From 04adce4173e06df17ed685a7016a1360e234bf49 Mon Sep 17 00:00:00 2001
From: Felicity Chapman <felicitymay@github.com>
Date: Thu, 12 Dec 2024 16:23:19 +0000
Subject: [PATCH 1/3] Fix Bundler support info in the ecosystem table for
 Dependabot (#53592)

---
 data/reusables/dependabot/supported-package-managers.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/reusables/dependabot/supported-package-managers.md b/data/reusables/dependabot/supported-package-managers.md
index 7fd291a749c2..7fe7b7e82a55 100644
--- a/data/reusables/dependabot/supported-package-managers.md
+++ b/data/reusables/dependabot/supported-package-managers.md
@@ -1,6 +1,6 @@
 Package manager | YAML value      | Supported versions | Version updates | Security updates | Private repositories | Private registries | Vendoring |
 ---------------|------------------|------------------|:---:|:---:|:---:|:---:|:---:|
-Bundler | `bundler` | {% ifversion ghes < 3.15 %}v1, {% endif %}v2 | {% octicon "x" aria-label="Not supported" %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
+Bundler | `bundler` | {% ifversion ghes < 3.15 %}v1, {% endif %}v2 | {% octicon "check" aria-label="Supported" %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
 [Cargo](#cargo)          | `cargo`          | v1               | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %}{% ifversion dependabot-updates-cargo-private-registry-support %}{% else %} (Git only){% endif %} | {% octicon "x" aria-label="Not supported" %} |
 Composer       | `composer`       | {% ifversion dependabot-updates-composerv1-closing-down %}v2{% else %}v1, v2{% endif %}         | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
 | {% ifversion dependabot-version-updates-devcontainer-support %} |

From 5a579b823d8105e0b881f2eeb33fb3458bab1bef Mon Sep 17 00:00:00 2001
From: docs-bot <77750099+docs-bot@users.noreply.github.com>
Date: Thu, 12 Dec 2024 08:39:58 -0800
Subject: [PATCH 2/3] Sync secret scanning data (#53596)

Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
---
 src/secret-scanning/data/public-docs.yml | 3 +++
 src/secret-scanning/lib/config.json      | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/secret-scanning/data/public-docs.yml b/src/secret-scanning/data/public-docs.yml
index aa21e92f61fd..1fcbb37d4b28 100644
--- a/src/secret-scanning/data/public-docs.yml
+++ b/src/secret-scanning/data/public-docs.yml
@@ -150,6 +150,7 @@
   versions:
     fpt: '*'
     ghec: '*'
+    ghes: '>=3.16'
   isPublic: true
   isPrivateWithGhas: true
   hasPushProtection: true
@@ -664,6 +665,7 @@
   versions:
     fpt: '*'
     ghec: '*'
+    ghes: '>=3.16'
   isPublic: false
   isPrivateWithGhas: true
   hasPushProtection: true
@@ -2895,6 +2897,7 @@
   versions:
     fpt: '*'
     ghec: '*'
+    ghes: '>=3.16'
   isPublic: true
   isPrivateWithGhas: true
   hasPushProtection: false
diff --git a/src/secret-scanning/lib/config.json b/src/secret-scanning/lib/config.json
index 7ec7cd9321a9..b923ee2f45b4 100644
--- a/src/secret-scanning/lib/config.json
+++ b/src/secret-scanning/lib/config.json
@@ -1,5 +1,5 @@
 {
-  "sha": "9fe041d44562fdaa2fb7b54a6d50cfa1976c7d0f",
-  "blob-sha": "12f3d5bd7c14fbd203844453a5bb813e651dd67a",
+  "sha": "b65de041fa6bb087e7f7d31ce8bc2b728b7d334b",
+  "blob-sha": "5d152997eacf5c2ca7227a6d2f1588523d81f619",
   "targetFilename": "code-security/secret-scanning/introduction/supported-secret-scanning-patterns"
 }
\ No newline at end of file

From b3ac0749c2af3bbfd5eb78d30e34f7ad0d99496a Mon Sep 17 00:00:00 2001
From: mc <42146119+mchammer01@users.noreply.github.com>
Date: Thu, 12 Dec 2024 18:10:31 +0000
Subject: [PATCH 3/3] Code security configurations available at the enterprise
 level  (#53229)

