Repo sync

CHANGELOG.md

@@ -2,7 +2,12 @@
 
 **9 April 2026**
 
-We have added documentation for the code security risk assessment (CSRA), a free self-serve tool that helps organization admins and security managers understand their organization's exposure to code vulnerabilities.
+We've added a conceptual article to the Copilot CLI documentation explaining the context window, compaction, and checkpoints.
+
+[Managing context in GitHub Copilot CLI](https://docs.github.com/copilot/concepts/agents/copilot-cli/context-management)
+
+We've also added documentation for the code security risk assessment (CSRA), a free self-serve tool that helps organization admins and security managers understand their organization's exposure to code vulnerabilities.
+
 New content includes:
 
 * [Code security risk assessment](https://docs.github.com/en/code-security/concepts/code-scanning/code-security-risk-assessment): What the CSRA is, who can run it, what it scans, and how it relates to the secret risk assessment.

content/code-security/concepts/security-at-scale/about-security-overview.md

@@ -56,7 +56,7 @@ The views are interactive with filters that allow you to look at the aggregated
 {% data reusables.security-overview.download-csv-files %} For more information, see [AUTOTITLE](/code-security/security-overview/exporting-data-from-security-overview).
 {% endif %}
 
-There are dedicated views for each type of security alert. You can limit your analysis to a specific type of alert, and then narrow the results further with a range of filters specific to each view. For example, in the {% data variables.product.prodname_secret_scanning %} alert view, you can use the "Secret type" filter to view only {% data variables.secret-scanning.alerts %} for a specific secret, like a {% data variables.product.prodname_dotcom %} {% data variables.product.pat_generic %}.
+There are dedicated views for each type of security alert. You can limit your analysis to a specific type of alert, and then narrow the results further with a range of filters specific to each view. For example, in the {% data variables.product.prodname_secret_scanning %} view, you can use the "Secret type" filter to view only {% data variables.secret-scanning.alerts %} for a specific secret, like a {% data variables.product.prodname_dotcom %} {% data variables.product.pat_generic %}.
 
 > [!NOTE]
 > Security overview displays active alerts raised by security features. If there are no alerts shown in security overview for a repository, undetected security vulnerabilities or code errors may still exist or the feature may not be enabled for that repository.
@@ -70,14 +70,14 @@ You can find security overview on the **{% data variables.product.prodname_secur
 Security overview has multiple views that provide different ways to explore enablement and alert data.
 
 * **Overview:** visualize trends in **Detection**, **Remediation**, and **Prevention** of security alerts. For information about accessing and using the dashboard, see [AUTOTITLE](/code-security/security-overview/viewing-security-insights). For detailed explanations of metrics and calculations, see [AUTOTITLE](/code-security/reference/security-at-scale/security-overview-dashboard-metrics).
-* **Risk and Alert views:** explore the risk from security alerts of all types or focus on a single alert type and identify your risk from specific vulnerable dependencies, code weaknesses, or leaked secrets, see [AUTOTITLE](/code-security/security-overview/assessing-code-security-risk).
+* **Risk:** explore the risk from security alerts of all types or focus on a single alert type and identify your risk from specific vulnerable dependencies, code weaknesses, or leaked secrets, see [AUTOTITLE](/code-security/security-overview/assessing-code-security-risk).
 * **Coverage:** assess the adoption of security features across repositories in the organization, see [AUTOTITLE](/code-security/security-overview/assessing-adoption-code-security).{% ifversion ghas-products %}{% ifversion secret-risk-assessment %}
 * **Assessments:** regardless of the enablement status of {% data variables.product.prodname_AS %} features, organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %} can run a free report to scan the code in the organization for leaked secrets, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment).{% endif %}{% endif %}{% ifversion security-campaigns %}
 * **Campaigns:** coordinate and measure targeted remediation efforts, grouping related security tasks across repositories, assigning owners, and tracking progress toward defined risk‑reduction goals.{% endif %}
-* **Enablement trends:** see how quickly different teams are adopting security features.{% ifversion security-overview-org-codeql-pr-alerts %}
-* **CodeQL pull request alerts:** assess the impact of running CodeQL on pull requests and how development teams are resolving code scanning alerts, see [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts).{% endif %}{% ifversion dependabot-metrics %}
-**{% data variables.product.prodname_dependabot %} dashboard**: prioritize and track critical vulnerabilities by identifying, remediating, and measuring security improvements across repositories.{% endif %}
-* **{% data variables.product.prodname_secret_scanning_caps %} insights:** find out which types of secret are blocked by push protection{% ifversion security-overview-delegated-bypass-requests %} and which teams are bypassing push protection{% endif %}, see [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection){% ifversion security-overview-delegated-bypass-requests %} and [AUTOTITLE](/code-security/security-overview/reviewing-requests-to-bypass-push-protection){% endif %}.
+* **Enablement:** see how quickly different teams are adopting security features.{% ifversion security-overview-org-codeql-pr-alerts %}
+* **{% data variables.product.prodname_codeql %} pull requests:** assess the impact of running {% data variables.product.prodname_codeql %} on pull requests and how development teams are resolving {% data variables.product.prodname_code_scanning %} alerts, see [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts).{% endif %}{% ifversion dependabot-metrics %}
+* **{% data variables.product.prodname_dependabot %}**: prioritize and track critical vulnerabilities by identifying, remediating, and measuring security improvements across repositories.{% endif %}
+* **{% data variables.product.prodname_secret_scanning_caps %}:** find out which types of secret are blocked by push protection{% ifversion security-overview-delegated-bypass-requests %} and which teams are bypassing push protection{% endif %}, see [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-secret-scanning-push-protection){% ifversion security-overview-delegated-bypass-requests %} and [AUTOTITLE](/code-security/security-overview/reviewing-requests-to-bypass-push-protection){% endif %}.
 
