GHAS adoption & onboarding (github#21502)

* new article scaffolding

* Add scaffolding

* Migrate content for overview article

* Add placeholder notes and migrate over some more content

* First draft of updates to existing docs

* Add H2 headers to the article

* Draft of phase 0 content

* Update phase 0 with more drafting

* Fix subheaders and table formatting

* Add unedited and slightly tweaked source material

* Current draft of reworked content

* Refactor everything

* Add best practices and some partnership details

* Touch-ups

* Touch up intro and create a phased approaches reusable

* Fix the intro

* Move reusable

* Add image for GHES versions

* Fix links

* Add HTML note around links that need to be versioned for GHEC once the GHEC version releases

* Fix reusable

* Tidy up session

* Versioning around the links

* migrate this content to another PR for easier reviewing

* Add HTML note about versioning for GHEC

* Revamp intro

* Add product variables

* Less is more in the intro

* Fix the beginning

* Copy-edits for first half

* Add Markdown-friendly bullet points

* unclear shift direction

* Distinguish the rollout team roles

* More active language & cut the note

* Maybe too wordy

* Edit facts section

* Update the article path to fix tests

* Add product variables for professional services

* Another revision

* More tidying

* Fix spacing

* Apply suggestions from code review

Co-authored-by: Felicity Chapman <[email protected]>

* Apply suggestions from code review

Co-authored-by: Felicity Chapman <[email protected]>

* Apply @felicitymay's input

* Apply suggestions from code review

Co-authored-by: Rachael Sewell <[email protected]>

* Fix link test by adding HTML note around GHEC only article for now

* Apply @felicitymay's stellar input 🌠

Co-authored-by: Felicity Chapman <[email protected]>

* Apply suggestions from code review

* Apply suggestions from code review

* GitHub Advanced Security "Deploying" guide (github#22114)

* Add draft content

* Add gated features reusable

* Revise draft

* Revamp steps of phase 0

* Replace goals section with intro text

* More revising

* Standardize headers with sentence case & remove overview subheader

* Phase 0 streamlined

* Fix intro and GHAS Guidebook reference

* Fix reusable

* Phase 1 💖

* Phase 2 tightened

* Standardize on subheaders

* Update phase 3

* Add product variable

* Fix some links to fix the tests

* Apply @felicitymay's stellar input 🌠

Co-authored-by: Felicity Chapman <[email protected]>

* Apply Felicity's input

* Use more GHAS to ease the reading load

* Update resusable

* Replacing  "organization"

* Add dependency review verisoning

Co-authored-by: “jmarlena” <“[email protected]”>
Co-authored-by: Felicity Chapman <[email protected]>

* Remove draft notes for appendix links

* Fix subheader

* Deploying before enabling GHAS

* Replace organization

* Fix variables

* Add GHEC & GHES versioning

* not sure why this space is a commit

* Apply suggestions from code review

Co-authored-by: Felicity Chapman <[email protected]>

* Remove ghec versioning we don't need

* Add repo reference

* Remove versioning note ftw

* Apply suggestions from code review

Co-authored-by: Ethan Palm <[email protected]>

* Markdown, I love you

Co-authored-by: Megan Christudas <[email protected]>
Co-authored-by: jmarlena <[email protected]>
Co-authored-by: “jmarlena” <“[email protected]”>
Co-authored-by: jmarlena <[email protected]>
Co-authored-by: Felicity Chapman <[email protected]>
Co-authored-by: Rachael Sewell <[email protected]>
Co-authored-by: Ethan Palm <[email protected]>

Author: 7 people

assets/images/enterprise/3.0/security/advanced-security-phased-approach-diagram.png

@@ -24,6 +24,8 @@ When you enable {% data variables.product.prodname_GH_advanced_security %} for y
 When you enable {% data variables.product.prodname_GH_advanced_security %} for your enterprise, repository administrators in all organizations can enable the features. {% ifversion ghes = 3.0 %}For more information, see "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)" and "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)."{% endif %}
 {% endif %}
 
+For guidance on a phased deployment of GitHub Advanced Security, see "[Deploying GitHub Advanced Security in your enterprise](/admin/advanced-security/deploying-github-advanced-security-in-your-enterprise)."
+
 ## Prerequisites for enabling {% data variables.product.prodname_GH_advanced_security %}
 
 1. Upgrade your license for {% data variables.product.product_name %} to include {% data variables.product.prodname_GH_advanced_security %}.{% ifversion ghes > 3.0 %} For information about licensing, see "[About billing for {% data variables.product.prodname_GH_advanced_security %}](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)."{% endif %}

assets/images/enterprise/3.1/advanced-security-phased-approach-diagram.png

@@ -8,12 +8,14 @@ redirect_from:
   - /admin/configuration/configuring-advanced-security-features
 versions:
   ghes: '*'
+  ghec: '*'
 topics:
   - Enterprise
 children:
   - /enabling-github-advanced-security-for-your-enterprise
   - /configuring-code-scanning-for-your-appliance
   - /configuring-secret-scanning-for-your-appliance
   - /viewing-your-github-advanced-security-usage
+  - /overview-of-github-advanced-security-deployment
+  - /deploying-github-advanced-security-in-your-enterprise
 ---
-

assets/images/enterprise/security/advanced-security-phased-approach-diagram.png

@@ -30,12 +30,12 @@ redirect_from:
 
 {% data reusables.code-scanning.about-code-scanning %} For information, see "[About {% data variables.product.prodname_code_scanning %} with {% data variables.product.prodname_codeql %}](/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning-with-codeql)."
 
