From 8f61afa9b6f9fc6a129cbb17d8b6b961c2f0d8c8 Mon Sep 17 00:00:00 2001
From: Carlos Alarcon <jchuerva@github.com>
Date: Wed, 4 Dec 2024 14:58:13 +0100
Subject: [PATCH 1/3] Update docs to mention available custom property
 definition types depend on ghes version (#53452)

---
 ...g-custom-properties-for-repositories-in-your-organization.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization.md b/content/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization.md
index 427df548cbc1..787d22c2b597 100644
--- a/content/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization.md
+++ b/content/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization.md
@@ -36,7 +36,7 @@ You can add custom properties to your organization and set values for those prop
 1. To add a new custom property, click **New property** in the upper right corner.
 1. In the "Name" field, type the name you'd like to use for your custom property. The name can't contain spaces.
 1. Optionally, in the "Description" field, fill in a description of your custom property.
-1. Under "Type", select the type of property you'd like to add. This can either be a text string, a single select field, a multi select field, or a true/false boolean.
+1. Under "Type", select the type of property you'd like to add. This can either be a text string{% ifversion ghes < 3.15 %} or a single select field{% else %}, a single select field, a multi select field, or a true/false boolean{% endif %}.
 1. Optionally, you can select **Allow repository actors to set this property**. When enabled, repository users and apps with the repository-level "custom properties" fine-grained permission will be able to set and update the property value for their repository.
 1. Optionally, you can select **Require this property for all repositories** and add a default value. This means that you require that all repositories in your organization have a value for this property. Repositories that don’t have an explicit value for this property will inherit the default value.
 1. Click **Save property**.

From f484652288348968f335a039a8c571102e6fab22 Mon Sep 17 00:00:00 2001
From: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com>
Date: Wed, 4 Dec 2024 14:53:42 +0000
Subject: [PATCH 2/3] [Public preview] Repository policies & enterprise custom
 properties (#53279)

Co-authored-by: Patrick Knight <patrick-knight@github.com>
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
Co-authored-by: Rachael Rose Renk <91027132+rachaelrenk@users.noreply.github.com>
---
 .../about-enterprise-policies.md              |  8 +-
 ...-management-policies-in-your-enterprise.md |  9 ++-
 ...ple-use-repositories-in-your-enterprise.md | 76 +++++++++++++++++++
 .../index.md                                  |  2 +
 ...ies-for-repositories-in-your-enterprise.md | 44 +++++++++++
 ...e-use-repositories-in-your-organization.md | 64 ++++++++++++++++
 .../managing-organization-settings/index.md   |  1 +
 ...s-for-repositories-in-your-organization.md | 11 ++-
 ...epository-creation-in-your-organization.md | 14 ++++
 ...visibility-changes-in-your-organization.md | 18 ++++-
 ...r-deleting-or-transferring-repositories.md | 14 ++++
 .../deleting-a-repository.md                  |  3 +-
 .../transferring-a-repository.md              |  2 +-
 data/features/repo-policy-rules.yml           |  5 ++
 .../enterprise-accounts/repositories-tab.md   |  2 +-
 .../repo-policy-rules-allow-list.md           |  1 +
 .../repo-policy-rules-alternative.md          |  3 +
 .../repo-policy-rules-enforcement.md          |  1 +
 .../enterprise/repo-policy-rules-examples.md  |  6 ++
 .../enterprise/repo-policy-rules-intro.md     |  9 +++
 .../repo-policy-rules-more-flexible.md        |  1 +
 .../repo-policy-rules-policies-section.md     |  5 ++
 .../enterprise/repo-policy-rules-preview.md   |  1 +
 ...epo-policy-rules-with-custom-properties.md |  5 ++
 ...epo-policy-rules-with-existing-policies.md |  8 ++
 .../custom-property-allowed-characters.md     |  4 +
 26 files changed, 305 insertions(+), 12 deletions(-)
 create mode 100644 content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/governing-how-people-use-repositories-in-your-enterprise.md
 create mode 100644 content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/managing-custom-properties-for-repositories-in-your-enterprise.md
 create mode 100644 content/organizations/managing-organization-settings/governing-how-people-use-repositories-in-your-organization.md
 create mode 100644 data/features/repo-policy-rules.yml
 create mode 100644 data/reusables/enterprise/repo-policy-rules-allow-list.md
 create mode 100644 data/reusables/enterprise/repo-policy-rules-alternative.md
 create mode 100644 data/reusables/enterprise/repo-policy-rules-enforcement.md
 create mode 100644 data/reusables/enterprise/repo-policy-rules-examples.md
 create mode 100644 data/reusables/enterprise/repo-policy-rules-intro.md
 create mode 100644 data/reusables/enterprise/repo-policy-rules-more-flexible.md
 create mode 100644 data/reusables/enterprise/repo-policy-rules-policies-section.md
 create mode 100644 data/reusables/enterprise/repo-policy-rules-preview.md
 create mode 100644 data/reusables/enterprise/repo-policy-rules-with-custom-properties.md
 create mode 100644 data/reusables/enterprise/repo-policy-rules-with-existing-policies.md
 create mode 100644 data/reusables/repositories/custom-property-allowed-characters.md

