Hack week 2025: fix "alt text length" warnings in code-security (#53854)

Author: felicitymay

content/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts.md

@@ -50,7 +50,7 @@ Each alert highlights a problem with the code and the name of the tool that iden
 
 {% data reusables.code-scanning.alert-default-branch %}
 
-![Screenshot showing the elements of a {% data variables.product.prodname_code_scanning %} alert, including the title of the alert and relevant lines of code at left and the severity level, affected branches, and weaknesses at right. ](/assets/images/help/repository/code-scanning-alert.png)
+![Screenshot of a {% data variables.product.prodname_code_scanning %} alert, includes the alert title, relevant lines of code at the left, metadata at the right.](/assets/images/help/repository/code-scanning-alert.png)
 
 If you configure {% data variables.product.prodname_code_scanning %} using {% data variables.product.prodname_codeql %}, you can also find data-flow problems in your code. Data-flow analysis finds potential security issues in code, such as: using data insecurely, passing dangerous arguments to functions, and leaking sensitive information.
 

content/code-security/code-scanning/managing-code-scanning-alerts/tracking-code-scanning-alerts-in-issues-using-task-lists.md

@@ -32,7 +32,7 @@ You can use more than one issue to track the same {% data variables.product.prod
 
 * The {% data variables.product.prodname_code_scanning %} alerts list page will show which alerts are tracked in issues so that you can view at a glance which alerts still require processing and how many issues they are tracked in.
 
-  ![Screenshot of the {% data variables.product.prodname_code_scanning %} alerts view. The first entry includes the issue icon followed by the number 2. The third entry includes the issue icon followed by the number 1. Both are outlined in dark orange.](/assets/images/help/repository/code-scanning-alert-list-tracked-issues.png)
+  ![Screenshot of {% data variables.product.prodname_code_scanning %} alerts view. The first and third entries include the issue icon with the issue number.](/assets/images/help/repository/code-scanning-alert-list-tracked-issues.png)
 
 * A "tracked in" section will also show in the corresponding alert page.
 
@@ -45,7 +45,7 @@ You can use more than one issue to track the same {% data variables.product.prod
 
   The color of the icon is grey because an alert has a status of "open" or "closed" on every branch. The issue tracks an alert, so the alert cannot have a single open/closed state in the issue. If the alert is closed on one branch, the icon color will not change.
 
-  ![Screenshot showing an issue that tracks a {% data variables.product.prodname_code_scanning %} alert. The hovercard for the alert is displayed, with a grey security badge icon preceding the title.](/assets/images/help/repository/code-scanning-tracking-issue-hovercard.png)
+  ![Screenshot of an issue that tracks a {% data variables.product.prodname_code_scanning %} alert. The hovercard is displayed, with a grey security badge icon.](/assets/images/help/repository/code-scanning-tracking-issue-hovercard.png)
 
 The status of the tracked alert won't change if you change the checkbox state of the corresponding task list item (checked/unchecked) in the issue.
 

content/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests.md

@@ -133,7 +133,7 @@ When {% data variables.product.prodname_copilot_autofix_short %} is enabled for
 
 Usually, when you suggest changes to a pull request, your comment contains changes for a single file that is changed in the pull request. The following screenshot shows an {% data variables.product.prodname_copilot_autofix_short %} comment that suggests changes to the `index.js` file where the alert is displayed. Since the potential fix requires a new dependency on `escape-html`, the comment also suggests adding this dependency to the `package.json` file, even though the original pull request makes no changes to this file.
 
-![Screenshot of the {% data variables.product.prodname_copilot_autofix_short %} suggestion with explanation and change in the current file. A suggested change in "package.json" is outlined in dark orange.](/assets/images/help/code-scanning/autofix-example.png)
+![Screenshot of {% data variables.product.prodname_copilot_autofix_short %} suggestion to edit the current file. A suggested change in "package.json" is outlined in dark orange.](/assets/images/help/code-scanning/autofix-example.png)
 
 ### Assessing and committing an {% data variables.product.prodname_copilot_autofix_short %} suggestion
 

content/code-security/code-scanning/troubleshooting-code-scanning/advanced-security-must-be-enabled.md

@@ -39,7 +39,7 @@ If you are on a free, pro, or team plan, you can only use {% data variables.prod
 1. If there is an associated and active **Enable** button, {% data variables.product.prodname_GH_advanced_security %} is available for this repository but not yet enabled.
 1. If use of {% data variables.product.prodname_GH_advanced_security %} is blocked by a policy, the **Enable** button is inactive and the owner of the policy is listed.
 
