[EDI] Delegated alert dismissal articles (#59890)

Co-authored-by: Sophie <29382425+sophietheking@users.noreply.github.com>

Author: sabrowning1

content/code-security/concepts/security-at-scale/delegated-alert-dismissal.md

@@ -0,0 +1,43 @@
+---
+title: Delegated alert dismissal
+intro: 'Increase your governance over security alerts with delegated alert dismissal.'
+versions:
+  feature: security-delegated-alert-dismissal
+topics:
+  - Alerts
+  - Repositories
+  - Dependencies
+  - Vulnerabilities
+  - Secret scanning
+  - Code scanning
+contentType: concepts
+---
+
+Delegated alert dismissal lets you restrict which users can directly dismiss an alert. When you enable the feature:
+* Users with write access to a repository must request to dismiss alerts in that repository.
+* Organization owners and security managers can approve or deny dismissal requests, as well as dismiss alerts directly themselves.
+
+Reviewers are notified of dismissal requests via email, and can either approve the request to dismiss the alert, or deny the request to leave the alert open. After a request is reviewed, the requester is notified of the outcome via email.
+
+## Availability
+
+You can enable delegated alert dismissal for:
+* {% data variables.product.prodname_code_scanning_caps %} alerts (available on {% data variables.product.prodname_dotcom_the_website %} and {% data variables.product.prodname_ghe_server %} 3.17+)
+* {% data variables.product.prodname_secret_scanning_caps %} alerts (available on {% data variables.product.prodname_dotcom_the_website %} and {% data variables.product.prodname_ghe_server %} 3.17+)
+* {% data variables.product.prodname_dependabot_alerts %} (available on {% data variables.product.prodname_dotcom_the_website %} and {% data variables.product.prodname_ghe_server %} 3.21+)
+
+## Custom roles for delegated alert dismissal
+
+You can use a custom role to let team members who are not organization owners or security managers respond to dismissal requests and dismiss alerts directly. The custom role needs the following permissions:
+
+* Organization permissions for reviewing and bypassing alert dismissal requests. To find the exact permissions required for a particular product, see [Permissions for organization access](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles#permissions-for-organization-access).
+* Repository permissions to view, dismiss, and reopen alerts. To find the exact permissions required for a particular product, see [Security](/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles#security).
+
+{% data reusables.organizations.custom-role-repo-perms-preview-note %}
+
+## Next steps
+
+To configure delegated alert dismissal, see:
+* [AUTOTITLE](/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/enabling-delegated-alert-dismissal-for-code-scanning)
+* [AUTOTITLE](/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/enabling-delegated-alert-dismissal-for-secret-scanning){% ifversion dependabot-delegated-alert-dismissal %}
+* [AUTOTITLE](/code-security/how-tos/manage-security-alerts/manage-dependabot-alerts/enable-delegated-alert-dismissal){% endif %}

content/code-security/concepts/security-at-scale/index.md

@@ -20,6 +20,7 @@ children:
   - /about-security-overview
   - /about-security-campaigns
   - /auditing-security-alerts
+  - /delegated-alert-dismissal
   - /about-supply-chain-security-for-your-enterprise
 redirect_from:
   - /admin/managing-code-security/managing-supply-chain-security-for-your-enterprise

content/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/enabling-delegated-alert-dismissal-for-code-scanning.md

@@ -15,9 +15,7 @@ redirect_from:
   - /code-security/code-scanning/managing-your-code-scanning-configuration/enabling-delegated-alert-dismissal-for-code-scanning
 ---
 
-## About enabling delegated alert dismissal
-
-{% data reusables.security.delegated-alert-dismissal-intro %}
+{% data reusables.security.delegated-alert-dismissal-capacity %}
 
 ## Configuring delegated dismissal for a repository
 

content/code-security/how-tos/manage-security-alerts/manage-dependabot-alerts/enable-delegated-alert-dismissal.md

@@ -16,9 +16,7 @@ redirect_from:
   - /code-security/dependabot/dependabot-alerts/enable-delegated-alert-dismissal
 ---
 
-## About enabling delegated alert dismissal
-
-{% data reusables.security.delegated-alert-dismissal-intro %}
+{% data reusables.security.delegated-alert-dismissal-capacity %}
 
 ## Configuring delegated dismissal for a repository
 

content/code-security/how-tos/manage-security-alerts/manage-secret-scanning-alerts/enabling-delegated-alert-dismissal-for-secret-scanning.md

@@ -15,9 +15,7 @@ redirect_from:
   - /code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning
 ---
 
-## About enabling delegated alert dismissal
-
-{% data reusables.security.delegated-alert-dismissal-intro %}
+{% data reusables.security.delegated-alert-dismissal-capacity %}
 
 ## Configuring delegated dismissal for a repository
 

content/organizations/managing-peoples-access-to-your-organization-with-roles/about-custom-organization-roles.md

@@ -22,7 +22,7 @@ There are several ways to combine permissions for repositories and organizations
 
 Without repository permissions or a base repository role, the organization role doesn't grant access to any repositories.
 
