[pull] main from github:main

content/actions/how-tos/secure-your-work/security-harden-deployments/oidc-in-azure.md

@@ -91,7 +91,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 'Az CLI login'
-        uses: azure/login@v2
+        uses: azure/login@8c334a195cbb38e46038007b304988d888bf676a
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}

content/actions/how-tos/write-workflows/choose-what-workflows-do/deploy-to-environment.md

@@ -35,8 +35,9 @@ You need to create an environment before you can use it in a workflow. See [AUTO
     ```yaml copy
     jobs:
       JOB-ID:
-        environment: ENVIRONMENT-NAME
-        url: URL
+        environment:
+            name: ENVIRONMENT-NAME
+            url: URL
     ```
 
     The specified URL will appear:

content/admin/managing-iam/using-saml-for-enterprise-iam/configuring-saml-single-sign-on-for-your-enterprise.md

@@ -99,6 +99,9 @@ For more detailed information about how to enable SAML using Okta, see [AUTOTITL
 1. Optionally, in the **Issuer** field, type your SAML issuer URL to verify the authenticity of sent messages.
 1. Under **Public Certificate**, paste a certificate to verify SAML responses. This is the public key corresponding to the private key used to sign SAML responses.
 
+   > [!NOTE]
+   > {% data variables.product.github %} does not enforce the expiration of this SAML IdP certificate. This means that even if this certificate expires, your SAML authentication will continue to work. However, if your IdP administrator regenerates the SAML certificate, and you don't update it on the {% data variables.product.github %} side, users will encounter a `digest mismatch` error during SAML authentication attempts due to the certificate mismatch. See [Error: Digest mismatch](/admin/managing-iam/using-saml-for-enterprise-iam/troubleshooting-saml-authentication#error-digest-mismatch).
+
    To find the certificate, refer to the documentation for your IdP. Some IdPs call this an X.509 certificate.
 
 {% data reusables.saml.edit-signature-and-digest-methods %}

content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/index.md

@@ -12,6 +12,7 @@ topics:
 children:
   - /about-your-exposure-to-vulnerable-dependencies
   - /prioritizing-dependabot-alerts-using-metrics
+  - /prioritizing-dependabot-alerts-using-production-context
 redirect_from:
   - /code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilites
 ---

content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/prioritizing-dependabot-alerts-using-production-context.md

@@ -0,0 +1,60 @@
+---
+title: Prioritizing Dependabot alerts using production context
+shortTitle: Dependabot production context
+intro: 'You can focus remediation on real risk by prioritizing {% data variables.product.prodname_dependabot_alerts %} for artifacts actually present in production, using metadata from external registries like JFrog Artifactory or your own CI/CD workflows.'
+product: '{% data reusables.gated-features.dependabot-alerts %}'
+versions:
+  fpt: '*'
+  ghec: '*'
+type: how_to
+topics:
+  - Code Security
+  - Dependabot
+  - Organizations
+  - Security
+---
+
+> [!NOTE] Production context is in {% data variables.release-phases.public_preview %} and subject to change.
+
+## Prioritizing {% data variables.product.prodname_dependabot_alerts %} using production context
+
+Application Security (AppSec) managers are often overwhelmed by a high volume of {% data variables.product.prodname_dependabot_alerts %}, many of which may not represent real risk because the affected code never makes it to production. By associating production context with your alerts, you can filter and prioritize vulnerabilities that impact artifacts actually approved for production environments. This enables your team to focus remediation efforts on the vulnerabilities that matter most, reducing noise and improving your security posture.
+
+## Associating production context with {% data variables.product.prodname_dependabot_alerts %}
+
+{% data variables.product.github %} enables production context for your {% data variables.product.prodname_dependabot_alerts %} by providing a Storage Record API. This API allows package registries or GitOps workflows to send artifact lifecycle data to {% data variables.product.github %}. The API should be called whenever an artifact is promoted to a production-approved package repository.
+
+{% data variables.product.github %} processes this metadata and uses it to power new alert filters, such as `artifact-registry-url` and `artifact-registry`. For more information, see [Create artifact metadata storage record](/rest/orgs/artifact-metadata?apiVersion=2022-11-28#create-artifact-metadata-storage-record) in the REST API documentation.
+
+## Steps to prioritize alerts
+
+Follow these steps to enable and use production context for alert prioritization:
+
+### Step 1: Detect and report production artifact promotions
+
+In your CI/CD or GitOps workflow, whenever an artifact is promoted to a production-approved package repository, call the Storage Record API to to send the artifact's metadata to {% data variables.product.github %}. This includes information such as the artifact's registry, repository, and version. See [AUTOTITLE](/rest/orgs/artifact-metadata?apiVersion=2022-11-28#create-artifact-metadata-storage-record).
+
+If you use JFrog Artifactory, you do not need to perform any custom integration. Artifactory natively integrates with the Storage Record API. You only need to enable the integration in your Artifactory settings, and Artifactory will automatically emit production promotion events to {% data variables.product.github %}.
+
+The `artifact-registry:jfrog-artifactory` filter will work out of the box with no further setup in {% data variables.product.github %}. For setup instructions, see [JFrog and GitHub Integration: JFrog for [{% data variables.product.github %} {% data variables.product.prodname_dependabot %}]](https://jfrog.com/help/r/jfrog-and-github-integration-guide/jfrog-for-github-dependabot) in the JFrog documentation.
+
+### Step 2: Use production context filters
+
+{% data reusables.dependabot.where-to-view-dependabot-alerts %}. For information about accessing this tab, see [Viewing {% data variables.product.prodname_dependabot_alerts %}](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts#viewing-dependabot-alerts).
+
+Once the alert list is displayed, use the `artifact-registry-url` or `artifact-registry` filters to focus on vulnerabilities affecting artifacts present in production. For example:
+
+```text
+artifact-registry-url:my-registry.example.com
+artifact-registry:jfrog-artifactory
+```
+
+You can also combine these with other filters, such as EPSS.
+
+```text
+epss > 0.5 AND artifact-registry-url:my-registry.example.com
+```
+
+## Further reading
+
+* [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/prioritizing-dependabot-alerts-using-metrics)

