From 3dbe4455bdc4a0a135b7376113a0a084e15f8de4 Mon Sep 17 00:00:00 2001
From: Felicity Chapman <felicitymay@github.com>
Date: Thu, 25 Apr 2024 12:37:48 +0100
Subject: [PATCH] Security overview changes for repository properties
 (cherry-picked) with additional filters and groupings (#49994)

Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
Co-authored-by: Sarita Iyer <66540150+saritai@users.noreply.github.com>
Co-authored-by: Kelly Arwine <kellyarwine@github.com>
---
 ...rity-features-for-multiple-repositories.md |   7 +-
 .../filtering-alerts-in-security-overview.md  | 275 ++++++++----------
 .../viewing-security-insights.md              |   4 +-
 .../security-overview-3-13-overview.yml       |   5 +
 .../security-overview-3-14-overview.yml       |   5 +
 ...ecurity-overview-repository-properties.yml |   5 +
 .../information-varies-GHAS.md                |   2 -
 7 files changed, 140 insertions(+), 163 deletions(-)
 create mode 100644 data/features/security-overview-3-13-overview.yml
 create mode 100644 data/features/security-overview-3-14-overview.yml
 create mode 100644 data/features/security-overview-repository-properties.yml

diff --git a/content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md b/content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md
index 4e88bfc68929..3e6f3d634ffe 100644
--- a/content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md
+++ b/content/code-security/security-overview/enabling-security-features-for-multiple-repositories.md
@@ -23,8 +23,9 @@ If you're a security manager, repository administrator, or organization owner, y
 You can use checkboxes to select which repositories you want to include, or use the search bar to narrow down to a specific subset of repositories, and enable or disable security features for that group. This is useful if you want to introduce a feature to your organization gradually over time, or if your organization requires a complex security setup where different features are enabled in different repositories. For example, if you are enabling a feature across a group of repositories, you may find the following filtering options helpful.
 
 - To exclude certain repositories from the selection, you can assign a topic such as `test` to these repositories, then exclude them from the results with a search like `-topic:test`. For more information, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics)."
-- If a team uses repositories that all require a certain feature, you can use the `team:` filter to search for repositories where a team has write or admin access.
-- If you're enabling {% data variables.product.prodname_code_scanning %}, you can see which repositories are eligible for default setup with the search `code-scanning-default-setup:eligible`. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale)."
+- If a team uses repositories that all require a certain feature, you can use the `team:` filter to search for repositories where a team has write access.{% ifversion code-scanning-without-workflow %}
+- If you're enabling {% data variables.product.prodname_code_scanning %}, you can see which repositories are eligible for default setup with the search `code-scanning-default-setup:eligible`. For more information, see "[AUTOTITLE](/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-at-scale)."{% endif %}{% ifversion security-overview-repository-properties %}
+- You can use custom repository properties to filter security overview to show results from specific groups of repositories. Custom properties are metadata that organization owners can add and set for repositories in an organization. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization)."{% endif %}
 
 For more information on filters you can use in different parts of security overview, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
 
@@ -35,7 +36,7 @@ For more information about the different ways of enabling security features in a
 {% data reusables.organizations.navigate-to-org %}
 {% data reusables.organizations.security-overview %}
 {% data reusables.security-overview.security-overview-coverage-view %}
-1. You can use the search bar to narrow down visible repositories in the "Security coverage" view based on name, or on the enablement status of security features.
+1. You can use the search bar to narrow down visible repositories in the "Security coverage" view based on filters such as repository name or enablement status of security features.
 1. In the list of repositories, select each repository you want to modify the enablement of security features for. To select all repositories on the page, click the checkbox next to **NUMBER Active**. To select all repositories that match the current search, click the checkbox next to **NUMBER Active** and then click **Select all NUMBER repos**.
 1. Click **Security settings** next to **NUMBER selected**.
 1. In the side panel, next to all the security features you want to enable or disable, select **Enable** or **Disable**.
diff --git a/content/code-security/security-overview/filtering-alerts-in-security-overview.md b/content/code-security/security-overview/filtering-alerts-in-security-overview.md
index 3730c97c2ccf..1578754c132c 100644
--- a/content/code-security/security-overview/filtering-alerts-in-security-overview.md
+++ b/content/code-security/security-overview/filtering-alerts-in-security-overview.md
@@ -21,230 +21,193 @@ redirect_from:
 
 ## About filtering security overview
 
-You can use filters in a security overview to narrow your focus based on a range of factors, like alert risk level, alert type, and feature enablement. Different filters are available depending on the specific view{% ifversion ghec or ghes %} and whether you are viewing data at the enterprise or organization level{% endif %}.
+You can use filters in a security overview to narrow your focus based on a range of factors, like alert risk level, alert type, and feature enablement. Different filters are available depending on the specific view, and whether you are viewing data at the enterprise or organization level.
 