-You can run {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} within {% data variables.product.product_name %} using {% data variables.product.prodname_actions %}. Alternatively, if you use a third-party continuous integration or continuous delivery/deployment (CI/CD) system, you can run {% data variables.product.prodname_codeql %} analysis in your existing system and upload the results to {% data variables.product.product_location %}.
+{% data reusables.code-scanning.codeql-context-for-actions-and-third-party-tools %}
 
 {% ifversion fpt or ghes > 3.1 or ghae-next or ghec %}
 <!--Content for GitHub.com, GHAE next, and GHES 3.2 and onward. CodeQL CLI is the preferred method, and CodeQL runner is deprecated. -->
 
-You add the {% data variables.product.prodname_codeql_cli %} to your third-party system, then call the tool to analyze code and upload the SARIF results to {% data variables.product.product_name %}. The resulting {% data variables.product.prodname_code_scanning %} alerts are shown alongside any alerts generated within {% data variables.product.product_name %}.
+{% data reusables.code-scanning.codeql-cli-context-for-third-party-tools %}
 
 {% data reusables.code-scanning.upload-sarif-ghas %}
 

content/admin/advanced-security/deploying-github-advanced-security-in-your-enterprise.md

@@ -34,6 +34,16 @@ A {% data variables.product.prodname_GH_advanced_security %} license provides th
 
 For information about {% data variables.product.prodname_advanced_security %} features that are in development, see "[{% data variables.product.prodname_dotcom %} public roadmap](https://github.com/github/roadmap)." For an overview of all security features, see "[{% data variables.product.prodname_dotcom %} security features](/code-security/getting-started/github-security-features)."
 
+{% ifversion ghes > 2.22 or ghec %}
+
+## Deploying GitHub Advanced Security in your enterprise
+
+To learn about what you need to know to plan your {% data variables.product.prodname_GH_advanced_security %} deployment at a high level, see "[Overview of {% data variables.product.prodname_GH_advanced_security %}](/admin/advanced-security/overview-of-github-advanced-security-deployment)."
+
+To review the rollout phases we recommended in more detail, see "[Deploying {% data variables.product.prodname_GH_advanced_security %} in your enterprise](/admin/advanced-security/deploying-github-advanced-security-in-your-enterprise)."
+
+{% endif %}
+
 {% ifversion ghes > 2.22 or ghae %}
 ## Enabling {% data variables.product.prodname_advanced_security %} features on {% data variables.product.product_name %}
 

content/admin/advanced-security/enabling-github-advanced-security-for-your-enterprise.md

@@ -0,0 +1 @@
+You add the {% data variables.product.prodname_codeql_cli %} to your third-party system, then call the tool to analyze code and upload the SARIF results to {% data variables.product.product_name %}. The resulting {% data variables.product.prodname_code_scanning %} alerts are shown alongside any alerts generated within {% data variables.product.product_name %}. For more information, see "[About CodeQL code scanning in your CI system](/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/about-codeql-code-scanning-in-your-ci-system)."

content/admin/advanced-security/index.md

@@ -0,0 +1 @@
+You can run {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %} within {% data variables.product.product_name %} using {% data variables.product.prodname_actions %}. Alternatively, if you use a third-party continuous integration or continuous delivery/deployment (CI/CD) system, you can run {% data variables.product.prodname_codeql %} analysis in your existing system and upload the results to {% data variables.product.product_location %}.

content/admin/advanced-security/overview-of-github-advanced-security-deployment.md

@@ -0,0 +1 @@
+{% data variables.product.prodname_GH_advanced_security %} is a set of security features designed to make enterprise code more secure. It is available for {% data variables.product.prodname_ghe_server %} 3.0 or higher, {% data variables.product.prodname_ghe_cloud %}, and open source repositories. To learn more about the features included in {% data variables.product.prodname_GH_advanced_security %}, see "[About {% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security)."

content/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/about-codeql-code-scanning-in-your-ci-system.md

@@ -0,0 +1,9 @@
+We’ve created a phased approach to {% data variables.product.prodname_GH_advanced_security %} (GHAS) rollouts developed from industry and GitHub best practices. You can utilize this approach for your rollout, either in partnership with {% data variables.product.prodname_professional_services %} or independently.
+
+While the phased approach is recommended, adjustments can be made based on the needs of your organization. We also suggest creating and adhering to a timeline for your rollout and implementation. As you begin your planning, we can work together to identify the ideal approach and timeline that works best for your organization.
+
+Based on our experience helping customers with a successful deployment of GHAS, we expect most customers will want to follow their rollout in our suggested phases.
+
+Depending on the needs of your organization, you may need to modify this approach and alter or remove some phases or steps.
+
+![Diagram showing the three phases of GitHub Advanced Security rollout and deployment, including Phase 0: Planning & Kickoff, Phase 1: Pilot projects, Phase 2: Org Buy-in and Rollout for early adopters, and Phase 3: Full org rollout & change management](/assets/images/enterprise/security/advanced-security-phased-approach-diagram.png)

content/get-started/learning-about-github/about-github-advanced-security.md

@@ -151,6 +151,10 @@ support_ticket_priority_high: 'High'
 support_ticket_priority_normal: 'Normal'
 support_ticket_priority_low: 'Low'
 
+# GitHub Professional Services
+prodname_professional_services: 'GitHub Professional Services'
+prodname_professional_services_team: 'Professional Services'
+
 # Security features / code scanning platform / Security Lab
 prodname_security: 'GitHub Security Lab'
 prodname_security_link: 'https://securitylab.github.com/'