Co-authored-by: Anne-Marie <102995847+am-stead@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Zack Fernandes <zackfern@github.com>
Co-authored-by: Melanie Yarbrough <11952755+myarb@users.noreply.github.com>
---
 content/admin/managing-code-security/index.md |   2 +-
 .../about-security-configurations.md          |  43 +++++++
 ...curity-configuration-to-your-enterprise.md |  34 ++++++
 ...curity-configuration-to-your-enterprise.md |  40 +++++++
 ...t-scanning-settings-for-your-enterprise.md |  49 ++++++++
 ...urity-configuration-for-your-enterprise.md | 110 ++++++++++++++++++
 ...eleting-a-custom-security-configuration.md |  28 +++++
 ...editing-a-custom-security-configuration.md |  37 ++++++
 .../securing-your-enterprise/index.md         |  22 ++++
 ...rity-configuration-in-your-organization.md |   1 -
 ...reating-a-custom-security-configuration.md |   2 -
 ...out-enabling-security-features-at-scale.md |   1 -
 ...editing-a-custom-security-configuration.md |   1 -
 ...ecurity-configuration-enterprise-level.yml |   5 +
 ...ation-enforcement-edge-cases-enterprise.md |   8 ++
 ...ty-configuration-enforcement-edge-cases.md |   1 +
 .../security-configurations-enterprise.md     |  15 +++
 ...ecurity-configuration-enterprise-enable.md |   1 +
 .../security-configurations/emu-note.md       |   5 +
 .../failure-handling-enterprise.md            |   1 +
 .../github-recommended-warning-enterprise.md  |   1 +
 .../security-features-use-actions.md          |   1 +
 22 files changed, 402 insertions(+), 6 deletions(-)
 create mode 100644 content/admin/managing-code-security/securing-your-enterprise/about-security-configurations.md
 create mode 100644 content/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise.md
 create mode 100644 content/admin/managing-code-security/securing-your-enterprise/applying-the-github-recommended-security-configuration-to-your-enterprise.md
 create mode 100644 content/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise.md
 create mode 100644 content/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise.md
 create mode 100644 content/admin/managing-code-security/securing-your-enterprise/deleting-a-custom-security-configuration.md
 create mode 100644 content/admin/managing-code-security/securing-your-enterprise/editing-a-custom-security-configuration.md
 create mode 100644 content/admin/managing-code-security/securing-your-enterprise/index.md
 create mode 100644 data/features/security-configuration-enterprise-level.yml
 create mode 100644 data/reusables/code-scanning/custom-security-configuration-enforcement-edge-cases-enterprise.md
 create mode 100644 data/reusables/gated-features/security-configurations-enterprise.md
 create mode 100644 data/reusables/permissions/security-configuration-enterprise-enable.md
 create mode 100644 data/reusables/security-configurations/emu-note.md
 create mode 100644 data/reusables/security-configurations/failure-handling-enterprise.md
 create mode 100644 data/reusables/security-configurations/github-recommended-warning-enterprise.md
 create mode 100644 data/reusables/security-configurations/security-features-use-actions.md

