Merge pull request #43240 from github/repo-sync

Repo sync

Author: docs-bot

.github/instructions/all.instructions.md

@@ -29,4 +29,3 @@ When you create a pull request:
 3. Label with "llm-generated". 
 4. If an issue exists, include "fixes owner/repo#issue" or "towards owner/repo#issue" as appropriate. 
 5. Always create PRs in **draft mode** using `--draft` flag.
-6. When you are using gh cli, always _escape backticks_.

.github/instructions/code.instructions.md

@@ -9,14 +9,16 @@ For code reviews, follow guidelines, tests, and validate instructions. For creat
 ## Guidelines
 
 - If available, use ripgrep (`rg`) instead of `grep`.
-- When using gh cli, always _escape backticks_.
+- When using gh cli in double-quoted strings, escape backticks to prevent bash command substitution. In single-quoted strings, backticks do not need escaping.
 - All scripts should be listed in `package.json` and use `tsx`.
 - Whenever you create or comment on an issue or pull request, indicate you are GitHub Copilot.
 - Be careful fetching full HTML pages off the internet. Prefer to use MCP or gh cli whenever possible for github.com. Limit the number of tokens when grabbing HTML.
 - Avoid pull requests with over 300 lines of code changed. When significantly larger, offer to split up into smaller pull requests if possible.
 - All new code should be written in TypeScript and not JavaScript.
 - We use absolute imports, relative to the `src` directory, using the `@` symbol. For example, `getRedirect` which lives in `src/redirects/lib/get-redirect.ts` can be imported with `import getRedirect from '@/redirects/lib/get-redirect'`. The same rule applies for TypeScript (`.ts`) imports, e.g. `import type { GeneralSearchHit } from '@/search/types'`
 - For updates to the content linter, read important information in `src/content-linter/README.md`.
+- Do not commit to `main` branch.
+- Do not use git force push, and avoid git rebase.
 
 ## Tests
 

.github/workflows/index-general-search.yml

@@ -285,7 +285,7 @@ jobs:
           } >> "$GITHUB_OUTPUT"
 
       - name: Send consolidated Slack notification
-        if: ${{ steps.check-artifacts.outputs.has_artifacts == 'true' }}
+        if: ${{ steps.check-artifacts.outputs.has_artifacts == 'true' && fromJSON(steps.aggregate.outputs.result).hasFailures }}
         uses: ./.github/actions/slack-alert
         with:
           slack_channel_id: ${{ secrets.DOCS_ALERTS_SLACK_CHANNEL_ID }}

content/code-security/how-tos/report-and-fix-vulnerabilities/index.md

@@ -17,6 +17,7 @@ topics:
 contentType: how-tos
 children:
   - configure-vulnerability-reporting
-  - report-a-vulnerability
+  - privately-reporting-a-security-vulnerability
   - fix-reported-vulnerabilities
 ---
+

…ly-reporting-a-security-vulnerability.md …ly-reporting-a-security-vulnerability.mdcontent/code-security/how-tos/report-and-fix-vulnerabilities/report-a-vulnerability/privately-reporting-a-security-vulnerability.md renamed to content/code-security/how-tos/report-and-fix-vulnerabilities/privately-reporting-a-security-vulnerability.md content/code-security/how-tos/report-and-fix-vulnerabilities/report-a-vulnerability/privately-reporting-a-security-vulnerability.md renamed to content/code-security/how-tos/report-and-fix-vulnerabilities/privately-reporting-a-security-vulnerability.md

@@ -13,6 +13,11 @@ shortTitle: Report privately
 redirect_from:
   - /code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability
   - /code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability
+  - /code-security/security-advisories/repository-security-advisories/evaluating-the-security-settings-of-a-repository
+  - /code-security/security-advisories/working-with-repository-security-advisories/evaluating-the-security-settings-of-a-repository
+  - /code-security/how-tos/report-and-fix-vulnerabilities/report-a-vulnerability/evaluating-the-security-settings-of-a-repository
+  - /code-security/how-tos/report-and-fix-vulnerabilities/report-a-vulnerability
+  - /code-security/how-tos/report-and-fix-vulnerabilities/report-a-vulnerability/privately-reporting-a-security-vulnerability
 ---
 
 {% data reusables.security-advisory.private-vulnerability-reporting-enable %}
@@ -21,7 +26,7 @@ redirect_from:
 > * If you have admin or security permissions for a public repository, you don’t need to submit a vulnerability report. Instead, create a draft security advisory directly. See [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory).
 > * Private vulnerability reporting is separate from a repository’s `SECURITY.md` file. You can only report vulnerabilities privately for repositories where this feature is enabled, and you don’t need to follow the instructions in `SECURITY.md`.
 
