Merge pull request #32163 from github/repo-sync

docs-bot · web-flow · commit 396e6ff82636 · 2024-03-20T12:57:21.000-04:00
Repo sync
diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning.md b/content/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning.md
@@ -19,9 +19,19 @@ topics:
 
 ## About autofix for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}
 
-Autofix is an AI-powered expansion of {% data variables.product.prodname_code_scanning %} that provides users with targeted recommendations to help them fix {% data variables.product.prodname_code_scanning %} alerts in pull requests so they can avoid introducing new security vulnerabilities. The potential fixes are generated automatically by large language models (LLMs) using data from the codebase, the pull request, and from {% data variables.product.prodname_codeql %} analysis.
+{% data variables.product.prodname_code_scanning_caps %} autofix is a {% data variables.product.prodname_copilot %}-powered expansion of {% data variables.product.prodname_code_scanning %} that provides users with targeted recommendations to help them fix {% data variables.product.prodname_code_scanning %} alerts in pull requests so they can avoid introducing new security vulnerabilities. The potential fixes are generated automatically by large language models (LLMs) using data from the codebase, the pull request, and from {% data variables.product.prodname_codeql %} analysis.
 
-{% data variables.product.prodname_code_scanning_caps %} autofix generates potential fixes that are relevant to the existing source code and translates the description and location of an alert into code changes that may fix the alert. The autofix system uses the OpenAI GPT-4 large language model, which has sufficient generative capabilities to produce both suggested fixes in code and explanatory text for those fixes.
+{% note %}
+
+**Note:** While {% data variables.product.prodname_code_scanning %} autofix is powered by {% data variables.product.prodname_copilot %}, your enterprise does not need a subscription to {% data variables.product.prodname_copilot %} to use autofix. As long as your enterprise has {% data variables.product.prodname_GH_advanced_security %}, you will have access to autofix.
+
+{% endnote %}
+
+{% data variables.product.prodname_code_scanning_caps %} autofix generates potential fixes that are relevant to the existing source code and translates the description and location of an alert into code changes that may fix the alert. Autofix uses internal {% data variables.product.prodname_copilot %} APIs and private instances of OpenAI large language models such as GPT-4, which have sufficient generative capabilities to produce both suggested fixes in code and explanatory text for those fixes.
+
+{% ifversion code-scanning-autofix %}While {% data variables.product.prodname_code_scanning %} autofix is allowed by default in an enterprise and enabled for every repository using {% data variables.product.prodname_codeql %}, you can choose to opt out and disable autofix. To learn how to disable autofix at the enterprise, organization and repository levels, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning)."{% endif %}
+
+In an organization's security overview dashboard, you can view the total number of autofix suggestions generated on open and closed pull requests in the organization for a given time period. For more information, see "[AUTOTITLE](/enterprise-cloud@latest/code-security/security-overview/viewing-security-insights-for-your-organization#autofix-suggestions)" in the {% data variables.product.prodname_ghe_cloud %} documentation.
 
 ## Developer experience
 
@@ -120,10 +130,11 @@ It is important to remember that the author of a pull request retains responsibi
 
 - "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts)"
 - "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests#working-with-autofix-suggestions-for-alerts)"
+- "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning)"
 
 {% elsif fpt %}
 
 - "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts)"
-- [the {% data variables.product.prodname_ghe_cloud %} documentation](/enterprise-cloud@latest/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests#working-with-autofix-suggestions-for-alerts)
+- [AUTOTITLE](/enterprise-cloud@latest/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests#working-with-autofix-suggestions-for-alerts) in the {% data variables.product.prodname_ghe_cloud %} documentation
 
