Merge pull request #42809 from github/repo-sync

Repo sync

Author: docs-bot

content/actions/concepts/security/openid-connect.md

@@ -115,6 +115,20 @@ For more information, see [AUTOTITLE](/actions/reference/openid-connect-referenc
 
 {% data variables.product.prodname_actions %} workflows can use OIDC tokens instead of secrets to authenticate with cloud providers. Many popular cloud providers offer official login actions that simplify the process of using OIDC in your workflows. For more information about updating your workflows with specific cloud providers, see [AUTOTITLE](/actions/how-tos/security-for-github-actions/security-hardening-your-deployments).
 
+## OIDC support for {% data variables.product.prodname_dependabot %}
+
+{% data variables.product.prodname_dependabot %} can use OIDC to authenticate with private registries, eliminating the need to store long-lived credentials as repository secrets. With OIDC-based authentication, {% data variables.product.prodname_dependabot %} update jobs can dynamically obtain short-lived credentials from your cloud identity provider.
+
+{% data variables.product.prodname_dependabot %} supports OIDC authentication for any registry type that uses `username` and `password` authentication, when the registry is hosted on AWS CodeArtifact, Azure DevOps Artifacts, or JFrog Artifactory.
+
+The benefits of OIDC authentication for {% data variables.product.prodname_dependabot %} are:
+
+* **Enhanced security:** Eliminates static, long-lived credentials from your repositories.
+* **Simpler management:** Enables secure, policy-compliant access to private registries.
+* **Avoid rate limiting:** Dynamic credentials help you avoid hitting rate limits associated with static tokens.
+
+For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#using-oidc-for-authentication).
+
 ## Next steps
 
 For more information about configuring OIDC, see [AUTOTITLE](/actions/how-tos/security-for-github-actions/security-hardening-your-deployments).

content/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/managing-your-github-advanced-security-license-usage.md

@@ -1,7 +1,7 @@
 ---
 title: Managing your paid use of {% data variables.product.prodname_AS %}
 shortTitle: Manage paid GHAS use
-intro: You can understand and control the costs of using {% data variables.product.prodname_GH_cs_and_sp %} in repositories in your organization.
+intro: Control the costs of {% data variables.product.prodname_GH_cs_and_sp %} in your organization.
 allowTitleToDifferFromFilename: true
 permissions: '{% data reusables.permissions.security-org-enable %}'
 product: '{% data reusables.gated-features.ghas-billing %}'
@@ -17,16 +17,9 @@ redirect_from:
 contentType: how-tos
 ---
 
-## Requirements for enabling {% data variables.product.prodname_AS %} products
+## Prerequisites
 
-To use {% data variables.product.prodname_GHAS_cs_or_sp %} on private or internal repositories with unique active committers, you must have licenses available. The user-interface and options depend on how you pay for {% data variables.product.prodname_AS %}.
-
-* **Metered billing:** by default, there is no limit on how many licenses you can consume. See {% data reusables.advanced-security.control-use-cost-links %}.
-* **Volume/subscription billing** ({% data variables.product.prodname_enterprise %} only)**:**  once the licenses you have purchased are all in use, you cannot enable {% data variables.product.prodname_GHAS_cs_or_sp %} on additional repositories until you free up or buy additional licenses.
-
-With {% data variables.product.prodname_security_configurations %}, you can easily understand the license usage of repositories in your organization, as well as the number of available {% data variables.product.prodname_GHAS_cs_or_sp %} licenses in your {% data variables.enterprise.enterprise_or_org %}. Additionally, if you need to make more licenses available to secure a high-impact repository, you can quickly disable {% data variables.product.prodname_GHAS_cs_or_sp %}{% ifversion fpt or ghec %} on private and internal repositories{% endif %} at scale.
-
-To learn about licensing for {% data variables.product.prodname_GHAS_cs_and_sp %}, see [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security).
+Before you can effectively manage your paid use of {% data variables.product.prodname_AS %}, you should understand how {% data variables.product.prodname_AS %} is billed. See [AUTOTITLE](/billing/concepts/product-billing/github-advanced-security).
 
