[DO NOT MERGE] GitHub Enterprise Server 3.1 release candidate megabra…

…nch (github#18399)

* 3.1 megabranch

* these should be in a topic branch to avoid unnecessary ci failures

* add copies of 3.0 schema files

* update link veresion from 3.0 -> 3.1

* update correct version 🤦‍♀️

* update with 3.1 version links

* first stab of this work

* fix product variable and links to section that has been moved

* simplify Liquid conditions

* elsif

* Update content/github/managing-subscriptions-and-notifications-on-github/viewing-your-subscriptions.md

Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>

* [GHES 3.1] Code scanning: SARIF limit increased to 5000 (github#18539)

* revert api previews

* delete 3.1 preview

* Revert "delete 3.1 preview"

This reverts commit 0a7df3e17a1e182e5b01b0fdafacb6bb19100f70.

* regenerate decorated file

* make security policy docs available in GHES 3.1 and GHAE docs

* adapt for GHES/GHAE and remove the word

* revert a whole bunch of stuff

* more reverting and further updating

* update links to Adding a security policy to your repo article

* fix broken links and remove responsibly

* simplify Liquid versioning

* Update content/code-security/getting-started/adding-a-security-policy-to-your-repository.md

Co-authored-by: Felicity Chapman <felicitymay@github.com>

* address comment

* Remove overcomplicated versioning (github#18934)

* Update information on licensing and billing for GHES 3.1 (github#18835)

* regenerate graphql files with new prerendered input object

* add release notes placeholder file

* add scaffolding

* use real date

* ✂️  3.1 schema added accidentally

* update enterprise release dates

* add base files

* Correct versioning for branch renaming and master to main transition in GHES docs (github#19050)

* update versioning

* apply Alistair's suggestion

* add new cached index names

* Update docs for code scanning in external CI to cover CodeQL CLI usage (github#19030)

* 3893 add missing flag for GHES and GHAE (next) users (github#19129)

* [GHES 3.1] Release candidate 1 release notes  (github#18419)

* fleshing out the 33.1 RC1 release notes

* update with moreee

* really flesh it all out

* format a bit

* fix linter errors

* fix errors again

* add quotes around heading with Liquid

* placeholder to get error fixed

* add quotes

* just remove thoose things

* typo

* Update 0-rc1.yml

* update with feedback

* add workflow beta

* upload increase

* some last changes

* change the date

* fix links

Co-authored-by: Sarah Schneider <sarahs@github.com>
Co-authored-by: Rachael Sewell <rachmari@github.com>

* Conflict resolution between 19082 and 3.1 Megabranch (#19158)

* Fix typo in new reusable

* delete 3.1 rest schema files

* Update OpenAPI Descriptions (github#19166)

* last minute additions yikes

* redeploy staging

Co-authored-by: Melanie Yarbrough <11952755+myarb@users.noreply.github.com>
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
Co-authored-by: mchammer01 <42146119+mchammer01@users.noreply.github.com>
Co-authored-by: skedwards88 <skedwards88@github.com>
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
Co-authored-by: Felicity Chapman <felicitymay@github.com>
Co-authored-by: Meg Bird <megbird@github.com>
Co-authored-by: Sarah Schneider <sarahs@github.com>
Co-authored-by: github-openapi-bot <69533958+github-openapi-bot@users.noreply.github.com>

