Enforcing repository management policies in your enterprise

Enterprise owners can enforce certain repository management policies for all organizations owned by an enterprise account, or allow policies to be set in each organization.

Configuring the default visibility of new repositories in your enterprise
Setting a policy for changing a repository's visibility
Setting a policy for repository creation
Enforcing a policy on forking private or internal repositories
Setting a policy for repository deletion and transfer
Setting a policy for Git push limits
Configuring the merge conflict editor for pull requests between repositories
Configuring force pushes
Enforcing a policy on the default branch name

Configuring the default visibility of new repositories in your enterprise

Each time someone creates a new repository on your enterprise, that person must choose a visibility for the repository. When you configure a default visibility setting for the enterprise, you choose which visibility is selected by default. For more information on repository visibility, see "About repository visibility."

If an enterprise owner disallows members from creating certain types of repositories, members will not be able to create that type of repository even if the visibility setting defaults to that type. For more information, see "Setting a policy for repository creation."

In the top-right corner of GitHub AE, click your profile photo, then click Enterprise settings.

In the enterprise sidebar, click Policies.
Under Policies, click Options.
Under "Default repository visibility", use the drop-down menu and select a default visibility.

Warning: If you add an image attachment to a pull request or issue comment, anyone can view the anonymized image URL without authentication. To prevent unauthorized access to image URLs on GitHub AE, consider restricting network traffic to your enterprise. For more information, see "Restricting network traffic to your enterprise."

Setting a policy for changing a repository's visibility

When you prevent members from changing repository visibility, only enterprise owners can change the visibility of a repository.

If an enterprise owner has restricted repository creation to organization owners only, then members will not be able to change repository visibility. If an enterprise owner has restricted member repository creation to private repositories only, then members will only be able to change the visibility of a repository to private. For more information, see "Setting a policy for repository creation."

In the top-right corner of GitHub AE, click your profile photo, then click Enterprise settings.
In the enterprise sidebar, click Policies.
Under " Policies", click Repositories.
Under "Repository visibility change", review the information about changing the setting. Optionally, to view the setting's current configuration for all organizations in the enterprise account before enforcing the setting, click View your organizations' current configurations.
Under "Repository visibility change", use the drop-down menu and choose a policy.

Setting a policy for repository creation

Organization owners can always create any type of repository, and outside collaborators can never create any type of repository. For more information, see "About repository visibility."

In the top-right corner of GitHub AE, click your profile photo, then click Enterprise settings.
In the enterprise sidebar, click Policies.
Under " Policies", click Repositories.
Under "Repository creation", review the information about changing the setting. Optionally, to view the setting's current configuration for all organizations in the enterprise account before enforcing the setting, click View your organizations' current configurations.
Under "Repository creation", select a policy.
If you selected Members can create repositories, select one or more repository types.

Enforcing a policy on forking private or internal repositories

Across all organizations owned by your enterprise, you can allow people with access to a private or internal repository to fork the repository, never allow forking of private or internal repositories, or allow owners to administer the setting on the organization level.

In the top-right corner of GitHub AE, click your profile photo, then click Enterprise settings.
In the enterprise sidebar, click Policies.
On the Repository policies tab, under "Repository forking", review the information about changing the setting. Optionally, to view the setting's current configuration for all organizations in the enterprise account before enforcing the setting, click View your organizations' current configurations.
Under "Repository forking", use the drop-down menu and choose a policy.

Setting a policy for repository deletion and transfer

In the top-right corner of GitHub AE, click your profile photo, then click Enterprise settings.
In the enterprise sidebar, click Policies.
Under " Policies", click Repositories.
Under "Repository deletion and transfer", review the information about changing the setting. Optionally, to view the setting's current configuration for all organizations in the enterprise account before enforcing the setting, click View your organizations' current configurations.
Under "Repository deletion and transfer", use the drop-down menu and choose a policy.

Setting a policy for Git push limits

To keep your repository size manageable and prevent performance issues, you can configure a file size limit for repositories in your enterprise.

By default, when you enforce repository upload limits, people cannot add or update files larger than 100 MB.

In the top-right corner of GitHub AE, click your profile photo, then click Enterprise settings.

In the enterprise sidebar, click Policies.
Under Policies, click Options.
Under "Repository upload limit", use the drop-down menu and click a maximum object size.
Optionally, to enforce a maximum upload limit for all repositories in your enterprise, select Enforce on all repositories

Configuring the merge conflict editor for pull requests between repositories

Requiring users to resolve merge conflicts locally on their computer can prevent people from inadvertently writing to an upstream repository from a fork.

In the top-right corner of GitHub AE, click your profile photo, then click Enterprise settings.

In the enterprise sidebar, click Policies.
Under Policies, click Options.
Under "Conflict editor for pull requests between repositories", use the drop-down menu, and click Disabled.

Configuring force pushes

Each repository inherits a default force push setting from the settings of the user account or organization to which it belongs. Likewise, each organization and user account inherits a default force push setting from the force push setting for the enterprise. If you change the force push setting for the enterprise, it will change for all repositories owned by any user or organization.

Blocking all force pushes on your appliance

In the top-right corner of GitHub AE, click your profile photo, then click Enterprise settings.

In the enterprise sidebar, click Policies.
Under Policies, click Options.
Under "Force pushes", use the drop-down menu, and click Allow, Block or Block to the default branch.
Optionally, select Enforce on all repositories, which will override organization and repository level settings for force pushes.

Blocking force pushes to a specific repository

Note: Each repository automatically inherits default settings from the organization or user that owns it. You cannot override the default setting if the repository's owner has enforced the setting on all of their repositories.

Sign in to your enterprise at http(s)://HOSTNAME/login.
From an administrative account on GitHub AE, click in the upper-right corner of any page.
In the search field, type the name of the repository and click Search.
In the search results, click the name of the repository.
In the upper-right corner of the page, click Admin.
In the left sidebar, click Admin.
Select Block or Block to the default branch under Push and Pull.

Blocking force pushes to repositories owned by a user account or organization

Repositories inherit force push settings from the user account or organization to which they belong. User accounts and organizations in turn inherit their force push settings from the force push settings for the enterprise.

You can override the default inherited settings by configuring the settings for a user account or organization.

Sign in to your enterprise at http(s)://HOSTNAME/login.
From an administrative account on GitHub AE, click in the upper-right corner of any page.
In the search field, type the name of the user or organization and click Search.
In the search results, click the name of the user or organization.
In the upper-right corner of the page, click Admin.
In the left sidebar, click Admin.
Under "Repository default settings" in the "Force pushes" section, select
- Block to block force pushes to all branches.
- Block to the default branch to only block force pushes to the default branch.
Optionally, select Enforce on all repositories to override repository-specific settings. Note that this will not override an enterprise-wide policy.

Enforcing a policy on the default branch name

In the top-right corner of GitHub AE, click your profile photo, then click Enterprise settings.
In the enterprise sidebar, click Policies.
On the Repository policies tab, under "Default branch name", enter the default branch name that new repositories should use.
Optionally, to enforce the default branch name for all organizations in the enterprise, select Enforce across this enterprise.
Click Update.