Securing your organization

You can use a number of GitHub features to help keep your organization secure.

Organization owners can configure organization security settings.

Introduction

This guide shows you how to configure security features for an organization. Your organization's security needs are unique and you may not need to enable every security feature. For more information, see "GitHub security features."

Some features are available for repositories on all plans. Additional features are available to enterprises that use GitHub Advanced Security. GitHub Advanced Security features are also enabled for all public repositories on GitHub.com. 更多信息请参阅“关于 GitHub Advanced Security”。

Managing access to your organization

You can use roles to control what actions people can take in your organization. For example, you can assign the security manager role to a team to give them the ability to manage security settings across your organization, as well as read access to all repositories. For more information, see "Roles in an organization."

Creating a default security policy

You can create a default security policy that will display in any of your organization's public repositories that do not have their own security policy. For more information, see "Creating a default community health file."

Managing Dependabot 警报 and the dependency graph

By default, GitHub detects vulnerabilities in public repositories and generates Dependabot 警报 and a dependency graph. You can enable or disable Dependabot 警报 and the dependency graph for all private repositories owned by your organization.

  1. Click your profile photo, then click Organizations.
  2. Click Settings next to your organization.
  3. Click Security & analysis.
  4. Click Enable all or Disable all next to the feature that you want to manage.
  5. Optionally, select Automatically enable for new repositories.

For more information, see "About alerts for vulnerable dependencies," "Exploring the dependencies of a repository," and "Managing security and analysis settings for your organization."

Managing dependency review

Dependency review is an Advanced Security feature that lets you visualize dependency changes in pull requests before they are merged into your repositories. For more information, see "About dependency review."

Dependency review is already enabled for all public repositories. Organizations that use GitHub Enterprise Cloud with Advanced Security can additionally enable dependency review for private and internal repositories. For more information, see the GitHub Enterprise Cloud documentation.

Managing Dependabot 安全更新

For any repository that uses Dependabot 警报, you can enable Dependabot 安全更新 to raise pull requests with security updates when vulnerabilities are detected. You can also enable or disable Dependabot 安全更新 for all repositories across your organization.

  1. Click your profile photo, then click Organizations.
  2. Click Settings next to your organization.
  3. Click Security & analysis.
  4. Click Enable all or Disable all next to Dependabot 安全更新.
  5. Optionally, select Automatically enable for new repositories.

For more information, see "About Dependabot 安全更新" and "Managing security and analysis settings for your organization."

Managing Dependabot 版本更新

You can enable Dependabot to automatically raise pull requests to keep your dependencies up-to-date. For more information, see "About Dependabot 版本更新."

To enable Dependabot 版本更新, you must create a dependabot.yml configuration file. For more information, see "Enabling and disabling Dependabot version updates."

Configuring 秘密扫描

秘密扫描 is an Advanced Security feature that scans repositories for secrets that are insecurely stored.

秘密扫描 is already enabled for all public repositories. Organizations that use GitHub Enterprise Cloud with Advanced Security can additionally enable 秘密扫描 for private and internal repositories. For more information, see the GitHub Enterprise Cloud documentation.

Configuring 代码扫描

代码扫描 is an Advanced Security feature that scans code for security vulnerabilities and errors

代码扫描 is available for all public repositories. Organizations that use GitHub Enterprise Cloud with Advanced Security can additionally use 代码扫描 for private and internal repositories.

代码扫描 is configured at the repository level. For more information, see "Setting up 代码扫描 for a repository."

Next steps

You can view, filter, and sort security alerts for repositories owned by your organization in the security overview. For more information, see "About the security overview."

You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see "Viewing and updating vulnerable dependencies in your repository," "Managing pull requests for dependency updates," "Managing 代码扫描 for your repository," and "Managing alerts from 秘密扫描."

If you have a security vulnerability, you can create a security advisory to privately discuss and fix the vulnerability. For more information, see "About GitHub Security Advisories" and "Creating a security advisory."

此文档对您有帮助吗?

隐私政策

帮助我们创建出色的文档!

所有 GitHub 文档都是开源的。看到错误或不清楚的内容了吗?提交拉取请求。

做出贡献

或者, 了解如何参与。