diff --git a/content/admin/managing-code-security/index.md b/content/admin/managing-code-security/index.md
index 49fbcc32d699..a39a05d12a30 100644
--- a/content/admin/managing-code-security/index.md
+++ b/content/admin/managing-code-security/index.md
@@ -11,7 +11,7 @@ topics:
 children:
   - /managing-github-advanced-security-for-your-enterprise
   - /managing-supply-chain-security-for-your-enterprise
+  - /securing-your-enterprise
 redirect_from:
   - /admin/code-security
 ---
-
diff --git a/content/admin/managing-code-security/securing-your-enterprise/about-security-configurations.md b/content/admin/managing-code-security/securing-your-enterprise/about-security-configurations.md
new file mode 100644
index 000000000000..2fe9b205ee3d
--- /dev/null
+++ b/content/admin/managing-code-security/securing-your-enterprise/about-security-configurations.md
@@ -0,0 +1,43 @@
+---
+title: About security configurations
+shortTitle: Security configurations
+intro: 'Security configurations are collections of security settings that you can apply across your enterprise.'
+product: '{% data reusables.gated-features.security-configurations-enterprise %}'
+versions:
+  feature: security-configuration-enterprise-level
+topics:
+  - Advanced Security
+  - Enterprise
+  - Security
+---
+
+## About {% data variables.product.prodname_security_configurations %}
+
+{% data variables.product.prodname_security_configurations_caps %} simplify the rollout of {% data variables.product.company_short %} security products at scale by helping you define collections of security settings and apply them across your enterprise.
+
+{% ifversion security-configurations-cloud %}
+
+We recommend securing your enterprise with the {% data variables.product.prodname_github_security_configuration %}, then evaluating the security findings on your repositories before configuring {% data variables.product.prodname_custom_security_configurations %}. For more information, see "[AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/applying-the-github-recommended-security-configuration-to-your-enterprise)."
+
+{% endif %}
+
+With {% data variables.product.prodname_custom_security_configurations %}, you can create collections of enablement settings for {% data variables.product.company_short %}'s security products to meet the specific security needs of your enterprise. For example, you can create a different {% data variables.product.prodname_custom_security_configuration %} for each organization or group of similar organizations to reflect their different levels of security requirements and compliance obligations. For more information, see "[AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise)."
+
+{% ifversion security-configurations-ghes-only %}
+
+When creating a security configuration, keep in mind that:
+* Only features installed by a site administrator on your {% data variables.product.prodname_ghe_server %} instance will appear in the UI.
+* {% data variables.product.prodname_GH_advanced_security %} features will only be visible if your enterprise or {% data variables.product.prodname_ghe_server %} instance holds a {% data variables.product.prodname_GH_advanced_security %} license.
+* Certain features, like {% data variables.product.prodname_dependabot_security_updates %} and {% data variables.product.prodname_code_scanning %} default setup, also require that {% data variables.product.prodname_actions %} is installed on the {% data variables.product.prodname_ghe_server %} instance.
+
+{% endif %}
+
+{% data reusables.security-configurations.emu-note %}
+
+{% data reusables.security-configurations.security-features-use-actions %}
+
+## Preserving default settings for new repositories
+
+If you had default security settings in place for newly created repositories, {% data variables.product.github %} will preserve these settings by automatically creating a "New repository default settings" security configuration for your enterprise. The configuration matches your previous enterprise-level default settings for new repositories as of December, 2024.
+
+The "New repository default settings" configuration will automatically get applied to any newly created repositories in your enterprise, if no organization-level defaults are set.
diff --git a/content/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise.md b/content/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise.md
new file mode 100644
index 000000000000..273542c686ae
--- /dev/null
+++ b/content/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise.md
@@ -0,0 +1,34 @@
+---
+title: Applying a custom security configuration to your enterprise
+shortTitle: Apply custom configuration
+intro: 'You can apply your {% data variables.product.prodname_custom_security_configuration %} to organizations and repositories in your organization to meet the specific security needs of your enterprise.'
+permissions: '{% data reusables.permissions.security-configuration-enterprise-enable %}'
+versions:
+  feature: security-configuration-enterprise-level
+topics:
+  - Advanced Security
+  - Organizations
+  - Security
+---
+
+## About applying a {% data variables.product.prodname_custom_security_configuration %}
+
+After you create a {% data variables.product.prodname_custom_security_configuration %}, you need to apply it to repositories in your enterprise to enable the configuration's settings on those repositories.
+
+{% data reusables.security-configurations.security-features-use-actions %}
+
+## Applying your {% data variables.product.prodname_custom_security_configuration %} to repositories in your enterprise
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+1. In the left sidebar, click **Code security**.
+1. To the right of the configuration you want to apply, select the **Apply to** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **All repositories** or **All repositories without configurations**.
+{% data reusables.security-configurations.apply-configuration-by-default %}
+
+{% data reusables.security-configurations.apply-configuration %}
+
+{% data reusables.security-configurations.failure-handling-enterprise %}
+
+## Next steps
+
+To learn how to edit your {% data variables.product.prodname_custom_security_configuration %}, see "[AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/editing-a-custom-security-configuration)."
diff --git a/content/admin/managing-code-security/securing-your-enterprise/applying-the-github-recommended-security-configuration-to-your-enterprise.md b/content/admin/managing-code-security/securing-your-enterprise/applying-the-github-recommended-security-configuration-to-your-enterprise.md
new file mode 100644
index 000000000000..c4b68a9adf4c
--- /dev/null
+++ b/content/admin/managing-code-security/securing-your-enterprise/applying-the-github-recommended-security-configuration-to-your-enterprise.md
@@ -0,0 +1,40 @@
+---
+title: Applying the GitHub-recommended security configuration to your enterprise
+shortTitle: Apply recommended configuration
+intro: 'Secure your code with the security enablement settings created, managed, and recommended by {% data variables.product.github %}.'
+permissions: '{% data reusables.permissions.security-configuration-enterprise-enable %}'
+versions:
+  ghec: '*'
+topics:
+  - Advanced Security
+  - Enterprise
+  - Security
+---
+
+## About the {% data variables.product.prodname_github_security_configuration %}
+
+The {% data variables.product.prodname_github_security_configuration %} is a set of industry best practices and features that provide a robust, baseline security posture for enterprises. This configuration is created and maintained by subject matter experts at {% data variables.product.github %}, with the help of multiple industry leaders and experts. The {% data variables.product.prodname_github_security_configuration %} is designed to successfully reduce the security risks for low- and high-impact repositories. We recommend you apply this configuration to all the repositories in your enterprise.
+
+{% data reusables.security-configurations.github-recommended-warning-enterprise %}
+
+## Applying the {% data variables.product.prodname_github_security_configuration %} to  repositories in your enterprise
