down4some1 · pull · Feb 13, 2026 · Feb 12, 2026 · Feb 12, 2026 · Feb 12, 2026
diff --git a/content/code-security/concepts/code-scanning/index.md b/content/code-security/concepts/code-scanning/index.md
@@ -18,5 +18,6 @@ children:
   - /setup-types
   - /about-integration-with-code-scanning
   - /sarif-files
+  - /merge-protection
   - /codeql
 ---
diff --git a/content/code-security/concepts/code-scanning/merge-protection.md b/content/code-security/concepts/code-scanning/merge-protection.md
@@ -0,0 +1,46 @@
+---
+title: Code scanning merge protection
+shortTitle: Merge protection
+intro: Code scanning rules prevent pull requests with potential vulnerabilities from being merged.
+topics:
+  - Code Security
+  - Code scanning
+product: 'Rulesets are available in public repositories with {% data variables.product.prodname_free_user %} and {% data variables.product.prodname_free_team %} for organizations, and in public and private repositories with {% data variables.product.prodname_pro %}, {% data variables.product.prodname_team %}, and {% data variables.product.prodname_ghe_cloud %}. {% data reusables.gated-features.more-info %}'
+permissions: 'Repository administrators and organization owners'
+versions:
+  fpt: '*'
+  ghes: '*'
+  ghec: '*'
+contentType: concepts
+---
+
+## Rulesets for {% data variables.product.prodname_code_scanning %} merge protection
+
+A ruleset is a named list of rules that control how people can interact with branches and tags in your repositories. You can add {% data variables.product.prodname_code_scanning %} rules to rulesets to prevent pull requests from being merged when any of the following conditions are met:
+
+{% data reusables.code-scanning.merge-protection-rulesets-conditions %}
+
+Typically, you should use {% data variables.product.prodname_code_scanning %} merge protection on long-lived feature branches, where you want to guarantee code has been analyzed before pull requests can be merged.
+
+Configuring a {% data variables.product.prodname_code_scanning %} rule will not automatically enable {% data variables.product.prodname_code_scanning %}. To learn how to enable code scanning, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning).
+
+> [!NOTE]
+> * Merge protection with rulesets is not related to status checks. For more information about status checks, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks).
+
+## Availability
+
+You can set {% data variables.product.prodname_code_scanning %} merge protection with rulesets:
+* At the repository level
+* At the organization level ({% data variables.product.prodname_enterprise %} plans only)
+
+## Exceptions and limitations
+
+Merge protection with rulesets will **not apply** to:
+* Merge queue groups
+* {% data variables.product.prodname_dependabot %} pull requests analyzed by default setup
+
+Additionally, all the lines of code identified by an alert must exist in the pull request diff. For more information, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#source-file-locations).
+
+## Next steps
+
+To configure a ruleset that requires {% data variables.product.prodname_code_scanning %} results, see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/set-code-scanning-merge-protection).
diff --git a/content/code-security/concepts/supply-chain-security/dependabot-job-logs.md b/content/code-security/concepts/supply-chain-security/dependabot-job-logs.md
@@ -0,0 +1,55 @@
+---
+title: Dependabot job logs
+intro: '{% data variables.product.github %} logs every update job run by {% data variables.product.prodname_dependabot %}, giving you visibility into version updates, security patches, and automated rebases across your dependencies.'
+shortTitle: Dependabot job logs
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '*'
+contentType: concepts
+topics:
+  - Dependabot
+  - Troubleshooting
+  - Dependencies
+  - Security updates
+---
+
+
+> [!NOTE]
+> Job logs are only available for repositories with {% data variables.product.prodname_dependabot_version_updates %} enabled.
+
+Whenever a {% data variables.product.prodname_dependabot %} job runs, the details of the job are captured in the job logs list, which is accessible from the dependency graph.
+
+## What job logs contain
+
+For each manifest file in your repository, {% data variables.product.prodname_dependabot %} maintains a list of recent job runs. Every log entry includes:
+
+* **Job type**: The kind of update {% data variables.product.prodname_dependabot %} performed (_version_ update, _security_ update, or _rebase_ update)
+* **Job ID**: A unique identifier for the run
+* **Timestamp**: When the job executed
+* **Associated pull requests**: Links to any pull requests created or updated by the job
+* **Error messages**: Brief diagnostic information when jobs fail
+
+If you need to troubleshoot further, you can click **view logs** to access the full log files for a specific run.
+
+## Job types
+
+You will see the following job types recorded in the log list:
+
+**Version update**: {% data variables.product.prodname_dependabot %} checked your manifest files for outdated dependencies and opened or updated pull requests to bring them current. These runs happen on the schedule defined in your `dependabot.yml` configuration file.
+
+**Security update**: {% data variables.product.prodname_dependabot %} detected a security vulnerability in one of your dependencies and opened a pull request to upgrade to a patched version. These updates happen automatically when {% data variables.product.github %} identifies new security advisories.
+
+**Rebase update**: {% data variables.product.prodname_dependabot %} automatically rebased an existing pull request to resolve a merge conflict with your target branch. This can apply to pull requests for either {% data variables.product.prodname_dependabot_version_updates %} or {% data variables.product.prodname_dependabot_security_updates %}.
+
+## Debugging with job logs
+
+Job logs give you two levels of detail for troubleshooting:
+
+**Log list entries** show a quick summary of each job, including short error messages that often point directly to the problem, like authentication failures, unreachable registries, or incompatible version constraints.
+
+**Full log files** provide complete output from the {% data variables.product.prodname_dependabot %} job, including every dependency checked, version resolution details, and the full stack trace for any errors. Access these when you need to investigate complex failures or understand exactly what {% data variables.product.prodname_dependabot %} attempted.
+
+## Next steps
+
+Now that you know what {% data variables.product.prodname_dependabot %} job logs are, you may want to find out how to access them. See [AUTOTITLE](/code-security/how-tos/view-and-interpret-data/viewing-dependabot-job-logs).
diff --git a/content/code-security/concepts/supply-chain-security/index.md b/content/code-security/concepts/supply-chain-security/index.md
@@ -21,6 +21,7 @@ children:
   - about-the-dependabot-yml-file
   - about-dependabot-auto-triage-rules
   - about-dependabot-on-github-actions-runners
+  - dependabot-job-logs
   - immutable-releases
   - linked-artifacts
 ---
diff --git a/...ge-code-scanning-alerts/enabling-delegated-alert-dismissal-for-code-scanning.md b/...ge-code-scanning-alerts/enabling-delegated-alert-dismissal-for-code-scanning.md
@@ -33,7 +33,7 @@ redirect_from:
 
