Separate out existing how-to and reference content on the SRA (#57752)

Co-authored-by: Laura Coursen <lecoursen@github.com>
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>

Author: 3 people

content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/about-secret-risk-assessment.md

@@ -56,8 +56,4 @@ Because the {% data variables.product.prodname_secret_risk_assessment %} report
 
 ## Next steps
 
-Now that you know about the {% data variables.product.prodname_secret_risk_assessment %} report, you may want to learn how to:
-
-* Generate the report to see your organization risk. Navigate to {% data reusables.security-overview.navigate-to-risk-assessment %}.
-* Interpret the results of the report. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results).
-* Enable {% data variables.product.prodname_GH_secret_protection %} to improve your secret leak footprint. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/choosing-github-secret-protection#enabling-secret-protection).
+To start analyzing your organization's secret risk, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/assess-your-secret-risk).

content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/assess-your-secret-risk.md

@@ -0,0 +1,42 @@
+---
+title: 'Running the secret risk assessment for your organization'
+shortTitle: 'Assess your secret risk'
+intro: 'Determine your organization''s exposure to leaked secrets by generating a {% data variables.product.prodname_secret_risk_assessment %} report.'
+product: '{% data reusables.gated-features.secret-risk-assessment-report %}'
+permissions: '{% data reusables.permissions.secret-risk-assessment-report-generation %}'
+type: how_to
+versions:
+  feature: secret-risk-assessment
+topics:
+  - Code Security
+  - Secret scanning
+  - Secret Protection
+  - Organizations
+  - Security
+---
+
+## Generating an initial {% data variables.product.prodname_secret_risk_assessment %}
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.security-overview %}
+{% data reusables.security-overview.open-assessments-view %}
+{% data reusables.security-overview.generate-secret-risk-assessment-report %}
+
+    {% data reusables.secret-risk-assessment.notification-report-ready %}
+
+## Rerunning the {% data variables.product.prodname_secret_risk_assessment %}
+
+> [!NOTE]
+> You can only generate a secret risk assessment report once every 90 days.
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.security-overview %}
+{% data reusables.security-overview.open-assessments-view %}
+1. Towards the top right side of the existing report, click {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %}.
+1. Select **Rerun scan**.
+
+    {% data reusables.secret-risk-assessment.notification-report-ready %}
+
+## Next steps
+
+Now that you've generated a {% data variables.product.prodname_secret_risk_assessment %} report for your organization, learn how to interpret the results. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results).

content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/export-risk-report-csv.md

@@ -0,0 +1,25 @@
+---
+title: 'Exporting the secret risk assessment report to CSV'
+shortTitle: 'Export risk report CSV'
+intro: 'Export the {% data variables.product.prodname_secret_risk_assessment %} report to a CSV file for detailed investigation and stakeholder sharing.'
+product: '{% data reusables.gated-features.secret-risk-assessment-report %}'
+permissions: '{% data reusables.permissions.secret-risk-assessment-report-generation %}'
+type: how_to
+versions:
+  feature: secret-risk-assessment
+topics:
+  - Code Security
+  - Secret scanning
+  - Secret Protection
+  - Organizations
+  - Security
+---
+
+{% data reusables.organizations.navigate-to-org %}
+{% data reusables.organizations.security-overview %}
+{% data reusables.security-overview.open-assessments-view %}
+1. Towards the top-right side of the report, select the {% octicon "kebab-horizontal" aria-label="More options" %} dropdown menu, then click {% octicon "download" aria-hidden="true" aria-label="download" %} **Download CSV**.
+
+## Next steps
+
+To better understand the fields of your CSV file, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/risk-report-csv-contents).

content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/index.md

@@ -12,7 +12,10 @@ topics:
   - Security
 children:
   - /about-secret-risk-assessment
+  - /assess-your-secret-risk
   - /viewing-the-secret-risk-assessment-report-for-your-organization
+  - /export-risk-report-csv
+  - /risk-report-csv-contents
   - /interpreting-secret-risk-assessment-results
   - /choosing-github-secret-protection
   - /calculating-the-cost-savings-of-push-protection

content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results.md

@@ -23,7 +23,7 @@ In this tutorial, you'll interpret your secret risk assessment results, and lear
 
 ## Prerequisites
 
-You must generate a {% data variables.product.prodname_secret_risk_assessment %} report and wait for the scan to complete. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization#generating-an-initial-secret-risk-assessment).
+You must generate a {% data variables.product.prodname_secret_risk_assessment %} report and wait for the scan to complete. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/assess-your-secret-risk).
 
