diff --git a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis.md b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis.md
index e413f395c75e..210a964aebf5 100644
--- a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis.md
+++ b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/preparing-your-code-for-codeql-analysis.md
@@ -2,6 +2,7 @@
 title: Preparing your code for CodeQL analysis
 intro: 'You can build a {% data variables.product.prodname_codeql %} database containing the data needed to analyze your code.'
 shortTitle: Preparing code for analysis
+permissions: '{% data reusables.permissions.repo-checkout %}'
 product: '{% data reusables.gated-features.codeql %}'
 versions:
   fpt: '*'
diff --git a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github.md b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github.md
index 92ddbbe07af7..e469b5636f48 100644
--- a/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github.md
+++ b/content/code-security/codeql-cli/getting-started-with-the-codeql-cli/uploading-codeql-analysis-results-to-github.md
@@ -2,6 +2,7 @@
 title: Uploading CodeQL analysis results to GitHub
 shortTitle: Uploading results to GitHub
 intro: 'You can use the {% data variables.product.prodname_codeql_cli %} to upload {% data variables.product.prodname_codeql %} analysis results to {% data variables.product.product_name %}.'
+permissions: '{% data reusables.permissions.code-scanning-all-alerts %}'
 product: '{% data reusables.gated-features.codeql %}'
 versions:
   fpt: '*'
@@ -25,7 +26,12 @@ If you used a method other than the {% data variables.product.prodname_codeql_cl
 
 ## Generating a token for authentication with {% data variables.product.product_name %}
 
-Before you can upload your results to {% data variables.product.product_name %}, you will first need to generate a {% data variables.product.pat_generic %} with the `security_events` write permission. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)."
+Before you can upload your results to {% data variables.product.product_name %}, you will first need to generate a {% data variables.product.pat_generic %}.
+
+* **{% data variables.product.pat_v1_caps %}** requires "{% data variables.product.prodname_code_scanning_caps %} alerts" **Read and write** access for the required repositories.
+* **{% data variables.product.pat_v2_caps %}** requires "repo" **security_events** access.
+
+For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)."
 
 If you have installed the {% data variables.product.prodname_codeql_cli %} in a third-party CI system to create results to display in {% data variables.product.prodname_dotcom %} as code scanning alerts, you can use a {% data variables.product.prodname_github_app %} or {% data variables.product.pat_generic %} to upload results to {% data variables.product.product_name %}. For more information, see "[AUTOTITLE](/code-security/code-scanning/integrating-with-code-scanning/using-code-scanning-with-your-existing-ci-system#generating-a-token-for-authentication-with-github)."
 
diff --git a/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/about-codeql-for-vs-code.md b/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/about-codeql-for-vs-code.md
index 9993b39ff74d..da7e73b023c4 100644
--- a/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/about-codeql-for-vs-code.md
+++ b/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/about-codeql-for-vs-code.md
@@ -5,6 +5,7 @@ versions:
   fpt: '*'
   ghec: '*'
   ghes: '*'
+product: '{% data reusables.gated-features.codeql %}'
 topics:
   - Advanced Security
   - Code scanning
diff --git a/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/installing-codeql-for-vs-code.md b/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/installing-codeql-for-vs-code.md
index 83f5b2fba501..7900bb7323fa 100644
--- a/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/installing-codeql-for-vs-code.md
+++ b/content/code-security/codeql-for-vs-code/getting-started-with-codeql-for-vs-code/installing-codeql-for-vs-code.md
@@ -5,6 +5,7 @@ versions:
   fpt: '*'
   ghec: '*'
   ghes: '*'
+product: '{% data reusables.gated-features.codeql %}'
 topics:
   - Advanced Security
   - Code scanning
diff --git a/data/reusables/code-scanning/codeql-license.md b/data/reusables/code-scanning/codeql-license.md
index 2aa62389711f..cfbe90443883 100644
--- a/data/reusables/code-scanning/codeql-license.md
+++ b/data/reusables/code-scanning/codeql-license.md
@@ -1,20 +1,5 @@
 ## About the {% data variables.product.prodname_dotcom %} {% data variables.product.prodname_codeql %} license
 
