the different views on your **Security** tab to explore the security risks in your code.
diff --git a/content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md b/content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md
index 665430c9f71e..cbed98f3158b 100644
--- a/content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md
+++ b/content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md
@@ -5,7 +5,7 @@ intro: You can use security overview to select a subset of repositories and enab
 permissions: '{% data reusables.permissions.security-org-enable %}'
 allowTitleToDifferFromFilename: true
 versions:
-  feature: security-configurations-beta-and-pre-beta
+  feature: security-configurations-beta-and-pre-beta # Display article for old GHES versions only
 type: how_to
 topics:
   - Security overview
diff --git a/content/code-security/security-overview/exporting-data-from-security-overview.md b/content/code-security/security-overview/exporting-data-from-security-overview.md
index ca6562fb7f75..1255a25e6fac 100644
--- a/content/code-security/security-overview/exporting-data-from-security-overview.md
+++ b/content/code-security/security-overview/exporting-data-from-security-overview.md
@@ -3,6 +3,7 @@ title: Exporting data from security overview
 shortTitle: Export data
 intro: From security overview, you can export CSV files of the data used for your organization or enterprise's overview, risk, coverage, and {% data variables.product.prodname_codeql %} pull request alerts pages.
 permissions: '{% data reusables.permissions.security-overview %}'
+product: '{% data reusables.gated-features.security-overview-fpt-both %}'
 versions:
   feature: security-overview-export-data
 type: how_to
@@ -38,12 +39,8 @@ The CSV file you download will contain data corresponding to the filters you hav
 
     It may take a moment for {% data variables.product.github %} to generate the CSV file of your data. Once the CSV file generates, the file will automatically start downloading, and a banner will appear confirming your report is ready. If you are downloading the CSV from the overview page, you will also receive an email when your report is ready, containing a link to download the CSV.
 
-{% ifversion secret-scanning-non-provider-patterns %}
-
 > [!NOTE]
-> The summary views ({% ifversion security-overview-dashboard %}"Overview", {% endif %}"Coverage" and "Risk") show data only for {% ifversion secret-scanning-alert-experimental-list %}default{% else %}high confidence{% endif %} alerts. {% data variables.product.prodname_code_scanning_caps %} alerts from third-party tools, and {% data variables.product.prodname_secret_scanning %} alerts for non-provider patterns or for ignored directories are all omitted from these views. Consequently, files exported from the summary views do not contain data for these types of alert.
-
-{% endif %}
+> The summary views ("Overview", "Coverage" and "Risk") show data only for default alerts. {% data variables.product.prodname_code_scanning_caps %} alerts from third-party tools, and {% data variables.product.prodname_secret_scanning %} alerts for non-provider patterns or for ignored directories are all omitted from these views. Consequently, files exported from the summary views do not contain data for these types of alert.
 
 ## Exporting overview, coverage, and risk data from your enterprise's security overview
 
diff --git a/content/code-security/security-overview/filtering-alerts-in-security-overview.md b/content/code-security/security-overview/filtering-alerts-in-security-overview.md
index 72a1ce594aaf..9202fda5e59b 100644
--- a/content/code-security/security-overview/filtering-alerts-in-security-overview.md
+++ b/content/code-security/security-overview/filtering-alerts-in-security-overview.md
@@ -2,8 +2,10 @@
 title: Filtering alerts in security overview
 intro: Use filters to view specific categories of alerts
 permissions: '{% data reusables.permissions.security-overview %}'
+product: '{% data reusables.gated-features.security-overview-fpt-both %}'
 allowTitleToDifferFromFilename: true
 versions:
+  fpt: '*'
   ghes: '*'
   ghec: '*'
 type: how_to
@@ -119,7 +121,7 @@ In the "Risk" and "Coverage" views, you can show data only for repositories wher
 
 | Qualifier | Description |
 | -------- | -------- |
-| `advanced-security` | Display data for repositories where {% data variables.product.prodname_AS %} is{% ifversion ghas-products-cloud %} products are{% endif %} enabled or not enabled. |
+| `advanced-security` | Display data for repositories where {% data variables.product.prodname_GHAS %} is enabled or not enabled. |
 | `code-scanning-default-setup`| Display data for repositories where {% data variables.product.prodname_code_scanning %} is enabled or not enabled using {% data variables.product.prodname_codeql %} default setup. |
 | `code-scanning-pull-request-alerts`| Display data for repositories where {% data variables.product.prodname_code_scanning %} is enabled or not enabled to run on pull requests. |
 | `dependabot-security-updates` | Display data for repositories where {% data variables.product.prodname_dependabot_security_updates %} is enabled or not enabled.  |
diff --git a/content/code-security/security-overview/index.md b/content/code-security/security-overview/index.md
index bb6622edac1f..221558b9e3bf 100644
--- a/content/code-security/security-overview/index.md
+++ b/content/code-security/security-overview/index.md
@@ -2,8 +2,8 @@
 title: Viewing security information for your organization or enterprise
 shortTitle: Security overview
 allowTitleToDifferFromFilename: true
-intro: 'View, sort, and filter security alerts and coverage information from across your organization or enterprise, and enable security features for their repositories.'
-product: '{% data reusables.gated-features.security-overview %}'
+intro: 'Visualize adoption rates for {% data variables.product.prodname_GHAS %} features, alert discovery, and remediation for your organization or enterprise.'
+product: '{% data reusables.gated-features.security-overview-general %}'
 versions:
   fpt: '*'
   ghes: '*'
diff --git a/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md b/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md
index e8bd6211a46a..0065522ec807 100644
--- a/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md
+++ b/content/code-security/security-overview/reviewing-requests-to-bypass-push-protection.md
@@ -3,6 +3,7 @@ title: Reviewing requests to bypass push protection
 shortTitle: Review bypass requests
 intro: 'You can use security overview to review requests to bypass push protection from contributors pushing to repositories across your organization.'
 permissions: '{% data reusables.permissions.security-overview %}'
+product: '{% data reusables.gated-features.security-overview-fpt-sp-only %}'
 type: how_to
 topics:
   - Security overview
@@ -19,7 +20,7 @@ versions:
 
 If your organization has configured delegated bypass for push protection, a designated team of reviewers controls which organization members can push secrets to repositories in your organization, and which members must first make a "bypass request" in order to push the secret.
 
-On the "Bypass requests" page in security overview, reviewers can find, review (approve or deny) and manage these requests.
+On the "Push protection bypass" page in security overview, reviewers can find, review (approve or deny) and manage these requests.
 
 For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/managing-requests-to-bypass-push-protection).
 
diff --git a/content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md b/content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md
index 5866d4479b80..4aace0de1459 100644
--- a/content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md
+++ b/content/code-security/security-overview/viewing-metrics-for-pull-request-alerts.md
@@ -4,6 +4,7 @@ shortTitle: View PR alert metrics
 allowTitleToDifferFromFilename: true
 intro: 'You can use security overview to see how {% data variables.product.prodname_codeql %} is performing in pull requests for repositories across your organizations, and to identify repositories where you may need to take action.'
 permissions: '{% data reusables.permissions.security-overview %}'
+product: '{% data reusables.gated-features.security-overview-fpt-cs-only %}'
 type: how_to
 topics:
   - Security overview
@@ -58,16 +59,12 @@ You can apply filters to the data. The metrics are based on activity from the de
     * Optionally, to remove a filter from your search, click **{% octicon "filter" aria-hidden="true" %} Filter**. In the row of the filter you want to remove, click {% octicon "x" aria-label="Delete FILTER-NUMBER: FILTER-PROPERTIES" %}, then click **Apply**.{% ifversion security-overview-export-data %}
 1. You can use the **{% octicon "download" aria-hidden="true" %} Export CSV** button to download a CSV file of the data currently displayed on the page for security research and in-depth data analysis. For more information, see [AUTOTITLE](/code-security/security-overview/exporting-data-from-security-overview). {% endif %}
 
-{% ifversion security-overview-enterprise-codeql-pr-alerts %}
-
 ## Viewing {% data variables.product.prodname_codeql %} pull request alerts metrics for your enterprise
 
 You can also view metrics for {% data variables.product.prodname_codeql %} alerts in pull requests across organizations in your enterprise.
 
-{% data reusables.security-overview.enterprise-filters-tip %}
-
 {% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}
 {% data reusables.code-scanning.click-code-security-enterprise %}
 1. In the sidebar, under "Metrics", click **{% octicon "graph" aria-hidden="true" %} {% data variables.product.prodname_codeql %} pull request alerts**.
 
-{% endif %}
+{% data reusables.security-overview.enterprise-filters-tip %}
diff --git a/content/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection.md b/content/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection.md
index 5f52db5c99dc..f7ba05833c82 100644
--- a/content/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection.md
+++ b/content/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection.md
@@ -4,6 +4,7 @@ shortTitle: View secret scanning metrics
 allowTitleToDifferFromFilename: true
 intro: 'You can use security overview to see how {% data variables.product.prodname_secret_scanning %} push protection is performing in repositories across your organization{% ifversion security-overview-enterprise-secret-scanning-metrics %} or enterprise{% endif %}, and to identify repositories where you may need to take action.'
 permissions: '{% data reusables.permissions.security-overview %}'
+product: '{% data reusables.gated-features.security-overview-fpt-sp-only %}'
 type: how_to
 redirect_from:
 - /code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection-in-your-organization
@@ -14,7 +15,9 @@ topics:
   - Organizations
   - Teams
 versions:
-  feature: security-overview-push-protection-metrics-page
+  fpt: '*'
+  ghec: '*'
+  ghes: '*'
 ---
 
 {% data reusables.secret-scanning.push-protection-org-metrics-beta %}
@@ -61,12 +64,12 @@ The metrics are based on activity from the default period or your selected perio
 
 You can view metrics for {% data variables.product.prodname_secret_scanning %} push protection across organizations in an enterprise. {% data reusables.security-overview.information-varies-GHAS %}
 
-{% data reusables.security-overview.enterprise-filters-tip %}
-
 {% ifversion ghes %}{% data reusables.enterprise-accounts.access-enterprise-ghes %}{% else %}{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}{% endif %}
 {% data reusables.code-scanning.click-code-security-enterprise %}
 1. In the sidebar, click **{% data variables.product.prodname_secret_scanning_caps %} metrics**.
 1. Click on an individual secret type or repository to see the associated {% data variables.secret-scanning.alerts %} for your enterprise.
 {% data reusables.security-overview.filter-secret-scanning-metrics %}
 
+{% data reusables.security-overview.enterprise-filters-tip %}
+
 {% endif %}
diff --git a/content/code-security/security-overview/viewing-security-insights.md b/content/code-security/security-overview/viewing-security-insights.md
index a35e2753ea92..b12f4b497c0a 100644
--- a/content/code-security/security-overview/viewing-security-insights.md
+++ b/content/code-security/security-overview/viewing-security-insights.md
@@ -3,6 +3,7 @@ title: Viewing security insights
 shortTitle: View security insights
 intro: 'You can use the overview dashboard in security overview to monitor the security landscape of the repositories in your organization{% ifversion security-overview-dashboard-enterprise %} or enterprise{% endif %}.'
 permissions: '{% data reusables.permissions.security-overview %}'
+product: '{% data reusables.gated-features.security-overview-fpt-both %}'
 versions:
   feature: security-overview-dashboard
 type: how_to
@@ -88,7 +89,7 @@ Keep in mind that the overview page tracks changes over time for security alert
 ## Understanding the overview dashboard
 
 {% ifversion security-overview-3-tab-dashboard %}
-<!--Content for GHEC and GHES 3.16+ see next HTML comment for GHES =< 3.15-->
+<!--Content for FPT, GHEC, and GHES 3.16+ see next HTML comment for GHES =< 3.15-->
 
 * [Detection tab](#detection-tab)
 * [Remediation tab](#remediation-tab)
diff --git a/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-code.md b/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-code.md
index 6da36fac0c65..011963e17033 100644
--- a/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-code.md
+++ b/content/code-security/supply-chain-security/end-to-end-supply-chain/securing-code.md
@@ -78,7 +78,7 @@ Code often needs to communicate with other systems over a network, and requires
 {% ifversion fpt %}
 You can enable and configure additional scanning that will alert you about accidentally leaked secrets on {% data variables.product.github %} if you own:
    * Public repositories.
-   * An organization using {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GHAS_or_secret_protection %}. {% data variables.product.prodname_secret_scanning_caps %} will also analyze your private repositories.
+   * An organization using {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %} with a license for {% data variables.product.prodname_GHAS_or_secret_protection %}. {% data variables.product.prodname_secret_scanning_caps %} will also analyze your private repositories.
 
 {% elsif secret-scanning-user-owned-repos %}
 If your organization uses {% data variables.product.prodname_GHAS_or_secret_protection %}, you can enable {% data variables.secret-scanning.user_alerts %} on any repository owned by the organization, including private repositories. {% data reusables.secret-scanning.secret-scanning-user-owned-repos-beta %}
diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md
index a81fe9f864d8..e850217b2203 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review.md
@@ -37,12 +37,9 @@ Dependency review supports the same languages and package management ecosystems
 
 For more information on supply chain features available on {% data variables.product.github %}, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security).
 
-{% ifversion ghec or ghes %}
-
 ## Enabling dependency review
 
-The dependency review feature becomes available when you enable the dependency graph. For more information, see "{% ifversion ghec %}[Enabling the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#enabling-the-dependency-graph){% elsif ghes %}[Enabling the dependency graph for your enterprise](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise){% endif %}."
-{% endif %}
+The dependency review feature becomes available when you enable the dependency graph. For more information, see {% ifversion fpt or ghec %}[Enabling the dependency graph](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#enabling-the-dependency-graph){% elsif ghes %}[Enabling the dependency graph for your enterprise](/admin/code-security/managing-supply-chain-security-for-your-enterprise/enabling-the-dependency-graph-for-your-enterprise){% endif %}."
 
 ## About the {% data variables.dependency-review.action_name %}
 
diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md
index 3bc601536861..73d3a497284d 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security.md
@@ -147,10 +147,8 @@ Public repositories:
 
 Private repositories:
 * **Dependency graph:** Not enabled by default. The feature can be enabled by repository administrators. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph).
-{% ifversion fpt %}
-* **Dependency review:** Available in private repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GHAS_or_code_security %}. For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).
-{% elsif ghec %}
-* **Dependency review:** Available in private repositories owned by organizations provided you have a license for {% data variables.product.prodname_GHAS_or_code_security %} and the dependency graph enabled. For more information, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security) and [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph).
+{% ifversion fpt or ghec %}
+* **Dependency review:** Available in private repositories owned by organizations that use {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GHAS_or_code_security %}. For more information, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security) and [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#enabling-and-disabling-the-dependency-graph).
 {% endif %}
 * **{% data variables.product.prodname_dependabot_alerts %}:** Not enabled by default. Owners of private repositories, or people with admin access, can enable {% data variables.product.prodname_dependabot_alerts %} by enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} for their repositories.
   You can also enable or disable Dependabot alerts for all repositories owned by your user account or organization. For more information, see [AUTOTITLE](/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/managing-security-and-analysis-settings-for-your-personal-account) or [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization).
diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md
index 05dccccfcd59..c65d043aa6cf 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph.md
@@ -67,7 +67,7 @@ For public repositories, only public repositories that depend on it or on packag
 
 You can use the dependency graph to:
 
-* Explore the repositories your code depends on{% ifversion fpt or ghec %}, and those that depend on it{% endif %}. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository). {% ifversion ghec %}
+* Explore the repositories your code depends on{% ifversion fpt or ghec %}, and those that depend on it{% endif %}. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository). {% ifversion fpt or ghec %}
 * View a summary of the dependencies used in your organization's repositories in a single dashboard. For more information, see [AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-dependencies-in-your-organization#viewing-organization-dependency-insights).{% endif %}
 * View and update vulnerable dependencies for your repository. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
 * See information about vulnerable dependencies in pull requests. For more information, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/reviewing-dependency-changes-in-a-pull-request).
diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph.md
index 33683c9da723..94e188d80fa5 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph.md
@@ -53,7 +53,7 @@ When the dependency graph is first enabled, any manifest and lock files for supp
 
 {%- ifversion maven-transitive-dependencies %}
 * [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository){%- endif %}
-{%- ifversion ghec %}
+{%- ifversion fpt or ghec %}
 * [AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-dependencies-in-your-organization){%- endif %}
 * [AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts)
 * [AUTOTITLE](/code-security/dependabot/troubleshooting-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies)
diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/enforcing-dependency-review-across-an-organization.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/enforcing-dependency-review-across-an-organization.md
index ca0f7a5379be..e5e1a5f823f5 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/enforcing-dependency-review-across-an-organization.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/enforcing-dependency-review-across-an-organization.md
@@ -33,7 +33,8 @@ You need to add the {% data variables.dependency-review.action_name %} to one of
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}
 {% data reusables.organizations.access-ruleset-settings %}
-1. Click **New branch ruleset**.
+1. Click the **New ruleset** dropdown menu, and select **New branch ruleset**.
+1. To help identify your ruleset and clarify its purpose, give the ruselet a name in **Ruleset Name**.
 1. Set **Enforcement status** to **{% octicon "play" aria-hidden="true" %} Active**.
 1. Optionally, you can target specific repositories in your organization. For more information, see [Choosing which repositories to target in your organization](/organizations/managing-organization-settings/creating-rulesets-for-repositories-in-your-organization#choosing-which-repositories-to-target-in-your-organization).
 1. In the "Rules" section, select the "Require workflows to pass before merging" option.
diff --git a/content/code-security/trialing-github-advanced-security/enable-security-features-trial.md b/content/code-security/trialing-github-advanced-security/enable-security-features-trial.md
index 82859a3d915f..78c21d8933da 100644
--- a/content/code-security/trialing-github-advanced-security/enable-security-features-trial.md
+++ b/content/code-security/trialing-github-advanced-security/enable-security-features-trial.md
@@ -2,7 +2,7 @@
 title: Enabling security features in your trial enterprise
 shortTitle: Enable security features in trial
 allowTitleToDifferFromFilename: true
-intro: 'Quickly create an enterprise-level configuration and apply security features across all repositories in your trial enterprise.'
+intro: 'Quickly create an enterprise-level configuration and apply {% data variables.product.prodname_cs_and_sp %} features across all repositories in your trial enterprise.'
 type: quick_start
 permissions: '{% data reusables.permissions.security-configuration-enterprise-enable %}'
 topics:
@@ -30,7 +30,7 @@ When you planned your trial, you identified the features that you want to test a
 1. You will see that most features are already enabled. Review the features that are **Not set** and enable any that you want to trial, for example: "Automatic dependency submission."
 1. In the "Policy" area, set the "Use as default for newly created repositories" option as needed to define whether or not to apply the configuration to new repositories created in the enterprise.
 1. In the "Policy" area, notice that the "Enforce configuration" option is set to **Enforce** so that applying the configuration to a repository enforces all settings apart from any left as "Not set".
-   > [!TIP] While you are testing {% data variables.product.prodname_GHAS %}, you may want to change this to **Don't enforce** to allow you to optimize repository settings as needed without modifying security configurations.
+   > [!TIP] While you are testing {% data variables.product.prodname_AS %}, you may want to change this to **Don't enforce** to allow you to optimize repository settings as needed without modifying security configurations.
 1. When you have finished defining the configuration, click **Save configuration**.
 
 The new enterprise security configuration is now available for use at the enterprise level and also within every organization in the enterprise.
@@ -39,7 +39,7 @@ The new enterprise security configuration is now available for use at the enterp
 
 You can apply an enterprise security configuration either at the enterprise level or at the organization level. The best option for you will depend on whether or not you want to apply the configuration to all repositories in the enterprise, or to a subset of repositories.
 
-> [!NOTE] Although {% data variables.product.prodname_GHAS %} is free of charge during trials, you will be charged for any actions minutes that you use. This includes actions minutes used by the default {% data variables.product.prodname_code_scanning %} setup or by any other workflows you run.
+> [!NOTE] Although {% data variables.product.prodname_cs_and_sp %} are free of charge during trials, you will be charged for any actions minutes that you use. This includes actions minutes used by the default {% data variables.product.prodname_code_scanning %} setup or by any other workflows you run.
 
 * Enterprise-level application:
    * Add an enterprise configuration to all repositories in the enterprise, or all repositories without an existing configuration in the enterprise.
@@ -52,14 +52,14 @@ You may find it helpful to apply an enterprise security configuration to all rep
 ### Enterprise-level application
 
 1. Open your trial enterprise.
-1. In the sidebar, click **Settings** and then {% ifversion ghas-products-cloud %}**{% data variables.product.prodname_AS %}**{% else %}**Code security**{% endif %} to display the security configurations page.
+1. In the sidebar, click **Settings** and then **{% data variables.product.UI_advanced_security %}** to display the security configurations page.
 1. For the configuration you want to apply, click **Apply to** and choose whether to apply the configuration to all repositories in the enterprise or just to the repositories without an existing security configuration.
 