content/copilot/how-tos/use-copilot-for-common-tasks/use-copilot-to-create-issues.md

@@ -76,6 +76,44 @@ For example:
 
 Each draft appears separately, and you can review and edit them individually. To publish the issues, click **Create** on each one you want to submit.
 
+## Creating sub-issues
+
+You can use {% data variables.product.prodname_copilot_short %} to draft multiple sub-issues.
+
+For example:
+
+`In octo-org/octo-repo, plan a new user dashboard. Break it down into an epic, and create sub-issues for each main feature and task.`
+
+{% data variables.product.prodname_copilot_short %} generates a draft issue tree, with a parent issue at the top level and sub-issues beneath it.
+
+You can review the issue tree, expand or collapse sub-issues, and edit the details of each issue.  
+
+Click the parent issue to view its details in the workbench. The parent issue displays a list of sub-issues, and you can click each one to view and edit its details in the workbench. From a sub-issue, use the "Parent" dropdown to navigate through the issue tree. You can also click **Review and create** at the top of the workbench to see the full issue tree and navigate directly to any issue.
+
+{% data variables.product.prodname_copilot_short %} can modify the tree, by unlinking issues or by attaching new drafts.
+
+For example, you can:
+* Remove a sub-issue from the issue tree:  
+   `Remove sub-issue NAME_OF_ISSUE from the issue tree`
+* Add an additional sub-issue to the issue tree:
+   `Add an additional sub-issue with ISSUE_DETAILS to the issue tree`
+
+Once you've finished editing the drafts and are ready to publish the issues, click **Review and create** then click **Create issues**.
+
+## Working with existing issues
+
+You can use {% data variables.product.prodname_copilot_short %} to connect new issues with issues that already exist in your repository.
+
+For example, you can:
+* Add a sub-issue to an existing parent issue:  
+   `Create a sub-issue for octo-org/octo-repo issue #456.`
+* Add a parent issue to an existing issue:
+   `Create a parent issue for octo-org/octo-repo issue #456.`
+* Add a parent issue to multiple existing issues:
+   `Create a parent issue for octo-org/octo-repo issues #456, #457, and #458.`
+
+The draft appears in the workbench, where you can review and edit it. To publish the issue, click **Review and create**, then click **Create issues**.
+
 ## Assigning issues to {% data variables.product.prodname_copilot_short %}
 
 To assign an issue to {% data variables.product.prodname_copilot_short %}, you need to have {% data variables.copilot.copilot_coding_agent %} enabled. See [AUTOTITLE](/copilot/concepts/coding-agent/about-enabling-coding-agent).
@@ -90,3 +128,4 @@ Once the issue is assigned and created, {% data variables.product.prodname_copil
 ## Further reading
 
