github · docs-bot · Mar 2, 2026 · Mar 2, 2026 · Mar 2, 2026 · Mar 2, 2026
diff --git a/...ment/about-your-exposure-to-vulnerabilities-in-your-code-and-in-dependencies.md b/...ment/about-your-exposure-to-vulnerabilities-in-your-code-and-in-dependencies.md
@@ -1,7 +1,7 @@
 ---
 title: About exposure to vulnerabilities in your code and in dependencies
 shortTitle: Vulnerability exposure
-intro: Understanding your organization’s exposure to vulnerabilities in first-party code and in all dependencies is essential for enabling you to efficiently assess, prioritize, and remediate vulnerabilities, reducing the likelihood of security breaches.
+intro: Understand how vulnerabilities in your own code and in third-party dependencies contribute to your organization’s overall security exposure, and how to measure and reduce that risk.
 allowTitleToDifferFromFilename: true
 product: '{% data reusables.gated-features.ghas-billing %}'
 versions:
@@ -17,9 +17,9 @@ redirect_from:
   - /code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/about-your-exposure-to-vulnerable-dependencies
 ---
 
-## About exposure to vulnerable code
+## Risks of unaddressed vulnerabilities 
 
-Your organization has exposure to vulnerabilities in both the code you write and maintain, and in the open-source or third-party dependencies your code uses. Assessing your exposure to vulnerable dependencies is crucial if you want to prevent:
+Your organization has exposure to vulnerabilities in both the code you write and maintain, and in the open source or third-party dependencies your code uses. Assessing your exposure to vulnerabilities is crucial if you want to prevent:
 
 * **Unplanned downtime and operational disruption**. Exploitation of vulnerabilities can result in application outages, degraded service quality, or cascading failures in critical systems, disrupting your business operations.
 
@@ -31,7 +31,7 @@ Your organization has exposure to vulnerabilities in both the code you write and
 
 * **Regulatory and licensing issues**. Many regulations and industry standards require organizations to proactively address known vulnerabilities in their software supply chain. Failing to remediate vulnerable dependencies can result in non-compliance, audits, legal penalties, or breaches of open source license obligations.
 
-Regularly assessing your exposure to vulnerabilities is good practice to help identify risks early, implement effective remediation strategies, and maintain resilient, trustworthy software.
+Regularly assessing vulnerability exposure helps you identify risks early and prioritize remediation.
 
 ## Ways to monitor your repositories for vulnerable code
 
@@ -41,17 +41,19 @@ Regularly assessing your exposure to vulnerabilities is good practice to help id
 
 {% data variables.product.github %} provides a comprehensive set of {% data variables.product.prodname_dependabot %} metrics to help you monitor, prioritize, and remediate these risks across all repositories in your organization. See [AUTOTITLE](/code-security/concepts/supply-chain-security/about-metrics-for-dependabot-alerts).
 
-## Key tasks for AppSec managers
+## Reducing organizational vulnerability exposure
 
-### 1. Monitor vulnerability metrics for dependencies
+Reducing organizational vulnerability exposure requires ongoing visibility into risk, remediation progress, and policy enforcement across repositories. {% data variables.product.prodname_dependabot %} and {% data variables.product.prodname_code_scanning %} metrics provide this visibility. Use the following best practices to monitor and reduce your organization's vulnerability exposure:
+
+### Monitor vulnerability metrics for dependencies
 
 Use the metrics overview for {% data variables.product.prodname_dependabot %} to gain visibility into the current state of your organization's dependency vulnerabilities. See [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-dependabot-alerts).
 
 * **Alert prioritization:** Review the number of open {% data variables.product.prodname_dependabot_alerts %} and use filters such as CVSS severity, EPSS exploit likelihood, patch availability, and whether a vulnerable dependency is actually used in deployed artifacts. {% data reusables.security-overview.dependabot-filters-link %}
 * **Repository-level breakdown:** Identify which repositories have the highest number of critical or exploitable vulnerabilities.
 * **Remediation tracking:** Track the number and percentage of alerts fixed over time to measure the effectiveness of your vulnerability management program.
 