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+1. In the left sidebar, click **Code security**.
+1. In the "{% data variables.product.company_short %} recommended" row of the configurations table for your enterprise, select the **Apply to** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **All repositories** or **All repositories without configurations**.
+{% data reusables.security-configurations.apply-configuration-by-default %}
+
+{% data reusables.security-configurations.apply-configuration %}
+
+{% data reusables.security-configurations.failure-handling-enterprise %}
+
+## Enforcing the {% data variables.product.prodname_github_security_configuration %}
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+1. In the left sidebar, click **Code security**.
+1. In the "Configurations" section, select "{% data variables.product.company_short %} recommended".
+1. In the "Policy" section, next to "Enforce configuration", select **Enforce** from the dropdown menu.
+
+{% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases-enterprise %}
diff --git a/content/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise.md b/content/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise.md
new file mode 100644
index 000000000000..a9fbe5614810
--- /dev/null
+++ b/content/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise.md
@@ -0,0 +1,49 @@
+---
+title: Configuring additional secret scanning settings for your enterprise
+shortTitle: Configure additional settings
+intro: 'Learn how to configure additional {% data variables.product.prodname_secret_scanning %} settings for your enterprise.'
+permissions: '{% data reusables.permissions.security-configuration-enterprise-enable %}'
+versions:
+  feature: security-configuration-enterprise-level
+topics:
+  - Advanced Security
+  - Enterprise
+  - Security
+---
+
+## About additional settings for {% data variables.product.prodname_secret_scanning %}
+
+There are some additional {% data variables.product.prodname_secret_scanning %} settings that cannot be applied to repositories using {% data variables.product.prodname_security_configurations %}, so you must configure these settings separately:
+
+* [Configuring a resource link for push protection](/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise#configuring-a-resource-link-for-push-protection){% ifversion secret-scanning-ai-generic-secret-detection %}
+* [Configuring AI detection to find additional secrets](/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise#configuring-ai-detection-to-find-additional-secrets){% endif %}
+
+These additional settings only apply to repositories with both {% data variables.product.prodname_GH_advanced_security %} and {% data variables.product.prodname_secret_scanning %} enabled.
+
+## Accessing the additional settings for {% data variables.product.prodname_secret_scanning %}
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+1. In the left sidebar, click **Code security**.
+1. Scroll down the page to the "Additional settings" section.
+
+### Configuring a resource link for push protection
+
+To provide context for developers when {% data variables.product.prodname_secret_scanning %} blocks a commit, you can display a link with more information on why the commit was blocked.
+
+1. Under "Additional settings", to the right of "Resource link for push protection", click **{% octicon "pencil" aria-hidden="true" %}**.
+1. In the text box, type the link to the desired resource, then click **{% octicon "check" aria-label="Save" %}**.
+
+{% ifversion secret-scanning-ai-generic-secret-detection %}
+
+### Configuring AI detection to find additional secrets
+
+{% data variables.secret-scanning.copilot-secret-scanning %}'s {% data variables.secret-scanning.generic-secret-detection %} is an AI-powered expansion of {% data variables.product.prodname_secret_scanning %} that scans and creates alerts for unstructured secrets, such as passwords.
+
+1. Under "Additional settings", to the right of "Use AI detection to find additional secrets", ensure the setting is toggled to "On".
+
+{% data reusables.secret-scanning.copilot-secret-scanning-generic-secrets-subscription-note %}
+
+To learn more about generic secrets, see "[AUTOTITLE](/code-security/secret-scanning/copilot-secret-scanning/responsible-ai-generic-secrets)."
+
+{% endif %}
diff --git a/content/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise.md b/content/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise.md
new file mode 100644
index 000000000000..71becce1f1bc
--- /dev/null
+++ b/content/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise.md
@@ -0,0 +1,110 @@
+---
+title: Creating a custom security configuration for your enterprise
+shortTitle: Create custom configuration
+intro: 'Build a {% data variables.product.prodname_custom_security_configuration %} to meet the specific security needs of your enterprise.'
+permissions: '{% data reusables.permissions.security-configuration-enterprise-enable %}'
+versions:
+  feature: security-configuration-enterprise-level
+topics:
+  - Advanced Security
+  - Enterprise
+  - Security
+---
+
+## About {% data variables.product.prodname_custom_security_configurations %}
+
+{% ifversion security-configurations-cloud %}
+
+We recommend securing your enterprise with the {% data variables.product.prodname_github_security_configuration %}, then evaluating the security findings on your repositories before configuring {% data variables.product.prodname_custom_security_configurations %}. For more information, see "[AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/applying-the-github-recommended-security-configuration-to-your-enterprise)."
+
+{% endif %}
+
+With {% data variables.product.prodname_custom_security_configurations %}, you can create collections of enablement settings for {% data variables.product.company_short %}'s security products to meet the specific security needs of your enterprise. For example, you can create a different {% data variables.product.prodname_custom_security_configuration %} for each organization or group of organizations to reflect their unique security requirements and compliance obligations.
+
+{% ifversion security-configurations-ghes-only %}
+
+When creating a security configuration, keep in mind that:
+* Only features installed by a site administrator on your {% data variables.product.prodname_ghe_server %} instance will appear in the UI.
+* {% data variables.product.prodname_GH_advanced_security %} features will only be visible if your enterprise or {% data variables.product.prodname_ghe_server %} instance holds a {% data variables.product.prodname_GH_advanced_security %} license.
+* Certain features, like {% data variables.product.prodname_dependabot_security_updates %} and {% data variables.product.prodname_code_scanning %} default setup, also require that {% data variables.product.prodname_actions %} is installed on the {% data variables.product.prodname_ghe_server %} instance.
+
+{% endif %}
+
+## Creating a {% data variables.product.prodname_custom_security_configuration %}
+
+{% ifversion security-configurations-cloud %}
+<!-- Note: this article has two entirely separate procedures for cloud and server users. -->
+
+>[!NOTE]
+> The enablement status of some security features is dependent on other, higher-level security features. For example, disabling dependency graph will also disable automatic dependency submission, {% data variables.product.prodname_dependabot_alerts %}, vulnerability exposure analysis, and security updates.
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+1. In the left sidebar, click **Code security**.
+1. In the "Configurations" section, click **New configuration**.
+1. To help identify your {% data variables.product.prodname_custom_security_configuration %} and clarify its purpose on the "Configurations" page, name your configuration and create a description.
+1. In the "{% data variables.product.prodname_GH_advanced_security %} features" row, choose whether to include or exclude {% data variables.product.prodname_GH_advanced_security %} (GHAS) features. If you plan to apply a {% data variables.product.prodname_custom_security_configuration %} with GHAS features to private repositories, you must have available GHAS licenses for each active unique committer to those repositories, or the features will not be enabled. See "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)."
