Update GitHub security tools table for clarity and plan requirements

Author: ChrisHowd

learn-pr/wwl-azure/resolve-github-secret-scanning-alerts-github-copilot-agent/includes/2-examine-github-security-code-quality-tools.md

@@ -125,46 +125,48 @@ Security overview provides a centralized dashboard to review the overall securit
 
 ## GitHub security tools by plan availability
 
-The following table summarizes GitHub's security and code quality tools and the GitHub plans required to use them.
-
-| Tool | All plans (public repos) | All plans (private repos) | GitHub Secret Protection | GitHub Code Security |
-|---|---|---|---|---|
-| **Supply chain security** | | | | |
-| Dependency graph | ✅ | ✅ | — | — |
-| Software Bill of Materials (SBOM) | ✅ | ✅ | — | — |
-| GitHub Advisory Database | ✅ | ✅ | — | — |
-| Dependabot alerts and security updates | ✅ | ✅ | — | — |
-| Dependabot version updates | ✅ | ✅ | — | — |
-| Dependency review | ✅ | — | — | ✅ |
-| Custom auto-triage rules for Dependabot | ✅ | — | — | ✅ |
-| **Secret security** | | | | |
-| Secret scanning alerts for partners | ✅ | — | — | — |
-| Push protection for users | ✅ | — | — | — |
-| Secret scanning alerts for users | ✅ | — | ✅ | — |
-| Push protection (repository-level) | ✅ | — | ✅ | — |
-| Copilot secret scanning | — | — | ✅ | — |
-| Delegated bypass for push protection | — | — | ✅ | — |
-| Custom patterns for secret scanning | — | — | ✅ | — |
-| **Code security** | | | | |
-| Code scanning | ✅ | — | — | ✅ |
-| CodeQL CLI | ✅ | — | — | ✅ |
-| Copilot Autofix for code scanning | ✅ | — | — | ✅ |
-| Security campaigns | — | — | — | ✅ |
-| **Code quality** | | | | |
-| GitHub Code Quality | — | — | — | ✅ \* |
-| **General security** | | | | |
-| Security policy | ✅ | ✅ | — | — |
-| Security advisories | ✅ | ✅ | — | — |
-| Repository rulesets | ✅ | ✅ | — | — |
-| Artifact attestations | ✅ | ✅ \*\* | — | — |
-| Security overview | — | — | ✅ | ✅ |
-
-\* GitHub Code Quality requires GitHub Team or GitHub Enterprise Cloud (currently in public preview).
+The following table summarizes GitHub's security and code quality tools, the minimum GitHub plan required to use them, and whether the GitHub Secret Protection or GitHub Code Security add-on is needed.
+
+> [!NOTE]
+> GitHub Secret Protection and GitHub Code Security are paid add-on products that can be purchased by organizations on **GitHub Team** and **GitHub Enterprise Cloud** plans. Many features included in these add-on products are also available for free on public repositories, as indicated in the table below.
+
+| Tool | Minimum GitHub plan | Public repos | Private repos | GitHub Secret Protection | GitHub Code Security |
+|---|---|---|---|---|---|
+| **Supply chain security** | | | | | |
+| Dependency graph | All plans | ✅ | ✅ | — | — |
+| Software Bill of Materials (SBOM) | All plans | ✅ | ✅ | — | — |
+| GitHub Advisory Database | All plans | ✅ | ✅ | — | — |
+| Dependabot alerts and security updates | All plans | ✅ | ✅ | — | — |
+| Dependabot version updates | All plans | ✅ | ✅ | — | — |
+| Dependency review | All plans (public) / GitHub Team (private) | ✅ | — | — | ✅ |
+| Custom auto-triage rules for Dependabot | All plans (public) / GitHub Team (private) | ✅ | — | — | ✅ |
+| **Secret security** | | | | | |
+| Secret scanning alerts for partners | All plans | ✅ | — | — | — |
+| Push protection for users | All plans | ✅ | — | — | — |
+| Secret scanning alerts for users | All plans (public) / GitHub Team (private) | ✅ | — | ✅ | — |
+| Push protection (repository-level) | All plans (public) / GitHub Team (private) | ✅ | — | ✅ | — |
+| Copilot secret scanning | GitHub Team | — | — | ✅ | — |
+| Delegated bypass for push protection | GitHub Team | — | — | ✅ | — |
+| Custom patterns for secret scanning | GitHub Team | — | — | ✅ | — |
+| **Code security** | | | | | |
+| Code scanning | All plans (public) / GitHub Team (private) | ✅ | — | — | ✅ |
+| CodeQL CLI | All plans (public) / GitHub Team (private) | ✅ | — | — | ✅ |
+| Copilot Autofix for code scanning | All plans (public) / GitHub Team (private) | ✅ | — | — | ✅ |
+| Security campaigns | GitHub Team | — | — | — | ✅ |
+| **Code quality** | | | | | |
+| GitHub Code Quality | GitHub Team \* | — | — | — | ✅ |
+| **General security** | | | | | |
+| Security policy | All plans | ✅ | ✅ | — | — |
+| Security advisories | All plans | ✅ | ✅ | — | — |
+| Repository rulesets | All plans | ✅ | ✅ | — | — |
+| Artifact attestations | All plans (public) / GitHub Enterprise Cloud (private) | ✅ | ✅ \*\* | — | — |
+| Security overview | GitHub Team | — | — | ✅ | ✅ |
+
+\* GitHub Code Quality is currently in public preview.
 
 \*\* Artifact attestations for private repositories require GitHub Enterprise Cloud.
 
-> [!NOTE]
-> GitHub Secret Protection and GitHub Code Security are paid add-on products available for organizations on GitHub Team and GitHub Enterprise Cloud plans. Many features included in these products are also available for free on public repositories, as indicated in the table above.
+In the table above, "All plans" means the tool is available at no extra cost on every GitHub plan, including the free plans (GitHub Free for personal accounts and GitHub Free for organizations). "GitHub Team" means the minimum required plan is GitHub Team or GitHub Enterprise Cloud, both of which are paid plans that also support purchasing the GitHub Secret Protection and GitHub Code Security add-on products. Detailed pricing information is available from GitHub.
 
 ## How GitHub's security tools work together