 {% ifversion security-campaigns %}
 You also create and manage security campaigns to remediate alerts from security overview, see [AUTOTITLE](/code-security/securing-your-organization/fixing-security-alerts-at-scale/creating-managing-security-campaigns) and [AUTOTITLE](/code-security/securing-your-organization/fixing-security-alerts-at-scale/best-practice-fix-alerts-at-scale).

content/code-security/how-tos/manage-security-alerts/manage-dependabot-alerts/viewing-and-updating-dependabot-alerts.md

@@ -1,6 +1,6 @@
 ---
 title: Viewing and updating Dependabot alerts
-intro: If {% data variables.product.github %} discovers insecure dependencies in your project, you can view details on the Dependabot alerts tab of your repository. Then, you can update your project to resolve or dismiss the alert.
+intro: If {% data variables.product.github %} discovers insecure dependencies in your project, you can view alert details on the {% data variables.product.prodname_dependabot %} tab of your repository. Then, you can update your project to resolve or dismiss the alert.
 redirect_from:
   - /articles/viewing-and-updating-vulnerable-dependencies-in-your-repository
   - /github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository
@@ -20,11 +20,11 @@ category:
 
 {% data reusables.dependabot.enterprise-enable-dependabot %}
 
-Your repository's {% data variables.product.prodname_dependabot_alerts %} tab lists all open and closed {% data variables.product.prodname_dependabot_alerts %} and corresponding {% data variables.product.prodname_dependabot_security_updates %}. You can filter alerts by package, ecosystem, or manifest. You can sort the list of alerts, and you can click into specific alerts for more details. You can also dismiss or reopen alerts, either one by one or by selecting multiple alerts at once. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
+Your repository's {% data variables.product.prodname_dependabot %} tab lists all open and closed {% data variables.product.prodname_dependabot_alerts %} and corresponding {% data variables.product.prodname_dependabot_security_updates %}. You can filter alerts by package, ecosystem, or manifest. You can sort the list of alerts, and you can click into specific alerts for more details. You can also dismiss or reopen alerts, either one by one or by selecting multiple alerts at once. For more information, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
 
 ## About updates for vulnerable dependencies in your repository
 
-Each {% data variables.product.prodname_dependabot %} alert has a unique numeric identifier and the {% data variables.product.prodname_dependabot_alerts %} tab lists an alert for every detected vulnerability. Legacy {% data variables.product.prodname_dependabot_alerts %} grouped vulnerabilities by dependency and generated a single alert per dependency. If you navigate to a legacy {% data variables.product.prodname_dependabot %} alert, you will be redirected to a {% data variables.product.prodname_dependabot_alerts %} tab filtered for that package.
+Each {% data variables.product.prodname_dependabot %} alert has a unique numeric identifier and the {% data variables.product.prodname_dependabot %} tab lists an alert for every detected vulnerability. Legacy {% data variables.product.prodname_dependabot_alerts %} grouped vulnerabilities by dependency and generated a single alert per dependency. If you navigate to a legacy {% data variables.product.prodname_dependabot %} alert, you will be redirected to a {% data variables.product.prodname_dependabot %} tab filtered for that package.
 
