From f73b7687f2ea50507879a761cb1a2e410cedc543 Mon Sep 17 00:00:00 2001
From: Anne-Marie <102995847+am-stead@users.noreply.github.com>
Date: Fri, 13 Dec 2024 15:55:39 +0000
Subject: [PATCH] Closing Down: Vulnerability Exposure Analysis / Reachability
 in Dependabot Alerts for Python [Closing Down] #16578 (#53527)

Co-authored-by: Caro Galvin <carogalvin@github.com>
---
 .../viewing-and-updating-dependabot-alerts.md | 34 -------------------
 ...reating-a-custom-security-configuration.md |  5 +--
 .../dependabot/dependabot-alerts-filters.md   |  2 +-
 .../dependabot/vulnerable-calls-beta.md       |  7 ----
 .../dependency-vulnerable-calls.md            |  4 ---
 5 files changed, 2 insertions(+), 50 deletions(-)
 delete mode 100644 data/reusables/dependabot/vulnerable-calls-beta.md
 delete mode 100644 data/reusables/gated-features/dependency-vulnerable-calls.md

diff --git a/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md b/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md
index a5574a9e4c10..9ccc7a247b7a 100644
--- a/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md
+++ b/content/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts.md
@@ -67,34 +67,6 @@ The alert details page of alerts on development-scoped packages shows a "Tags" s
 
 ![Screenshot showing the "Tags" section in the alert details page. The label is highlighted with a dark orange outline.](/assets/images/help/repository/dependabot-alerts-tags-section.png)
 
-{% ifversion dependabot-alerts-vulnerable-calls %}
-
-## About the detection of calls to vulnerable functions
-
-{% data reusables.dependabot.vulnerable-calls-beta %}
-
-When {% data variables.product.prodname_dependabot %} tells you that your repository uses a vulnerable dependency, you need to determine what the vulnerable functions are and check whether you are using them. Once you have this information, then you can determine how urgently you need to upgrade to a secure version of the dependency.
-
-For supported languages, {% data variables.product.prodname_dependabot %} automatically detects whether you use a vulnerable function and adds the label "Vulnerable call" to affected alerts. You can use this information in the {% data variables.product.prodname_dependabot_alerts %} view to triage and prioritize remediation work more effectively.
-
-> [!NOTE]
-> During the {% data variables.release-phases.public_preview %} release, this feature is available only for new Python advisories created _after_ April 14, 2022, and for a subset of historical Python advisories. {% data variables.product.prodname_dotcom %} is working to backfill data across additional historical Python advisories, which are added on a rolling basis. Vulnerable calls are highlighted only on the {% data variables.product.prodname_dependabot_alerts %} pages.
-
-![Screenshot showing an alert with the "Vulnerable call" label. The label is outlined in orange.](/assets/images/help/repository/dependabot-alerts-vulnerable-call-label.png)
-
-You can filter the view to show only alerts where {% data variables.product.prodname_dependabot %} detected at least one call to a vulnerable function using the `has:vulnerable-calls` filter in the search field.
-
-For alerts where vulnerable calls are detected, the alert details page shows additional information:
-
-* One or more code blocks showing where the function is used.
-* An annotation listing the function itself, with a link to the line where the function is called.
-
-![Screenshot showing a {% data variables.product.prodname_dependabot %} alert with a "Vulnerable call" label. A code block, showing "Vulnerable function called", and a link, titled "See all your affected repositories", are highlighted with a dark orange outline.](/assets/images/help/repository/review-calls-to-vulnerable-functions.png)
-
-For more information, see [Reviewing and fixing alerts](#reviewing-and-fixing-alerts) below.
-
-{% endif %}
-
 ## Viewing {% data variables.product.prodname_dependabot_alerts %}
 
 {% data reusables.dependabot.where-to-view-dependabot-alerts %} You can sort and filter {% data variables.product.prodname_dependabot_alerts %} by selecting a filter from the dropdown menu.
@@ -120,12 +92,6 @@ If a patched version of the dependency is available, you can generate a {% data
 
 In cases where a patched version is not available, or you can’t update to the secure version, {% data variables.product.prodname_dependabot %} shares additional information to help you determine next steps. When you click through to view a {% data variables.product.prodname_dependabot %} alert, you can see the full details of the security advisory for the dependency including the affected functions. You can then check whether your code calls the impacted functions. This information can help you further assess your risk level, and determine workarounds or if you’re able to accept the risk represented by the security advisory.
 
-{% ifversion dependabot-alerts-vulnerable-calls %}
-
-For supported languages, {% data variables.product.prodname_dependabot %} detects calls to vulnerable functions for you. When you view an alert labeled as "Vulnerable call", the details include the name of the function and a link to the code that calls it. Often you will be able to take decisions based on this information, without exploring further.
-
-{% endif %}
-
 {% ifversion copilot-chat-ghas-alerts %}
 
 With a {% data variables.product.prodname_copilot_enterprise %} license, you can also ask {% data variables.product.prodname_copilot_chat %} for help to better understand {% data variables.product.prodname_dependabot_alerts %} in repositories in your organization. For more information, see [AUTOTITLE](/copilot/using-github-copilot/asking-github-copilot-questions-in-githubcom#asking-questions-about-alerts-from-github-advanced-security-features).
diff --git a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration.md b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration.md
index 2622e8c8c95e..9b8aa5ce0fc4 100644
--- a/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration.md
+++ b/content/code-security/securing-your-organization/enabling-security-features-in-your-organization/creating-a-custom-security-configuration.md
@@ -38,7 +38,7 @@ When creating a security configuration, keep in mind that:
 <!-- Note: this article has two entirely separate procedures for cloud and server users. -->
 
