feanil
diff --git a/‎.github/ISSUE_TEMPLATE/partner-contributed-documentation.md‎
Lines changed: 3 additions & 0 deletions b/‎.github/ISSUE_TEMPLATE/partner-contributed-documentation.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/workflows/move-ready-to-merge-issues.yaml‎
Lines changed: 6 additions & 1 deletion b/‎.github/workflows/move-ready-to-merge-issues.yaml‎
Lines changed: 6 additions & 1 deletion
diff --git a/‎app.json‎
Lines changed: 2 additions & 1 deletion b/‎app.json‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎content/actions/learn-github-actions/security-hardening-for-github-actions.md‎
Lines changed: 1 addition & 1 deletion b/‎content/actions/learn-github-actions/security-hardening-for-github-actions.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎content/admin/configuration/configuring-code-scanning-for-your-appliance.md‎
Lines changed: 19 additions & 9 deletions b/‎content/admin/configuration/configuring-code-scanning-for-your-appliance.md‎
Lines changed: 19 additions & 9 deletions
diff --git a/‎…sitory/about-securing-your-repository.md‎ ‎…tarted/about-securing-your-repository.md‎content/github/administering-a-repository/about-securing-your-repository.md renamed to content/code-security/getting-started/about-securing-your-repository.md
Lines changed: 2 additions & 0 deletions b/‎…sitory/about-securing-your-repository.md‎ ‎…tarted/about-securing-your-repository.md‎content/github/administering-a-repository/about-securing-your-repository.md renamed to content/code-security/getting-started/about-securing-your-repository.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎content/code-security/getting-started/index.md‎
Lines changed: 15 additions & 0 deletions b/‎content/code-security/getting-started/index.md‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎content/code-security/index.md‎
Lines changed: 21 additions & 0 deletions b/‎content/code-security/index.md‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎…ng-a-repository/about-secret-scanning.md‎ ‎…secret-security/about-secret-scanning.md‎content/github/administering-a-repository/about-secret-scanning.md renamed to content/code-security/secret-security/about-secret-scanning.md
Lines changed: 1 addition & 0 deletions b/‎…ng-a-repository/about-secret-scanning.md‎ ‎…secret-security/about-secret-scanning.md‎content/github/administering-a-repository/about-secret-scanning.md renamed to content/code-security/secret-security/about-secret-scanning.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎…secret-scanning-for-your-repositories.md‎ ‎…secret-scanning-for-your-repositories.md‎content/github/administering-a-repository/configuring-secret-scanning-for-your-repositories.md renamed to content/code-security/secret-security/configuring-secret-scanning-for-your-repositories.md
Lines changed: 1 addition & 0 deletions b/‎…secret-scanning-for-your-repositories.md‎ ‎…secret-scanning-for-your-repositories.md‎content/github/administering-a-repository/configuring-secret-scanning-for-your-repositories.md renamed to content/code-security/secret-security/configuring-secret-scanning-for-your-repositories.md
Lines changed: 1 addition & 0 deletions
@@ -21,6 +21,9 @@ Please be sure to complete all items in the checklists that follow, and feel fre
 
 - [ ] Prior to submitting documentation, please apply to join the GitHub Technology Partner Program: [partner.github.com/apply](https://partner.github.com/apply?partnershipType=Technology+Partner). Please feel free to proceed once your application is approved.
 
+## What information would you like to add to docs.github.com?
+<!-- Please explain what your proposed article is about, what customers it benefits, and any other information that would help us to prioritize this request -->
+
 ## Tasks
 
 Please be sure to complete each of the following:
 
@@ -1,6 +1,11 @@
 name: Move and unlabel ready to merge issues
+
+# **What it does**: This moves ready to merge PRs on the project board for the open source repo. When a PR in the open source repo is labeled "ready to merge," the "waiting for review" label is removed and the PR is moved to the "Triage" column.
+# **Why we have it**:  To help with managing our project boards.
+# **Who does it impact**: Open source contributors, open-source maintainers.
+
 on:
-  issues:
+  pull_request:
     types:
       - labeled
 