-{% ifversion security-overview-displayed-alerts %}
 {% note %}
+
 {% data reusables.security-overview.information-varies-GHAS %}
+
 {% endnote %}
-{% endif %}
 
-## Filter by repository
+All security views have features to help you define filters. These provide an easy way to set up filters and understand the options available.
 
-Security overview supports free text search for repositories. With free text search, you can search for a keyword, and repositories with names containing that keyword will be displayed. For example, if you search for "test", your search results would include both "test-repository" and "octocat-testing".
+- **Interactive search text box.** When you click in the search box and press the keyboard "Space" key, a pop-up text box shows the filter options available in that view. You can use the mouse or keyboard arrow keys to select the options you want in the text box before pressing the keyboard "Return" key to add the filter. Supported for all views.
+- **Dropdown selectors and toggles.** Shown at the end of the "Search text box" or in the header of the data table. As you choose the data to view, the filters shown in the search text box are updated accordingly. Supported on the alert views.{% ifversion security-overview-3-13-overview %}
+- **Advanced filters dialog.** When you click the **{% octicon "filter" aria-label="Advanced filter dialog" %} Filter** button, you can use dropdown lists to select the "Qualifier", "Operator", and "Values" for each filter. Supported on the "Overview" and metric views.{% endif %}
 
-To perform an exact search for a single repository, use the `repo` qualifier. If you do not type the name of the repository exactly as it appears, the repository will not be found.
+## Repository name, visibility, and status filters
 
-| Qualifier | Description |
-| -------- | -------- |
-| `repo:REPOSITORY-NAME` | Displays data for the specified repository. |
+In all views, there are two methods for filtering results by repository name.
 
-{% ifversion security-overview-org-risk-coverage-enterprise %}
+- **Free text or keyword search.** Display data for all repositories with a name that contains the keyword. For example, search for `test` to show data for both the "test-repository" and "octocat-testing" repositories.
+- **`repo` qualifier.** Display data only for the repository that exactly matches the value of the qualifier. For example, search for `repo:octocat-testing` to show data for only the "octocat-testing" repository.
 
-## Filter by organization
+You can also filter by repository visibility (internal, private, or public) and archive status.
 
-In the enterprise-level views, you can filter the data by organization.
+| Qualifier | Description | Views |
+|--------|--------|------|{% ifversion security-overview-dashboard %}
+| `visibility` | Display data for all repositories that are `public`, `private`, or `internal`. | "Overview" and metrics{% endif %}
+| `is` | Display data for all repositories that are `public`, `private`, or `internal`. | "Risk" and "Coverage"
+| `archived` | Display only data for archived (`true`) or active (`false`) repositories. | All except "Alerts" views
 
-| Qualifier | Description |
-| -------- | -------- |
-| `org:ORGANIZATION-NAME` | Displays data for the specified organization. |
-
-{% endif %}
+## Team and topic filters
 
-## Filter by whether security features are enabled
-
-In the examples below, replace `:enabled` with `:not-enabled` to see repositories where security features are not enabled. These qualifiers are available in the "Security risk" and "Security coverage" views.
+These qualifiers are available in all views apart from the {% data variables.product.prodname_code_scanning %} alert view.
 
 | Qualifier | Description |
-| -------- | -------- |
-| `code-scanning:enabled` | Display repositories that have configured {% data variables.product.prodname_code_scanning %}. |
-| `dependabot:enabled` | Display repositories that have enabled {% data variables.product.prodname_dependabot_alerts %}. |
-| `secret-scanning:enabled` | Display repositories that have enabled {% data variables.secret-scanning.alerts %}. {% ifversion security-overview-org-risk-coverage %} |
-| `any-feature:enabled` | Display repositories where at least one security feature is enabled. |{% else %}
-| `not-enabled:any` | Display repositories with at least one security feature that is not enabled. |{% endif %}
+|--------|--------|
+| `team` | Display data for all repositories that the specified team has {% ifversion security-overview-team-write-access -%} write access or {% endif -%} admin access to. For more information on repository roles, see "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization)". |
+| `topic` | Display data for all repositories that are classified with a specific topic. For more information on repository topics, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics)." |
 
-{% ifversion security-overview-org-risk-coverage %}
-The organization-level "Security coverage" view includes extra filters.
+{% ifversion security-overview-repository-properties %}
 
-{% data reusables.security-overview.beta-org-risk-coverage %}
+## Custom repository property filters
 
-| Qualifier | Description |
-| -------- | -------- | {% ifversion ghec or ghes %}
-| `advanced-security:enabled` | Display repositories that have enabled {% data variables.product.prodname_GH_advanced_security %}. | {% endif %}
-| `code-scanning-pull-request-alerts:enabled`| Display repositories that have configured {% data variables.product.prodname_code_scanning %} to run on pull requests. |
-| `dependabot-security-updates:enabled` | Display repositories that have enabled {% data variables.product.prodname_dependabot_security_updates %}.  |
-| `secret-scanning-push-protection:enabled` | Display repositories that have enabled push protection for {% data variables.product.prodname_secret_scanning %}. |
-{% endif %}
-
-## Filter by repository type
+{% note %}
 
-All of these qualifiers are available in the "Security risk" and "Security coverage" views. {% ifversion security-overview-dashboard %}For the "Overview" dashboard (beta) view, only the `archived:` filter is available.{% endif %}
+**Note:** Repository properties are in public beta and subject to change.
 
