github · docs-bot · Dec 18, 2025 · Dec 18, 2025 · Dec 18, 2025 · Dec 18, 2025
diff --git a/content/actions/how-tos/manage-runners/use-proxy-servers.md b/content/actions/how-tos/manage-runners/use-proxy-servers.md
@@ -22,11 +22,7 @@ contentType: how-tos
 
 If your runner needs to communicate via a proxy server, you can configure proxy settings using environment variables or system-level configurations.
 
-| Variable      | Description                                                                                           | Example                                                                                     |
-| ------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------- |
-| `https_proxy` | Proxy URL for HTTPS traffic. You can include basic authentication if required.                        | `http://proxy.local`<br>`http://192.168.1.1:8080`<br>`http://username:password@proxy.local` |
-| `http_proxy`  | Proxy URL for HTTP traffic. You can include basic authentication if required.                         | `http://proxy.local`<br>`http://192.168.1.1:8080`<br>`http://username:password@proxy.local` |
-| `no_proxy`    | A comma-separated list of hosts or IP addresses that should bypass the proxy. Some clients only honor IP addresses when connections are made directly to the IP rather than a hostname. | `example.com`<br>`example.com,myserver.local:443,example.org`                               |
+{% data reusables.actions.actions-proxy-environment-variables-table %}
 
 The proxy environment variables are read when the runner application starts, so you must set the environment variables before configuring or starting the runner application. If your proxy configuration changes, you must restart the runner application.
 

diff --git a/content/admin/data-residency/network-details-for-ghecom.md b/content/admin/data-residency/network-details-for-ghecom.md
@@ -12,14 +12,18 @@ redirect_from:
 
 To access your enterprise on {% data variables.enterprise.data_residency_site %}, client systems must:
 
-* Trust the following SSH key fingerprints
-* Have access to the following hostnames and IP addresses
+* Trust {% data variables.product.github %}'s SSH key fingerprints
+* Have access to {% data variables.product.github %}'s hostnames and IP addresses
 
 ## {% data variables.product.github %}'s SSH key fingerprints
 
-* `SHA256:PYES2CtancLX+w0+VvwWRQclfulUkqj6hpZmcKFAO3w` (RSA)
-* `SHA256:TKoEXigNsj5b6XaSOSf20L0y3cuNx41WWM+l4AAK9k4` (ECDSA)
-* `SHA256:LqPvjvQugr3MmzVYw9M3gT7won8/lUPZCSvmNydl7vU` (Ed25519)
+To find these details, use the `/meta` API endpoint for your instance. For example, using the {% data variables.product.prodname_cli %}:
+
+```shell
+gh api /meta --hostname octocorp.ghe.com
+```
+
+For more information, see [AUTOTITLE](/rest/meta/meta).
 
 ## {% data variables.product.github %}'s hostnames
 
@@ -36,8 +40,6 @@ To access your enterprise on {% data variables.enterprise.data_residency_site %}
 
 ### The EU
 
-These are {% data variables.product.company_short %}'s IP address ranges for enterprises hosted in the EU.
-
 | Ranges for egress traffic | Ranges for ingress traffic |
 |--------------------------|---------------------------|
 | 108.143.221.96/28        | 108.143.197.176/28        |
@@ -49,8 +51,6 @@ These are {% data variables.product.company_short %}'s IP address ranges for ent
 
 ### Australia
 
-These are {% data variables.product.company_short %}'s IP address ranges for enterprises hosted in Australia.
-
 | Ranges for egress traffic | Ranges for ingress traffic |
 |--------------------------|---------------------------|
 | 20.5.34.240/28           | 4.237.73.192/28           |
@@ -59,14 +59,20 @@ These are {% data variables.product.company_short %}'s IP address ranges for ent
 
 ### US
 
-These are {% data variables.product.company_short %}'s IP address ranges for enterprises hosted in the US.
-
 | Ranges for egress traffic | Ranges for ingress traffic |
 |--------------------------|---------------------------|
 | 20.221.76.128/28         | 74.249.180.192/28         |
 | 135.233.115.208/28       | 48.214.149.96/28          |
 | 20.118.27.192/28         | 172.202.123.176/28        |
 