+1. In the "Dependency graph and {% data variables.product.prodname_dependabot %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for the following security features:
+    * Dependency graph. To learn about dependency graph, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph)."{%- ifversion maven-transitive-dependencies %}
+    * Automatic dependency submission. To learn about automatic dependency submission, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository)."{%- endif %}
+    * {% data variables.product.prodname_dependabot_alerts %}. To learn about {% data variables.product.prodname_dependabot_alerts %}, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)."
+    * Security updates. To learn about security updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)."
+
+    > [!NOTE]
+    > You cannot manually change the enablement settings for vulnerable function calls. If {% data variables.product.prodname_GH_advanced_security %} features and {% data variables.product.prodname_dependabot_alerts %} are enabled, vulnerable function calls is also enabled. Otherwise, it is disabled.
+
+1. In the "{% data variables.product.prodname_code_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for {% data variables.product.prodname_code_scanning %} default setup. To learn about default setup, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#about-default-setup)."
+1. In the "{% data variables.product.prodname_secret_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for the following security features:
+    * Alerts. To learn about {% data variables.product.prodname_secret_scanning %}, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)."{% ifversion org-npp-enablement-security-configurations %}
+    * Non-provider patterns. To learn more about scanning for non-provider patterns, see "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#non-provider-patterns)" and "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts)."{% endif %}
+    * Push protection. To learn about push protection, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection)."
+1. In the "Private vulnerability reporting" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for private vulnerability reporting. To learn about private vulnerability reporting, see "[AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository)."
+1. Optionally, in the "Policy" section, you can choose to automatically apply the {% data variables.product.prodname_security_configuration %} to newly created repositories depending on their visibility. Select the **None** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **Public**, **Private and internal**, or **All repositories**.
+1. Optionally, in the "Policy" section, you can enforce the configuration and block repository owners from changing features that are enabled or disabled by the configuration (features that are not set aren't enforced). Next to "Enforce configuration", select **Enforce** from the dropdown menu.
+
+    {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases-enterprise %}
+
+1. To finish creating your {% data variables.product.prodname_custom_security_configuration %}, click **Save configuration**.
+
+{% elsif security-configurations-ghes-only %}
+
+>[!NOTE]
+> The enablement status of some security features is dependent on other, higher-level security features. For example, disabling {% data variables.secret-scanning.alerts %} will also disable non-provider patterns and push protection.
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+1. In the left sidebar, click **Code security**.
+1. In the "Configurations" section, click **New configuration**.
+1. To help identify your {% data variables.product.prodname_custom_security_configuration %} and clarify its purpose on the "Configurations" page, name your configuration and create a description.
+1. In the "{% data variables.product.prodname_GH_advanced_security %} features" row, choose whether to include or exclude {% data variables.product.prodname_GH_advanced_security %} (GHAS) features. If you plan to apply a {% data variables.product.prodname_custom_security_configuration %} with GHAS features to private repositories, you must have available GHAS licenses for each active unique committer to those repositories, or the features will not be enabled. See "[AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)."
+1. In the "Dependency graph and {% data variables.product.prodname_dependabot %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for the following security features:
+    * {% data variables.product.prodname_dependabot_alerts %}. To learn about {% data variables.product.prodname_dependabot %}, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)."
+    > [!NOTE] {% data variables.dependabot.auto_triage_rules %} are not available to set at enterprise level. If an enterprise-level security configuration is applied to a repository, it can still have {% data variables.dependabot.auto_triage_rules %} enabled, but you can't turn off these rules at the level of the enterprise.
+    * Security updates. To learn about security updates, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates)."
+    > [!NOTE]
+    > You cannot manually change the enablement setting for the dependency graph. This setting is installed and managed by a site administrator at the instance level.
+1. In the "{% data variables.product.prodname_code_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for {% data variables.product.prodname_code_scanning %} default setup. To learn about default setup, see "[AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#about-default-setup)."
+1. In the "{% data variables.product.prodname_secret_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for the following security features:
+    * Alerts. To learn about {% data variables.secret-scanning.alerts %}, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-secret-scanning)."{% ifversion org-npp-enablement-security-configurations %}
+    * Non-provider patterns. To learn more about scanning for non-provider patterns, see "[AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#non-provider-patterns)" and "[AUTOTITLE](/code-security/secret-scanning/managing-alerts-from-secret-scanning/viewing-alerts)."{% endif %}
+    * Push protection. To learn about push protection, see "[AUTOTITLE](/code-security/secret-scanning/introduction/about-push-protection)."
+{% ifversion push-protection-delegated-bypass-configurations %}
+1. Optionally, under "Push protection", choose whether you want to assign bypass privileges to selected actors in your organization. By assigning bypass privileges, selected organization members can bypass push protection, and there is a review and approval process for all other contributors. For further guidance on how to configure this setting, see "[AUTOTITLE](/code-security/secret-scanning/using-advanced-secret-scanning-and-push-protection-features/delegated-bypass-for-push-protection/enabling-delegated-bypass-for-push-protection#configuring-delegated-bypass-for-an-organization)."
+{% endif %}
+1. Optionally, in the "Policy" section, you can choose to automatically apply the {% data variables.product.prodname_security_configuration %} to newly created repositories depending on their visibility. Select the **None** {% octicon "triangle-down" aria-hidden="true" %} dropdown menu, then click **Public**, or **Private and internal**, or **All repositories**.
+
+1. Optionally, in the "Policy" section, you can enforce the configuration and block repository owners from changing features that are enabled or disabled by the configuration (features that are not set aren't enforced). Next to "Enforce configuration", select **Enforce** from the dropdown menu.
+
+    {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases-enterprise %}
+
+1. To finish creating your {% data variables.product.prodname_custom_security_configuration %}, click **Save configuration**.
