About applying a custom security configuration
After you create a custom security configuration, you need to apply it to repositories in your enterprise to enable the configuration's settings on those repositories.
Note
Some features enabled in security configurations may require Actions minutes to work. GitHub will let you know if that's the case when you apply the configuration to a repository. For more information about billing for GitHub Actions, see About billing for GitHub Actions.
Applying your custom security configuration to repositories in your enterprise
-
In the top-right corner of GitHub, click your profile photo.
-
Depending on your environment, click Your enterprise, or click Your enterprises then click the enterprise you want to view.
-
On the left side of the page, in the enterprise account sidebar, click Settings.
-
In the left sidebar, click Code security.
-
To the right of the configuration you want to apply, select the Apply to dropdown menu, then click All repositories or All repositories without configurations.
-
Optionally, in the confirmation dialog, you can choose to automatically apply the security configuration to newly created repositories depending on their visibility. Select the None dropdown menu, then click Public, or Private and internal, or both.
-
To apply the security configuration, click Apply.
The security configuration is applied to both active and archived repositories because some security features run on archived repositories, for example, secret scanning. In addition, if a repository is later unarchived you can be confident that it is protected by the chosen security configuration.
If security configurations fail to apply to some organizations in your enterprise, GitHub will display a banner on the UI to let you know. You can click the links on the banner to get more information about the organizations and repositories involved.
Next steps
To learn how to edit your custom security configuration, see Editing a custom security configuration.