 * [AUTOTITLE](/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository)
+* [AUTOTITLE](/copilot/tutorials/plan-a-project)

content/copilot/tutorials/index.md

@@ -24,6 +24,7 @@ children:
   - /build-apps-with-spark
   - /modernize-legacy-code
   - /migrate-a-project
+  - /plan-a-project
   - /upgrade-projects
   - /roll-out-at-scale
 redirect_from:

content/copilot/tutorials/plan-a-project.md

@@ -0,0 +1,116 @@
+---
+title: Planning a project with GitHub Copilot
+shortTitle: Plan a project
+intro: 'Plan your next project by using {% data variables.product.prodname_copilot %} to turn your ideas into issues.'
+permissions: 'Anyone with a {% data variables.product.prodname_copilot_short %} license can use {% data variables.product.prodname_copilot_short %} to create issues.'
+topics:
+  - Copilot
+  - Issues
+  - Project management
+versions:
+  feature: copilot
+
+contentType: tutorials
+---
+
+> [!NOTE]
+> * This feature is in {% data variables.release-phases.public_preview %} and subject to change.
+> * The responses shown in this article are examples. {% data variables.copilot.copilot_chat_short %} responses are non-deterministic, so you may get different responses from the ones shown here.
+
+Manage your project with {% data variables.product.prodname_github_issues %} using {% data variables.product.prodname_copilot_short %}. In this tutorial, you’ll use {% data variables.product.prodname_copilot_short %}’s agentic issue creation features to turn your product idea into epics, features, and tasks. Epics represent large bodies of work, while features and tasks break the work into smaller, actionable pieces. By the end, you’ll have a structured backlog ready to share with your team.
+
+## Project overview
+
+It’s important to define what you want your product to do. In the planning phase of the software development lifecycle (SDLC), you turn ideas into actionable tasks by breaking down your project into epics, features, and smaller pieces of work. This helps you organize your thoughts, set priorities, and prepare your team for development.
+
+When you use {% data variables.product.prodname_copilot_short %}, you drive this process. {% data variables.product.prodname_copilot_short %} can suggest a structure and fill in details, but the best results come when you have a sense of how you want the work to be organized. {% data variables.product.prodname_copilot_short %} works with your input to help you refine, expand, and document your plan.
+
+In this scenario you’ll plan a new shopping website that will allow users to:
+* Browse a product catalog with categories and search
+* Add items to a shopping cart
+* Complete secure checkouts
+
+Your goal is to use {% data variables.product.prodname_copilot_short %} to quickly turn this vision into a structured project plan, creating epics and detailed issues that capture each part of your site.
+
+## Set up repository
+
+Set up a repository with {% data variables.product.prodname_github_issues %} enabled. See [AUTOTITLE](/repositories/creating-and-managing-repositories/creating-a-new-repository).
+
+By default, issues are enabled for new repositories. If you would like to use an existing repository but don’t see the **Issues** tab, follow these steps to enable issues:
+1. From the repository, select **Settings**.
+1. Under "Features", check the **Issues** box.
+
+## Generate project issues
+
+With the repository set up, you can use {% data variables.product.prodname_copilot_short %} to turn your project vision into a set of actionable issues.
+
+### Start in the {% data variables.product.prodname_copilot_short %} immersive view
+
+{% data reusables.copilot.immersive-mode-instructions %}
+1. Using the chat panel, attach the repository for the shopping website. This allows {% data variables.product.prodname_copilot_short %} to access the repository and create issues directly within it.
+
+### Create an epic issue
+
+1. Enter a detailed project description as your prompt. For example:  
+   ```I’m planning to create a shopping website in React and Node.js. The site should allow users to browse products by category, search for items, add products to a cart, and complete checkout. Please help me plan the project by creating issues and breaking it down into epics, features, and tasks.```
+1. Submit your prompt. {% data variables.product.prodname_copilot_short %} will generate an issue tree, typically with an epic at the top and sub-issues for each main feature or task
+
+![Screenshot of Copilot Chat in immersive mode. Copilot chat displays a list of issues with an epic at the top and several sub-issues beneath it.](/assets/images/help/copilot/copilot-creates-sub-issues.png)
+
+## Navigate the issue tree
+
+1. Click the epic to view its details in the workbench. Navigate through the workbench to explore the issue tree.
+1. Each issue typically includes a title and description. Additional metadata such as labels or assignees, can be edited directly in the workbench.  
+1. You can expand or collapse sub-issues to focus on specific parts of the project.
+
+   The issue tree provides a clear overview of your project structure, making it easy to navigate between epics, features, and tasks.
+
+1. In this first iteration of the draft, {% data variables.product.prodname_copilot_short %} may generate only high-level issues. You can refine these issues further by breaking them down into smaller tasks or features. Let's refine the issue "Feature: UI Skeleton and Navigation".
