Add content for Dependabot delegated alert dismissal (#58850)

Co-authored-by: Copilot <[email protected]>
Co-authored-by: mc <[email protected]>

Author: 3 people

content/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise.md

@@ -69,7 +69,8 @@ When creating a security configuration, keep in mind that:
       > When both "{% data variables.product.prodname_code_security %}" and Dependency graph are enabled, this enables dependency review, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).{%- ifversion maven-transitive-dependencies %}
    * **Automatic dependency submission**. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %}
    * **{% data variables.product.prodname_dependabot %} alerts**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
-   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion fpt or ghec %}
+   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion dependabot-delegated-alert-dismissal %}
+   * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal).{% endif %}{% ifversion fpt or ghec %}
 1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).{% endif %}
 1. Optionally, in the "Policy" section, you can use additional options to control how the configuration is applied:
    * **Use as default for newly created repositories**. Select the **None** {% octicon "triangle-down" aria-hidden="true" aria-label="triangle-down" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**.
@@ -108,7 +109,8 @@ When creating a security configuration, keep in mind that:
       > When both "{% data variables.product.prodname_GHAS %}" and Dependency graph are enabled, this enables dependency review, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).{%- ifversion maven-transitive-dependencies %}
    * **Automatic dependency submission**. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %}
    * **{% data variables.product.prodname_dependabot %} alerts**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
-   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion fpt or ghec %}
+   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion dependabot-delegated-alert-dismissal %}
+   * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal).{% endif %}{% ifversion fpt or ghec %}
 1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).{% endif %}
 1. Optionally, in the "Policy" section, you can use additional options to control how the configuration is applied:
    * **Use as default for newly created repositories**. Select the **None** {% octicon "triangle-down" aria-hidden="true" aria-label="triangle-down" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**.

content/admin/overview/establishing-a-governance-framework-for-your-enterprise.md

@@ -122,7 +122,10 @@ You may want to set up an approval process for better control over who in your e
 
 Approval processes are available for:
 * Bypasses of push protection—You can choose who is allowed to bypass push protection, and add a review and approval cycle for pushes containing secrets from all other contributors. For more information about **delegated bypass for push protection**, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/about-delegated-bypass-for-push-protection).{% ifversion security-delegated-alert-dismissal %}
-* Dismissals of alerts for {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}—You can provide additional control and visibility over alert assessment by ensuring that only designated individuals can dismiss (or close) alerts. For more information about **delegated alert dismissal**, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning) and [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning).
+* Dismissals of alerts for {% data variables.product.prodname_code_scanning %}{% ifversion dependabot-delegated-alert-dismissal %}, {% data variables.product.prodname_dependabot %},{% endif %} and {% data variables.product.prodname_secret_scanning %}—You can provide additional control and visibility over alert assessment by ensuring that only designated individuals can dismiss (or close) alerts. For more information about **delegated alert dismissal**, see the following articles:
+  * [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning){% ifversion dependabot-delegated-alert-dismissal %}
+  * [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal){% endif %}
+  * [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning)
 
 {% endif %}
 

content/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning.md

@@ -46,3 +46,7 @@ You must configure delegated dismissal for your enterprise using a custom securi
 1. Apply the security configuration to all (or selected) repositories in your enterprise. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise).
 
 To learn more about security configurations, see [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale).
+
+## Next steps
+
+Now that you have enabled delegated alert dismissal for {% data variables.product.prodname_code_scanning %}, you should regularly review alert dismissal requests to maintain an accurate alert count and unblock your developers. See [AUTOTITLE](/code-security/security-overview/review-alert-dismissal-requests).

content/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal.md

@@ -0,0 +1,51 @@
+---
+title: Enabling delegated alert dismissal for Dependabot
+intro: 'Increase your governance over your {% data variables.product.prodname_dependabot_alerts %} with delegated alert dismissal.'
+permissions: '{% data reusables.permissions.delegated-alert-dismissal %}'
+shortTitle: Enable delegated alert dismissal
+versions:
+  feature: dependabot-delegated-alert-dismissal
+type: how_to
+topics:
+  - Dependabot
+  - Code Security
+  - Security updates
+  - Alerts
+  - Dependencies
+---
+
+## About enabling delegated alert dismissal
+
+{% data reusables.security.delegated-alert-dismissal-intro %}
+
+## Configuring delegated dismissal for a repository
+
+>[!NOTE] If an organization owner configures delegated alert dismissal via an enforced security configuration, the settings can't be changed at the repository level.
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+{% data reusables.repositories.navigate-to-code-security-and-analysis %}{% ifversion ghas-products %}{% else %}
+{% data reusables.repositories.navigate-to-ghas-settings %}{% endif %}
+1. In the "{% data variables.product.prodname_dependabot %}" section, next to "Prevent direct alert dismissals", click **Enable**.
+
+## Configuring delegated dismissal for an organization
+
+You must configure delegated dismissal for your organization using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your organization.
+
+1. Start creating or editing a custom security configuration. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration#creating-a-custom-security-configuration).
+1. In the "Dependency scanning" section of your security configuration, set "Prevent direct alert dismissals" to **Enabled**.
+1. Click **Save configuration**.
+1. Apply the security configuration to repositories in your organization. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration).
+
+## Configuring delegated dismissal for an enterprise
+
+You must configure delegated dismissal for your enterprise using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your enterprise.
+
+1. Start creating or editing a custom security configuration. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise).
+1. In the "Dependency scanning" section of your security configuration, set "Prevent direct alert dismissals" to **Enabled**.
+1. Click **Save configuration**.
+1. Apply the security configuration to repositories in your enterprise. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise).
+
+## Next steps
+
+Now that you have enabled delegated alert dismissal for {% data variables.product.prodname_dependabot %}, you should regularly review alert dismissal requests to maintain an accurate alert count and unblock your developers. See [AUTOTITLE](/code-security/security-overview/review-alert-dismissal-requests).

