Enabling GitHub Advanced Security for your enterprise

About enabling GitHub Advanced Security

GitHub Advanced Security 帮助开发者改善和维护代� �的安全性和质量。 有关详细信息，请参阅“关于 GitHub Advanced Security”。

When you enable GitHub Advanced Security for your enterprise, repository administrators in all organizations can enable the features unless you set up a policy to restrict access. For more information, see "Enforcing policies for Advanced Security in your enterprise."

For guidance on a phased deployment of GitHub Advanced Security, see "Introduction to adopting GitHub Advanced Security at scale."

Checking whether your license includes GitHub Advanced Security

1. 在 GitHub Enterprise Server 的右上角，单击� 的个人资料照片，然后单击“企业设置”。

2. 在企业帐户侧边� �中，单击 “设置”。

3. 在左侧边� �中，单击“许可”。

4. If your license includes GitHub Advanced Security, the license page includes a section showing details of current usage.

Prerequisites for enabling GitHub Advanced Security

1. Upgrade your license for GitHub Enterprise Server to include GitHub Advanced Security. For information about licensing, see "About billing for GitHub Advanced Security."

2. Download the new license file. For more information, see "Downloading your license for GitHub Enterprise."

3. Upload the new license file to your GitHub Enterprise Server instance. For more information, see "Uploading a new license to GitHub Enterprise Server."

4. Review the prerequisites for the features you plan to enable.

   • Code scanning, see "Configuring code scanning for your appliance."
   • Secret scanning, see "Configuring secret scanning for your appliance."
   • Dependabot, see "Enabling Dependabot for your enterprise."

Enabling and disabling GitHub Advanced Security features

1. 从 GitHub Enterprise Server 上的管理帐户任意页面的右上角，单击 。

   

2. 如果� 尚未在“站点管理员”页上，请在左上角单击“站点管理员”。

   

3. 在左侧边� �中，单击“管理控制台”。

4. 在左侧边� �中，单击“安全性”。

5. Under "Security," select the features that you want to enable and deselect any features you want to disable.

6. 在左侧边� �下，单击“保存设置”。

   

   注意：保存 管理控制台 中的设置会重启系统服务，这可能会导致用户可察觉的停机时间。

7. 等待配置运行完毕。

   

When GitHub Enterprise Server has finished restarting, you're ready to set up any additional resources required for newly enabled features. For more information, see "Configuring code scanning for your appliance."

Enabling or disabling GitHub Advanced Security features via the administrative shell (SSH)

You can enable or disable features programmatically on your GitHub Enterprise Server instance. For more information about the administrative shell and command-line utilities for GitHub Enterprise Server, see "Accessing the administrative shell (SSH)" and "Command-line utilities."

For example, you can enable any GitHub Advanced Security feature with your infrastructure-as-code tooling when you deploy an instance for staging or disaster recovery.

1. SSH into your GitHub Enterprise Server instance.

2. Enable features for GitHub Advanced Security.

   • To enable Code scanning, enter the following commands.

     ghe-config app.minio.enabled true
     ghe-config app.code-scanning.enabled true

   • To enable Secret scanning, enter the following command.

     ghe-config app.secret-scanning.enabled true

   • To enable the dependency graph, enter the following command.

     ghe-config app.dependency-graph.enabled true

3. Optionally, disable features for GitHub Advanced Security.

   • To disable code scanning, enter the following commands.

     ghe-config app.minio.enabled false
     ghe-config app.code-scanning.enabled false

   • To disable secret scanning, enter the following command.

     ghe-config app.secret-scanning.enabled false

   • To disable the dependency graph, enter the following command.

     ghe-config app.dependency-graph.enabled false

4. Apply the configuration.

   ghe-config-apply