diff --git a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/about-enterprise-policies.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/about-enterprise-policies.md
index 61fc739957ad..ebbe915c234a 100644
--- a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/about-enterprise-policies.md
+++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/about-enterprise-policies.md
@@ -18,10 +18,16 @@ To help you enforce business rules and regulatory compliance, policies provide a
 
 For example, with the "Base permissions" policy, you can allow organization owners to configure the "Base permissions" policy for their organization, or you can enforce a specific base permissions level, such as "Read", for all organizations within the enterprise.
 
-By default, no enterprise policies are enforced. To identify policies that should be enforced to meet the unique requirements of your business, we recommend reviewing all the available policies in your enterprise account, starting with repository management policies. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise)."
+## Enforcing policies
+
+By default, no enterprise policies are enforced. To identify policies that should be enforced to meet the unique requirements of your business, we recommend reviewing all the available policies in your enterprise account, starting with repository management policies.
 
 While you're configuring enterprise policies, to help you understand the impact of changing each policy, you can view the current configurations for the organizations owned by your enterprise.
 
+{% data reusables.enterprise.repo-policy-rules-alternative %}
+
+For a full list of repository management policies, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise)."
+
 {% ifversion ghes %}
 Another way to enforce standards within your enterprise is to use pre-receive hooks, which are scripts that run on {% data variables.location.product_location %} to implement quality checks. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policy-with-pre-receive-hooks)."
 {% endif %}
diff --git a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md
index 8f5e74b4f3ae..c1e5194e781f 100644
--- a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md
+++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md
@@ -48,7 +48,11 @@ shortTitle: Repository management policies
 
 ## About policies for repository management in your enterprise
 
-You can enforce policies to control how members of your enterprise on {% data variables.product.product_name %} manage repositories. You can also allow organization owners to manage policies for repository management. For more information, see "[AUTOTITLE](/repositories/creating-and-managing-repositories)" and "[AUTOTITLE](/organizations)."
+You can enforce policies to control how members of your enterprise on {% data variables.product.product_name %} manage repositories. You can also allow organization owners to manage policies for repository management.
+
+{% ifversion repo-policy-rules %}
+>[!NOTE] This page describes the policies you can set on the "Member privileges" page in your enterprise settings. Certain restrictions, such as who can create, delete, or transfer repositories, are also available in a **repository policy**. Repository policies give you more flexibility over which users are affected and which organizations and repositories are targeted. See "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/governing-how-people-use-repositories-in-your-enterprise)."
+{% endif %}
 
 {% ifversion ghes %}
 
@@ -197,7 +201,8 @@ Across all organizations owned by your enterprise, you can allow members with ad
 
 {% data reusables.enterprise-accounts.access-enterprise %}
 {% data reusables.enterprise-accounts.policies-tab %}
-1. On the **Repository policies** tab, under "Repository issue deletion", review the information about changing the setting. {% data reusables.enterprise-accounts.view-current-policy-config-orgs %}
+{% data reusables.enterprise-accounts.repositories-tab %}
+1. Under "Repository issue deletion", review the information about changing the setting. {% data reusables.enterprise-accounts.view-current-policy-config-orgs %}
 1. Under "Repository issue deletion", select the dropdown menu and click a policy.
 
