Enabling GitHub Advanced Security for your enterprise

You can configure GitHub Enterprise Server to include GitHub Advanced Security. This provides extra features that help users find and fix security problems in their code.

GitHub Advanced Security is available for enterprise accounts on GitHub Enterprise Cloud and GitHub Enterprise Server. For more information, see "About GitHub's products."

About enabling GitHub Advanced Security

GitHub Advanced Security 帮助开发者改善和维护代码的安全性和质量。 更多信息请参阅“关于 GitHub Advanced Security”。

When you enable GitHub Advanced Security for your enterprise, repository administrators in all organizations can enable the features unless you set up a policy to restrict access. For more information, see "Enforcing policies for Advanced Security in your enterprise."

For guidance on a phased deployment of GitHub Advanced Security, see "Deploying GitHub Advanced Security in your enterprise."

Checking whether your license includes GitHub Advanced Security

  1. 在 GitHub Enterprise Server 的右上角,单击您的个人资料照片,然后单击 Enterprise settings(Enterprise 设置)GitHub Enterprise Server 上个人资料照片下拉菜单中的"Enterprise settings(企业设置)"

  2. 在企业帐户侧边栏中,单击 Settings(设置)企业帐户侧边栏中的“设置”选项卡

  3. 在左侧边栏中,单击 License(许可)企业帐户设置边栏中的"License(许可)"选项卡

  4. If your license includes GitHub Advanced Security, the license page includes a section showing details of current usage. GitHub Advanced Security section of Enterprise license

Prerequisites for enabling GitHub Advanced Security

  1. Upgrade your license for GitHub Enterprise Server to include GitHub Advanced Security. For information about licensing, see "About billing for GitHub Advanced Security."

  2. Download the new license file. For more information, see "Downloading your license for GitHub Enterprise."

  3. Upload the new license file to your GitHub Enterprise Server instance. For more information, see "Uploading a new license to GitHub Enterprise Server."

  4. Review the prerequisites for the features you plan to enable.

Enabling and disabling GitHub Advanced Security features

警告:更改此设置将导致 GitHub Enterprise Server 上面向用户的服务重新启动。 您应谨慎安排更改时间,以尽量减少用户的停机时间。

  1. 从 GitHub Enterprise Server 上的管理帐户,点击任何页面右上角的 用于访问站点管理员设置的火箭图标
  2. 在左侧边栏中,单击 管理控制台左侧边栏中的 管理控制台 选项卡
  3. In the left sidebar, click Security. Security sidebar
  4. Under "Security," select the features that you want to enable and deselect any features you want to disable. Checkbox to enable or disable Advanced Security features
  5. 在左侧边栏下,单击 Save settings(保存设置)管理控制台 中的 Save settings 按钮
  6. 等待配置运行完毕。

When GitHub Enterprise Server has finished restarting, you're ready to set up any additional resources required for newly enabled features. For more information, see "Configuring 代码扫描 for your appliance."

Enabling or disabling GitHub Advanced Security features via the administrative shell (SSH)

You can enable or disable features programmatically on your GitHub Enterprise Server instance. For more information about the administrative shell and command-line utilities for GitHub Enterprise Server, see "Accessing the administrative shell (SSH)" and "Command-line utilities."

For example, you can enable any GitHub Advanced Security feature with your infrastructure-as-code tooling when you deploy an instance for staging or disaster recovery.

  1. SSH into your GitHub Enterprise Server instance.

  2. Enable features for GitHub Advanced Security.

    • To enable 代码扫描, enter the following commands.
      ghe-config app.minio.enabled true
      ghe-config app.code-scanning.enabled true
    • To enable 秘密扫描, enter the following command.
      ghe-config app.secret-scanning.enabled true
    • To enable Dependabot, enter the following command.
      ghe-config app.dependency-graph.enabled true
  3. Optionally, disable features for GitHub Advanced Security.

    • To disable 代码扫描, enter the following commands.
      ghe-config app.minio.enabled false
      ghe-config app.code-scanning.enabled false
    • To disable 秘密扫描, enter the following command.
      ghe-config app.secret-scanning.enabled false
    • To disable Dependabot 警报, enter the following command.
      ghe-config app.dependency-graph.enabled false
  4. Apply the configuration.

    ghe-config-apply

此文档对您有帮助吗?

隐私政策

帮助我们创建出色的文档!

所有 GitHub 文档都是开源的。看到错误或不清楚的内容了吗?提交拉取请求。

做出贡献

或者, 了解如何参与。