 {% endif %}
diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning.md b/content/code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning.md
@@ -0,0 +1,57 @@
+---
+title: Disabling autofix for code scanning
+shortTitle: Disable autofix
+intro: You can choose to disallow {% data variables.product.prodname_code_scanning %} autofix for an enterprise or disable autofix at the organization and repository level.
+product: '{% data reusables.rai.code-scanning.gated-feature-autofix %}'
+versions:
+  feature: code-scanning-autofix
+type: how_to
+topics:
+  - Advanced Security
+  - Code scanning
+  - CodeQL
+  - AI
+---
+
+{% data reusables.rai.code-scanning.beta-autofix %}
+
+## About disabling autofix for {% data variables.product.prodname_code_scanning %}
+
+{% data variables.product.prodname_code_scanning_caps %} autofix is a {% data variables.product.prodname_copilot %}-powered expansion of {% data variables.product.prodname_code_scanning %} that provides users with targeted recommendations to help them fix {% data variables.product.prodname_code_scanning %} alerts in pull requests so they can avoid introducing new security vulnerabilities. To learn more about autofix for code scanning, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."
+
+{% data variables.product.prodname_code_scanning_caps %} autofix is allowed by default in an enterprise and enabled for every repository that uses {% data variables.product.prodname_codeql %}, regardless of whether it uses default or advanced setup for {% data variables.product.prodname_code_scanning %}. Administrators at the enterprise, organization and repository levels can choose to opt-out and disable autofix.
+
+Note that disabling autofix at any level will close all open autofix comments from all open pull requests at the level that was disabled. If autofix is disabled and then subsequently enabled, autofix won't automatically suggest any fixes for pull requests that are already open. The suggestions will only be generated for pull requests that are opened after autofix is enabled, or after re-running {% data variables.product.prodname_codeql %} analysis on existing pull requests.
+
+## Blocking use of autofix for an enterprise
+
+Enterprise administrators can disallow autofix for their enterprise. If you disallow autofix for an enterprise, autofix cannot be enabled for any organizations or repositories within the enterprise.
+
+Note that allowing autofix for an enterprise does not enforce enablement of autofix, but means that organization and repository administrators will have the option to enable or disable autofix.
+
+Disallowing autofix at the enterprise level will remove all open autofix comments from open pull requests across all repositories of all organizations within the enterprise.
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
+1. Under "Autofix for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}", use the dropdown menu to choose "Not allowed."
+
+## Disabling autofix for an organization
+
+If autofix is allowed at the enterprise level, organization administrators have the option to disable autofix for an organization. If you disable autofix for an organization, autofix cannot be enabled for any repositories within the organization.
+
+Note that disabling autofix at the organization level will remove all open autofix comments from open pull requests across all repositories in the organization.
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+{% data reusables.organizations.security-and-analysis %}
+1. Under the "{% data variables.product.prodname_code_scanning_caps %}" section, deselect **Autofix for {% data variables.product.prodname_codeql %}**.
+
+## Disabling autofix for a repository
+
+If autofix is allowed at the enterprise level and enabled at the organization level, repository administrators have the option to disable autofix for a repository. Disabling autofix at the repository level will remove all open autofix comments from all open pull requests across the repository.
+
+{% data reusables.repositories.navigate-to-repo %}
+{% data reusables.repositories.sidebar-settings %}
+{% data reusables.user-settings.security-analysis %}
+1. In the "{% data variables.product.prodname_code_scanning_caps %}" section, deselect **Autofix for {% data variables.product.prodname_codeql %}**.
diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/index.md b/content/code-security/code-scanning/managing-code-scanning-alerts/index.md
@@ -14,6 +14,7 @@ topics:
 children:
   - /about-code-scanning-alerts
   - /about-autofix-for-codeql-code-scanning
+  - /disabling-autofix-for-code-scanning
   - /managing-code-scanning-alerts-for-your-repository
   - /triaging-code-scanning-alerts-in-pull-requests
   - /tracking-code-scanning-alerts-in-issues-using-task-lists
diff --git a/content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md b/content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md
@@ -116,7 +116,7 @@ Anyone with push access to a pull request can fix a {% data variables.product.pr
 
 {% data reusables.rai.code-scanning.beta-autofix %}
 
-Autofix is an AI-powered expansion of {% data variables.product.prodname_code_scanning %} that provides you with targeted recommendations to help you fix {% data variables.product.prodname_code_scanning %} alerts in pull requests. The potential fixes are generated automatically by large language models (LLMs) using data from the codebase, the pull request, and from {% data variables.product.prodname_codeql %} analysis.
+Autofix, powered by {% data variables.product.prodname_copilot %}, is an expansion of {% data variables.product.prodname_code_scanning %} that provides you with targeted recommendations to help you fix {% data variables.product.prodname_code_scanning %} alerts in pull requests. The potential fixes are generated automatically by large language models (LLMs) using data from the codebase, the pull request, and from {% data variables.product.prodname_codeql %} analysis.
 
 ![Screenshot of the check failure for a {% data variables.product.prodname_code_scanning %} alert in a pull request. The first paragraph of the "autofix" suggestion for the alert is highlighted in dark orange.](/assets/images/help/code-scanning/alert+autofix.png)
 
diff --git a/content/code-security/security-overview/viewing-security-insights-for-your-organization.md b/content/code-security/security-overview/viewing-security-insights-for-your-organization.md
@@ -103,6 +103,18 @@ The rate is calculated by dividing the number of alerts that were closed and rem
 
 Alerts that are reopened and re-closed during the chosen time period are ignored.
 
+{% ifversion code-scanning-autofix %}
+
+### Autofix suggestions
+
+{% data reusables.rai.code-scanning.beta-autofix %}
+
+Autofix, powered by {% data variables.product.prodname_copilot %}, is an expansion of {% data variables.product.prodname_code_scanning %} that provides you with targeted recommendations to help you fix {% data variables.product.prodname_code_scanning %} alerts in pull requests. For more information, see "[AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-autofix-for-codeql-code-scanning)."
+
+The "Autofix suggestions" metric is the total number of Autofix suggestions generated in open and closed pull requests during the chosen time period.
+
+{% endif %}
+
 ### Alert activity graph
 
 Expanding on the alert trends graph, the alert activity graph shows you alert inflows and outflows over your chosen time period.
diff --git a/data/reusables/rai/code-scanning/beta-autofix.md b/data/reusables/rai/code-scanning/beta-autofix.md
@@ -2,7 +2,7 @@
 
 {% note %}
 
-**Note:** {% data variables.product.prodname_dotcom %} autofix for {% data variables.product.prodname_code_scanning %} is in beta. Functionality and documentation are subject to change. During this phase, the feature is restricted to JavaScript, TypeScript, and Python alerts identified by {% data variables.product.prodname_codeql %}. If you have an enterprise account and use {% data variables.product.prodname_GH_advanced_security %}, you can join the [waitlist for {% data variables.product.prodname_GH_advanced_security %} AI features](https://github.com/features/preview/security).
+**Note:** {% data variables.product.prodname_dotcom %} autofix for {% data variables.product.prodname_code_scanning %} is in beta. Functionality and documentation are subject to change. During this phase, the feature is restricted to JavaScript, TypeScript, Python, and Java alerts identified by {% data variables.product.prodname_codeql %}. If you have an enterprise account and use {% data variables.product.prodname_GH_advanced_security %}, your enterprise has access to the beta.
 
 {% endnote %}
 
