This version of GitHub Enterprise Server was discontinued on 2024-01-04. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

After a site administrator upgrades your Enterprise Server instance to Enterprise Server 3.9 or later, the REST API will be versioned. To learn how to find your instance's version, see "About versions of GitHub Docs". For more information, see "About API versioning."

Security Managers

Use the REST API to manage security managers in an organization.

About security managers

Note: The security manager role is in public beta and subject to change.

Security manager is an organization-level role that organization owners can assign to any team in an organization. When applied, it gives every member of the team permissions to view security alerts and manage settings for code security across your organization, as well as read permissions for all repositories in the organization.

Warning: Removing the security manager role from a team will remove the team's ability to manage security alerts and settings across the organization, but the team will retain read access to repositories that was granted when the role was assigned. You must remove any unwanted read access manually. For more information, see "Managing team access to an organization repository."

List security manager teams

Works with GitHub Apps

Lists teams that are security managers for an organization. For more information, see "Managing security managers in your organization."

To use this endpoint, you must be an administrator or security manager for the organization, and you must use an access token with the read:org scope.

GitHub Apps must have the administration organization read permission to use this endpoint.

Parameters for "List security manager teams"

Headers
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
org string Required

The organization name. The name is not case sensitive.

HTTP response status codes for "List security manager teams"

Status codeDescription
200

OK

Code samples for "List security manager teams"

get/orgs/{org}/security-managers
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ http(s)://HOSTNAME/api/v3/orgs/ORG/security-managers

Response

Status: 200
[ { "id": 1, "node_id": "MDQ6VGVhbTE=", "url": "https://HOSTNAME/teams/1", "html_url": "https://github.com/orgs/github/teams/justice-league", "name": "Justice League", "slug": "justice-league", "description": "A great team.", "privacy": "closed", "permission": "admin", "members_url": "https://HOSTNAME/teams/1/members{/member}", "repositories_url": "https://HOSTNAME/teams/1/repos", "parent": null } ]

Add a security manager team

Works with GitHub Apps

Adds a team as a security manager for an organization. For more information, see "Managing security for an organization for an organization."

To use this endpoint, you must be an administrator for the organization, and you must use an access token with the write:org scope.

GitHub Apps must have the administration organization read-write permission to use this endpoint.

Parameters for "Add a security manager team"

Headers
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
org string Required

The organization name. The name is not case sensitive.

team_slug string Required

The slug of the team name.

HTTP response status codes for "Add a security manager team"

Status codeDescription
204

No Content

409

The organization has reached the maximum number of security manager teams.

Code samples for "Add a security manager team"

put/orgs/{org}/security-managers/teams/{team_slug}
curl -L \ -X PUT \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ http(s)://HOSTNAME/api/v3/orgs/ORG/security-managers/teams/TEAM_SLUG

Response

Status: 204

Remove a security manager team

Works with GitHub Apps

Removes the security manager role from a team for an organization. For more information, see "Managing security managers in your organization team from an organization."

To use this endpoint, you must be an administrator for the organization, and you must use an access token with the admin:org scope.

GitHub Apps must have the administration organization read-write permission to use this endpoint.

Parameters for "Remove a security manager team"

Headers
accept string

Setting to application/vnd.github+json is recommended.

Path parameters
org string Required

The organization name. The name is not case sensitive.

team_slug string Required

The slug of the team name.

HTTP response status codes for "Remove a security manager team"

Status codeDescription
204

No Content

Code samples for "Remove a security manager team"

delete/orgs/{org}/security-managers/teams/{team_slug}
curl -L \ -X DELETE \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ http(s)://HOSTNAME/api/v3/orgs/ORG/security-managers/teams/TEAM_SLUG

Response

Status: 204