Further edits

Author: gitName

learn-pr/github/manage-sensitive-data-security-policies/includes/2-set-security-policies.md

@@ -1,6 +1,6 @@
 In this unit, you'll learn more about the preventive measures you can take to maintain the health of your GitHub repositories.
 
-Suppose you're an administrator who is helping to onboard many new collaborators to your organization. You need to make sure they contribute to the proper repositories and have easy access to assistance if they discover a security threat. To do this, you set security policies.
+Suppose you're an administrator who's helping to onboard many new collaborators to your organization. You need to make sure they contribute to the proper repositories and have easy access to assistance if they discover a security threat. To do this, you set security policies.
 
 :::image type="content" source="../media/setting-security-policies.png" alt-text="Three screenshots stacked on each other, slightly offset, which show community health files in a repository and settings for an organization.":::
 
@@ -63,11 +63,11 @@ GitHub uses and displays these default files for any repository owned by the acc
 
 ## Security settings
 
-The other component of creating robust security policies is taking advantage of GitHub's built-in security settings and features. Imagine you're onboarding collaborators whose scope of work varies; some are part of focused teams to implement a feature, while others are responsible for watching over the code base for issues, and a few others might need to assist you with administrative duties. In this section, you'll learn about settings that define user permissions and allow automation of common security tasks.
+The other component of creating robust security policies is taking advantage of GitHub's built-in security settings and features. Imagine you're onboarding collaborators whose scope of work varies; some are part of focused teams to implement a feature, while others are responsible for watching over the code base for issues, and a few others might need to assist you with administrative duties. In this section, you'll learn about settings that define user permissions and allow you to automate common security tasks.
 
 ### Change settings according to a trust and control position
 
-Every organization has a trust and control position: circumstances that determine how much trust you can safely extend to individual collaborators and teams, and how much control you need to maintain over basic permissions.
+Every organization has a trust and control position: circumstances that determine how much trust you can safely extend to individual collaborators and teams and how much control you need to maintain over basic permissions.
 
 If your organization is a new business with a small team, it likely has few moving parts and few areas of potential security vulnerability. After all, when team members work in the same office or in nearby time zones, it's easy to identify who can take specific actions and how to contact them. In this case, you can safely trust most or all collaborators with high levels of access and capability.
 
@@ -87,22 +87,21 @@ As you can see, settings that Enterprise administrators enforce cascade down to
 Changing security settings at the organization level or for all organizations covered by the Enterprise plan is powerful, because it can standardize user capabilities during unusual circumstances. In the preceding example, you might need to restrict capabilities to all but a few users for an organization—or even for the whole enterprise—in response to a security threat. In contrast, you could temporarily allow greater capabilities to all users in an organization during a rare development effort where you need help from extra personnel.
 
 > [!NOTE]
-> Available settings and tools differ based on the type of repository. In addition,
-> these settings and features differ in their level of required user interaction.
+> Available settings and tools differ based on the type of repository. In addition, these settings and features differ in their level of required user interaction.
 
 :::image type="content" source="../media/availability-interaction.png" alt-text="Diagram of a four-quadrant graph, divided by x and y axes, which categorizes security settings by availability to users (x axis) and required level of interaction (y axis).":::
 
 ### What kinds of security settings are available to administrators?
 
 Access restrictions, security documentation, advisories, Dependabot alerts and security updates, Dependabot version updates, and the GitHub dependency graph are available for all repositories. Documentation and advisories require the most significant manual interaction, but applying Dependabot to your code base automates parts of the security process, up to and including updating dependencies.
 
-Code scanning alerts, secret scanning alerts, and dependency review provide further automation to the security process. Enabling these GitHub features will flag vulnerabilities in code submitted to a repository, highlighting suspicious code. However, these features are only available for private repositories with an Advanced Security license or public repositories.
+Code scanning alerts, secret scanning alerts, and dependency review provide further automation to the security process. Enabling these GitHub features flags vulnerabilities in code submitted to a repository, highlighting suspicious code. However, these features are only available for private repositories with an Advanced Security license or public repositories.
 
 If you have a security vulnerability, you can create a security advisory to privately discuss and fix the vulnerability.
 
 ## Security advisories
 
-You've been vigilant in your efforts to maintain healthy code, establishing clear policies and enacting settings to help collaborators work within their scope. But despite your team's efforts, someone identified a vulnerability in published code. This happens to every team sooner or later--no one is perfect.
+You've been vigilant in your efforts to maintain healthy code, establishing clear policies and enacting settings to help collaborators work within their scope. But despite your team's efforts, someone identified a vulnerability in published code. This happens to every team sooner or later; no one is perfect.
 
 When you identify a security threat, your team's response will go beyond patching offending sections of code. In this section, you'll learn the basics of the GitHub security advisory tools that allow you to draft and publish comprehensive documentation on the nature of the threat.
 

learn-pr/github/manage-sensitive-data-security-policies/includes/3-scrub-sensitive-data-from-repository.md

@@ -36,7 +36,7 @@ To create a ruleset:
 
 :::image type="content" source="../media/new-branch-ruleset.png" alt-text="Create a new branch ruleset page from the left hand navigation bar.":::
 
-When creating a ruleset you can grant bypass permissions, choose which branches or tags to target, and select the rules to include.
+When creating a ruleset, you can grant bypass permissions, choose which branches or tags to target, and select the rules to include.
 