-| Qualifier | Description |
-| -------- | -------- |
-{%- ifversion ghes or ghec %}
-| `is:public` | Display public repositories. |
-{%- endif %}
-| `is:internal` | Display internal repositories. |
-| `is:private` | Display private repositories. |
-| `archived:true` | Display archived repositories. |
-| `archived:false` | Omit archived repositories. |
+{% endnote %}
 
-{% ifversion security-overview-org-risk-coverage-enterprise %}{% else %}
+Custom repository properties are metadata that organization owners can add to repositories in an organization, providing a way to group repositories by the information you are interested in. For example, you can add custom repository properties for compliance frameworks or data sensitivity. For more information on adding custom repository properties, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization)."
 
-## Filter by level of risk for repositories
+If you add custom properties to your organization and set values for repositories, you can filter the "Overview" using those custom properties as qualifiers. These qualifiers are available in both the organization-level and enterprise-level views.
 
-The level of risk for a repository is determined by the number and severity of alerts from security features. If one or more security features are not enabled for a repository, the repository will have an unknown level of risk. If a repository has no risks that are detected by security features, the repository will have a clear level of risk.
+- **`props.CUSTOM_PROPERTY_NAME` qualifier.** The qualifier consists of a `props.` prefix, followed by the name of the custom property. For example, `props.data_sensitivity:high` displays results for repositories with the `data_sensitivity` property set to the value `high`. |
 
-{% ifversion security-overview-org-risk-coverage %}
-These qualifiers are available in the enterprise-level view.
 {% endif %}
 
-| Qualifier | Description |
-| -------- | -------- |
-| `risk:high` | Display repositories that are at high risk. |
-| `risk:medium` | Display repositories that are at medium risk. |
-| `risk:low` | Display repositories that are at low risk. |
-| `risk:unknown` | Display repositories that are at an unknown level of risk. |
-| `risk:clear` | Display repositories that have no detected level of risk. |
-{% endif %}
+{% ifversion security-overview-dashboard-enterprise %}
 
-## Filter by number of alerts
+## Organization name and type filters
 
-{% ifversion security-overview-org-risk-coverage %}
+In enterprise-level views, you can limit the data to repositories owned by a single organization in your enterprise or an {% data variables.product.prodname_emu %} (EMU) account. Alternatively, you can filter by account owner type.
 
-These qualifiers are available in the{% ifversion security-overview-org-risk-coverage-enterprise %}{% else %} enterprise-level "Overview" and in the organization-level{% endif %} "Security risk" view.
+| Qualifier | Description | Views |
+| -------- | -------- | ------ |
+| `owner` | Display data for all repositories owned by one account owner. | Most views
+| `owner-type` | Display data for all repositories owned by an organization or a user account in your enterprise. | "Risk", "Coverage" and {% data variables.secret-scanning.alerts %}
+| `org` | Display data for repositories owned by one organization. | {% data variables.product.prodname_code_scanning %} alerts and {% data variables.product.prodname_dependabot_alerts %}
 
-{% else %}
+{% elsif security-overview-org-risk-coverage-enterprise %}
 
-These qualifiers are available in the main summary views.
+In enterprise-level views, you can limit the data to repositories owned by a single organization in your enterprise. Use the `org` qualifier to display data for repositories owned by one organization.
 
 {% endif %}
 
+## Security feature enablement filters
+
+In the "Risk" and "Coverage" views, you can show data only for repositories where security features are enabled (`enabled`), or not enabled (`not-enabled`).
+
 | Qualifier | Description |
 | -------- | -------- |
-| `code-scanning-alerts:NUMBER` | Display repositories that have NUMBER {% data variables.product.prodname_code_scanning %} alerts. This qualifier can use `=`, `>` and `<` comparison operators. |
-| `secret-scanning-alerts:NUMBER` | Display repositories that have NUMBER {% data variables.secret-scanning.alerts %}. This qualifier can use `=`, `>` and `<` comparison operators. |
-| `dependabot-alerts:NUMBER` | Display repositories that have NUMBER {% data variables.product.prodname_dependabot_alerts %}. This qualifier can use `=`, `>` and `<` comparison operators. |
+| `code-scanning-alerts` | Display repositories that have configured {% data variables.product.prodname_code_scanning %}. |
+| `dependabot-alerts` | Display repositories that have enabled {% data variables.product.prodname_dependabot_alerts %}. |
+| `secret-scanning-alerts` | Display repositories that have enabled {% data variables.secret-scanning.alerts %}. |
+| `any-feature` | Display repositories where at least one security feature is enabled. |
 