+
+{% endif %}
+
+## Next steps
+
+To optionally configure additional {% data variables.product.prodname_secret_scanning %} settings for the enterprise, see "[AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/configuring-additional-secret-scanning-settings-for-your-enterprise)."
+
+To apply your {% data variables.product.prodname_custom_security_configuration %} to repositories in your organization, see "[AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration)."
+
+{% data reusables.security-configurations.edit-configuration-next-step %}
diff --git a/content/admin/managing-code-security/securing-your-enterprise/deleting-a-custom-security-configuration.md b/content/admin/managing-code-security/securing-your-enterprise/deleting-a-custom-security-configuration.md
new file mode 100644
index 000000000000..204fa3ac1e5e
--- /dev/null
+++ b/content/admin/managing-code-security/securing-your-enterprise/deleting-a-custom-security-configuration.md
@@ -0,0 +1,28 @@
+---
+title: Deleting a custom security configuration
+shortTitle: Delete custom configuration
+intro: 'You can delete unnecessary {% data variables.product.prodname_custom_security_configurations %} in your enterprise.'
+permissions: '{% data reusables.permissions.security-configuration-enterprise-enable %}'
+versions:
+  feature: security-configuration-enterprise-level
+topics:
+  - Advanced Security
+  - Enterprise
+  - Security
+---
+
+## About deleting a {% data variables.product.prodname_custom_security_configuration %}
+
+If you no longer need a {% data variables.product.prodname_custom_security_configuration %}, you can delete that configuration to ensure it will not be applied to any repositories in the future. If you want to delete a {% data variables.product.prodname_custom_security_configuration %} because you want to change the security enablement settings in that configuration, consider editing the configuration instead. For more information, see "[AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/editing-a-custom-security-configuration)."
+
+> [!WARNING]
+> Deleting a {% data variables.product.prodname_custom_security_configuration %} will detach all repositories that are linked to that configuration. The existing security settings for those repositories will be unchanged, but you must apply a different {% data variables.product.prodname_security_configuration %} or manage their security settings at the repository level to keep their settings up to date.
+
+## Deleting a {% data variables.product.prodname_custom_security_configuration %} from your enterprise
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+1. In the left sidebar, click **Code security**.
+1. In the configurations table, click the name of the {% data variables.product.prodname_custom_security_configuration %} you want to delete.
+1. In the "Edit configuration" page, scroll to the bottom of the "Security settings" section, then click **Delete configuration**.
+1. Ensure you read the warning in the "Delete this configuration?" dialog, to confirm you are comfortable deleting the {% data variables.product.prodname_custom_security_configuration %}, then click **Delete configuration**.
diff --git a/content/admin/managing-code-security/securing-your-enterprise/editing-a-custom-security-configuration.md b/content/admin/managing-code-security/securing-your-enterprise/editing-a-custom-security-configuration.md
new file mode 100644
index 000000000000..908d536c5875
--- /dev/null
+++ b/content/admin/managing-code-security/securing-your-enterprise/editing-a-custom-security-configuration.md
@@ -0,0 +1,37 @@
+---
+title: Editing a custom security configuration
+shortTitle: Edit custom configuration
+intro: 'Change the enablement settings in your {% data variables.product.prodname_custom_security_configuration %} to better meet the security needs of your repositories.'
+permissions: '{% data reusables.permissions.security-configuration-enterprise-enable %}'
+versions:
+  feature: security-configuration-enterprise-level
+topics:
+  - Advanced Security
+  - Organizations
+  - Security
+---
+
+## About editing a {% data variables.product.prodname_custom_security_configuration %}
+
+After creating and applying a {% data variables.product.prodname_custom_security_configuration %}, you may need to edit the enablement settings for that configuration to better secure your repositories. Any changes you make to the enablement settings of a {% data variables.product.prodname_security_configuration %} will automatically populate to all linked repositories.
+
+{% ifversion security-configurations-cloud %}
+
+> [!NOTE]
+> The {% data variables.product.prodname_github_security_configuration %} is managed by {% data variables.product.github %} and cannot be edited. If you would like to customize your security enablement settings, you need to create a {% data variables.product.prodname_custom_security_configuration %}. For more information, see "[AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise)."
+
+{% endif %}
+
+## Modifying your {% data variables.product.prodname_custom_security_configuration %}
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.settings-tab %}
+1. In the left sidebar, click **Code security**.
+1. In the "Configurations" section, click the name of the {% data variables.product.prodname_custom_security_configuration %} you want to edit.
+1. Edit the name and description of your {% data variables.product.prodname_custom_security_configuration %} as desired.
+1. In the "Security settings" section, edit the enablement settings of your {% data variables.product.prodname_custom_security_configuration %} as desired.
+1. In the "Policy" section, you can modify the configuration's enforcement status. Enforcing a configuration will block repository owners from changing features that are enabled or disabled by the configuration, but features that are not set aren't enforced. Next to "Enforce configuration", select **Enforce** or **Don't enforce** from the dropdown menu.
+
+    {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases-enterprise %}
+
+1. To apply your changes, click **Update configuration**.
diff --git a/content/admin/managing-code-security/securing-your-enterprise/index.md b/content/admin/managing-code-security/securing-your-enterprise/index.md
new file mode 100644
index 000000000000..5b2176b97042
--- /dev/null
+++ b/content/admin/managing-code-security/securing-your-enterprise/index.md
@@ -0,0 +1,22 @@
+---
+title: Securing your enterprise
+shortTitle: Securing your enterprise
+intro: '{% ifversion security-configurations-cloud %}Enable the {% data variables.product.prodname_github_security_configuration %} or c{% elsif security-configurations-ghes-only %}C{% endif %}reate and apply {% data variables.product.prodname_custom_security_configurations %} to quickly secure your enterprise.'
+product: '{% data reusables.gated-features.ghas %}'
+versions:
+  feature: security-configuration-enterprise-level
+topics:
+  - Alerts
+  - Advanced Security
+  - Dependency graph
+  - Dependabot
+  - Repositories
+children:
+  - /about-security-configurations
+  - /applying-the-github-recommended-security-configuration-to-your-enterprise
+  - /creating-a-custom-security-configuration-for-your-enterprise
+  - /applying-a-custom-security-configuration-to-your-enterprise
+  - /configuring-additional-secret-scanning-settings-for-your-enterprise
+  - /editing-a-custom-security-configuration
+  - /deleting-a-custom-security-configuration
+---
diff --git a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization.md b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization.md
index b9e20f229caf..8a2dff56c75b 100644
--- a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization.md
+++ b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-the-github-recommended-security-configuration-in-your-organization.md
@@ -52,7 +52,6 @@ The {% data variables.product.prodname_github_security_configuration %} is a col
 1. In the "Code security configurations" section, select "{% data variables.product.company_short %} recommended".
 1. In the "Policy" section, next to "Enforce configuration", select **Enforce** from the dropdown menu.
 
