Merge pull request #38055 from github/repo-sync

Repo sync

Author: docs-bot

content/apps/creating-github-apps/about-creating-github-apps/best-practices-for-creating-a-github-app.md

@@ -74,9 +74,9 @@ An installation access token is restricted based on the {% data variables.produc
 
 Your app should never use a {% data variables.product.pat_generic %} or {% data variables.product.company_short %} password to authenticate.
 
-## Authorize thoroughly and durably
+## Check authorization thoroughly, durably, and often
 
-After signing in a user, app developers must take additional steps to ensure that the user is meant to have access to the data in your system. Each sign in requires fresh checks around their memberships, access, and their current SSO status.
+After signing in a user, app developers must take additional steps to ensure that the user is meant to have access to the data in your system. You must routinely check that their memberships, access, and their current SSO status all allow access to your application and the resources it protects.
 
 ### Use the durable, unique `id` to store the user
 

content/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository.md

@@ -102,20 +102,6 @@ You can search the list of alerts. This is useful if there is a large number of
    ![Screenshot of search field in alerts view. The field has pre-defined filters "is: open branch:main" and free text of "sql or injection" highlighted.](/assets/images/help/repository/code-scanning-search-alerts.png)
 1. Press <kbd>return</kbd>. The alert listing will contain the open {% data variables.product.prodname_code_scanning %} alerts matching your search criteria.
 
-{% ifversion code-scanning-task-lists %}
-
-## Tracking {% data variables.product.prodname_code_scanning %} alerts in issues
-
-{% data reusables.code-scanning.beta-alert-tracking-in-issues %}
-
-To quickly create an issue to track the status of a specific {% data variables.product.prodname_code_scanning %} alert, on the {% data variables.product.prodname_code_scanning %} alerts page, click the alert you would like to track. On the detailed page for that alert, click **Create issue**. Customize the autogenerated issue as desired, then click **Submit new issue**.
-
-Alternatively, to track a {% data variables.product.prodname_code_scanning %} alert in an existing issue, add the URL for the alert as a task list item in the issue. For more information about task lists, see [AUTOTITLE](/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists).
-
-{% data reusables.code-scanning.alert-tracking-link %}
-
-{% endif %}
-
 ## Auditing responses to {% data variables.product.prodname_code_scanning %} alerts
 
 {% data reusables.code-scanning.audit-code-scanning-events %}

content/code-security/code-scanning/managing-code-scanning-alerts/index.md

@@ -11,6 +11,9 @@ topics:
   - Code Security
   - Code scanning
   - CodeQL
+redirect_from:
+  - /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/tracking-code-scanning-alerts-in-issues-using-task-lists
+  - /code-security/code-scanning/managing-code-scanning-alerts/tracking-code-scanning-alerts-in-issues-using-task-lists
 children:
   - /about-code-scanning-alerts
   - /responsible-use-autofix-code-scanning
@@ -20,5 +23,4 @@ children:
   - /best-practices-for-participating-in-a-security-campaign
   - /fixing-alerts-in-security-campaign
   - /triaging-code-scanning-alerts-in-pull-requests
-  - /tracking-code-scanning-alerts-in-issues-using-task-lists
 ---

content/code-security/code-scanning/managing-code-scanning-alerts/tracking-code-scanning-alerts-in-issues-using-task-lists.md

@@ -79,7 +79,7 @@ By following these practices, you can significantly reduce the risk posed by out
 
 {% data variables.product.github %} offers several security features that can help maintain the security of your codebases:
 
-**Dependency Graph**
+**Dependency graph**
 
    * Provides a tabular representation of your project's dependencies.
    * The graph helps you understand the dependencies of your project and {% data variables.product.github %} uses this to identify vulnerable dependencies.

content/code-security/dependabot/maintain-dependencies/best-practices-for-maintaining-dependencies.md

@@ -85,6 +85,8 @@ Automatic dependency submission makes a best effort to cache package downloads b
 
 If your repository's dependencies seem inaccurate, check that the timestamp of the last dependency graph build matches the last change to your `pom.xml` file. The timestamp is visible on the table of alerts in the repository's {% data variables.product.prodname_dependabot_alerts %} tab. Pushing a commit which updates `pom.xml` will trigger a new run of the Dependency Tree Submission action and force a rebuild of that repository's dependency graph.
 
+{% data reusables.dependency-graph.deduplication %}
+
 ## Further reading
 
 * [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security)

content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md

@@ -45,10 +45,6 @@ To generate a dependency graph, {% data variables.product.github %} needs read-o
 
 When the dependency graph is first enabled, any manifest and lock files for supported ecosystems are parsed immediately. The graph is usually populated within minutes but this may take longer for repositories with many dependencies. Once enabled, the graph is automatically updated with every push to the repository{% ifversion fpt or ghec %} and every push to other repositories in the graph{% endif %}.
 
-{% ifversion ghes %}
-{% data reusables.dependency-submission.dependency-submission-link %}
-{% endif %}
-
 ## Further reading
 
 {%- ifversion maven-transitive-dependencies %}

content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-the-dependency-graph.md

@@ -20,11 +20,11 @@ versions:
 
 {% data reusables.dependabot.about-the-dependency-graph %} For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph).
 