-## Filter by team
+### Extra filters for the "Coverage" view
 
-These qualifiers are available in the main summary views{% ifversion security-overview-acv-filters %} and the alert-centric views for {% data variables.product.prodname_dependabot %}, {% data variables.product.prodname_code_scanning %}, and {% data variables.product.prodname_secret_scanning %}{% endif %}.
+{% data reusables.security-overview.beta-org-risk-coverage %}
 
 | Qualifier | Description |
 | -------- | -------- |
-| `team:TEAM-NAME` | Displays repositories that TEAM-NAME is assigned to with the {% ifversion security-overview-team-write-access -%} write or {% endif -%} admin role. For more information on repository roles, see "[AUTOTITLE](/organizations/managing-user-access-to-your-organizations-repositories/managing-repository-roles/repository-roles-for-an-organization)". |
+| `advanced-security` | Display data for repositories where {% data variables.product.prodname_GH_advanced_security %} is enabled or not enabled. |
+| `code-scanning-default-setup`| Display data for repositories where {% data variables.product.prodname_code_scanning %} is enabled or not enabled using {% data variables.product.prodname_codeql %} default setup. |
+| `code-scanning-pull-request-alerts`| Display data for repositories where {% data variables.product.prodname_code_scanning %} is enabled or not enabled to run on pull requests. |
+| `dependabot-security-updates` | Display data for repositories where {% data variables.product.prodname_dependabot_security_updates %} is enabled or not enabled.  |
+| `secret-scanning-push-protection` | Display data for repositories where push protection for {% data variables.product.prodname_secret_scanning %} is enabled or not enabled. |
+
+{% ifversion security-overview-org-risk-coverage-enterprise %}{% else %}
+
+## Repository risk-level filtering
+
+The level of risk for a repository is determined by the number and severity of alerts from security features. You can filter on the level of risk using the `risk` qualifier.
+
+- The level of risk can be one of `high`, `medium`, or `low`.
+- If one or more security features are not enabled for a repository, the repository has an `unknown` level of risk.
+- If all security features are enabled and no alerts are report, the repository has a `clear` level of risk.
 
-## Filter by topic
+{% endif %}
+
+## Alert number filters
 
-These qualifiers are available in the main summary views{% ifversion security-overview-acv-filters %} and the alert-centric views for {% data variables.product.prodname_dependabot %}, {% data variables.product.prodname_code_scanning %}, and {% data variables.product.prodname_secret_scanning %}{% endif %}.
+{% ifversion security-overview-org-risk-coverage-enterprise %}In the "Risk" view, you can filter repositories by the number of alerts they have of a specific type.{% else %}These qualifiers are available in the enterprise-level "Overview" and in the organization-level "Security risk" view.{% endif %}
 
 | Qualifier | Description |
 | -------- | -------- |
-| `topic:TOPIC-NAME` | Displays repositories that are classified with TOPIC-NAME. For more information on repository topics, see "[AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/classifying-your-repository-with-topics)." |
+| `code-scanning-alerts` | Display data for repositories that have exactly (`=`), more than (`>`) or fewer than (`<`) a specific number of {% data variables.product.prodname_code_scanning %} alerts. For example: `code-scanning-alerts:>100` for repositories with more than 100 alerts. |
+| `dependabot-alerts` | Display data for repositories that have a specific number (`=`), more than (`>`) or fewer than (`<`) a specific number of  {% data variables.product.prodname_dependabot_alerts %}. For example: `dependabot-alerts:<=10` for repositories with fewer than or equal to 10 alerts.|
+| `secret-scanning-alerts` | Display data for repositories that have a specific number (`=`), more than (`>`) or fewer than (`<`) a specific number of  {% data variables.secret-scanning.alerts %}. For example: `secret-scanning-alerts:=10` for repositories with exactly 10 alerts.|
 
 {% ifversion security-overview-dashboard %}
 
-## Additional filters for security overview dashboard (beta)
+## Alert type and property filters
+
+You can filter the "Overview" view by the type{% ifversion security-overview-3-14-overview %} and property{% endif %} of alerts. Use the `tool` qualifier to display only data for alerts generated by a specific tool{% ifversion security-overview-3-14-overview %} or type of tool{% endif %}.
+
+- `tool:codeql` to show data only for {% data variables.product.prodname_code_scanning %} alerts generated using {% data variables.product.prodname_codeql%}.
+- `tool:dependabot` to show data only for {% data variables.product.prodname_dependabot_alerts %}.
+- `tool:secret-scanning` to show data only for {% data variables.secret-scanning.alerts %}.{% ifversion security-overview-3-14-overview %}
+- `tool:github` or `tool:third-party` to show data for all types of alerts generated by {% data variables.product.prodname_dotcom %} tools or by third-party tools.
+- `tool:TOOL-NAME` to show data for all alerts generated by a third-party tool for {% data variables.product.prodname_code_scanning %}.{% endif %}
+
+{% ifversion security-overview-3-14-overview %}
 
-You can filter the "Overview" dashboard (beta) to narrow the scope of the metrics shown, so that you can view trends for specific repository or alert types. For more information on the overview dashboard, see "[AUTOTITLE](/code-security/security-overview/viewing-security-insights)."
+You can also filter the "Overview" view by properties of alerts.
 
