Managing security and analysis settings for your organization

You can control features that secure and analyze the code in your organization's projects on GitHub.

Organization owners can manage security and analysis settings for repositories in the organization.

In this article

About management of security and analysis settings

GitHub can help secure the repositories in your organization. You can manage the security and analysis features for all existing or new repositories that members create in your organization.

Note: You can't disable some security and analysis features that are enabled by default for public repositories.

If you enable security and analysis features, GitHub performs read-only analysis on your repository. For more information, see "About GitHub's use of your data."

Displaying the security and analysis settings

  1. In the top right corner of GitHub, click your profile photo, then click Your profile.
    Profile photo
  2. On the left side of your profile page, under "Organizations", click the icon for your organization.
    organization icons
  3. Under your organization name, click Settings.
    Organization settings button
  4. In the left sidebar, click Security & analysis.
    "Security & analysis" tab in organization settings

The page that's displayed allows you to enable or disable security and analysis features for the repositories in your organization.

Enabling or disabling a feature for all existing repositories

  1. Go to the security and analysis settings for your organization. For more information, see "Displaying the security and analysis settings."
  2. Under "Configure security and analysis features", to the right of the feature, click Disable all or Enable all.
    "Enable all" or "Disable all" button for "Configure security and analysis" features
  3. Optionally, enable the feature by default for new repositories in your organization.
    "Enable by default" option for new repositories
  4. Click Disable FEATURE or Enable FEATURE to disable or enable the feature for all the repositories in your organization.
    Button to disable or enable feature

Enabling or disabling a feature for all new repositories when they are added

  1. Go to the security and analysis settings for your organization. For more information, see "Displaying the security and analysis settings."
  2. Under "Configure security and analysis features", to the right of the feature, enable or disable the feature by default for new repositories in your organization.
    Checkbox for enabling or disabling a feature for new repositories

Allowing Dependabot to access private repositories

Dependabot can check for outdated dependency references in a project and automatically generate a pull request to update them. To do this, Dependabot must have access to the targeted dependency files. By default, Dependabot can't update dependencies that are located in private repositories. However, if a dependency is in a private GitHub repository within the same organization as the project that uses that dependency, you can allow Dependabot to update the version successfully by giving it access to the host repository. For more information, including details of limitations to private dependency support, see "About Dependabot version updates."

  1. Go to the security and analysis settings for your organization. For more information, see "Displaying the security and analysis settings."
  2. In the "Dependabot repository access" section, click the settings button .
    Repository access setting button
    A list is displayed showing all of the private repositories in your organization.
    The Repositories list
  3. Select the repositories that Dependabot can access.
  4. Click Select repositories.

Further reading

Did this doc help you?

Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.