 >[!NOTE]
-> The enablement status of some security features is dependent on other, higher-level security features. For example, disabling dependency graph will also disable {% data variables.product.prodname_dependabot %}, vulnerability exposure analysis, and security updates. For {% data variables.product.prodname_security_configurations %}, dependent security features are indicated with indentation and {% octicon "reply" aria-hidden="true" %}.
+> The enablement status of some security features is dependent on other, higher-level security features. For example, disabling dependency graph will also disable {% data variables.product.prodname_dependabot %}, and security updates. For {% data variables.product.prodname_security_configurations %}, dependent security features are indicated with indentation and {% octicon "reply" aria-hidden="true" %}.
 
 {% data reusables.profile.access_org %}
 {% data reusables.organizations.org_settings %}
@@ -52,9 +52,6 @@ When creating a security configuration, keep in mind that:
     * {% data variables.product.prodname_dependabot %}. To learn about {% data variables.product.prodname_dependabot %}, see [AUTOTITLE](/code-security/dependabot/dependabot-alerts/about-dependabot-alerts).
     * Security updates. To learn about security updates, see [AUTOTITLE](/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates).
 
-    > [!NOTE]
-    > You cannot manually change the enablement settings for vulnerable function calls. If {% data variables.product.prodname_GH_advanced_security %} features and {% data variables.product.prodname_dependabot_alerts %} are enabled, vulnerable function calls is also enabled. Otherwise, it is disabled.
-
 1. In the "{% data variables.product.prodname_code_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for {% data variables.product.prodname_code_scanning %} default setup.{% ifversion code-scanning-default-setup-customize-labels %}
  If you want to target specific runners for {% data variables.product.prodname_code_scanning %}, you can also choose to use custom-labeled runners at this step.{% endif %} See [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#about-default-setup).
 1. In the "{% data variables.product.prodname_secret_scanning_caps %}" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for the following security features:
diff --git a/data/reusables/dependabot/dependabot-alerts-filters.md b/data/reusables/dependabot/dependabot-alerts-filters.md
index 16cece3b223b..cdd1e4c50ece 100644
--- a/data/reusables/dependabot/dependabot-alerts-filters.md
+++ b/data/reusables/dependabot/dependabot-alerts-filters.md
@@ -3,7 +3,7 @@ You can sort and filter {% data variables.product.prodname_dependabot_alerts %}
 | Option | Description | Example |
 |:---|:---|:---|
 | `ecosystem` | Displays alerts for the selected ecosystem | Use `ecosystem:npm` to show {% data variables.product.prodname_dependabot_alerts %} for npm |
-| `has` | Displays alerts meeting the selected filter criteria | Use `has:patch` to show alerts related to advisories that have a patch{% ifversion dependabot-alerts-vulnerable-calls %}</br>Use `has:vulnerable-calls` to show alerts relating to calls to vulnerable functions{% endif %} |
+| `has` | Displays alerts meeting the selected filter criteria | Use `has:patch` to show alerts related to advisories that have a patch |
 | `is` | Displays alerts based on their state | Use `is:open` to show open alerts |
 | `manifest` | Displays alerts for the selected manifest | Use `manifest:webwolf/pom.xml` to show alerts on the pom.xml file of the webwolf application |
 | `package` | Displays alerts for the selected package | Use `package:django` to show alerts for django |
diff --git a/data/reusables/dependabot/vulnerable-calls-beta.md b/data/reusables/dependabot/vulnerable-calls-beta.md
deleted file mode 100644
index 1f5cbb8d16d7..000000000000
--- a/data/reusables/dependabot/vulnerable-calls-beta.md
+++ /dev/null
@@ -1,7 +0,0 @@
-{% ifversion dependabot-alerts-vulnerable-calls %}
-
-> [!NOTE]
-> * The detection of calls to vulnerable functions by {% data variables.product.prodname_dependabot %} is in {% data variables.release-phases.public_preview %} and subject to change.
-> * {% data reusables.gated-features.dependency-vulnerable-calls %}
-
-{% endif %}
diff --git a/data/reusables/gated-features/dependency-vulnerable-calls.md b/data/reusables/gated-features/dependency-vulnerable-calls.md
deleted file mode 100644
index 0ee68c783f3e..000000000000
--- a/data/reusables/gated-features/dependency-vulnerable-calls.md
+++ /dev/null
@@ -1,4 +0,0 @@
-{%- ifversion fpt -%}Detection of vulnerable calls is enabled on public repositories. This analysis is also available in private repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have licensed {% data variables.product.prodname_GH_advanced_security %}.
-{%- elsif ghec -%}Detection of vulnerable calls is included in {% data variables.product.product_name %} for public repositories. To detect vulnerable calls in private repositories owned by organizations, your organization must have a license for {% data variables.product.prodname_GH_advanced_security %}.{%- endif %}
-
-{% data reusables.advanced-security.more-info-ghas %}