 | Qualifier | Description |
 | -------- | -------- |
-|`visibility:public`|Displays metrics only for public repositories.|
-|`visibility:internal`|Displays metrics only for internal repositories.|
-|`visibility:private`|Displays metrics only for private repositories.|
-|`tool:codeql`|Displays metrics for {% data variables.product.prodname_code_scanning %} alerts generated using {% data variables.product.prodname_codeql %} analysis.|
-|`tool:dependabot`|Displays metrics for {% data variables.product.prodname_dependabot_alerts %}.|
-|`tool:secret-scanning`|Displays metrics for {% data variables.product.prodname_secret_scanning %} alerts.|{% ifversion security-overview-additional-tools %}
-|`tool:github`|Displays metrics for alerts from the three core tools: {% data variables.product.prodname_secret_scanning %}, {% data variables.product.prodname_dependabot %}, {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}.|
-|`tool:THIRD-PARTY-TOOL-NAME`|Displays metrics for alerts generated by the specified third-party tool.|
-|`tool:third-party`|Displays metrics for all alerts generated by any third-party tools.|{% endif %}
+| `codeql.rule` | Display data only for {% data variables.product.prodname_code_scanning %} identified by a specific rule for {% data variables.product.prodname_codeql %}.
+| `dependabot.ecosystem` | Display data only for {% data variables.product.prodname_dependabot_alerts %} for a specific ecosystem, for example: `npm`.
+| `dependabot.package` | Display data only for {% data variables.product.prodname_dependabot_alerts %} for a specific package, for example: `tensorflow`.
+| `dependabot.scope` | Display data only for {% data variables.product.prodname_dependabot_alerts %} with a `runtime` or `development` scope.
+| `secret-scanning.bypassed` | Display data only for {% data variables.secret-scanning.alerts %} where push protection was bypassed (`true`) or not bypassed (`false`).
+| `secret-scanning.provider` | Display data only for {% data variables.secret-scanning.alerts %} issued by a specific provider, for example: `secret-scanning.provider:adafruit`.
+| `secret-scanning.secret-type` | Display data only for {% data variables.secret-scanning.alerts %} for a specific type of secret, for example: `secret-scanning.secret-type:adafruit_io_key`.
+| `secret-scanning.validity` | Display data only for {% data variables.secret-scanning.alerts %} for a specific validity (`active`, `inactive`, or `unknown`).
+| `severity` | Display data only for alerts of a specific severity (`critical`, `high`, `medium`, or `low`).
+| `third-party.rule`| Display data only for {% data variables.product.prodname_code_scanning %} identified by a specific rule for a tool developed by a third party. For example, `third-party.rule:CVE-2021-26291-maven-artifact` shows only results for the `CVE-2021-26291-maven-artifact` rule of a third-party {% data variables.product.prodname_code_scanning %} tool.
 
 {% endif %}
 
-{% ifversion security-overview-dependabot-acv %}
+{% endif %}
 
-## Additional filters for {% data variables.product.prodname_dependabot %} alert views
+## {% data variables.product.prodname_dependabot %} alert view filters
 
 You can filter the view to show {% data variables.product.prodname_dependabot_alerts %} that are ready to fix or where additional information about exposure is available. You can click any result to see full details of the alert.
 
