Skip to main content

Applying a custom security configuration

You can apply your custom security configuration to repositories in your organization to meet the specific security needs of those repositories.

Who can use this feature?

Organization owners, security managers, and organization members with the admin role

About applying a custom security configuration

After you create a custom security configuration, you need to apply it to repositories in your organization to enable the configuration's settings on those repositories. To learn how to create a custom security configuration, see Creating a custom security configuration.

Applying your custom security configuration to repositories in your organization

  1. In the upper-right corner of GitHub, select your profile photo, then click Your organizations**.

  2. Under your organization name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of the tabs in an organization's profile. The "Settings" tab is outlined in dark orange.

  3. In the "Security" section of the sidebar, select the Code security dropdown menu, then click Configurations.

  4. Optionally, in the "Apply configurations" section, filter for specific repositories you would like to apply your custom security configuration to. To learn how to filter the repository table, see Filtering repositories in your organization using the repository table.

  5. In the repository table, select repositories with one of three methods:

    • Select each repository you would like to apply the security configuration to.
    • To select all repositories displayed on the current page of the repository table, select NUMBER repositories.
    • After selecting NUMBER repositories, to select all repositories in your organization that match any filters you have applied, click Select all.

    Note

    The repository table will show which repositories have an enforced configuration. This means that repository owners will be blocked from changing features that have been enabled or disabled in the configuration, but features that are not set aren't enforced.

  6. Select the Apply configuration dropdown menu, then click YOUR-CONFIGURATION-NAME.

  7. Optionally, in the confirmation dialog, you can choose to automatically apply the security configuration to newly created repositories depending on their visibility. Select the None dropdown menu, then click Public, or Private and internal, or both.

    Note

    The default security configuration for an organization is only automatically applied to new repositories created in your organization. If a repository is transferred into your organization, you will still need to apply an appropriate security configuration to the repository manually.

  8. To apply the security configuration, click Apply.

    Note

    On GitHub Enterprise Server 3.15 the security configuration is applied only to active repositories and not archived repositories.

Next steps

To learn how to interpret security findings from your custom security configuration on a repository, see Interpreting security findings.

To learn how to edit your custom security configuration, see Editing a custom security configuration.

You may encounter an error when you attempt to apply a security configuration. For more information, see Finding and fixing configuration attachment failures and Troubleshooting security configurations.