About policies for code security and analysis in your enterprise
You can enforce policies to manage the use of code security and analysis features within organizations owned by your enterprise. You can allow or disallow people with admin access to a repository to enable or disable the security and analysis features.
GitHub Advanced Security helps developers improve and maintain the security and quality of code. For more information, see "About GitHub Advanced Security." For more information, see "About GitHub Advanced Security."
If you purchase a license for GitHub Advanced Security, any organization owned by your enterprise on GitHub.com can use Advanced Security features. You can enforce policies to control how members of your enterprise on GitHub Enterprise Cloud use Advanced Security.
Enforcing a policy to manage the use of Dependabot alerts in your enterprise
Across all organizations owned by your enterprise, you can allow members with admin permissions for repositories to enable or disable Dependabot alerts and change Dependabot alerts settings.
-
In the top-right corner of GitHub.com, click your profile photo, then click Your enterprises.
-
In the list of enterprises, click the enterprise you want to view.
-
In the enterprise account sidebar, click Policies.
-
Under Policies, click "Code security and analysis."
-
Under "Change Dependabot alerts settings", use the dropdown menu and choose a policy.
Enforcing a policy for the use of GitHub Advanced Security in your enterprise's organizations
GitHub bills for Advanced Security on a per-committer basis. For more information, see "Managing billing for GitHub Advanced Security."
You can enforce a policy that controls whether repository administrators are allowed to enable features for Advanced Security in an organization's repositories. You can configure a policy for all organizations owned by your enterprise account, or for individual organizations that you choose.
Disallowing Advanced Security for an organization prevents repository administrators from enabling Advanced Security features for additional repositories, but does not disable the features for repositories where the features are already enabled. For more information about configuration of Advanced Security features, see "Managing security and analysis settings for your organization" or "Managing security and analysis settings for your repository."
-
In the top-right corner of GitHub.com, click your profile photo, then click Your enterprises.
-
In the list of enterprises, click the enterprise you want to view.
-
In the enterprise account sidebar, click Policies.
-
Under Policies, click "Code security and analysis."
-
In the "GitHub Advanced Security policies section, under "Availability", select the dropdown menu and click a policy for the organizations owned by your enterprise.
-
Optionally, if you chose Allow for selected organizations, to the right of an organization, select the drop-down menu to allow or disallow Advanced Security for the organization.
Enforcing a policy to manage the use of GitHub Advanced Security features in your enterprise's repositories
Across all of your enterprise's organizations, you can allow or disallow people with admin access to repositories to manage the use of GitHub Advanced Security features in the repositories. GitHub Advanced Security features must be available to the organization for this policy to take effect. For more information, see "Enforcing a policy for the use of GitHub Advanced Security in your enterprise's organizations."
-
In the top-right corner of GitHub.com, click your profile photo, then click Your enterprises.
-
In the list of enterprises, click the enterprise you want to view.
-
In the enterprise account sidebar, click Policies.
-
Under Policies, click "Code security and analysis."
-
In the "GitHub Advanced Security policies section, under "Enable or disable GitHub Advanced Security", use the dropdown menu and choose a policy.
Enforcing a policy to manage the use of secret scanning in your enterprise's repositories
Across all of your enterprise's organizations, you can allow or disallow people with admin access to repositories to manage and configure secret scanning for the repositories. GitHub Advanced Security features must be available to the organization for this policy to take effect. For more information, see "Enforcing a policy for the use of GitHub Advanced Security in your enterprise's organizations."
-
In the top-right corner of GitHub.com, click your profile photo, then click Your enterprises.
-
In the list of enterprises, click the enterprise you want to view.
-
In the enterprise account sidebar, click Policies.
-
Under Policies, click "Code security and analysis."
-
In the "GitHub Advanced Security policies section, under "Change secret scanning settings", use the dropdown menu and choose a policy.