 ### Organization-level application
 
 1. Open an organization in your trial enterprise.
 1. Click the **Settings** tab to display the organization settings.
-1. In the sidebar, click {% ifversion ghas-products-cloud %}**{% data variables.product.prodname_AS %}**{% else %}**Code security**{% endif %} and then **Configurations** to display the security configurations page.
+1. In the sidebar, click **{% data variables.product.UI_advanced_security %}** and then **Configurations** to display the security configurations page.
 1. Optionally, select the **Apply to** dropdown menu and click either **All repositories**, to apply any configuration to all repositories in the organization, or **All repositories without configurations**, to configure just the repositories in the organization without an existing security configuration.
 1. Optionally, in the "Apply configurations" section use the "Search repositories" field or **Filter** button to filter repositories. Then select one or more repositories and use the **Apply configuration** button to choose a configuration to apply to those repositories.
 
diff --git a/content/code-security/trialing-github-advanced-security/explore-trial-code-scanning.md b/content/code-security/trialing-github-advanced-security/explore-trial-code-scanning.md
index a53b2e5ba783..1de77bcb4e5d 100644
--- a/content/code-security/trialing-github-advanced-security/explore-trial-code-scanning.md
+++ b/content/code-security/trialing-github-advanced-security/explore-trial-code-scanning.md
@@ -1,6 +1,6 @@
 ---
-title: Exploring your enterprise trial of code scanning
-shortTitle: Trial code scanning
+title: 'Exploring your enterprise trial of {% data variables.product.prodname_GH_code_security %}'
+shortTitle: 'Trial {% data variables.product.prodname_code_security %}'
 allowTitleToDifferFromFilename: true
 intro: 'Introduction to the features of code and dependency scanning available with {% data variables.product.prodname_GH_code_security %} in {% data variables.product.prodname_ghe_cloud %} so you can assess their fit to your business needs.'
 type: quick_start
@@ -15,13 +15,13 @@ This guide assumes that you have planned and started a trial of {% data variable
 
 ## Introduction
 
-{% data variables.product.prodname_code_scanning_caps %} and dependency analysis work in the same way in public repositories and in private and internal repositories with {% data variables.product.prodname_GH_code_security %} enabled. In addition, {% data variables.product.prodname_GH_code_security %} enables you to create security campaigns where security specialists and developers can collaborate to effectively reduce technical debt.
+{% data variables.product.prodname_code_scanning_caps %} and dependency analysis work in the same way in public repositories and in private and internal repositories with {% data variables.product.prodname_code_security %} enabled. In addition, {% data variables.product.prodname_code_security %} enables you to create security campaigns where security specialists and developers can collaborate to effectively reduce technical debt.
 
 This article focuses on how you can combine these features with enterprise-level controls to standardize and enforce your development process.
 
 ### Refine your security configurations
 
-In contrast to {% data variables.product.prodname_secret_scanning %}, where a single security configuration is typically applied to all repositories, you probably want to fine-tune the configuration of {% data variables.product.prodname_code_scanning %} for different types of repositories. For example, you might need to create additional configurations so that:
+In contrast to {% data variables.product.prodname_secret_protection %}, where a single security configuration is typically applied to all repositories, you probably want to fine-tune the configuration of {% data variables.product.prodname_code_scanning %} for different types of repositories. For example, you might need to create additional configurations so that:
 
 * {% data variables.product.prodname_code_scanning_caps %} uses runners with a specific label to apply to repositories that require a specialized environment or that use private registeries.
 * {% data variables.product.prodname_code_scanning_caps %} is "Not set" to apply to repositories that need to use advanced setup or that require a third-party tool.
@@ -36,7 +36,7 @@ By default, only the repository administrator and the organization owner can vie
 
 The default setup for {% data variables.product.prodname_code_scanning %} runs a set of high confidence queries. These are chosen to ensure that, when you roll out {% data variables.product.prodname_code_scanning %} across your whole codebase, developers see a limited set of high quality results, with few false positive results.
 
-You can see a summary of any results found in the organizations in your trial enterprise in the **{% ifversion ghas-products-cloud %}{% data variables.product.prodname_AS %}{% else %}Code security{% endif %}** tab for the enterprise. There are also separate views for each type of security alert, see [AUTOTITLE](/code-security/security-overview/viewing-security-insights).
+You can see a summary of any results found in the organizations in your trial enterprise in the **{% octicon "shield" aria-hidden="true" %} Security** tab for the enterprise. There are also separate views for each type of security alert. See [AUTOTITLE](/code-security/security-overview/viewing-security-insights).
 
 If you don't see the results you expect for {% data variables.product.prodname_code_scanning %}, you can update default setup to run an extended query suite for repositories where you expected to find more results. This is controlled at the repository level, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup).
 
@@ -70,7 +70,7 @@ As with all rulesets, you can control exactly which organizations (enterprise-le
 
 ### Dependency review
 
-When {% data variables.product.prodname_GH_code_security %} and dependency graph are enabled for a repository, manifest files have a rich diff view which shows a summary of the dependencies that it adds or updates. This is a useful summary for human reviewers of the pull request but does not provide any control of which dependencies are added to the codebase.
+When {% data variables.product.prodname_code_security %} and dependency graph are enabled for a repository, manifest files have a rich diff view which shows a summary of the dependencies that it adds or updates. This is a useful summary for human reviewers of the pull request but does not provide any control of which dependencies are added to the codebase.
 
 Most enterprises put automatic checks in place to block the use of dependencies with known vulnerabilities or unsupported license terms.
 
@@ -94,7 +94,7 @@ By default, users request a review from {% data variables.product.prodname_copil
 
 ## Define where {% data variables.product.prodname_copilot_autofix_short %} is allowed and enabled
 
-{% data variables.product.prodname_copilot_autofix_short %} helps developers understand and fix {% data variables.product.prodname_code_scanning %} alerts found in their pull requests. We recommend that you enable this feature for all repositories to help developers resolve alerts efficiently and increase their understanding of secure coding.
+{% data variables.product.prodname_copilot_autofix_short %} helps developers understand and fix {% data variables.product.prodname_code_scanning %} alerts found in their pull requests. We recommend that you enable this feature for all repositories with {% data variables.product.prodname_code_security %} enabled to help developers resolve alerts efficiently and increase their understanding of secure coding.
 
 There are two levels of control:
 
diff --git a/content/code-security/trialing-github-advanced-security/explore-trial-secret-scanning.md b/content/code-security/trialing-github-advanced-security/explore-trial-secret-scanning.md
index ab89573584ea..408619e554f2 100644
--- a/content/code-security/trialing-github-advanced-security/explore-trial-secret-scanning.md
+++ b/content/code-security/trialing-github-advanced-security/explore-trial-secret-scanning.md
@@ -1,8 +1,8 @@
 ---
-title: Exploring your enterprise trial of secret scanning
-shortTitle: Trial secret scanning
+title: 'Exploring your enterprise trial of {% data variables.product.prodname_GH_secret_protection %}'
+shortTitle: 'Trial {% data variables.product.prodname_secret_protection %}'
 allowTitleToDifferFromFilename: true
-intro: 'Introduction to the features of {% data variables.product.prodname_secret_scanning %} available with {% data variables.product.prodname_GH_secret_protection %} in {% data variables.product.prodname_ghe_cloud %} so you can assess their fit to your business needs.'
+intro: 'Introduction to the features available with {% data variables.product.prodname_GH_secret_protection %} in {% data variables.product.prodname_ghe_cloud %} so you can assess their fit to your business needs.'
 type: quick_start
 topics:
   - Secret Protection
@@ -11,26 +11,30 @@ versions:
   ghec: '*'
 ---
 
-This guide assumes that you have planned and started a trial of {% data variables.product.prodname_GHAS %} for an existing or trial {% data variables.product.github %} enterprise account, see [AUTOTITLE](/code-security/trialing-github-advanced-security/planning-a-trial-of-ghas).
+This guide assumes that you have planned and started a trial of {% data variables.product.prodname_GHAS %} for an existing or trial {% data variables.product.github %} enterprise account. See [AUTOTITLE](/code-security/trialing-github-advanced-security/planning-a-trial-of-ghas).
 
 ## Introduction
 
-{% data variables.product.prodname_secret_scanning_caps %} features work the same way in private and internal repositories with {% data variables.product.prodname_GH_secret_protection %} enabled as they do in all public repositories. This article focuses on the additional functionality that you can use to protect your business from security leaks when you use {% data variables.product.prodname_GH_secret_protection %}, that is:
+{% data variables.product.prodname_GH_secret_protection %} features work the same way in private and internal repositories as they do in all public repositories. This article focuses on the additional functionality that you can use to protect your business from security leaks when you use {% data variables.product.prodname_GH_secret_protection %}, that is:
 
-* Identify additional access tokens you use.
+* Identify additional access tokens you use by defining custom patterns.
 * Detect potential passwords using AI.
-* Control and audit the bypass process for push protection.
+* Control and audit the bypass process for push protection and {% data variables.secret-scanning.alerts %}.
 * Enable validity checks for exposed tokens.
 
-### Security configuration for {% data variables.product.prodname_secret_scanning %}
+If you have already scanned the code in your organization for leaked secrets using the free secret risk assessment, you will also want to explore that data more completely using the additional views on the **{% octicon "shield" aria-hidden="true" %} Security** tab for the organization.
 
-Most enterprises choose to enable {% data variables.product.prodname_secret_scanning %} and push protection across all their repositories by applying security configurations with these features enabled. This ensures that repositories are checked for access tokens that have already been added to {% data variables.product.github %}, in addition to flagging when users are about to leak tokens in {% data variables.product.github %}. For information about creating an enterprise-level security configuration and applying it to your test repositories, see [AUTOTITLE](/code-security/trialing-github-advanced-security/enable-security-features-trial).
+For full details of the features available, see [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security#github-secret-protection).
+
+### Security configuration for {% data variables.product.prodname_secret_protection %}
+
+Most enterprises choose to enable {% data variables.product.prodname_secret_protection %} with push protection across all their repositories by applying security configurations with these features enabled. This ensures that repositories are checked for access tokens that have already been added to {% data variables.product.github %}, in addition to flagging when users are about to leak tokens in {% data variables.product.github %}. For information about creating an enterprise-level security configuration and applying it to your test repositories, see [AUTOTITLE](/code-security/trialing-github-advanced-security/enable-security-features-trial).
 
 ### Provide access to view the results of {% data variables.product.prodname_secret_scanning %}
 
 By default, only the repository administrator and the organization owner can view all {% data variables.product.prodname_secret_scanning %} alerts in their area. You should assign the predefined security manager role to all organization teams and users who you want to access the alerts found during the trial. You may also want to give the enterprise account owner this role for each organization in the trial. For more information, see [AUTOTITLE](/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization).
 
-You can see a summary of any results found in the organizations in your trial enterprise in the **{% ifversion ghas-products-cloud %}{% data variables.product.prodname_AS %}{% else %}Code security{% endif %}** tab for the enterprise. There are also separate views for each type of security alert, see [AUTOTITLE](/code-security/security-overview/viewing-security-insights).
+You can see a summary of any results found in the organizations in your trial enterprise in the **{% octicon "shield" aria-hidden="true" %} Security** tab for the enterprise. There are also separate views for each type of security alert. See [AUTOTITLE](/code-security/security-overview/viewing-security-insights).
 
 ## Identify additional access tokens
 
@@ -52,7 +56,9 @@ Similar to custom patterns, if you enable AI detection both {% data variables.pr
 
 When push protection blocks a push to {% data variables.product.github %} in a public repository without {% data variables.product.prodname_GH_secret_protection %}, the user has two simple options: bypass the control, or remove the highlighted content from the branch and its history. If they chose to bypass push protection, a {% data variables.product.prodname_secret_scanning %} alert is automatically created. This allows developers to rapidly unblock their work while still providing an audit trail for the content identified by {% data variables.product.prodname_secret_scanning %}.
 
-Larger teams usually want to maintain tighter control over the potential publication of access tokens and other secrets. With {% data variables.product.prodname_GH_secret_protection %}, you can define a reviewers group to approve requests to bypass push protection, reducing the risk of a developer accidentally leaking a token that is still active. Reviewers are defined in an organization-level security configuration or in the settings for a repository. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection).
+Larger teams usually want to maintain tighter control over the potential publication of access tokens and other secrets. With {% data variables.product.prodname_GH_secret_protection %}, you can define a reviewers group to approve requests to bypass push protection, reducing the risk of a developer accidentally leaking a token that is still active. You can also define a reviewers group to approve requests to dismiss {% data variables.secret-scanning.alerts %}.
+
+Reviewers are defined in an organization-level security configuration or in the settings for a repository. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection).
 
 ## Enable validity checks
 
@@ -60,10 +66,7 @@ You can enable validity checks to check whether detected tokens are still active
 
 ## Next steps
 
-When you have enabled the additional controls for {% data variables.product.prodname_secret_scanning %} available with {% data variables.product.prodname_GH_secret_protection %}, you're ready to test them against your business needs, and explore further. You may also be ready to look into trialing {% data variables.product.prodname_code_scanning %}.
+When you have enabled the additional controls for {% data variables.product.prodname_secret_protection %}, you're ready to test them against your business needs, and explore further. You may also be ready to look into exploring the options available with {% data variables.product.prodname_GH_code_security %}.
 
 * [AUTOTITLE](/code-security/trialing-github-advanced-security/explore-trial-code-scanning)
-
-## Further reading
-
 * [Enforce {% data variables.product.prodname_GHAS %} at Scale](https://wellarchitected.github.com/library/application-security/recommendations/enforce-ghas-at-scale/)
diff --git a/content/code-security/trialing-github-advanced-security/index.md b/content/code-security/trialing-github-advanced-security/index.md
index 65d173f263e1..3ac36aa0dff3 100644
--- a/content/code-security/trialing-github-advanced-security/index.md
+++ b/content/code-security/trialing-github-advanced-security/index.md
@@ -1,7 +1,7 @@
 ---
 title: Trialing {% data variables.product.prodname_GHAS %}
 shortTitle: Trial {% data variables.product.prodname_GHAS %}
-intro: 'Learn how to get the most out of your trial of {% data variables.product.prodname_GHAS %}.'
+intro: 'Determine how you can meet your security goals using {% data variables.product.prodname_GH_cs_and_sp %}.'
 product: '{% data reusables.gated-features.ghas-ghec %}'
 versions:
   fpt: '*'
diff --git a/content/code-security/trialing-github-advanced-security/planning-a-trial-of-ghas.md b/content/code-security/trialing-github-advanced-security/planning-a-trial-of-ghas.md
index 432b424f277a..1c8c2a4b30ad 100644
--- a/content/code-security/trialing-github-advanced-security/planning-a-trial-of-ghas.md
+++ b/content/code-security/trialing-github-advanced-security/planning-a-trial-of-ghas.md
@@ -2,7 +2,7 @@
 title: 'Planning a trial of {% data variables.product.prodname_GHAS %}'
 shortTitle: 'Plan GHAS trial'
 allowTitleToDifferFromFilename: true
-intro: 'Ensure that your trial gives you the answers you need to make a decision on whether or not {% data variables.product.prodname_GHAS %} products meet your business needs.'
+intro: 'Make the most of your trial so you can decide whether {% data variables.product.prodname_AS %} products meet your business needs.'
 type: overview
 topics:
   - Code Security
@@ -20,25 +20,33 @@ You can trial {% data variables.product.prodname_GHAS %} independently, or worki
 
 ### Existing {% data variables.product.prodname_ghe_cloud %} users
 
-{% data reusables.advanced-security.ghas-trial-availability %} For more information, see [AUTOTITLE](/enterprise-cloud@latest/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security#setting-up-your-trial-of-github-advanced-security){% ifversion fpt %} in the {% data variables.product.prodname_ghe_cloud %} documentation{% endif %}.
+{% data reusables.advanced-security.ghas-trial-availability %} For more information, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/setting-up-a-trial-of-github-advanced-security#setting-up-your-trial-of-github-advanced-security).
 
 {% data reusables.advanced-security.ghas-trial-invoiced %}
 
 ### Users on other GitHub plans
 
-You can trial {% data variables.product.prodname_GHAS %} as part of a trial of {% data variables.product.prodname_ghe_cloud %}. For more information, see [AUTOTITLE](/admin/overview/setting-up-a-trial-of-github-enterprise-cloud){% ifversion fpt %} in the {% data variables.product.prodname_ghe_cloud %} documentation{% endif %}.
+You can trial {% data variables.product.prodname_GHAS %} as part of a trial of {% data variables.product.prodname_ghe_cloud %}. For more information, see [AUTOTITLE](/enterprise-cloud@latest/admin/overview/setting-up-a-trial-of-github-enterprise-cloud){% ifversion fpt %} in the {% data variables.product.prodname_ghe_cloud %} documentation{% endif %}.
 
 ### When the trial ends
 
-You can end your trial at any time by purchasing {% data variables.product.prodname_GHAS_cs_or_sp %}. If you don't already use {% ifversion ghas-products-cloud %}{% data variables.product.prodname_team %} or {% endif %}{% data variables.product.prodname_enterprise %} you will need to upgrade your plan. Alternatively, you can cancel the trial at any time. For more information, see [What happens when the trial ends?](/enterprise-cloud@latest/admin/overview/setting-up-a-trial-of-github-enterprise-cloud#what-happens-when-the-trial-ends){% ifversion fpt %} in the {% data variables.product.prodname_ghe_cloud %} documentation{% endif %}.
+{% ifversion fpt %}
 
-{% data reusables.advanced-security.ghas-products-tip %}
+If you don't already use {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %}, you will need to upgrade your plan to continue using {% data variables.product.prodname_GH_cs_or_sp %} in private repositories when the trial ends.
+
+{% data variables.product.prodname_GH_cs_and_sp %} are billed by usage of unique committers to repositories with {% data variables.product.prodname_cs_or_sp %} enabled. For more information, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
+
+{% elsif ghec %}
+
+You can end your trial at any time by purchasing {% data variables.product.prodname_GH_cs_or_sp %}. If you don't already use {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %}, you will need to upgrade your plan. Alternatively, you can cancel the trial at any time.
+
+{% endif %}
 
 ## Define your company goals
 
-Before you start a trial of {% data variables.product.prodname_GHAS %}, you should define the purpose of the trial and identify the key questions you need to answer. Maintaining a strong focus on these goals will enable you to plan a trial that maximizes discovery and ensures that you have the information needed to decide whether or not to upgrade.
+Before you start a trial, you should define the purpose of the trial and identify the key questions you need to answer. Maintaining a strong focus on these goals will enable you to plan a trial that maximizes discovery and ensures that you have the information needed to decide whether or not to upgrade.
 
-If your company already uses {% data variables.product.github %}, consider what needs are currently unmet that {% data variables.product.prodname_GHAS %} might address. You should also consider your current application security posture and longer term aims. For inspiration, see [Design Principles for Application security](https://wellarchitected.github.com/library/application-security/design-principles/) in the {% data variables.product.github %} well-architected documentation.
+If your company already uses {% data variables.product.github %}, consider what needs are currently unmet that {% data variables.product.prodname_cs_or_sp %} might address. You should also consider your current application security posture and longer term aims. For inspiration, see [Design Principles for Application security](https://wellarchitected.github.com/library/application-security/design-principles/) in the {% data variables.product.github %} well-architected documentation.
 
 {% rowheaders %}
 
@@ -62,9 +70,13 @@ You may also find it helpful to identify a champion for each company need that y
 
 ## Determine whether preliminary research is needed
 
-If members of your trial team have not yet used the core features of {% data variables.product.prodname_GHAS %}, it may be helpful to add an experimentation phase in public repositories before you start a trial. Many of the primary features of {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %} can be used on public repositories. Having a good understanding of the core features will allow you to focus your trial period on private repositories, and exploring the additional features and control available with {% data variables.product.prodname_GHAS %}.
+If members of your trial team have not yet used the core features of {% data variables.product.prodname_GHAS %}, it may be helpful to add an experimentation phase in public repositories before you start a trial. Many of the primary features of {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %} can be used on public repositories. Having a good understanding of the core features will allow you to focus your trial period on private repositories, and exploring the additional features and control available with {% data variables.product.prodname_cs_and_sp %}.
+
+For more information, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning), [AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning), and [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security).
+
+{% ifversion secret-risk-assessment %}
 
-For more information, see [AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning), [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security), and [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning).
+Organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %} can run a free report to scan the code in their organization for leaked secrets. This can help you understand the current exposure of the repositories in your organization to leaked secrets, as well as see how many existing secret leaks could have been prevented by {% data variables.product.prodname_secret_protection %}. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment).{% endif %}
 
 ## Agree the organizations and repositories to test
 
diff --git a/content/contributing/style-guide-and-content-model/style-guide.md b/content/contributing/style-guide-and-content-model/style-guide.md
index 601dd4ce6eda..bdd735ade28f 100644
--- a/content/contributing/style-guide-and-content-model/style-guide.md
+++ b/content/contributing/style-guide-and-content-model/style-guide.md
@@ -948,7 +948,7 @@ Always use "dev container" (or, where clarification is needed, its longer form "
 
 Use "development container configuration files" to refer to all of the files in the `.devcontainer` directory (plus the `.devcontainer.json` if that's being used rather than `devcontainer.json` in the `.devcontainer` directory). Don't refer to these as "development container files" or "devcontainer files" to avoid this being taken as referring to `devcontainer.json` files. "Development container configuration files" refers to all of the files that can be used to configure a dev container, including `Dockerfile` and `docker-compose.yml` files. Don't use "the development container configuration file" (singular) when referring specifically to a `devcontainer.json` file. Instead refer to this file by its name.
 
-### {% data variables.product.prodname_GHAS %}{% ifversion ghas-products-cloud %} products{% endif %} (GHAS)
+### {% data variables.product.prodname_GHAS %} products (GHAS)
 
 Use the terms `licenses` and `active committers` when you refer to {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %}, {% data variables.product.prodname_GH_code_security %}, or {% data variables.product.prodname_GH_secret_protection %}{% endif %} billing.
 
diff --git a/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-github-copilot-pro-subscription/about-billing-for-copilot-pro.md b/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-github-copilot-pro-subscription/about-billing-for-copilot-pro.md
index 38cf44646341..7cdc6d1559d0 100644
--- a/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-github-copilot-pro-subscription/about-billing-for-copilot-pro.md
+++ b/content/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-github-copilot-pro-subscription/about-billing-for-copilot-pro.md
@@ -20,10 +20,10 @@ The {% data variables.product.prodname_copilot_pro %} subscription is available
 
 You can change to a monthly or yearly billing cycle at any time. The change will take effect from the start of your next billing cycle.
 
-{% ifversion billing-auth-and-capture %}
-
 {% data reusables.billing.authorization-charge %}
 
+{% ifversion billing-auth-and-capture %}
+
 > [!NOTE] If you are an eligible student, teacher, or open-source maintainer, you can access {% data variables.product.prodname_copilot_pro %} for free. See [AUTOTITLE](/copilot/managing-copilot/managing-copilot-as-an-individual-subscriber/managing-your-copilot-subscription/getting-free-access-to-copilot-as-a-student-teacher-or-maintainer).
 