 | Qualifier | Description |
 | -------- | -------- |
-{% ifversion dependabot-alerts-vulnerable-calls or ghes -%}
-|`has:patch`|Displays {% data variables.product.prodname_dependabot_alerts %} for vulnerabilities where a secure version is already available.|
-|`has:vulnerable-calls`|Displays {% data variables.product.prodname_dependabot_alerts %} where at least one call from the repository to a vulnerable function is detected. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts#about-the-detection-of-calls-to-vulnerable-functions)."|
-{% endif -%}
-|`ecosystem:ECOSYSTEM-NAME`|Displays {% data variables.product.prodname_dependabot_alerts %} detected in the specified ecosystem.|
-|`is:open`|Displays open {% data variables.product.prodname_dependabot_alerts %}.|
-|`is:closed`|Displays closed {% data variables.product.prodname_dependabot_alerts %}.|
-|`package:PACKAGE-NAME`|Displays {% data variables.product.prodname_dependabot_alerts %} detected in the specified package.|
-{% ifversion security-overview-alert-views -%}
-|`resolution:auto-dismissed`|Displays {% data variables.product.prodname_dependabot_alerts %} closed as "auto-dismissed."|
-|`resolution:fix-started`|Displays {% data variables.product.prodname_dependabot_alerts %} closed as "a fix has already been started."|
-|`resolution:fixed`|Displays {% data variables.product.prodname_dependabot_alerts %} closed as "fixed."|
-|`resolution:inaccurate`|Displays {% data variables.product.prodname_dependabot_alerts %} closed as "this alert is inaccurate or incorrect."|
-|`resolution:no-bandwidth`|Displays {% data variables.product.prodname_dependabot_alerts %} closed as "no bandwidth to fix this."|
-|`resolution:not-used`|Displays {% data variables.product.prodname_dependabot_alerts %} closed as "vulnerable code is not actually used."|
-|`resolution:tolerable-risk`|Displays {% data variables.product.prodname_dependabot_alerts %} closed as "risk is tolerable to this project."|
-|`scope:development`|Displays {% data variables.product.prodname_dependabot_alerts %} from the development dependency.|
-|`scope:runtime`|Displays {% data variables.product.prodname_dependabot_alerts %} from the runtime dependency.|
-{% endif -%}
-|`sort:manifest-path`|Displays {% data variables.product.prodname_dependabot_alerts %} grouped by the manifest file path the alerts point to.|
-|`sort:most-important`|Displays {% data variables.product.prodname_dependabot_alerts %} from most important to least important, as determined by CVSS score, vulnerability impact, relevancy, and actionability.|
-|`sort:newest`|Displays {% data variables.product.prodname_dependabot_alerts %} from newest to oldest.|
-|`sort:oldest`|Displays {% data variables.product.prodname_dependabot_alerts %} from oldest to newest.|
-|`sort:package-name`|Displays {% data variables.product.prodname_dependabot_alerts %} grouped by the package in which the alert was detected.|
-|`sort:severity`|Displays {% data variables.product.prodname_dependabot_alerts %} from most to least severe.
-{% endif %}
-
-{% ifversion security-overview-alert-views %}
+|`ecosystem`|Display {% data variables.product.prodname_dependabot_alerts %} detected in a specified ecosystem, for example: `ecosystem:Maven`.|
+|`has`| Display {% data variables.product.prodname_dependabot_alerts %} for vulnerabilities where either a secure version is already available (`patch`) or where at least one call from the repository to a vulnerable function is detected (`vulnerable-calls`). For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts#about-the-detection-of-calls-to-vulnerable-functions)."|
+|`is`|Display {% data variables.product.prodname_dependabot_alerts %} that are open (`open`) or closed (`closed`).|
+|`package`|Display {% data variables.product.prodname_dependabot_alerts %} detected in the specified package, for example: `package:semver`.|
+|`resolution`| Display {% data variables.product.prodname_dependabot_alerts %} closed as "auto-dismissed" (`auto-dismissed`), "a fix has already been started" (`fix-started`), "fixed" (`fixed`), "this alert is inaccurate or incorrect" (`inaccurate`), "no bandwidth to fix this" (`no-bandwidth`), "vulnerable code is not actually used" (`not-used`), or "risk is tolerable to this project" (`tolerable-risk`).|
+|`scope`|Display {% data variables.product.prodname_dependabot_alerts %} from the development dependency (`development`) or from the runtime dependency (`runtime`).|
+|`sort`| Groups {% data variables.product.prodname_dependabot_alerts %} by the manifest file path the alerts point to (`manifest-path`) or by the name of the package where the alert was detected (`package-name`). Alternatively, displays alerts from most important to least important, as determined by CVSS score, vulnerability impact, relevancy, and actionability (`most-important`), from newest to oldest (`newest`), from oldest to newest (`oldest`), or from most to least severe (`severity`).
 
-## Additional filters for {% data variables.product.prodname_code_scanning %} alert views
+## {% data variables.product.prodname_code_scanning_caps %} alert view filters
 
 All {% data variables.product.prodname_code_scanning %} alerts have one of the categories shown below. You can click any result to see full details of the relevant query and the line of code that triggered the alert.
 
