Docs for new Secret risk assessment, GHAS SKU unbundling, and expansion to Team plan - ships 1st April (UK morning) (#54748)

Co-authored-by: Copilot <[email protected]>
Co-authored-by: Isaac Brown <[email protected]>
Co-authored-by: mchammer01 <[email protected]>
Co-authored-by: Anne-Marie <[email protected]>
Co-authored-by: Hector Alfaro <[email protected]>
Co-authored-by: Vanessa <[email protected]>
Co-authored-by: Erin Havens <[email protected]>
Co-authored-by: Aaron Waggener <[email protected]>
Co-authored-by: Sam Browning <[email protected]>
Co-authored-by: Sarah Schneider <[email protected]>
Co-authored-by: Sarita Iyer <[email protected]>
Co-authored-by: Sarah Schneider <[email protected]>

Author: 12 people

assets/images/help/billing/ghas-billing-table-repository-csv.png

@@ -47,7 +47,7 @@ To pay for user licenses and services, you can:
 
 You will be on our latest billing platform, which allows you to estimate spending, create cost centers to manage expenses, and pay flexibly for the services you use.
 
-You can also sign up for usage-based billing for {% data variables.product.prodname_enterprise %} and {% data variables.product.prodname_GHAS %}{% ifversion ghas-products-cloud %} products{% endif %}, meaning you won't need to purchase a pre-defined number of licenses in advance.
+You can also sign up for usage-based billing for {% data variables.product.prodname_enterprise %} and {% data variables.product.prodname_GHAS %} products, meaning you won't need to purchase a pre-defined number of licenses in advance.
 
 ## Developer experience
 

assets/images/help/enterprises/ghas-add-licenses.png

@@ -2,7 +2,6 @@
 title: About security configurations
 shortTitle: Security configurations
 intro: 'Security configurations are collections of security settings that you can apply across your enterprise.'
-product: '{% data reusables.gated-features.security-configurations-enterprise %}'
 versions:
   feature: security-configuration-enterprise-level
 topics:
@@ -17,9 +16,16 @@ topics:
 
 {% data reusables.security-configurations.overview %}
 
+{% ifversion ghec %}
+
+When you create a security configuration with {% data variables.product.prodname_AS %} features enabled, your enterprise will incur usage costs when you apply the configuration to repositories if your enterprise account has metered billing. If you have bought volume/subscription licenses for {% data variables.product.prodname_GHAS %}, {% data variables.product.prodname_GH_code_security %}, or {% data variables.product.prodname_GH_secret_protection %}, you will need enough licenses to cover any additional unique committers.
+
+{% endif %}
+
 {% ifversion security-configurations-ghes-only %}
 
 When creating a security configuration, keep in mind that:
+
 * Only features installed by a site administrator on your {% data variables.product.prodname_ghe_server %} instance will appear in the UI.
 * {% data variables.product.prodname_AS %} features will only be visible if your enterprise or {% data variables.product.prodname_ghe_server %} instance holds a {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %}, {% data variables.product.prodname_GH_code_security %}, or {% data variables.product.prodname_GH_secret_protection %}{% endif %} license.
 * Certain features, like {% data variables.product.prodname_dependabot_security_updates %} and {% data variables.product.prodname_code_scanning %} default setup, also require that {% data variables.product.prodname_actions %} is installed on the {% data variables.product.prodname_ghe_server %} instance.

assets/images/help/enterprises/ghas-download-report.png

@@ -15,14 +15,16 @@ topics:
 
 The {% data variables.product.prodname_github_security_configuration %} is a set of industry best practices and features that provide a robust, baseline security posture for enterprises. This configuration is created and maintained by subject matter experts at {% data variables.product.github %}, with the help of multiple industry leaders and experts. The {% data variables.product.prodname_github_security_configuration %} is designed to successfully reduce the security risks for low- and high-impact repositories. We recommend you apply this configuration to all the repositories in your enterprise.
 
+The {% data variables.product.prodname_github_security_configuration %} includes {% data variables.product.prodname_GH_code_security %} and {% data variables.product.prodname_GH_secret_protection %} features. Applying the configuration to private and internal repositories will incur usage costs or require GHAS licenses. For more information, see [AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security).
+
 {% data reusables.security-configurations.github-recommended-warning-enterprise %}
 
-## Applying the {% data variables.product.prodname_github_security_configuration %} to  repositories in your enterprise
+## Applying the {% data variables.product.prodname_github_security_configuration %} to repositories in your enterprise
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.settings-tab %}
 {% data reusables.enterprise-accounts.advanced-security-tab %}
-1. In the "{% data variables.product.company_short %} recommended" row of the configurations table for your enterprise, select the **Apply to** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **All repositories** or **All repositories without configurations**.
+1. In the "{% data variables.product.github %} recommended" row of the configurations table for your enterprise, select the **Apply to** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **All repositories** or **All repositories without configurations**.
 {% data reusables.security-configurations.apply-configuration-by-default %}
 
 {% data reusables.security-configurations.apply-configuration %}
@@ -36,5 +38,6 @@ The {% data variables.product.prodname_github_security_configuration %} is a set
 {% data reusables.enterprise-accounts.advanced-security-tab %}
 1. In the "Configurations" section, select "{% data variables.product.company_short %} recommended".
 1. In the "Policy" section, next to "Enforce configuration", select **Enforce** from the dropdown menu.
+1. Click **Save configuration** to save your change to the {% data variables.product.prodname_github_security_configuration %}.
 
 {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases-enterprise %}

assets/images/help/enterprises/ghas-licenses-dropdown.png

@@ -15,8 +15,7 @@ topics:
 
 There are some additional {% data variables.product.prodname_secret_scanning %} settings that cannot be applied to repositories using {% data variables.product.prodname_security_configurations %}, so you must configure these settings separately:
 
-* [Configuring a resource link for push protection](/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise#configuring-a-resource-link-for-push-protection){% ifversion secret-scanning-ai-generic-secret-detection %}
-* [Configuring AI detection to find additional secrets](/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise#configuring-ai-detection-to-find-additional-secrets){% endif %}
+* [Configuring a resource link for push protection](/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise#configuring-a-resource-link-for-push-protection)
 
 These additional settings only apply to repositories with {% data variables.product.prodname_secret_scanning %} enabled and {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %} or {% data variables.product.prodname_GH_secret_protection %}{% endif %}.
 
@@ -33,17 +32,3 @@ To provide context for developers when {% data variables.product.prodname_secret
 
 1. Under "Additional settings", to the right of "Resource link for push protection", click **{% octicon "pencil" aria-hidden="true" %}**.
 1. In the text box, type the link to the desired resource, then click **{% octicon "check" aria-label="Save" %}**.
-
-{% ifversion secret-scanning-ai-generic-secret-detection %}
-
-### Configuring AI detection to find additional secrets
-
-{% data variables.secret-scanning.copilot-secret-scanning %}'s {% data variables.secret-scanning.generic-secret-detection %} is an AI-powered expansion of {% data variables.product.prodname_secret_scanning %} that scans and creates alerts for unstructured secrets, such as passwords.
-
-1. Under "Additional settings", to the right of "Use AI detection to find additional secrets", ensure the setting is toggled to "On".
-
-{% data reusables.secret-scanning.copilot-secret-scanning-generic-secrets-subscription-note %}
-
-To learn more about generic secrets, see [AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets).
-
-{% endif %}