-   ![Screenshot of the "{% data variables.product.prodname_GH_advanced_security %}" setting. The owner of the enterprise policy and the inactive "Enable" button are highlighted with a dark orange outline.](/assets/images/help/repository/ghas-enterprise-policy-block.png)
+   ![Screenshot of the "{% data variables.product.prodname_GH_advanced_security %}" setting. The owner of the enterprise policy and the inactive "Enable" button are outlined in orange.](/assets/images/help/repository/ghas-enterprise-policy-block.png)
 
 ## Fixing the problem
 

content/code-security/codeql-for-vs-code/using-the-advanced-functionality-of-the-codeql-for-vs-code-extension/using-the-codeql-model-editor.md

@@ -61,11 +61,11 @@ This section uses an open source Java project called "sofa-jraft" as an example.
 
 1. Display the {% data variables.product.prodname_codeql %} model editor. By default the editor runs in application mode, so the list of external APIs used by the selected codebase is shown.
 
-    ![Screenshot of the "Application mode" view of the CodeQL model pack editor in Visual Studio Code showing two of the external Java frameworks used by the "sofa-jraft" codebase.](/assets/images/help/security/codeql-for-vs-code-model-application-mode.png)
+    ![Screenshot of the "Application mode" view showing two of the external Java frameworks used by the "sofa-jraft" codebase.](/assets/images/help/security/codeql-for-vs-code-model-application-mode.png)
 
 1. Click to expand an external API and view the list of calls from the codebase to the external dependency.
 
-    ![Screenshot of the "Application mode" view of the CodeQL model pack editor in Visual Studio Code showing the calls to the "rocksdbjni" framework ready for modeling. The "View" option for the first call is highlighted with a dark orange outline.](/assets/images/help/security/codeql-for-vs-code-model-application-mode-expanded.png)
+    ![Screenshot of  "Application mode" showing the calls to the "rocksdbjni" framework. The "View" option for the first call is outlined in orange.](/assets/images/help/security/codeql-for-vs-code-model-application-mode-expanded.png)
 
 1. Click **View** associated with an API call or method to show where it is used in your codebase.
 
@@ -104,13 +104,13 @@ This section uses an open source Java project called "sofa-jraft" as an example.
 
 1. Display the {% data variables.product.prodname_codeql %} model editor. By default the editor runs in application mode. Click **Model as dependency** to display dependency mode. The screen changes to show the public API of the framework or library.
 
-    ![Screenshot of the "Dependency mode" view of the CodeQL model pack editor in Visual Studio Code showing three of the packages published by the "sofa-jraft" codebase.](/assets/images/help/security/codeql-for-vs-code-model-dependency-mode.png)
+    ![Screenshot of the "Dependency mode" view showing three of the packages published by the "sofa-jraft" codebase.](/assets/images/help/security/codeql-for-vs-code-model-dependency-mode.png)
 
 1. Click to expand a package and view the list of available methods.
 
 1. Click **View** associated with a method to show its definition.
 
-    ![Screenshot of the "Dependency mode" view of the CodeQL model pack editor in Visual Studio Code showing one model for the "com.alipay.sofa.jraft.option.BallotBoxOptions.getClosureQueue()" method. The "+" button is outlined in dark orange. Click this button to create a second model for the method.](/assets/images/help/security/codeql-for-vs-code-model-dependency-mode-expanded.png)
+    ![Screenshot of "Dependency mode" with one model for "com.alipay.sofa.jraft.option.BallotBoxOptions.getClosureQueue()". The "+" button is outlined.](/assets/images/help/security/codeql-for-vs-code-model-dependency-mode-expanded.png)
 
 1. When you have determined how to model the method, define the "Model type".
 
@@ -141,7 +141,7 @@ The editor will create a separate model file for each package that you model.
 
 Some methods support more than one data flow. It is important to model all the data flows for a method, otherwise you cannot detect all the potential problems associated with using the method. First you model one data flow for the method, and then use the **+** button in the method row to specify a second data flow model.
 
-![Screenshot of the "Dependency mode" view of the CodeQL model pack editor in Visual Studio Code showing the public methods available in the "com.alipay.soft.jraft.option" package ready for modeling. The "View" option for the first method is highlighted with a dark orange outline.](/assets/images/help/security/codeql-for-vs-code-model-dependency-mode-plus.png)
+![Screenshot of the "Dependency mode" view with public methods available in "com.alipay.soft.jraft.option". A "View" option is outlined in orange.](/assets/images/help/security/codeql-for-vs-code-model-dependency-mode-plus.png)
 
 ## Testing {% data variables.product.prodname_codeql %} model packs in {% data variables.product.prodname_vscode_shortname %}
 

content/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts.md

@@ -48,7 +48,7 @@ You can configure notification settings for yourself or your organization from t
 {% data reusables.notifications.vulnerable-dependency-notification-options %}
 