 | Qualifier | Description |
 | -------- | -------- |
-|`is:open`|Displays open {% data variables.product.prodname_code_scanning %} alerts.|
-|`is:closed`|Displays closed {% data variables.product.prodname_code_scanning %} alerts.|
-|`resolution:false-positive`|Displays {% data variables.product.prodname_code_scanning %} alerts closed as "false positive."|
-|`resolution:fixed`|Displays {% data variables.product.prodname_code_scanning %} alerts closed as "fixed."|
-|`resolution:used-in-tests`|Displays {% data variables.product.prodname_code_scanning %} alerts closed as "used in tests."|
-|`resolution:wont-fix`|Displays {% data variables.product.prodname_code_scanning %} alerts closed as "won't fix."|
-|`rule:RULE-NAME`|Displays {% data variables.product.prodname_code_scanning %} alerts opened for the specified rule.|
-|`severity:critical`|Displays {% data variables.product.prodname_code_scanning %} alerts categorized as critical.|
-|`severity:high`|Displays {% data variables.product.prodname_code_scanning %} alerts categorized as high.|
-|`severity:medium`|Displays {% data variables.product.prodname_code_scanning %} alerts categorized as medium.|
-|`severity:low`|Displays {% data variables.product.prodname_code_scanning %} alerts categorized as low.|
-|`severity:error`|Displays {% data variables.product.prodname_code_scanning %} alerts categorized as errors.|
-|`severity:warning`|Displays {% data variables.product.prodname_code_scanning %} alerts categorized as warnings.|
-|`severity:note`|Displays {% data variables.product.prodname_code_scanning %} alerts categorized as notes.|
-|`sort:created-desc`|Displays {% data variables.product.prodname_code_scanning %} alerts from newest to oldest.|
-|`sort:created-asc`|Displays {% data variables.product.prodname_code_scanning %} alerts from oldest to newest.|
-|`sort:updated-desc`|Displays {% data variables.product.prodname_code_scanning %} alerts from most recently updated to least recently updated.|
-|`sort:updated-asc`|Displays {% data variables.product.prodname_code_scanning %} alerts from least recently updated to most recently updated.|
-|`tool:TOOL-NAME`|Displays {% data variables.product.prodname_code_scanning %} alerts detected by the specified tool.|
-
-## Additional filters for {% data variables.product.prodname_secret_scanning %} alert views
+|`is`|Display {% data variables.product.prodname_code_scanning %} alerts that are open (`open`) or closed (`closed`).|
+|`resolution`| Display {% data variables.product.prodname_code_scanning %} alerts closed as "false positive" (`false-postive`), "fixed" (`fixed`), "used in tests" (`used-in-tests`), or "won't fix" (`wont-fix`).|
+|`rule`|Display {% data variables.product.prodname_code_scanning %} alerts identified by the specified rule.|
+|`severity`|Display {% data variables.product.prodname_code_scanning %} alerts categorized as `critical`, `high`, `medium`, or `low` security alerts. Alternatively, displays {% data variables.product.prodname_code_scanning %} alerts categorized as `error`, `warning`, `note` problems.|
+|`sort`| Display alerts from newest to oldest (`created-desc`), oldest to newest (`created-asc`), most recently updated (`updated-desc`), or least recently updated (`updated-asc`).
+|`tool`|Display {% data variables.product.prodname_code_scanning %} alerts detected by the specified tool, for example: `tool:CodeQL` for alerts created using the {% data variables.product.prodname_codeql %} application in {% data variables.product.prodname_dotcom %}.|
+
+## {% data variables.product.prodname_secret_scanning_caps %} alert view filters
 
 | Qualifier | Description |
 | -------- | -------- |
-|`provider:PROVIDER-NAME` | Displays alerts for all secrets issues by the specified provider.  |
-| `secret-type:PROVIDER-PATTERN` | Displays alerts for the specified secret and provider. |
-| `secret-type:CUSTOM-PATTERN` | Displays alerts for secrets matching the specified custom pattern.  |
-|`is:open`|Displays open {% data variables.secret-scanning.alerts %}.|
-|`is:closed`|Displays closed {% data variables.secret-scanning.alerts %}.|
-|`resolution:false-positive`|Displays {% data variables.secret-scanning.alerts %} closed as "false positive."|
-|`resolution:pattern-deleted`|Displays {% data variables.secret-scanning.alerts %} closed as "pattern deleted."|
-|`resolution:pattern-edited`|Displays {% data variables.secret-scanning.alerts %} closed as "pattern edited."|
-|`resolution:revoked`|Displays {% data variables.secret-scanning.alerts %} closed as "revoked."|
-|`resolution:used-in-tests`|Displays {% data variables.secret-scanning.alerts %} closed as "used in tests."|
-|`resolution:wont-fix`|Displays {% data variables.secret-scanning.alerts %} closed as "won't fix."|
-|`sort:created-desc`|Displays {% data variables.secret-scanning.alerts %} from newest to oldest.|
-|`sort:created-asc`|Displays {% data variables.secret-scanning.alerts %} from oldest to newest.|
-|`sort:updated-desc`|Displays {% data variables.secret-scanning.alerts %} from most recently updated to least recently updated.|
-|`sort:updated-asc`|Displays {% data variables.secret-scanning.alerts %} from least recently updated to most recently updated.|
-
-For more information, see "[AUTOTITLE](/code-security/secret-scanning/secret-scanning-patterns)."
-{% endif %}
+|`bypassed` | Display {% data variables.secret-scanning.alerts %} where push protection was bypassed (`true`) or not bypassed (`false`).
+|`confidence`|Display {% data variables.secret-scanning.alerts %} of high (`high`) or other (`other`) confidence.|
+|`is`|Display {% data variables.secret-scanning.alerts %} that are open (`open`) or closed (`closed`).|
+|`provider` | Display alerts for all secrets issued by a specified provider, for example: `adafruit`.  |
+|`resolution`| Display {% data variables.secret-scanning.alerts %} closed as "false positive" (`false-postive`), "pattern deleted" (`pattern-deleted`), "pattern edited' (`pattern-edited`), "revoked" (`revoked`) "used in tests" (`used-in-tests`), or "won't fix" (`wont-fix`).|
+|`sort`| Display alerts from newest to oldest (`created-desc`), oldest to newest (`created-asc`), most recently updated (`updated-desc`), or least recently updated (`updated-asc`).|
+|`secret-type` | Display alerts for the specified secret and provider (`provider-pattern`) or custom pattern (`custom-pattern`). |
diff --git a/content/code-security/security-overview/viewing-security-insights.md b/content/code-security/security-overview/viewing-security-insights.md
index 96911593fa34..95f842c24e19 100644
--- a/content/code-security/security-overview/viewing-security-insights.md
+++ b/content/code-security/security-overview/viewing-security-insights.md
@@ -35,7 +35,7 @@ You can view a variety of metrics about the security alerts in your organization
 
