[EDI] Configuring global security settings for your organization (#59362)

jclement136 · web-flow · commit 4dd7be42c4e4 · 2026-02-06T17:06:29.000Z
diff --git a/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/configuring-additional-secret-scanning-settings-for-your-enterprise.md b/content/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/configuring-additional-secret-scanning-settings-for-your-enterprise.md
@@ -54,6 +54,9 @@ You can customize which secret patterns are included in push protection, giving
 
 1. Under "Additional settings", in the "{% data variables.product.UI_secret_protection_scanning %}" section, click anywhere inside the "Pattern configurations for push protection" row.
 1. In the page that gets displayed, make the desired changes in the "Enterprise setting" column.
+
 {% data reusables.secret-scanning.pattern-enablement-org-enterprise %}
 
+For more information on how to read data on the {% data variables.product.prodname_secret_scanning %} pattern configuration page, see [AUTOTITLE](/code-security/reference/secret-security/secret-scanning-pattern-configuration-data).
+
 {% endif %}
diff --git a/content/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/configuring-global-security-settings-for-your-organization.md b/content/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/configuring-global-security-settings-for-your-organization.md
@@ -1,7 +1,7 @@
 ---
 title: Configuring global security settings for your organization
 shortTitle: Configure global settings
-intro: Customize {% data variables.product.prodname_AS %} features to strengthen the security of your organization.
+intro: Customize {% data variables.product.prodname_AS %} features for your organization by defining global settings that ensure consistent security standards and safeguard all your repositories.
 permissions: '{% data reusables.permissions.security-org-enable %}'
 versions:
   feature: security-configurations
@@ -15,10 +15,6 @@ redirect_from:
 contentType: how-tos
 ---
 
-## About {% data variables.product.prodname_global_settings %}
-
-Alongside {% data variables.product.prodname_security_configurations %}, which determine repository-level security settings, you should also configure {% data variables.product.prodname_global_settings %} for your organization. {% data variables.product.prodname_global_settings_caps %} apply to your entire organization, and can customize {% data variables.product.prodname_AS %} features based on your needs. {% ifversion ghes < 3.16 %}You can also create a team of security managers to monitor and maintain your organization's security.{% endif %}
-
 ## Accessing the {% data variables.product.prodname_global_settings %} page for your organization
 
 {% data reusables.profile.access_org %}
@@ -27,8 +23,6 @@ Alongside {% data variables.product.prodname_security_configurations %}, which d
 
 ## Configuring global {% data variables.product.prodname_dependabot %} settings
 
-{% data reusables.dependabot.dependabot-overview %}
-
 You can customize several {% data variables.product.prodname_global_settings %} for {% data variables.product.prodname_dependabot %}:
 
 * [Creating and managing {% data variables.dependabot.auto_triage_rules %}](#creating-and-managing-dependabot-auto-triage-rules)
@@ -44,11 +38,11 @@ You can create and manage {% data variables.dependabot.auto_triage_rules %} to i
   * You can create a new rule by clicking **New rule**, then entering the details for your rule and clicking **Create rule**.
   * You can edit an existing rule by clicking {% octicon "pencil" aria-label="Edit CURATED-OR-CUSTOM rule" %}, then making the desired changes and clicking **Save rule**.
 
-For more information on {% data variables.dependabot.auto_triage_rules %}, see [AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/about-dependabot-auto-triage-rules) and [AUTOTITLE](/code-security/dependabot/dependabot-auto-triage-rules/customizing-auto-triage-rules-to-prioritize-dependabot-alerts#adding-custom-auto-triage-rules-to-your-organization).
+For more information on {% data variables.dependabot.auto_triage_rules %}, see [AUTOTITLE](/code-security/concepts/supply-chain-security/about-dependabot-auto-triage-rules) and [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/customizing-auto-triage-rules-to-prioritize-dependabot-alerts#adding-custom-auto-triage-rules-to-your-organization).
 
 ### Grouping {% data variables.product.prodname_dependabot_security_updates %}
 
-{% data variables.product.prodname_dependabot %} can group all automatically suggested security updates into a single pull request. To enable grouped security updates, select **Grouped security updates**. For more information about grouped updates and customization options, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#grouping-dependabot-security-updates-into-a-single-pull-request).
+{% data variables.product.prodname_dependabot %} can group all automatically suggested security updates into a single pull request. To enable grouped security updates, select **Grouped security updates**. For more information about grouped updates and customization options, see [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-dependabot-security-updates#grouping-dependabot-security-updates-into-a-single-pull-request).
 
