Enabling GitHub Advanced Security for your enterprise

You can configure GitHub Enterprise Server to include GitHub Advanced Security. This provides extra features that help users find and fix security problems in their code.

GitHub Advanced Security licenses are available for enterprise accounts on GitHub Enterprise Cloud and GitHub Enterprise Server. For more information, see "About GitHub's products."

About enabling GitHub Advanced Security

GitHub Advanced Security helps developers improve and maintain the security and quality of code. For more information, see "About GitHub Advanced Security."

When you enable GitHub Advanced Security for your enterprise, repository administrators in all organizations can enable the features unless you set up a policy to restrict access. For more information, see "Enforcing policies for Advanced Security in your enterprise."

Prerequisites for enabling GitHub Advanced Security

  1. Upgrade your license for GitHub Enterprise Server to include GitHub Advanced Security. For information about licensing, see "About licensing for GitHub Advanced Security."

  2. Upload the new license to your GitHub Enterprise Server instance. For more information, see "Managing your GitHub Enterprise license."

  3. Review the prerequisites for the features you plan to enable.

Checking whether your license includes GitHub Advanced Security

  1. In the top-right corner of GitHub Enterprise Server, click your profile photo, then click Enterprise settings. "Enterprise settings" in drop-down menu for profile photo on GitHub Enterprise Server

  2. Klicke in der Seitenleiste des Enterprise-Kontos auf Settings (Einstellungen). Registerkarte „Settings“ (Einstellungen) in der Seitenleiste des Enterprise-Kontos

  3. Klicke auf der linken Seitenleiste auf License (Lizenz). "License" tab in the enterprise account settings sidebar

  4. If your license includes GitHub Advanced Security, the license page includes a section showing details of current usage. GitHub Advanced Security section of Enterprise license

Enabling and disabling GitHub Advanced Security features

Warning: Changing this setting will cause user-facing services on GitHub Enterprise Server to restart. You should time this change carefully, to minimize downtime for users.

  1. From an administrative account on GitHub Enterprise Server, click in the upper-right corner of any page. Raumschiffsymbol für den Zugriff auf die Einstellungen des Websiteadministrators
  2. Klicke auf der linken Seitenleiste auf Managementkonsole. Registerkarte „Managementkonsole" in der linken Seitenleiste
  3. Klicken Sie auf der linken Seitenleiste auf Advanced Security. Advanced Security sidebar
  4. Under "Advanced Security," select the features that you want to enable and deselect any features you want to disable. Checkbox to enable or disable Advanced Security features
  5. Klicke auf der linken Seitenleiste auf Save settings (Einstellungen speichern). Die Schaltfläche „Save settings“ (Einstellungen speichern) in der Managementkonsole
  6. Warten Sie auf den Abschluss der Konfigurationsausführung.

When GitHub Enterprise Server has finished restarting, you're ready to set up any additional resources required for newly enabled features. For more information, see "Configuring code scanning for your appliance."

Enabling or disabling GitHub Advanced Security via the administrative shell (SSH)

You can enable or disable features programmatically on your GitHub Enterprise Server instance. For more information about the administrative shell and command-line utilities for GitHub Enterprise Server, see "Accessing the administrative shell (SSH)" and "Command-line utilities."

For example, you can enable code scanning with your infrastructure-as-code tooling when you deploy an instance for staging or disaster recovery.

  1. Stellen Sie eine SSH-Verbindung zu your GitHub Enterprise Server instance her.
  2. Enable code scanning.
    ghe-config app.minio.enabled true
    ghe-config app.code-scanning.enabled true
  3. Optionally, disable code scanning.
    ghe-config app.minio.enabled false
    ghe-config app.code-scanning.enabled false
  4. Apply the configuration.

To enable and disable secret scanning in the same way, set: ghe-config app.secret-scanning.enabled true or false and apply the configuration.

Did this doc help you?Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Oder, learn how to contribute.