 {% ifversion ghes %}
diff --git a/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/governing-how-people-use-repositories-in-your-enterprise.md b/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/governing-how-people-use-repositories-in-your-enterprise.md
new file mode 100644
index 000000000000..e330776962c7
--- /dev/null
+++ b/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/governing-how-people-use-repositories-in-your-enterprise.md
@@ -0,0 +1,76 @@
+---
+title: Governing how people use repositories in your enterprise
+intro: "Create a repository policy to control who can do things like create and delete repositories."
+permissions: Enterprise owners
+versions:
+  feature: repo-policy-rules
+type: how_to
+topics:
+  - Enterprise
+  - Repositories
+shortTitle: Govern repository usage
+---
+
+{% data reusables.enterprise.repo-policy-rules-preview %}
+
+{% data reusables.enterprise.repo-policy-rules-intro %}
+
+>[!TIP] If you're an **organization owner**, you can create a repository policy for a specific organization. See "[AUTOTITLE](/organizations/managing-organization-settings/governing-how-people-use-repositories-in-your-organization)."
+
+## Examples
+
+{% data reusables.enterprise.repo-policy-rules-examples %}
+
+## How will I target repositories?
+
+First, you'll target organizations in your enterprise. You can select all organizations, choose from a list, or create a dynamic rule using `fnmatch` syntax. If you use {% data variables.product.prodname_emus %}, you can also choose to target all repositories owned by users in your enterprise.
+
+Then, you'll target repositories in the selected organizations. {% data reusables.enterprise.repo-policy-rules-with-custom-properties %}
+
+## Interaction with other policies
+
+{% data reusables.enterprise.repo-policy-rules-with-existing-policies %}
+* They're visible to organization owners, so there is more transparency around what is permitted.
+* They allow you to target repositories owned by {% data variables.product.prodname_emus %}.
+
+## Creating a repository policy
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+1. Under "Policies", click **Repository**.
+1. Click **New policy**.
+1. Configure your new policy, then click **Create**. For help, consult the following subsections.
+
+### Policy name
+
+Use something descriptive to communicate the purpose of the policy. Organization owners can view the policy, so good names help add clarity. For example: `Prevent public repos on production`.
+
+### Enforcement status
+
+{% data reusables.enterprise.repo-policy-rules-enforcement %}
+
+### Allow list
+
+{% data reusables.enterprise.repo-policy-rules-allow-list %}
+
+### Targets
+
+Choose which organizations and repositories the policy applies to.
+
+#### Target organizations
+
+Select all organizations, choose a selection of existing organizations, or set a dynamic list by name. If you use {% data variables.product.prodname_emus %}, you can also choose to target all repositories owned by users in your enterprise.
+
+If you set a dynamic list, you'll add one or more naming patterns using `fnmatch` syntax. For example, the string `*open-source` would match any organization with a name that ends with `open-source`. For syntax details, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#using-fnmatch-syntax)."
+
+#### Target repositories
+
+Choose which repositories (current or future) to target in the selected organizations. You can select all repositories or set a dynamic list by custom property.
+
+### Policies
+
+{% data reusables.enterprise.repo-policy-rules-policies-section %}
+
+## Further reading
+
+To set additional policies for repository management, see "[AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise)."
diff --git a/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/index.md b/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/index.md
index 54329ca8bad8..9645ebb0564f 100644
--- a/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/index.md
+++ b/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/index.md
@@ -11,8 +11,10 @@ versions:
 topics:
   - Enterprise
 children:
+  - /governing-how-people-use-repositories-in-your-enterprise
   - /viewing-user-owned-repositories-in-your-enterprise
   - /accessing-user-owned-repositories-in-your-enterprise
+  - /managing-custom-properties-for-repositories-in-your-enterprise
   - /configuring-git-large-file-storage-for-your-enterprise
   - /disabling-git-ssh-access-on-your-enterprise
   - /locking-a-repository
diff --git a/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/managing-custom-properties-for-repositories-in-your-enterprise.md b/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/managing-custom-properties-for-repositories-in-your-enterprise.md
new file mode 100644
index 000000000000..a83972185f51
--- /dev/null
+++ b/content/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/managing-custom-properties-for-repositories-in-your-enterprise.md
@@ -0,0 +1,44 @@
+---
+title: Managing custom properties for repositories in your enterprise
+intro: 'Create custom properties to give organizations a consistent way to categorize repositories.'
+permissions: Enterprise owners
+versions:
+  ghec: '*'
+topics:
+  - Repositories
+shortTitle: Custom properties
+---
+
+> [!NOTE] Custom properties for your enterprise are in {% data variables.release-phases.public_preview %} and subject to change.
+
+Custom properties allow you to decorate your repositories with information such as compliance frameworks, data sensitivity, or project details. Custom properties are private and can only be viewed by people with read permissions to the repository. An enterprise can have up to 100 property definitions. An allowed value list can have up to 200 items.
+
+Defining custom properties at the enterprise level allows you to create consistent values that users can apply to repositories. With custom properties in place, you can apply consistent governance across repositories in your enterprise by creating a ruleset or repository policy targeting repositories with certain properties. See "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/governing-how-people-use-repositories-in-your-enterprise)."
+
+## Allowed characters
+
+{% data reusables.repositories.custom-property-allowed-characters %}
+
+## Who can set and view values for custom properties I define?
+