 {% ifversion dependabot-on-actions-opt-in %}
 
@@ -93,7 +87,7 @@ For more information about configuring self-hosted runners for {% data variables
 
 ### Granting {% data variables.product.prodname_dependabot %} access to private {% ifversion ghec or ghes %}and internal {% endif %}repositories
 
-To update private dependencies of repositories in your organization, {% data variables.product.prodname_dependabot %} needs access to those repositories. To grant {% data variables.product.prodname_dependabot %} access to the desired private {% ifversion ghec or ghes %}or internal {% endif %}repository, scroll down to the "Grant {% data variables.product.prodname_dependabot %} access to private repositories" section, then use the search bar to find and select the desired repository. Be aware that granting {% data variables.product.prodname_dependabot %} access to a repository means all users in your organization will have access to the contents of that repository through {% data variables.product.prodname_dependabot_updates %}. For more information about the supported ecosystems for private repositories, see [AUTOTITLE](/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories).
+To update private dependencies of repositories in your organization, {% data variables.product.prodname_dependabot %} needs access to those repositories. To grant {% data variables.product.prodname_dependabot %} access to the desired private {% ifversion ghec or ghes %}or internal {% endif %}repository, scroll down to the "Grant {% data variables.product.prodname_dependabot %} access to private repositories" section, then use the search bar to find and select the desired repository. Be aware that granting {% data variables.product.prodname_dependabot %} access to a repository means all users in your organization will have access to the contents of that repository through {% data variables.product.prodname_dependabot_updates %}. For more information about the supported ecosystems for private repositories, see [AUTOTITLE](/code-security/reference/supply-chain-security/supported-ecosystems-and-repositories).
 
 ## Configuring global {% data variables.product.prodname_code_scanning %} settings
 
@@ -117,7 +111,7 @@ You can customize several {% data variables.product.prodname_global_settings %}
 
 ### Recommending the extended query suite for default setup
 
-{% data variables.product.prodname_code_scanning_caps %} offers specific groups of {% data variables.product.prodname_codeql %} queries, called {% data variables.product.prodname_codeql %} query suites, to run against your code. By default, the "Default" query suite is run. {% data variables.product.company_short %} also offers the "Extended" query suite, which contains all the queries in the "Default" query suite, plus additional queries with lower precision and severity. To suggest the "Extended" query suite across your organization, select **Recommend the extended query suite for repositories enabling default setup**. For more information on built-in query suites for {% data variables.product.prodname_codeql %} default setup, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/codeql-query-suites).
+{% data variables.product.prodname_code_scanning_caps %} offers specific groups of {% data variables.product.prodname_codeql %} queries, called {% data variables.product.prodname_codeql %} query suites, to run against your code. By default, the "Default" query suite is run. {% data variables.product.company_short %} also offers the "Extended" query suite, which contains all the queries in the "Default" query suite, plus additional queries with lower precision and severity. To suggest the "Extended" query suite across your organization, select **Recommend the extended query suite for repositories enabling default setup**. For more information on built-in query suites for {% data variables.product.prodname_codeql %} default setup, see [AUTOTITLE](/code-security/concepts/code-scanning/codeql/codeql-query-suites).
 
 {% ifversion code-scanning-autofix %}
 
@@ -129,7 +123,7 @@ You can select **{% data variables.copilot.copilot_autofix_short %}** to enable
 
 ### Expanding {% data variables.product.prodname_codeql %} analysis
 
-You can expand {% data variables.product.prodname_codeql %} analysis coverage for all repositories in your organization that use default setup by configuring {% data variables.product.prodname_codeql %} model packs. Model packs extend the {% data variables.product.prodname_codeql %} analysis to recognize additional frameworks and libraries that are not included in the standard {% data variables.product.prodname_codeql %} libraries. This global configuration applies to repositories using default setup and allows you to specify model packs published via the container registry. For more information, see [AUTOTITLE](/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#extending-coverage-for-all-repositories-in-an-organization).
+You can expand {% data variables.product.prodname_codeql %} analysis coverage for all repositories in your organization that use default setup by configuring {% data variables.product.prodname_codeql %} model packs. Model packs extend the {% data variables.product.prodname_codeql %} analysis to recognize additional frameworks and libraries that are not included in the standard {% data variables.product.prodname_codeql %} libraries. This global configuration applies to repositories using default setup and allows you to specify model packs published via the container registry. For more information, see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/editing-your-configuration-of-default-setup#extending-coverage-for-all-repositories-in-an-organization).
 
 {% ifversion ghes < 3.17 %}
 
@@ -155,7 +149,7 @@ To provide context for developers when {% data variables.product.prodname_secret
 
 ### Defining custom patterns
 
-You can define custom patterns for {% data variables.product.prodname_secret_scanning %} with regular expressions. Custom patterns can identify secrets that are not detected by the default patterns supported by {% data variables.product.prodname_secret_scanning %}. To create a custom pattern, click **New pattern**, then enter the details for your pattern and click **Save and dry run**. For more information on custom patterns, see [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/custom-patterns/defining-custom-patterns-for-secret-scanning).
+You can define custom patterns for {% data variables.product.prodname_secret_scanning %} with regular expressions. Custom patterns can identify secrets that are not detected by the default patterns supported by {% data variables.product.prodname_secret_scanning %}. To create a custom pattern, click **New pattern**, then enter the details for your pattern and click **Save and dry run**. For more information on custom patterns, see [AUTOTITLE](/code-security/how-tos/secure-your-secrets/customize-leak-detection/defining-custom-patterns-for-secret-scanning).
 