 ## Step 1: Understand your dashboard metrics
 
@@ -71,7 +71,7 @@ If you see **many secrets of the same type** (for example, multiple AWS keys), t
 * Developers may not be using environment variables
 * Missing documentation on secret management
 
-## Step 5: Prioritizing remediation and related actions
+## Step 5: Prioritize remediation and related actions
 
 Now that you understand the metrics, prioritize remediation based on risk.
 

content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/risk-report-csv-contents.md

@@ -0,0 +1,32 @@
+---
+title: 'Contents of the secret risk assessment report CSV'
+shortTitle: 'Risk report CSV contents'
+intro: 'Understand the data included in the CSV export of the {% data variables.product.prodname_secret_risk_assessment %} report.'
+product: '{% data reusables.gated-features.secret-risk-assessment-report %}'
+permissions: '{% data reusables.permissions.secret-risk-assessment-report-generation %}'
+type: reference
+versions:
+  feature: secret-risk-assessment
+topics:
+  - Code Security
+  - Secret scanning
+  - Secret Protection
+  - Organizations
+  - Security
+---
+
+The {% data variables.product.prodname_secret_risk_assessment %} report CSV file includes the following information:
+
+| CSV column | Name                   | Description                                               |
+| ---------- | ---------------------- | --------------------------------------------------------- |
+| A          | `Organization Name`    | The name of the organization the secret was detected in |
+| B          | `Name`                 | The token name for the type of secret |
+| C          | `Slug`                 | The normalized string for the token. This corresponds to `Token` in the table of supported secrets. See [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets). |
+| D          | `Push Protected`       | A `boolean` to indicate whether the secret would be detected and blocked by push protection if it were enabled |
+| E          | `Non-Provider Pattern` | A `boolean` to indicate whether the secret matched a non-provider pattern and would generate an alert if {% data variables.product.prodname_secret_scanning %} with non-provider patterns were enabled |
+| F          | `Secret Count`         | An aggregate count of the active and inactive secrets found for the token type |
+| G          | `Repository Count`         | An aggregate count of distinct repositories in which the secret type was found, including public, private,{% ifversion ghec or ghes %} internal,{% endif %} and archived repositories |
+
+## Next steps
+
+To learn which secrets you should prioritize for remediation, see [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results#step-5-prioritizing-remediation-and-related-actions).

content/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/viewing-the-secret-risk-assessment-report-for-your-organization.md

@@ -1,7 +1,7 @@
 ---
 title: 'Viewing the secret risk assessment report for your organization'
-shortTitle: 'View secret risk assessment'
-intro: 'You can generate and view the {% data variables.product.prodname_secret_risk_assessment %} report for your organization from the "Security" tab.'
+shortTitle: 'View risk report'
+intro: 'Understand your organization''s exposure to leaked secrets at a glance by viewing your most recent {% data variables.product.prodname_secret_risk_assessment %} report.'
 product: '{% data reusables.gated-features.secret-risk-assessment-report %}'
 permissions: '{% data reusables.permissions.secret-risk-assessment-report-generation %}'
 allowTitleToDifferFromFilename: true
@@ -16,65 +16,6 @@ topics:
   - Security
 ---
 