+After you define a custom property, users can set a value for that property in repositories in the enterprise. See "[AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization#setting-values-for-repositories-in-your-organization)."
+
+* As an enterprise owner, you can set a default value for required properties.
+* Organization owners can set values in their organization, either across repositories or at the repository level.
+* If enabled, people with repository access, or the `custom properties` fine-grained permission, can set and update the property value for their repository.
+
+People with read permissions to a repository can view the custom property values for that repository.
+
+Additionally, organization owners can search for repositories in their organization by custom property values. See "[AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization#searching-and-filtering-repositories-by-custom-property-values)."
+
+## Adding custom properties
+
+You can add custom properties to your enterprise to make those properties available in all of your orgaizations.
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+1. In the left sidebar, under "Policies", click **Custom properties**.
+1. To add a new custom property, in the upper-right corner, click **New property**.
+1. Enter a name, description, and type for the custom property. The name must be unique across all of your organizations, and cannot contain spaces.
+1. Optionally, select **Allow repository actors to set this property**. When enabled, repository users and apps with the repository-level `custom properties` fine-grained permission will be able to set and update the property value for their repository. Additionally, any actor creating a repository can set the property on the repository.
+1. Optionally, select **Require this property for all repositories** and add a default value. This means that you require that all repositories in your enterprise have a value for this property. Repositories that don’t have an explicit value for this property will inherit the default value.
+1. Click **Save property**.
diff --git a/content/organizations/managing-organization-settings/governing-how-people-use-repositories-in-your-organization.md b/content/organizations/managing-organization-settings/governing-how-people-use-repositories-in-your-organization.md
new file mode 100644
index 000000000000..7adce7b0992b
--- /dev/null
+++ b/content/organizations/managing-organization-settings/governing-how-people-use-repositories-in-your-organization.md
@@ -0,0 +1,64 @@
+---
+title: Governing how people use repositories in your organization
+intro: "Create a repository policy to control who can do things like create and delete repositories."
+permissions: Organization owners
+versions:
+  feature: repo-policy-rules
+type: how_to
+topics:
+  - Repositories
+shortTitle: Govern repository usage
+---
+
+{% data reusables.enterprise.repo-policy-rules-preview %}
+
+{% data reusables.enterprise.repo-policy-rules-intro %}
+
+>[!TIP] If you're an **enterprise owner**, you can create a repository policy that applies to multiple organizations. See "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/governing-how-people-use-repositories-in-your-enterprise)."
+
+## Examples
+
+{% data reusables.enterprise.repo-policy-rules-examples %}
+
+## How will I target repositories?
+
+{% data reusables.enterprise.repo-policy-rules-with-custom-properties %}
+
+As an alternative to custom properties, you can choose from a list of repositories or use `fnmatch` syntax to target repositories with certain naming patterns.
+
+## Interaction with other policies
+
+{% data reusables.enterprise.repo-policy-rules-with-existing-policies %}
+
+## Creating a repository policy
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+1. On the left side of the page, in the sidebar, click **{% octicon "law" aria-hidden="true" %} Policies**.
+1. Under "Policies", click **Repository**.
+1. Click **New policy**.
+1. Configure your new policy, then click **Create**. For help, consult the following subsections.
+
+### Policy name
+
+Use something descriptive to communicate the purpose of the policy. For example: `Prevent public repos on production`.
+
+### Enforcement status
+
+{% data reusables.enterprise.repo-policy-rules-enforcement %}
+
+### Allow list
+
+{% data reusables.enterprise.repo-policy-rules-allow-list %}
+
+### Targets
+
+Choose which repositories in the organization the policy applies to. You can select all repositories, choose a selection of existing repositories, or create a dynamic rule by name or custom property for current and future repositories.
+
+If you set a dynamic list by name, you'll add one or more naming patterns using `fnmatch` syntax.
+* For example, the string `*open-source` would match any repository with a name that ends with `open-source`. For syntax details, see "[AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/creating-rulesets-for-a-repository#using-fnmatch-syntax)."
+* Optionally, you can prevent anyone outside the allow list from renaming the selected repositories. Alternatively, you can control the format of names in the "Policies" section.
+
+### Policies
+
+{% data reusables.enterprise.repo-policy-rules-policies-section %}
diff --git a/content/organizations/managing-organization-settings/index.md b/content/organizations/managing-organization-settings/index.md
index 0e29e2ef2cce..f6a1961c6a4e 100644
--- a/content/organizations/managing-organization-settings/index.md
+++ b/content/organizations/managing-organization-settings/index.md
@@ -16,6 +16,7 @@ children:
   - /verifying-or-approving-a-domain-for-your-organization
   - /renaming-an-organization
   - /transferring-organization-ownership
+  - /governing-how-people-use-repositories-in-your-organization
   - /restricting-repository-creation-in-your-organization
   - /setting-permissions-for-deleting-or-transferring-repositories
   - /restricting-repository-visibility-changes-in-your-organization
diff --git a/content/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization.md b/content/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization.md
index 787d22c2b597..e15349286dc2 100644
--- a/content/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization.md
+++ b/content/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization.md
@@ -13,16 +13,19 @@ shortTitle: Custom properties
 