 ## Manage a ruleset
 
@@ -66,7 +66,7 @@ A ruleset doesn't have a priority. Instead, if multiple rulesets target the same
 For example, consider the following situation for the `my-feature` branch of the `octo-org/octo-repo` repository:
 
 - A repository administrator has set up a ruleset targeting the `my-feature` branch. This ruleset requires signed commits, and three reviews on pull requests before they can be merged.
-- An existing branch protection rule for the `my-feature` branch requires a linear commit history, and two reviews on pull requests before they can be merged.
+- An existing branch protection rule for the `my-feature` branch requires a linear commit history and two reviews on pull requests before they can be merged.
 
 The rules from each source are aggregated, and all rules apply. Where multiple different versions of the same rule exist, the result is that the most restrictive version of the rule applies. Therefore, the `my-feature` branch requires signed commits and a linear commit history, and pull requests targeting the branch will require three reviews before they can be merged.
 

learn-pr/github/manage-sensitive-data-security-policies/includes/4-report-log.md

@@ -6,13 +6,13 @@ Here you'll learn what your organization's audit log records, and how to access
 
 ## What are log records?
 
-Your organization's log records actions taken by organization members. The log is available to organization owners, and records information about actions that affect the organization including:
+Your organization's log records actions taken by organization members. The log is available to organization owners, and records information about actions that affect the organization, including:
 
 - The repository in which the action was performed.
 - The user that performed the action.
 - The action that was performed.
 - Which country/region in which the action took place.
-- The date and time of the action.
+- The action date and time.
 
 You can access the audit log through GitHub.com, GitHub Enterprise Server, or GitHub AE to review actions from the past 90 days. However, interacting with the audit log using either the GraphQL API or the Rest API can allow easy retrieval of specific information types, with other limitations.
 

learn-pr/github/manage-sensitive-data-security-policies/includes/5-exercise.md

@@ -9,11 +9,8 @@ Here are some helpful tips before you begin the exercise:
 - To see the results of your exercise, navigate to the **Actions** tab of your cloned repository and select the most recent run on the **Grading** workflow.
 - Stuck on what to do? Revisit the content in the last unit or check out the **Useful resources** section in the exercise's repository README for more resources.
 
->[!Note]
-> A grading script exists under *.github/workflows/grading.yml*.
-> You don't need to modify this workflow to complete this exercise.
-> **Altering the contents in this workflow can break the exercise's** 
-> **ability to validate your actions, provide feedback, or grade the results**.
+> [!NOTE]
+> A grading script exists under *.github/workflows/grading.yml*. You don't need to modify this workflow to complete this exercise. **Altering the contents in this workflow can break the exercise's ability to validate your actions, provide feedback, or grade the results**.
 
 This exercise is a challenge based on content covered in this module. It might take several attempts to complete the exercise, you can revisit previous content in this module, or navigate to some of the other resources provided as many times as you want to find the solution.
 

learn-pr/github/manage-sensitive-data-security-policies/includes/7-summary.md

@@ -23,14 +23,14 @@ This module explained how to create a new GitHub repository in a way that limits
 - [Creating a security advisory](https://docs.github.com/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory)
 - [GitHub security features](https://docs.github.com/code-security/getting-started/github-security-features)
 - [Quickstart for securing your repository](https://docs.github.com/code-security/getting-started/quickstart-for-securing-your-repository)
-- [Quickstart for securing your organization](https://docs.github.com/code-security/getting-started/quickstart-for-securing-your-organization)
+- [Quickstart for securing your organization](https://docs.github.com/[email protected]/code-security/getting-started/quickstart-for-securing-your-organization)
 - [Managing rulesets for a repository](https://docs.github.com/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets)
-- [Ignoring files](https://docs.github.com/get-started/getting-started-with-git/ignoring-files)
+- [Ignoring files](https://docs.github.com/get-started/git-basics/ignoring-files)
 - [Best practices for preventing data leaks in your organization](https://docs.github.com/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization)
 - [Reviewing the audit log for your organization](https://docs.github.com/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization)
 - [Audit log events for your organization](https://docs.github.com/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/audit-log-events-for-your-organization)
 - [Reference for working with an audit log using the GraphQL API](https://docs.github.com/graphql)
-- [Reference for working with an audit log using a Rest API](https://docs.github.com//rest)
+- [Reference for working with an audit log using a Rest API](https://docs.github.com/rest)
 - [git-filter-repo Manual Page](https://htmlpreview.github.io/?https://github.com/newren/git-filter-repo/blob/docs/html/git-filter-repo.html)
 
 ### Resource Links
@@ -41,4 +41,4 @@ This module explained how to create a new GitHub repository in a way that limits
 - [git filter-repo INSTALL.md](https://github.com/newren/git-filter-repo/blob/main/INSTALL.md)
 - [Cloning a repository](https://docs.github.com/repositories/creating-and-managing-repositories/cloning-a-repository)
 - [About Releases](https://docs.github.com/repositories/releasing-projects-on-github/about-releases)
-- [GitHub Community Guidelines](https://docs.github.com/en/github/site-policy/github-community-guidelines#doxxing-and-invasion-of-privacy)
+- [GitHub Community Guidelines](https://docs.github.com/site-policy/github-terms/github-community-guidelines)