diff --git a/content/billing/managing-your-billing/adding-a-sales-tax-certificate.md b/content/billing/managing-your-billing/adding-a-sales-tax-certificate.md
index 0533ad7cc936..409db5ca818d 100644
--- a/content/billing/managing-your-billing/adding-a-sales-tax-certificate.md
+++ b/content/billing/managing-your-billing/adding-a-sales-tax-certificate.md
@@ -32,11 +32,9 @@ You can upload a sales tax exemption certificate to your organization account if
 {% endif %}
 
 {% data reusables.organizations.billing-settings %}
-1. At the top of the page, click **Payment information**.
-
-   ![Screenshot of the "Billing Summary" section of the settings page. A link, labeled "Payment information," is highlighted with an orange outline.](/assets/images/help/settings/payment-info-link.png)
+1. In the sidebar, under **{% octicon "credit-card" aria-hidden="true" aria-label="credit-card" %} Billing and licensing**, click **Payment information**.
 1. Review your "Billing information" and update any incorrect data. You must ensure that the address fields are correct and that the "City" and "Postal/Zip code" fields are accepted. If there is any missing information or any errors are reported, the option to upload a sales tax certificate is hidden.
-1. At the bottom of the page, next to "Sales Tax" in the "Additional information" section, click Upload certificate, and select the certificate file you want to upload.
+1. At the bottom of the page in the "Additional information" section next to "Sales Tax", click **Upload certificate**, and select the certificate file you want to upload. If "Sales Tax" is missing, check that your billing information defines your country as "United States of America".
 1. To remove a sales tax certificate, click {% octicon "trash" aria-label="Delete sales tax certificate" %} next to the certificate you want to remove.
 
 {% ifversion ghec or ghes %}
@@ -46,14 +44,10 @@ You can upload a sales tax exemption certificate to your organization account if
 Enterprise owners and billing managers can upload a sales tax exemption certificate to an enterprise account if the account uses the {% data variables.product.company_short %} Customer Agreement.
 
 {% data reusables.enterprise-accounts.access-enterprise %}
-{% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.billing-tab %}
-1. At the top of the page, click **Payment information**.
-
-   ![Screenshot of the "Billing Summary" section of the settings page. A link, labeled "Payment information," is highlighted with an orange outline.](/assets/images/help/settings/payment-info-link.png)
-
+1. In the sidebar, under **{% octicon "credit-card" aria-hidden="true" aria-label="credit-card" %} Billing and licensing**, click **Payment information**.
 1. Review your "Billing information" and update any incorrect data. You must ensure that the address fields are correct and that the "City" and "Postal/Zip code" fields are accepted. If there is any missing information or any errors are reported, the option to upload a sales tax certificate is hidden.
-1. At the bottom of the page, in the "Sales Tax" section, click **Upload certificate**, and select the certificate file you want to upload.
+1. At the bottom of the page, next to "Sales Tax", click **Upload certificate**, and select the certificate file you want to upload. If "Sales Tax" is missing, check that your billing information defines your country as "United States of America".
 1. To remove a sales tax certificate, click {% octicon "trash" aria-label="Delete sales tax certificate" %} next to the certificate you want to remove.
 
 {% endif %}
diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md
index 8f841b9b7254..5055bb9eb5ca 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md
@@ -17,7 +17,7 @@ topics:
 ## About automatic dependency submission
 
 > [!NOTE]
-> Automatic dependency submission is currently only supported for Maven.
+> Automatic dependency submission does not support all package ecosystems. For the current list of supported ecosystems, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/dependency-graph-supported-package-ecosystems).
 
 Dependency graph analyzes the manifest and lock files in a repository, in order to help users understand the upstream packages that their software project depends on. However, in some ecosystems, the resolution of transitive dependencies occurs at build-time and {% data variables.product.company_short %} isn't able to automatically discover all dependencies based on the contents of the repository alone.
 
@@ -47,12 +47,13 @@ Organization owners can enable automatic dependency submission for multiple repo
 1. Under "Dependency graph", click the dropdown menu next to “Automatic dependency submission”, then select **Enabled**.
 
 Once you've enabled automatic dependency submission for a repository, {% data variables.product.company_short %} will:
-* Monitor for changes to the `pom.xml` file in the root of the repository on all branches of the repository.
-* Perform an automatic dependency submission on each change.
+* Monitor for changes to manifest files in the root of the repository on all branches of the repository.
+* Run the dependency graph build action associated with the package ecosystem of each changed manifest.
+* Perform an automatic dependency submission with the results.
 