content/admin/advanced-security/about-licensing-for-github-advanced-security.md

@@ -0,0 +1,33 @@
+---
+title: About licensing for GitHub Advanced Security
+intro: 'You need a license to use {% data variables.product.prodname_GH_advanced_security %} features, such as {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_secret_scanning %}.'
+product: '{% data reusables.gated-features.ghas %}'
+versions:
+  enterprise-server: '>=3.1'
+topics:
+  - Enterprise
+---
+
+### About licensing for {% data variables.product.prodname_GH_advanced_security %}
+
+You can make extra features for code security available to users by buying and uploading a license for {% data variables.product.prodname_GH_advanced_security %}. For more information about {% data variables.product.prodname_GH_advanced_security %}, see "[About {% data variables.product.prodname_GH_advanced_security %}](/github/getting-started-with-github/about-github-advanced-security)."
+
+{% data reusables.advanced-security.license-overview %}
+
+To discuss licensing {% data variables.product.prodname_GH_advanced_security %} for {% data variables.product.product_name %}, contact {% data variables.contact.contact_enterprise_sales %}. To enable {% data variables.product.prodname_GH_advanced_security %}, see "[Enabling {% data variables.product.prodname_GH_advanced_security %} for your appliance](/admin/advanced-security/enabling-github-advanced-security-for-your-enterprise)."
+
+### About committer numbers for {% data variables.product.prodname_GH_advanced_security %}
+
+{% data reusables.advanced-security.about-committer-numbers-ghec-ghes %}
+
+### Managing your license usage for {% data variables.product.prodname_GH_advanced_security %}
+
+{% data reusables.advanced-security.managing-license-usage-ghec-ghes %}
+
+You can enforce policies to allow or disallow the use of {% data variables.product.prodname_advanced_security %} by organizations owned by your enterprise account. For more information, see "[Enforcing policies for {% data variables.product.prodname_advanced_security %} in your enterprise](/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise)."
+
+For more information on viewing license usage, see "[Viewing your {% data variables.product.prodname_GH_advanced_security %} usage](/admin/advanced-security/viewing-your-github-advanced-security-usage)."
+
+### Getting the most out of your {% data variables.product.prodname_GH_advanced_security %} license
+
+{% data reusables.advanced-security.getting-the-most-from-your-license %}

content/admin/configuration/configuring-code-scanning-for-your-appliance.md → content/admin/advanced-security/configuring-code-scanning-for-your-appliance.md

@@ -6,6 +6,7 @@ product: '{% data reusables.gated-features.code-scanning %}'
 miniTocMaxHeadingLevel: 4
 redirect_from:
   - /enterprise/admin/configuration/configuring-code-scanning-for-your-appliance
+  - /admin/configuration/configuring-code-scanning-for-your-appliance
 versions:
   enterprise-server: '>=2.22'
 topics:
@@ -18,31 +19,17 @@ topics:
 
 {% data reusables.code-scanning.about-code-scanning %}
 
-The table below summarizes the available types of analysis for {% data variables.product.prodname_code_scanning %}, and provides links on enabling the feature for individual repositories.
+You can configure {% data variables.product.prodname_code_scanning %} to run {% data variables.product.prodname_codeql %} analysis and third-party analysis. {% data variables.product.prodname_code_scanning_capc %} also supports running analysis natively using {% data variables.product.prodname_actions %} or externally using existing CI/CD infrastructure. The table below summarizes all the options available to users when you configure {% data variables.product.product_location %} to allow {% data variables.product.prodname_code_scanning %} using actions.
 
 {% data reusables.code-scanning.enabling-options %}
 
-For the users of {% data variables.product.product_location %} to be able to enable and use {% data variables.product.prodname_code_scanning %} in their repositories, you need, as a site administrator, to enable this feature for the whole appliance.
+### Prerequisites for {% data variables.product.prodname_code_scanning %}
 
-### How do I know if {% data variables.product.prodname_code_scanning %} is enabled for my appliance
+- A license for {% data variables.product.prodname_GH_advanced_security %} (see "[About licensing for {% data variables.product.prodname_GH_advanced_security %}](/admin/advanced-security/about-licensing-for-github-advanced-security)")
 
-{% data reusables.enterprise_site_admin_settings.access-settings %}
-{% data reusables.enterprise_site_admin_settings.management-console %}
-1. Check if there is an **{% data variables.product.prodname_advanced_security %}** entry in the left sidebar.
-![Advanced Security sidebar](/assets/images/enterprise/management-console/sidebar-advanced-security.png)
+- {% data variables.product.prodname_code_scanning_capc %} enabled in the management console (see "[Enabling {% data variables.product.prodname_GH_advanced_security %} for your enterprise](/admin/advanced-security/enabling-github-advanced-security-for-your-enterprise)")
 
-{% data reusables.enterprise_management_console.advanced-security-license %}
-
-### Enabling {% data variables.product.prodname_code_scanning %}
-
-{% data reusables.enterprise_management_console.enable-disable-security-features %}
-
-{% data reusables.enterprise_site_admin_settings.access-settings %}
-{% data reusables.enterprise_site_admin_settings.management-console %}
-{% data reusables.enterprise_management_console.advanced-security-tab %}
-1. Under "{% data variables.product.prodname_advanced_security %}," click **{% data variables.product.prodname_code_scanning_capc %}**.
-![Checkbox to enable or disable {% data variables.product.prodname_code_scanning %}](/assets/images/enterprise/management-console/enable-code-scanning-checkbox.png)
-{% data reusables.enterprise_management_console.save-settings %}
+- A VM or container for {% data variables.product.prodname_code_scanning %} analysis to run in.
 
