[EDI] Disabling Copilot Autofix for code scanning security alerts (#59986)

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com>

Author: 3 people

content/code-security/concepts/code-scanning/copilot-autofix-for-code-scanning.md

@@ -0,0 +1,29 @@
+---
+title: About Copilot Autofix for code scanning
+shortTitle: Copilot Autofix
+allowTitleToDifferFromFilename: true
+intro: '{% data variables.copilot.copilot_autofix_short %} provides targeted recommendations to help you fix {% data variables.product.prodname_code_scanning %} alerts and avoid introducing new security vulnerabilities.'
+product: '{% data reusables.rai.code-scanning.gated-feature-autofix %}'
+versions:
+  feature: code-scanning-autofix
+contentType: concepts
+topics:
+  - Code Security
+  - Code scanning
+  - CodeQL
+  - AI
+---
+
+{% data variables.copilot.copilot_autofix_short %} is an expansion of {% data variables.product.prodname_code_scanning %} that provides you with targeted recommendations to help you fix {% data variables.product.prodname_code_scanning %} alerts so you can avoid introducing new security vulnerabilities. The potential fixes are generated automatically by large language models (LLMs) using data from the codebase and from {% data variables.product.prodname_code_scanning %} analysis.
+
+## How {% data variables.copilot.copilot_autofix_short %} works
+
+{% data variables.copilot.copilot_autofix_short %} translates the description and location of an alert into code changes that may fix the alert. It interfaces with the large language model {% data variables.copilot.copilot_gpt_51 %} from OpenAI, which has sufficient generative capabilities to produce both suggested fixes in code and explanatory text for those fixes.
+
+## Enabling and managing {% data variables.copilot.copilot_autofix_short %}
+
+You do not need a subscription to {% data variables.product.prodname_copilot %} to use {% data variables.copilot.copilot_autofix %}. {% data variables.copilot.copilot_autofix_short %} is available to all public repositories on {% data variables.product.prodname_dotcom_the_website %}, as well as internal or private repositories owned by organizations and enterprises that have a license for {% data variables.product.prodname_GH_code_security %}.
+
+{% data variables.copilot.copilot_autofix_short %} is allowed by default and enabled for every repository that uses {% data variables.product.prodname_codeql %}, regardless of whether it uses default or advanced setup for {% data variables.product.prodname_code_scanning %}. There is no separate step to enable {% data variables.copilot.copilot_autofix_short %}: enabling {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %} is sufficient. See [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning).
+
+Administrators at the enterprise, organization, and repository levels can choose to disable {% data variables.copilot.copilot_autofix_short %}. If {% data variables.copilot.copilot_autofix_short %} has been disabled at your level, you can re-enable it by following the same steps used to disable it and selecting the option to allow {% data variables.copilot.copilot_autofix_short %}. To learn how to manage {% data variables.copilot.copilot_autofix_short %} at each level, see [AUTOTITLE](/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/disabling-autofix-for-code-scanning).

content/code-security/concepts/code-scanning/index.md

@@ -15,6 +15,7 @@ contentType: concepts
 children:
   - /about-code-scanning
   - /about-code-scanning-alerts
+  - /copilot-autofix-for-code-scanning
   - /setup-types
   - /about-integration-with-code-scanning
   - /sarif-files

content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/disabling-autofix-for-code-scanning.md

@@ -16,26 +16,22 @@ redirect_from:
   - /code-security/code-scanning/managing-code-scanning-alerts/disabling-autofix-for-code-scanning
 ---
 
-## About disabling {% data variables.copilot.copilot_autofix_short %} for {% data variables.product.prodname_code_scanning %}
-
-{% data variables.copilot.copilot_autofix %} is a {% data variables.product.prodname_copilot %}-powered expansion of {% data variables.product.prodname_code_scanning %}. It provides users with targeted recommendations to help them fix {% data variables.product.prodname_code_scanning %} alerts (including {% data variables.product.prodname_codeql %} alerts) so they can avoid introducing new security vulnerabilities. To learn more about {% data variables.copilot.copilot_autofix_short %} for {% data variables.product.prodname_code_scanning %}, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning).
-
 {% data reusables.rai.code-scanning.copilot-autofix-note %}
 
-{% data variables.copilot.copilot_autofix_short %} is allowed by default and enabled for every repository that uses {% data variables.product.prodname_codeql %}, regardless of whether it uses default or advanced setup for {% data variables.product.prodname_code_scanning %}. Administrators at the enterprise, organization and repository levels can choose to opt out and disable {% data variables.copilot.copilot_autofix_short %} for security alerts.
-
-Note that disabling {% data variables.copilot.copilot_autofix_short %} at any level will close all open {% data variables.copilot.copilot_autofix_short %} suggestions on security comments. If {% data variables.copilot.copilot_autofix_short %} is disabled and then subsequently enabled, {% data variables.copilot.copilot_autofix_short %} won't automatically suggest fixes for any pull requests that are already open. The suggestions will only be generated for any pull requests that are opened after {% data variables.copilot.copilot_autofix_short %} is enabled, or after re-running {% data variables.product.prodname_code_scanning %} security analysis on existing pull requests.
+Disabling {% data variables.copilot.copilot_autofix_short %} at any level will close all open {% data variables.copilot.copilot_autofix_short %} suggestions that were added as comments on {% data variables.product.prodname_code_scanning %} alerts in pull requests. If {% data variables.copilot.copilot_autofix_short %} is later re-enabled, suggestions will only be generated for pull requests opened after that point, or after re-running {% data variables.product.prodname_code_scanning %} security analysis on existing pull requests.
 