-In this article, you can see what the supported ecosystems are.
-
 ## Supported package ecosystems
 
-The recommended formats explicitly define which versions are used for all direct and all indirect dependencies. If you use these formats, your dependency graph is more accurate. It also reflects the current build set up and enables the dependency graph to report vulnerabilities in both direct and indirect dependencies.{% ifversion fpt or ghec %} Indirect dependencies that are inferred from a manifest file (or equivalent) are excluded from the checks for insecure dependencies.{% endif %}
+If dependency graph is enabled, it will scan your repository for manifest files used by many commonly-used programming language package ecosystems. When it finds one of the supported manifest files, it will parse the file's contents and build a representation of its contents, including each package's name and version.
+
+Some files explicitly define which versions are used for all direct and all indirect dependencies. They lock the package versions to those included in the build and enable Dependabot to find vulnerable versions in both direct and indirect dependencies. If you use these formats, your dependency graph is more accurate, so they're listed under the "Recommended files" column in this table.{% ifversion fpt or ghec %} Indirect dependencies that are inferred from a manifest file (or equivalent) are excluded from the checks for insecure dependencies.{% endif %}
 
 {% data reusables.dependency-graph.supported-package-ecosystems %}
 
@@ -36,7 +36,7 @@ For ecosystems that resolve transitive dependencies at build-time, we recommend
 
 ## Package ecosystems supported via dependency submission actions
 
-You can use the {% data variables.dependency-submission-api.name %} to add build-time dependencies to the dependency graph, or to add dependencies from package managers and ecosystems of your choice to the dependency graph, even if the ecosystem is not in the supported ecosystem list above. Dependency information from these submitted dependencies will, in turn, flow into {% data variables.product.prodname_dependabot_updates %} and {% data variables.product.prodname_dependabot_alerts %}.
+In addition to dependency graph's static analysis and auto-submission, you can use the {% data variables.dependency-submission-api.name %} to add build-time dependencies to the dependency graph, or to add dependencies from package managers and ecosystems of your choice to the dependency graph, even if the ecosystem is not in the supported ecosystem list above. Dependency information from these submitted dependencies will, in turn, flow into {% data variables.product.prodname_dependabot_updates %} and {% data variables.product.prodname_dependabot_alerts %}.
 
 {% data reusables.dependency-graph.dependency-submission-API-short %} For more information on the {% data variables.dependency-submission-api.name %}, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api).
 
@@ -45,3 +45,7 @@ You typically use the {% data variables.dependency-submission-api.name %} in a {
 {% data reusables.dependency-submission.premade-action-table %}
 
 You can also create your own action. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api#creating-your-own-action).
+
+## Deduplication of manifests
+
+{% data reusables.dependency-graph.deduplication %}

content/code-security/supply-chain-security/understanding-your-software-supply-chain/dependency-graph-supported-package-ecosystems.md

@@ -70,9 +70,3 @@ Any issues that are referenced in a task list specify that they are tracked by t
 ![Screenshot of issue 3 showing the issue status of "Open" and the text "Tracked by issue #2", which is outlined in orange.](/assets/images/help/writing/task-list-tracked.png)
 
 {% endif %}
-
-{% ifversion code-scanning-task-lists %}
-
-## Further reading
-
-* [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/tracking-code-scanning-alerts-in-issues-using-task-lists){% endif %}

content/get-started/writing-on-github/working-with-advanced-formatting/about-task-lists.md

@@ -145,7 +145,7 @@ You can use query parameters to open issues. Query parameters are optional parts
 
 You must have the proper permissions for any action to use the equivalent query parameter. For example, you must have permission to add a label to an issue to use the `labels` query parameter. For more information, see [AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization).
 
-If you create an invalid URL using query parameters, or if you don’t have the proper permissions, the URL will return a `404 Not Found` error page. If you create a URL that exceeds the server limit, the URL will return a `414 URI Too Long` error page.
+If you create an invalid URL using query parameters, or if you don't have the proper permissions, the URL will return a `404 Not Found` error page. If you create a URL that exceeds the server limit, the URL will return a `414 URI Too Long` error page.
 
 Query parameter | Example
 ---  | ---
@@ -161,16 +161,6 @@ Query parameter | Example
 You can also use URL query parameters to fill custom text fields that you have defined in issue form templates. Query parameters for issue form fields can also be passed to the issue template chooser. For more information, see [AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-githubs-form-schema#keys).
 {% endif %}
 
-{% ifversion code-scanning-task-lists %}
-
-## Creating an issue from a {% data variables.product.prodname_code_scanning %} alert
-
-{% data reusables.code-scanning.beta-alert-tracking-in-issues %}
-If you're using issues to track and prioritize your work, you can use issues to track {% data variables.product.prodname_code_scanning %} alerts.
-{% data reusables.code-scanning.alert-tracking-link %}
-
-{% endif %}
-
 {% ifversion copilot %}
 
 ## Creating an issue from {% data variables.product.prodname_copilot_chat_short %}