 Custom properties allow you to decorate your repositories with information such as compliance frameworks, data sensitivity, or project details. Custom properties are private and can only be viewed by people with read permissions to the repository.
 
+An organization can have up to 100 property definitions. An allowed value list can have up to 200 items.
+
 {% ifversion ghec or ghes %}
 You can use repository properties to determine which repositories to target with a ruleset. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/creating-rulesets-for-repositories-in-your-organization#targeting-repositories-by-properties-in-your-organization)."
 {% endif %}
 
-## Allowed characters
+{% ifversion ghec %}
+You can define custom properties at the enterprise level to create a consistent experience across organizations. See "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/managing-custom-properties-for-repositories-in-your-enterprise)".
+{% endif %}
 
-Custom property names and values may only contain certain characters:
+## Allowed characters
 
-* Names: `a-z`, `A-Z`, `0-9`, `_`, `-`, `$`, `#`.
-* Values: All printable ASCII characters except `"`.
+{% data reusables.repositories.custom-property-allowed-characters %}
 
 ## Adding custom properties
 
diff --git a/content/organizations/managing-organization-settings/restricting-repository-creation-in-your-organization.md b/content/organizations/managing-organization-settings/restricting-repository-creation-in-your-organization.md
index d9a3c50e2e31..955d34123bc9 100644
--- a/content/organizations/managing-organization-settings/restricting-repository-creation-in-your-organization.md
+++ b/content/organizations/managing-organization-settings/restricting-repository-creation-in-your-organization.md
@@ -14,6 +14,12 @@ topics:
 shortTitle: Restrict repository creation
 ---
 
+{% ifversion repo-policy-rules %}
+
+## Setting a blanket policy
+
+{% endif %}
+
 You can choose whether members and {% data variables.product.prodname_github_apps %} can create repositories in your organization. {% ifversion ghec or ghes %}If you allow members and {% data variables.product.prodname_github_apps %} to create repositories, you can choose which types of repositories they can create.{% elsif fpt %}If you allow members and {% data variables.product.prodname_github_apps %} to create repositories, you can choose whether they can create both public and private repositories or public repositories only.{% endif %} Organization owners can always create any type of repository.
 
 {% ifversion fpt %}
@@ -42,3 +48,11 @@ Organization owners can restrict the type of repositories members can create to
    {%- endif %}
 
 1. Click **Save**.
+
+{% ifversion repo-policy-rules %}
+
+## Setting a more flexible policy ({% data variables.release-phases.public_preview %})
+
+{% data reusables.enterprise.repo-policy-rules-more-flexible %}
+
+{% endif %}
diff --git a/content/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization.md b/content/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization.md
index 6839927dae34..b0a2b38889be 100644
--- a/content/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization.md
+++ b/content/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization.md
@@ -17,10 +17,16 @@ permissions: Organization owners can restrict repository visibility changes for
 
 You can restrict who has the ability to change the visibility of repositories in your organization, such as changing a repository from private to public. For more information about repository visibility, see "[AUTOTITLE](/repositories/creating-and-managing-repositories/about-repositories#about-repository-visibility)."
 
-You can restrict the ability to change repository visibility to organization owners only, or you can allow anyone with admin access to a repository to change visibility.
-
 Restricting who has the ability to change the visibility of repositories in your organization helps prevent sensitive information from being exposed. For more information, see "[AUTOTITLE](/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization)."
 
+{% ifversion repo-policy-rules %}
+
+## Setting a blanket policy
+
+{% endif %}
+
+You can restrict the ability to change repository visibility to organization owners only, or you can allow anyone with admin access to a repository to change visibility.
+
 > [!WARNING]
 > If this setting is enabled, individuals or {% data variables.product.prodname_github_apps %} with admin access can _modify_ the visibility of an existing repository even if the ability to _create_ a repository with that specific visibility has been disabled. For more information about restricting the visibility of repositories during creation, see "[AUTOTITLE](/organizations/managing-organization-settings/restricting-repository-creation-in-your-organization)."
 