 
@@ -3,7 +3,8 @@
   "env": {
     "NODE_ENV": "production",
     "NPM_CONFIG_PRODUCTION": "true",
-    "ENABLED_LANGUAGES": "en"
+    "ENABLED_LANGUAGES": "en",
+    "WEB_CONCURRENCY": "1"
   },
   "buildpacks": [
     { "url": "heroku/nodejs" }
 
@@ -26,7 +26,7 @@ This guide explains how to configure security hardening for certain {% data vari
 
 Sensitive values should never be stored as plaintext in workflow files, but rather as secrets. [Secrets](/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets) can be configured at the organization{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" or currentVersion == "github-ae@latest" %}, repository, or environment{% else %} or repository{% endif %} level, and allow you to store sensitive information in {% data variables.product.product_name %}.
 
-Secrets use [Libsodium sealed boxes](https://libsodium.gitbook.io/doc/public-key_cryptography/sealed_boxes), so that they are encrypted before reaching {% data variables.product.product_name %}. This occurs when the secret is submitted [using the UI](/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository) or through the [REST API](/rest/reference/actions#secrets). This client-side encryption helps the minimize risks related to accidental logging (for example, exception logs and request logs, among others) within {% data variables.product.product_name %}'s infrastructure. Once the secret is uploaded, {% data variables.product.product_name %} is then able to decrypt it so that it can be injected into the workflow runtime.
+Secrets use [Libsodium sealed boxes](https://libsodium.gitbook.io/doc/public-key_cryptography/sealed_boxes), so that they are encrypted before reaching {% data variables.product.product_name %}. This occurs when the secret is submitted [using the UI](/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#creating-encrypted-secrets-for-a-repository) or through the [REST API](/rest/reference/actions#secrets). This client-side encryption helps minimize the risks related to accidental logging (for example, exception logs and request logs, among others) within {% data variables.product.product_name %}'s infrastructure. Once the secret is uploaded, {% data variables.product.product_name %} is then able to decrypt it so that it can be injected into the workflow runtime.
 
 To help prevent accidental disclosure, {% data variables.product.product_name %} uses a mechanism that attempts to redact any secrets that appear in run logs. This redaction looks for exact matches of any configured secrets, as well as common encodings of the values, such as Base64. However, because there are multiple ways a secret value can be transformed, this redaction is not guaranteed. As a result, there are certain proactive steps and good practices you should follow to help ensure secrets are redacted, and to limit other risks associated with secrets:
 
 
@@ -52,25 +52,35 @@ For the users of {% data variables.product.product_location %} to be able to ena
 
 You must ensure that Git is in the PATH variable on any self-hosted runners you use to run {% data variables.product.prodname_codeql %} actions.
 
-{% if currentVersion == "enterprise-server@2.22" %}
 #### Provisioning the actions
+
+{% if currentVersion ver_gt "enterprise-server@2.22" %}
+If you want to use actions to run {% data variables.product.prodname_code_scanning %} on {% data variables.product.prodname_ghe_server %}, the actions must be available on your appliance.
+
+The {% data variables.product.prodname_codeql %} action is included in your installation of {% data variables.product.prodname_ghe_server %}. If {% data variables.product.prodname_ghe_server %} has access to the internet, the action will automatically download the {% data variables.product.prodname_codeql %} bundle required to perform analysis. Alternatively, you can use a synchronization tool to make the {% data variables.product.prodname_codeql %} analysis bundle available locally. For more information, see "[Configuring {% data variables.product.prodname_codeql %} analysis on a server without internet access](#configuring-codeql-analysis-on-a-server-without-internet-access)" below.
+
+You can also make third-party actions available to users for {% data variables.product.prodname_code_scanning %}, by setting up {% data variables.product.prodname_github_connect %}. For more information, see "[Configuring {% data variables.product.prodname_github_connect %} to sync {% data variables.product.prodname_actions %}](/enterprise/admin/configuration/configuring-code-scanning-for-your-appliance#configuring-github-connect-to-sync-github-actions)" below.
+
+#### Configuring {% data variables.product.prodname_codeql %} analysis on a server without internet access
+If the server on which you are running {% data variables.product.prodname_ghe_server %} is not connected to the internet, and you want to allow users to enable {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} for their repositories, you must use the {% data variables.product.prodname_codeql %} action sync tool to copy the {% data variables.product.prodname_codeql %} analysis bundle from {% data variables.product.prodname_dotcom_the_website %} to your server. The tool, and details of how to use it, are available at [https://github.com/github/codeql-action-sync-tool](https://github.com/github/codeql-action-sync-tool/).
+
+If you set up the {% data variables.product.prodname_codeql %} action sync tool, you can use it to sync the latest releases of the {% data variables.product.prodname_codeql %} action and associated {% data variables.product.prodname_codeql %} analysis bundle. These are compatible with {% data variables.product.prodname_ghe_server %}.
+
+{% endif %}
+
+{% if currentVersion == "enterprise-server@2.22" %}
 To run {% data variables.product.prodname_code_scanning %} on {% data variables.product.prodname_ghe_server %} with {% data variables.product.prodname_actions %}, the appropriate actions must be available locally. You can make the actions available in three ways.
 