+### Japan
+
+| Ranges for egress traffic | Ranges for ingress traffic |
+|--------------------------|-----------------------------|
+| 74.226.88.192/28         | 74.226.88.240/28            |
+| 40.81.180.112/28         | 40.81.176.224/28            |
+| 4.190.169.192/28         | 4.190.169.240/28            |
+
 ## Supported regions for Azure private networking
 
 If you use Azure private networking for {% data variables.product.company_short %}-hosted runners, the supported Azure regions on {% data variables.enterprise.data_residency_site %} differ from those on {% data variables.product.prodname_dotcom_the_website %}.
@@ -95,6 +101,14 @@ If you use Azure private networking for {% data variables.product.company_short
 | arm64 | `centralus`, `eastus2`, `westus3` |
 | GPU | `centralus`, `eastus2`, `westus3` |
 
+### Supported regions in Japan
+
+| Runner type | Supported regions |
+| ----------- | ----------------- |
+| x64 | `japaneast`, `japanwest` |
+| arm64 | `japaneast`, `japanwest` |
+| GPU | `japaneast` |
+
 ### IP ranges for Azure private networking
 
 #### EU
@@ -113,17 +127,30 @@ EU region:
 * 20.240.220.192/28
 * 20.240.211.208/28
 
-#### Austrailia
+#### Australia
 
 Actions IPs:
 * 4.147.140.77
 * 20.53.114.78
 
-Austraila region:
+Australia region:
 * 4.237.73.192/28
 * 20.5.226.112/28
 * 20.248.163.176/28
 
+#### Japan
+
+Actions IPs:
+
+* 20.63.233.164
+* 172.192.153.164
+
+Japan region:
+
+74.226.88.241
+40.81.176.225
+4.190.169.240
+
 #### Required for all regions
 
 * `Storage` service tag
@@ -160,35 +187,3 @@ Austraila region:
 ## IP ranges for {% data variables.product.prodname_importer_proper_name %}
 
 If you're running a migration to your enterprise with {% data variables.product.prodname_importer_proper_name %}, you may need to add certain ranges to an IP allow list. See [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products#configuring-ip-allow-lists-for-migrations).
-
-### Required in the EU
-
-* 4.231.155.80/29
-* 4.225.9.96/29
-* 51.12.152.184/29
-* 20.199.6.80/29
-* 51.12.144.32/29
-* 20.199.1.232/29
-* 51.12.152.240/29
-* 20.19.101.136/29
-* 74.241.131.48/28
-* 51.12.252.16/28
-* 20.240.211.176/28
-* 108.143.221.96/28
-* 20.61.46.32/28
-* 20.224.62.160/28
-
-### Required in Australia
-
-* 20.213.241.72/29
-* 20.11.90.48/29
-* 20.5.34.240/28
-* 20.5.146.128/28
-* 68.218.155.16/28
-
-### Required in the US
-
-* 130.213.245.128/28
-* 20.171.204.144/28
-* 20.171.204.176/28
-* 4.150.167.192/28
diff --git a/...your-enterprise/creating-a-custom-security-configuration-for-your-enterprise.md b/...your-enterprise/creating-a-custom-security-configuration-for-your-enterprise.md
@@ -69,7 +69,8 @@ When creating a security configuration, keep in mind that:
       > When both "{% data variables.product.prodname_code_security %}" and Dependency graph are enabled, this enables dependency review, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).{%- ifversion maven-transitive-dependencies %}
    * **Automatic dependency submission**. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %}
    * **{% data variables.product.prodname_dependabot %} alerts**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
-   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion fpt or ghec %}
+   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion dependabot-delegated-alert-dismissal %}
+   * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal).{% endif %}{% ifversion fpt or ghec %}
 1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).{% endif %}
 1. Optionally, in the "Policy" section, you can use additional options to control how the configuration is applied:
    * **Use as default for newly created repositories**. Select the **None** {% octicon "triangle-down" aria-hidden="true" aria-label="triangle-down" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**.
@@ -108,7 +109,8 @@ When creating a security configuration, keep in mind that:
       > When both "{% data variables.product.prodname_GHAS %}" and Dependency graph are enabled, this enables dependency review, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).{%- ifversion maven-transitive-dependencies %}
    * **Automatic dependency submission**. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %}
    * **{% data variables.product.prodname_dependabot %} alerts**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
-   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion fpt or ghec %}
+   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion dependabot-delegated-alert-dismissal %}
+   * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal).{% endif %}{% ifversion fpt or ghec %}
 1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).{% endif %}
 1. Optionally, in the "Policy" section, you can use additional options to control how the configuration is applied:
    * **Use as default for newly created repositories**. Select the **None** {% octicon "triangle-down" aria-hidden="true" aria-label="triangle-down" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**.