 You can view details about the automatic workflows run by viewing the **Actions** tab of your repository.
 
-> [!NOTE] Automatic submission will occur on the first push to the `pom.xml` file after the option is enabled.
+> [!NOTE] After you enable automatic dependency submission, we'll automatically trigger a run of the action. Once enabled, it'll run each time a commit to the default branch updates a manifest.
 
 ## Using self-hosted runners for automatic dependency submission
 
@@ -67,7 +68,7 @@ Once enabled, automatic dependency submission jobs will run on the self-hosted r
 * The self-hosted runners are unavailable.
 * There aren't any runner groups tagged with a `dependency-submission` label.
 
->[!NOTE] When using self-hosted runners, you need to add access to the Maven server settings file to allow the dependency submission workflows to connect to private registries. Dependencies from private registries will be included in the dependency tree in the next `pom.xml` update. For more information about the Maven server settings file, see [Security and Deployment Settings](https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#transitive-dependencies) in the Maven documentation.
+>[!NOTE] For Maven or Gradle projects that use self-hosted runners with private Maven registries, you need to modify the Maven server settings file to allow the dependency submission workflows to connect to the registries. For more information about the Maven server settings file, see [Security and Deployment Settings](https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#transitive-dependencies) in the Maven documentation.
 
 ## Using {% data variables.product.company_short %}-hosted {% data variables.actions.hosted_runners %} for automatic dependency submission
 
@@ -79,14 +80,22 @@ Once enabled, automatic dependency submission jobs will run on the self-hosted r
 
 ## Troubleshooting automatic dependency submission
 
-Automatic dependency submission is currently only supported for Maven. The feature uses the Maven Dependency Tree Submission action. For more information, see the documentation for the [Maven Dependency Tree Dependency Submission](https://github.com/marketplace/actions/maven-dependency-tree-dependency-submission) action in the {% data variables.product.prodname_marketplace %}. If your project uses a non-standard Maven configuration, it may not properly generate the dependencies and submit them to the dependency graph.
-
 Automatic dependency submission makes a best effort to cache package downloads between runs using the [Cache](https://github.com/marketplace/actions/cache) action to speed up workflows. For self-hosted runners, you may want to manage this cache within your own infrastructure. To do this, you can disable the built-in caching by setting an environment variable of `GH_DEPENDENCY_SUBMISSION_SKIP_CACHE` to `true`. For more information, see [AUTOTITLE](/actions/learn-github-actions/variables).
 
-If your repository's dependencies seem inaccurate, check that the timestamp of the last dependency graph build matches the last change to your `pom.xml` file. The timestamp is visible on the table of alerts in the repository's {% data variables.product.prodname_dependabot_alerts %} tab. Pushing a commit which updates `pom.xml` will trigger a new run of the Dependency Tree Submission action and force a rebuild of that repository's dependency graph.
+### Manifest deduplication
 
 {% data reusables.dependency-graph.deduplication %}
 
+### Maven projects
+
+For Maven projects, automatic dependency submission runs an open source fork of the [Maven Dependency Tree Dependency Submission](https://github.com/marketplace/actions/maven-dependency-tree-dependency-submission). The fork allows {% data variables.product.github %} to stay in sync with the upstream repository plus maintain some changes that are only applicable to automatic submission. The fork's source is available at [advanced-security/maven-dependency-submission-action](https://github.com/advanced-security/maven-dependency-submission-action).
+
+If your repository's dependencies seem inaccurate, check that the timestamp of the last dependency graph build matches the last change to your `pom.xml` file. The timestamp is visible on the table of alerts in the repository's {% data variables.product.prodname_dependabot_alerts %} tab. Pushing a commit which updates `pom.xml` will trigger a new run of the Dependency Tree Submission action and force a rebuild of that repository's dependency graph.
+
+### Gradle projects
+
+For Gradle projects, automatic dependency submission runs a fork of the open source Gradle actions from [gradle/actions](https://github.com/gradle/actions). The fork is available at [actions/gradle-build-tools-actions](https://github.com/actions/gradle-build-tools-actions). You can view the results of the autosubmission action under your repository's **Actions** tab. Each run will be labeled "Automatic Dependency Submission (Gradle)" and its output will contain the JSON payload which the action submitted to the API.
+
 ## Further reading
 
 * [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security)
diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/dependency-graph-supported-package-ecosystems.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/dependency-graph-supported-package-ecosystems.md
index 8b4c67ca7211..75ebf0467b91 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/dependency-graph-supported-package-ecosystems.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/dependency-graph-supported-package-ecosystems.md
@@ -18,33 +18,27 @@ versions:
 
 ## About the dependency graph
 
-{% data reusables.dependabot.about-the-dependency-graph %} For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph).
+For an introduction to the dependency graph, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph).
 