+
+    Prompt {% data variables.product.prodname_copilot_short %} with:  
+   ```Can you break down the issue "Feature: UI Skeleton and Navigation" into smaller tasks?```
+
+   {% data variables.product.prodname_copilot_short %} will generate multiple new sub-issues such as:
+    * Task: Set up React project structure and initial files
+    * Task: Create placeholder pages for main routes
+    * Task: Implement site-wide navigation bar component
+    * Task: Integrate navigation with routing
+    * Task: Add basic responsive layout
+
+1. Repeat this process for the remaining feature issues in the epic.  
+
+![Screenshot of the Copilot Chat workbench. The workbench displays an issue tree with an epic at the top and several sub-issues beneath it.](/assets/images/help/copilot/copilot-creates-sub-issues-workbench.png)
+
+### Improve issue descriptions
+
+After you finish generating the issue tree you may notice that {% data variables.product.prodname_copilot_short %}’s issue descriptions may be brief or unclear. To make them actionable, refine each issue as needed.
+
+1. Start with the newly generated issue such as "Task: Create placeholder pages for main routes".  
+
+   Prompt {% data variables.product.prodname_copilot_short %} with:  
+  ```Can you improve the description for “Task: Create placeholder pages for main routes”? Please provide a detailed technical summary, list the main routes to be included, outline the steps for implementation, and specify what should be delivered for this task.```
+
+1. {% data variables.product.prodname_copilot_short %} will generate a new version of the draft issue "Task: Create placeholder pages for main routes."  
+
+    At the top-left of the issue, click the versioning drop-down and select **Version 2** to review the new changes.
+1. Review and decide whether to keep {% data variables.product.prodname_copilot_short %}’s revised version, edit further, or prompt again for more detail.
+1. Repeat this process for other issues in the epic, refining descriptions and breaking down tasks as needed.
+1. Once you’re satisfied with the issue descriptions, click **Create all** to create the issues in your repository.
+
+## Unlink issues
+
+If {% data variables.product.prodname_copilot_short %} generates a sub-issue that doesn't belong to the issue tree, you can unlink it from the issue tree.
+
+1. In the workbench issue tree, click {% octicon "kebab-horizontal" aria-label="More options" %} next to the sub-issue, then click **Unlink sub-issue**.
+1. The issue will be unlinked from its parent and will no longer appear under that epic in the tree.
+
+## Next steps
+
+Now that you’ve generated and refined your project issues, you can assign them to the right team members or even to {% data variables.product.prodname_copilot_short %} itself for further assistance. To learn more about how to assign {% data variables.product.prodname_copilot_short %} or contributors to issues, and how to continue planning and implementing your project with {% data variables.product.prodname_copilot_short %}’s agentic features, see [AUTOTITLE](/copilot/how-tos/use-copilot-agents/coding-agent/assign-copilot-to-an-issue).
+
+## Further reading
+
+* [AUTOTITLE](/copilot/how-tos/use-copilot-for-common-tasks/use-copilot-to-create-issues)
+* [AUTOTITLE](/copilot/tutorials/coding-agent/pilot-coding-agent)
+* [AUTOTITLE](/copilot/tutorials/coding-agent/get-the-best-results)
+* [AUTOTITLE](/copilot/tutorials/speed-up-development-work)

content/get-started/showcase-your-expertise-with-github-certifications/about-github-certifications.md

@@ -46,7 +46,7 @@ You can highlight your knowledge with the {% data variables.product.prodname_GHA
 
 You can certify your ability to optimize and manage a healthy {% data variables.product.prodname_dotcom %} environment with the {% data variables.product.prodname_dotcom %} Admin exam. This exam covers:
 
-* Repository management 
+* Repository management
 * Workflow optimization
 * Efficient collaboration
 

content/rest/orgs/artifact-metadata.md

@@ -0,0 +1,14 @@
+---
+title: Artifact metadata
+shortTitle: Artifact metadata
+intro: "Use these endpoints to retrieve and manage metadata for artifacts in your organization. Artifact metadata provides information about build artifacts, their provenance, and related details."
+versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖
+  fpt: '*'
+  ghec: '*'
+topics:
+  - API
+autogenerated: rest
+allowTitleToDifferFromFilename: true
+---
+
+<!-- Content after this section is automatically generated -->

content/rest/orgs/index.md

@@ -16,6 +16,7 @@ topics:
   - API
 children:
   - /api-insights
+  - /artifact-metadata
   - /attestations
   - /blocking
   - /bypass-requests

content/rest/projects-classic/cards.md

@@ -1,14 +1,15 @@
 ---
-title: 'REST API endpoints for {% data variables.product.prodname_project_v1_caps %} cards'
+title: >-
+  REST API endpoints for {% data variables.product.prodname_project_v1_caps %}
+  cards
 shortTitle: Cards
 allowTitleToDifferFromFilename: true
 intro: >-
   Use the REST API to create and manage cards on a {% data
   variables.projects.projects_v1_board %}.
 versions: # DO NOT MANUALLY EDIT. CHANGES WILL BE OVERWRITTEN BY A 🤖
-  fpt: '*'
   ghec: '*'
-  ghes: '*'
+  ghes: <=3.16
 topics:
   - API
 autogenerated: rest