github · docs-bot · Jan 23, 2026 · Jan 23, 2026 · Jan 23, 2026 · Jan 23, 2026
diff --git a/content/admin/data-residency/network-details-for-ghecom.md b/content/admin/data-residency/network-details-for-ghecom.md
@@ -177,13 +177,43 @@ Japan region:
 
 ### Domains for Azure private networking
 
+#### Required for all regions
+
 * `*.<TENANT>.ghe.com`
 * `<TENANT>.ghe.com`
 * `github.com`
 * `*.githubusercontent.com`
-* `*.blob.core.windows.net`
+* `*.blob.core.windows.net` (can be further restricted by region, see below)
 * `*.web.core.windows.net`
 
+#### EU
+
+`*.blob.core.windows.net` can be replaced with:
+* `prodsdc01resultssa0.blob.core.windows.net`
+* `prodsdc01resultssa1.blob.core.windows.net`
+* `prodsdc01resultssa2.blob.core.windows.net`
+* `prodsdc01resultssa3.blob.core.windows.net`
+* `prodweu01resultssa0.blob.core.windows.net`
+* `prodweu01resultssa1.blob.core.windows.net`
+* `prodweu01resultssa2.blob.core.windows.net`
+* `prodweu01resultssa3.blob.core.windows.net` 
+
+#### Australia
+
+`*.blob.core.windows.net` can be replaced with:
+* `prodae01resultssa0.blob.core.windows.net`
+* `prodae01resultssa1.blob.core.windows.net`
+* `prodae01resultssa2.blob.core.windows.net`
+* `prodae01resultssa3.blob.core.windows.net`
+
+#### Japan
+
+`*.blob.core.windows.net` can be replaced with:
+* `prodjpw01resultssa0.blob.core.windows.net`
+* `prodjpw01resultssa1.blob.core.windows.net`
+* `prodjpw01resultssa2.blob.core.windows.net`
+* `prodjpw01resultssa3.blob.core.windows.net`
+
 ## IP ranges for {% data variables.product.prodname_importer_proper_name %}
 