 You can filter and sort {% data variables.product.prodname_dependabot_alerts %} using a variety of filters and sort options available on the user interface. For more information, see [Viewing and prioritizing {% data variables.product.prodname_dependabot_alerts %}](#viewing-and-prioritizing-dependabot-alerts) below.
 
@@ -45,7 +45,7 @@ By default, alerts are sorted by **Most important**, which helps you prioritize
 1. Optionally, refine the list of alerts:
    * Use the dropdown menus at the top of the list to sort or filter alerts.
 
-     ![Screenshot of the filter and sort menus in the {% data variables.product.prodname_dependabot_alerts %} tab.](/assets/images/help/graphs/dependabot-alerts-filters-checkbox.png)
+     ![Screenshot of the filter and sort menus in the {% data variables.product.prodname_dependabot %} tab.](/assets/images/help/graphs/dependabot-alerts-filters-checkbox.png)
 
    * Type directly in the search bar to filter alerts, including full-text search across alert details and related security advisories.
    * Click a label on an alert to automatically filter the list by that label.

content/code-security/how-tos/manage-security-alerts/remediate-alerts-at-scale/filtering-alerts-in-security-overview.md

@@ -32,7 +32,7 @@ All security views have features to help you define filters. These provide an ea
 
 * **Interactive search text box.** When you click in the search box and press the keyboard "Space" key, a pop-up text box shows the filter options available in that view. You can use the mouse or keyboard arrow keys to select the options you want in the text box before pressing the keyboard "Return" key to add the filter. Supported for all views.
 * **Dropdown selectors and toggles.** Shown at the end of the "Search text box" or in the header of the data table. As you choose the data to view, the filters shown in the search text box are updated accordingly. Supported on the alert views.
-* **Advanced filters dialog.** When you click the **{% octicon "filter" aria-hidden="true" aria-label="filter" %} Filter** button, you can use dropdown lists to select the "Qualifier," "Operator," and "Values" for each filter. Supported on the "Overview" and metric views.
+* **Advanced filters dialog.** When you click the **{% octicon "filter" aria-hidden="true" aria-label="filter" %} Filter** button, you can use dropdown lists to select the "Qualifier," "Operator," and "Values" for each filter. Supported on the "Overview" and "Insights" views.
 
 ## Accessing security overview for your organization
 
@@ -54,7 +54,7 @@ All security views have features to help you define filters. These provide an ea
 
 ## Using the advanced filters dialog
 
-The advanced filters dialog is available in "Overview" and metric views and helps you build filters.
+The advanced filters dialog is available in "Overview" and "Insights" views and helps you build filters.
 
 1. In the desired view of security overview, click **{% octicon "filter" aria-hidden="true" aria-label="filter" %} Filter**.
 1. In the "Advanced filters" dialog, use the dropdown lists to build your filter:

content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/assessing-adoption-code-security.md

@@ -68,7 +68,7 @@ You can view data to assess the enablement status and enablement status trends o
 
 {% data reusables.organizations.navigate-to-org %}
 {% data reusables.organizations.security-overview %}
-1. In the sidebar, under "Metrics," click **{% octicon "meter" aria-hidden="true" aria-label="meter" %} Enablement trends**.
+1. In the sidebar, under "Insights," click **{% octicon "meter" aria-hidden="true" aria-label="meter" %} Enablement**.
 1. Click on one of the tabs for "{% data variables.product.prodname_dependabot %}," "{% data variables.product.prodname_code_scanning_caps %}," or "{% data variables.product.prodname_secret_scanning_caps %}" to view enablement trends and the percentage of repositories in your organization with that feature enabled. This data is displayed as a graph and a detailed table.
 1. Optionally, use the options at the top of the "Enablement trends" view page to filter the group of repositories you want to see enablement trends for.
     * Use the date picker to set the time range that you want to view enablement trends for.
@@ -88,7 +88,7 @@ You can view data to assess the enablement status and enablement status trends o
 