 ## Understanding your license usage
 

content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configuring-access-to-private-registries-for-dependabot.md

@@ -124,6 +124,22 @@ If your private registry is configured with an IP allow list, you can find the I
 
 {% endif %}
 
+## Using OIDC for authentication
+
+{% data variables.product.prodname_dependabot %} can use OpenID Connect (OIDC) to authenticate with private registries, eliminating the need to store long-lived credentials as repository secrets.
+
+With OIDC-based authentication, {% data variables.product.prodname_dependabot %} update jobs can dynamically obtain short-lived credentials from your cloud identity provider, just like {% data variables.product.prodname_actions %} workflows using OIDC federation.
+
+{% data variables.product.prodname_dependabot %} supports OIDC authentication for any registry type that uses `username` and `password` authentication, when the registry is hosted on one of the following cloud providers:
+
+* AWS CodeArtifact
+* Azure DevOps Artifacts
+* JFrog Artifactory
+
+To configure OIDC authentication, you need to specify `tenant-id` and `client-id` instead of `username` and `password` in your registry configuration.
+
+For more information about how OIDC works, see [AUTOTITLE](/actions/concepts/security/openid-connect).
+
 ## Allowing external code execution
 
 When you give {% data variables.product.prodname_dependabot %} access to one or more registries, external code execution is automatically disabled to protect your code from compromised packages. However, some version updates may fail.
@@ -363,6 +379,22 @@ registries:
 
 {% endraw %}
 
+You can also use OIDC authentication to access JFrog Artifactory. {% data reusables.dependabot.dependabot-oidc-credentials %}
+
+{% raw %}
+
+```yaml copy
+registries:
+  maven-artifactory-oidc:
+    type: maven-repository
+    url: https://acme.jfrog.io/artifactory/my-maven-registry
+    tenant-id: ${{secrets.ARTIFACTORY_TENANT_ID}}
+    client-id: ${{secrets.ARTIFACTORY_CLIENT_ID}}
+    replaces-base: true
+```
+
+{% endraw %}
+
 ### `npm-registry`
 
 The `npm-registry` type supports username and password, or token. {% data reusables.dependabot.password-definition %}
@@ -433,6 +465,23 @@ registries:
 
 {% endraw %}
 
+You can also use OIDC authentication to access Azure DevOps Artifacts. {% data reusables.dependabot.dependabot-oidc-credentials %}
+
+{% raw %}
+
+```yaml copy
+registries:
+  nuget-azure-devops-oidc:
+    type: nuget-feed
+    url: https://pkgs.dev.azure.com/MyOrganization/MyProject/_packaging/MyArtifactFeedName/nuget/v3/index.json
+    tenant-id: ${{secrets.AZURE_TENANT_ID}}
+    client-id: ${{secrets.AZURE_CLIENT_ID}}
+```
+
+{% endraw %}
+
+The `AZURE_TENANT_ID` and `AZURE_CLIENT_ID` values can be obtained from the overview page of your Entra ID app registration.
+
 ### `pub-repository`
 
 The `pub-repository` type supports a URL and a token.
@@ -490,6 +539,22 @@ registries:
 
 {% endraw %}
 
+You can also use OIDC authentication to access Azure DevOps Artifacts. {% data reusables.dependabot.dependabot-oidc-credentials %}
+
+{% raw %}
+
+```yaml copy
+registries:
+  python-azure-oidc:
+    type: python-index
+    url: https://pkgs.dev.azure.com/octocat/_packaging/my-feed/pypi/example
+    tenant-id: ${{secrets.AZURE_TENANT_ID}}
+    client-id: ${{secrets.AZURE_CLIENT_ID}}
+    replaces-base: true
+```
+
+{% endraw %}
+
 ### `rubygems-server`
 
 The `rubygems-server` type supports username and password, or token. {% data reusables.dependabot.password-definition %}

content/code-security/reference/supply-chain-security/dependabot-options-reference.md