 {% endif %}
diff --git a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-the-copilot-subscription-for-your-enterprise/about-billing-for-github-copilot-in-your-enterprise.md b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-the-copilot-subscription-for-your-enterprise/about-billing-for-github-copilot-in-your-enterprise.md
index 30eb4a73af24..bdcb22000a21 100644
--- a/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-the-copilot-subscription-for-your-enterprise/about-billing-for-github-copilot-in-your-enterprise.md
+++ b/content/copilot/managing-copilot/managing-copilot-for-your-enterprise/managing-the-copilot-subscription-for-your-enterprise/about-billing-for-github-copilot-in-your-enterprise.md
@@ -30,12 +30,8 @@ Billed users are calculated at the end of each billing cycle, based on the numbe
 
 Your enterprise will be charged on whichever payment method you’ve set up for the enterprise account, such as a credit card or a Microsoft Azure subscription.
 
-{% ifversion billing-auth-and-capture %}
-
 {% data reusables.billing.authorization-charge %}
 
-{% endif %}
-
 > [!NOTE] {% data variables.product.prodname_copilot %} billing operates in Coordinated Universal Time (UTC), but it calculates your bill according to the timezone of your billing cycle. For example, if you're billed through Azure and your current billing cycle ends at 11:59 PM EST on December 1st, canceling a seat at 7:00 PM EST on December 1st might show the seat cancellation at 12:00 AM UTC on December 2nd. However, the seat would end within the billing cycle that you requested the cancellation, and you would not pay for that seat in the following cycle.
 
 ### About seat assignment for {% data variables.product.prodname_copilot_short %} in your enterprise
diff --git a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-the-copilot-subscription-for-your-organization/about-billing-for-github-copilot-in-your-organization.md b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-the-copilot-subscription-for-your-organization/about-billing-for-github-copilot-in-your-organization.md
index f94e080e8662..efc4836055ae 100644
--- a/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-the-copilot-subscription-for-your-organization/about-billing-for-github-copilot-in-your-organization.md
+++ b/content/copilot/managing-copilot/managing-github-copilot-in-your-organization/managing-the-copilot-subscription-for-your-organization/about-billing-for-github-copilot-in-your-organization.md
@@ -24,12 +24,8 @@ Billed users are calculated at the end of each billing cycle, based on the numbe
 
 If your organization belongs to an enterprise, your enterprise will be charged on whichever payment method you’ve set up for the organization account, such as a credit card or a Microsoft Azure subscription.
 
-{% ifversion billing-auth-and-capture %}
-
 {% data reusables.billing.authorization-charge %}
 
-{% endif %}
-
 > [!NOTE] {% data variables.product.prodname_copilot %} billing operates in Coordinated Universal Time (UTC), but it calculates your bill according to the timezone of your billing cycle. For example, if you're billed through Azure and your current billing cycle ends at 11:59 PM EST on December 1st, canceling a seat at 7:00 PM EST on December 1st might show the seat cancellation at 12:00 AM UTC on December 2nd. However, the seat would end within the billing cycle that you requested the cancellation, and you would not pay for that seat in the following cycle.
 
 ### About seat assignment for {% data variables.product.prodname_copilot_short %} in your organization
diff --git a/content/copilot/using-github-copilot/using-github-copilot-for-pull-requests/using-copilot-to-help-you-work-on-a-pull-request.md b/content/copilot/using-github-copilot/using-github-copilot-for-pull-requests/using-copilot-to-help-you-work-on-a-pull-request.md
index 93b18b11766f..b7fe953b46da 100644
--- a/content/copilot/using-github-copilot/using-github-copilot-for-pull-requests/using-copilot-to-help-you-work-on-a-pull-request.md
+++ b/content/copilot/using-github-copilot/using-github-copilot-for-pull-requests/using-copilot-to-help-you-work-on-a-pull-request.md
@@ -41,7 +41,7 @@ After you create a pull request, you can continue working on the PR on the {% da
 Using {% data variables.product.prodname_copilot_workspace %} requires an existing pull request on the {% data variables.product.github %} website and either of the following:
 
 * Access to this {% data variables.release-phases.public_preview %} from the waitlist (now closed).
-* Access to {% data variables.product.prodname_GHAS %} (GHAS) features on a private repository owned by an organization on a {% ifversion ghas-products-cloud %}{% data variables.product.prodname_team %} or {% endif %}{% data variables.product.prodname_enterprise %} plan. See [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
+* Access to {% data variables.product.prodname_GHAS %} (GHAS) features on a private repository owned by an organization on a {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %} plan. See [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
 
 Without access to {% data variables.product.prodname_copilot_workspace %} you can still edit the files in pull requests by going to the **Files changed** tab, clicking the ellipsis (**...**) next to the file you want to edit, and then clicking **Edit file**.
 
diff --git a/content/get-started/learning-about-github/about-github-advanced-security.md b/content/get-started/learning-about-github/about-github-advanced-security.md
index 6aaca3b727fa..fa29138f8ed7 100644
--- a/content/get-started/learning-about-github/about-github-advanced-security.md
+++ b/content/get-started/learning-about-github/about-github-advanced-security.md
@@ -1,6 +1,6 @@
 ---
 title: About GitHub Advanced Security
-intro: '{% data variables.product.prodname_dotcom %} makes extra security features available to customers under an {% data variables.product.prodname_advanced_security %} license.{% ifversion fpt or ghec %} These features are also enabled for public repositories.{% endif %}'
+intro: '{% data variables.product.github %} makes extra security features available to customers {% ifversion ghas-products %}who purchase {% data variables.product.prodname_GH_code_security %} or {% data variables.product.prodname_GH_secret_protection %}{% else %}under a {% data variables.product.prodname_GHAS %} license{% endif %}.{% ifversion fpt or ghec %} Some features are enabled for public repositories by default.{% endif %}'
 product: '{% data reusables.gated-features.ghas-ghec %}'
 versions:
   fpt: '*'
@@ -14,101 +14,165 @@ redirect_from:
 shortTitle: GitHub Advanced Security
 ---
 
-## About {% data variables.product.prodname_GH_advanced_security %}
+## About {% data variables.product.prodname_GHAS %} {% ifversion ghas-products %}products{% endif %}
 
-{% data variables.product.prodname_dotcom %} has many features that help you improve and maintain the quality of your code. Some of these are included in all plans, such as dependency graph and {% data variables.product.prodname_dependabot_alerts %}. Other security features require a {% data variables.product.prodname_GH_advanced_security %} (GHAS){% ifversion fpt or ghec %} license to run on repositories apart from public repositories on {% data variables.product.prodname_dotcom_the_website %}{% endif %}.
+{% data variables.product.github %} has many features that help you improve and maintain the quality of your code. Some of these are included in all plans, such as dependency graph and {% data variables.product.prodname_dependabot_alerts %}.
 
-{% data reusables.advanced-security.ghas-trial %}
+{% ifversion ghas-products %}
 
-{% ifversion ghes %}For information about buying a license for {% data variables.product.prodname_GH_advanced_security %}, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).{% elsif ghec %}For information about buying a license for {% data variables.product.prodname_GH_advanced_security %}, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/signing-up-for-github-advanced-security).{% elsif fpt %}To purchase a {% data variables.product.prodname_GH_advanced_security %} license, you must be using {% data variables.product.prodname_enterprise %}. For information about upgrading to {% data variables.product.prodname_enterprise %} with {% data variables.product.prodname_GH_advanced_security %}, see [AUTOTITLE](/get-started/learning-about-github/githubs-plans) and [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).{% endif %}
+Other security features require you to purchase one of {% data variables.product.github %}'s {% data variables.product.prodname_AS %} products:
 
-> [!NOTE]
-> If you want to use {% data variables.product.prodname_GH_advanced_security %} with Azure Repos, see [{% data variables.product.prodname_GH_advanced_security %} & Azure DevOps](https://resources.github.com/topics/github-advanced-security/) in our resources site. For documentation, see [Configure {% data variables.product.prodname_ghas_azdo %}](https://learn.microsoft.com/en-us/azure/devops/repos/security/configure-github-advanced-security-features) in Microsoft Learn.
+{% data reusables.advanced-security.ghas-products-bullets %}
 
-## About {% data variables.product.prodname_advanced_security %} features
+{% ifversion fpt or ghec %}Some of these features, such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}, are enabled for public repositories by default. To run the feature on your private or internal repositories, you must purchase the relevant {% data variables.product.prodname_GHAS %} product.{% endif %}
 
-A {% data variables.product.prodname_GH_advanced_security %} license provides the following additional features{% ifversion fpt %} for private repositories:{% else %}:{% endif %}
+You must be on a {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %} plan in order to purchase {% data variables.product.prodname_GH_code_security %} or {% data variables.product.prodname_GH_secret_protection %}. For more information, see [AUTOTITLE](/get-started/learning-about-github/githubs-plans) and [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
 
-* **{% data variables.product.prodname_code_scanning_caps %}** - Search for potential security vulnerabilities and coding errors in your code using {% data variables.product.prodname_codeql %} or a third-party tool. See [AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning) and [AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql).
+{% else %}
 
-* **{% data variables.product.prodname_codeql_cli %}** - Run {% data variables.product.prodname_codeql %} processes locally on software projects or to generate {% data variables.product.prodname_code_scanning %} results for upload to {% data variables.product.github %}. See [AUTOTITLE](/code-security/codeql-cli/getting-started-with-the-codeql-cli/about-the-codeql-cli).
+Other security features require a {% data variables.product.prodname_GH_advanced_security %} (GHAS) license. For information about buying a license for {% data variables.product.prodname_GHAS %}, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
 
-* **{% data variables.product.prodname_secret_scanning_caps %}** - Detect secrets, for example keys and tokens, that have been checked into {% ifversion fpt %}private repositories{% else %} the repository{% endif %}. If push protection is enabled, {% data variables.product.prodname_dotcom %} also detects secrets when they are pushed to your repository. {% ifversion secret-scanning-enable-by-default-for-public-repos %}{% data variables.secret-scanning.user_alerts_caps %} and push protection are available and free of charge for all {% ifversion ghec %}user-owned {% endif %}public repositories on {% data variables.product.prodname_dotcom_the_website %}.{% endif %} See [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning) and [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).
+{% endif %}
 
-* **{% data variables.dependabot.custom_rules_caps %}** - {% data reusables.dependabot.dependabot-custom-rules-ghas %}
+{% ifversion ghas-products %}
 
-* **Dependency review** - Show the full impact of changes to dependencies and see details of any vulnerable versions before you merge a pull request. See [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).
+## {% data variables.product.prodname_GH_code_security %}
 
-{% ifversion copilot-chat-ghas-alerts %}
+You get the following features with {% data variables.product.prodname_GH_code_security %}:
 
-With a {% data variables.product.prodname_copilot_enterprise %} license, you can also ask {% data variables.product.prodname_copilot_chat %} for help to better understand security alerts in repositories in your organization ({% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_secret_scanning %}, and {% data variables.product.prodname_dependabot_alerts %}. See [AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-questions-about-alerts-from-github-advanced-security-features).
+* **{% data variables.product.prodname_code_scanning_caps %}**: Search for potential security vulnerabilities and coding errors in your code using {% data variables.product.prodname_codeql %} or a third-party tool.
 
-{% endif %}
+* **{% data variables.product.prodname_codeql_cli %}**: Run {% data variables.product.prodname_codeql %} processes locally on software projects or to generate {% data variables.product.prodname_code_scanning %} results for upload to {% data variables.product.github %}.{% ifversion code-scanning-autofix %}
+
+* **{% data variables.product.prodname_copilot_autofix_short %}**: Get automatically generated fixes for {% data variables.product.prodname_code_scanning %} alerts.{% endif %}{% ifversion security-campaigns %}
+
+* **Security campaigns**: Reduce security debt at scale.{% endif %}
+
+* **{% data variables.dependabot.custom_rules_caps %} for {% data variables.product.prodname_dependabot %}**: Manage your {% data variables.product.prodname_dependabot_alerts %} at scale, by automating which alerts you want to ignore, snooze, or trigger a {% data variables.product.prodname_dependabot %} security update for.
+
+* **Dependency review**: Show the full impact of changes to dependencies and see details of any vulnerable versions before you merge a pull request.
+
+* **Security overview**: Understand the distribution of risk across your organization.
 
 {% ifversion fpt or ghec %}
-The table below summarizes the availability of {% data variables.product.prodname_GH_advanced_security %} features for public and private repositories.
+
+The table below summarizes the availability of {% data variables.product.prodname_GH_code_security %} features for public and private repositories.
 
 {% rowheaders %}
 
-| | Public repository | Private repository <br>without {% data variables.product.prodname_advanced_security %} | Private repository <br>with {% data variables.product.prodname_advanced_security %} |
+| | Public repository <br>without {% data variables.product.prodname_GH_secret_protection %} | Private repository <br>without {% data variables.product.prodname_GH_code_security %} | Public or private repository <br>with {% data variables.product.prodname_GH_code_security %} |
 | --- | --- | --- | --- |
-| Code scanning     | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+| {% data variables.product.prodname_code_scanning_caps %} | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
 | {% data variables.product.prodname_codeql_cli %} | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+|{% ifversion code-scanning-autofix %}|
+| {% data variables.product.prodname_copilot_autofix_short %} | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+|{% endif %}|
+|{% ifversion security-campaigns %}|
+| Security campaigns | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+|{% endif %}|
+| {% data variables.dependabot.custom_rules_caps %} | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+| Dependency review | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+| Security overview | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+{% endrowheaders %}
+
+{% endif %}
+
+For more information about features, see [AUTOTITLE](/code-security/getting-started/github-security-features).
+
+## {% data variables.product.prodname_GH_secret_protection %}
+
+You get the following features with {% data variables.product.prodname_GH_secret_protection %}:
+
+{% data reusables.secret-protection.product-list %}
+
+{% ifversion ghas-products-cloud %}
+
+The table below summarizes the availability of {% data variables.product.prodname_GH_secret_protection %} features for public and private repositories.
+
+{% rowheaders %}
+
+| | Public repository <br>without {% data variables.product.prodname_GH_secret_protection %} | Private repository <br>without {% data variables.product.prodname_GH_secret_protection %} | Public or private repository <br>with {% data variables.product.prodname_GH_secret_protection %} |
+| --- | --- | --- | --- |
 | Secret scanning   | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
-| {% data variables.dependabot.custom_rules_caps %} | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
-| Dependency review | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+| Push protection   | {% octicon "check" aria-label="Yes" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+|{% ifversion secret-scanning-ai-generic-secret-detection %}|
+| Copilot secret scanning  | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+|{% endif %}|
+| Custom patterns   | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+|{% ifversion push-protection-delegated-bypass %}|
+| Delegated bypass for push protection    | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
+|{% endif %}|
+| Security overview   | {% octicon "x" aria-label="No" %} | {% octicon "x" aria-label="No" %} | {% octicon "check" aria-label="Yes" %} |
 
 {% endrowheaders %}
 
 {% endif %}
 
-For information about {% data variables.product.prodname_advanced_security %} features that are in development, see [{% data variables.product.prodname_dotcom %} public roadmap](https://github.com/github/roadmap). For an overview of all security features, see [AUTOTITLE](/code-security/getting-started/github-security-features).
+For more information about individual features, see [AUTOTITLE](/code-security/getting-started/github-security-features).
+
+{% else %}
+
+## About {% data variables.product.prodname_GHAS %} features
+
+A {% data variables.product.prodname_GH_advanced_security %} license provides the following additional features:
+
+* **{% data variables.product.prodname_code_scanning_caps %}** - Search for potential security vulnerabilities and coding errors in your code using {% data variables.product.prodname_codeql %} or a third-party tool. See [AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning) and [AUTOTITLE](/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning-with-codeql).
+
+* **{% data variables.product.prodname_codeql_cli %}** - Run {% data variables.product.prodname_codeql %} processes locally on software projects or to generate {% data variables.product.prodname_code_scanning %} results for upload to {% data variables.product.github %}. See [AUTOTITLE](/code-security/codeql-cli/getting-started-with-the-codeql-cli/about-the-codeql-cli).
+
+* **{% data variables.product.prodname_secret_scanning_caps %}** - Detect secrets, for example keys and tokens, that have been checked into {% ifversion fpt %}private repositories{% else %} the repository{% endif %}. If push protection is enabled, {% data variables.product.prodname_dotcom %} also detects secrets when they are pushed to your repository. {% ifversion secret-scanning-enable-by-default-for-public-repos %}{% data variables.secret-scanning.user_alerts_caps %} and push protection are available and free of charge for all {% ifversion ghec %}user-owned {% endif %}public repositories on {% data variables.product.prodname_dotcom_the_website %}.{% endif %} See [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning) and [AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection).
+
+* **{% data variables.dependabot.custom_rules_caps %}** - {% data reusables.dependabot.dependabot-custom-rules-ghas %}
+
+* **Dependency review** - Show the full impact of changes to dependencies and see details of any vulnerable versions before you merge a pull request. See [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).
 
-{% ifversion fpt or ghec %}
-{% data variables.product.prodname_GH_advanced_security %} features are enabled for all public repositories on {% data variables.product.prodname_dotcom_the_website %}. Organizations that use {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_advanced_security %} can additionally enable these features for private and internal repositories. {% ifversion fpt %}See the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/get-started/learning-about-github/about-github-advanced-security#enabling-advanced-security-features).{% endif %}
 {% endif %}
 
-{% ifversion ghes or ghec %}
+{% ifversion ghas-products %}{% ifversion secret-risk-assessment %}
 
-## Deploying GitHub Advanced Security in your enterprise
+## Run an assessment of your organization's exposure to secret leaks
 
-To learn about what you need to know to plan your {% data variables.product.prodname_GH_advanced_security %} deployment at a high level and to review the rollout phases we recommended, see [AUTOTITLE](/code-security/adopting-github-advanced-security-at-scale).
+Organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %} can run a free report to scan the code in the organization for leaked secrets. This can help you understand the current exposure of repositories in your organization to leaked secrets, as well as help you see how many existing secret leaks could have been prevented by {% data variables.product.prodname_GH_secret_protection %}. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment).{% endif %}{% else %}{% endif %}
 
-## Enabling {% data variables.product.prodname_advanced_security %} features
+## Deploying {% ifversion ghas-products %}{% data variables.product.prodname_GH_code_security %} and {% data variables.product.prodname_GH_secret_protection %}{% else %}{% data variables.product.prodname_GHAS %} in your enterprise{% endif %}
 
-{% ifversion security-configurations %}
-{% data reusables.security-configurations.enable-security-features-with-gh-config %}
+To learn about what you need to know to plan your deployment of {% ifversion ghas-products %}{% data variables.product.prodname_GH_code_security %} and {% data variables.product.prodname_GH_secret_protection %}{% else %}{% data variables.product.prodname_GHAS %}{% endif %} at a high level and to review the rollout phases we recommended, see [AUTOTITLE](/code-security/adopting-github-advanced-security-at-scale).
+
+## Enabling features
 
+{% ifversion ghes %}
+A site administrator must enable {% data variables.product.prodname_AS %} for {% data variables.location.product_location %} before you can use these features. See [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise).
 {% endif %}
-{%- ifversion ghes %}
-The site administrator must enable {% data variables.product.prodname_advanced_security %} for {% data variables.location.product_location %} before you can use these features. See [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise).
 
-Once your system is set up, you can enable and disable these features at the organization or repository level.
+{% ifversion security-configurations %}
+{% data reusables.security-configurations.enable-security-features-with-gh-config %}
+{% endif %}
 
-{%- elsif ghec %}
-For public repositories these features are permanently on and can only be disabled if you change the visibility of the project so that the code is no longer public.
+{% ifversion security-configurations %}{% else %}Once your system is set up, you can enable and disable these features at the organization or repository level. See [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization) and [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository).{% endif %}
 
-For other repositories, once you have a license for your enterprise account, you can enable and disable these features at the organization or repository level.
+If you are on a {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %} plan, license use for the entire team or  enterprise is shown on your license page. See [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage).
 
-{%- endif %}
-See [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization) and [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository).
+{% ifversion copilot-chat-ghas-alerts %}
 
-If you have an enterprise account, license use for the entire enterprise is shown on your enterprise license page. See [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage).
+## Leveraging {% data variables.product.prodname_copilot_chat %} to understand security alerts
 
+Additionally, with a {% data variables.product.prodname_copilot_enterprise %} license, you can ask {% data variables.product.prodname_copilot_chat %} for help to better understand security alerts in repositories in your organization ({% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_secret_scanning %}, and {% data variables.product.prodname_dependabot_alerts %}). See [AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-questions-about-alerts-from-github-advanced-security-features).
 {% endif %}
 
 {% ifversion github-certification %}
 
-## About {% data variables.product.prodname_GH_advanced_security %} Certification
+## About {% data variables.product.prodname_GHAS %} Certification
 
-You can highlight your knowledge by earning a {% data variables.product.prodname_GH_advanced_security %} certificate with {% data variables.product.prodname_certifications %}. The certification validates your expertise in vulnerability identification, workflow security, and robust security implementation. See [AUTOTITLE](/get-started/showcase-your-expertise-with-github-certifications/about-github-certifications).
+You can highlight your knowledge by earning a {% data variables.product.prodname_GHAS %} certificate with {% data variables.product.prodname_certifications %}. The certification validates your expertise in vulnerability identification, workflow security, and robust security implementation. See [AUTOTITLE](/get-started/showcase-your-expertise-with-github-certifications/about-github-certifications).
 
 {% endif %}
 
-{% ifversion ghec or ghes %}
+## About {% data variables.product.prodname_GHAS %} with Azure Repos
 
-## Further reading
+If you want to use {% data variables.product.prodname_GHAS %} with Azure Repos, see [{% data variables.product.prodname_GHAS %} & Azure DevOps](https://resources.github.com/topics/github-advanced-security/) in our resources site. For documentation, see [Configure {% data variables.product.prodname_ghas_azdo %}](https://learn.microsoft.com/en-us/azure/devops/repos/security/configure-github-advanced-security-features) in Microsoft Learn.
 