 {% ifversion ghes %}{% data reusables.enterprise-accounts.access-enterprise-ghes %}{% else %}{% data reusables.enterprise-accounts.access-enterprise-on-dotcom %}{% endif %}
 {% data reusables.code-scanning.click-code-security-enterprise %}
-1. To display the "Enablement trends" view, in the sidebar, click **Enablement trends**.
+1. To display the "Enablement trends" view, in the sidebar, under "Insights", click **Enablement**.
 1. Click on one of the tabs for "{% data variables.product.prodname_dependabot %}," "{% data variables.product.prodname_code_scanning_caps %}," or "{% data variables.product.prodname_secret_scanning_caps %}" to view enablement trends and the percentage of repositories across organizations in your enterprise with that feature enabled. This data is displayed as a graph and a detailed table.
 1. Optionally, use the options at the top of the "Enablement trends" view page to filter the group of repositories you want to see enablement trends for.
     * Use the date picker to set the time range that you want to view enablement trends for.

content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/assessing-code-security-risk.md

@@ -24,7 +24,7 @@ You can use the different views on your **{% data variables.product.prodname_sec
 * **Overview:** use to explore trends in **Detection**, **Remediation**, and **Prevention** of security alerts.
 * **Risk:** use to explore the current state of repositories, across all alert types.{% ifversion secret-risk-assessment %}
 * **Assessments:** use to explore the current state of repositories, for secret leaks specifically{% endif %}
-* **Alerts views:** use to explore {% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_dependabot %}, or {% data variables.product.prodname_secret_scanning %} alerts in greater detail.
+* **Findings:** use to explore {% data variables.product.prodname_code_scanning %}, {% data variables.product.prodname_dependabot %}, or {% data variables.product.prodname_secret_scanning %} alerts in greater detail.
 
 These views provide you with the data and filters to:
 

content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/explore-code-quality.md

@@ -22,7 +22,7 @@ category:
 
 1. On {% data variables.product.prodname_dotcom %}, navigate to the main page of your organization. For example, from [https://github.com/settings/organizations](https://github.com/settings/organizations?ref_product=github&ref_type=engagement&ref_style=text).
 {% data reusables.organizations.security-overview %}
-1. In the "Metrics" section of the sidebar, click {% octicon "code-square" aria-hidden="true" aria-label="code-square" %} **Code quality**.
+1. In the "Insights" section of the sidebar, click {% octicon "code-square" aria-hidden="true" aria-label="code-square" %} **Code quality**.
 
 > [!NOTE] The dashboard only displays data for repositories where the viewer can see code quality findings.
 

content/code-security/how-tos/view-and-interpret-data/analyze-organization-data/exporting-data-from-security-overview.md

@@ -1,7 +1,7 @@
 ---
 title: Exporting data from security overview
 shortTitle: Export data
-intro: From security overview, you can export CSV files of the data used for your organization or enterprise's overview, risk, coverage, and {% data variables.product.prodname_codeql %} pull request alerts pages.
+intro: From security overview, you can export CSV files of the data used for your organization or enterprise's overview, risk, coverage, and {% data variables.product.prodname_codeql %} pull request insights pages.
 permissions: '{% data reusables.permissions.security-overview %}'
 product: '{% data reusables.gated-features.security-overview-fpt-both %}'
 versions:
@@ -26,7 +26,7 @@ The CSV file you download will contain data corresponding to the filters you hav
 {% data reusables.profile.access_org %}
 1. In the "Organizations" section, select the organization for which you would like to download security overview data.
 {% data reusables.organizations.security-overview %}
-1. In the "Security" sidebar, choose the page that you want to export data from by clicking on **{% octicon "graph" aria-hidden="true" aria-label="graph" %}Overview**, **{% octicon "meter" aria-hidden="true" aria-label="meter" %} Coverage**, **{% octicon "shield" aria-hidden="true" aria-label="shield" %} Risk** or **{% octicon "graph" aria-hidden="true" aria-label="graph" %} {% data variables.product.prodname_codeql %} pull request alerts**.
+1. In the sidebar, click **{% octicon "graph" aria-hidden="true" aria-label="graph" %} Overview**, **{% octicon "meter" aria-hidden="true" aria-label="meter" %} Coverage**, **{% octicon "shield" aria-hidden="true" aria-label="shield" %} Risk**, or **{% octicon "graph" aria-hidden="true" aria-label="graph" %} {% data variables.product.prodname_codeql %} pull requests**.
 1. Next to the search bar, click **{% octicon "download" aria-hidden="true" aria-label="download" %} Export CSV**.
 
     It may take a moment for {% data variables.product.github %} to generate the CSV file of your data. Once the CSV file generates, the file will automatically start downloading, and a banner will appear confirming your report is ready. If you are downloading the CSV from the overview page, you will also receive an email when your report is ready, containing a link to download the CSV.