-## Supported package ecosystems
-
-If dependency graph is enabled, it will scan your repository for manifest files used by many commonly-used programming language package ecosystems. When it finds one of the supported manifest files, it will parse the file's contents and build a representation of its contents, including each package's name and version.
+## Building the dependency graph
 
-Some files explicitly define which versions are used for all direct and all indirect dependencies. They lock the package versions to those included in the build and enable Dependabot to find vulnerable versions in both direct and indirect dependencies. If you use these formats, your dependency graph is more accurate, so they're listed under the "Recommended files" column in this table.{% ifversion fpt or ghec %} Indirect dependencies that are inferred from a manifest file (or equivalent) are excluded from the checks for insecure dependencies.{% endif %}
+If dependency graph is enabled, it will scan your repository for manifest files used by programming language package ecosystems. When it finds one of the supported manifest files, it will parse the file and build a representation of its contents, including each package's name and version. This is called "static analysis".
 
-{% data reusables.dependency-graph.supported-package-ecosystems %}
+Some files explicitly define which versions are used for all direct and all indirect dependencies. They lock the package versions to those included in the build and enable {% data variables.product.prodname_dependabot %} to find vulnerable versions in both direct and indirect dependencies. If you use these formats, your dependency graph is more accurate, so they're listed under the "Recommended files" column in the "Supported package ecosystems" table. See [Supported package ecosystems](/code-security/supply-chain-security/understanding-your-software-supply-chain/dependency-graph-supported-package-ecosystems#supported-package-ecosystems). {% ifversion fpt or ghec %} Indirect dependencies that are inferred from a manifest file (or equivalent) are excluded from {% data variables.product.prodname_dependabot %}'s checks for insecure dependencies.{% endif %}
 
 {% ifversion maven-transitive-dependencies %}
-
-For ecosystems that resolve transitive dependencies at build-time, we recommend configuring dependency submission to automatically submit these dependencies to the dependency graph. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).
-
+For ecosystems that resolve transitive dependencies at build-time, static analysis does not provide a comprehensive view of the dependency tree. For these ecosystems, there are two approaches that use {% data variables.product.prodname_actions %}: automatic and manual dependency submission. In both cases, an external action will generate a full dependency tree and upload it to the dependency submission API. You can enable automatic submission for supported ecosystems in your repository's settings page. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository).
 {% endif %}
 
 ## Package ecosystems supported via dependency submission actions
 
-In addition to dependency graph's static analysis and auto-submission, you can use the {% data variables.dependency-submission-api.name %} to add build-time dependencies to the dependency graph, or to add dependencies from package managers and ecosystems of your choice to the dependency graph, even if the ecosystem is not in the supported ecosystem list above. Dependency information from these submitted dependencies will, in turn, flow into {% data variables.product.prodname_dependabot_updates %} and {% data variables.product.prodname_dependabot_alerts %}.
+In addition to dependency graph's static analysis and auto-submission, you can use the {% data variables.dependency-submission-api.name %} to add build-time dependencies to the dependency graph, or to add dependencies from package managers and ecosystems of your choice to the dependency graph, even if the ecosystem is not in the "Supported package ecosystems" table. Dependency information from these submitted dependencies will, in turn, flow into {% data variables.product.prodname_dependabot_updates %} and {% data variables.product.prodname_dependabot_alerts %}.
 
 {% data reusables.dependency-graph.dependency-submission-API-short %} For more information on the {% data variables.dependency-submission-api.name %}, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api).
 