-### 2. Monitor introduction of new {% data variables.product.prodname_code_scanning %} alerts
+### Monitor introduction of new {% data variables.product.prodname_code_scanning %} alerts
 
 Use the alert view for {% data variables.product.prodname_code_scanning %} to gain visibility into remediation activity in your organization's pull requests. See [AUTOTITLE](/code-security/security-overview/viewing-metrics-for-pull-request-alerts).
 
@@ -60,7 +62,7 @@ Use the alert view for {% data variables.product.prodname_code_scanning %} to ga
 * **Repository-level breakdown:** Identify which repositories have the highest number of alerts detected in pull requests but still merged into the default branch.
 * **Remediation tracking:** Track the number and percentage of alerts fixed over time to measure the effectiveness of your vulnerability management program.
 
-### 3. Prioritize remediation efforts
+### Prioritize remediation efforts
 
 Focus on vulnerabilities that present the highest risk to your organization.
 
@@ -69,20 +71,20 @@ Focus on vulnerabilities that present the highest risk to your organization.
 * Encourage development teams to address vulnerabilities that are actually used in deployed artifacts through repository custom properties and using production context. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-vulnerabilities/alerts-in-production-code).{% endif %}{% ifversion security-campaigns %}
 * Create security campaigns to encourage and track the remediation of high priority {% data variables.product.prodname_code_scanning %} alerts. See [AUTOTITLE](/code-security/securing-your-organization/fixing-security-alerts-at-scale/creating-managing-security-campaigns).{% endif %}
 
-### 4. Communicate risk and progress
+### Communicate risk and progress
 
 * Use the metrics pages to communicate key risk factors and remediation progress to stakeholders.
 * Provide regular updates on trends, such as the reduction in open critical vulnerabilities or improvements in remediation rates.
 * Highlight repositories or teams that require additional support or attention.
 
-### 5. Establish and enforce policies
+### Establish and enforce policies
 
 * Set an organization-wide security configuration that enables {% data variables.product.prodname_dependabot %} and {% data variables.product.prodname_code_scanning %} on all existing and new repositories. See [AUTOTITLE](/code-security/securing-your-organization/introduction-to-securing-your-organization-at-scale/about-enabling-security-features-at-scale).
 * Enable dependency review to comment on pull requests in all repositories.
 * Create an organization-wide ruleset to protect the default branch and require critical {% data variables.product.prodname_code_scanning %} alerts to be fixed before a pull request can be merged. See [AUTOTITLE](/organizations/managing-organization-settings/managing-rulesets-for-repositories-in-your-organization).
 * Work with repository administrators to enable automated security updates where possible. See [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).
 
-### 6. Assess the impact of alerts
+### Assess the impact of alerts
 
 * Regularly review how {% data variables.product.prodname_dependabot %} and {% data variables.product.prodname_code_scanning %} alerts are helping to block security vulnerabilities from entering your codebase.
 * Use historical data to demonstrate the value of proactive dependency management.
diff --git a/...manage-security-alerts/remediate-alerts-at-scale/tracking-security-campaigns.md b/...manage-security-alerts/remediate-alerts-at-scale/tracking-security-campaigns.md
@@ -1,7 +1,7 @@
 ---
 title: Tracking security campaigns
 shortTitle: Track security campaign
-intro: You can monitor the progress of all your organization's security campaigns, and track the status of individual campaigns.
+intro: Use the campaign tracking views to monitor remediation progress, identify stalled work, and measure campaign impact across your organization.
 allowTitleToDifferFromFilename: true
 permissions: '{% data reusables.permissions.security-org-enable %}'
 product: '{% data reusables.gated-features.security-campaigns %}'
@@ -23,9 +23,9 @@ redirect_from:
 
 ## Tracking campaigns across your organization
 
-The tracking view provides an overview of data for all open and closed campaigns. It helps you understand the impact of the campaigns, track progress through campaigns and measure success towards achieving your organization's goals.
+The tracking view helps you quickly assess the health of your organization’s campaigns. You can use it to identify campaigns with a high number of open alerts, check whether work has started, and determine whether campaigns are on track to meet their due dates.
 