@@ -29,3 +35,11 @@ Restricting who has the ability to change the visibility of repositories in your
 {% data reusables.organizations.member-privileges %}
 1. Under "Repository visibility change", deselect **Allow members to change repository visibilities for this organization**.
 1. Click **Save**.
+
+{% ifversion repo-policy-rules %}
+
+## Setting a more flexible policy ({% data variables.release-phases.public_preview %})
+
+{% data reusables.enterprise.repo-policy-rules-more-flexible %}
+
+{% endif %}
diff --git a/content/organizations/managing-organization-settings/setting-permissions-for-deleting-or-transferring-repositories.md b/content/organizations/managing-organization-settings/setting-permissions-for-deleting-or-transferring-repositories.md
index 708e70d5cf8c..1a6967f9e869 100644
--- a/content/organizations/managing-organization-settings/setting-permissions-for-deleting-or-transferring-repositories.md
+++ b/content/organizations/managing-organization-settings/setting-permissions-for-deleting-or-transferring-repositories.md
@@ -19,8 +19,22 @@ Owners can set permissions for deleting or transferring repositories in an organ
 
 Limiting the ability to delete or transfer repositories helps prevent sensitive information from being exposed. For more information, see "[AUTOTITLE](/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization)."
 
+{% ifversion repo-policy-rules %}
+
+## Setting a blanket policy
+
+{% endif %}
+
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}
 {% data reusables.organizations.member-privileges %}
 1. Under "Repository deletion and transfer", select or deselect **Allow members to delete or transfer repositories for this organization**.
 1. Click **Save**.
+
+{% ifversion repo-policy-rules %}
+
+## Setting a more flexible policy ({% data variables.release-phases.public_preview %})
+
+You can create a repository policy to govern who can delete or transfer repositories in your organization. Compared to "member privilege" policies, repository policies give you more flexibility over which users the policies apply to and which repositories are targeted. See "[AUTOTITLE](/organizations/managing-organization-settings/governing-how-people-use-repositories-in-your-organization)."
+
+{% endif %}
diff --git a/content/repositories/creating-and-managing-repositories/deleting-a-repository.md b/content/repositories/creating-and-managing-repositories/deleting-a-repository.md
index 6b1022c41533..b5096e403b2f 100644
--- a/content/repositories/creating-and-managing-repositories/deleting-a-repository.md
+++ b/content/repositories/creating-and-managing-repositories/deleting-a-repository.md
@@ -14,7 +14,8 @@ versions:
 topics:
   - Repositories
 ---
-{% data reusables.organizations.owners-and-admins-can %} delete an organization repository. If **Allow members to delete or transfer repositories for this organization** has been disabled, only organization owners can delete organization repositories. {% data reusables.organizations.new-repo-permissions-more-info %}
+
+{% data reusables.organizations.owners-and-admins-can %} delete an organization repository, and these users may be prevented from deleting a repository by an organization or enterprise policy. {% data reusables.organizations.new-repo-permissions-more-info %}
 
 Deleting a public repository will not delete any forks of the repository.
 
diff --git a/content/repositories/creating-and-managing-repositories/transferring-a-repository.md b/content/repositories/creating-and-managing-repositories/transferring-a-repository.md
index 2197215b9d70..564f78f3984c 100644
--- a/content/repositories/creating-and-managing-repositories/transferring-a-repository.md
+++ b/content/repositories/creating-and-managing-repositories/transferring-a-repository.md
@@ -74,7 +74,7 @@ See "[AUTOTITLE](/get-started/getting-started-with-git/managing-remote-repositor
 
 ### Repository transfers and organizations
 
-To transfer repositories to an organization, you must have repository creation permissions in the receiving organization. If organization owners have disabled repository creation by organization members, only organization owners can transfer repositories out of or into the organization.
+To transfer repositories to an organization, you must have permission to create repositories in the receiving organization, and to transfer repositories out of the origin organization. An organization or enterprise owner may have set a policy that prevents certain users from doing these things.
 
 Once a repository is transferred to an organization, the organization's default repository permission settings and default membership privileges will apply to the transferred repository.
 
