[EDI] Set code scanning merge protection (#59575)

sabrowning1 · mchammer01 · web-flow · commit 473aa11b6cd0 · 2026-02-12T17:57:45.000Z
Co-authored-by: mc &lt;42146119+mchammer01@users.noreply.github.com&gt;
diff --git a/content/code-security/concepts/code-scanning/index.md b/content/code-security/concepts/code-scanning/index.md
@@ -18,5 +18,6 @@ children:
   - /setup-types
   - /about-integration-with-code-scanning
   - /sarif-files
+  - /merge-protection
   - /codeql
 ---
diff --git a/content/code-security/concepts/code-scanning/merge-protection.md b/content/code-security/concepts/code-scanning/merge-protection.md
@@ -0,0 +1,46 @@
+---
+title: Code scanning merge protection
+shortTitle: Merge protection
+intro: Code scanning rules prevent pull requests with potential vulnerabilities from being merged.
+topics:
+  - Code Security
+  - Code scanning
+product: 'Rulesets are available in public repositories with {% data variables.product.prodname_free_user %} and {% data variables.product.prodname_free_team %} for organizations, and in public and private repositories with {% data variables.product.prodname_pro %}, {% data variables.product.prodname_team %}, and {% data variables.product.prodname_ghe_cloud %}. {% data reusables.gated-features.more-info %}'
+permissions: 'Repository administrators and organization owners'
+versions:
+  fpt: '*'
+  ghes: '*'
+  ghec: '*'
+contentType: concepts
+---
+
+## Rulesets for {% data variables.product.prodname_code_scanning %} merge protection
+
+A ruleset is a named list of rules that control how people can interact with branches and tags in your repositories. You can add {% data variables.product.prodname_code_scanning %} rules to rulesets to prevent pull requests from being merged when any of the following conditions are met:
+
+{% data reusables.code-scanning.merge-protection-rulesets-conditions %}
+
+Typically, you should use {% data variables.product.prodname_code_scanning %} merge protection on long-lived feature branches, where you want to guarantee code has been analyzed before pull requests can be merged.
+
+Configuring a {% data variables.product.prodname_code_scanning %} rule will not automatically enable {% data variables.product.prodname_code_scanning %}. To learn how to enable code scanning, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning).
+
+> [!NOTE]
+> * Merge protection with rulesets is not related to status checks. For more information about status checks, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks).
+
+## Availability
+
+You can set {% data variables.product.prodname_code_scanning %} merge protection with rulesets:
+* At the repository level
+* At the organization level ({% data variables.product.prodname_enterprise %} plans only)
+
+## Exceptions and limitations
+
+Merge protection with rulesets will **not apply** to:
+* Merge queue groups
+* {% data variables.product.prodname_dependabot %} pull requests analyzed by default setup
+
+Additionally, all the lines of code identified by an alert must exist in the pull request diff. For more information, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#source-file-locations).
+
+## Next steps
+
+To configure a ruleset that requires {% data variables.product.prodname_code_scanning %} results, see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/set-code-scanning-merge-protection).
diff --git a/content/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/set-code-scanning-merge-protection.md b/content/code-security/how-tos/scan-code-for-vulnerabilities/manage-your-configuration/set-code-scanning-merge-protection.md
@@ -1,7 +1,7 @@
 ---
 title: Set code scanning merge protection
 shortTitle: Set merge protection
-intro: You can use rulesets to set {% data variables.product.prodname_code_scanning %} merge protection for pull requests.
+intro: 'Secure your codebase by blocking pull requests that fail {% data variables.product.prodname_code_scanning %} checks.'
 permissions: '{% data reusables.permissions.security-org-enable %}'
 product: '{% data reusables.gated-features.code-scanning %}'
 versions:
@@ -16,27 +16,6 @@ redirect_from:
 contentType: how-tos
 ---
 
-## About using rulesets for {% data variables.product.prodname_code_scanning %} merge protection
-
-> [!NOTE]
-> * Merge protection with rulesets is not related to status checks. For more information about status checks, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/about-status-checks).
-> * Merge protection with rulesets will not apply to merge queue groups or {% data variables.product.prodname_dependabot %} pull requests analyzed by default setup.
-> * All the lines of code identified by an alert must exist in the pull request diff. For more information, see [AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#source-file-locations).
-
-You can use rulesets to prevent pull requests from being merged when one of the following conditions is met:
-
-{% data reusables.code-scanning.merge-protection-rulesets-conditions %}
-
-Typically you should use rulesets target long-lived feature branches, where you would like to guarantee that code has been analyzed before pull requests can be merged.
-
-Configuring a {% data variables.product.prodname_code_scanning %} rule will not automatically enable {% data variables.product.prodname_code_scanning %}. For more information about how to enable code scanning, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning).
-
-For more information about {% data variables.product.prodname_code_scanning %} alerts, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts).
-
-You can set merge protection with rulesets at the repository {% ifversion ghec or ghes %}or organization levels{% else %}level{% endif %}, and for repositories configured with either default setup or advanced setup. You can also use the REST API to set merge protection with rulesets.
-
-For more information about rulesets, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-rulesets/about-rulesets).
-
 ## Creating a merge protection ruleset for a repository
 
 {% data reusables.repositories.navigate-to-repo %}
diff --git a/data/reusables/code-scanning/merge-protection-rulesets-conditions.md b/data/reusables/code-scanning/merge-protection-rulesets-conditions.md
@@ -1,3 +1,3 @@
-* A required tool found a {% data variables.product.prodname_code_scanning %} alert of a severity that is defined in a ruleset.
-* A required {% data variables.product.prodname_code_scanning %} tool's analysis is still in progress.
-* A required {% data variables.product.prodname_code_scanning %} tool is not configured for the repository.
+* A required tool finds a {% data variables.product.prodname_code_scanning %} alert of a severity that is defined in the ruleset.
+* A required tool's analysis is still in progress.
+* A required tool is not configured for the repository.