-To display the campaign tracking view, navigate to the **Security** tab for the organization, then in the left sidebar click **{% octicon "goal" aria-hidden="true" aria-label="goal" %} Campaigns**. {% ifversion security-campaigns-secrets %}To display campaigns for secrets, click the **Secrets** at at the top of the page.
+To display the campaign tracking view, navigate to the **Security** tab for the organization, then in the left sidebar click **{% octicon "goal" aria-hidden="true" aria-label="goal" %} Campaigns**. {% ifversion security-campaigns-secrets %}To display campaigns for secrets, click the **Secrets** tab at the top of the page.
 
 ![Screenshot of the security campaigns overview page. The "Secrets" campaign tab is outlined in orange.](/assets/images/help/security/security-campaigns-tracking-overview-2tabs.png)
 
@@ -42,6 +42,8 @@ The tracking view shows you a summary of "Open" and "Closed" campaigns, with the
 * **Fixed**: the alert has been resolved, either within or outside of the campaign workflow.
 * **Dismissed**: the alert was reviewed but intentionally not fixed; it has been dismissed.
 
+Review the proportion of alerts in each status to understand where action is needed. A high number of **Open** alerts may indicate that remediation has not yet started, while a low number of **In progress** alerts could signal that teams need additional guidance or prioritization.
+
 ## Tracking a single campaign
 
 You can similarly track how a single campaign is progressing by viewing the campaign's own tracking page.
@@ -50,13 +52,17 @@ To display the tracking page for a campaign, navigate to the "Campaigns" page, {
 
 ![Screenshot of campaign tracking view for "Testing Campaigns for CodeQL". The campaign progress is outlined in dark orange.](/assets/images/help/security/driver-sec-campaign-view.png)
 
-The tracking view shows you a summary of:
+The tracking view for a single campaign helps you evaluate whether remediation is progressing as expected and whether additional follow-up is required.
+
+The following indicators help you evaluate whether remediation is progressing as expected and whether additional follow-up is required.
 
 * **Campaign progress**: how many alerts are closed (fixed or dismissed), in progress, or still left to review.
 * **Status**: how the campaign is progressing towards its due date.
 * **{% data variables.copilot.copilot_autofix_short %}** (code campaigns only): number of alerts where {% data variables.copilot.copilot_autofix_short %} can generate a fix to resolve the alert.
 
-You can also explore the campaign repositories and alerts to see where teams are engaging in the campaign, and where teams might need some extra encouragement to take part.
+For example, if many alerts remain open as the due date approaches, you may need to follow up with repository owners or adjust the campaign timeline.
+
+You can also explore campaign repositories and alerts to identify which teams are actively addressing alerts and which may need follow-up.
 
 * **Repository details:** you can expand any repository to show the progress in alert remediation.
 * **Alert details:** you can set the "Group by" option to **None** to show a list of all alerts.

diff --git a/content/copilot/how-tos/copilot-cli/cli-best-practices.md b/content/copilot/how-tos/copilot-cli/cli-best-practices.md
@@ -484,6 +484,14 @@ To submit private feedback to {% data variables.product.github %} about {% data
 ## Hands-on practice
 Try the [Creating applications with {% data variables.copilot.copilot_cli_short %}](https://github.com/skills/create-applications-with-the-copilot-cli) Skills exercise for practical experience building an application with {% data variables.copilot.copilot_cli_short %}.
 
+Here is what you will learn:
+* Install {% data variables.copilot.copilot_cli_short %}
+* Use the issue template to create an issue
+* Generate a Node.js CLI calculator app
+* Expand calculator functionality
+* Write unit tests for calculator functions
+* Create, review, and merge your pull request
+
 ## Further reading
 