 {% ifversion update-notification-settings-22 %}
-![Screenshot of the notification options for {% data variables.product.prodname_dependabot_alerts %}. A dropdown menu, showing notification frequency options, is highlighted with an orange outline.](/assets/images/help/dependabot/dependabot-notification-frequency.png){% endif %}{% ifversion ghes %}
+![Screenshot of the notification options for {% data variables.product.prodname_dependabot_alerts %}. A dropdown menu with frequency options is outlined in orange.](/assets/images/help/dependabot/dependabot-notification-frequency.png){% endif %}{% ifversion ghes %}
 ![Screenshot of the notification options for {% data variables.product.prodname_dependabot_alerts %}.](/assets/images/help/enterprises/dependabot-alerts-options-no-ui.png){% endif %}
 
 > [!NOTE]

content/code-security/getting-started/quickstart-for-securing-your-organization.md

@@ -104,7 +104,7 @@ You can choose to enable a security feature automatically in all new repositorie
 1. In the left sidebar, click **{% octicon "codescan" aria-hidden="true" %} Code security and analysis**.
 1. Below the name of the feature, select the option for automatically enabling the feature in applicable future repositories.
 
-   ![Screenshot of "Code security and analysis" page. Below "Dependabot alerts", a checkbox to enable the feature in future repositories is highlighted in orange.](/assets/images/help/security/enable-for-new-repos.png)
+   ![Screenshot of "Code security and analysis" page. Below "Dependabot alerts", the checkbox to enable alerts in new repositories is outlined in orange.](/assets/images/help/security/enable-for-new-repos.png)
 
 ## Monitoring the impact of security features
 

content/code-security/secret-scanning/managing-alerts-from-secret-scanning/monitoring-alerts.md

@@ -34,7 +34,7 @@ In addition to displaying an alert in the **Security** tab of the repository, {%
 1. On your notification settings page, under "Subscriptions", then under "Watching", select the **Notify me** dropdown.
 1. Select "Email" as a notification option, then click **Save**.
 
-   ![Screenshot of the notification settings for a user account. An element header, titled "Subscriptions", and a sub-header, titled "Watching", are shown. A checkbox, titled "Email", is highlighted with an orange outline.](/assets/images/help/notifications/repository-watching-notification-options.png)
+   ![Screenshot of the notification settings for a user account. Under "Subscriptions" and "Watching" a checkbox, titled "Email", is outlined in orange.](/assets/images/help/notifications/repository-watching-notification-options.png)
 
 {% data reusables.notifications.watch-settings %}
 

content/code-security/secret-scanning/secret-scanning-partnership-program/secret-scanning-partner-program.md

@@ -56,7 +56,7 @@ To scan for your secrets, {% data variables.product.prodname_dotcom %} needs the
   * High entropy random strings
   * A 32-bit checksum
 
-  ![Screenshot showing the breakdown of a secret into details to be considered when submitting to GitHub a regular expression to find high quality secrets.](/assets/images/help/security/regular-expression-guidance.png)
+  ![Screenshot showing the breakdown of a secret into a prefix and a 32-bit checksum.](/assets/images/help/security/regular-expression-guidance.png)
 
 * A test account for your service. This will allow us to generate and analyze examples of the secrets, further reducing false positives.
 * The URL of the endpoint that receives messages from {% data variables.product.prodname_dotcom %}. The URL doesn't have to be unique for each secret type.

content/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/best-practices-for-writing-repository-security-advisories.md

@@ -105,7 +105,7 @@ For examples showing how affected versions are defined in some existing advisori
 
 * You cannot specify multiple affected version ranges in the same field, such as `> 2.0, < 2.3, > 3.0, < 3.2`.To specify more than one range, you must create a new **Affected products** section for each range, by clicking the **+ Add another affected product** button.
 
-  ![Screenshot of the "Affected products" area of the security advisory form. A link, labeled "Add another affected product", is highlighted with a dark orange outline.](/assets/images/help/security/security-advisory-add-another-affected-product.png)
+  ![Screenshot of the "Affected products" area of the security advisory form. The "Add another affected product" link is outlined in dark orange.](/assets/images/help/security/security-advisory-add-another-affected-product.png)
 * If the affected version range includes only a single upper or lower bound:
   * The implicit value is always `> 0` if the lower bound is not explicitly specified.
   * The implicit value is always infinity if the upper bound is not explicitly specified.

content/code-security/security-advisories/working-with-repository-security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-repository-security-vulnerability.md

@@ -37,7 +37,7 @@ To keep information about vulnerabilities secure, integrations, including CI, ca
 1. In the "Security Advisories" list, click the name of the security advisory you'd like to create a temporary private fork in.
 1. Scroll to the bottom of the advisory form and click **Start a temporary private fork**.
 
