Securing your organization

You can use a number of GitHub features to help keep your organization secure.

Organization owners can configure organization security settings.

Introduction

This guide shows you how to configure security features for an organization. Your organization's security needs are unique and you may not need to enable every security feature. For more information, see "GitHub security features."

Some security features are only available for public repositories, and for private repositories owned by organizations with an Advanced Security license. For more information, see "About GitHub Advanced Security."

Managing access to your organization

You can use permission levels to control what actions people can take in your organization. For more information, see "Permission levels for an organization."

Creating a default security policy

You can create a default security policy that will display in any of your organization's public repositories that do not have their own security policy. For more information, see "Creating a default community health file."

Managing Alertas del Dependabot de GitHub and the dependency graph

By default, GitHub detects vulnerabilities in public repositories and generates Alertas del Dependabot de GitHub and a dependency graph. You can enable or disable Alertas del Dependabot de GitHub and the dependency graph for all repositories owned by your organization.

  1. Click your profile photo, then click Organizations.
  2. Click Settings next to your organization.
  3. Click Security & analysis.
  4. Click Enable all or Disable all next to the feature that you want to manage.
  5. Optionally, select Automatically enable for new repositories.

For more information, see "About alerts for vulnerable dependencies," "Exploring the dependencies of a repository," and "Managing security and analysis settings for your organization."

Managing dependency review

Dependency review lets you visualize dependency changes in pull requests before they are merged into your repositories. Dependency review is available in all public repositories and in repositories owned by organizations with an Advanced Security license that have the dependency graph enabled. For more information, see "About dependency review."

Managing Actualizaciones de seguridad del Dependabot de GitHub

For any repository that uses Alertas del Dependabot de GitHub, you can enable Actualizaciones de seguridad del Dependabot de GitHub to raise pull requests with security updates when vulnerabilities are detected. You can also enable or disable Actualizaciones de seguridad del Dependabot de GitHub for all repositories across your organization.

  1. Click your profile photo, then click Organizations.
  2. Click Settings next to your organization.
  3. Click Security & analysis.
  4. Click Enable all or Disable all next to Actualizaciones de seguridad del Dependabot de GitHub.
  5. Optionally, select Automatically enable for new repositories.

For more information, see "About Actualizaciones de seguridad del Dependabot de GitHub" and "Managing security and analysis settings for your organization."

Managing Actualizaciones de versión para el Dependabot de GitHub

You can enable Dependabot de GitHub to automatically raise pull requests to keep your dependencies up-to-date. For more information, see "About Actualizaciones de versión para el Dependabot de GitHub."

To enable Actualizaciones de versión para el Dependabot de GitHub, you must create a dependabot.yml configuration file. For more information, see "Enabling and disabling version updates."

Managing GitHub Advanced Security

If your organization has an Advanced Security license, you can enable or disable Advanced Security features.

  1. Click your profile photo, then click Organizations.
  2. Click Settings next to your organization.
  3. Click Security & analysis.
  4. Click Enable all or Disable all next to GitHub Advanced Security.
  5. Optionally, select Automatically enable for new private repositories.

For more information, see "About GitHub Advanced Security" and "Managing security and analysis settings for your organization."

Configuring escaneo de secretos

Escaneo de secretos is available for all public repositories, and for private repositories owned by organizations with an Advanced Security license.

You can enable or disable escaneo de secretos for all repositories across your organization that have Advanced Security enabled.

  1. Click your profile photo, then click Organizations.
  2. Click Settings next to your organization.
  3. Click Security & analysis.
  4. Click Enable all or Disable all next to Escaneo de secretos (GitHub Advanced Security repositories only).
  5. Optionally, select Automatically enable for private repositories added to Advanced Security.

For more information, see "Managing security and analysis settings for your organization."

Next steps

You can view, filter, and sort security alerts for repositories owned by your organization in the security overview. For more information, see "About the security overview."

You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see "Viewing and updating vulnerable dependencies in your repository," "Managing pull requests for dependency updates," "Managing escaneo de código for your repository," and "Managing alerts from escaneo de secretos."

If you have a security vulnerability, you can create a security advisory to privately discuss and fix the vulnerability. For more information, see "About GitHub Security Advisories" and "Creating a security advisory."

Did this doc help you?Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

O, learn how to contribute.