-You typically use the {% data variables.dependency-submission-api.name %} in a {% data variables.product.prodname_actions %} workflow to submit dependencies for your project when your project is built. {% data reusables.dependency-submission.api-premade-actions %} You can find links to the currently available actions in the table below.
-
-{% data reusables.dependency-submission.premade-action-table %}
+## Supported package ecosystems
 
-You can also create your own action. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api#creating-your-own-action).
+{% data reusables.dependency-graph.supported-package-ecosystems %}
 
 ## Deduplication of manifests
 
diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exporting-a-software-bill-of-materials-for-your-repository.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exporting-a-software-bill-of-materials-for-your-repository.md
index 82ab0dc92803..2d0341491374 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exporting-a-software-bill-of-materials-for-your-repository.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/exporting-a-software-bill-of-materials-for-your-repository.md
@@ -39,3 +39,13 @@ If your company provides software to the US federal government per [Executive Or
 ## Exporting a software bill of materials for your repository using the REST API
 
 If you want to use the REST API to export an SBOM for your repository, see [AUTOTITLE](/rest/dependency-graph/sboms#export-a-software-bill-of-materials-sbom-for-a-repository).
+
+## Generating a software bill of materials from {% data variables.product.prodname_actions %}
+
+The following actions will generate an SBOM for your repository and attach it as a workflow artifact which you can download and use in other applications. For more information about downloading workflow artifacts, see [AUTOTITLE](/actions/managing-workflow-runs/downloading-workflow-artifacts).
+
+| Action | Details |
+| ---  | --- |
+[SPDX Dependency Submission Action](https://github.com/marketplace/actions/spdx-dependency-submission-action) | Uses [Microsoft's SBOM Tool](https://github.com/microsoft/sbom-tool) to create SPDX 2.2 compatible SBOMs with the [supported ecosystems](https://github.com/microsoft/component-detection/blob/main/docs/feature-overview.md) |
+[Anchore SBOM Action](https://github.com/marketplace/actions/anchore-sbom-action) | Uses [Syft](https://github.com/anchore/syft) to create SPDX 2.2 compatible SBOMs with the [supported ecosystems](https://github.com/anchore/syft#supported-ecosystems)  |
+[SBOM Dependency Submission Action](https://github.com/marketplace/actions/sbom-submission-action)| Uploads a CycloneDX SBOM to the {% data variables.dependency-submission-api.name %} |
diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md
index 0f077bbdd039..a5fdd408a8d5 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/troubleshooting-the-dependency-graph.md
@@ -71,7 +71,7 @@ From the repository's {% data variables.product.prodname_dependabot_alerts %} ta
 
 Clicking **Refresh {% data variables.product.prodname_dependabot_alerts %}** will only scan manifest files. If your dependency graph also includes build-time dependency information submitted using the {% data variables.dependency-submission-api.name %}, rerunning the Action or external process which generates and submits the dependency information will also trigger a rebuild of the repository's dependency graph. For more information about the {% data variables.dependency-submission-api.name %}, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api).
 
-If you are using automatic dependency submission for Maven, pushing a commit that updates the repository's `pom.xml` will trigger the automatic submission action to run.
+If you are using automatic dependency submission, pushing a commit that updates the repository's manifest file will trigger the automatic submission action to run.
 
 In all cases, the timestamp at the top of the list of alerts indicates the last time the dependency graph was built.
 
diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api.md
index 73388ec62e91..162532dbba67 100644
--- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api.md
+++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api.md
@@ -17,7 +17,7 @@ versions:
 
 {% data reusables.dependency-submission.about-dependency-submission %}
 
-Dependencies are submitted to the {% data variables.dependency-submission-api.name %} in the form of a snapshot. A snapshot is a set of dependencies associated with a commit SHA and other metadata, that reflects the current state of your repository for a commit. Snapshots can be generated from your dependencies detected at build time or from a software bill of materials (SBOM). There are {% data variables.product.prodname_actions %} that support either of these use cases. For more information about the {% data variables.dependency-submission-api.name %}, see [AUTOTITLE](/rest/dependency-graph/dependency-submission).
+Dependencies are submitted to the {% data variables.dependency-submission-api.name %} in the form of a snapshot. A snapshot is a set of dependencies associated with a commit SHA and other metadata, that reflects the current state of your repository for a commit. Snapshots can be generated from the dependencies detected at build time. For technical details on using the {% data variables.dependency-submission-api.name %} over the network, see [AUTOTITLE](/rest/dependency-graph/dependency-submission).
 