-* [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise)
+## Further reading
 
-{% endif %}
+* [AUTOTITLE](/code-security/getting-started/github-security-features)
+* [{% data variables.product.github %} public roadmap](https://github.com/github/roadmap){%- ifversion ghec or ghes %}
+* [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise){% endif %}
diff --git a/content/get-started/learning-to-code/index.md b/content/get-started/learning-to-code/index.md
index 13595675bf52..75d48adb5ef6 100644
--- a/content/get-started/learning-to-code/index.md
+++ b/content/get-started/learning-to-code/index.md
@@ -8,5 +8,6 @@ children:
   - /finding-and-understanding-example-code
   - /reusing-other-peoples-code-in-your-projects
   - /learning-to-debug-with-github-copilot
+  - /storing-your-secrets-safely
 shortTitle: Learn to code
 ---
diff --git a/content/get-started/learning-to-code/storing-your-secrets-safely.md b/content/get-started/learning-to-code/storing-your-secrets-safely.md
new file mode 100644
index 000000000000..08a43767fa0e
--- /dev/null
+++ b/content/get-started/learning-to-code/storing-your-secrets-safely.md
@@ -0,0 +1,168 @@
+---
+title: Storing your secrets safely
+shortTitle: Storing secrets safely
+intro: "Learn about secrets in software development and how you can manage them safely."
+versions:
+  fpt: '*'
+topics:
+  - GitHub
+---
+
+## What is a secret?
+
+In software development, a secret is a piece of sensitive information that is used to authenticate or authorize access to systems, services, data, and APIs. Examples include:
+
+* **API keys** and **access tokens** that allow you to interact with external services such as {% data variables.product.github %}'s REST API. Access tokens also allow services, such as {% data variables.product.prodname_actions %}, to perform tasks that need authentication, as we will experiment with later.
+* **Database credentials** that grant access to local and external databases and storage.
+* **Private keys**, such as private SSH and PGP keys, that can be used to access other servers and encrypt data.
+
+Since secrets provide so much access, including to critical systems, we can understand why it's so important to keep your **secrets secure**.
+
+### What can happen when a secret is exposed?
+
+* Attackers can gain **unauthorized access** to everything the secret allows access to.
+* Hackers can **steal data**, including sensitive user data. This may have privacy and legal ramifications and harm trust in you and your application.
+* Exposed secrets can **cost you money** if hackers run unauthorized workloads on your cloud provider accounts.
+* Hackers can use an exposed secret to delete, modify, and disrupt servers which can cause **downtime and data loss**.
+
+Consider all the access and abilities a secret grants you and what a hacker could do with it. For example, if a {% data variables.product.pat_generic %} for your {% data variables.product.github %} account was exposed, a hacker could post and make changes on {% data variables.product.github %} as you.
+
+## Best practices for managing your secrets
+
+To avoid these types of issues, follow best practices to prevent leaks and limit damage if a secret is ever exposed.
+
+### Follow the **Principle of Least Privilege (PoLP)**
+
+Whenever possible, restrict what a secret can do and can access to only what is necessary. For example:
+
+* If a secret will only be used to read data and not make changes to data, opt to make it **read only**.
+* If the API you're using allows you to limit a secret to only particular scopes or permissions, only select **the ones that you need**. For example, if you only need to create issues with a {% data variables.product.github %} secret, there's no reason for the secret to have access to repository contents or anything else.
+* If a secret will give an attacker full access to the user account that owns it, **consider creating service accounts** that can take ownership of the secret.
+
+### Protect secrets in your application
+
+* **Never hardcode a secret**. Always use **environment variables** or your platform's secret management tools (such as {% data variables.product.github %}'s repository secrets).
+* If you have to share a secret with someone, use a dedicated tool like a **password manager**. Never send secrets via email or instant message.
+* If possible, set **expiration dates** and **rotate your secrets** regularly; this reduces the risk of old secrets being exploited.
+* If your application produces a log, ensure that **secrets are redacted before being logged**. Otherwise, active secrets could be saved to plaintext files.
+
+### Limit damage if a secret is exposed
+
+* Consider the secret compromised, even if only exposed for a second, and **revoke the secret immediately**. Then, generate a new secret and store it safely.
+* Check any **activity logs** that might show any suspicious activity performed with the compromised secret.
+* Consider how the secret was exposed and make changes to your processes so this can't happen again.
+
+## How {% data variables.product.github %} helps keep your secrets secure
+
+There's a lot that you can do to keep your secrets safe, but there's also a lot that {% data variables.product.github %} does to help keep your secrets secret. Everyone makes mistakes, and we're here to help with features that will catch any secrets you accidentally expose:
+
+* **Push protection**, which we'll experiment with later, blocks pushing secrets to your repositories on {% data variables.product.github %}.
+* **Secret scanning** scans repositories and creates alerts when it discovers a secret. For some secrets, we also notify the provider so they can take action, such as revoking the secret automatically.
+
+## Practicing safely storing a secret
+
+In this exercise, we'll create a {% data variables.product.pat_generic %} and store it safely so we can use it with {% data variables.product.prodname_actions %}. The action we'll create is a straightforward workflow that responds to an issue.
+
+### 1. Creating a practice repository
+
+We'll start by creating a repository to work from. The `new2code` account has a template repository we can use to quickly get started.
+
+1. Navigate to the [new repository page](https://github.com/new?template_owner=new2code&template_name=secret-action). Following this link will pre-select the template on the `new2code` account.
+1. Under "Owner", make sure your user account is selected.
+1. In the "Repository name" field, type `secret-action`.
+1. Beneath the description field, select **Public** to set the repository visibility.
+1. Click **Create repository**.
+
+### 2. Committing a dummy token
+
+Everyone makes mistakes, and it's possible that you'll accidentally commit a secret at some point in your coding journey. In this exercise, we'll intentionally commit a **fake token** so that we can become familiar and comfortable with the alert that gets triggered.
+
+1. Navigate to the repository you just created.
+1. Navigate to the YAML workflow file by clicking `.github/workflows` in the list of files.
+1. Open the workflow file by clicking `comment.yml` in the list of files.
+1. To edit the workflow file, at the top-right, click {% octicon "pencil" aria-label="Edit this file" %}.
+1. On line 13, `GH_TOKEN: ""`, insert this dummy token between the quotes:
+
+   ```text
+   {% data variables.secret-scanning.learner-example-secret-a %}{% data variables.secret-scanning.learner-example-secret-b %}
+   ```
+
+   The end result should look like this:
+
+   ```yaml
+   GH_TOKEN: "{% data variables.secret-scanning.learner-example-secret-a %}{% data variables.secret-scanning.learner-example-secret-b %}"
+   ```
+
+1. To attempt to commit the change, at the top right, click **Commit changes...** and then click **Commit changes** again in the dialog.
+1. You should now see the push protection alert, telling you that "Secret scanning found a GitHub Secret Scanning secret on line 13".
+
+   ![Screenshot of a push protection alert for Line 13 of the file we attempted to commit. The "Cancel" button is highlighted in an orange outline.](/assets/images/help/security/push-protection-example.png)
+
+   If we weren't experimenting with a dummy token, this would alert us that we were one step away from exposing a token. Review the options you can select on the alert.
+1. To stop your commit and avoid exposing the secret, click **Cancel**. In the top right, click **Cancel changes**, then discard your unsaved changes if prompted.
+
+### 3. Creating a real token
+
+Now, let's try following our best practices. First, we'll create a {% data variables.product.pat_generic %} which will allow the action to act on your behalf (the comment it creates will appear to come from your user account).
+
+>[!NOTE] Notice how we follow the Principle of Least Privilege for each configuration step. Your token will have the shortest expiration necessary, only have access to the repository it needs, and have the minimum permissions needed to work.
+
+1. Navigate to the [new {% data variables.product.pat_generic %} page](https://github.com/settings/personal-access-tokens/new).
+1. Under "Token name", give your new token a name. You can use something like "Action token".
+1. Under "Expiration", select "7 days".
+1. Under "Repository access", select **Only select repositories**.
+1. In the "Select repositories" dropdown, select **just** the practice repository you created earlier.
+1. To the right of "Repository permissions" in the "Permissions" section, click {% octicon "unfold" aria-label="Expand" %} to view all the possible permissions.
+1. Scroll down to "Issues" and, in the dropdown on the right, select "Read and write".
+1. At the bottom of the page, click **Generate token**. If prompted, confirm by clicking **Generate token** again.
+
+It's crucial to handle the resulting token securely from this moment forward. As we'll be using the token shortly, you can copy it to your clipboard briefly.
+
+### 4. Storing the token safely
+
+We can now store our new token safely in our repository.
+
+1. Navigate to the repository you created at the beginning of the exercise.
+{% data reusables.repositories.sidebar-settings %}
+{% data reusables.actions.sidebar-secrets-and-variables %}
+1. Under "Repository secrets," click **New repository secret**.
+1. In the **Name** field, type the name for your secret. For this exercise, we'll use `MY_TOKEN`.
+1. In the **Secret** field, paste the {% data variables.product.pat_generic %} you generated previously.
+1. Click **Add secret**.
+
+Your secret is now safely encrypted and ready to use!
+
+### 5. Referencing the token in our action
+
+Now we can update the YAML workflow file to use the token and test it works.
+
+1. Navigate back to your repository. If you're in your repository's settings, you can click **{% octicon "code" aria-hidden="true" %} Code** under the repository name.
+1. Navigate to the YAML workflow file by clicking `.github/workflows` in the list of files.
+1. Open the workflow file by clicking `comment.yml` in the list of files.
+1. To start editing the workflow file, at the top-right, click {% octicon "pencil" aria-label="Edit this file" %}.
+1. On line 13, `GH_TOKEN: ""`, replace the empty quotes with `{% raw %}${{ secrets.MY_TOKEN }}{% endraw %}`. This will reference the repository secret we added previously.
+
+   ```yaml
+   GH_TOKEN: {% raw %}${{ secrets.MY_TOKEN }}{% endraw %}
+   ```
+
+1. To commit the change, at the top-right, click **Commit changes...**
+1. In the "Commit changes" dialog, edit "Commit message" to reflect the change we're making. For example, you could enter "Updating workflow to use repository secret".
+1. Make sure "Commit directly to the `main` branch" is selected.
+1. Click **Commit changes**.
+
+### 6. Testing out the token and workflow
+
+We should be all set now! Let's go ahead and test the workflow.
+
+{% data reusables.repositories.sidebar-issues %}
+{% data reusables.repositories.new_issue %}
+1. Under "Add a title", you can type any title you like.
+1. Under "Add a description", in the text area, type `Hello`.
+1. Beneath the text area, click **Create**.
+
+Once the workflow has had time to complete, you should see a new comment appear. The comment will be authored by yourself, as we're using your token, and contain a greeting in return.
+
+## Next steps
+
+For a more in-depth dive into secret scanning and push protection, you can complete the [Introduction to secret scanning](https://github.com/skills/introduction-to-secret-scanning/tree/main) course in {% data variables.product.prodname_learning %}.
diff --git a/content/organizations/index.md b/content/organizations/index.md
index 52538ebddf88..e8b8bb7d6216 100644
--- a/content/organizations/index.md
+++ b/content/organizations/index.md
@@ -13,11 +13,12 @@ featuredLinks:
     - /get-started/learning-about-github/types-of-github-accounts
     - /organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization
     - /organizations/organizing-members-into-teams/about-teams
+    - /organizations/managing-oauth-access-to-your-organizations-data/about-oauth-app-access-restrictions
   popular:
     - /organizations/collaborating-with-groups-in-organizations/creating-a-new-organization-from-scratch
     - /organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization
     - /organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization
-    - /organizations/managing-oauth-access-to-your-organizations-data/about-oauth-app-access-restrictions
+    - /code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment
   guideCards:
     - /organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization
     - /organizations/managing-membership-in-your-organization/adding-people-to-your-organization
diff --git a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md
index 4b5b03482766..6f71768a41af 100644
--- a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md
+++ b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md
@@ -83,9 +83,7 @@ To search for specific events, use the `action` qualifier in your query. Actions
 | `org_credential_authorization` | Contains all activities related to authorizing credentials for use with SAML single sign-on. |
 | {% endif %} |
 | `org_secret_scanning_automatic_validity_checks` | Contains organization-level activities related to enabling and disabling automatic validity checks for {% data variables.product.prodname_secret_scanning %}. For more information, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization).
-| {% ifversion secret-scanning-audit-log-custom-patterns %} |
 | `org_secret_scanning_custom_pattern` | Contains organization-level activities related to {% data variables.product.prodname_secret_scanning %} custom patterns. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning).
-| {% endif %} |
 | `organization_default_label` | Contains all activities related to default labels for repositories in your organization.
 | `oauth_application` | Contains all activities related to {% data variables.product.prodname_oauth_apps %}.
 | `packages` | Contains all activities related to {% data variables.product.prodname_registry %}.
@@ -106,15 +104,9 @@ To search for specific events, use the `action` qualifier in your query. Actions
 | `repository_secret_scanning` | Contains repository-level activities related to {% data variables.product.prodname_secret_scanning %}. For more information, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning).
 | {% endif %} |
 | `repository_secret_scanning_automatic_validity_checks` | Contains repository-level activities related to enabling and disabling automatic validity checks for {% data variables.product.prodname_secret_scanning %}. For more information, see [AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository).
-| {% ifversion secret-scanning-audit-log-custom-patterns %} |
 | `repository_secret_scanning_custom_pattern` | Contains repository-level activities related to {% data variables.product.prodname_secret_scanning %} custom patterns. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning). |
-| {% endif %} |
-| {% ifversion secret-scanning-custom-pattern-push-protection-audit %} |
 | `repository_secret_scanning_custom_pattern_push_protection`| Contains repository-level activities related to push protection of a custom pattern for {% data variables.product.prodname_secret_scanning %}. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository).
-| {% endif %} |
-| {% ifversion secret-scanning-audit-log-custom-patterns %} |
 | `repository_secret_scanning_push_protection` | Contains repository-level activities related to {% data variables.product.prodname_secret_scanning %} push protection. For more information, see [AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning).
-| {% endif %} |
 | `repository_vulnerability_alert` | Contains all activities related to [{% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
 | {% ifversion fpt or ghec %} |
 | `repository_vulnerability_alerts` | Contains repository-level configuration activities for {% data variables.product.prodname_dependabot_alerts %}.
diff --git a/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization.md b/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization.md
index 81040554496f..ded39a3a237c 100644
--- a/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization.md
+++ b/content/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization.md
@@ -26,9 +26,7 @@ Organization members {% ifversion org-sec-manager-update %} and members of teams
 * The ability to configure settings for security features at the organization level, including the ability to enable or disable {% data variables.product.prodname_GHAS %} features
 * The ability to configure settings for security features at the repository level, including the ability to enable or disable {% data variables.product.prodname_GHAS %} features
 
-{% ifversion fpt %}
-Additional functionality, including a security overview for the organization, is available in organizations that use {% data variables.product.prodname_ghe_cloud %}. For more information, see the [{% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/organizations/managing-peoples-access-to-your-organization-with-roles/managing-security-managers-in-your-organization).
-{% endif %}
+Additional functionality, including a security overview for the organization, is available in organizations that use {% data variables.product.prodname_GHAS_cs_or_sp %}.
 
 If a team has the security manager role, people with admin access to the team and a specific repository can change the team's level of access to that repository but cannot remove the access. For more information, see [AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-team-access-to-an-organization-repository) and [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-teams-and-people-with-access-to-your-repository).
 
diff --git a/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository.md b/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository.md
index 128741af1cb0..5e2ede1bb6e9 100644
--- a/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository.md
+++ b/content/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository.md
@@ -1,6 +1,6 @@
 ---
 title: Managing security and analysis settings for your repository
-intro: 'You can control features that secure and analyze the code in your project on {% data variables.product.prodname_dotcom %}.'
+intro: 'You can control features that secure and analyze the code in your project on {% data variables.product.github %}.'
 permissions: People with admin permissions to a repository can manage security and analysis settings for the repository.
 redirect_from:
   - /articles/managing-alerts-for-vulnerable-dependencies-in-your-organization-s-repositories
diff --git a/data/features/code-security-multi-repo-enablement.yml b/data/features/code-security-multi-repo-enablement.yml
index c0e8fc1c71d4..9865699abfeb 100644
--- a/data/features/code-security-multi-repo-enablement.yml
+++ b/data/features/code-security-multi-repo-enablement.yml
@@ -1,5 +1,6 @@
 # Reference: #9212
-
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>= 3.10'
diff --git a/data/features/custom-pattern-dry-run-ga.yml b/data/features/custom-pattern-dry-run-ga.yml
index 4fea8bb76db0..246b50810c53 100644
--- a/data/features/custom-pattern-dry-run-ga.yml
+++ b/data/features/custom-pattern-dry-run-ga.yml
@@ -1,4 +1,6 @@
 # Secret scanning: custom pattern dry run GA #7527
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>3.6'
diff --git a/data/features/ghas-billing-UI-update.yml b/data/features/ghas-billing-UI-update.yml
index 80953d9911ed..9e9c3434e38c 100644
--- a/data/features/ghas-billing-UI-update.yml
+++ b/data/features/ghas-billing-UI-update.yml
@@ -1,6 +1,7 @@
 # Reference: Issue #7659
 # Documentation to update confusing GHAS terminology
-
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>=3.7'
diff --git a/data/features/ghas-products-cloud.yml b/data/features/ghas-products-cloud.yml
index 4a8a3550978c..e9bf40feddbd 100644
--- a/data/features/ghas-products-cloud.yml
+++ b/data/features/ghas-products-cloud.yml
@@ -1,9 +1,6 @@
 # Reference: #16634
 # Use for content that is only available in GitHub Cloud.
-# GitHub Advanced Security products - future release for GitHub Cloud.
-# NOTE: The GitHub Enterprise Server release version is currently unknown.
-# The value below is a placeholder.
+# GitHub Advanced Security products available as two separate SKUS: Secret Protection and Code Security
 versions:
-  ghes: '> 3.16'
-  #fpt: '*'
-  #ghec: '*'
+  fpt: '*'
+  ghec: '*'
diff --git a/data/features/ghas-products.yml b/data/features/ghas-products.yml
index 01d0efe46ec3..2f252ef62176 100644
--- a/data/features/ghas-products.yml
+++ b/data/features/ghas-products.yml
@@ -1,9 +1,6 @@
 # Reference: #16634
-# GitHub Advanced Security products - future release for GitHub Cloud.
-# NOTE: The GitHub Enterprise Server release version is currently unknown.
-# The value below is a placeholder.
+# GitHub Advanced Security products available as two separate SKUS: Secret Protection and Code Security
 versions:
-  ghes: '> 3.16'
-  #fpt: '*'
-  #ghec: '*'
-  #ghes: '> 3.16'
+  fpt: '*'
+  ghec: '*'
+  ghes: '>= 3.17'
diff --git a/data/features/metered-ghe-ghas.yml b/data/features/metered-ghe-ghas.yml
index e41354a4a0ae..96035e99360c 100644
--- a/data/features/metered-ghe-ghas.yml
+++ b/data/features/metered-ghe-ghas.yml
@@ -1,6 +1,8 @@
 # Reference: 13369
 # Documentation for metered GHE/GHAS.
+# Reference: 16705 GHAS is now available to GitHub Team users.
 