-**License notice:** If you don’t have a {% data variables.product.prodname_enterprise %} license then, by installing this product, you are agreeing to the [{% data variables.product.prodname_dotcom %} {% data variables.product.prodname_codeql %} Terms and Conditions](https://securitylab.github.com/tools/codeql/license).
-
-{% data variables.product.prodname_dotcom %} {% data variables.product.prodname_codeql %} is licensed on a per-user basis. Under the license restrictions, you can use {% data variables.product.prodname_codeql %} to perform the following tasks:
-
-* To perform academic research.
-* To demonstrate the software.
-* To test {% data variables.product.prodname_codeql %} queries that are released under an OSI-approved License to confirm that new versions of those queries continue to find the right vulnerabilities.
-
-Where "OSI-approved License" means an Open Source Initiative (OSI)-approved open source software license.
-
-If you are working with an Open Source Codebase (that is, a codebase that is released under an OSI-approved License) you can also use {% data variables.product.prodname_codeql %} for the following tasks:
-
-* To perform analysis of the Open Source Codebase.
-* If the Open Source Codebase is hosted and maintained on {% data variables.product.prodname_dotcom_the_website %}, to generate {% data variables.product.prodname_codeql %} databases for or during automated analysis, continuous integration, or continuous delivery.
-
-{% data variables.product.prodname_codeql %} can’t be used for automated analysis, continuous integration or continuous delivery, whether as part of normal software engineering processes or otherwise, except in the express cases set forth herein unless you have a license for {% data variables.product.prodname_GH_advanced_security %}.
+**License notice:** If you don’t have a license for {% data variables.product.prodname_GH_advanced_security %} then, by installing this product, you are agreeing to the [{% data variables.product.prodname_dotcom %} {% data variables.product.prodname_codeql %} Terms and Conditions](https://github.com/github/codeql-cli-binaries/blob/main/LICENSE.md).
 
 {% data reusables.advanced-security.ghas-trial %}
diff --git a/data/reusables/permissions/repo-checkout.md b/data/reusables/permissions/repo-checkout.md
new file mode 100644
index 000000000000..b88d73a5cda4
--- /dev/null
+++ b/data/reusables/permissions/repo-checkout.md
@@ -0,0 +1 @@
+Users with **read** access to a repository
diff --git a/data/reusables/rai/code-scanning/gated-feature-autofix.md b/data/reusables/rai/code-scanning/gated-feature-autofix.md
index f8bc26c8aed4..b22b2fe0df3f 100644
--- a/data/reusables/rai/code-scanning/gated-feature-autofix.md
+++ b/data/reusables/rai/code-scanning/gated-feature-autofix.md
@@ -1 +1,4 @@
-{% data variables.product.prodname_copilot_autofix %} for {% data variables.product.prodname_code_scanning %} is available for all public repositories on {% data variables.product.prodname_dotcom_the_website %}. {% data variables.product.prodname_copilot_autofix %} for {% data variables.product.prodname_code_scanning %} is also available for private repositories owned by organizations that use {% data variables.product.prodname_ghe_cloud %} and have a license for {% data variables.product.prodname_GH_advanced_security %}. For more information, see "[AUTOTITLE](/get-started/learning-about-github/about-github-advanced-security)."
+{% data variables.product.prodname_copilot_autofix %} for {% data variables.product.prodname_code_scanning %} is available for the following repository types:
+
+* Public repositories on {% data variables.product.prodname_dotcom_the_website %}
+* Organization-owned repositories on {% data variables.product.prodname_ghe_cloud %} with [{% data variables.product.prodname_GH_advanced_security %}](/get-started/learning-about-github/about-github-advanced-security) enabled