 * [AUTOTITLE](/copilot/concepts/agents/about-copilot-cli)

diff --git a/content/copilot/reference/cli-command-reference.md b/content/copilot/reference/cli-command-reference.md
@@ -52,6 +52,7 @@ contentType: reference
 | <kbd>Ctrl</kbd>+<kbd>B</kbd>        | Move to the previous character.              |
 | <kbd>Ctrl</kbd>+<kbd>E</kbd>        | Move to end of the line (when typing).       |
 | <kbd>Ctrl</kbd>+<kbd>F</kbd>        | Move to the next character.                  |
+| <kbd>Ctrl</kbd>+<kbd>G</kbd>        | Edit the prompt in an external editor.       |
 | <kbd>Ctrl</kbd>+<kbd>H</kbd>        | Delete the previous character.               |
 | <kbd>Ctrl</kbd>+<kbd>K</kbd>        | Delete from cursor to end of the line.       |
 | <kbd>Ctrl</kbd>+<kbd>U</kbd>        | Delete from cursor to beginning of the line. |

@@ -5,9 +5,6 @@ redirect_from:
   - /github/site-policy/github-acceptable-use-policies
 versions:
   fpt: '*'
-topics:
-  - Policy
-  - Legal
 ---
 
 **Short version:** _We host a wide variety of collaborative projects from all over the world, and that collaboration only works when our users are able to work together in good faith. While using the Service, you must comply with our Acceptable Use Policies, which include some restrictions on content and conduct on GitHub related to user safety, intellectual property, privacy, authenticity, and other limitations. In short, be excellent to each other._

@@ -3,9 +3,6 @@ title: GitHub Active Malware or Exploits
 shortTitle: Active Malware or Exploits
 versions:
   fpt: '*'
-topics:
-  - Policy
-  - Legal
 redirect_from:
   - /github/site-policy/github-active-malware-or-exploits
   - /github/site-policy/github-community-guidelines#active-malware-or-exploits

@@ -4,9 +4,6 @@ versions:
   fpt: '*'
 redirect_from:
   - /articles/github-appeal-and-reinstatement
-topics:
-  - Policy
-  - Legal
 ---
 ## Appeal and Reinstatement
 

@@ -3,9 +3,6 @@ title: GitHub Bullying and Harassment
 shortTitle: Bullying and Harassment
 versions:
   fpt: '*'
-topics:
-  - Policy
-  - Legal
 redirect_from:
   - /github/site-policy/github-bullying-and-harassment
   - /github/site-policy/github-community-guidelines#bullying-and-harassment

@@ -3,9 +3,6 @@ title: GitHub Child Sexual Exploitation or Abuse
 shortTitle: CSAM Policy
 versions:
   fpt: '*'
-topics:
-  - Policy
-  - Legal
 redirect_from:
   - /csam
   - /github/site-policy/github-child-exploitation-or-abuse

@@ -3,9 +3,6 @@ title: GitHub Disrupting the Experience of Other Users
 shortTitle: Disrupting the Experience of Other Users
 versions:
   fpt: '*'
-topics:
-  - Policy
-  - Legal
 redirect_from:
   - /github/site-policy/github-disrupting-the-experience-of-other-users
   - /github/site-policy/github-community-guidelines#disrupting-the-experience-of-other-users

@@ -3,9 +3,6 @@ title: GitHub Doxxing and Invasion of Privacy
 shortTitle: Doxxing and Invasion of Privacy
 versions:
   fpt: '*'
-topics:
-  - Policy
-  - Legal
 redirect_from:
   - /github/site-policy/github-doxxing-and-invasion-of-privacy
   - /github/site-policy/github-community-guidelines#doxxing-and-invasion-of-privacy

@@ -3,9 +3,6 @@ title: GitHub Hate Speech and Discrimination
 shortTitle: Hate Speech and Discrimination
 versions:
   fpt: '*'
-topics:
-  - Policy
-  - Legal
 redirect_from:
   - /github/site-policy/github-hate-speech-and-discrimination
   - /github/site-policy/github-community-guidelines#hate-speech-and-discrimination

@@ -3,9 +3,6 @@ title: GitHub Impersonation
 shortTitle: Impersonation
 versions:
   fpt: '*'
-topics:
-  - Policy
-  - Legal
 redirect_from:
   - /github/site-policy/github-impersonation
   - /github/site-policy/github-community-guidelines#impersonation