diff --git a/content/admin/overview/establishing-a-governance-framework-for-your-enterprise.md b/content/admin/overview/establishing-a-governance-framework-for-your-enterprise.md
@@ -122,7 +122,10 @@ You may want to set up an approval process for better control over who in your e
 
 Approval processes are available for:
 * Bypasses of push protection—You can choose who is allowed to bypass push protection, and add a review and approval cycle for pushes containing secrets from all other contributors. For more information about **delegated bypass for push protection**, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection).{% ifversion security-delegated-alert-dismissal %}
-* Dismissals of alerts for {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}—You can provide additional control and visibility over alert assessment by ensuring that only designated individuals can dismiss (or close) alerts. For more information about **delegated alert dismissal**, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning) and [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning).
+* Dismissals of alerts for {% data variables.product.prodname_code_scanning %}{% ifversion dependabot-delegated-alert-dismissal %}, {% data variables.product.prodname_dependabot %},{% endif %} and {% data variables.product.prodname_secret_scanning %}—You can provide additional control and visibility over alert assessment by ensuring that only designated individuals can dismiss (or close) alerts. For more information about **delegated alert dismissal**, see the following articles:
+  * [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning){% ifversion dependabot-delegated-alert-dismissal %}
+  * [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal){% endif %}
+  * [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning)
 
 {% endif %}
 

diff --git a/...thentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses.md b/...thentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses.md
@@ -19,13 +19,7 @@ topics:
 shortTitle: GitHub's IP addresses
 ---
 
-You can retrieve a list of the IP addresses for {% data variables.product.prodname_dotcom_the_website %} from the [meta](https://api.github.com/meta) API endpoint. For more information, see [AUTOTITLE](/rest/meta).
-
-{% ifversion ghec %}
-
-If you access {% data variables.product.github %} on a subdomain of {% data variables.enterprise.data_residency_site %}, the meta endpoint does not return IP ranges for your subdomain. See [AUTOTITLE](/admin/data-residency/network-details-for-ghecom#githubs-ip-addresses).
-
-{% endif %}
+You can retrieve a list of the IP addresses for your {% data variables.product.github %} environment from the [meta](https://api.github.com/meta) API endpoint. For more information, see [AUTOTITLE](/rest/meta).
 
 > [!NOTE]
 > The list of {% data variables.product.prodname_dotcom %} IP addresses returned by the Meta API is not intended to be an exhaustive list. For example, IP addresses for some {% data variables.product.prodname_dotcom %} services might not be listed, such as LFS or {% data variables.product.prodname_registry %}.

diff --git a/content/code-security/code-scanning/index.md b/content/code-security/code-scanning/index.md
@@ -25,4 +25,5 @@ children:
   - /integrating-with-code-scanning
   - /troubleshooting-code-scanning
   - /troubleshooting-sarif-uploads
+  - /reference
 ---
diff --git a/...managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md b/...managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md
@@ -127,7 +127,7 @@ Anyone with push access to a pull request can fix a {% data variables.product.pr
 When {% data variables.copilot.copilot_autofix_short %} is enabled for a repository, alerts are displayed in pull requests as normal and information from any alerts found by {% data variables.product.prodname_code_scanning %} is automatically sent to the LLM for processing. When LLM analysis is complete, any results are published as comments on relevant alerts. For more information, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning).
 