 You must configure delegated dismissal for your organization using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your organization.
 
-1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration#creating-a-custom-security-configuration).
+{% data reusables.security-configurations.custom-security-configurations-org %}
 1. When creating the custom security configuration, under "{% data variables.product.prodname_code_scanning_caps %}", set "Prevent direct alert dismissals" to **Enabled**.
 1. Click **Save configuration**.
 1. Apply the security configuration to all (or selected) repositories in your organization. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration).
@@ -42,7 +42,7 @@ You must configure delegated dismissal for your organization using a custom secu
 
 You must configure delegated dismissal for your enterprise using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your enterprise.
 
-1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise).
+{% data reusables.security-configurations.custom-security-configurations-enterprise %}
 1. When creating the custom security configuration, under "{% data variables.product.prodname_code_scanning %}", ensure that the dropdown menu for "Prevent direct alert dismissals" is set to **Enabled**.
 1. Click **Save configuration**.
 1. Apply the security configuration to all (or selected) repositories in your enterprise. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise).

diff --git a/...ecret-scanning-alerts/enabling-delegated-alert-dismissal-for-secret-scanning.md b/...ecret-scanning-alerts/enabling-delegated-alert-dismissal-for-secret-scanning.md
@@ -32,7 +32,7 @@ redirect_from:
 
 You must configure delegated dismissal for your organization using a custom security configuration. You can then apply the security configuration to all (or selected) repositories in your organization.
 