diff --git a/data/features/repo-policy-rules.yml b/data/features/repo-policy-rules.yml
new file mode 100644
index 000000000000..1244cf5c088b
--- /dev/null
+++ b/data/features/repo-policy-rules.yml
@@ -0,0 +1,5 @@
+# Repository policy rules (public preview)
+# Ref: 15306
+
+versions:
+  ghec: '*'
diff --git a/data/reusables/enterprise-accounts/repositories-tab.md b/data/reusables/enterprise-accounts/repositories-tab.md
index 32c8dafaf49b..f4db4ec2973f 100644
--- a/data/reusables/enterprise-accounts/repositories-tab.md
+++ b/data/reusables/enterprise-accounts/repositories-tab.md
@@ -1 +1 @@
-1. Under "{% octicon "law" aria-hidden="true" %} Policies", click **Member privileges**.
+1. Under "{% octicon "law" aria-hidden="true" %} Policies", click {% ifversion ghes < 3.16 %}**Repositories**{% else %}**Member privileges**{% endif %}.
diff --git a/data/reusables/enterprise/repo-policy-rules-allow-list.md b/data/reusables/enterprise/repo-policy-rules-allow-list.md
new file mode 100644
index 000000000000..d6e624a8b619
--- /dev/null
+++ b/data/reusables/enterprise/repo-policy-rules-allow-list.md
@@ -0,0 +1 @@
+Choose which roles and teams can **bypass** the restrictions in this policy.
diff --git a/data/reusables/enterprise/repo-policy-rules-alternative.md b/data/reusables/enterprise/repo-policy-rules-alternative.md
new file mode 100644
index 000000000000..2b91002f264a
--- /dev/null
+++ b/data/reusables/enterprise/repo-policy-rules-alternative.md
@@ -0,0 +1,3 @@
+{% ifversion repo-policy-rules %}
+We recommend creating a **repository policy** to govern the lifecycle of repositories in your enterprise, such as who can create or delete repositories. Repository policies give you flexibility over which users are affected and which organizations and repositories are targeted. See "[AUTOTITLE](/admin/managing-accounts-and-repositories/managing-repositories-in-your-enterprise/governing-how-people-use-repositories-in-your-enterprise)."
+{% endif %}
diff --git a/data/reusables/enterprise/repo-policy-rules-enforcement.md b/data/reusables/enterprise/repo-policy-rules-enforcement.md
new file mode 100644
index 000000000000..5723e8181a0d
--- /dev/null
+++ b/data/reusables/enterprise/repo-policy-rules-enforcement.md
@@ -0,0 +1 @@
+If you don't want the policy to be enforced when it's created, set to "Disabled". Otherwise, set to "Active".
diff --git a/data/reusables/enterprise/repo-policy-rules-examples.md b/data/reusables/enterprise/repo-policy-rules-examples.md
new file mode 100644
index 000000000000..724c066076eb
--- /dev/null
+++ b/data/reusables/enterprise/repo-policy-rules-examples.md
@@ -0,0 +1,6 @@
+You can use a repository policy to do things like:
+
+* Ensure all new repositories use a certain naming convention, such as `kebab-case`.
+* Prevent repository deletions except by organization admins.
+* Allow public repositories to be created only in the "open source" organization in your enterprise.
+* Prevent public repositories from being changed to private to avoid potential loss of metadata.
diff --git a/data/reusables/enterprise/repo-policy-rules-intro.md b/data/reusables/enterprise/repo-policy-rules-intro.md
new file mode 100644
index 000000000000..3e91378cea3a
--- /dev/null
+++ b/data/reusables/enterprise/repo-policy-rules-intro.md
@@ -0,0 +1,9 @@
+To govern key events in the lifecycle of your repositories, such as who can create or delete repositories, you can create a repository policy. A repository policy is a collection of restrictions that gives you flexible control over which users are affected and which repositories are targeted.
+
+In a repository policy, you can restrict:
+
+* Which **visibilities** are permitted for new repositories and visibility changes.
+* Who can **create** repositories.
+* Who can **delete** repositories.
+* Who can **transfer** repositories out of an organization.
+* How people can **name** repositories.
diff --git a/data/reusables/enterprise/repo-policy-rules-more-flexible.md b/data/reusables/enterprise/repo-policy-rules-more-flexible.md
new file mode 100644
index 000000000000..b9bead1884ce
--- /dev/null
+++ b/data/reusables/enterprise/repo-policy-rules-more-flexible.md
@@ -0,0 +1 @@
+You can create a repository policy to govern who can create repositories in your organization, how new repositories must be named, and which visibilities are available. Compared to "member privilege" policies, repository policies give you more flexibility over which users are affected and which repositories are targeted. See "[AUTOTITLE](/organizations/managing-organization-settings/governing-how-people-use-repositories-in-your-organization)."
diff --git a/data/reusables/enterprise/repo-policy-rules-policies-section.md b/data/reusables/enterprise/repo-policy-rules-policies-section.md
new file mode 100644
index 000000000000..579110999efc
--- /dev/null
+++ b/data/reusables/enterprise/repo-policy-rules-policies-section.md
@@ -0,0 +1,5 @@
+Choose which restrictions are included. When the policy is active, the restrictions apply across all targeted repositories, but can be bypassed by users or teams on the allow list.
+
+If you choose the "Restrict names" policy, you must use **regular expression** syntax to set a pattern that repository names must or must not match. For example, a pattern to enforce `kebab-case` naming would look like `^([a-z][a-z0-9]*)(-[a-z0-9]+)*$`.
+* Patterns support RE2 syntax. See Google's [syntax guide](https://github.com/google/re2/wiki/Syntax).
+* To validate your expressions, click **Test pattern**, then enter a pattern and test value.
diff --git a/data/reusables/enterprise/repo-policy-rules-preview.md b/data/reusables/enterprise/repo-policy-rules-preview.md
new file mode 100644
index 000000000000..fda811b12120
--- /dev/null
+++ b/data/reusables/enterprise/repo-policy-rules-preview.md
@@ -0,0 +1 @@
+>[!NOTE] Repository policies are currently in {% data variables.release-phases.public_preview %} and subject to change.
diff --git a/data/reusables/enterprise/repo-policy-rules-with-custom-properties.md b/data/reusables/enterprise/repo-policy-rules-with-custom-properties.md
new file mode 100644
index 000000000000..56354d8bd5d7
--- /dev/null
+++ b/data/reusables/enterprise/repo-policy-rules-with-custom-properties.md
@@ -0,0 +1,5 @@
+We recommend using repository policies alongside **custom repository properties**. By adding custom properties to repositories, you will be able to flexibly target those repositories in a policy.
+
+For example, you can add a property to mark repositories that contain production data or other sensitive information, then prevent anyone from making those repositories public.
+
+To create and set custom properties, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization)."
diff --git a/data/reusables/enterprise/repo-policy-rules-with-existing-policies.md b/data/reusables/enterprise/repo-policy-rules-with-existing-policies.md
new file mode 100644
index 000000000000..45b6901e46a7
--- /dev/null
+++ b/data/reusables/enterprise/repo-policy-rules-with-existing-policies.md
@@ -0,0 +1,8 @@
+Some of the available restrictions are duplicates of policies you may have set on the "Member privileges" page in your organization or enterprise settings.
+
+Creating a repository policy does **not** override your existing "member privilege" policies. Instead, the policies are additive, so that the most restrictive version of a policy applies. This applies both to **member privilege policies** and to other **repository policies** that people have created at the enterprise or organization level.
+
+Compared to member privilege policies, repository policies have several advantages:
+
+* They offer more flexible targeting of organizations and repositories.
+* They allow you to give certain actors the option to bypass the policies.
diff --git a/data/reusables/repositories/custom-property-allowed-characters.md b/data/reusables/repositories/custom-property-allowed-characters.md
new file mode 100644
index 000000000000..436390258673
--- /dev/null
+++ b/data/reusables/repositories/custom-property-allowed-characters.md
@@ -0,0 +1,4 @@
+Custom property names and values may only contain certain characters:
+
+* Names: `a-z`, `A-Z`, `0-9`, `_`, `-`, `$`, `#`.
+* Values: All printable ASCII characters except `"`.