 - **Recommended**: You can use [{% data variables.product.prodname_github_connect %}](/enterprise/admin/configuration/connecting-github-enterprise-server-to-github-enterprise-cloud) to automatically download actions from {% data variables.product.prodname_dotcom_the_website %}. The machine that hosts your instance must be able to access {% data variables.product.prodname_dotcom_the_website %}. This approach ensures that you get the latest software automatically. For more information, see "[Configuring {% data variables.product.prodname_github_connect %} to sync {% data variables.product.prodname_actions %}](/enterprise/admin/configuration/configuring-code-scanning-for-your-appliance#configuring-github-connect-to-sync-github-actions)."
 - If you want to use the {% data variables.product.prodname_codeql_workflow %}, you can sync the repository from {% data variables.product.prodname_dotcom_the_website %} to {% data variables.product.prodname_ghe_server %}, by using the {% data variables.product.prodname_codeql %} Action sync tool available at [https://github.com/github/codeql-action-sync-tool](https://github.com/github/codeql-action-sync-tool/). You can use this tool regardless of whether {% data variables.product.product_location %} or your {% data variables.product.prodname_actions %} runners have access to the internet, as long as you can access both {% data variables.product.product_location %} and {% data variables.product.prodname_dotcom_the_website %} simultaneously on your computer.
-- You can create a local copy of an action's repository on your server, by cloning the {% data variables.product.prodname_dotcom_the_website %} repository that contains the action. For example, if you want to use the actions for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}, you can create a repository in your instance called `github/codeql-action`, then clone the [repository](https://github.com/github/codeql-action) from {% data variables.product.prodname_dotcom_the_website %}, and then push that repository to your instance's `github/codeql-action` repository. You will also need to download any of the releases from the repository on {% data variables.product.prodname_dotcom_the_website %} and upload them to your instance's `github/codeql-action` repository as releases. 
+- You can create a local copy of an action's repository on your server, by cloning the {% data variables.product.prodname_dotcom_the_website %} repository that contains the action. For example, if you want to use the actions for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}, you can create a repository in your instance called `github/codeql-action`, then clone the [repository](https://github.com/github/codeql-action) from {% data variables.product.prodname_dotcom_the_website %}, and then push that repository to your instance's `github/codeql-action` repository. You will also need to download any of the releases from the repository on {% data variables.product.prodname_dotcom_the_website %} and upload them to your instance's `github/codeql-action` repository as releases.
+{% endif %}
 