 {% ifversion push-protected-pattern-configuration %}
 
@@ -167,8 +161,11 @@ You can customize which secret patterns are included in push protection, giving
 
 1. Under "Additional settings", in the "{% data variables.product.prodname_secret_scanning_caps %}" section and to the right of "Pattern configurations", click **{% octicon "gear" aria-label="The Gear icon" %}**.
 1. In the page that gets displayed, make the desired changes in the "Organization setting" column.
+
 {% data reusables.secret-scanning.pattern-enablement-org-enterprise %}
 
+For more information on how to read data on the {% data variables.product.prodname_secret_scanning %} pattern configuration page, see [AUTOTITLE](/code-security/reference/secret-security/secret-scanning-pattern-configuration-data).
+
 {% endif %}
 
 ## Creating security managers for your organization
diff --git a/content/code-security/reference/secret-security/index.md b/content/code-security/reference/secret-security/index.md
@@ -13,4 +13,5 @@ children:
   - /understanding-github-secret-types
   - /supported-secret-scanning-patterns
   - /risk-report-csv-contents
+  - /secret-scanning-pattern-configuration-data
 ---
diff --git a/content/code-security/reference/secret-security/secret-scanning-pattern-configuration-data.md b/content/code-security/reference/secret-security/secret-scanning-pattern-configuration-data.md
@@ -0,0 +1,23 @@
+---
+title: Secret scanning pattern configuration data
+shortTitle: Secret pattern data
+intro: Understand the data displayed in the {% data variables.product.prodname_secret_scanning %} pattern configuration page to make informed decisions about push protection settings.
+permissions: '{% data reusables.permissions.secret-risk-assessment-report-generation %}'
+versions:
+  feature: security-configurations
+topics:
+  - Code Security
+  - Secret scanning
+  - Secret Protection
+  - Organizations
+  - Security
+  - Advanced Security
+  - Enterprise
+contentType: reference
+
+---
+
+When configuring push protection, you can view performance data for each secret pattern to make informed enablement decisions. Use metrics like alert volume and false positive rates to balance security with developer experience. See [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-organization-security/establish-complete-coverage/configuring-global-security-settings-for-your-organization#specifying-patterns-to-include-in-push-protection){% ifversion security-configuration-enterprise-level %} or [AUTOTITLE](/code-security/how-tos/secure-at-scale/configure-enterprise-security/establish-complete-coverage/configuring-additional-secret-scanning-settings-for-your-enterprise#specifying-patterns-to-include-in-push-protection-for-your-enterprise){% endif %}.
+
+{% data reusables.secret-scanning.pattern-enablement-org-enterprise-chart %}
+ 
diff --git a/data/reusables/secret-scanning/pattern-enablement-org-enterprise-chart.md b/data/reusables/secret-scanning/pattern-enablement-org-enterprise-chart.md
@@ -0,0 +1,9 @@
+      | Column                                      | Description            |
+   |---------------------------------------------|----------------------------------------------|
+   | Name | Name of the pattern or secret |
+   | Alert total | Total number of alerts for the pattern (percentage and absolute numbers) |
+   | False positives | Percentage of false positives for the pattern |
+   | Bypass rate | Percentage of bypasses for the pattern |
+   | {% data variables.product.github %} default | Default behavior for push protection, as recommended by {% data variables.product.github %} |
+   | Enterprise setting | **Uneditable at organization level**</br>Current enablement status for push protection</br>Can be `Enabled`, `Disabled`, and `Default`.</br>At enterprise level, `Default` is the default value. |
+   | Organization setting | **Only valid at organization level**</br>Current enablement status for push protection</br>Can be `Enabled`, `Disabled`, and `Enterprise` (inherited from the enterprise).</br>`Enterprise` is the default value. |
diff --git a/data/reusables/secret-scanning/pattern-enablement-org-enterprise.md b/data/reusables/secret-scanning/pattern-enablement-org-enterprise.md
@@ -6,12 +6,3 @@
 
    > [!NOTE] Organization administrators and security teams can override settings configured at the enterprise level.
 
-   | Column                                      | Description            |
-   |---------------------------------------------|----------------------------------------------|
-   | Name | Name of the pattern or secret |
-   | Alert total | Total number of alerts for the pattern (percentage and absolute numbers) |
-   | False positives | Percentage of false positives for the pattern |
-   | Bypass rate | Percentage of bypasses for the pattern |
-   | {% data variables.product.github %} default | Default behavior for push protection, as recommended by {% data variables.product.github %} |
-   | Enterprise setting | **Uneditable at organization level**</br>Current enablement status for push protection</br>Can be `Enabled`, `Disabled`, and `Default`.</br>At enterprise level, `Default` is the default value. |
-   | Organization setting | **Only valid at organization level**</br>Current enablement status for push protection</br>Can be `Enabled`, `Disabled`, and `Enterprise` (inherited from the enterprise).</br>`Enterprise` is the default value. |