 If you're running a migration to your enterprise with {% data variables.product.prodname_importer_proper_name %}, you may need to add certain ranges to an IP allow list. See [AUTOTITLE](/migrations/using-github-enterprise-importer/migrating-between-github-products/managing-access-for-a-migration-between-github-products#configuring-ip-allow-lists-for-migrations).
diff --git a/content/code-security/concepts/code-scanning/index.md b/content/code-security/concepts/code-scanning/index.md
@@ -15,7 +15,7 @@ contentType: concepts
 children:
   - /about-code-scanning
   - /about-code-scanning-alerts
-  - /evaluating-default-setup-for-code-scanning
+  - /setup-types
   - /about-integration-with-code-scanning
   - /codeql
 ---
diff --git a/content/code-security/concepts/code-scanning/setup-types.md b/content/code-security/concepts/code-scanning/setup-types.md
@@ -0,0 +1,67 @@
+---
+title: About setup types for code scanning
+shortTitle: Setup types
+intro: Depending on your needs, {% data variables.product.github %} offers a default or advanced setup for code scanning.
+topics:
+  - Code Security
+  - Code scanning
+versions:
+  fpt: '*'
+  ghes: '*'
+  ghec: '*'
+contentType: concepts
+---
+
+## About default setup
+
+Default setup for {% data variables.product.prodname_code_scanning %} is the quickest, easiest, most low-maintenance way to enable {% data variables.product.prodname_code_scanning %} for your repository. Based on the code in your repository, default setup will automatically create a custom {% data variables.product.prodname_code_scanning %} configuration. After enabling default setup, the code written in {% data variables.product.prodname_codeql %}-supported languages in your repository will be scanned:
+
+* On each push to the repository's default branch, or any protected branch. For more information on protected branches, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches).
+* When creating or committing to a pull request based against the repository's default branch, or any protected branch, excluding pull requests from forks.
+* On a weekly schedule.
+
+If you need more granular control over your {% data variables.product.prodname_code_scanning %} configuration, you should instead configure advanced setup.
+
+### Supported languages
+
+{% data reusables.code-scanning.default-setup-pre-enablement-explanation %}
+
+If the code in a repository changes to include any {% data variables.product.prodname_codeql %}-supported languages, {% data variables.product.prodname_dotcom %} will automatically update the {% data variables.product.prodname_code_scanning %} configuration to include the new language. If {% data variables.product.prodname_code_scanning %} fails with the new configuration, {% data variables.product.prodname_dotcom %} will resume the previous configuration automatically so the repository does not lose {% data variables.product.prodname_code_scanning %} coverage.
+
+### Available runners
+
+You can use default setup for all {% data variables.product.prodname_codeql %}-supported languages on self-hosted runners or {% data variables.product.prodname_dotcom %}-hosted runners.
+
+You can assign self-hosted runners for default setup by giving the runners {% ifversion code-scanning-default-setup-customize-labels %}the default `code-scanning` label, or you can optionally give them custom labels so that individual repositories can use different runners.{% else %}the `code-scanning` label.{% endif %}
+
+{% ifversion code-scanning-default-setup-customize-labels %}
+
+Unless you have a specific use case, we recommend that you only assign runners with the default `code-scanning` label. However, you may want to use custom labels to:
+
+* Assign more powerful self-hosted runners to critical repositories for faster {% data variables.product.prodname_code_scanning %} analysis.
+* Run your {% data variables.product.prodname_code_scanning %} analyses on a particular platform (for example, macOS).
+* Have granular control over the workload for your {% data variables.product.prodname_dotcom %}-hosted runners and self-hosted runners.
+
+{% endif %}
+
+## About advanced setup
+
+Advanced setup for {% data variables.product.prodname_code_scanning %} is helpful when you need to customize your {% data variables.product.prodname_code_scanning %}. By creating and editing a workflow file, you can define how to build compiled languages, choose which queries to run, select the languages to scan, use a matrix build, and more. You also have access to all the options for controlling workflows, for example: changing the scan schedule, defining workflow triggers, specifying specialist runners to use.
+
+{% ifversion fpt or ghec %}
+You can also configure {% data variables.product.prodname_code_scanning %} with third-party tools.
+
+{% else %}
+Your site administrator can also make third-party actions available to users for {% data variables.product.prodname_code_scanning %}, by setting up {% data variables.product.prodname_github_connect %}. For more information, see [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-github-connect-to-sync-github-actions).
+{% endif %}
+
+{% data reusables.code-scanning.about-multiple-configurations-link %}
+
+## Next steps
+
+You can enable default setup for a single repository, multiple repositories, or all repositories in an organization at the same time.
+
+* For a single repository, see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/configure-code-scanning/configuring-default-setup-for-code-scanning).
+* For bulk enablement, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale).
+
+To configure advanced setup instead, see [AUTOTITLE](/code-security/how-tos/scan-code-for-vulnerabilities/configure-code-scanning/configuring-advanced-setup-for-code-scanning).
diff --git a/...ilities/configure-code-scanning/configuring-advanced-setup-for-code-scanning.md b/...ilities/configure-code-scanning/configuring-advanced-setup-for-code-scanning.md
@@ -23,23 +23,11 @@ contentType: how-tos
 
 {% data reusables.code-scanning.enterprise-enable-code-scanning-actions %}
 
-## About advanced setup for {% data variables.product.prodname_code_scanning %}
-
-Advanced setup for {% data variables.product.prodname_code_scanning %} is helpful when you need to customize your {% data variables.product.prodname_code_scanning %}. By creating and editing a workflow file, you can define how to build compiled languages, choose which queries to run, select the languages to scan, use a matrix build, and more. You also have access to all the options for controlling workflows, for example: changing the scan schedule, defining workflow triggers, specifying specialist runners to use. For more information about {% data variables.product.prodname_actions %} workflows, see [AUTOTITLE](/actions/using-workflows/about-workflows).
-
-{% ifversion fpt or ghec %}
-You can also configure {% data variables.product.prodname_code_scanning %} with third-party tools. For more information, see [Configuring {% data variables.product.prodname_code_scanning %} using third-party actions](#configuring-code-scanning-using-third-party-actions).
-
-{% else %}
-Your site administrator can also make third-party actions available to users for {% data variables.product.prodname_code_scanning %}, by setting up {% data variables.product.prodname_github_connect %}. For more information, see [AUTOTITLE](/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-github-connect-to-sync-github-actions).
-{% endif %}
-
-{% data reusables.code-scanning.about-multiple-configurations-link %}
 {% data reusables.code-scanning.codeql-action-version-ghes %}
 
-If you do not need a highly customizable {% data variables.product.prodname_code_scanning %} configuration, consider using default setup for {% data variables.product.prodname_code_scanning %}. For more information on eligibility for default setup, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning#requirements-for-using-default-setup).
+If you do not need a highly customizable {% data variables.product.prodname_code_scanning %} configuration, consider using default setup for {% data variables.product.prodname_code_scanning %}. For more information, see [AUTOTITLE](/code-security/concepts/code-scanning/setup-types).
 