->[!NOTE]
 {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases %}
 
 ## Next steps
diff --git a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration.md b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration.md
index ef40b0c16764..2622e8c8c95e 100644
--- a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration.md
+++ b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration.md
@@ -71,7 +71,6 @@ When creating a security configuration, keep in mind that:
     {% data reusables.security-configurations.default-configuration-exception-repo-transfers %}
 1. Optionally, in the "Policy" section, you can enforce the configuration and block repository owners from changing features that are enabled or disabled by the configuration (features that are not set aren't enforced). Next to "Enforce configuration", select **Enforce** from the dropdown menu.
 
-    >[!NOTE]
     {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases %}
 
 1. To finish creating your {% data variables.product.prodname_custom_security_configuration %}, click **Save configuration**.
@@ -105,7 +104,6 @@ When creating a security configuration, keep in mind that:
     {% data reusables.security-configurations.default-configuration-exception-repo-transfers %}
 1. Optionally, in the "Policy" section, you can enforce the configuration and block repository owners from changing features that are enabled or disabled by the configuration (features that are not set aren't enforced). Next to "Enforce configuration", select **Enforce** from the dropdown menu.
 
-    >[!NOTE]
     {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases %}
 
 1. To finish creating your {% data variables.product.prodname_custom_security_configuration %}, click **Save configuration**.
diff --git a/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale.md b/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale.md
index 9a5cbbda586a..f978eafc551c 100644
--- a/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale.md
+++ b/content/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale.md
@@ -37,7 +37,6 @@ You will only ever see enablement settings for features that have been installed
 
 {% endif %}
 
->[!NOTE]
 {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases %}
 
 Each repository can only have one {% data variables.product.prodname_security_configuration %} applied to it. {% ifversion security-configurations-cloud %}To find out how you should get started with {% data variables.product.prodname_security_configurations %}, see [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/choosing-a-security-configuration-for-your-repositories).{% endif %}
diff --git a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md
index 18e5d26bc9e8..df34c8da8218 100644
--- a/content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md
+++ b/content/code-security/securing-your-organization/managing-the-security-of-your-organization/editing-a-custom-security-configuration.md
@@ -37,7 +37,6 @@ To determine if your {% data variables.product.prodname_custom_security_configur
 1. In the "Security settings" section, edit the enablement settings of your {% data variables.product.prodname_custom_security_configuration %} as desired.
 1. In the "Policy" section, you can modify the configuration's enforcement status. Enforcing a configuration will block repository owners from changing features that are enabled or disabled by the configuration, but features that are not set aren't enforced. Next to "Enforce configuration", select **Enforce** or **Don't enforce** from the dropdown menu.
 
-    >[!NOTE]
     {% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases %}
 
