👋 We've unified all of GitHub's product documentation in one place! Check out the content for REST API, GraphQL API, and Developers. Learn more on the GitHub blog.

Managing security and analysis settings for your repository

You can control features that secure and analyze the code in your project on GitHub.

People with admin permissions to a repository can manage security and analysis settings for the repository.

In this article

Were you able to find what you were looking for?

Enabling or disabling security and analysis features

Note: You can't disable some security and analysis features that are enabled by default for public repositories.

If you enable security and analysis features, GitHub performs read-only analysis on your repository. For more information, see "About GitHub's use of your data."

  1. On GitHub, navigate to the main page of the repository.
  2. Under your repository name, click Settings.
    Repository settings button
  3. In the left sidebar, click Security & analysis.
    "Security & analysis" tab in repository settings
  4. Under "Configure security and analysis features", to the right of the feature, click Disable or Enable.
    "Enable" or "Disable" button for "Configure security and analysis" features

Granting access to GitHub Dependabot alerts

After you enable GitHub Dependabot alerts for a repository in an organization, organization owners and repository administrators can view the alerts by default. You can give additional teams and people access to the alerts for a repository.

  1. On GitHub, navigate to the main page of the repository.
  2. Under your repository name, click Settings.
    Repository settings button
  3. In the left sidebar, click Security & analysis.
    "Security & analysis" tab in repository settings
  4. Under "Dependabot alerts", in the search field, start typing the name of the person or team you'd like to find, then click a name in the list of matches.
    Search field for granting people or teams access to Dependabot alerts
  5. Click Save changes.
    "Save changes" button for changes to Dependabot alert settings

Removing access to GitHub Dependabot alerts

  1. On GitHub, navigate to the main page of the repository.
  2. Under your repository name, click Settings.
    Repository settings button
  3. In the left sidebar, click Security & analysis.
    "Security & analysis" tab in repository settings
  4. Under "Dependabot alerts", to the right of the person or team whose access you'd like to remove, click .
    "x" button to remove someone's access to Dependabot alerts for your repository

Were you able to find what you were looking for?

Ask a human

Can't find what you're looking for?

Contact us