-{% data reusables.secret-risk-assessment.report-intro %} {% data reusables.secret-risk-assessment.link-conceptual-information %}
-
-You can generate the {% data variables.product.prodname_secret_risk_assessment %} report for your organization, review it, and export the results to CSV.
-
-## Generating an initial {% data variables.product.prodname_secret_risk_assessment %}
-
-{% data reusables.organizations.navigate-to-org %}
-{% data reusables.organizations.security-overview %}
-{% data reusables.security-overview.open-assessments-view %}
-{% data reusables.security-overview.generate-secret-risk-assessment-report %}
-
-{% data reusables.secret-risk-assessment.notification-report-ready %}
-
-{% note %}
-
-Did you successfully generate the {% data variables.product.prodname_secret_risk_assessment %} report for your organization?
-
-<a href="https://docs.github.io/success-test/yes.html" target="_blank" class="btn btn-outline mt-3 mr-3 no-underline"><span>Yes</span></a>  <a href="https://docs.github.io/success-test/no.html" target="_blank" class="btn btn-outline mt-3 mr-3 no-underline"><span>No</span></a>
-
-{% endnote %}
-
-## Rerunning the {% data variables.product.prodname_secret_risk_assessment %}
-
-{% data reusables.security-overview.secret-risk-assessment-report-generation-cadence %}
-
-{% data reusables.organizations.navigate-to-org %}
-{% data reusables.organizations.security-overview %}
-{% data reusables.security-overview.open-assessments-view %}
-1. Towards the top right side of the existing report, click {% octicon "kebab-horizontal" aria-label="The horizontal kebab icon" %}.
-1. Select **Rerun scan**.
-
-    {% data reusables.secret-risk-assessment.notification-report-ready %}
-
-## Viewing the {% data variables.product.prodname_secret_risk_assessment %}
-
 {% data reusables.organizations.navigate-to-org %}
 {% data reusables.organizations.security-overview %}
 {% data reusables.security-overview.open-assessments-view %} You can see the most recent report on this page.
-
-## Exporting the {% data variables.product.prodname_secret_risk_assessment %} to CSV
-
-{% data reusables.organizations.navigate-to-org %}
-{% data reusables.organizations.security-overview %}
-{% data reusables.security-overview.open-assessments-view %}
-1. Towards the top right side of the report, click {% octicon "kebab-horizontal" aria-label="More options" %}.
-1. Select **Download CSV**.
-
-The {% data variables.product.prodname_secret_risk_assessment %} CSV file includes the following information.
-
-| CSV column | Name                   | Description                                               |
-| ---------- | ---------------------- | --------------------------------------------------------- |
-| A          | `Organization Name`    | The name of the organization the secret was detected in |
-| B          | `Name`                 | The token name for the type of secret |
-| C          | `Slug`                 | The normalized string for the token. This corresponds to `Token` in the table of supported secrets. See [AUTOTITLE](/code-security/secret-scanning/introduction/supported-secret-scanning-patterns#supported-secrets). |
-| D          | `Push Protected`       | A `boolean` to indicate whether the secret would be detected and blocked by push protection if it were enabled |
-| E          | `Non-Provider Pattern` | A `boolean` to indicate whether the secret matched a non-provider pattern and would generate an alert if {% data variables.product.prodname_secret_scanning %} with non-provider patterns were enabled |
-| F          | `Secret Count`         | An aggregate count of the active and inactive secrets found for the token type |
-| G          | `Repository Count`         | An aggregate count of distinct repositories in which the secret type was found, including public, private,{% ifversion ghec or ghes %} internal{% endif %}, and archived repositories |
-
-## Next steps
-
-Now that you've generated {% data variables.product.prodname_secret_risk_assessment %} for your organization, learn how to interpret the results. See [AUTOTITLE](/code-security/securing-your-organization/understanding-your-organizations-exposure-to-leaked-secrets/interpreting-secret-risk-assessment-results).

data/reusables/gated-features/secret-risk-assessment-report.md

@@ -1 +1 @@
-{% data variables.product.prodname_secret_risk_assessment_caps %} is available for free in organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %}
+Free for organizations on {% data variables.product.prodname_team %} and {% data variables.product.prodname_enterprise %}