 1. To apply your changes, click **Update configuration**.
diff --git a/data/features/security-configuration-enterprise-level.yml b/data/features/security-configuration-enterprise-level.yml
new file mode 100644
index 000000000000..f9e96bceb95c
--- /dev/null
+++ b/data/features/security-configuration-enterprise-level.yml
@@ -0,0 +1,5 @@
+# Reference: #15381
+# Code security configurations at the enterprise level
+versions:
+  ghec: '*'
+  ghes: '>3.15'
diff --git a/data/reusables/code-scanning/custom-security-configuration-enforcement-edge-cases-enterprise.md b/data/reusables/code-scanning/custom-security-configuration-enforcement-edge-cases-enterprise.md
new file mode 100644
index 000000000000..1a74d7fb3c3a
--- /dev/null
+++ b/data/reusables/code-scanning/custom-security-configuration-enforcement-edge-cases-enterprise.md
@@ -0,0 +1,8 @@
+> [!NOTE]
+> If a user in your enterprise attempts to change the enablement status of a feature in an enforced configuration using the REST API, the API call will appear to succeed, but no enablement statuses will change.
+>
+> Some situations can break the enforcement of {% data variables.product.prodname_security_configurations %} for a repository. For example, the enablement of {% data variables.product.prodname_code_scanning %} will not apply to a repository if:
+> * {% data variables.product.prodname_actions %} is initially enabled on the repository, but is then disabled in the repository.
+> * {% data variables.product.prodname_actions %} required by {% data variables.product.prodname_code_scanning %} configurations are not available in the repository.{% ifversion ghes %}
+> * Self-hosted runners with the label `code-scanning` are not available.{% endif %}
+> * The definition for which languages should not be analyzed using {% data variables.product.prodname_code_scanning %} default setup is changed.
diff --git a/data/reusables/code-scanning/custom-security-configuration-enforcement-edge-cases.md b/data/reusables/code-scanning/custom-security-configuration-enforcement-edge-cases.md
index 4aba6b68fe05..e44958a42008 100644
--- a/data/reusables/code-scanning/custom-security-configuration-enforcement-edge-cases.md
+++ b/data/reusables/code-scanning/custom-security-configuration-enforcement-edge-cases.md
@@ -1,3 +1,4 @@
+> [!NOTE]
 > If a user in your organization attempts to change the enablement status of a feature in an enforced configuration using the REST API, the API call will appear to succeed, but no enablement statuses will change.
 >
 > Some situations can break the enforcement of {% data variables.product.prodname_security_configurations %} for a repository. For example, the enablement of {% data variables.product.prodname_code_scanning %} will not apply to a repository if:
diff --git a/data/reusables/gated-features/security-configurations-enterprise.md b/data/reusables/gated-features/security-configurations-enterprise.md
new file mode 100644
index 000000000000..e58b29c89485
--- /dev/null
+++ b/data/reusables/gated-features/security-configurations-enterprise.md
@@ -0,0 +1,15 @@
+{% data variables.product.prodname_security_configurations_caps %} is available for the following repositories:
+
+{% ifversion ghec %}
+
+  * Public repositories
+  * Private and internal repositories in organizations using {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled{% ifversion secret-scanning-user-owned-repos %}
+
+{% endif %}
+
+{% elsif ghes %}
+
+* Organization-owned repositories with [{% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled
+* {% ifversion secret-scanning-user-owned-repos %}User-owned repositories{% endif %} for an enterprise with {% data variables.product.prodname_GH_advanced_security %} enabled
+
+{% endif %}
diff --git a/data/reusables/permissions/security-configuration-enterprise-enable.md b/data/reusables/permissions/security-configuration-enterprise-enable.md
new file mode 100644
index 000000000000..5fd5f7261566
--- /dev/null
+++ b/data/reusables/permissions/security-configuration-enterprise-enable.md
@@ -0,0 +1 @@
+{% ifversion ghec %}Enterprise owners and members with the **admin** role{% else %}Site administrators{% endif %}
diff --git a/data/reusables/security-configurations/emu-note.md b/data/reusables/security-configurations/emu-note.md
new file mode 100644
index 000000000000..a80aea4ab6ec
--- /dev/null
+++ b/data/reusables/security-configurations/emu-note.md
@@ -0,0 +1,5 @@
+{% ifversion ghec %}
+
+If your enterprise uses {% data variables.product.prodname_emus %}, please note that enterprise-level {% data variables.product.prodname_security_configurations %} are not automatically rolled out to user namespace repositories. There are some additional {% data variables.product.prodname_secret_scanning %} settings that can be applied to user namespace repositories within the enteprise, but you cannot apply enterprise-level  {% data variables.product.prodname_security_configurations %} to this type of user-owner repository.
+
+{% endif %}
diff --git a/data/reusables/security-configurations/failure-handling-enterprise.md b/data/reusables/security-configurations/failure-handling-enterprise.md
new file mode 100644
index 000000000000..27fa06929f68
--- /dev/null
+++ b/data/reusables/security-configurations/failure-handling-enterprise.md
@@ -0,0 +1 @@
+If {% data variables.product.prodname_security_configurations %} fail to apply to some organizations in your enterprise, {% data variables.product.prodname_dotcom %} will display a banner on the UI to let you know. You can click the links on the banner to get more information about the organizations and repositories involved.
diff --git a/data/reusables/security-configurations/github-recommended-warning-enterprise.md b/data/reusables/security-configurations/github-recommended-warning-enterprise.md
new file mode 100644
index 000000000000..5c8eed373b1c
--- /dev/null
+++ b/data/reusables/security-configurations/github-recommended-warning-enterprise.md
@@ -0,0 +1 @@
+>[!WARNING] {% data variables.product.github %} may add new features to the {% data variables.product.prodname_github_security_configuration %} without warning. If you have concerns and prefer to test out features before they are turned on, we suggest you do not use the {% data variables.product.prodname_github_security_configuration %}.
diff --git a/data/reusables/security-configurations/security-features-use-actions.md b/data/reusables/security-configurations/security-features-use-actions.md
new file mode 100644
index 000000000000..183b3099331f
--- /dev/null
+++ b/data/reusables/security-configurations/security-features-use-actions.md
@@ -0,0 +1 @@
+>[!NOTE] Some features enabled in {% data variables.product.prodname_security_configurations %} may require Actions minutes to work. {% data variables.product.prodname_dotcom %} will let you know if that's the case when you apply the configuration to a repository. For more information about billing for {% data variables.product.prodname_actions %}, see "[AUTOTITLE](/billing/managing-billing-for-github-actions/about-billing-for-github-actions)."