Skip to main content

Enforcing policies for dependency insights in your enterprise

You can enforce policies for dependency insights within your enterprise's organizations, or allow policies to be set in each organization.

Who can use this feature

Enterprise owners can enforce policies for dependency insights in an enterprise.

About policies for dependency insights in your enterprise

Dependency insights show all packages that repositories within your enterprise's organizations depend on. Dependency insights include aggregated information about security advisories and licenses. For more information, see "Viewing insights for your organization."

Enforcing a policy for visibility of dependency insights

Across all organizations owned by your enterprise, you can control whether organization members can view dependency insights. You can also allow owners to administer the setting on the organization level. For more information, see "Changing the visibility of your organization's dependency insights."

  1. In the top-right corner of, click your profile photo, then click Your enterprises. "Your enterprises" in drop-down menu for profile photo on GitHub Enterprise Cloud

  2. In the list of enterprises, click the enterprise you want to view.

  3. In the enterprise account sidebar, click Policies.

  4. Under " Policies", click Organizations.

  5. Under "Dependency insights", review the information about changing the setting. Optionally, to view the current configuration for all organizations in the enterprise account before you change the setting, click View your organizations' current configurations.

    Screenshot of a policy in the enterprise settings. A link, labeled "View your organizations' current configurations", is highlighted with an orange outline.

  6. Under "Dependency insights", select the the dropdown menu and click a policy.