 ### Running {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_actions %}
 
@@ -52,7 +39,7 @@ For the users of {% data variables.product.product_location %} to be able to ena
 
 You must ensure that Git is in the PATH variable on any self-hosted runners you use to run {% data variables.product.prodname_codeql %} actions.
 
-#### Provisioning the actions
+#### Provisioning the actions for {% data variables.product.prodname_code_scanning %}
 
 {% if currentVersion ver_gt "enterprise-server@2.22" %}
 If you want to use actions to run {% data variables.product.prodname_code_scanning %} on {% data variables.product.prodname_ghe_server %}, the actions must be available on your appliance.
@@ -82,43 +69,7 @@ To run {% data variables.product.prodname_code_scanning %} on {% data variables.
 3. The next step is to configure access to actions on {% data variables.product.prodname_dotcom_the_website %} using {% data variables.product.prodname_github_connect %}. For more information, see "[Enabling automatic access to {% data variables.product.prodname_dotcom_the_website %} actions using {% data variables.product.prodname_github_connect %}](/enterprise/admin/github-actions/enabling-automatic-access-to-githubcom-actions-using-github-connect)."
 4. Add a self-hosted runner to your repository, organization, or enterprise account. For more information, see "[Adding self-hosted runners](/actions/hosting-your-own-runners/adding-self-hosted-runners)."
 
-#### Enabling code scanning for individual repositories
-After you configure a self-hosted runner, {% if currentVersion == "enterprise-server@2.22" %}and provision the actions,{% endif %} users can enable {% data variables.product.prodname_code_scanning %} for individual repositories on {% data variables.product.product_location %}. For more information, see "[Setting up {% data variables.product.prodname_code_scanning %} for a repository](/github/finding-security-vulnerabilities-and-errors-in-your-code/setting-up-code-scanning-for-a-repository)."
-
 ### Running {% data variables.product.prodname_code_scanning %} using the {% data variables.product.prodname_codeql_runner %}
 If you don't want to use {% data variables.product.prodname_actions %}, you can run {% data variables.product.prodname_code_scanning %} using the {% data variables.product.prodname_codeql_runner %}. 
 
 The {% data variables.product.prodname_codeql_runner %} is a command-line tool that you can add to your third-party CI/CD system. The tool runs {% data variables.product.prodname_codeql %} analysis on a checkout of a {% data variables.product.prodname_dotcom %} repository. For more information, see "[Running {% data variables.product.prodname_code_scanning %} in your CI system](/github/finding-security-vulnerabilities-and-errors-in-your-code/running-codeql-code-scanning-in-your-ci-system)."
-
-### Disabling {% data variables.product.prodname_code_scanning %}
-
-{% data reusables.enterprise_management_console.enable-disable-security-features %}
-
-{% data reusables.enterprise_site_admin_settings.access-settings %}
-{% data reusables.enterprise_site_admin_settings.management-console %}
-{% data reusables.enterprise_management_console.advanced-security-tab %}
-1. Under "{% data variables.product.prodname_advanced_security %}", unselect **{% data variables.product.prodname_code_scanning_capc %}**.
-![Checkbox to enable or disable {% data variables.product.prodname_code_scanning %}](/assets/images/enterprise/management-console/code-scanning-disable.png)
-{% data reusables.enterprise_management_console.save-settings %}
-
-### Enabling or disabling {% data variables.product.prodname_code_scanning %} via the administrative shell (SSH)
-
-You can enable or disable {% data variables.product.prodname_code_scanning %} programmatically on {% data variables.product.product_location %}. For example, you can enable {% data variables.product.prodname_code_scanning %} with your infrastructure-as-code tooling when you deploy an instance for staging or disaster recovery.
-
-For more information about the administrative shell and command-line utilities for {% data variables.product.prodname_ghe_server %}, see "[Accessing the administrative shell (SSH)](/admin/configuration/accessing-the-administrative-shell-ssh)" and "[Command-line utilities](/admin/configuration/command-line-utilities#ghe-config)."
-
-1. SSH into {% data variables.product.product_location %}.
-1. Enable {% data variables.product.prodname_code_scanning %}.
-    ```shell
-    ghe-config app.minio.enabled true
-    ghe-config app.code-scanning.enabled true
-    ```
-2. Optionally, disable {% data variables.product.prodname_code_scanning %}.
-    ```shell
-    ghe-config app.minio.enabled false
-    ghe-config app.code-scanning.enabled false
-    ```
-3. Apply the configuration.
-    ```shell
-  ghe-config-apply
-  ```

content/admin/configuration/configuring-secret-scanning-for-your-appliance.md → content/admin/advanced-security/configuring-secret-scanning-for-your-appliance.md