From b983cb5468bfa95d1bf4720c510d2fd4ebe580b7 Mon Sep 17 00:00:00 2001
From: Felicity Chapman <felicitymay@github.com>
Date: Wed, 4 Dec 2024 15:03:47 +0000
Subject: [PATCH 3/3] Add code-scanning and version copilot (#53351)

---
 .../reviewing-the-audit-log-for-your-organization.md       | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md
index 8268311a8cbe..9a4527e13b08 100644
--- a/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md
+++ b/content/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization.md
@@ -46,9 +46,14 @@ To search for specific events, use the `action` qualifier in your query. Actions
 | {% ifversion fpt or ghec %} |
 | `billing` | Contains all activities related to your organization's billing.
 | `business` | Contains activities related to business settings for an enterprise. |
-| `codespaces` | Contains all activities related to your organization's codespaces. |
 | {% endif %} |
+| {% ifversion fpt or ghec or ghes > 3.16 %} |
+| `code-scanning` | Contains all activities related to your organization's code scanning alerts. |
+| {% endif %} |
+| {% ifversion fpt or ghec %} |
+| `codespaces` | Contains all activities related to your organization's codespaces. |
 | `copilot` | Contains all activities related to your {% data variables.product.prodname_copilot_for_business %} or {% data variables.product.prodname_copilot_enterprise %} subscription.
+| {% endif %} |
 | `dependabot_alerts` | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in existing repositories. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts)."
 | `dependabot_alerts_new_repos` | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_alerts %} in new repositories created in the organization.
 | `dependabot_security_updates` | Contains organization-level configuration activities for {% data variables.product.prodname_dependabot_security_updates %} in existing repositories. For more information, see "[AUTOTITLE](/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates)."