-If a public repository has private vulnerability reporting enabled, anyone can submit a private vulnerability report to the repository maintainers. Users can also evaluate the general security of a public repository and suggest a security policy. See [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/evaluating-the-security-settings-of-a-repository).
+If a public repository has private vulnerability reporting enabled, anyone can submit a private vulnerability report to the repository maintainers.
 
 If the repository doesn't have private vulnerability reporting enabled, you need to initiate the reporting process by following the instructions in the security policy for the repository, or by creating an issue asking the maintainers for a preferred security contact. See [AUTOTITLE](/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/about-coordinated-disclosure-of-security-vulnerabilities#about-reporting-and-disclosing-vulnerabilities-in-projects-on-github).
 

content/code-security/how-tos/report-and-fix-vulnerabilities/report-a-vulnerability/evaluating-the-security-settings-of-a-repository.md

@@ -1,7 +1,7 @@
 ---
 title: Testing query help files
 shortTitle: Test query help files
-intro: You can use the {% data variables.product.prodname_codeql_cli %} to preview your query help files as Markdown and ensure they are valid.
+intro: Ensure your {% data variables.product.prodname_codeql %} query help files are valid by previewing them as Markdown.
 product: '{% data reusables.gated-features.codeql %}'
 versions:
   fpt: '*'
@@ -18,53 +18,28 @@ redirect_from:
 contentType: how-tos
 ---
 
-## About testing query help files
-
-Test query help files by rendering them as Markdown to ensure they are valid before uploading them to the {% data variables.product.prodname_codeql %} repository or using them in code scanning.
-
-<!-- capitalized Markdown -->
-
-Query help is documentation that accompanies a query to explain how the query works, as well as providing information about the potential problem that the query identifies. It is good practice to write query help for all new queries. For more information, see [Contributing to {% data variables.product.prodname_codeql %}](https://github.com/github/codeql/blob/main/CONTRIBUTING.md) in the {% data variables.product.prodname_codeql %} repository.
-
-The {% data variables.product.prodname_codeql_cli %} includes a command to test query help and render the content as markdown, so that you can easily preview the content in your IDE. Use the command to validate query help files before uploading them to the {% data variables.product.prodname_codeql %} repository or sharing them with other users. From {% data variables.product.prodname_codeql_cli %} 2.7.1 onwards, you can also include the markdown-rendered query help in SARIF files
-generated during {% data variables.product.prodname_codeql %} analyses so that the query help can be displayed in the code scanning UI. For more information, see [AUTOTITLE](/code-security/codeql-cli/getting-started-with-the-codeql-cli/analyzing-your-code-with-codeql-queries).
-
 ## Prerequisites
 
-* The query help (`.qhelp`) file must have an accompanying query (`.ql`) file with an identical base name.
-* The query help file should follow the standard structure and style for query help documentation. For more information, see the [Query help style guide](https://github.com/github/codeql/blob/main/docs/query-help-style-guide.md) in the {% data variables.product.prodname_codeql %} repository.
-
-## Running `codeql generate query-help`
-
-You can test query help files by running the following command:
-
-```shell
-codeql generate query-help <qhelp|query|dir|suite> --format=<format> [--output=<dir|file>]
-```
-
-For this command `<qhelp|query|dir|suite>` must be the path to a `.qhelp` file, the path to a `.ql` file, the path to a directory containing queries and query help files, or the path to a query suite.
-
-You must specify a `--format` option, which defines how the query help is rendered. Currently, you must specify `markdown` to render the query help as markdown.
-
-The `--output` option defines a file path where the rendered query help will be saved.
-
-* For directories containing `.qhelp` files or a query suites defining one or more `.qhelp` files, you must specify an `--output` directory. Filenames within the output directory will be derived from the `.qhelp` file names.
-* For single `.qhelp` or `.ql` files, you may specify an `--output` option. If you don’t specify an output path, the rendered query help is written to `stdout`.
-
-For full details of all the options you can use when testing query help files, see [AUTOTITLE](/code-security/codeql-cli/codeql-cli-manual/generate-query-help).
+* The query help (`.qhelp`) files must have accompanying query (`.ql`) files with identical base names.
+* The query help files should follow the standard structure and style for query help documentation. For more information, see the [Query help style guide](https://github.com/github/codeql/blob/main/docs/query-help-style-guide.md) in the {% data variables.product.prodname_codeql %} repository.
 