content/code-security/dependabot/dependabot-alerts/index.md

@@ -17,5 +17,6 @@ children:
   - /about-dependabot-alerts
   - /configuring-dependabot-alerts
   - /viewing-and-updating-dependabot-alerts
+  - /enable-delegated-alert-dismissal
   - /configuring-notifications-for-dependabot-alerts
 ---

content/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning.md

@@ -51,3 +51,7 @@ To learn more about security configurations, see [AUTOTITLE](/code-security/secu
 1. Apply the security configuration to all (or selected) repositories in your enterprise. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise).
 
 {% endif %}
+
+## Next steps
+
+Now that you have enabled delegated alert dismissal for {% data variables.product.prodname_secret_scanning %}, you should regularly review alert dismissal requests to maintain an accurate alert count and unblock your developers. See [AUTOTITLE](/code-security/security-overview/review-alert-dismissal-requests).

content/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration.md

@@ -70,7 +70,8 @@ You can also choose whether or not you want to include {% data variables.product
       > When both "{% data variables.product.prodname_code_security %}" and Dependency graph are enabled, this enables dependency review, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).{%- ifversion maven-transitive-dependencies %}
    * **Automatic dependency submission**. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %}
    * **{% data variables.product.prodname_dependabot %} alerts**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
-   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion fpt or ghec %}
+   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion dependabot-delegated-alert-dismissal %}
+   * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal).{% endif %}{% ifversion fpt or ghec %}
 1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).{% endif %}
 1. Optionally, in the "Policy" section, you can use additional options to control how the configuration is applied:
    * **Use as default for newly created repositories**. Select the **None** {% octicon "triangle-down" aria-hidden="true" aria-label="triangle-down" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**.
@@ -110,7 +111,8 @@ You can also choose whether or not you want to include {% data variables.product
       > When both "{% data variables.product.prodname_GHAS %}" and Dependency graph are enabled, this enables dependency review, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review).{%- ifversion maven-transitive-dependencies %}
    * **Automatic dependency submission**. To learn about automatic dependency submission, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).{%- endif %}
    * **{% data variables.product.prodname_dependabot %} alerts**. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
-   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion fpt or ghec %}
+   * **Security updates**. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).{% ifversion dependabot-delegated-alert-dismissal %}
+   * **Prevent direct alert dismissals**. To learn more, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal).{% endif %}{% ifversion fpt or ghec %}
 1. For "Private vulnerability reporting", choose whether you want to enable, disable, or keep the existing settings. To learn about private vulnerability reporting, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository).{% endif %}
 1. Optionally, in the "Policy" section, you can use additional options to control how the configuration is applied:
    * **Use as default for newly created repositories**. Select the **None** {% octicon "triangle-down" aria-hidden="true" aria-label="triangle-down" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**.

content/code-security/security-overview/index.md

@@ -24,4 +24,5 @@ children:
   - /viewing-metrics-for-secret-scanning-push-protection
   - /viewing-metrics-for-pull-request-alerts
   - /reviewing-requests-to-bypass-push-protection
+  - /review-alert-dismissal-requests
 ---

content/code-security/security-overview/review-alert-dismissal-requests.md

@@ -0,0 +1,43 @@
+---
+title: Reviewing alert dismissal requests
+shortTitle: Review alert dismissal requests
+intro: 'Triage and resolve security alerts in your organization or enterprise by regularly reviewing alert dismissal requests.'
+permissions: '{% data reusables.permissions.security-overview %}'
+product: 'Organizations or enterprises with {% data variables.product.prodname_GHAS_cs_or_sp %}'
+type: how_to
+topics:
+  - Security overview
+  - Organizations
+  - Teams
+  - Secret scanning
+  - Code scanning
+  - Dependabot
+  - Alerts
+versions:
+  feature: security-delegated-alert-dismissal
+---
+
+## Prerequisites
+
+To receive and manage alert dismissal requests, you need to enable delegated alert dismissal. For an introduction to delegated alert dismissal and enablement instructions for specific features, see:
+* [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning)
+* [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning){% ifversion dependabot-delegated-alert-dismissal %}
+* [AUTOTITLE](/code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal){% endif %}
+
+## Reviewing requests for an organization
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.security-overview %}
+{% data reusables.security-overview.choose-alert-dismissal-request-view %}
+1. Optionally, to filter requests by source repository, reviewer, requester, timeframe, or status, use the dropdown menus at the top of the list of requests.
+{% data reusables.security-overview.review-an-alert-dismissal-request %}
+
+## Reviewing requests across your enterprise
+
+> [!NOTE] To review an alert dismissal request at the enterprise level, you must be an organization owner or security manager for the source organization, or be granted the necessary permissions through a custom role.
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.code-scanning.click-code-security-enterprise %}
+{% data reusables.security-overview.choose-alert-dismissal-request-view %}
+1. Optionally, to filter requests by source organization, reviewer, requester, timeframe, or status, use the dropdown menus at the top of the list of requests.
+{% data reusables.security-overview.review-an-alert-dismissal-request %}