 > [!NOTE]
-> * {% data variables.copilot.copilot_autofix_short %} supports a subset of {% data variables.product.prodname_codeql %} queries. For information about the availability of {% data variables.copilot.copilot_autofix_short %}, see the query tables linked from [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites#query-lists-for-the-default-query-suites).
+> * {% data variables.copilot.copilot_autofix_short %} supports a subset of {% data variables.product.prodname_codeql %} queries. For information about the availability of {% data variables.copilot.copilot_autofix_short %}, see the query tables linked from [AUTOTITLE](/code-security/code-scanning/reference/code-ql-built-in-queries).
 > * When analysis is complete, all relevant results are published to the pull request at once. If at least one alert in your pull request has an {% data variables.copilot.copilot_autofix_short %} suggestion, you should assume that the LLM has finished identifying potential fixes for your code.
 > * On alerts generated from queries that are not supported by {% data variables.copilot.copilot_autofix_short %}, you will see a note telling you that the query is not supported. If a suggestion for a supported query fails to generate, you will see a note on the alert prompting you to try pushing another commit or to contact support.
 > * {% data variables.copilot.copilot_autofix_short %} for {% data variables.product.prodname_code_scanning %} alerts won't be able to generate a fix for every alert in every situation. The feature operates on a best-effort basis and is not guaranteed to succeed 100% of the time. For information about the limitations of automatically generated fixes, see [Limitations of suggestions](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning#limitations-of-suggestions).

diff --git a/.../code-scanning/managing-your-code-scanning-configuration/codeql-query-suites.md b/.../code-scanning/managing-your-code-scanning-configuration/codeql-query-suites.md
@@ -1,7 +1,7 @@
 ---
 title: CodeQL query suites
 shortTitle: CodeQL query suites
-intro: 'You can choose from different built-in {% data variables.product.prodname_codeql %} query suites to use in your {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} setup.'
+intro: You can choose from different built-in {% data variables.product.prodname_codeql %} query suites to use in your {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} setup.
 product: '{% data reusables.gated-features.codeql %}'
 versions:
   fpt: '*'
@@ -14,6 +14,7 @@ type: reference
 topics:
   - Code scanning
   - CodeQL
+contentType: other
 ---
 
 ## About {% data variables.product.prodname_codeql %} query suites
@@ -43,11 +44,7 @@ The built-in {% data variables.product.prodname_codeql %} query suites, `default
 * Relative to the `default` query suite, the `security-extended` suite may return a greater number of false positive {% data variables.product.prodname_code_scanning %} results.
 * This query suite is available for use with default setup for {% data variables.product.prodname_code_scanning %}, and is referred to as the "Extended" query suite on {% data variables.product.prodname_dotcom %}.
 
-## Query lists for the default query suites
-
-For each language, the following article lists which queries are included in the `default` and the `security-extended` suites. {% ifversion code-scanning-autofix %}Where {% data variables.copilot.copilot_autofix_short %} is available for a language, details of which queries are supported are also included.{% endif %}
-
-{% data reusables.code-scanning.codeql-query-tables.links-to-all-tables %}
+For a complete list of queries included in each query suite for every language, see [AUTOTITLE](/code-security/code-scanning/reference).
 
 ## Further reading
 

diff --git a/...-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning.md b/...-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning.md
@@ -46,3 +46,7 @@ You must configure delegated dismissal for your enterprise using a custom securi
 1. Apply the security configuration to all (or selected) repositories in your enterprise. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise).
 
 To learn more about security configurations, see [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale).
+
+## Next steps
+
+Now that you have enabled delegated alert dismissal for {% data variables.product.prodname_code_scanning %}, you should regularly review alert dismissal requests to maintain an accurate alert count and unblock your developers. See [AUTOTITLE](/code-security/security-overview/review-alert-dismissal-requests).