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>= 3.13'
diff --git a/data/features/org-npp-enablement-security-configurations.yml b/data/features/org-npp-enablement-security-configurations.yml
index 5836d2f2da76..4c3136860973 100644
--- a/data/features/org-npp-enablement-security-configurations.yml
+++ b/data/features/org-npp-enablement-security-configurations.yml
@@ -1,5 +1,6 @@
 # Reference: #15650
 # Secret scanning - non-provider pattern enablement is included in security configurations [Public Beta]
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '> 3.14'
diff --git a/data/features/push-protection-bypass-fine-grained-permissions.yml b/data/features/push-protection-bypass-fine-grained-permissions.yml
index e3c924f96d99..8a5bba586ec0 100644
--- a/data/features/push-protection-bypass-fine-grained-permissions.yml
+++ b/data/features/push-protection-bypass-fine-grained-permissions.yml
@@ -1,5 +1,7 @@
 # Issue 13329
 # Push protection bypass fine-grained permissions
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>=3.16'
diff --git a/data/features/push-protection-bypass-reviewer-comment.yml b/data/features/push-protection-bypass-reviewer-comment.yml
index a38568f2b96c..db2a3edf12aa 100644
--- a/data/features/push-protection-bypass-reviewer-comment.yml
+++ b/data/features/push-protection-bypass-reviewer-comment.yml
@@ -1,5 +1,7 @@
 # Reference: #16452
 # Documentation for reviewers can add a comment on push protection bypass requests for secret scanning [GA]
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>=3.16'
diff --git a/data/features/push-protection-delegated-bypass-configurations.yml b/data/features/push-protection-delegated-bypass-configurations.yml
index 7e8962a2586e..5867791617b4 100644
--- a/data/features/push-protection-delegated-bypass-configurations.yml
+++ b/data/features/push-protection-delegated-bypass-configurations.yml
@@ -1,4 +1,6 @@
 # Issue 15892 - Secret scanning push protection bypass moves from "Global Settings" to "Security configurations"
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>=3.16'
diff --git a/data/features/push-protection-delegated-bypass-enhancements.yml b/data/features/push-protection-delegated-bypass-enhancements.yml
index 5913c5acf66c..9f22567974c9 100644
--- a/data/features/push-protection-delegated-bypass-enhancements.yml
+++ b/data/features/push-protection-delegated-bypass-enhancements.yml
@@ -1,4 +1,6 @@
 # Issue 15735 - Secret scanning push protection bypasses show branch and file path information [GA]
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>=3.16'
diff --git a/data/features/push-protection-delegated-bypass-file-upload-support.yml b/data/features/push-protection-delegated-bypass-file-upload-support.yml
index dd896ed918ce..ec53ee0e1c1b 100644
--- a/data/features/push-protection-delegated-bypass-file-upload-support.yml
+++ b/data/features/push-protection-delegated-bypass-file-upload-support.yml
@@ -1,4 +1,6 @@
 # Issue 16148 - Push protection delegated bypass for file uploads [GA]
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>3.15'
diff --git a/data/features/push-protection-delegated-bypass.yml b/data/features/push-protection-delegated-bypass.yml
index 08cde276c3f2..9f01b22087b7 100644
--- a/data/features/push-protection-delegated-bypass.yml
+++ b/data/features/push-protection-delegated-bypass.yml
@@ -1,4 +1,6 @@
 # Issue 10362 - Push protection delegated bypass
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>=3.14'
diff --git a/data/features/secret-risk-assessment.yml b/data/features/secret-risk-assessment.yml
new file mode 100644
index 000000000000..885aec6155c6
--- /dev/null
+++ b/data/features/secret-risk-assessment.yml
@@ -0,0 +1,6 @@
+# Reference: #17014
+# Secret scanning on-demand insights, free for *everyone* (including private repositories) [GA]
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>= 3.18'
diff --git a/data/features/secret-scanning-ai-generic-secret-detection.yml b/data/features/secret-scanning-ai-generic-secret-detection.yml
index 8ef11b1c9b3d..1a28d7a90dc7 100644
--- a/data/features/secret-scanning-ai-generic-secret-detection.yml
+++ b/data/features/secret-scanning-ai-generic-secret-detection.yml
@@ -1,4 +1,6 @@
 # Reference: #11292
 # Documentation for generic secret detection using AI
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
diff --git a/data/features/secret-scanning-alert-experimental-list.yml b/data/features/secret-scanning-alert-experimental-list.yml
index 771ba66462ed..b28515bd4939 100644
--- a/data/features/secret-scanning-alert-experimental-list.yml
+++ b/data/features/secret-scanning-alert-experimental-list.yml
@@ -1,5 +1,7 @@
 # Reference: #15737.
 # Documentation for secret scanning experimental alert list (replacing the "Other" alert list)
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>=3.16'
diff --git a/data/features/secret-scanning-audit-log-custom-patterns.yml b/data/features/secret-scanning-audit-log-custom-patterns.yml
index 03cbe5433581..d80d366fd6ca 100644
--- a/data/features/secret-scanning-audit-log-custom-patterns.yml
+++ b/data/features/secret-scanning-audit-log-custom-patterns.yml
@@ -1,5 +1,7 @@
 # Reference: #6615.
 # Documentation for new audit log events for custom patterns for secret scanning.
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>=3.5'
diff --git a/data/features/secret-scanning-custom-link-on-block.yml b/data/features/secret-scanning-custom-link-on-block.yml
index 323d4f94967b..193e5e0c3630 100644
--- a/data/features/secret-scanning-custom-link-on-block.yml
+++ b/data/features/secret-scanning-custom-link-on-block.yml
@@ -1,5 +1,7 @@
 # Reference: #8384.
 # Documentation for secret scanning:  on block.
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>=3.8'
diff --git a/data/features/secret-scanning-custom-pattern-ai-generated.yml b/data/features/secret-scanning-custom-pattern-ai-generated.yml
index f88ca58945c2..5b7d1a06c27d 100644
--- a/data/features/secret-scanning-custom-pattern-ai-generated.yml
+++ b/data/features/secret-scanning-custom-pattern-ai-generated.yml
@@ -1,4 +1,6 @@
 # Reference: #11322
 # Secret scanning: Generate regex for custom patterns using AI [Limited Public Beta]
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
diff --git a/data/features/secret-scanning-custom-pattern-push-protection-audit.yml b/data/features/secret-scanning-custom-pattern-push-protection-audit.yml
index 7aac4cc463e8..e08e26ab92cf 100644
--- a/data/features/secret-scanning-custom-pattern-push-protection-audit.yml
+++ b/data/features/secret-scanning-custom-pattern-push-protection-audit.yml
@@ -1,5 +1,7 @@
 # Reference: #8786
 # Adding push protection for custom patterns (enable/disable) as audit log events
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '> 3.8'
diff --git a/data/features/secret-scanning-custom-patterns-metrics.yml b/data/features/secret-scanning-custom-patterns-metrics.yml
index 43c5da4c57c8..052155e32991 100644
--- a/data/features/secret-scanning-custom-patterns-metrics.yml
+++ b/data/features/secret-scanning-custom-patterns-metrics.yml
@@ -1,5 +1,7 @@
 # Reference: #9140.
 # Documentation for secret scanning metrics for custom patterns.
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>=3.10'
diff --git a/data/features/secret-scanning-multi-repo-public-leak-deduped-alerts.yml b/data/features/secret-scanning-multi-repo-public-leak-deduped-alerts.yml
index 70c63544daf7..ab6d05c80b10 100644
--- a/data/features/secret-scanning-multi-repo-public-leak-deduped-alerts.yml
+++ b/data/features/secret-scanning-multi-repo-public-leak-deduped-alerts.yml
@@ -1,4 +1,6 @@
 # Reference: #15947
 # Secret scanning: locations of public leaks and repositories with deduped alerts [Public Beta]
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
diff --git a/data/features/secret-scanning-multi-repo-public-leak.yml b/data/features/secret-scanning-multi-repo-public-leak.yml
index 6c379bedcdbf..b9b497514583 100644
--- a/data/features/secret-scanning-multi-repo-public-leak.yml
+++ b/data/features/secret-scanning-multi-repo-public-leak.yml
@@ -1,4 +1,6 @@
 # Reference: #15387
 # Secret scanning: multi-repo and public leak indicators added to alerts
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
diff --git a/data/features/secret-scanning-non-provider-patterns.yml b/data/features/secret-scanning-non-provider-patterns.yml
index 5e9516af9618..5f943660505e 100644
--- a/data/features/secret-scanning-non-provider-patterns.yml
+++ b/data/features/secret-scanning-non-provider-patterns.yml
@@ -1,5 +1,7 @@
 # Reference: #10154.
 # Secret scanning for non-provider patterns [Public Beta]
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>3.11'
diff --git a/data/features/secret-scanning-push-protection-custom-patterns.yml b/data/features/secret-scanning-push-protection-custom-patterns.yml
index c195ce010259..cda8a1201cf3 100644
--- a/data/features/secret-scanning-push-protection-custom-patterns.yml
+++ b/data/features/secret-scanning-push-protection-custom-patterns.yml
@@ -1,5 +1,7 @@
 # Reference: #8542
 # Secret scanning: Push protection for custom patterns
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>=3.9'
diff --git a/data/features/secret-scanning-report-secret-github-pat.yml b/data/features/secret-scanning-report-secret-github-pat.yml
index da35c7649cf1..9ad6493bff50 100644
--- a/data/features/secret-scanning-report-secret-github-pat.yml
+++ b/data/features/secret-scanning-report-secret-github-pat.yml
@@ -1,4 +1,6 @@
 # Reference: #15374
 # Secret scanning one-click report and revocation (for GitHub PATs only)
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
diff --git a/data/features/secret-scanning-validity-check-partner-patterns.yml b/data/features/secret-scanning-validity-check-partner-patterns.yml
index e1f285a8f4c5..74fca6c5393a 100644
--- a/data/features/secret-scanning-validity-check-partner-patterns.yml
+++ b/data/features/secret-scanning-validity-check-partner-patterns.yml
@@ -1,4 +1,6 @@
 # Reference: #9861.
 # Documentation for secret scanning: validity check for partner patterns (GHAS).
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
diff --git a/data/features/security-campaigns-autofix.yml b/data/features/security-campaigns-autofix.yml
index 2e35d52ac368..a13483b04be9 100644
--- a/data/features/security-campaigns-autofix.yml
+++ b/data/features/security-campaigns-autofix.yml
@@ -1,4 +1,6 @@
 # Reference: #14514
 # Documentation for the use of autofix within security campaigns
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
diff --git a/data/features/security-campaigns.yml b/data/features/security-campaigns.yml
index f4937312b5f3..f95e53c59052 100644
--- a/data/features/security-campaigns.yml
+++ b/data/features/security-campaigns.yml
@@ -1,4 +1,6 @@
 # Reference: #14514
 # Documentation for security campaigns
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
diff --git a/data/features/security-delegated-alert-dismissal.yml b/data/features/security-delegated-alert-dismissal.yml
index 76d45a5baf50..049aaa6ec14a 100644
--- a/data/features/security-delegated-alert-dismissal.yml
+++ b/data/features/security-delegated-alert-dismissal.yml
@@ -1,5 +1,7 @@
 # Reference: #16384 and #16319
 # Documentation for Delegated alert dismissal for code scanning and Delegated alert closures for secret scanning, both Public Preview
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>3.16'
diff --git a/data/features/security-overview-3-13-overview.yml b/data/features/security-overview-3-13-overview.yml
index 52e3ac12e08d..b0de93b1a29c 100644
--- a/data/features/security-overview-3-13-overview.yml
+++ b/data/features/security-overview-3-13-overview.yml
@@ -1,5 +1,7 @@
 # Reference: #10332 and #13509
 # Documentation for the addition of additional groupings and filters to the Overview page in the Security tab.
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghes: '>3.12'
   ghec: '*'
diff --git a/data/features/security-overview-3-14-overview.yml b/data/features/security-overview-3-14-overview.yml
index 767317a8e2d5..5d26e2e28eb2 100644
--- a/data/features/security-overview-3-14-overview.yml
+++ b/data/features/security-overview-3-14-overview.yml
@@ -1,5 +1,7 @@
 # Reference: #14180
 # Documentation for the addition of tool filters to the Overview page in the Security tab.
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghes: '>3.13'
   ghec: '*'
diff --git a/data/features/security-overview-3-tab-dashboard.yml b/data/features/security-overview-3-tab-dashboard.yml
index bcc0a3b6ad48..8d85a557bfbb 100644
--- a/data/features/security-overview-3-tab-dashboard.yml
+++ b/data/features/security-overview-3-tab-dashboard.yml
@@ -1,5 +1,7 @@
 # Reference: #14351.
 # Documentation for security overview dashboard 3-tab view
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghes: '>3.15'
   ghec: '*'
diff --git a/data/features/security-overview-additional-tools.yml b/data/features/security-overview-additional-tools.yml
index a4fb1b6ec831..e4a8231691cc 100644
--- a/data/features/security-overview-additional-tools.yml
+++ b/data/features/security-overview-additional-tools.yml
@@ -1,5 +1,7 @@
 # Reference: #13509
 # Documentation for: Additional data for the overview page [Public Beta]
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghes: '>3.12'
   ghec: '*'
diff --git a/data/features/security-overview-dashboard.yml b/data/features/security-overview-dashboard.yml
index ed91721f7154..ffb1a4051c6c 100644
--- a/data/features/security-overview-dashboard.yml
+++ b/data/features/security-overview-dashboard.yml
@@ -1,5 +1,7 @@
 # Reference: #11289
 # Documentation for the security overview dashboard, the default view on the "Security" tab in an organization.
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>3.12'
diff --git a/data/features/security-overview-delegated-bypass-requests.yml b/data/features/security-overview-delegated-bypass-requests.yml
index a017f03dbd39..4a143f4a383e 100644
--- a/data/features/security-overview-delegated-bypass-requests.yml
+++ b/data/features/security-overview-delegated-bypass-requests.yml
@@ -1,5 +1,7 @@
 # Reference: #15792
 # Documentation for the bypass requests page for delegated bypass at the org-level (security overview)
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>3.15'
diff --git a/data/features/security-overview-displayed-alerts.yml b/data/features/security-overview-displayed-alerts.yml
index 4d5f791fff8e..938374e2e755 100644
--- a/data/features/security-overview-displayed-alerts.yml
+++ b/data/features/security-overview-displayed-alerts.yml
@@ -1,5 +1,7 @@
 # Reference: #7114.
 # Documentation for security overview availability to all enterprise accounts.
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>=3.7'
diff --git a/data/features/security-overview-enterprise-codeql-pr-alerts.yml b/data/features/security-overview-enterprise-codeql-pr-alerts.yml
index 6ec450cc8d97..a144a3632375 100644
--- a/data/features/security-overview-enterprise-codeql-pr-alerts.yml
+++ b/data/features/security-overview-enterprise-codeql-pr-alerts.yml
@@ -1,5 +1,6 @@
 # Reference: #14348
 # Documentation for enterprise-level CodeQL PR alerts report
 versions:
+  fpt: '*'
   ghes: '> 3.14'
   ghec: '*'
diff --git a/data/features/security-overview-enterprise-enablement-report.yml b/data/features/security-overview-enterprise-enablement-report.yml
index efac07c046e9..05b2c665031c 100644
--- a/data/features/security-overview-enterprise-enablement-report.yml
+++ b/data/features/security-overview-enterprise-enablement-report.yml
@@ -1,5 +1,6 @@
 # Reference: #14354
 # Documentation for the enterprise-level Enablement trends report (for security products) [Public Beta]
 versions:
+  fpt: '*'
   ghes: '>3.13'
   ghec: '*'
diff --git a/data/features/security-overview-export-data.yml b/data/features/security-overview-export-data.yml
index ca4e31548bf4..3999e434cf7c 100644
--- a/data/features/security-overview-export-data.yml
+++ b/data/features/security-overview-export-data.yml
@@ -1,5 +1,7 @@
 # Reference: #11417, #13511, #14353
 # Documentation for the ability to download CSV files of data from the risk and coverage pages of security overview at both org- and enterprise- level.
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>=3.16'
diff --git a/data/features/security-overview-org-codeql-pr-alerts.yml b/data/features/security-overview-org-codeql-pr-alerts.yml
index b0ae1fd5c850..27e5c137228a 100644
--- a/data/features/security-overview-org-codeql-pr-alerts.yml
+++ b/data/features/security-overview-org-codeql-pr-alerts.yml
@@ -1,5 +1,7 @@
 # Reference: #14347
 # Documentation for org-level CodeQL PR alerts report
+# Ref 17108 Advanced Security available to Team plans
 versions:
-  ghes: '> 3.14'
+  fpt: '*'
   ghec: '*'
+  ghes: '> 3.14'
diff --git a/data/features/security-overview-org-risk-coverage-enterprise.yml b/data/features/security-overview-org-risk-coverage-enterprise.yml
index 35f3fdf576c2..5a3e7f106c03 100644
--- a/data/features/security-overview-org-risk-coverage-enterprise.yml
+++ b/data/features/security-overview-org-risk-coverage-enterprise.yml
@@ -1,5 +1,7 @@
 # Reference: #10312
 # Documentation for the enterprise-level security "Risk" and "Coverage" views
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghes: '> 3.9'
   ghec: '*'
diff --git a/data/features/security-overview-org-risk-coverage.yml b/data/features/security-overview-org-risk-coverage.yml
index 9d2bd936cf5f..3677f6f21499 100644
--- a/data/features/security-overview-org-risk-coverage.yml
+++ b/data/features/security-overview-org-risk-coverage.yml
@@ -1,6 +1,8 @@
 # Reference: #8557 and #8765.
 # Documentation for the organization-level split of the "Overview" page into "Risks" and "Coverage"
 # and the initial single-repo enablement panel for security overview coverage view.
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghes: '> 3.7'
   ghec: '*'
diff --git a/data/features/security-overview-push-protection-metrics-page.yml b/data/features/security-overview-push-protection-metrics-page.yml
index f483120713ef..23f9cb287f94 100644
--- a/data/features/security-overview-push-protection-metrics-page.yml
+++ b/data/features/security-overview-push-protection-metrics-page.yml
@@ -1,5 +1,7 @@
 # Reference: #9141.
 # Security overview - secret scanning push protection metrics
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '> 3.10'
diff --git a/data/features/security-overview-repository-properties.yml b/data/features/security-overview-repository-properties.yml
index 694db6f6d308..805a34b087c2 100644
--- a/data/features/security-overview-repository-properties.yml
+++ b/data/features/security-overview-repository-properties.yml
@@ -1,5 +1,6 @@
 # Reference: Issue #10332 - Repository properties integration with security overview
-
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '>=3.13'
diff --git a/data/features/security-overview-team-write-access.yml b/data/features/security-overview-team-write-access.yml
index 01b8299bcc20..e18c7f7122cb 100644
--- a/data/features/security-overview-team-write-access.yml
+++ b/data/features/security-overview-team-write-access.yml
@@ -1,5 +1,7 @@
 # Reference: #8973
 # Documentation for tweaks to the results of the team filter on the "Security risk" and "Security coverage" views
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghec: '*'
   ghes: '> 3.8'
diff --git a/data/features/security-overview-tool-adoption.yml b/data/features/security-overview-tool-adoption.yml
index 22e6d9e1be27..e12cbf6e000b 100644
--- a/data/features/security-overview-tool-adoption.yml
+++ b/data/features/security-overview-tool-adoption.yml
@@ -1,5 +1,7 @@
 # Reference: #13509
 # Documentation for the Enablement trends report (for security products) [Public Beta]
+# Ref 17108 Advanced Security available to Team plans
 versions:
+  fpt: '*'
   ghes: '>3.12'
   ghec: '*'
diff --git a/data/learning-tracks/admin.yml b/data/learning-tracks/admin.yml
index d30a61dc3a8d..61474545a0e4 100644
--- a/data/learning-tracks/admin.yml
+++ b/data/learning-tracks/admin.yml
@@ -148,9 +148,9 @@ configure_github_actions:
     - >-
       /admin/managing-github-actions-for-your-enterprise/advanced-configuration-and-troubleshooting/using-a-staging-environment
 configure_github_advanced_security:
-  title: Configure {% data variables.product.prodname_GHAS %}{% ifversion ghas-products-cloud %} products{% endif %}
+  title: Configure {% data variables.product.prodname_GHAS %} products
   description: >-
-    Improve the quality and security of your developers' code with {% data variables.product.prodname_GHAS %}{% ifversion ghas-products-cloud %} products{% endif %}.
+    Improve the quality and security of your developers' code with {% data variables.product.prodname_GHAS %} products.
   versions:
     ghes: '*'
   guides:
diff --git a/data/reusables/advanced-security/available-for-public-repos.md b/data/reusables/advanced-security/available-for-public-repos.md
new file mode 100644
index 000000000000..e6fab99eb05c
--- /dev/null
+++ b/data/reusables/advanced-security/available-for-public-repos.md
@@ -0,0 +1,5 @@
+{% ifversion fpt or ghec %}
+
+Available for public repositories by default.
+
+{% endif %}
diff --git a/data/reusables/advanced-security/check-for-ghas-license.md b/data/reusables/advanced-security/check-for-ghas-license.md
index fd9c5af123f3..1ce93065ffd9 100644
--- a/data/reusables/advanced-security/check-for-ghas-license.md
+++ b/data/reusables/advanced-security/check-for-ghas-license.md
@@ -1 +1 @@
-You can identify if your enterprise has a license for {% data variables.product.prodname_AS %} {% ifversion ghas-products-cloud %}products {% endif %}by reviewing your enterprise settings. For more information, see [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise#checking-whether-your-license-includes-github-advanced-security).
+You can identify if your enterprise has a license for {% data variables.product.prodname_AS %} {% ifversion ghas-products %}products {% endif %}by reviewing your enterprise settings. For more information, see [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise#checking-whether-your-license-includes-github-advanced-security).
diff --git a/data/reusables/advanced-security/control-use-cost-links.md b/data/reusables/advanced-security/control-use-cost-links.md
new file mode 100644
index 000000000000..b8be1f0c8b98
--- /dev/null
+++ b/data/reusables/advanced-security/control-use-cost-links.md
@@ -0,0 +1,3 @@
+{% ifversion fpt or ghec %}[AUTOTITLE](/billing/using-the-new-billing-platform/preventing-overspending){% ifversion ghec %} and [AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-advanced-security-in-your-enterprise){% endif %}
+{% elsif ghes %}[AUTOTITLE](/enterprise-cloud@latest/billing/using-the-new-billing-platform/preventing-overspending) in the {% data variables.product.prodname_ghe_cloud %} docs
+{% endif %}
diff --git a/data/reusables/advanced-security/ghas-license-info-for-fpt.md b/data/reusables/advanced-security/ghas-license-info-for-fpt.md
index a0ca30c12f18..b2a176fa7a3b 100644
--- a/data/reusables/advanced-security/ghas-license-info-for-fpt.md
+++ b/data/reusables/advanced-security/ghas-license-info-for-fpt.md
@@ -1 +1 @@
-If you want to use {% data variables.product.prodname_GHAS %} features on any repository apart from a public repository on {% data variables.product.prodname_dotcom %}, you will need a license for {% data variables.product.prodname_GHAS %} features, available with {% ifversion ghas-products-cloud %}{% data variables.product.prodname_team %}, {% endif %}{% data variables.product.prodname_ghe_cloud %} or {% data variables.product.prodname_ghe_server %}. {% data reusables.advanced-security.ghas-trial %}
+If you want to use {% data variables.product.prodname_GHAS %} features on any repository apart from a public repository on {% data variables.product.prodname_dotcom %}, you will need a license for {% data variables.product.prodname_GHAS %} products, available with {% data variables.product.prodname_team %}, {% data variables.product.prodname_ghe_cloud %}, or {% data variables.product.prodname_ghe_server %}. {% data reusables.advanced-security.ghas-trial %}
diff --git a/data/reusables/advanced-security/ghas-products-bullets.md b/data/reusables/advanced-security/ghas-products-bullets.md
new file mode 100644
index 000000000000..47d002eee5cb
--- /dev/null
+++ b/data/reusables/advanced-security/ghas-products-bullets.md
@@ -0,0 +1,2 @@
+* **{% data variables.product.prodname_GH_secret_protection %}**, which includes features that help you detect and prevent secret leaks, such as {% data variables.product.prodname_secret_scanning %} and push protection.
+* **{% data variables.product.prodname_GH_code_security %}**, which includes features that help you find and fix vulnerabilities, like {% data variables.product.prodname_code_scanning %}, premium {% data variables.product.prodname_dependabot %} features, and dependency review.
diff --git a/data/reusables/advanced-security/ghas-products-tip.md b/data/reusables/advanced-security/ghas-products-tip.md
deleted file mode 100644
index 2a93a4ec80eb..000000000000
--- a/data/reusables/advanced-security/ghas-products-tip.md
+++ /dev/null
@@ -1,6 +0,0 @@
-<!-- expires 2025-04-01 -->
-
-> [!TIP]
-> From April 1, 2025, you will be able to enable usage-based billing or buy licenses for selected features of {% data variables.product.prodname_GH_advanced_security %}. {% ifversion fpt or ghec %}The new products, GitHub Secret Protection and GitHub Code Security, will be available to users with {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %}. {% elsif ghes %}The new products, GitHub Secret Protection and GitHub Code Security, will be available to users with {% data variables.product.prodname_team %}, {% data variables.product.prodname_ghe_cloud %}, and {% data variables.product.prodname_ghe_server %} 3.17 onward.{% endif %}For full details, see [Evolving {% data variables.product.prodname_GH_advanced_security %}](https://resources.github.com/evolving-github-advanced-security/) in Executive Insights.
-
-<!-- end expires 2025-04-01 -->
diff --git a/data/reusables/advanced-security/purchase-ghas.md b/data/reusables/advanced-security/purchase-ghas.md
index a20c539e452a..3732a0541960 100644
--- a/data/reusables/advanced-security/purchase-ghas.md
+++ b/data/reusables/advanced-security/purchase-ghas.md
@@ -1,5 +1,8 @@
-1. Under "How many committers do you want to include?", enter the number of committers you want to purchase licenses for. For more information about committer numbers, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
-
-   You won't see this option if you're enrolled in usage-based billing for {% data variables.product.prodname_GHAS_cs_or_sp %} licenses.
 1. Confirm your billing information and payment method.
 1. Click **Purchase Advanced Security**.
+
+{% data reusables.billing.authorization-charge %}
+
+> [!TIP]
+> If you pay for {% data variables.product.github %} using volume/subscription billing, you will also need define how many licenses to purchase.
+> * Under "How many committers do you want to include?", enter the number of committers you want to purchase licenses for. See [Active committers and unique committers](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security#active-committers-and-unique-committers).
diff --git a/data/reusables/advanced-security/secret-scanning-add-custom-pattern-details.md b/data/reusables/advanced-security/secret-scanning-add-custom-pattern-details.md
index 765263a76d04..3fb740e5cbc6 100644
--- a/data/reusables/advanced-security/secret-scanning-add-custom-pattern-details.md
+++ b/data/reusables/advanced-security/secret-scanning-add-custom-pattern-details.md
@@ -4,4 +4,16 @@
    1. You can click **More options {% octicon "chevron-down" aria-hidden="true" %}** to provide other surrounding content or additional match requirements for the secret format.
    1. Provide a sample test string to make sure your configuration is matching the patterns you expect.
 
