Skip to main content
The REST API is now versioned. For more information, see "About API versioning."

REST API endpoints for security managers

Use the REST API to manage security managers in an organization.

About security managers

Note: The security manager role is in public preview and subject to change.

Security manager is an organization-level role that organization owners can assign to any team in an organization. When applied, it gives every member of the team permissions to view security alerts and manage settings for code security across your organization, as well as read permissions for all repositories in the organization.

List security manager teams

Lists teams that are security managers for an organization. For more information, see "Managing security managers in your organization."

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the read:org scope to use this endpoint.

Fine-grained access tokens for "List security manager teams"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Administration" organization permissions (read)

Parameters for "List security manager teams"

Headers
Name, Type, Description
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
Name, Type, Description
org string Required

The organization name. The name is not case sensitive.

HTTP response status codes for "List security manager teams"

Status codeDescription
200

OK

Code samples for "List security manager teams"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

get/orgs/{org}/security-managers
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/ORG/security-managers

Response

Status: 200
[ { "id": 1, "node_id": "MDQ6VGVhbTE=", "url": "https://api.github.com/teams/1", "html_url": "https://github.com/orgs/github/teams/justice-league", "name": "Justice League", "slug": "justice-league", "description": "A great team.", "privacy": "closed", "notification_setting": "notifications_enabled", "permission": "admin", "members_url": "https://api.github.com/teams/1/members{/member}", "repositories_url": "https://api.github.com/teams/1/repos", "parent": null } ]

Add a security manager team

Adds a team as a security manager for an organization. For more information, see "Managing security for an organization for an organization."

The authenticated user must be an administrator for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.

Fine-grained access tokens for "Add a security manager team"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Administration" organization permissions (write)

Parameters for "Add a security manager team"

Headers
Name, Type, Description
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
Name, Type, Description
org string Required

The organization name. The name is not case sensitive.

team_slug string Required

The slug of the team name.

HTTP response status codes for "Add a security manager team"

Status codeDescription
204

No Content

Code samples for "Add a security manager team"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

put/orgs/{org}/security-managers/teams/{team_slug}
curl -L \ -X PUT \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/ORG/security-managers/teams/TEAM_SLUG

Response

Status: 204

Remove a security manager team

Removes the security manager role from a team for an organization. For more information, see "Managing security managers in your organization team from an organization."

The authenticated user must be an administrator for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.

Fine-grained access tokens for "Remove a security manager team"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Administration" organization permissions (write)

Parameters for "Remove a security manager team"

Headers
Name, Type, Description
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
Name, Type, Description
org string Required

The organization name. The name is not case sensitive.

team_slug string Required

The slug of the team name.

HTTP response status codes for "Remove a security manager team"

Status codeDescription
204

No Content

Code samples for "Remove a security manager team"

If you access GitHub at GHE.com, replace api.github.com with your enterprise's dedicated subdomain at api.SUBDOMAIN.ghe.com.

Request example

delete/orgs/{org}/security-managers/teams/{team_slug}
curl -L \ -X DELETE \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/ORG/security-managers/teams/TEAM_SLUG

Response

Status: 204