-1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration#creating-a-custom-security-configuration).
+{% data reusables.security-configurations.custom-security-configurations-org %}
 1. When defining the custom security configuration, under "{% data variables.product.prodname_secret_scanning_caps %}", ensure that the dropdown menu for "Prevent direct alert dismissals" is set to **Enabled**.
 1. Click **Save configuration**.
 1. Apply the security configuration to all (or selected) repositories in your organization. See [AUTOTITLE](/code-security/securing-your-organization/enabling-security-features-in-your-organization/applying-a-custom-security-configuration).
@@ -47,7 +47,7 @@ To learn more about security configurations, see [AUTOTITLE](/code-security/secu
 
 ## Configuring delegated dismissal for an enterprise
 
-1. Create a new custom security configuration, or edit an existing one. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/creating-a-custom-security-configuration-for-your-enterprise).
+{% data reusables.security-configurations.custom-security-configurations-enterprise %}
 1. When defining the custom security configuration, under "{% data variables.product.prodname_secret_protection %}", ensure that the dropdown menu for "Prevent direct alert dismissals" is set to **Enabled**.
 1. Click **Save configuration**.
 1. Apply the security configuration to all (or selected) repositories in your enterprise. See [AUTOTITLE](/admin/managing-code-security/securing-your-enterprise/applying-a-custom-security-configuration-to-your-enterprise).

diff --git a/...vulnerabilities/manage-your-configuration/set-code-scanning-merge-protection.md b/...vulnerabilities/manage-your-configuration/set-code-scanning-merge-protection.md
@@ -1,7 +1,7 @@
 ---
 title: Set code scanning merge protection
 shortTitle: Set merge protection
-intro: You can use rulesets to set {% data variables.product.prodname_code_scanning %} merge protection for pull requests.
+intro: 'Secure your codebase by blocking pull requests that fail {% data variables.product.prodname_code_scanning %} checks.'
 permissions: '{% data reusables.permissions.security-org-enable %}'
 product: '{% data reusables.gated-features.code-scanning %}'
 versions:
@@ -16,27 +16,6 @@ redirect_from:
 contentType: how-tos
 ---
 
-## About using rulesets for {% data variables.product.prodname_code_scanning %} merge protection
-
-> [!NOTE]
-> * Merge protection with rulesets is not related to status checks. For more information about status checks, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks).
-> * Merge protection with rulesets will not apply to merge queue groups or {% data variables.product.prodname_dependabot %} pull requests analyzed by default setup.
-> * All the lines of code identified by an alert must exist in the pull request diff. For more information, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#source-file-locations).
-
-You can use rulesets to prevent pull requests from being merged when one of the following conditions is met:
-
-{% data reusables.code-scanning.merge-protection-rulesets-conditions %}
-
-Typically you should use rulesets target long-lived feature branches, where you would like to guarantee that code has been analyzed before pull requests can be merged.
-
-Configuring a {% data variables.product.prodname_code_scanning %} rule will not automatically enable {% data variables.product.prodname_code_scanning %}. For more information about how to enable code scanning, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning).
-
-For more information about {% data variables.product.prodname_code_scanning %} alerts, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts).
-
-You can set merge protection with rulesets at the repository {% ifversion ghec or ghes %}or organization levels{% else %}level{% endif %}, and for repositories configured with either default setup or advanced setup. You can also use the REST API to set merge protection with rulesets.
-
-For more information about rulesets, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets).
-
 ## Creating a merge protection ruleset for a repository
 
