diff --git a/config/_default/menus/main.en.yaml b/config/_default/menus/main.en.yaml
index 2a5ee43b521..67248e791d8 100644
--- a/config/_default/menus/main.en.yaml
+++ b/config/_default/menus/main.en.yaml
@@ -7510,11 +7510,16 @@ menu:
       url: /security/code_security/secret_scanning/generic_ci_providers/
       parent: sec_secret_scanning
       weight: 2
+    - name: Rule Configuration
+      identifier: sec_secret_scanning_configuration
+      url: /security/code_security/secret_scanning/rule_configuration/
+      parent: sec_secret_scanning
+      weight: 3
     - name: Secret Validation
       identifier: sec_secret_scanning_secret_validation
       url: /security/code_security/secret_scanning/secret_validation/
       parent: sec_secret_scanning
-      weight: 3
+      weight: 4
     - name: Runtime Code Analysis (IAST)
       identifier: sec_iast
       url: /security/code_security/iast/
diff --git a/content/en/security/code_security/secret_scanning/configuration.md b/content/en/security/code_security/secret_scanning/configuration.md
new file mode 100644
index 00000000000..65099b962dc
--- /dev/null
+++ b/content/en/security/code_security/secret_scanning/configuration.md
@@ -0,0 +1,45 @@
+---
+title: Rule Configuration
+algolia:
+  tags: ['static analysis', 'ci pipeline', 'SAST', 'secret scanning']
+description: Reference documentation for Datadog Secret Scanning (SAST) configuration, covering rule CRUD.
+---
+
+By default, Datadog Secret Scanning scans enabled repositories with all [rules in the Secrets & Credentials category of Sensitive Data Scanner](https://docs.datadoghq.com/security/sensitive_data_scanner/scanning_rules/library_rules/?category=Secrets+and+credentials). You can customize which rules run, modify default rules, and create custom rules in the ['Code' configuration page](https://app.datadoghq.com/sensitive-data-scanner/configuration/code) in SDS.
+## Scanning groups
+There are 2 scanning groups that configure Secret Scanning rules.
+### Managed scanning group
+The managed scanning group is managed by Datadog's security team. It automatically receives new rules and updates to rules, and is enabled by default for all organizations.
+
+{{< img src="/code_security/secret_scanning/managed_scanning_group_not_customized.png" alt="Managed scanning group" style="width:100%;">}}
+
+### Custom rule scanning group
+The custom scanning group is managed by user orgs. You can [create and test custom regex rules](https://docs.datadoghq.com/security/sensitive_data_scanner/scanning_rules/custom_rules/) or add rules from the SDS rules library.
+
+{{< img src="/code_security/secret_scanning/custom_scanning_group.png" alt="Managed scanning group" style="width:100%;">}}
+
+## Configuring rules
+### Customizing default rules
+You can customize the severity and keywords of managed default rules by hovering over the specific rule, then clicking the pencil icon at the right.
+{{< img src="/code_security/secret_scanning/customize_default_rule.png" alt="Edit rule" style="width:100%;">}}
+
+The edit dialog will pop up.
+{{< img src="/code_security/secret_scanning/configure_default_rule.png" alt="Edit rule popup" style="width:100%;">}}
+
+After editing the rule and pressing **Update** at the bottom right, the modified rule appears as **Customized** in the managed scanning group.
+
+{{< img src="/code_security/secret_scanning/disable_rule.png" alt="Customized secret scanning rule in managed group" style="width:100%;">}}
+
+<div class="alert alert-info">Customized rules do not automatically receive severity/default keyword updates from Datadog's security team. To restore a rule to its managed state, hover over a customized rule and click the restore icon at the right. </div>
+
+### Creating custom rules
+You can create custom rules in the custom scanning group. Click 'Add scanning rule' at the bottom or 'Add rule' at the top right, create your regex rule, then configure the severity and keywords. After they're enabled, new rules are scanned for in your repositories upon the next commit.
+
+{{< img src="/code_security/secret_scanning/add_to_custom.png" alt="Add rule to custom group" style="width:100%;">}}
+
+You can update custom rules by hovering over the rule, then clicking the pencil icon at the right.
+
+### Disabling rules
+Disable a rule by clicking the blue toggle on the right.
+
+<div class="alert alert-info">Once a specific rule is disabled, existing findings from that rule are auto-closed in Secret Scanning upon the next commit.</div>
diff --git a/static/images/code_security/secret_scanning/add_to_custom.png b/static/images/code_security/secret_scanning/add_to_custom.png
new file mode 100644
index 00000000000..2c0f97e7ceb
Binary files /dev/null and b/static/images/code_security/secret_scanning/add_to_custom.png differ
diff --git a/static/images/code_security/secret_scanning/configure_default_rule.png b/static/images/code_security/secret_scanning/configure_default_rule.png
new file mode 100644
index 00000000000..92370793e23
Binary files /dev/null and b/static/images/code_security/secret_scanning/configure_default_rule.png differ
diff --git a/static/images/code_security/secret_scanning/custom_scanning_group.png b/static/images/code_security/secret_scanning/custom_scanning_group.png
new file mode 100644
index 00000000000..2a5e005d3b9
Binary files /dev/null and b/static/images/code_security/secret_scanning/custom_scanning_group.png differ
diff --git a/static/images/code_security/secret_scanning/customize_default_rule.png b/static/images/code_security/secret_scanning/customize_default_rule.png
new file mode 100644
index 00000000000..d39542cec39
Binary files /dev/null and b/static/images/code_security/secret_scanning/customize_default_rule.png differ
diff --git a/static/images/code_security/secret_scanning/disable_rule.png b/static/images/code_security/secret_scanning/disable_rule.png
new file mode 100644
index 00000000000..cb0def508ec
Binary files /dev/null and b/static/images/code_security/secret_scanning/disable_rule.png differ
diff --git a/static/images/code_security/secret_scanning/managed_scanning_group.png b/static/images/code_security/secret_scanning/managed_scanning_group.png
new file mode 100644
index 00000000000..3de6e47b6ee
Binary files /dev/null and b/static/images/code_security/secret_scanning/managed_scanning_group.png differ
diff --git a/static/images/code_security/secret_scanning/managed_scanning_group_not_customized.png b/static/images/code_security/secret_scanning/managed_scanning_group_not_customized.png
new file mode 100644
index 00000000000..304788b2e9d
Binary files /dev/null and b/static/images/code_security/secret_scanning/managed_scanning_group_not_customized.png differ