@@ -4,6 +4,8 @@ shortTitle: Configuring secret scanning
 intro: 'You can enable, configure, and disable {% data variables.product.prodname_secret_scanning %} for {% data variables.product.product_location %}. {% data variables.product.prodname_secret_scanning_caps %} allows users to scan code for accidentally committed secrets.'
 product: '{% data reusables.gated-features.secret-scanning %}'
 miniTocMaxHeadingLevel: 4
+redirect_from:
+  - /admin/configuration/configuring-secret-scanning-for-your-appliance
 versions:
   enterprise-server: '>=3.0'
 topics:
@@ -14,17 +16,18 @@ topics:
 
 ### About {% data variables.product.prodname_secret_scanning %}
 
-{% data reusables.secret-scanning.about-secret-scanning %} For more information, see "[About secret scanning](/github/administering-a-repository/about-secret-scanning)."
+{% data reusables.secret-scanning.about-secret-scanning %} For more information, see "[About {% data variables.product.prodname_secret_scanning %}](/github/administering-a-repository/about-secret-scanning)."
 
-### Prerequisites
+### Prerequisites for {% data variables.product.prodname_secret_scanning %}
 
-To use {% data variables.product.prodname_secret_scanning %} in {% data variables.product.product_location %} you need these two prerequisites.
 
-- The [SSSE3](https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-optimization-manual.pdf#G3.1106470) (Supplemental Streaming SIMD Extensions 3) CPU flag needs to be enabled on the VM/KVM that runs {% data variables.product.product_location %}. 
+- The [SSSE3](https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-optimization-manual.pdf#G3.1106470) (Supplemental Streaming SIMD Extensions 3) CPU flag needs to be enabled on the VM/KVM that runs {% data variables.product.product_location %}.
 
-- You need an {% data variables.product.prodname_advanced_security %} license.
+- A license for {% data variables.product.prodname_GH_advanced_security %} (see "[About licensing for {% data variables.product.prodname_GH_advanced_security %}](/admin/advanced-security/about-licensing-for-github-advanced-security)")
 
-#### Checking support for the SSSE3 flag on your vCPUs
+- {% data variables.product.prodname_secret_scanning_caps %} enabled in the management console (see "[Enabling {% data variables.product.prodname_GH_advanced_security %} for your enterprise](/admin/advanced-security/enabling-github-advanced-security-for-your-enterprise)")
+
+### Checking support for the SSSE3 flag on your vCPUs
 
 The SSSE3 set of instructions is required because {% data variables.product.prodname_secret_scanning %} leverages hardware accelerated pattern matching to find potential credentials committed to your {% data variables.product.prodname_dotcom %} repositories. SSSE3 is enabled for most modern CPUs. You can check whether SSSE3 is enabled for the vCPUs available to your {% data variables.product.prodname_ghe_server %} instance.
 
@@ -35,7 +38,7 @@ The SSSE3 set of instructions is required because {% data variables.product.prod
 grep -iE '^flags.*ssse3' /proc/cpuinfo >/dev/null | echo $?
 ```
 
-If this returns the value `0`, it means that the SSSE3 flag is available and enabled. You can now enable {% data variables.product.prodname_secret_scanning %} for {% data variables.product.product_location %}. For more information, see "[Enabling secret scanning](#enabling-secret-scanning)" below.
+If this returns the value `0`, it means that the SSSE3 flag is available and enabled. You can now enable {% data variables.product.prodname_secret_scanning %} for {% data variables.product.product_location %}. For more information, see "[Enabling {% data variables.product.prodname_secret_scanning %}](#enabling-secret-scanning)" below.
 
 If this doesn't return `0`, SSSE3 is not enabled on your VM/KVM. You need to refer to the documentation of the hardware/hypervisor on how to enable the flag, or make it available to guest VMs.