 ## Submitting dependencies at build-time
 
@@ -27,6 +27,8 @@ You can use the {% data variables.dependency-submission-api.name %} in a {% data
 
 {% data reusables.dependency-submission.api-premade-actions %}
 
+{% data reusables.dependency-submission.premade-action-table %}
+
 For more information about these actions, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/dependency-graph-supported-package-ecosystems#package-ecosystems-supported-via-dependency-submission-actions).
 
 ### Creating your own action
@@ -39,33 +41,11 @@ Alternatively, you can write your own action to submit dependencies for your pro
 
 {% data variables.product.github %} maintains the [Dependency Submission Toolkit](https://github.com/github/dependency-submission-toolkit), a TypeScript library to help you build your own GitHub Action for submitting dependencies to the {% data variables.dependency-submission-api.name %}. For more information about writing an action, see [AUTOTITLE](/actions/creating-actions).
 
-## Generating and submitting a software bill of materials (SBOM)
-
-{% data reusables.dependency-graph.sbom-intro %}
-
-### Generating a software bill of materials (SBOM)
-
-To generate an SBOM, you can use:
-* The **{% data variables.product.prodname_dotcom %} UI**. For more information about how to export an SBOM for a repository using information from the dependency graph, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exporting-a-software-bill-of-materials-for-your-repository).
-* The **REST API**. For more information, see [AUTOTITLE](/rest/dependency-graph/sboms).
-* **{% data variables.product.prodname_actions %}**. The following actions will generate an SBOM for your repository and attach it as a workflow artifact which you can download and use in other applications. For more information about downloading workflow artifacts, see [AUTOTITLE](/actions/managing-workflow-runs/downloading-workflow-artifacts).
-
-Action | Details |
---- | --- |
-[Anchore SBOM Action](https://github.com/marketplace/actions/anchore-sbom-action) | Uses [Syft](https://github.com/anchore/syft) to create SPDX 2.2 compatible SBOMs with the [supported ecosystems](https://github.com/anchore/syft#supported-ecosystems)  |
-[sbom-tool by Microsoft](https://github.com/microsoft/sbom-tool) | Scans your dependencies and creates an SPDX compatible SBOM |
-
-### Submitting a software bill of materials (SBOM) to the {% data variables.dependency-submission-api.name %}
-
-To receive {% data variables.product.prodname_dependabot_alerts %} for dependencies that have known vulnerabilities, you can upload and submit the SBOM to the {% data variables.dependency-submission-api.name %}. To submit an SBOM to the {% data variables.dependency-submission-api.name %}, you can use one of the actions in the following table.
+## Submitting SBOMs as snapshots
 
->[!TIP] The [SPDX Dependency Submission Action](https://github.com/marketplace/actions/spdx-dependency-submission-action) and the [Anchore SBOM Action](https://github.com/marketplace/actions/anchore-sbom-action) can be used to both generate the SBOM and submit it to the {% data variables.dependency-submission-api.name %}.
+If you have external tools which create or manage Software Bills of Materials (SBOMs), you can also submit those SBOMs to the {% data variables.dependency-submission-api.name %}. The snapshot data format is very similar to the standard SPDX and CycloneDX SBOM formats, and there are several tools which can generate or translate formats for use as snapshots.
 
-Action | Details |
----  | --- |
-[SPDX Dependency Submission Action](https://github.com/marketplace/actions/spdx-dependency-submission-action) | Uses [Microsoft's SBOM Tool](https://github.com/microsoft/sbom-tool) to create SPDX 2.2 compatible SBOMs with the [supported ecosystems](https://github.com/microsoft/component-detection/blob/main/docs/feature-overview.md) |
-[Anchore SBOM Action](https://github.com/marketplace/actions/anchore-sbom-action) | Uses [Syft](https://github.com/anchore/syft) to create SPDX 2.2 compatible SBOMs with the [supported ecosystems](https://github.com/anchore/syft#supported-ecosystems)  |
-[SBOM Dependency Submission Action](https://github.com/marketplace/actions/sbom-submission-action)| Uploads a CycloneDX SBOM to the {% data variables.dependency-submission-api.name %} |
+>[!TIP] The [SPDX Dependency Submission Action](https://github.com/marketplace/actions/spdx-dependency-submission-action) and the [Anchore SBOM Action](https://github.com/marketplace/actions/anchore-sbom-action) can be used to both generate a SBOM and submit it to the {% data variables.dependency-submission-api.name %}.
 