-   ![Screenshot of the "Collaborate on a patch in private" area of the form. A button, labeled "Start a temporary private fork", is outlined in dark orange.](/assets/images/help/security/new-temporary-private-fork-button.png)
+   ![Screenshot of the "Collaborate on a patch in private" area of the form. The "Start a temporary private fork" button is outlined in dark orange.](/assets/images/help/security/new-temporary-private-fork-button.png)
 
    A private fork of the repository is created and shown on the advisory page.
 

content/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository.md

@@ -31,7 +31,7 @@ The instructions in this article refer to enablement at repository level. For in
 {% data reusables.repositories.sidebar-settings %}
 {% data reusables.repositories.navigate-to-code-security-and-analysis %}
 1. Under "Code security and analysis", to the right of "Private vulnerability reporting", click **Enable** or **Disable**, to enable or disable the feature, respectively.
-   ![Screenshot of the "Code security and analysis" page, showing the "Private vulnerability reporting" setting. The "Enable" button is outlined in dark orange.](/assets/images/help/security/private-vulnerability-reporting-enable-or-disable-repo.png)
+   ![Screenshot of the "Code security and analysis" page, showing the "Private vulnerability reporting" setting. The "Enable" button is outlined in orange.](/assets/images/help/security/private-vulnerability-reporting-enable-or-disable-repo.png)
 
 {% data reusables.security-advisory.private-vulnerability-reporting-security-researcher %}
 
@@ -56,6 +56,6 @@ Notifications depend on the user's notification preferences. You will receive an
 1. On your notification settings page, under "Subscriptions," then under "Watching," select the **Notify me** dropdown.
 1. Select "Email" as a notification option, then click **Save**.
 
-   ![Screenshot of the notification settings for a user account. An element header, titled "Subscriptions", and a sub-header, titled "Watching", are shown. A checkbox, titled "Email", is highlighted with an orange outline.](/assets/images/help/notifications/repository-watching-notification-options.png)
+   ![Screenshot of the notification settings for a user account. Under "Subscriptions" and "Watching" a checkbox, titled "Email", is outlined in orange.](/assets/images/help/notifications/repository-watching-notification-options.png)
 
 {% data reusables.notifications.watch-settings %}

content/code-security/security-advisories/working-with-repository-security-advisories/publishing-a-repository-security-advisory.md

@@ -70,7 +70,7 @@ Publishing a security advisory deletes the temporary private fork for the securi
 1. In the "Security Advisories" list, click the name of the security advisory you'd like to publish.
 1. Scroll to the bottom of the advisory form and click **Publish advisory**.
 
-   ![Screenshot of the "Required advisory information has been provided" area of a draft security advisory. The "Publish advisory" button is outlined in dark orange.](/assets/images/help/security/publish-advisory-button.png)
+   ![Screenshot of the "Required advisory information has been provided" area of the page. The "Publish advisory" button is outlined in orange.](/assets/images/help/security/publish-advisory-button.png)
 
   > [!NOTE]
   > If you selected "Request CVE ID later", you will see a **Request CVE** button in place of the **Publish advisory** button. For more information, see [Requesting a CVE identification number (Optional)](#requesting-a-cve-identification-number-optional) below.
@@ -89,7 +89,7 @@ Publishing a security advisory deletes the temporary private fork for the securi
 1. In the "Security Advisories" list, click the name of the security advisory you'd like to request a CVE identification number for.
 1. Scroll to the bottom of the advisory form and click **Request CVE**.
 
-   ![Screenshot of the "Required advisory information has been provided" area of a draft security advisory. The "Request CVE" button is outlined in dark orange.](/assets/images/help/security/security-advisory-request-cve-button.png)
+   ![Screenshot of the "Required advisory information has been provided" area of the page. The "Request CVE" button is outlined in dark orange.](/assets/images/help/security/security-advisory-request-cve-button.png)
 
 ## Further reading
 

content/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository.md

@@ -91,7 +91,7 @@ You may notice some repositories have a "Used by" section in the sidebar of the
 
 The "Used by" section shows the number of public references to the package that were found, and displays the avatars of some of the owners of the dependent projects.
 
-![Screenshot of the "Used by" section for a repository. To the right of the "Used by" header is "13.4m." Under the header are 8 avatars and "+13,435,819."](/assets/images/help/repository/used-by-section.png)
+![Screenshot of the "Used by" section for a repository showing the summary of "13.4m" with details of 8 avatars and "+13,435,819."](/assets/images/help/repository/used-by-section.png)
 
 Clicking any item in this section takes you to the **Dependents** tab of the dependency graph.