->[!NOTE] Adding repository permissions to a custom organization role is currently in {% data variables.release-phases.public_preview %} and subject to change.
+{% data reusables.organizations.custom-role-repo-perms-preview-note %}
 
 {% endif %}
 
@@ -67,6 +67,16 @@ Organization permissions do not grant read, write, or administrator access to an
 | {% ifversion secret-scanning-alert-dismiss-custom-role %}                                        |
 | Review and manage {% data variables.product.prodname_secret_scanning %} alert dismissal requests | Review and manage {% data variables.product.prodname_secret_scanning %} alert dismissal requests for your organization. | [AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/enabling-delegated-alert-dismissal-for-secret-scanning) |
 | {% endif %}                                                                                      |
+| {% ifversion security-delegated-alert-dismissal %}                                        |
+| Bypass {% data variables.product.prodname_code_scanning %} alert dismissal requests | Bypass {% data variables.product.prodname_code_scanning %} alert dismissal requests for your organization. | [AUTOTITLE](/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/enabling-delegated-alert-dismissal-for-code-scanning) |
+| Review {% data variables.product.prodname_code_scanning %} alert dismissal requests | Review and manage {% data variables.product.prodname_code_scanning %} alert dismissal requests for your organization. | [AUTOTITLE](/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/enabling-delegated-alert-dismissal-for-code-scanning) |
+| View {% data variables.product.prodname_code_scanning %} alert dismissal requests | View {% data variables.product.prodname_code_scanning %} alert dismissal requests for your organization. | [AUTOTITLE](/code-security/how-tos/manage-security-alerts/manage-code-scanning-alerts/enabling-delegated-alert-dismissal-for-code-scanning) |
+| {% endif %}                                                                                      |
+| {% ifversion dependabot-delegated-alert-dismissal %}                                        |
+| Bypass {% data variables.product.prodname_dependabot %} alert dismissal requests | Bypass {% data variables.product.prodname_dependabot %} alert dismissal requests for your organization. | [AUTOTITLE](/code-security/how-tos/manage-security-alerts/manage-dependabot-alerts/enable-delegated-alert-dismissal) |
+| Review {% data variables.product.prodname_dependabot %} alert dismissal requests | Review and manage {% data variables.product.prodname_dependabot %} alert dismissal requests for your organization. | [AUTOTITLE](/code-security/how-tos/manage-security-alerts/manage-dependabot-alerts/enable-delegated-alert-dismissal) |
+| View {% data variables.product.prodname_dependabot %} alert dismissal requests | View {% data variables.product.prodname_dependabot %} alert dismissal requests for your organization. | [AUTOTITLE](/code-security/how-tos/manage-security-alerts/manage-dependabot-alerts/enable-delegated-alert-dismissal) |
+| {% endif %}                                                                                      |
 | {% ifversion copilot %}                                  |
 | View organization {% data variables.product.prodname_copilot_short %} metrics                    | View {% data variables.product.prodname_copilot_short %} usage metrics for your organization. | [AUTOTITLE](/copilot/concepts/copilot-metrics) |
 | {% endif %}                                                                                    |

data/reusables/organizations/additional-permissions.md

@@ -58,13 +58,13 @@ For more information, see [AUTOTITLE](/repositories/configuring-branches-and-mer
 
 ### Security
 
-* View {% data variables.product.prodname_code_scanning %} results
-* Dismiss or reopen {% data variables.product.prodname_code_scanning %} results
-* Delete {% data variables.product.prodname_code_scanning %} results
+* View {% data variables.product.prodname_code_scanning %} alerts
+* Dismiss or reopen {% data variables.product.prodname_code_scanning %} alerts
+* Delete {% data variables.product.prodname_code_scanning %} alerts
 * View {% data variables.product.prodname_dependabot_alerts %}
 * Dismiss or reopen {% data variables.product.prodname_dependabot_alerts %}
-* View {% data variables.product.prodname_secret_scanning %} results
-* Dismiss or reopen {% data variables.product.prodname_secret_scanning %} results
+* View {% data variables.product.prodname_secret_scanning %} alerts
+* Dismiss, reopen, or assign {% data variables.product.prodname_secret_scanning %} alerts
 
 {%- ifversion ghec %}
 ### Actions

data/reusables/organizations/custom-role-repo-perms-preview-note.md

@@ -0,0 +1,2 @@
+> [!NOTE]
+> Adding repository permissions to a custom organization role is currently in {% data variables.release-phases.public_preview %} and subject to change.

data/reusables/security/delegated-alert-dismissal-capacity.md

@@ -0,0 +1,2 @@
+> [!NOTE]
+> The implementation of this approval process can potentially cause some friction, so it's important to ensure that the team of security managers has adequate coverage to review dismissal requests regularly before proceeding.