 For example, the following [SPDX Dependency Submission Action](https://github.com/marketplace/actions/spdx-dependency-submission-action) workflow calculates the dependencies for a repository, generates an exportable SBOM in SPDX 2.2 format, and submits it to the {% data variables.dependency-submission-api.name %}.
 
diff --git a/data/reusables/dependency-graph/deduplication.md b/data/reusables/dependency-graph/deduplication.md
index 9ec2137221bd..3c754de05376 100644
--- a/data/reusables/dependency-graph/deduplication.md
+++ b/data/reusables/dependency-graph/deduplication.md
@@ -1,4 +1,4 @@
-Dependency graph can learn about dependencies in three different ways: static analysis, automatic submission, and user submission. A repository can have multiple methods configured, causing the same package manifest to be scanned multiple times, potentially with different outputs from each scan. Dependency graph uses deduplication logic to parse the outputs, prioritizing the most accurate information for each manifest file.
+Dependency graph can learn about dependencies in three different ways: static analysis, automatic submission, and manual submission. A repository can have multiple methods configured, which can cause the same package manifest to be scanned multiple times, potentially with different outputs from each scan. Dependency graph uses deduplication logic to parse the outputs, prioritizing the most accurate information for each manifest file.
 
 Dependency graph displays only one instance of each manifest file using the following precedence rules.
 
diff --git a/data/reusables/dependency-graph/repository-view-update.md b/data/reusables/dependency-graph/repository-view-update.md
index 0c4920d6c290..71ddc86e0053 100644
--- a/data/reusables/dependency-graph/repository-view-update.md
+++ b/data/reusables/dependency-graph/repository-view-update.md
@@ -1,3 +1,3 @@
-For each dependency, you can see the version, {% ifversion fpt or ghec %}license information,{% endif %} the manifest file which included it, and whether it has known vulnerabilities. For package ecosystems supporting transitive dependencies, the relationship status will be displayed and the disclosure button **...** will show the transitive path which brought in the dependency. For more information about transitive dependency support, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/dependency-graph-supported-package-ecosystems).
+For each dependency, you can see the version, {% ifversion fpt or ghec %}license information,{% endif %} the manifest file which included it, and whether it has known vulnerabilities. For package ecosystems supporting transitive dependencies, the relationship status will be displayed and you can click "{% octicon "kebab-horizontal" aria-label="Show dependency options" %}", then "Show paths", to see the transitive path which brought in the dependency.
 
