Skip to main content

This version of GitHub Enterprise Server was discontinued on 2023-09-25. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

Enforcing policies for code security and analysis for your enterprise

You can enforce policies to manage the use of GitHub Advanced Security features within your enterprise's organizations.

Who can use this feature

Enterprise owners can enforce policies for GitHub Advanced Security in an enterprise.

GitHub Advanced Security is available for enterprise accounts on GitHub Enterprise Cloud and GitHub Enterprise Server. For more information, see "GitHub’s plans."

For information about GitHub Advanced Security for Azure DevOps, see Configure GitHub Advanced Security for Azure DevOps in Microsoft Learn.

About policies for GitHub Advanced Security in your enterprise

GitHub Advanced Security helps developers improve and maintain the security and quality of code. For more information, see "About GitHub Advanced Security." For more information, see "About GitHub Advanced Security."

If you purchase a license for GitHub Advanced Security, any organization on your GitHub Enterprise Server instance can use Advanced Security features. You can enforce policies to control how members of your enterprise on GitHub Enterprise Server use Advanced Security.

Enforcing a policy for the use of GitHub Advanced Security in your enterprise's organizations

GitHub bills for Advanced Security on a per-committer basis. For more information, see "Managing billing for GitHub Advanced Security."

You can enforce a policy that controls whether repository administrators are allowed to enable features for Advanced Security in an organization's repositories. You can configure a policy for all organizations owned by your enterprise account, or for individual organizations that you choose.

Disallowing Advanced Security for an organization prevents repository administrators from enabling Advanced Security features for additional repositories, but does not disable the features for repositories where the features are already enabled. For more information about configuration of Advanced Security features, see "Managing security and analysis settings for your organization" or "Managing security and analysis settings for your repository."

Note: This policy only impacts repository administrators, specifically. Organization owners and security managers can always enable security features, regardless of how you set this policy. For more information, see "Roles in an organization."

  1. In the top-right corner of GitHub Enterprise Server, click your profile photo, then click Enterprise settings.

    Screenshot of the drop-down menu that appears when you click the profile photo on GitHub Enterprise Server. The "Enterprise settings" option is highlighted in a dark orange outline.

  2. In the enterprise account sidebar, click Policies.

  3. Under "Policies", click Advanced Security.

  4. Optionally, if you chose Allow for selected organizations, to the right of an organization, select the dropdown menu to enable Advanced Security for the organization.

    Screenshot of the Advanced Security policies. The dropdown to select an Advanced Security policy for individual organization in the enterprise account is highlighted with an orange outline.