 You can filter the overview dashboard by selecting a specific time period, and apply additional filters to focus on narrower areas of interest. All data and metrics across the dashboard will change as you apply filters. {% ifversion security-overview-additional-tools %}By default, the dashboard displays all alerts from {% data variables.product.prodname_dotcom %} tools, but you can use the tool filter to show alerts from a specific tool ({% data variables.product.prodname_secret_scanning %}, {% data variables.product.prodname_dependabot %}, {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, a specific third-party tool) or all third-party {% data variables.product.prodname_code_scanning %} tools. This feature is in beta, and is subject to change.{% endif %} For more information, see "[AUTOTITLE](/code-security/security-overview/filtering-alerts-in-security-overview)."
 
-Enterprise members can access the overview page for organizations in their enterprise. The metrics you see will depend on your role and repository permissions. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview#permission-to-view-data-in-security-overview)."
+{% ifversion security-overview-dashboard-enterprise %}Enterprise members can access the overview page for organizations in their enterprise. {% endif %}The metrics you see will depend on your role and repository permissions. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview#permission-to-view-data-in-security-overview)."
 
 ### Limitations
 
@@ -83,7 +83,7 @@ Some metrics in the security overview dashboard include a trend indicator, which
 
 ### Alert trends graph
 
-The alert trends graph shows the change in the number of alerts in your organization{% ifversion security-overview-dashboard-enterprise %} or enterprise{% endif %} over the time period you have chosen. Alerts are grouped by severity. You can toggle the graph between open and closed alerts.
+The alert trends graph shows the change in the number of alerts in your organization{% ifversion security-overview-dashboard-enterprise %} or enterprise{% endif %} over the time period you have chosen. {% ifversion security-overview-3-13-overview %}By default, alerts{% else %}Alerts{% endif %} are grouped by severity. You can toggle the graph between open and closed alerts{% ifversion security-overview-3-13-overview %} and change the way alerts are grouped{% endif %}.
 
 Open alerts include both newly created and existing open security alerts. New alerts are represented on their creation date, while alerts that existed before the chosen time period are represented at the start of the period. Once an alert is remediated or dismissed, it is not included in the graph. Instead, the alert will move to the closed alerts graph.
 
diff --git a/data/features/security-overview-3-13-overview.yml b/data/features/security-overview-3-13-overview.yml
new file mode 100644
index 000000000000..52e3ac12e08d
--- /dev/null
+++ b/data/features/security-overview-3-13-overview.yml
@@ -0,0 +1,5 @@
+# Reference: #10332 and #13509
+# Documentation for the addition of additional groupings and filters to the Overview page in the Security tab.
+versions:
+  ghes: '>3.12'
+  ghec: '*'
diff --git a/data/features/security-overview-3-14-overview.yml b/data/features/security-overview-3-14-overview.yml
new file mode 100644
index 000000000000..767317a8e2d5
--- /dev/null
+++ b/data/features/security-overview-3-14-overview.yml
@@ -0,0 +1,5 @@
+# Reference: #14180
+# Documentation for the addition of tool filters to the Overview page in the Security tab.
+versions:
+  ghes: '>3.13'
+  ghec: '*'
diff --git a/data/features/security-overview-repository-properties.yml b/data/features/security-overview-repository-properties.yml
new file mode 100644
index 000000000000..694db6f6d308
--- /dev/null
+++ b/data/features/security-overview-repository-properties.yml
@@ -0,0 +1,5 @@
+# Reference: Issue #10332 - Repository properties integration with security overview
+
+versions:
+  ghec: '*'
+  ghes: '>=3.13'
diff --git a/data/reusables/security-overview/information-varies-GHAS.md b/data/reusables/security-overview/information-varies-GHAS.md
index 3b3d3e83c310..28a17ce878c2 100644
--- a/data/reusables/security-overview/information-varies-GHAS.md
+++ b/data/reusables/security-overview/information-varies-GHAS.md
@@ -1,3 +1 @@
-{% ifversion security-overview-displayed-alerts %}
 The information shown by security overview varies according to your access to repositories{% ifversion security-overview-org-risk-coverage-enterprise %} and organizations{% endif %}, and according to whether {% data variables.product.prodname_GH_advanced_security %} is used by those repositories {% ifversion security-overview-org-risk-coverage-enterprise %} and organizations{% endif %}. For more information, see "[AUTOTITLE](/code-security/security-overview/about-security-overview#permission-to-view-data-in-security-overview)."
-{% endif %}