-You can also search for a specific dependency using the search bar. Dependencies are sorted automatically with vulnerabilities at the top.
+You can also search for a specific dependency using the search bar. Dependencies are sorted automatically with vulnerable packages at the top.
diff --git a/data/reusables/dependency-graph/supported-package-ecosystems.md b/data/reusables/dependency-graph/supported-package-ecosystems.md
index 8ae4728567a5..e9d381ab9f7e 100644
--- a/data/reusables/dependency-graph/supported-package-ecosystems.md
+++ b/data/reusables/dependency-graph/supported-package-ecosystems.md
@@ -1,22 +1,23 @@
-| Package manager | Languages | Transitive dependencies | Recommended files | Additional files |
-| --- | --- | --- | --- | ---|
-| Cargo | Rust | {% octicon "x" aria-label="Not supported" %} | `Cargo.lock` | `Cargo.toml` |
-| Composer             | PHP           | {% octicon "x" aria-label="Not supported" %} | `composer.lock` | `composer.json` |
-| NuGet | .NET languages (C#, F#, VB), C++  | {% octicon "x" aria-label="Not supported" %} |  `.csproj`, `.vbproj`, `.nuspec`, `.vcxproj`, `.fsproj` | `packages.config` |
-| {% data variables.product.prodname_actions %} workflows | YAML | {% octicon "x" aria-label="Not supported" %} | `.yml`, `.yaml` | {% octicon "x" aria-label="None" %} |
-| Go modules | Go | {% octicon "x" aria-label="Not supported" %} | `go.mod`| {% octicon "x" aria-label="None" %} |
-| Maven | Java, Scala | {% octicon "check" aria-label="Supported" %} |  `pom.xml`  | {% octicon "x" aria-label="None" %}  |
-| npm | JavaScript | {% octicon "check" aria-label="Supported" %} |          `package-lock.json` | `package.json`|
-| pip             | Python                    | {% octicon "x" aria-label="Not supported" %} | `requirements.txt`, `pipfile.lock` | `pipfile`, `setup.py` |
-| pnpm             | JavaScript                    | {% octicon "check" aria-label="Supported" %} | `pnpm-lock.yaml` | `package.json` |
-| pub             | Dart                    | {% octicon "x" aria-label="Not supported" %} | `pubspec.lock` | `pubspec.yaml` |
-| Python Poetry | Python                    | {% octicon "x" aria-label="Not supported" %} | `poetry.lock` | `pyproject.toml` |
-| RubyGems             | Ruby           | {% octicon "x" aria-label="Not supported" %} | `Gemfile.lock` | `Gemfile`, `*.gemspec` |
-| Swift Package Manager | Swift | {% octicon "x" aria-label="Not supported" %} | `Package.resolved` | {% octicon "x" aria-label="None" %} |
-| Yarn | JavaScript | {% octicon "check" aria-label="Supported" %} | `yarn.lock` | `package.json` |
+| Package manager | Languages | Static transitive dependencies | Automatic dependency submission | Recommended files | Additional files |
+| --- | --- | --- | --- | --- | ---|
+| Cargo | Rust | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `Cargo.lock` | `Cargo.toml` |
+| Composer             | PHP           | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `composer.lock` | `composer.json` |
+| NuGet | .NET languages (C#, F#, VB), C++  | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `.csproj`, `.vbproj`, `.nuspec`, `.vcxproj`, `.fsproj` | `packages.config` |
+| {% data variables.product.prodname_actions %} workflows | YAML | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `.yml`, `.yaml` | {% octicon "x" aria-label="None" %} |
+| Go modules | Go | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} |  `go.mod`| {% octicon "x" aria-label="None" %} |
+| Gradle | Java  | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} |  {% octicon "x" aria-label="None" %} | {% octicon "x" aria-label="None" %} |
+| Maven | Java, Scala | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | `pom.xml`  | {% octicon "x" aria-label="None" %}  |
+| npm | JavaScript | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | `package-lock.json` | `package.json`|
+| pip             | Python                    | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `requirements.txt`, `pipfile.lock` | `pipfile`, `setup.py` |
+| pnpm             | JavaScript                    | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | `pnpm-lock.yaml` | `package.json` |
+| pub             | Dart                    | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `pubspec.lock` | `pubspec.yaml` |
+| Poetry | Python                    | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `poetry.lock` | `pyproject.toml` |
+| RubyGems             | Ruby           | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `Gemfile.lock` | `Gemfile`, `*.gemspec` |
+| Swift Package Manager | Swift | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `Package.resolved` | {% octicon "x" aria-label="None" %} |
+| Yarn | JavaScript | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | `yarn.lock` | `package.json` |
 
 > [!NOTE]{% ifversion transitive-dependency-labeling-npm %}
-> * The **Transitive dependencies** column indicates whether static analysis will add `direct` and `transitive` labels for dependent packages in that ecosystem. Labels will appear on the dependency graph view, {% data variables.product.prodname_dependabot_alerts %}, the GraphQL API, and exported SBOMs. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#dependencies-view).{% endif %}
+> * The **Static transitive dependencies** column indicates whether static analysis will add `direct` and `transitive` labels for dependent packages in that ecosystem. Dependency submission actions (automatic or manually configured) can add transitive information for ecosystems where static analysis cannot. {% endif %}
 > * If you list your Python dependencies within a `setup.py` file, we may not be able to parse and list every dependency in your project.
 > * {% data variables.product.prodname_actions %} workflows must be located in the `.github/workflows/` directory of a repository to be recognized as manifests. Any actions or workflows referenced using the syntax `jobs[*].steps[*].uses` or `jobs.<job_id>.uses` will be parsed as dependencies. For more information, see [AUTOTITLE](/actions/using-workflows/workflow-syntax-for-github-actions).
 > * {% data reusables.dependabot.dependabot-alert-actions-semver %} For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts) and [AUTOTITLE](/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates).
diff --git a/src/graphql/data/fpt/changelog.json b/src/graphql/data/fpt/changelog.json
index 0dc782b4a3c8..de6de910d43c 100644
--- a/src/graphql/data/fpt/changelog.json
+++ b/src/graphql/data/fpt/changelog.json
@@ -1,4 +1,18 @@
 [
+  {
+    "schemaChanges": [
+      {
+        "title": "The GraphQL schema includes these changes:",
+        "changes": [
+          "<p>Enum value 'ISSUE_COUNT<code>was added to enum</code>LabelOrderField'</p>",
+          "<p>Field <code>digest</code> was added to object type <code>ReleaseAsset</code></p>"
+        ]
+      }
+    ],
+    "previewChanges": [],
+    "upcomingChanges": [],
+    "date": "2025-05-27"
+  },
   {
     "schemaChanges": [
       {
diff --git a/src/graphql/data/fpt/schema.docs.graphql b/src/graphql/data/fpt/schema.docs.graphql
index 3f06618c01ae..20d2376cb668 100644
--- a/src/graphql/data/fpt/schema.docs.graphql
+++ b/src/graphql/data/fpt/schema.docs.graphql
@@ -20867,6 +20867,11 @@ enum LabelOrderField {
   """
   CREATED_AT
 