+{% ifversion fpt or ghec %}
+
    ![Screenshot of a filled custom {% data variables.product.prodname_secret_scanning %} pattern form.](/assets/images/help/repository/secret-scanning-create-custom-pattern.png)
+
+{% elsif ghes > 3.16 %}
+
+   ![Screenshot of a filled custom {% data variables.product.prodname_secret_scanning %} pattern form.](/assets/images/help/repository/secret-scanning-create-custom-pattern-ghes17.png)
+
+{% elsif ghes < 3.17 %}
+
+   ![Screenshot of a filled custom {% data variables.product.prodname_secret_scanning %} pattern form.](/assets/images/help/repository/secret-scanning-create-custom-pattern-ghas.png)
+
+{% endif %}
diff --git a/data/reusables/audit_log/audit-log-action-categories.md b/data/reusables/audit_log/audit-log-action-categories.md
index 4903b1f56f9c..5626cee4229d 100644
--- a/data/reusables/audit_log/audit-log-action-categories.md
+++ b/data/reusables/audit_log/audit-log-action-categories.md
@@ -15,12 +15,8 @@
 | `business_advanced_security` | Contains activities related to {% data variables.product.prodname_AS %} in an enterprise. |
 | `business_secret_scanning` | Contains activities related to {% data variables.product.prodname_secret_scanning %} in an enterprise. |
 | `business_secret_scanning_automatic_validity_checks` | Contains activities related to enabling or disabling automatic validity checks for {% data variables.product.prodname_secret_scanning %} in an enterprise. |
-| {% ifversion secret-scanning-audit-log-custom-patterns %} |
 | `business_secret_scanning_custom_pattern` | Contains activities related to custom patterns for {% data variables.product.prodname_secret_scanning %} in an enterprise. |
-| {% endif %} |
-| {% ifversion secret-scanning-custom-pattern-push-protection-audit %} |
 | `business_secret_scanning_custom_pattern_push_protection` | Contains activities related to push protection of a custom pattern for {% data variables.product.prodname_secret_scanning %} in an enterprise. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account). |
-| {% endif %} |
 | `business_secret_scanning_push_protection` | Contains activities related to the push protection feature of {% data variables.product.prodname_secret_scanning %} in an enterprise. |
 | `business_secret_scanning_push_protection_custom_message` | Contains activities related to the custom message displayed when push protection is triggered in an enterprise. |
 | `checks`   | Contains activities related to check suites and runs. |
@@ -84,9 +80,7 @@
 | `org_credential_authorization` | Contains activities related to authorizing credentials for use with SAML single sign-on. |
 | {% endif %} |
 | `org_secret_scanning_automatic_validity_checks` | Contains activities related to enabling or disabling automatic validity checks for {% data variables.product.prodname_secret_scanning %} in an organization. For more information, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization#allowing-validity-checks-for-partner-patterns-in-an-organization). |
-| {% ifversion secret-scanning-audit-log-custom-patterns %} |
 | `org_secret_scanning_custom_pattern` | Contains activities related to custom patterns for {% data variables.product.prodname_secret_scanning %} in an organization. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning). |
-| {% endif %} |
 | `organization_default_label` | Contains activities related to default labels for repositories in an organization. |
 | `organization_domain` | Contains activities related to verified organization domains. |
 | `organization_projects_change` | Contains activities related to organization-wide {% data variables.projects.projects_v1_boards %} in an enterprise. |
@@ -123,19 +117,11 @@
 | `repository_image` | Contains activities related to images for a repository. |
 | `repository_invitation` | Contains activities related to invitations to join a repository. |
 | `repository_projects_change` | Contains activities related to enabling projects for a repository or for all repositories in an organization. |
-| {% ifversion ghec or ghes %} |
 | `repository_secret_scanning`  | Contains repository-level activities related to {% data variables.product.prodname_secret_scanning %}. For more information, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning). |
-| {% endif %} |
 | `repository_secret_scanning_automatic_validity_checks` | Contains activities related to enabling or disabling automatic validity checks for {% data variables.product.prodname_secret_scanning %} in a repository. For more information, see [AUTOTITLE](/code-security/secret-scanning/enabling-secret-scanning-features/enabling-secret-scanning-for-your-repository). |
-| {% ifversion secret-scanning-audit-log-custom-patterns %} |
 | `repository_secret_scanning_custom_pattern` | Contains activities related to {% data variables.product.prodname_secret_scanning %} custom patterns in a repository. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning). |
-| {% endif %} |
-| {% ifversion secret-scanning-custom-pattern-push-protection-audit %} |
 | `repository_secret_scanning_custom_pattern_push_protection` | Contains activities related to push protection of a custom pattern for {% data variables.product.prodname_secret_scanning %} in a repository. For more information, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository). |
-| {% endif %} |
-| {% ifversion secret-scanning-audit-log-custom-patterns %}
 | `repository_secret_scanning_push_protection` | Contains activities related to the push protection feature of {% data variables.product.prodname_secret_scanning %} in a repository. For more information, see [AUTOTITLE](/code-security/secret-scanning/protecting-pushes-with-secret-scanning). |
-| {% endif %} |
 | {% ifversion fpt or ghec %} |
 | `repository_visibility_change` | Contains activities related to allowing organization members to change repository visibilities for the organization. |
 | {% endif %} |
@@ -150,10 +136,8 @@
 | {% ifversion ghec or ghes %} |
 | `role` | Contains activities related to [custom repository roles](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/managing-custom-repository-roles-for-an-organization). |
 | {% endif %} |
-| {% ifversion ghec or ghes %} |
 | `secret_scanning`   | Contains organization-level configuration activities for {% data variables.product.prodname_secret_scanning %} in existing repositories. For more information, see [AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning). |
 | `secret_scanning_new_repos` | Contains organization-level configuration activities for {% data variables.product.prodname_secret_scanning %} for new repositories created in the organization. |
-| {% endif %} |
 | {% ifversion ghec or ghes %} |
 | `security_key` | Contains activities related to security keys registration and removal. |
 | {% endif %} |
diff --git a/data/reusables/billing/actions-usage-delay.md b/data/reusables/billing/actions-usage-delay.md
index 823f96532924..357e3c89b7ef 100644
--- a/data/reusables/billing/actions-usage-delay.md
+++ b/data/reusables/billing/actions-usage-delay.md
@@ -1 +1 @@
-> [!NOTE] There is a delay of up to 2 hours in the usage data for {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %} products{% endif %} on the "Overview" page after enabling the feature.
+> [!NOTE] When you enable {% data variables.product.prodname_GH_cs_or_sp %}, there is a delay of up to two hours before the change is shown in the usage data on the "Billing & Licensing" tab.
diff --git a/data/reusables/billing/authorization-charge.md b/data/reusables/billing/authorization-charge.md
index 78526bd0876f..5b1e3d33a4d7 100644
--- a/data/reusables/billing/authorization-charge.md
+++ b/data/reusables/billing/authorization-charge.md
@@ -1 +1,5 @@
+{% ifversion billing-auth-and-capture %}
+
 Note that {% data variables.product.company_short %} may apply a temporary authorization hold for the value of the usage-based costs in advance, which will appear as a pending charge in your account's payment method.
+
+{% endif %}
diff --git a/data/reusables/code-scanning/click-code-security-enterprise.md b/data/reusables/code-scanning/click-code-security-enterprise.md
index 39771e8901fc..acd413807e22 100644
--- a/data/reusables/code-scanning/click-code-security-enterprise.md
+++ b/data/reusables/code-scanning/click-code-security-enterprise.md
@@ -1 +1 @@
-1. {% ifversion horizontal-nav %}At the top of the page, click **{% octicon "shield" aria-hidden="true" %} Code Security**.{% else %}On the left side of the page, in the enterprise account sidebar, click **{% octicon "shield" aria-hidden="true" %} Code Security**.{% endif %}
+1. {% ifversion horizontal-nav %}At the top of the page, click **{% octicon "shield" aria-hidden="true" %} Security**.{% else %}On the left side of the page, in the enterprise account sidebar, click **{% octicon "shield" aria-hidden="true" %} Code Security**.{% endif %}
diff --git a/data/reusables/code-scanning/licensing-note.md b/data/reusables/code-scanning/licensing-note.md
index 5337ebd280d8..69db39d15a24 100644
--- a/data/reusables/code-scanning/licensing-note.md
+++ b/data/reusables/code-scanning/licensing-note.md
@@ -1,5 +1,5 @@
 > [!NOTE] {% ifversion fpt %}
-> * The {% data variables.product.prodname_codeql_cli %} is free to use on public repositories. The {% data variables.product.prodname_codeql_cli %} is also available in private repositories owned by organizations that use {% ifversion ghas-products-cloud %}{% data variables.product.prodname_team %} or {% endif %}{% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_code_security %}. For information, see [{% data variables.product.github %} {% data variables.product.prodname_codeql %} Terms and Conditions](https://securitylab.github.com/tools/codeql/license) and [{% data variables.product.prodname_codeql %} CLI](https://codeql.github.com/docs/codeql-cli/).
+> * The {% data variables.product.prodname_codeql_cli %} is free to use on public repositories. The {% data variables.product.prodname_codeql_cli %} is also available in private repositories owned by organizations that use {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_code_security %}. For information, see [{% data variables.product.github %} {% data variables.product.prodname_codeql %} Terms and Conditions](https://securitylab.github.com/tools/codeql/license) and [{% data variables.product.prodname_codeql %} CLI](https://codeql.github.com/docs/codeql-cli/).
 {%- elsif ghec %}
 > * The {% data variables.product.prodname_codeql_cli %} is free to use on public repositories that are maintained on {% data variables.product.prodname_dotcom_the_website %}, and available to use on private repositories that are owned by customers with an {% data variables.product.prodname_GH_code_security %} license. For information, see [{% data variables.product.github %} {% data variables.product.prodname_codeql %} Terms and Conditions](https://securitylab.github.com/tools/codeql/license) and [{% data variables.product.prodname_codeql %} CLI](https://codeql.github.com/docs/codeql-cli/).
 {%- elsif ghes %}
diff --git a/data/reusables/code-scanning/require-actions-ghcs.md b/data/reusables/code-scanning/require-actions-ghcs.md
index 20bc230dd52b..5b4fe6630ef3 100644
--- a/data/reusables/code-scanning/require-actions-ghcs.md
+++ b/data/reusables/code-scanning/require-actions-ghcs.md
@@ -1,4 +1,3 @@
-* {% data variables.product.prodname_actions %} are enabled.{% ifversion fpt %}
-* It is publicly visible{% ifversion ghas-products-cloud %}, or {% data variables.product.prodname_GH_code_security %} is enabled.{% endif %}{%- elsif ghec %}
+* {% data variables.product.prodname_actions %} are enabled.{% ifversion fpt or ghec %}
 * It is publicly visible, or {% data variables.product.prodname_GH_code_security %} is enabled.{%- elsif ghes %}
 * {% data variables.product.prodname_GH_code_security %} is enabled.{% endif %}
diff --git a/data/reusables/dependabot/enabling-disabling-dependency-graph-private-repo-public-fork.md b/data/reusables/dependabot/enabling-disabling-dependency-graph-private-repo-public-fork.md
index e26b0c8b4acd..e778cfb11714 100644
--- a/data/reusables/dependabot/enabling-disabling-dependency-graph-private-repo-public-fork.md
+++ b/data/reusables/dependabot/enabling-disabling-dependency-graph-private-repo-public-fork.md
@@ -9,6 +9,4 @@ You can also enable the dependency graph for multiple repositories in an organiz
 {% data reusables.repositories.navigate-to-code-security-and-analysis %}
 1. Read the message about granting {% data variables.product.github %} read-only access to the repository data to enable the dependency graph, then next to "Dependency Graph", click **Enable**.
 
-   ![Screenshot showing how to enable the dependency graph for a repository. The "Enable" button is highlighted with a dark orange outline.](/assets/images/help/repository/dependency-graph-enable-button.png)
-
-   You can disable the dependency graph at any time by clicking **Disable** next to "Dependency Graph" on the settings page for "Code security and analysis."
+   You can disable the dependency graph at any time by clicking **Disable** next to "Dependency Graph" on the settings page for "{% data variables.product.prodname_AS %}".
diff --git a/data/reusables/enterprise-accounts/advanced-security-tab.md b/data/reusables/enterprise-accounts/advanced-security-tab.md
index c5c2a59b49d8..798b2e4ea60c 100644
--- a/data/reusables/enterprise-accounts/advanced-security-tab.md
+++ b/data/reusables/enterprise-accounts/advanced-security-tab.md
@@ -1 +1 @@
-1. In the left sidebar, click **{% data variables.product.UI_advanced_security_ent %}**.
+1. In the left sidebar, click **{% octicon "codescan" aria-hidden="true" %} {% data variables.product.UI_advanced_security_ent %}**.
diff --git a/data/reusables/enterprise-accounts/licensing-tab-both-platforms.md b/data/reusables/enterprise-accounts/licensing-tab-both-platforms.md
new file mode 100644
index 000000000000..ee5da95a35a1
--- /dev/null
+++ b/data/reusables/enterprise-accounts/licensing-tab-both-platforms.md
@@ -0,0 +1,2 @@
+1. {% ifversion horizontal-nav %}At the top of the page, click **{% octicon "credit-card" aria-hidden="true" %} Billing & Licensing** (visible if you use the new billing platform). Alternatively, click **{% octicon "gear" aria-hidden="true" %} Settings**.{% else %}On the left side of the page, in the enterprise account sidebar, click **{% octicon "credit-card" aria-hidden="true" %} Billing & Licensing** (visible if you use the new billing platform). Alternatively, click **{% octicon "gear" aria-hidden="true" %} Settings**.{% endif %}
+1. Click **Licensing** to show detailed information on license use.
diff --git a/data/reusables/enterprise-accounts/security-tab.md b/data/reusables/enterprise-accounts/security-tab.md
index bfa6c6df716a..e684287d88ab 100644
--- a/data/reusables/enterprise-accounts/security-tab.md
+++ b/data/reusables/enterprise-accounts/security-tab.md
@@ -1,5 +1 @@
-{%- ifversion ghec or ghes %}
 1. Under **{% octicon "gear" aria-hidden="true" %} Settings**, click **Authentication security**.
-{%- else %}
-1. Under **{% octicon "gear" aria-hidden="true" %} Settings**, click **Security**.
-{%- endif %}
diff --git a/data/reusables/enterprise-licensing/about-license-sync.md b/data/reusables/enterprise-licensing/about-license-sync.md
index f5c6722809a1..b5bb3c565aaa 100644
--- a/data/reusables/enterprise-licensing/about-license-sync.md
+++ b/data/reusables/enterprise-licensing/about-license-sync.md
@@ -1 +1 @@
-For a person using multiple {% data variables.product.prodname_enterprise %} environments to only consume a single license, you must synchronize license usage between environments. Then, {% data variables.product.company_short %} will deduplicate users based on the email addresses associated with their user accounts. {% data variables.product.company_short %} deduplicates licenses for the {% data variables.product.prodname_enterprise %} plan itself, and{% ifversion ghec %} if you use {% data variables.product.prodname_ghe_server %} version 3.12 or later,{% endif %} for {% data variables.product.prodname_GHAS %}{% ifversion ghas-products-cloud %} products{% endif %}. For more information, see [AUTOTITLE](/billing/managing-your-license-for-github-enterprise/troubleshooting-license-usage-for-github-enterprise#about-the-calculation-of-consumed-licenses).
+For a person using multiple {% data variables.product.prodname_enterprise %} environments to only consume a single license, you must synchronize license usage between environments. Then, {% data variables.product.company_short %} will deduplicate users based on the email addresses associated with their user accounts. {% data variables.product.company_short %} deduplicates licenses for the {% data variables.product.prodname_enterprise %} plan itself, and{% ifversion ghec %} if you use {% data variables.product.prodname_ghe_server %} version 3.12 or later,{% endif %} for {% data variables.product.prodname_GHAS %} products. For more information, see [AUTOTITLE](/billing/managing-your-license-for-github-enterprise/troubleshooting-license-usage-for-github-enterprise#about-the-calculation-of-consumed-licenses).
diff --git a/data/reusables/gated-features/code-scanning.md b/data/reusables/gated-features/code-scanning.md
index b2f29aaa7e12..bb8c3a6b846a 100644
--- a/data/reusables/gated-features/code-scanning.md
+++ b/data/reusables/gated-features/code-scanning.md
@@ -1,12 +1,12 @@
 {% data variables.product.prodname_code_scanning_caps %} is available for the following repository types:
 
 {%- ifversion fpt %}
-* Public repositories on {% data variables.product.prodname_dotcom_the_website %}{% ifversion ghas-products-cloud %}
-* Organization-owned repositories on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
+* Public repositories on {% data variables.product.prodname_dotcom_the_website %}
+* Organization-owned repositories on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled
 
 {%- elsif ghec %}
 * Public repositories on {% data variables.product.prodname_dotcom_the_website %}
-* Organization-owned repositories on {% ifversion ghas-products-cloud %}{% data variables.product.prodname_team %} or {% endif %}{% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled
+* Organization-owned repositories on {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled
 
 {%- elsif ghes %}
 * Organization-owned repositories with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled
diff --git a/data/reusables/gated-features/codeql.md b/data/reusables/gated-features/codeql.md
index 6807ed01a600..ae5db355e21e 100644
--- a/data/reusables/gated-features/codeql.md
+++ b/data/reusables/gated-features/codeql.md
@@ -1,12 +1,12 @@
 {% data variables.product.prodname_codeql %} is available for the following repository types:
 
 {%- ifversion fpt %}
-* Public repositories on {% data variables.product.prodname_dotcom_the_website %}, see [GitHub CodeQL Terms and Conditions](https://github.com/github/codeql-cli-binaries/blob/main/LICENSE.md){% ifversion ghas-products-cloud %}
-* Organization-owned repositories on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
+* Public repositories on {% data variables.product.prodname_dotcom_the_website %}, see [GitHub CodeQL Terms and Conditions](https://github.com/github/codeql-cli-binaries/blob/main/LICENSE.md)
+* Organization-owned repositories on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled
 
 {%- elsif ghec %}
 * Public repositories on {% data variables.product.prodname_dotcom_the_website %}, see [GitHub CodeQL Terms and Conditions](https://github.com/github/codeql-cli-binaries/blob/main/LICENSE.md)
-* Organization-owned repositories on {% ifversion ghas-products-cloud %}{% data variables.product.prodname_team %} or {% endif %}{% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled
+* Organization-owned repositories on {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled
 
 {%- elsif ghes %}
 * Organization-owned repositories with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled
diff --git a/data/reusables/gated-features/delegated-bypass.md b/data/reusables/gated-features/delegated-bypass.md
index 2b600a7f71b5..c270ccb399c6 100644
--- a/data/reusables/gated-features/delegated-bypass.md
+++ b/data/reusables/gated-features/delegated-bypass.md
@@ -1,10 +1,10 @@
 Delegated bypass for push protection is available for the following repository types:
 
-{% ifversion fpt %}{% ifversion ghas-products-cloud %}
-* Organization-owned repositories on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}{% endif %}
+{% ifversion fpt %}
+* Organization-owned repositories on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
 
 {% ifversion ghec %}
-* Organization-owned repositories on {% ifversion ghas-products-cloud %}{% data variables.product.prodname_team %} or {% endif %}{% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
+* Organization-owned repositories on {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
 
 {% ifversion ghes %}
 * Organization-owned repositories with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
diff --git a/data/reusables/gated-features/dependabot-alerts.md b/data/reusables/gated-features/dependabot-alerts.md
index e3de42574920..459882ca5361 100644
--- a/data/reusables/gated-features/dependabot-alerts.md
+++ b/data/reusables/gated-features/dependabot-alerts.md
@@ -1,11 +1,3 @@
 {% data variables.product.prodname_dependabot_alerts %} is available for the following repositories:
 
-{% ifversion fpt or ghec %}
-
-  * Public repositories on {% data variables.product.prodname_dotcom %}
-
-{% elsif ghes %}
-
-* Organization-owned and user-owned repositories {% data variables.product.prodname_ghe_server %}
-
-{% endif %}
+  * Organization-owned and user-owned repositories
diff --git a/data/reusables/gated-features/dependabot-auto-triage-rules.md b/data/reusables/gated-features/dependabot-auto-triage-rules.md
index ec62e551e0a6..0068bdd3bc3f 100644
--- a/data/reusables/gated-features/dependabot-auto-triage-rules.md
+++ b/data/reusables/gated-features/dependabot-auto-triage-rules.md
@@ -3,12 +3,12 @@
 **{% data variables.dependabot.custom_rules_caps %}** are available for the following repository types:
 
 {% ifversion fpt %}
-* Public repositories on {% data variables.product.prodname_dotcom_the_website %}{%- ifversion ghas-products-cloud %}
-* Organization-owned repositories on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}{% endif %}
+* Public repositories on {% data variables.product.prodname_dotcom_the_website %}
+* Organization-owned repositories on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
 
 {% ifversion ghec %}
 * Public repositories on {% data variables.product.prodname_dotcom_the_website %}
-* Organization-owned repositories on {% ifversion ghas-products-cloud %}{% data variables.product.prodname_team %} or {% endif %}{% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
+* Organization-owned repositories on {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
 
 {% ifversion ghes %}
-* Organization-owned repositories with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}  
+* Organization-owned repositories with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
diff --git a/data/reusables/gated-features/dependabot-custom-auto-triage-rules.md b/data/reusables/gated-features/dependabot-custom-auto-triage-rules.md
index a8f7e9e85ef1..53e95b3c4999 100644
--- a/data/reusables/gated-features/dependabot-custom-auto-triage-rules.md
+++ b/data/reusables/gated-features/dependabot-custom-auto-triage-rules.md
@@ -1,8 +1,8 @@
 {%- ifversion fpt %}
-{% data variables.dependabot.custom_rules_caps %} for {% data variables.product.prodname_dependabot_alerts %} are available on public repositories{% ifversion ghas-products-cloud %} and on any organization-owned repositories in {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}.
+{% data variables.dependabot.custom_rules_caps %} for {% data variables.product.prodname_dependabot_alerts %} are available on public repositories and on any organization-owned repositories in {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled.
 