-### Prerequisites
+## Prerequisites
 
 Your repository is eligible for advanced setup if it meets these requirements.
 * It uses {% data variables.product.prodname_codeql %}-supported languages or you plan to generate code scanning results with a third-party tool.

diff --git a/...bilities/configure-code-scanning/configuring-default-setup-for-code-scanning.md b/...bilities/configure-code-scanning/configuring-default-setup-for-code-scanning.md
@@ -27,40 +27,14 @@ versions:
 contentType: how-tos
 ---
 
-## About default setup
+We recommend that you start using {% data variables.product.prodname_code_scanning %} with default setup. After you've initially configured default setup, you can evaluate {% data variables.product.prodname_code_scanning %} to see how it's working for you and customize it to better meet your needs. For more information, see [AUTOTITLE](/code-security/concepts/code-scanning/setup-types).
 
-Default setup for {% data variables.product.prodname_code_scanning %} is the quickest, easiest, most low-maintenance way to enable {% data variables.product.prodname_code_scanning %} for your repository. Based on the code in your repository, default setup will automatically create a custom {% data variables.product.prodname_code_scanning %} configuration. After enabling default setup, the code written in {% data variables.product.prodname_codeql %}-supported languages in your repository will be scanned:
-* On each push to the repository's default branch, or any protected branch. For more information on protected branches, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches).
-* When creating or committing to a pull request based against the repository's default branch, or any protected branch, excluding pull requests from forks.
-* On a weekly schedule.
-
-> [!NOTE]
-> If no pushes and pull requests have occurred in a repository with default setup enabled for 6 months, the weekly schedule will be disabled to save your {% data variables.product.prodname_actions %} minutes.
-
-You can also enable default setup for multiple or all repositories in an organization at the same time. For information on bulk enablement, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale).
-
-If you need more granular control over your {% data variables.product.prodname_code_scanning %} configuration, you should instead configure advanced setup. For more information, see [AUTOTITLE](/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning).
-
-### Requirements for using default setup
+## Prerequisites
 
 Your repository is eligible for default setup for {% data variables.product.prodname_code_scanning %} if:
 
 {% data reusables.code-scanning.require-actions-ghcs %}
 
-{% data reusables.code-scanning.default-setup-pre-enablement-explanation %}
-
-You can use default setup for all {% data variables.product.prodname_codeql %}-supported languages for self-hosted runners or {% data variables.product.prodname_dotcom %}-hosted runners. See [Assigning labels to runners](#assigning-labels-to-runners), later in this article.
-
-Default setup uses the `none` build mode for {% data variables.code-scanning.no_build_support %} and uses the `autobuild` build mode for other compiled languages. You should configure your self-hosted runners to make sure they can run all the necessary commands for C/C++, C#, and Swift analysis. Analysis of JavaScript/TypeScript, Go, Ruby, Python, and Kotlin code does not currently require special configuration.
-
-### Customizing default setup
-
-We recommend that you start using {% data variables.product.prodname_code_scanning %} with default setup. After you've initially configured default setup, you can evaluate {% data variables.product.prodname_code_scanning %} to see how it's working for you. If you find that something isn't working as you expect, you can customize default setup to better meet your needs. For more information, see [AUTOTITLE](/code-security/code-scanning/enabling-code-scanning/evaluating-default-setup-for-code-scanning).
-
-### About adding new languages to your default setup
-
-If the code in a repository changes to include any {% data variables.product.prodname_codeql %}-supported languages, {% data variables.product.prodname_dotcom %} will automatically update the {% data variables.product.prodname_code_scanning %} configuration to include the new language. If {% data variables.product.prodname_code_scanning %} fails with the new configuration, {% data variables.product.prodname_dotcom %} will resume the previous configuration automatically so the repository does not lose {% data variables.product.prodname_code_scanning %} coverage.
-
 ## Configuring default setup for a repository
 
 > [!NOTE]
@@ -99,24 +73,31 @@ If the code in a repository changes to include any {% data variables.product.pro
 
 1. Optionally, to view your default setup configuration after enablement, select {% octicon "kebab-horizontal" aria-label="Menu" %}, then click **{% octicon "gear" aria-hidden="true" aria-label="gear" %} View {% data variables.product.prodname_codeql %} configuration**.
 