@@ -932,24 +932,26 @@ The parameters used to provide authentication details for access to a private re
 | Registry `type` | Required authentication parameters |
 |--|--|
 | `cargo-registry` | `token` |
-| `composer-repository` | `username` and `password` |
-| `docker-registry` | `username` and `password` |
-| `git` | `username` and `password` |
+| `composer-repository` | `username` and `password`<br>or OIDC with `tenant-id` and `client-id` |
+| `docker-registry` | `username` and `password`<br>or OIDC with `tenant-id` and `client-id` |
+| `git` | `username` and `password`<br>or OIDC with `tenant-id` and `client-id` |
 | `hex-organization` | `organization` and `key` |
 | `hex-repository` | `repo` and `auth-key` optionally with the corresponding `public-key-fingerprint` |
-| `maven-repository` | `username` and `password` |
-| `npm-registry` | `username` and `password`<br>or `token` |
-| `nuget-feed` | `username` and `password`<br>or `token` |
+| `maven-repository` | `username` and `password`<br>or OIDC with `tenant-id` and `client-id` |
+| `npm-registry` | `username` and `password`<br>or `token`<br>or OIDC with `tenant-id` and `client-id` |
+| `nuget-feed` | `username` and `password`<br>or `token`<br>or OIDC with `tenant-id` and `client-id` |
 | `pub-registry` | `token` |
-| `python-index` | `username` and `password`<br>or `token` |
-| `rubygems-server` | `username` and `password`<br>or `token` |
+| `python-index` | `username` and `password`<br>or `token`<br>or OIDC with `tenant-id` and `client-id` |
+| `rubygems-server` | `username` and `password`<br>or `token`<br>or OIDC with `tenant-id` and `client-id` |
 | `terraform-registry` | `token` |
 
 All sensitive data used for authentication should be stored securely and referenced from that secure location, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot).
 
 > [!TIP]
 > {% data reusables.dependabot.password-definition %}
 
+For more information about  OIDC support for {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/actions/concepts/security/openid-connect#oidc-support-for-dependabot) and [AUTOTITLE](/code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot#using-oidc-for-authentication).
+
 ### `url` and `replaces-base`
 
 The `url` parameter defines where to access a registry. When the optional `replaces-base` parameter is enabled (`true`), {% data variables.product.prodname_dependabot %} resolves dependencies using the value of `url` rather than the base URL of that specific ecosystem.

…tent/copilot/concepts/copilot-metrics.md …copilot-usage-metrics/copilot-metrics.mdcontent/copilot/concepts/copilot-metrics.md renamed to content/copilot/concepts/copilot-usage-metrics/copilot-metrics.md content/copilot/concepts/copilot-metrics.md renamed to content/copilot/concepts/copilot-usage-metrics/copilot-metrics.md

@@ -1,7 +1,7 @@
 ---
 title: GitHub Copilot usage metrics
 shortTitle: Copilot usage metrics
-intro: 'Track how your teams are using and adopting {% data variables.product.prodname_copilot %} with detailed usage metrics.'
+intro: '{% data variables.product.prodname_copilot %} usage metrics provide visibility into how {% data variables.product.prodname_copilot %} is adopted and used across your organization, including engagement, activity, and code generation trends.'
 versions:
   feature: copilot
 topics:
@@ -15,9 +15,12 @@ redirect_from:
   - /early-access/copilot-metrics/apis/about-the-copilot-metrics-apis
   - /early-access/copilot-metrics/dashboards/about-the-copilot-metrics-dashboard
   - /early-access/copilot-metrics/apis/rest-api-endpoints-for-copilot-enterprise-and-user-usage-metrics
+  - /copilot/concepts/copilot-metrics
 category:
+  - Copilot usage metrics
   - Learn about Copilot
   - Manage Copilot for a team
+  - Get started with metrics
 ---
 