 {%- elsif ghec %}
-{% data variables.dependabot.custom_rules_caps %} for {% data variables.product.prodname_dependabot_alerts %} are available on public repositories and on any organization-owned repositories in {% ifversion ghas-products-cloud %}{% data variables.product.prodname_team %} or {% endif %}{% data variables.product.prodname_enterprise %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled.
+{% data variables.dependabot.custom_rules_caps %} for {% data variables.product.prodname_dependabot_alerts %} are available on public repositories and on any organization-owned repositories in {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled.
 
 {%- elsif ghes %}
 {% data variables.dependabot.custom_rules_caps %} for {% data variables.product.prodname_dependabot_alerts %} are available for organization-owned repositories with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled.
diff --git a/data/reusables/gated-features/dependency-review.md b/data/reusables/gated-features/dependency-review.md
index 572d45ee0b4e..0b1d5176c2a4 100644
--- a/data/reusables/gated-features/dependency-review.md
+++ b/data/reusables/gated-features/dependency-review.md
@@ -1,12 +1,12 @@
 Dependency review is available for the following repository types:
 
 {%- ifversion fpt %}
-* Public repositories on {% data variables.product.prodname_dotcom_the_website %}{%- ifversion ghas-products-cloud %}
-* Organization-owned repositories on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}{% endif %}
+* Public repositories on {% data variables.product.prodname_dotcom_the_website %}
+* Organization-owned repositories on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
 
 {%- ifversion ghec %}
 * Public repositories on {% data variables.product.prodname_dotcom_the_website %}
-* Organization-owned repositories on {% ifversion ghas-products-cloud %}{% data variables.product.prodname_team %} or {% endif %}{% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
+* Organization-owned repositories on {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
 
 {%- ifversion ghes %}
 * Organization-owned repositories with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
diff --git a/data/reusables/gated-features/ghas-billing.md b/data/reusables/gated-features/ghas-billing.md
new file mode 100644
index 000000000000..8e49b2ee4c66
--- /dev/null
+++ b/data/reusables/gated-features/ghas-billing.md
@@ -0,0 +1,3 @@
+{% ifversion fpt or ghec %}
+Requires {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %}
+{% endif %}
diff --git a/data/reusables/gated-features/partner-pattern-validity-check-ghas.md b/data/reusables/gated-features/partner-pattern-validity-check-ghas.md
index faf5475d9bf5..2615bbacd35f 100644
--- a/data/reusables/gated-features/partner-pattern-validity-check-ghas.md
+++ b/data/reusables/gated-features/partner-pattern-validity-check-ghas.md
@@ -1,10 +1,10 @@
 Validity checks for partner patterns are available for the following repository types:
 
-{% ifversion fpt %}{% ifversion ghas-products-cloud %}
-* Organization-owned repositories on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}{% endif %}
+{% ifversion fpt %}
+* Organization-owned repositories on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
 
 {% ifversion ghec %}
-* Organization-owned repositories on {% ifversion ghas-products-cloud %}{% data variables.product.prodname_team %} or {% endif %}{% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
+* Organization-owned repositories on {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
 
 {% ifversion ghes %}
 * Organization-owned repositories with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
diff --git a/data/reusables/gated-features/push-protection-for-repos.md b/data/reusables/gated-features/push-protection-for-repos.md
index 5613851bbdeb..cab28321b23d 100644
--- a/data/reusables/gated-features/push-protection-for-repos.md
+++ b/data/reusables/gated-features/push-protection-for-repos.md
@@ -1,12 +1,12 @@
 Push protection is available for the following repository types:
 
 {% ifversion fpt %}
-* Public repositories on {% data variables.product.prodname_dotcom_the_website %}{% ifversion ghas-products-cloud %}
-* Organization-owned repositories on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}{% endif %}
+* Public repositories on {% data variables.product.prodname_dotcom_the_website %}
+* Organization-owned repositories on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
 
 {% ifversion ghec %}
 * Public repositories on {% data variables.product.prodname_dotcom_the_website %}
-* Organization-owned repositories on {% ifversion ghas-products-cloud %}{% data variables.product.prodname_team %} or {% endif %}{% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled
+* Organization-owned repositories on {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled
 * User namespace repositories belonging to {% data variables.product.prodname_emus %}{% endif %}
 
 {% ifversion ghes %}
diff --git a/data/reusables/gated-features/secret-protection.md b/data/reusables/gated-features/secret-protection.md
new file mode 100644
index 000000000000..2ccf8324a066
--- /dev/null
+++ b/data/reusables/gated-features/secret-protection.md
@@ -0,0 +1,4 @@
+{% data variables.product.prodname_GH_secret_protection %} is a set of features within {% data variables.product.prodname_GHAS %} that is available to the following users:
+
+* {% data variables.product.prodname_team %} plan users
+* Enterprise organizations on {% data variables.product.prodname_ghe_cloud %} and {% data variables.product.prodname_ghe_server %}
diff --git a/data/reusables/gated-features/secret-risk-assessment-report.md b/data/reusables/gated-features/secret-risk-assessment-report.md
new file mode 100644
index 000000000000..64ad27676d35
--- /dev/null
+++ b/data/reusables/gated-features/secret-risk-assessment-report.md
@@ -0,0 +1 @@
+{% data variables.product.prodname_secret_risk_assessment_caps %} is available for free for organization-owned repositories on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %}
diff --git a/data/reusables/gated-features/secret-scanning-custom-patterns.md b/data/reusables/gated-features/secret-scanning-custom-patterns.md
index 2d37fd7d224d..acc86d9a99d6 100644
--- a/data/reusables/gated-features/secret-scanning-custom-patterns.md
+++ b/data/reusables/gated-features/secret-scanning-custom-patterns.md
@@ -1,10 +1,10 @@
 Custom patterns for {% data variables.product.prodname_secret_scanning %} is available for the following repository types:
 
-{% ifversion fpt %}{% ifversion ghas-products-cloud %}
-* Organization-owned repositories on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}{% endif %}
+{% ifversion fpt %}
+* Organization-owned repositories on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
 
 {% ifversion ghec %}
-* Organization-owned repositories on {% ifversion ghas-products-cloud %}{% data variables.product.prodname_team %} or {% endif %}{% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
+* Organization-owned repositories on {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
 
 {% ifversion ghes %}
 * Organization-owned repositories with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
diff --git a/data/reusables/gated-features/secret-scanning-non-provider-patterns.md b/data/reusables/gated-features/secret-scanning-non-provider-patterns.md
index 93a3b8ee41e8..f6818df99461 100644
--- a/data/reusables/gated-features/secret-scanning-non-provider-patterns.md
+++ b/data/reusables/gated-features/secret-scanning-non-provider-patterns.md
@@ -1,10 +1,10 @@
 Scanning for non-provider patterns is available for the following repository types:
 
-{% ifversion fpt %}{% ifversion ghas-products-cloud %}
-* Organization-owned repositories on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}{% endif %}
+{% ifversion fpt %}
+* Organization-owned repositories on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
 
 {% ifversion ghec %}
-* Organization-owned repositories on {% ifversion ghas-products-cloud %}{% data variables.product.prodname_team %} or {% endif %}{% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
+* Organization-owned repositories on {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
 
 {% ifversion ghes %}
 * Organization-owned repositories with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
diff --git a/data/reusables/gated-features/secret-scanning.md b/data/reusables/gated-features/secret-scanning.md
index b8b0d24a1eea..fa90c1ed87c3 100644
--- a/data/reusables/gated-features/secret-scanning.md
+++ b/data/reusables/gated-features/secret-scanning.md
@@ -1,12 +1,12 @@
 {% data variables.product.prodname_secret_scanning_caps %} is available for the following repository types:
 
 {%- ifversion fpt %}
-* Public repositories on {% data variables.product.prodname_dotcom_the_website %}{% ifversion ghas-products-cloud %}
-* Organization-owned repositories on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
+* Public repositories on {% data variables.product.prodname_dotcom_the_website %}
+* Organization-owned repositories on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled
 
 {%- elsif ghec %}
 * Public repositories on {% data variables.product.prodname_dotcom_the_website %}
-* Organization-owned repositories on {% ifversion ghas-products-cloud %}{% data variables.product.prodname_team %} or {% endif %}{% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% ifversion secret-scanning-user-owned-repos %}
+* Organization-owned repositories on {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% ifversion secret-scanning-user-owned-repos %}
 * User-owned repositories for {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_emus %}{% endif %}
 
 {%- elsif ghes %}
diff --git a/data/reusables/gated-features/security-campaigns.md b/data/reusables/gated-features/security-campaigns.md
index b2f0022e9de4..78cb3002a819 100644
--- a/data/reusables/gated-features/security-campaigns.md
+++ b/data/reusables/gated-features/security-campaigns.md
@@ -1,8 +1,8 @@
-{% ifversion fpt %}{% ifversion ghas-products-cloud %}
-Organizations on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}{% endif %}
+{% ifversion fpt %}
+Organizations on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
 
 {% ifversion ghec %}
-Organizations on {% ifversion ghas-products-cloud %}{% data variables.product.prodname_team %} or {% endif %}{% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
+Organizations on {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
 
 {% ifversion ghes %}
 Organizations with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
diff --git a/data/reusables/gated-features/security-overview-fpt-both.md b/data/reusables/gated-features/security-overview-fpt-both.md
new file mode 100644
index 000000000000..9cd507fe171c
--- /dev/null
+++ b/data/reusables/gated-features/security-overview-fpt-both.md
@@ -0,0 +1,3 @@
+{% ifversion fpt %}
+Organizations owned by a {% data variables.product.prodname_team %} account with {% data variables.product.prodname_GH_cs_or_sp %}, or owned by a {% data variables.product.prodname_enterprise %} account
+{% endif %}
diff --git a/data/reusables/gated-features/security-overview-fpt-cs-only.md b/data/reusables/gated-features/security-overview-fpt-cs-only.md
new file mode 100644
index 000000000000..79c75b903210
--- /dev/null
+++ b/data/reusables/gated-features/security-overview-fpt-cs-only.md
@@ -0,0 +1,3 @@
+{% ifversion fpt %}
+Organizations owned by a {% data variables.product.prodname_team %} account with {% data variables.product.prodname_GH_code_security %}, or owned by a {% data variables.product.prodname_enterprise %} account
+{% endif %}
diff --git a/data/reusables/gated-features/security-overview-fpt-sp-only.md b/data/reusables/gated-features/security-overview-fpt-sp-only.md
new file mode 100644
index 000000000000..08f20d8a297f
--- /dev/null
+++ b/data/reusables/gated-features/security-overview-fpt-sp-only.md
@@ -0,0 +1,3 @@
+{% ifversion fpt %}
+Organizations owned by a {% data variables.product.prodname_team %} account with {% data variables.product.prodname_GH_secret_protection %}, or owned by a {% data variables.product.prodname_enterprise %} account
+{% endif %}
diff --git a/data/reusables/gated-features/security-overview-general.md b/data/reusables/gated-features/security-overview-general.md
new file mode 100644
index 000000000000..fe782a6ac3db
--- /dev/null
+++ b/data/reusables/gated-features/security-overview-general.md
@@ -0,0 +1,10 @@
+{% data variables.product.prodname_secret_risk_assessment_caps %} is available for all organizations owned by {% data variables.product.prodname_team %} or {% data variables.product.prodname_enterprise %}. Additional views are available for:
+
+{% ifversion fpt %}
+* Organizations owned by a {% data variables.product.prodname_team %} account with {% data variables.product.prodname_GH_cs_or_sp %}
+* Organizations owned by a {% data variables.product.prodname_enterprise %} account
+{% elsif ghec %}
+* Enterprises and their organizations
+{% elsif ghes %}
+* Organizations
+{% endif %}
diff --git a/data/reusables/gated-features/security-overview.md b/data/reusables/gated-features/security-overview.md
deleted file mode 100644
index ce4d614ec992..000000000000
--- a/data/reusables/gated-features/security-overview.md
+++ /dev/null
@@ -1,7 +0,0 @@
-{% ifversion fpt %}
-Organizations that use {% ifversion ghas-products-cloud %}{% data variables.product.prodname_team %} or {% endif %}{% data variables.product.prodname_enterprise %}
-{% elsif ghec %}
-Enterprises and their organizations
-{% elsif ghes %}
-Organizations
-{% endif %}
diff --git a/data/reusables/organizations/billing_plans_or_licensing.md b/data/reusables/organizations/billing_plans_or_licensing.md
new file mode 100644
index 000000000000..d5bf6c671d18
--- /dev/null
+++ b/data/reusables/organizations/billing_plans_or_licensing.md
@@ -0,0 +1 @@
+1. In the "Access" section of the sidebar, click **{% octicon "credit-card" aria-hidden="true" %} Billing & licensing** and then **Licensing** (new platform). Alternatively, click **{% octicon "credit-card" aria-hidden="true" %} Billing and plans** (original platform).
diff --git a/data/reusables/permissions/secret-risk-assessment-report-generation.md b/data/reusables/permissions/secret-risk-assessment-report-generation.md
new file mode 100644
index 000000000000..b4395e969fdf
--- /dev/null
+++ b/data/reusables/permissions/secret-risk-assessment-report-generation.md
@@ -0,0 +1 @@
+Organization owners and security managers
diff --git a/data/reusables/profile/access_org.md b/data/reusables/profile/access_org.md
index 1b522797f711..5fe636173383 100644
--- a/data/reusables/profile/access_org.md
+++ b/data/reusables/profile/access_org.md
@@ -1 +1 @@
-1. In the upper-right corner of {% data variables.product.prodname_dotcom %}, select your profile photo, then click{% ifversion fpt or ghec %} **{% octicon "organization" aria-hidden="true" %}{% endif %} Your organizations**.
+1. In the upper-right corner of {% data variables.product.prodname_dotcom %}, select your profile photo, then click **{% octicon "organization" aria-hidden="true" %} Your organizations**.
diff --git a/data/reusables/rai/code-scanning/gated-feature-autofix.md b/data/reusables/rai/code-scanning/gated-feature-autofix.md
index 9af6b99114f2..97f67d5977de 100644
--- a/data/reusables/rai/code-scanning/gated-feature-autofix.md
+++ b/data/reusables/rai/code-scanning/gated-feature-autofix.md
@@ -1,9 +1,9 @@
 {% data variables.product.prodname_copilot_autofix %} for {% data variables.product.prodname_code_scanning %} is available for the following repository types:
 
 {% ifversion fpt %}
-* Public repositories on {% data variables.product.prodname_dotcom_the_website %}{%- ifversion ghas-products-cloud %}
-* Organization-owned repositories on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}{% endif %}
+* Public repositories on {% data variables.product.prodname_dotcom_the_website %}
+* Organization-owned repositories on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
 
 {% ifversion ghec %}
 * Public repositories on {% data variables.product.prodname_dotcom_the_website %}
-* Organization-owned repositories on {% ifversion ghas-products-cloud %}{% data variables.product.prodname_team %} or {% endif %}{% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
+* Organization-owned repositories on {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_code_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
diff --git a/data/reusables/rai/secret-scanning/copilot-secret-scanning-gated-feature.md b/data/reusables/rai/secret-scanning/copilot-secret-scanning-gated-feature.md
index b859488f4cc2..112eea528d6b 100644
--- a/data/reusables/rai/secret-scanning/copilot-secret-scanning-gated-feature.md
+++ b/data/reusables/rai/secret-scanning/copilot-secret-scanning-gated-feature.md
@@ -1,15 +1,7 @@
 {% data variables.secret-scanning.copilot-secret-scanning %} is available for the following repository types:
 
-{%- ifversion ghas-products-cloud %}
-
 {% ifversion fpt %}
 * Organization-owned repositories on {% data variables.product.prodname_team %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
 