-## Assigning labels to runners
+> [!NOTE]
+> If no pushes and pull requests have occurred in a repository with default setup enabled for 6 months, the weekly schedule will be disabled to save your {% data variables.product.prodname_actions %} minutes.
 
->[!NOTE]{% data variables.product.prodname_code_scanning_caps %} sees assigned runners when default setup is enabled. If a runner is assigned to a repository that is already running default setup, you must disable and re-enable default setup to start using the runner. If you add a runner and want to start using it, you can change the configuration manually without needing to disable and re-enable default setup.
+{% ifversion fpt or ghec %}
 
-You can also assign self-hosted runners{% ifversion code-scanning-default-setup-customize-labels %} with the default `code-scanning` label, or you can optionally give them custom labels so that individual repositories can use different runners.{% else %}with the `code-scanning` label.{% endif %} For information about assigning labels to self-hosted runners, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/using-labels-with-self-hosted-runners).
+## Running default setup on self-hosted or {% data variables.actions.hosted_runners %}
 
-{% ifversion code-scanning-default-setup-customize-labels %}
+You can use default setup for all {% data variables.product.prodname_codeql %}-supported languages on self-hosted runners or {% data variables.product.prodname_dotcom %}-hosted runners.
 
-Specifying custom labels for self-hosted runners is optional. Unless you have a specific use case, we recommend that you only assign runners with the default `code-scanning` label. For example, you may want to:
+{% else %}
 
-* Assign more powerful self-hosted runners to critical repositories for faster {% data variables.product.prodname_code_scanning %} analysis.
-* Run your {% data variables.product.prodname_code_scanning %} analyses on a particular platform (for example, macOS).
-* Have granular control over the workload for your {% data variables.product.prodname_dotcom %}-hosted runners and self-hosted runners.
+## Assigning runners for default setup
 
-Once you've assigned custom labels to self-hosted runners, your repositories can use those runners for {% data variables.product.prodname_code_scanning %} default setup. For more information, see [Configuring default setup for a repository](#configuring-default-setup-for-a-repository), earlier in this article.
+{% endif %}
 
-You can also use {% data variables.product.prodname_security_configurations %} to assign labels to self-hosted runners for {% data variables.product.prodname_code_scanning %}. See [AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration#creating-a-custom-security-configuration).
+>[!NOTE]{% data variables.product.prodname_code_scanning_caps %} sees assigned runners when default setup is enabled. If a runner is assigned to a repository that is already running default setup, you must disable and re-enable default setup to start using the runner. If you add a runner and want to start using it, you can change the configuration manually without needing to disable and re-enable default setup.
 
+### Assigning labels to self-hosted runners
+
+To assign a self-hosted runner for default setup, you can use {% ifversion code-scanning-default-setup-customize-labels %}the default `code-scanning` label, or you can optionally give them custom labels so that individual repositories can use different runners.{% else %}the `code-scanning` label.{% endif %} For information about assigning labels to self-hosted runners, see [AUTOTITLE](/actions/hosting-your-own-runners/managing-self-hosted-runners/using-labels-with-self-hosted-runners).
+
+Once you've assigned custom labels to self-hosted runners, your repositories can use those runners for {% data variables.product.prodname_code_scanning %} default setup.
+
+{% ifversion security-configurations %}
+You can also use {% data variables.product.prodname_security_configurations %} to assign labels to self-hosted runners for {% data variables.product.prodname_code_scanning %}. See [AUTOTITLE](/code-security/securing-your-organization/meeting-your-specific-security-needs-with-custom-security-configurations/creating-a-custom-security-configuration#creating-a-custom-security-configuration).
 {% endif %}
 
 {% ifversion fpt or ghec %}
@@ -127,6 +108,10 @@ To assign a {% data variables.actions.hosted_runner %}, name the runner `code-sc
 
 {% endif %}
 
+### Ensuring build support
+
+Default setup uses the `none` build mode for {% data variables.code-scanning.no_build_support %} and uses the `autobuild` build mode for other compiled languages. You should configure your self-hosted runners to make sure they can run all the necessary commands for C/C++, C#, and Swift analysis. Analysis of JavaScript/TypeScript, Go, Ruby, Python, and Kotlin code does not currently require special configuration.
+
 ## Next steps
 
 After your configuration runs successfully at least once, you can start examining and resolving {% data variables.product.prodname_code_scanning %} alerts. For more information on {% data variables.product.prodname_code_scanning %} alerts, see [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts) and [AUTOTITLE](/code-security/code-scanning/managing-code-scanning-alerts/assessing-code-scanning-alerts-for-your-repository).