@@ -3,9 +3,6 @@ title: GitHub Misinformation and Disinformation
 shortTitle: Disinformation Policy
 versions:
   fpt: '*'
-topics:
-  - Policy
-  - Legal
 redirect_from:
   - /github/site-policy/github-misinformation-and-disinformation
   - /github/site-policy/github-community-guidelines#misinformation-and-disinformation

@@ -3,9 +3,6 @@ title: GitHub Non-Consensual Intimate Imagery
 shortTitle: NCII
 versions:
   fpt: '*'
-topics:
-  - Policy
-  - Legal
 redirect_from:
   - /ncii
   - /github/site-policy/github-ncii

@@ -3,9 +3,6 @@ title: GitHub Sexually Obscene Content
 shortTitle: Sexually Obscene Content
 versions:
   fpt: '*'
-topics:
-  - Policy
-  - Legal
 redirect_from:
   - /github/site-policy/github-sexually-obscene-content
   - /github/site-policy/github-community-guidelines#sexually-obscene-content

@@ -3,9 +3,6 @@ title: GitHub Synthetic Media and AI Tools
 shortTitle: Synthetic Media and AI Tools
 versions:
   fpt: '*'
-topics:
-  - Policy
-  - Legal
 redirect_from:
   - /ai-tools
   - /github/site-policy/github-synthetic-media-and-ai-tools

@@ -3,9 +3,6 @@ title: GitHub Terrorism and Violent Extremism
 shortTitle: Terrorism and Violent Extremism Content
 versions:
   fpt: '*'
-topics:
-  - Policy
-  - Legal
 redirect_from:
   - /tvec
   - /github/site-policy/github-terrorism-and-violent-extremism

@@ -3,9 +3,6 @@ title: GitHub Threats of Violence and Gratuitously Violent Content
 shortTitle: Threats of Violence and Gratuitously Violent Content
 versions:
   fpt: '*'
-topics:
-  - Policy
-  - Legal
 redirect_from:
   - /github/site-policy/github-threats-of-violence-and-gratuitously-violent-content
   - /github/site-policy/github-community-guidelines#threats-of-violence

@@ -2,9 +2,6 @@
 title: Acceptable Use Policies
 versions:
   fpt: '*'
-topics:
-  - Policy
-  - Legal
 children:
   - github-acceptable-use-policies
   - github-active-malware-or-exploits

@@ -9,9 +9,6 @@ redirect_from:
   - /github/site-policy/dmca-takedown-policy
 versions:
   fpt: '*'
-topics:
-  - Policy
-  - Legal
 ---
 
 Welcome to GitHub's Guide to the Digital Millennium Copyright Act, commonly known as the "DMCA." This page is not meant as a comprehensive primer to the statute. However, if you've received a DMCA takedown notice targeting content you've posted on GitHub or if you're a rights-holder looking to issue such a notice, this page will hopefully help to demystify the law a bit as well as our policies for complying with it.

@@ -6,9 +6,6 @@ redirect_from:
   - /github/site-policy/github-private-information-removal-policy
 versions:
   fpt: '*'
-topics:
-  - Policy
-  - Legal
 ---
 
 We offer this private information removal process as an exceptional service only for high-risk content that violates [GitHub's Terms of Service](/site-policy/acceptable-use-policies/github-acceptable-use-policies#3-conduct-restrictions), such as when your security is at risk from exposed access credentials. This guide describes the information GitHub needs from you in order to process a request to remove private information from a repository.

@@ -5,9 +5,6 @@ redirect_from:
   - /github/site-policy/github-trademark-policy
 versions:
   fpt: '*'
-topics:
-  - Policy
-  - Legal
 ---
 ## What is a GitHub Trademark Policy Violation?
 

@@ -7,9 +7,6 @@ redirect_from:
   - /github/site-policy/guide-to-submitting-a-dmca-counter-notice
 versions:
   fpt: '*'
-topics:
-  - Policy
-  - Legal
 ---
 
 This guide describes the information that GitHub needs in order to process a counter notice to a DMCA takedown request. If you have more general questions about what the DMCA is or how GitHub processes DMCA takedown requests, please review our [DMCA Takedown Policy](/site-policy/content-removal-policies/dmca-takedown-policy).