-##### Configuring {% data variables.product.prodname_github_connect %} to sync {% data variables.product.prodname_actions %}
+#### Configuring {% data variables.product.prodname_github_connect %} to sync {% data variables.product.prodname_actions %}
 1. If you want to download action workflows on demand from {% data variables.product.prodname_dotcom_the_website %}, you need to enable {% data variables.product.prodname_github_connect %}. For more information, see "[Enabling {% data variables.product.prodname_github_connect %}](/enterprise/admin/configuration/connecting-github-enterprise-server-to-github-enterprise-cloud#enabling-github-connect)."
 2. You'll also need to enable {% data variables.product.prodname_actions %} for {% data variables.product.product_location %}. For more information, see "[Getting started with {% data variables.product.prodname_actions %} for {% data variables.product.prodname_ghe_server %}](/admin/github-actions/getting-started-with-github-actions-for-github-enterprise-server)."
 3. The next step is to configure access to actions on {% data variables.product.prodname_dotcom_the_website %} using {% data variables.product.prodname_github_connect %}. For more information, see "[Enabling automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}](/enterprise/admin/github-actions/enabling-automatic-access-to-githubcom-actions-using-github-connect)."
 4. Add a self-hosted runner to your repository, organization, or enterprise account. For more information, see "[Adding self-hosted runners](/actions/hosting-your-own-runners/adding-self-hosted-runners)."
-{% endif %}
-
-{% if currentVersion ver_gt "enterprise-server@2.22" %}
-#### Configuring {% data variables.product.prodname_codeql %} on a server without internet access
-If the server on which you are running {% data variables.product.prodname_ghe_server %} is not connected to the internet, and you want to allow users to enable {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} for their repositories, you must use the {% data variables.product.prodname_codeql %} Action sync tool to copy the {% data variables.product.prodname_codeql %} actions and query bundle from {% data variables.product.prodname_dotcom_the_website %} to your server. The tool, and details of how to use it, are available at [https://github.com/github/codeql-action-sync-tool](https://github.com/github/codeql-action-sync-tool/).
-{% endif %}
 
 #### Enabling code scanning for individual repositories
 After you configure a self-hosted runner, {% if currentVersion == "enterprise-server@2.22" %}and provision the actions,{% endif %} users can enable {% data variables.product.prodname_code_scanning %} for individual repositories on {% data variables.product.product_location %}. For more information, see "[Setting up {% data variables.product.prodname_code_scanning %} for a repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/setting-up-code-scanning-for-a-repository)."
 
@@ -1,6 +1,8 @@
 ---
 title: About securing your repository
 intro: '{% data variables.product.product_name %} provides a number of ways that you can help keep your repository secure.'
+redirect_from:
+  - /github/administering-a-repository/about-securing-your-repository
 versions:
   free-pro-team: '*'
   enterprise-server: '>=3.0'
 
@@ -0,0 +1,15 @@
+---
+title: Getting started with code security
+shortTitle: Getting started
+intro: 'Introduction to code security with {% data variables.product.product_name %}.'
+versions:
+  free-pro-team: '*'
+  enterprise-server: '>=3.0'
+  github-ae: '*'
+topics:
+  - security
+---
+
+### Table of Contents
+
+{% link_in_list /about-securing-your-repository %}
@@ -0,0 +1,21 @@
+---
+title: Code security
+shortTitle: Code security
+intro: 'Learn how to keep the code stored in your repositories secure.'
+versions:
+  free-pro-team: '*'
+  enterprise-server: '>=3.0'
+  github-ae: '*'
+topics:
+  - security
+---
+
+{% link_with_intro /getting-started %}
+
+{% link_with_intro /secret-security %}
+
+{% link_with_intro /secure-coding %}
+
+{% link_with_intro /security-advisories %}
+
+{% link_with_intro /supply-chain-security %}
@@ -6,6 +6,7 @@ redirect_from:
   - /github/administering-a-repository/about-token-scanning
   - /articles/about-token-scanning
   - /articles/about-token-scanning-for-private-repositories
+  - /github/administering-a-repository/about-secret-scanning
 versions:
   free-pro-team: '*'
   enterprise-server: '>=3.0'
 
@@ -4,6 +4,7 @@ intro: 'You can configure how {% data variables.product.prodname_dotcom %} scans
 permissions: 'People with admin permissions to a repository can enable {% data variables.product.prodname_secret_scanning %} for the repository.'
 redirect_from:
   - /github/administering-a-repository/configuring-secret-scanning-for-private-repositories
+  - /github/administering-a-repository/configuring-secret-scanning-for-your-repositories
 product: '{% data reusables.gated-features.secret-scanning %}'
 versions:
   free-pro-team: '*'