 {% data reusables.copilot.usage-metrics-preview %}

content/copilot/concepts/copilot-usage-metrics/index.md

@@ -0,0 +1,30 @@
+---
+title: GitHub Copilot usage metrics
+shortTitle: Copilot usage metrics
+intro: Track how your teams are using and adopting {% data variables.product.prodname_copilot %} with detailed usage metrics.
+versions:
+  feature: copilot
+topics:
+  - Copilot
+heroImage: /assets/images/banner-images/hero-4
+layout: bespoke-landing
+sidebarLink:
+  text: All articles
+  href: /copilot/concepts/copilot-usage-metrics
+children:
+  - /copilot-metrics
+  - /content/copilot/how-tos/administer-copilot/manage-for-enterprise/view-usage-and-adoption
+  - /content/copilot/how-tos/administer-copilot/manage-for-enterprise/view-code-generation
+  - /content/copilot/reference/copilot-usage-metrics/copilot-usage-metrics
+  - /content/copilot/reference/copilot-usage-metrics/interpret-copilot-metrics
+  - /content/copilot/reference/copilot-usage-metrics/reconciling-usage-metrics
+  - /content/copilot/reference/copilot-usage-metrics/lines-of-code-metrics
+  - /content/copilot/tutorials/roll-out-at-scale/measure-success
+includedCategories:
+  - Get started with metrics
+  - Understand metrics
+  - Reconcile and validate metrics
+  - Measure success
+  - View metrics
+  - Understand available data
+---

content/copilot/concepts/index.md

@@ -11,6 +11,7 @@ children:
   - /chat
   - /agents
   - /spark
+  - /copilot-usage-metrics
   - /prompting
   - /context
   - /tools
@@ -21,6 +22,5 @@ children:
   - /policies
   - /mcp-management
   - /network-settings
-  - /copilot-metrics
 contentType: concepts
 ---

content/copilot/how-tos/administer-copilot/manage-for-enterprise/view-code-generation.md

@@ -1,7 +1,7 @@
 ---
 title: Viewing the code generation dashboard
 shortTitle: View code generation
-intro: You can use the code generation dashboard to monitor how {% data variables.product.prodname_copilot_short %} generates code across your enterprise, including activity from both users and agents.
+intro: The code generation dashboard shows how {% data variables.product.prodname_copilot_short %} generates code across your enterprise, including activity from both users and agents.
 permissions: '{% data reusables.copilot.usage-metrics-permissions %}'
 versions:
   feature: copilot
@@ -10,7 +10,9 @@ topics:
 contentType: how-tos
 allowTitleToDifferFromFilename: true
 category:
+  - Copilot usage metrics
   - Manage Copilot for a team
+  - View metrics
 ---
 
 {% data reusables.copilot.usage-metrics-preview %}

content/copilot/how-tos/administer-copilot/manage-for-enterprise/view-usage-and-adoption.md

@@ -1,7 +1,7 @@
 ---
 title: Viewing the Copilot usage metrics dashboard
 shortTitle: View usage and adoption
-intro: You can use the {% data variables.product.prodname_copilot_short %} usage metrics dashboard to monitor how developers across your enterprise are adopting and using {% data variables.product.prodname_copilot_short %}.
+intro: '{% data variables.product.prodname_copilot_short %} usage metrics dashboards provide a centralized view of adoption and usage across your enterprise, based on IDE telemetry from developers using {% data variables.product.prodname_copilot_short %}.'
 permissions: '{% data reusables.copilot.usage-metrics-permissions %}'
 versions:
   feature: copilot
@@ -10,7 +10,9 @@ topics:
 contentType: how-tos
 allowTitleToDifferFromFilename: true
 category:
+  - Copilot usage metrics
   - Manage Copilot for a team
+  - View metrics
 ---
 
 {% data reusables.copilot.usage-metrics-preview %}

content/copilot/reference/copilot-usage-metrics/copilot-usage-metrics.md

@@ -2,7 +2,7 @@
 title: Data available in Copilot usage metrics
 allowTitleToDifferFromFilename: true
 shortTitle: Copilot usage metrics data
-intro: 'You can display and export {% data variables.product.prodname_copilot_short %} usage metrics data in the dashboard and via APIs.'
+intro: '{% data variables.product.prodname_copilot_short %} usage metrics data is available through the dashboard and APIs, using a consistent set of fields to represent adoption, usage, and code generation activity.'
 permissions: '{% data reusables.copilot.usage-metrics-permissions %}'
 versions:
   fpt: '*'
@@ -12,7 +12,9 @@ topics:
   - Copilot
   - Enterprise
 category:
+  - Copilot usage metrics
   - Manage Copilot for a team
+  - Understand available data
 ---
 
 {% data reusables.copilot.usage-metrics-preview %}