Skip to main content

This version of GitHub Enterprise Server will be discontinued on 2024-06-29. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

Error: "Advanced Security must be enabled for this repository to use code scanning"

If you see this error, make sure that GitHub Advanced Security is enabled.

About this error

Advanced Security must be enabled for this repository to use code scanning
403: GitHub Advanced Security is not enabled

This error is reported if you try to run code scanning in a repository where GitHub Advanced Security is not enabled or where use of this feature is blocked by a policy.

Confirming the cause of the error

  1. On your GitHub Enterprise Server instance, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the "Security" section of the sidebar, click Code security and analysis.

  4. Scroll down to "GitHub Advanced Security."

  5. If there is an associated and active Enable button, GitHub Advanced Security is available for this repository but not yet enabled.

  6. If use of GitHub Advanced Security is blocked by a policy, the Enable button is inactive and the owner of the policy is listed.

    Screenshot of the "GitHub Advanced Security" setting. The owner of the enterprise policy and the inactive "Enable" button are highlighted with a dark orange outline.

Fixing the problem

If GitHub Advanced Security is available to your repository, you can enable it on the settings page. If GitHub Advanced Security is blocked by a policy, you first need to request access.

Requesting access to GitHub Advanced Security

  1. In the "GitHub Advanced Security" settings, click the enterprise name to display a list of users with access to edit the policy that controls access to GitHub Advanced Security. For more information, see "Enforcing policies for code security and analysis for your enterprise."
  2. Follow your company's policy for requesting access to additional features.

Enabling GitHub Advanced Security

  1. In the "GitHub Advanced Security" settings, click Enable.
  2. Rerun code scanning.