 {% ifversion ghec %}
 * Organization-owned repositories on {% data variables.product.prodname_team %} or {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_secret_protection %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% endif %}
-
-{% else %}
-
-* Public, private, and internal repositories in organizations using {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GHAS %}](/get-started/learning-about-github/about-github-advanced-security) enabled
-
-{% endif %}
diff --git a/data/reusables/repositories/code-scanning-enable.md b/data/reusables/repositories/code-scanning-enable.md
new file mode 100644
index 000000000000..9fac5de44ce9
--- /dev/null
+++ b/data/reusables/repositories/code-scanning-enable.md
@@ -0,0 +1,4 @@
+{% ifversion ghas-products %}
+1. To the right of "{% data variables.product.prodname_code_security %}", click **Enable**.
+1. Under "{% data variables.product.prodname_code_security %}", to the right of "{% data variables.product.prodname_codeql %} analysis", select **Set up** {% octicon "triangle-down" aria-hidden="true" %}, then click **Default**.{% else %}
+1. In the "{% data variables.product.prodname_code_scanning_caps %}" section, select **Set up** {% octicon "triangle-down" aria-hidden="true" %}, then click **Default**.{% endif %}
diff --git a/data/reusables/secret-protection/billing-link.md b/data/reusables/secret-protection/billing-link.md
new file mode 100644
index 000000000000..72562fe3056a
--- /dev/null
+++ b/data/reusables/secret-protection/billing-link.md
@@ -0,0 +1 @@
+(see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)).
diff --git a/data/reusables/secret-protection/product-list.md b/data/reusables/secret-protection/product-list.md
new file mode 100644
index 000000000000..c33e120f7348
--- /dev/null
+++ b/data/reusables/secret-protection/product-list.md
@@ -0,0 +1,13 @@
+* **{% data variables.product.prodname_secret_scanning_caps %}**: Detect secrets, for example keys and tokens, that have been checked into a repository and receive alerts.
+
+* **Push protection**: Prevent secret leaks before they happen by blocking commits containing secrets.{% ifversion secret-scanning-ai-generic-secret-detection %}
+
+* **{% data variables.secret-scanning.copilot-secret-scanning %}**: Leverage AI to detect unstructured credentials, such as passwords, that have been checked into a repository.{% endif %}
+
+* **Custom patterns**: Detect and prevent leaks for organization-specific secrets.{% ifversion security-delegated-alert-dismissal %}
+
+* **Delegated bypass for push protection** and **Delegated alert dismissal**:  Implement an approval process for better control over who in your enterprise can perform sensitive actions, supporting governance at scale.{% elsif ghes = 3.15 or ghes = 3.16 %}
+
+* **Delegated bypass for push protection**: Implement controls over who can bypass push protection.{% endif %}
+
+* **Security overview**: Understand the distribution of risk across your organization.
diff --git a/data/reusables/secret-risk-assessment/link-conceptual-information.md b/data/reusables/secret-risk-assessment/link-conceptual-information.md
new file mode 100644
index 000000000000..6580af0ad158
--- /dev/null
+++ b/data/reusables/secret-risk-assessment/link-conceptual-information.md
@@ -0,0 +1 @@
+ For more information about the report, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment).
diff --git a/data/reusables/secret-risk-assessment/notification-report-ready.md b/data/reusables/secret-risk-assessment/notification-report-ready.md
new file mode 100644
index 000000000000..c2a8d8f2de97
--- /dev/null
+++ b/data/reusables/secret-risk-assessment/notification-report-ready.md
@@ -0,0 +1 @@
+If you're an organization owner and you've opted in for email notifications, {% data variables.product.github %} will send you an email to let you know when the report is ready to view.
diff --git a/data/reusables/secret-risk-assessment/public-preview-note.md b/data/reusables/secret-risk-assessment/public-preview-note.md
new file mode 100644
index 000000000000..0b5d3d85aeec
--- /dev/null
+++ b/data/reusables/secret-risk-assessment/public-preview-note.md
@@ -0,0 +1,2 @@
+> [!NOTE]
+> The {% data variables.product.prodname_secret_risk_assessment %} report is currently in {% data variables.release-phases.public_preview %} and subject to change. If you have feedback or questions, please join the [discussion in {% data variables.product.prodname_github_community %}](https://github.com/orgs/community/discussions/153016) – we’re listening.
diff --git a/data/reusables/secret-risk-assessment/report-intro.md b/data/reusables/secret-risk-assessment/report-intro.md
new file mode 100644
index 000000000000..b9aef4d584e6
--- /dev/null
+++ b/data/reusables/secret-risk-assessment/report-intro.md
@@ -0,0 +1,4 @@
+{% data variables.product.company_short %} provides a **secret risk assessment** report that organization owners and security managers can generate to evaluate the exposure of an organization to leaked secrets. The {% data variables.product.prodname_secret_risk_assessment %} is an **on-demand, point-in-time scan** of the code within an organization that:
+* Shows any leaked secrets within the organization
+* Shows the kinds of secrets that are leaked outside the organization
+* Provides actionable insights for remediation
diff --git a/data/reusables/secret-risk-assessment/what-is-scanned.md b/data/reusables/secret-risk-assessment/what-is-scanned.md
new file mode 100644
index 000000000000..7e9e709e95d0
--- /dev/null
+++ b/data/reusables/secret-risk-assessment/what-is-scanned.md
@@ -0,0 +1 @@
+The free {% data variables.product.prodname_secret_risk_assessment %} scans _only the code_ in your organization, including the code in archived repositories. You can extend the surface being scanned to cover content in pull requests, issues, wikis, and {% data variables.product.prodname_discussions %} with **{% data variables.product.prodname_GH_secret_protection %}**.
diff --git a/data/reusables/secret-scanning/generic-secret-detection-policy-note.md b/data/reusables/secret-scanning/generic-secret-detection-policy-note.md
index 513e1b31b6d7..128efce81c9d 100644
--- a/data/reusables/secret-scanning/generic-secret-detection-policy-note.md
+++ b/data/reusables/secret-scanning/generic-secret-detection-policy-note.md
@@ -1 +1,5 @@
+{% ifversion ghec %}
+
 To use {% data variables.secret-scanning.generic-secret-detection %}, an enterprise owner must first set a policy at the enterprise level that controls whether the feature can be enabled and disabled for repositories in an organization. This policy is set to "allowed" by default.
+
+{% endif %}
diff --git a/data/reusables/secret-scanning/view-custom-pattern.md b/data/reusables/secret-scanning/view-custom-pattern.md
index 11ad189617a5..667324104703 100644
--- a/data/reusables/secret-scanning/view-custom-pattern.md
+++ b/data/reusables/secret-scanning/view-custom-pattern.md
@@ -1,3 +1,3 @@
 1. Navigate to where the custom pattern was created. A custom pattern can be created in a repository, organization, or enterprise account.
-   * For a repository or organization, display the "Security & analysis" settings for the repository or organization where the custom pattern was created. For more information, see [Defining a custom pattern for a repository](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository) or [Defining a custom pattern for an organization](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization).
+   * For a repository or organization, display the {% ifversion ghas-products %}"{% data variables.product.prodname_AS %}"{% else %}"Security & analysis"{% endif %} settings for the repository or organization where the custom pattern was created. For more information, see [Defining a custom pattern for a repository](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-a-repository) or [Defining a custom pattern for an organization](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-organization).
    * For an enterprise, under "Policies" display the "{% data variables.product.UI_advanced_security_ent %}" area, and then click **Security features**. For more information, see [Defining a custom pattern for an enterprise account](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning#defining-a-custom-pattern-for-an-enterprise-account).
diff --git a/data/reusables/secret-scanning/what-is-scanned.md b/data/reusables/secret-scanning/what-is-scanned.md
index 1e17199d8c2c..a36dac740dc1 100644
--- a/data/reusables/secret-scanning/what-is-scanned.md
+++ b/data/reusables/secret-scanning/what-is-scanned.md
@@ -1,11 +1,11 @@
 Additionally, {% data variables.product.prodname_secret_scanning %} scans:
 * Descriptions and comments in issues
-* Titles, descriptions, and comments, in open and closed _historical_ issues{% ifversion ghec %}. A notification is sent to the relevant partner when a historical partner pattern is detected.{% endif %}{% ifversion secret-scanning-enhancements-prs-discussions %}
+* Titles, descriptions, and comments, in open and closed _historical_ issues{% ifversion fpt or ghec %}. A notification is sent to the relevant partner when a historical partner pattern is detected.{% endif %}{% ifversion secret-scanning-enhancements-prs-discussions %}
 * Titles, descriptions, and comments in pull requests
 * Titles, descriptions, and comments in {% data variables.product.prodname_discussions %}{% endif %}{% ifversion secret-scanning-enhancements-wikis %}
 * Wikis{% endif %}
 
-{% ifversion ghec %}
+{% ifversion fpt or ghec %}
 This additional scanning is free for public repositories.
 {% endif %}
 
diff --git a/data/reusables/security-configurations/apply-configuration-by-default.md b/data/reusables/security-configurations/apply-configuration-by-default.md
index d0ba867b64f9..e2a28a3e632d 100644
--- a/data/reusables/security-configurations/apply-configuration-by-default.md
+++ b/data/reusables/security-configurations/apply-configuration-by-default.md
@@ -1 +1,2 @@
+<!--Based on testing on 2025-03-31 this additional option is available only when you apply configurations at the enterprise level.-->
 1. Optionally, in the confirmation dialog, you can choose to automatically apply the {% data variables.product.prodname_security_configuration %} to newly created repositories depending on their visibility. Select the **None** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **Public**, or **Private and internal**, or both.
diff --git a/data/reusables/security-configurations/apply-configuration.md b/data/reusables/security-configurations/apply-configuration.md
index e84c786e38cf..cf6e5d8963cf 100644
--- a/data/reusables/security-configurations/apply-configuration.md
+++ b/data/reusables/security-configurations/apply-configuration.md
@@ -1,4 +1,4 @@
-1. To apply the {% data variables.product.prodname_security_configuration %}, click **Apply**.
+1. Review the detailed information about how your changes will affect {% data variables.product.prodname_cs_and_sp %} license consumption. To apply the {% data variables.product.prodname_security_configuration %}, click **Apply**.
 
 {% ifversion fpt or ghec or ghes > 3.15 %}The {% data variables.product.prodname_security_configuration %} is applied to both active and archived repositories because some security features run on archived repositories, for example, {% data variables.product.prodname_secret_scanning %}. In addition, if a repository is later unarchived you can be confident that it is protected by the chosen {% data variables.product.prodname_security_configuration %}.{% elsif ghes = 3.15 %}
    > [!NOTE]
diff --git a/data/reusables/security-configurations/select-repos.md b/data/reusables/security-configurations/select-repos.md
new file mode 100644
index 000000000000..91d94cb75af0
--- /dev/null
+++ b/data/reusables/security-configurations/select-repos.md
@@ -0,0 +1,4 @@
+1. In the repository table, select repositories with one of three methods:
+     * Select each repository you would like to apply the {% data variables.product.prodname_security_configuration %} to.
+     * To select all repositories displayed on the current page of the repository table, select the checkbox associated with "NUMBER repositories".
+     * After selecting the current page of repositories, "25 of NUMBER selected", to select _all_ repositories in your organization that match any filters you have applied, click **Select all**.
diff --git a/data/reusables/security-configurations/view-configurations-page.md b/data/reusables/security-configurations/view-configurations-page.md
index 48562d252513..22f108c0f9f7 100644
--- a/data/reusables/security-configurations/view-configurations-page.md
+++ b/data/reusables/security-configurations/view-configurations-page.md
@@ -1 +1 @@
-1. In the "Security" section of the sidebar, select the **{% data variables.product.UI_advanced_security %}** dropdown menu, then click **Configurations**.
+1. In the "Security" section of the sidebar, select the **{% octicon "codescan" aria-hidden="true" %} {% data variables.product.UI_advanced_security %}** dropdown menu, then click **Configurations**.
diff --git a/data/reusables/security-overview/download-csv-files.md b/data/reusables/security-overview/download-csv-files.md
index 2dbca6a50e00..c1cc42f82530 100644
--- a/data/reusables/security-overview/download-csv-files.md
+++ b/data/reusables/security-overview/download-csv-files.md
@@ -1 +1 @@
-From security overview, you can download comma-separated values (CSV) files containing data from the "Overview", "Risk", "Coverage" and "{% data variables.product.prodname_codeql %} pull request alerts" pages of your organization{% ifversion security-overview-export-data %} or enterprise{% endif %}'s security overview. These files can be used for efforts like security research and in-depth data analysis, and can integrate easily with external datasets.
+From security overview, you can download comma-separated values (CSV) files containing data from several pages of your organization{% ifversion security-overview-export-data %} or enterprise{% endif %}'s security overview. These files can be used for efforts like security research and in-depth data analysis, and can integrate easily with external datasets.
diff --git a/data/reusables/security-overview/generate-secret-risk-assessment-report.md b/data/reusables/security-overview/generate-secret-risk-assessment-report.md
new file mode 100644
index 000000000000..36e9c07d1548
--- /dev/null
+++ b/data/reusables/security-overview/generate-secret-risk-assessment-report.md
@@ -0,0 +1 @@
+1. To generate the {% data variables.product.prodname_secret_risk_assessment %}, click **Scan your organization**.
diff --git a/data/reusables/security-overview/open-assessments-view.md b/data/reusables/security-overview/open-assessments-view.md
new file mode 100644
index 000000000000..57192261c678
--- /dev/null
+++ b/data/reusables/security-overview/open-assessments-view.md
@@ -0,0 +1 @@
+1. In the sidebar, under "Security", click **Assessments**.
diff --git a/data/reusables/security-overview/secret-risk-assessment-report-generation-cadence.md b/data/reusables/security-overview/secret-risk-assessment-report-generation-cadence.md
new file mode 100644
index 000000000000..a236c8b60c8d
--- /dev/null
+++ b/data/reusables/security-overview/secret-risk-assessment-report-generation-cadence.md
@@ -0,0 +1 @@
+> [!TIP] You can only generate the report once every 90 days. We recommend that you implement {% data variables.product.prodname_GH_secret_protection %} for continuous secret monitoring and prevention. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/choosing-github-secret-protection).
diff --git a/data/reusables/user-settings/security-analysis.md b/data/reusables/user-settings/security-analysis.md
index 33d6a12b6f86..457daa1c00c5 100644
--- a/data/reusables/user-settings/security-analysis.md
+++ b/data/reusables/user-settings/security-analysis.md
@@ -1 +1 @@
-1. In the "Security" section of the sidebar, click **{% octicon "shield-lock" aria-hidden="true" %} {% data variables.product.UI_advanced_security %}**.
+1. In the "Security" section of the sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security**.
diff --git a/data/ui.yml b/data/ui.yml
index ff0431750435..dcbdd185d734 100644
--- a/data/ui.yml
+++ b/data/ui.yml
@@ -250,6 +250,7 @@ product_landing:
   overview: Overview
   try_ghec_for_free: Try GitHub's enterprise features
   try_ghas_for_free: Try GitHub Advanced Security for free
+  generate_secret_risk_assessment_report_for_free: Run a point-in-time scan to assess your organization's exposure to secret leaks
   plan_your_migration: Plan your migration
   releases: Releases
   guides: Guides
diff --git a/data/variables/enterprise.yml b/data/variables/enterprise.yml
index 0b88e47eae54..1614a1334626 100644
--- a/data/variables/enterprise.yml
+++ b/data/variables/enterprise.yml
@@ -31,5 +31,5 @@ gh_enterprise_domain: '{% ifversion ghec %}{% data variables.enterprise.data_res
 gh_enterprise_container_registry: '{% ifversion ghes %}https://containers.GHE_HOSTNAME/v2/{% elsif ghec %}https://containers.SUBDOMAIN.ghe.com{% endif %}'
 
 # For features that are available on more than one cloud account type
-enterprise_or_org: '{% ifversion fpt %}organization{% elsif ghec %}enterprise{% endif %}'
+enterprise_or_org: '{% ifversion fpt %}organization{% elsif ghec or ghes %}enterprise{% endif %}'
 enterprise_and_org: '{% ifversion fpt %}organization{% elsif ghec %}enterprise and organizations{% endif %}'
diff --git a/data/variables/product.yml b/data/variables/product.yml
index 3bf425e4d7b8..2358b55646ab 100644
--- a/data/variables/product.yml
+++ b/data/variables/product.yml
@@ -189,20 +189,32 @@ prodname_GH_secret_protection: '{% ifversion ghas-products %}GitHub Secret Prote
 ## GHAS or GHAS products
 prodname_GHAS_or_code_security: '{% ifversion ghas-products %}GitHub Code Security or {% endif %}GitHub Advanced Security'
 prodname_GHAS_or_secret_protection: '{% ifversion ghas-products %}GitHub Secret Protection or {% endif %}GitHub Advanced Security'
-prodname_GHAS_cs_or_sp: '{% ifversion ghas-products %}GitHub Code Security, GitHub Secret Protection, or {% endif %}GitHub Advanced Security'
-prodname_GH_cs_or_sp: '{% ifversion ghas-products %}GitHub Code Security or GitHub Secret Protection{% else %}GitHub Advanced Security{% endif %}'
+prodname_GHAS_cs_or_sp: '{% ifversion ghas-products %}GitHub Secret Protection, GitHub Code Security, or {% endif %}GitHub Advanced Security'
+prodname_GH_cs_or_sp: '{% ifversion ghas-products %}GitHub Secret Protection or GitHub Code Security{% else %}GitHub Advanced Security{% endif %}'
+
+## GHAS and GHAS products
+prodname_GHAS_cs_and_sp: '{% ifversion ghas-products %}GitHub Secret Protection, GitHub Code Security, and {% endif %}GitHub Advanced Security'
+prodname_GH_cs_and_sp: '{% ifversion ghas-products %}GitHub Secret Protection and GitHub Code Security{% else %}GitHub Advanced Security{% endif %}'
 
 ## Short or UI names
 prodname_AS: 'Advanced Security'
 prodname_code_security: '{% ifversion ghas-products %}Code Security{% else %}Advanced Security{% endif %}'
 prodname_secret_protection: '{% ifversion ghas-products %}Secret Protection{% else %}Advanced Security{% endif %}'
+prodname_cs_or_sp: '{% ifversion ghas-products %}Secret Protection or Code Security{% else %}Advanced Security{% endif %}'
+prodname_cs_and_sp: '{% ifversion ghas-products %}Secret Protection and Code Security{% else %}Advanced Security{% endif %}'
 UI_advanced_security: '{% ifversion ghas-products %}{% data variables.product.prodname_AS %}{% elsif code-security-wording-only %}Code security{% else %}Code security and analysis{% endif %}'
 UI_advanced_security_ent: '{% ifversion ghas-products %}{% data variables.product.prodname_AS %}{% elsif code-security-wording-only-enterprise %}Code security{% else %}Code security and analysis{% endif %}'
+UI_code_security_scanning: '{% ifversion ghas-products %}Code Security{% else %}Code scanning{% endif %}'
+UI_secret_protection_scanning: '{% ifversion ghas-products %}Secret Protection{% else %}Secret scanning{% endif %}'
 
 ## OLD variables, DO NOT USE
 prodname_GH_advanced_security: 'GitHub Advanced Security'
 prodname_advanced_security: 'Advanced Security'
 
+## Secret risk assessment
+prodname_secret_risk_assessment: 'secret risk assessment'
+prodname_secret_risk_assessment_caps: 'Secret risk assessment'
+
 ## Azure DevOps
 prodname_ghas_azdo: 'GitHub Advanced Security for Azure DevOps'
 
diff --git a/data/variables/secret-scanning.yml b/data/variables/secret-scanning.yml
index c58fea818881..f10b98c952ad 100644
--- a/data/variables/secret-scanning.yml
+++ b/data/variables/secret-scanning.yml
@@ -13,3 +13,7 @@ custom-pattern-regular-expression-generator-caps: 'Regular expression generator'
 copilot-secret-scanning: 'Copilot secret scanning'
 generic-secret-detection: 'generic secret detection'
 generic-secret-detection-caps: 'Generic secret detection'
+
+# Combined to provide a secret to demonstrate push protection. Dummy secret, no access.
+learner-example-secret-a: 'secret_scanning_ab85fc6f8d76'
+learner-example-secret-b: '38cf1c11da812da308d43_abcde'
diff --git a/src/fixtures/fixtures/data/ui.yml b/src/fixtures/fixtures/data/ui.yml
index ff0431750435..dcbdd185d734 100644
--- a/src/fixtures/fixtures/data/ui.yml
+++ b/src/fixtures/fixtures/data/ui.yml
@@ -250,6 +250,7 @@ product_landing:
   overview: Overview
   try_ghec_for_free: Try GitHub's enterprise features
   try_ghas_for_free: Try GitHub Advanced Security for free
+  generate_secret_risk_assessment_report_for_free: Run a point-in-time scan to assess your organization's exposure to secret leaks
   plan_your_migration: Plan your migration
   releases: Releases
   guides: Guides
diff --git a/src/fixtures/fixtures/versionless-redirects.txt b/src/fixtures/fixtures/versionless-redirects.txt
index 9504259b7f3e..04d69c1c7534 100644
--- a/src/fixtures/fixtures/versionless-redirects.txt
+++ b/src/fixtures/fixtures/versionless-redirects.txt
@@ -23,13 +23,6 @@
 - /early-access/github/articles/verifying-your-enterprise-accounts-domain
 - /github/setting-up-and-managing-your-enterprise/verifying-or-approving-a-domain-for-your-enterprise-account
 
-/enterprise-cloud@latest/billing/managing-the-plan-for-your-github-account/viewing-the-subscription-and-usage-for-your-enterprise-account
-- /billing/managing-billing-for-your-github-account/viewing-the-subscription-and-usage-for-your-enterprise-account
-- /github/setting-up-and-managing-your-enterprise/managing-your-enterprise-account/viewing-the-subscription-and-usage-for-your-enterprise-account
-- /github/setting-up-and-managing-your-enterprise-account/viewing-the-subscription-and-usage-for-your-enterprise-account
-- /articles/viewing-the-subscription-and-usage-for-your-enterprise-account
-- /github/setting-up-and-managing-your-enterprise/viewing-the-subscription-and-usage-for-your-enterprise-account
-
 /enterprise-cloud@latest/admin/managing-iam/understanding-iam-for-enterprises/about-saml-for-enterprise-iam
 - /github/setting-up-and-managing-your-enterprise/about-identity-and-access-management-for-your-enterprise-account
 - /github/setting-up-and-managing-your-enterprise/configuring-identity-and-access-management-for-your-enterprise-account/about-identity-and-access-management-for-your-enterprise-account
@@ -378,10 +371,6 @@
 
 # FPT versioning for these files was removed as part of github/docs-content#5642
 
-/enterprise-cloud@latest/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning
-- /code-security/secret-security/defining-custom-patterns-for-secret-scanning
-- /code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning
-
 /enterprise-cloud@latest/organizations/managing-organization-settings/setting-permissions-for-adding-outside-collaborators
 - /articles/restricting-the-ability-to-add-outside-collaborators-to-organization-repositories
 - /articles/setting-permissions-for-adding-outside-collaborators
@@ -393,18 +382,6 @@
 - /organizations/keeping-your-organization-secure/managing-allowed-ip-addresses-for-your-organization
 - /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-allowed-ip-addresses-for-your-organization
 
-/enterprise-cloud@latest/code-security/security-overview/viewing-the-security-overview
-- /code-security/security-overview/assessing-code-security-risk
-
-/enterprise-cloud@latest/code-security/security-overview/assessing-code-security-risk
-- /code-security/security-overview/assessing-code-security-risk
-
-/enterprise-cloud@latest/code-security/security-overview/assessing-adoption-code-security
-- /code-security/security-overview/assessing-adoption-code-security
-
-/enterprise-cloud@latest/code-security/security-overview/filtering-alerts-in-security-overview
-- /code-security/security-overview/filtering-alerts-in-security-overview
-
 /enterprise-cloud@latest/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization
 - /organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/restricting-email-notifications-for-your-organization
 - /articles/restricting-email-notifications-about-organization-activity-to-an-approved-email-domain
@@ -433,13 +410,6 @@
 - /pages/getting-started-with-github-pages/changing-the-visibility-of-your-github-pages-site
 - /github/working-with-github-pages/changing-the-visibility-of-your-github-pages-site
 
-/enterprise-cloud@latest/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage
-- /billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/viewing-your-github-advanced-security-usage
-- /admin/advanced-security/viewing-your-github-advanced-security-usage
-- /github/setting-up-and-managing-billing-and-payments-on-github/managing-licensing-for-github-advanced-security/viewing-your-github-advanced-security-usage
-- /github/setting-up-and-managing-your-enterprise/managing-use-of-advanced-security-for-organizations-in-your-enterprise-account
-- /github/setting-up-and-managing-billing-and-payments-on-github/viewing-your-github-advanced-security-usage
-
 /enterprise-cloud@latest/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-dependencies-in-your-organization
 - /organizations/collaborating-with-groups-in-organizations/viewing-insights-for-dependencies-in-your-organization
 - /organizations/collaborating-with-groups-in-organizations/viewing-insights-for-your-organization