+  """
+  Order labels by issue count
+  """
+  ISSUE_COUNT
+
   """
   Order labels by name
   """
@@ -44860,6 +44865,11 @@ type ReleaseAsset implements Node {
   """
   createdAt: DateTime!
 
+  """
+  The SHA256 digest of the asset
+  """
+  digest: String
+
   """
   The number of times this asset was downloaded
   """
diff --git a/src/graphql/data/fpt/schema.json b/src/graphql/data/fpt/schema.json
index 66496c350fae..a122c397aadc 100644
--- a/src/graphql/data/fpt/schema.json
+++ b/src/graphql/data/fpt/schema.json
@@ -59045,6 +59045,14 @@
           "kind": "scalars",
           "href": "/graphql/reference/scalars#datetime"
         },
+        {
+          "name": "digest",
+          "description": "<p>The SHA256 digest of the asset.</p>",
+          "type": "String",
+          "id": "string",
+          "kind": "scalars",
+          "href": "/graphql/reference/scalars#string"
+        },
         {
           "name": "downloadCount",
           "description": "<p>The number of times this asset was downloaded.</p>",
@@ -89560,6 +89568,10 @@
           "name": "CREATED_AT",
           "description": "<p>Order labels by creation time.</p>"
         },
+        {
+          "name": "ISSUE_COUNT",
+          "description": "<p>Order labels by issue count.</p>"
+        },
         {
           "name": "NAME",
           "description": "<p>Order labels by name.</p>"
diff --git a/src/graphql/data/ghec/schema.docs.graphql b/src/graphql/data/ghec/schema.docs.graphql
index 3f06618c01ae..20d2376cb668 100644
--- a/src/graphql/data/ghec/schema.docs.graphql
+++ b/src/graphql/data/ghec/schema.docs.graphql
@@ -20867,6 +20867,11 @@ enum LabelOrderField {
   """
   CREATED_AT
 
+  """
+  Order labels by issue count
+  """
+  ISSUE_COUNT
+
   """
   Order labels by name
   """
@@ -44860,6 +44865,11 @@ type ReleaseAsset implements Node {
   """
   createdAt: DateTime!
 
+  """
+  The SHA256 digest of the asset
+  """
+  digest: String
+
   """
   The number of times this asset was downloaded
   """
diff --git a/src/graphql/data/ghec/schema.json b/src/graphql/data/ghec/schema.json
index 66496c350fae..a122c397aadc 100644
--- a/src/graphql/data/ghec/schema.json
+++ b/src/graphql/data/ghec/schema.json
@@ -59045,6 +59045,14 @@
           "kind": "scalars",
           "href": "/graphql/reference/scalars#datetime"
         },
+        {
+          "name": "digest",
+          "description": "<p>The SHA256 digest of the asset.</p>",
+          "type": "String",
+          "id": "string",
+          "kind": "scalars",
+          "href": "/graphql/reference/scalars#string"
+        },
         {
           "name": "downloadCount",
           "description": "<p>The number of times this asset was downloaded.</p>",
@@ -89560,6 +89568,10 @@
           "name": "CREATED_AT",
           "description": "<p>Order labels by creation time.</p>"
         },
+        {
+          "name": "ISSUE_COUNT",
+          "description": "<p>Order labels by issue count.</p>"
+        },
         {
           "name": "NAME",
           "description": "<p>Order labels by name.</p>"