 {% data reusables.repositories.navigate-to-repo %}

diff --git a/...-for-vulnerabilities/scan-from-vs-code/exploring-data-flow-with-path-queries.md b/...-for-vulnerabilities/scan-from-vs-code/exploring-data-flow-with-path-queries.md
@@ -9,25 +9,21 @@ topics:
   - Code Security
   - Code scanning
   - CodeQL
-intro: You can run {% data variables.product.prodname_codeql %} queries in {% data variables.product.prodname_vscode %} to help you track the flow of data through a program, highlighting areas that are potential security vulnerabilities.
+intro: Detect potential vulnerabilities by running path queries and analyzing your data flow.
 redirect_from:
   - /code-security/codeql-for-vs-code/exploring-data-flow-with-path-queries
   - /code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/exploring-data-flow-with-path-queries
 contentType: how-tos
 ---
 
-## About path queries
+## Prerequisites
 
-A path query is a {% data variables.product.prodname_codeql %} query with the property `@kind path-problem`. You can find a number of these in the standard {% data variables.product.prodname_codeql %} libraries.
-
-You can run the standard {% data variables.product.prodname_codeql %} path queries to identify security vulnerabilities and manually look through the results. For more information about how {% data variables.product.prodname_codeql %} tracks data flow, see [About data flow analysis](https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/) in the {% data variables.product.prodname_codeql %} documentation.
-
-Once you're familiar with data flow analysis and existing queries, you can write your own path queries in {% data variables.product.prodname_codeql %}. For more information, see [Next steps](#next-steps).
+Before you can effectively use path queries, you should understand the basics of data flow analysis. See [About data flow analysis](https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/) in the {% data variables.product.prodname_codeql %} documentation.
 
 ## Running path queries in {% data variables.product.prodname_vscode_shortname %} locally
 
-1. Open a path query in {% data variables.product.prodname_vscode_shortname %}.
-1. Right-click in the window with the query open, and select **{% data variables.product.prodname_codeql %}: Run Query on Selected Database**. Alternatively, you can also run this from the {% data variables.product.prodname_vscode_command_palette_shortname %}.
+1. Open a path query in {% data variables.product.prodname_vscode_shortname %}. A path query is a {% data variables.product.prodname_codeql %} query with the property `@kind path-problem`.
+1. Right-click in the window with the query open, then select **{% data variables.product.prodname_codeql %}: Run Query on Selected Database**. Alternatively, you can also run this from the {% data variables.product.prodname_vscode_command_palette_shortname %}.
 1. Once the query has finished running, you can see the results in the "Results" view (under `alerts` in the dropdown menu). Each query result describes the flow of information between a source and a sink.
 1. Expand the result to see the individual steps that the data follows.
 1. Click each step to jump to it in the source code and investigate the problem further.
@@ -36,8 +32,8 @@ Once you're familiar with data flow analysis and existing queries, you can write
 
 {% ifversion codeql-vs-code-mrva %}
 
-When you are ready to run a path query at scale, you can use the "Variant Analysis Repositories" view to run the query against up to 1,000 repositories on {% data variables.product.prodname_dotcom_the_website %}. For more information, see [AUTOTITLE](/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries-at-scale-with-multi-repository-variant-analysis).
+You can use the "Variant Analysis Repositories" view to run a query against up to 1,000 repositories on {% data variables.product.prodname_dotcom_the_website %}. See [AUTOTITLE](/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/running-codeql-queries-at-scale-with-multi-repository-variant-analysis).
 
 {% endif %}
 
-For information about how to use the correct format and metadata for your own path queries, see [Creating path queries](https://codeql.github.com/docs/writing-codeql-queries/creating-path-queries/#creating-path-queries) in the {% data variables.product.prodname_codeql %} documentation. The {% data variables.product.prodname_codeql %} documentation also contains detailed information about how to define new sources and sinks, as well as templates and examples of how to extend the standard {% data variables.product.prodname_codeql %} libraries to suit your analysis.
+To start writing your own path queries, see [Creating path queries](https://codeql.github.com/docs/writing-codeql-queries/creating-path-queries/#creating-path-queries) in the {% data variables.product.prodname_codeql %} documentation.