REST API endpoints for enterprise code security and analysis

These endpoints only support authentication using a personal access token (classic). For more information, see "Managing your personal access tokens."

Get code security and analysis features for an enterprise

Gets code security and analysis settings for the specified enterprise.

The authenticated user must be an administrator of the enterprise in order to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.

Fine-grained access tokens for "Get code security and analysis features for an enterprise"

This endpoint does not work with GitHub App user access tokens, GitHub App installation access tokens, or fine-grained personal access tokens.

Parameters for "Get code security and analysis features for an enterprise"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`enterprise` string Required The slug version of the enterprise name. You can also substitute this value with the enterprise id.

HTTP response status codes for "Get code security and analysis features for an enterprise"

Status code	Description
`200`	OK
`404`	Resource not found

Code samples for "Get code security and analysis features for an enterprise"

Request example

get/enterprises/{enterprise}/code_security_and_analysis

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  http(s)://HOSTNAME/api/v3/enterprises/ENTERPRISE/code_security_and_analysis

Response

Status: 200

{
  "advanced_security_enabled_for_new_repositories": true,
  "dependabot_alerts_enabled_for_new_repositories": true,
  "secret_scanning_enabled_for_new_repositories": true,
  "secret_scanning_push_protection_enabled_for_new_repositories": true,
  "secret_scanning_push_protection_custom_link": "https://github.com/test-org/test-repo/blob/main/README.md"
}

Update code security and analysis features for an enterprise

Updates the settings for advanced security, Dependabot alerts, secret scanning, and push protection for new repositories in an enterprise.

The authenticated user must be an administrator of the enterprise to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.

Fine-grained access tokens for "Update code security and analysis features for an enterprise"

This endpoint does not work with GitHub App user access tokens, GitHub App installation access tokens, or fine-grained personal access tokens.

Parameters for "Update code security and analysis features for an enterprise"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`enterprise` string Required The slug version of the enterprise name. You can also substitute this value with the enterprise id.

Body parameters
Name, Type, Description
`advanced_security_enabled_for_new_repositories` boolean Whether GitHub Advanced Security is automatically enabled for new repositories. For more information, see "About GitHub Advanced Security."
`advanced_security_enabled_new_user_namespace_repos` boolean Whether GitHub Advanced Security is automatically enabled for new user namespace repositories. For more information, see "About GitHub Advanced Security."
`dependabot_alerts_enabled_for_new_repositories` boolean Whether Dependabot alerts are automatically enabled for new repositories. For more information, see "About Dependabot alerts."
`secret_scanning_enabled_for_new_repositories` boolean Whether secret scanning is automatically enabled for new repositories. For more information, see "About secret scanning."
`secret_scanning_push_protection_enabled_for_new_repositories` boolean Whether secret scanning push protection is automatically enabled for new repositories. For more information, see "Protecting pushes with secret scanning."
`secret_scanning_push_protection_custom_link` string or null The URL that will be displayed to contributors who are blocked from pushing a secret. For more information, see "Protecting pushes with secret scanning." To disable this functionality, set this field to `null`.

HTTP response status codes for "Update code security and analysis features for an enterprise"

Status code	Description
`204`	Action started
`404`	Resource not found
`422`	The action could not be taken due to an in progress enablement, or a policy is preventing enablement

Code samples for "Update code security and analysis features for an enterprise"

Request example

patch/enterprises/{enterprise}/code_security_and_analysis

curl -L \
  -X PATCH \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  http(s)://HOSTNAME/api/v3/enterprises/ENTERPRISE/code_security_and_analysis \
  -d '{"advanced_security_enabled_for_new_repositories":true,"advanced_security_enabled_new_user_namespace_repos":true,"dependabot_alerts_enabled_for_new_repositories":true,"secret_scanning_enabled_for_new_repositories":true,"secret_scanning_push_protection_enabled_for_new_repositories":true,"secret_scanning_push_protection_custom_link":"https://github.com/test-org/test-repo/blob/main/README.md"}'

Action started

Status: 204

Enable or disable a security feature

Enables or disables the specified security feature for all repositories in an enterprise.

The authenticated user must be an administrator of the enterprise to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.

Fine-grained access tokens for "Enable or disable a security feature"

This endpoint does not work with GitHub App user access tokens, GitHub App installation access tokens, or fine-grained personal access tokens.

Parameters for "Enable or disable a security feature"

Headers
Name, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Path parameters
Name, Type, Description
`enterprise` string Required The slug version of the enterprise name. You can also substitute this value with the enterprise id.
`security_product` string Required The security feature to enable or disable. Can be one of: `advanced_security`, `advanced_security_user_namespace`, `dependabot_alerts`, `secret_scanning`, `secret_scanning_push_protection`
`enablement` string Required The action to take. `enable_all` means to enable the specified security feature for all repositories in the enterprise. `disable_all` means to disable the specified security feature for all repositories in the enterprise. Can be one of: `enable_all`, `disable_all`

HTTP response status codes for "Enable or disable a security feature"

Status code	Description
`204`	Action started
`404`	Resource not found
`422`	The action could not be taken due to an in progress enablement, or a policy is preventing enablement

Code samples for "Enable or disable a security feature"

Request example

post/enterprises/{enterprise}/{security_product}/{enablement}

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  http(s)://HOSTNAME/api/v3/enterprises/ENTERPRISE/SECURITY_PRODUCT/ENABLEMENT

Action started

Status: 204