 > [!NOTE]
 > {% data variables.copilot.copilot_autofix_short %} is an integral part of {% data variables.product.prodname_code_quality %} and will continue to run on code quality results even when it is disabled for code security results.
 
+For more information about {% data variables.copilot.copilot_autofix_short %}, see [AUTOTITLE](/code-security/concepts/code-scanning/copilot-autofix-for-code-scanning).
+
 ## Blocking use of {% data variables.copilot.copilot_autofix_short %} for an enterprise
 
 Enterprise administrators can disallow {% data variables.copilot.copilot_autofix_short %} for security results in their enterprise. If you disallow {% data variables.copilot.copilot_autofix_short %} for an enterprise, {% data variables.copilot.copilot_autofix_short %} cannot be enabled for any organizations or repositories within the enterprise.
 
-Note that allowing {% data variables.copilot.copilot_autofix_short %} for an enterprise does not enforce enablement of {% data variables.copilot.copilot_autofix_short %}, but means that organization and repository administrators will have the option to enable or disable {% data variables.copilot.copilot_autofix_short %} for security results.
+Allowing {% data variables.copilot.copilot_autofix_short %} for an enterprise does not enforce enablement of {% data variables.copilot.copilot_autofix_short %}, but means that organization and repository administrators will have the option to enable or disable {% data variables.copilot.copilot_autofix_short %} for security results.
 
-Disallowing {% data variables.copilot.copilot_autofix_short %} at the enterprise level will remove all open {% data variables.copilot.copilot_autofix_short %} suggestions on security comments across all repositories of all organizations within the enterprise.
+Disallowing {% data variables.copilot.copilot_autofix_short %} at the enterprise level will remove all open {% data variables.copilot.copilot_autofix_short %} suggestions that were added as comments on {% data variables.product.prodname_code_scanning %} alerts in pull requests across all repositories of all organizations within the enterprise.
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}
@@ -46,7 +42,7 @@ Disallowing {% data variables.copilot.copilot_autofix_short %} at the enterprise
 
 If {% data variables.copilot.copilot_autofix_short %} is allowed at the enterprise level, organization administrators have the option to disable {% data variables.copilot.copilot_autofix_short %} for an organization. If you disable {% data variables.copilot.copilot_autofix_short %} for an organization, {% data variables.copilot.copilot_autofix_short %} cannot be enabled for any repositories within the organization.
 
-Note that disabling {% data variables.copilot.copilot_autofix_short %} at the organization level will remove all open {% data variables.copilot.copilot_autofix_short %} suggestions on security comments across all repositories in the organization.
+Disabling {% data variables.copilot.copilot_autofix_short %} at the organization level will remove all open {% data variables.copilot.copilot_autofix_short %} suggestions that were added as comments on {% data variables.product.prodname_code_scanning %} alerts in pull requests across all repositories in the organization.
 
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}
@@ -57,7 +53,7 @@ For more information about configuring global {% data variables.product.prodname
 
 ## Disabling {% data variables.copilot.copilot_autofix_short %} for a repository
 
-If {% data variables.copilot.copilot_autofix_short %} is allowed at the enterprise level and enabled at the organization level, repository administrators have the option to disable {% data variables.copilot.copilot_autofix_short %} for a repository. Disabling {% data variables.copilot.copilot_autofix_short %} at the repository level will remove all open {% data variables.copilot.copilot_autofix_short %} suggestions on security comments across the repository.
+If {% data variables.copilot.copilot_autofix_short %} is allowed at the enterprise level and enabled at the organization level, repository administrators have the option to disable {% data variables.copilot.copilot_autofix_short %} for a repository. Disabling {% data variables.copilot.copilot_autofix_short %} at the repository level will remove all open {% data variables.copilot.copilot_autofix_short %} suggestions that were added as comments on {% data variables.product.prodname_code_scanning %} alerts in pull requests across the repository.
 
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}

content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/resolving-code-scanning-alerts.md

@@ -37,7 +37,7 @@ With a {% data variables.copilot.copilot_enterprise %} license, you can ask {% d
 
 ## Generating suggested fixes for {% data variables.product.prodname_code_scanning %} alerts
 
-{% data variables.copilot.copilot_autofix %} can generate fixes for alerts identified by {% data variables.product.prodname_code_scanning %} analysis. Most {% data variables.product.prodname_codeql %} alert types are supported. For more information, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/responsible-use-autofix-code-scanning).
+{% data variables.copilot.copilot_autofix %} can generate fixes for alerts identified by {% data variables.product.prodname_code_scanning %} analysis. Most {% data variables.product.prodname_codeql %} alert types are supported. See [AUTOTITLE](/code-security/concepts/code-scanning/copilot-autofix-for-code-scanning).
 
 {% data reusables.rai.code-scanning.copilot-autofix-note %}