-## Results
+## Previewing your query help files
 
-When you run the command, {% data variables.product.prodname_codeql %} attempts to render each `.qhelp` file that has an accompanying `.ql` file. For single files, the rendered content will be printed to `stdout` if you don’t specify an `--output` option. For all other use cases, the rendered content is saved to the specified output path.
+1. To render your query help files as Markdown, run the following command:
 
-By default, the {% data variables.product.prodname_codeql_cli %} will print a warning message if:
+    ```shell copy
+    codeql generate query-help <qhelp|query|dir|suite> --format=markdown [--output=<dir|file>]
+    ```
 
-* Any of the query help is invalid, along with a description of the invalid query help elements
-* Any `.qhelp` files specified in the command don’t have the same base name as an accompanying `.ql` file
-* Any `.ql` files specified in the command don’t have the same base name as an accompanying `.qhelp` file
+    For information on the options available for this command, see [AUTOTITLE](/code-security/reference/code-scanning/codeql/codeql-cli-manual/generate-query-help).
 
-You can tell the {% data variables.product.prodname_codeql_cli %} how to handle these warnings by including a `--warnings` option in your command. For more information, see [AUTOTITLE](/code-security/codeql-cli/codeql-cli-manual/generate-query-help#--warningsmode).
+1. If you receive any warning messages, review and fix them, then rerun the command. By default, the {% data variables.product.prodname_codeql_cli %} will print a warning message if:
+    * Any of the query help is invalid
+    * Any `.qhelp` files specified in the command don’t have the same base name as an accompanying `.ql` file
+    * Any `.ql` files specified in the command don’t have the same base name as an accompanying `.qhelp` file
+1. Review the rendered Markdown in your output directory, file, or terminal to check that your files appear as expected.
 
 ## Further reading
 
 * [Query help files](https://codeql.github.com/docs/writing-codeql-queries/query-help-files/#query-help-files)
+* [AUTOTITLE](/code-security/codeql-cli/codeql-cli-manual/generate-query-help)

content/code-security/how-tos/report-and-fix-vulnerabilities/report-a-vulnerability/index.md

@@ -10,9 +10,9 @@ children:
   - /assess-your-secret-risk
   - /viewing-the-secret-risk-assessment-report-for-your-organization
   - /estimating-the-price-of-secret-protection
-  - /calculating-the-cost-savings-of-push-protection
   - /protect-your-secrets
   - /configuring-default-setup-for-code-scanning-at-scale
   - /configuring-advanced-setup-for-code-scanning-with-codeql-at-scale
   - /enforcing-dependency-review-across-an-organization
 ---
+

content/code-security/how-tos/scan-code-for-vulnerabilities/scan-from-the-command-line/testing-query-help-files.md

@@ -38,7 +38,7 @@ After you create a {% data variables.product.prodname_custom_security_configurat
 
 ## Next steps
 
-To learn how to interpret security findings from your {% data variables.product.prodname_custom_security_configuration %} on a repository, see [AUTOTITLE](/code-security/securing-your-organization/managing-the-security-of-your-organization/interpreting-security-findings).
+To learn how to monitor security alerts in your organization, see [AUTOTITLE](/code-security/how-tos/view-and-interpret-data/analyze-organization-data/find-insecure-repositories).
 
 {% data reusables.security-configurations.edit-configuration-next-step %}