Configurations

Get code security configurations for an organization

Lists all code security configurations available in an organization.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.

Tokens de acceso específicos para "Get code security configurations for an organization"

Este punto de conexión funciona con los siguientes tipos de token pormenorizados:

El token pormenorizado debe tener el siguiente conjunto de permisos:

"Administration" organization permissions (write)

Parámetros para "Get code security configurations for an organization"

Encabezados
Nombre, Tipo, Descripción
`accept` string Setting to `application/vnd.github+json` is recommended.

Parámetros de la ruta de acceso
Nombre, Tipo, Descripción
`org` string Requerido The organization name. The name is not case sensitive.

Parámetros de consulta
Nombre, Tipo, Descripción
`target_type` string The target type of the code security configuration Valor predeterminado: `all` Puede ser uno de los siguientes: `global`, `all`
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Valor predeterminado: `30`
`before` string A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API."
`after` string A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API."

Códigos de estado de respuesta HTTP para "Get code security configurations for an organization"

status code	Descripción
`200`	OK
`403`	Forbidden
`404`	Resource not found

Ejemplos de código para "Get code security configurations for an organization"

Si accedes a GitHub en GHE.com, reemplaza api.github.com por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com.

Ejemplo de solicitud

get/orgs/{org}/code-security/configurations

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/code-security/configurations

Response

Status: 200

[
  {
    "id": 17,
    "target_type": "global",
    "name": "GitHub recommended",
    "description": "Suggested settings for Dependabot, secret scanning, and code scanning.",
    "advanced_security": "enabled",
    "dependency_graph": "enabled",
    "dependency_graph_autosubmit_action": "not_set",
    "dependency_graph_autosubmit_action_options": {
      "labeled_runners": false
    },
    "dependabot_alerts": "enabled",
    "dependabot_security_updates": "not_set",
    "code_scanning_default_setup": "enabled",
    "secret_scanning": "enabled",
    "secret_scanning_push_protection": "enabled",
    "secret_scanning_delegated_bypass": "enabled",
    "secret_scanning_delegated_bypass_options": {
      "reviewers": [
        {
          "security_configuration_id": 17,
          "reviewer_id": 5678,
          "reviewer_type": "TEAM"
        }
      ]
    },
    "secret_scanning_validity_checks": "enabled",
    "secret_scanning_non_provider_patterns": "enabled",
    "private_vulnerability_reporting": "enabled",
    "enforcement": "enforced",
    "url": "https://api.github.com/orgs/octo-org/code-security/configurations/17",
    "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/view",
    "created_at": "2023-12-04T15:58:07Z",
    "updated_at": "2023-12-04T15:58:07Z"
  },
  {
    "id": 1326,
    "target_type": "organization",
    "name": "High risk settings",
    "description": "This is a code security configuration for octo-org high risk repositories",
    "advanced_security": "enabled",
    "dependency_graph": "enabled",
    "dependency_graph_autosubmit_action": "enabled",
    "dependency_graph_autosubmit_action_options": {
      "labeled_runners": false
    },
    "dependabot_alerts": "enabled",
    "dependabot_security_updates": "enabled",
    "code_scanning_default_setup": "enabled",
    "secret_scanning": "enabled",
    "secret_scanning_push_protection": "enabled",
    "secret_scanning_delegated_bypass": "disabled",
    "secret_scanning_validity_checks": "disabled",
    "secret_scanning_non_provider_patterns": "disabled",
    "private_vulnerability_reporting": "enabled",
    "enforcement": "enforced",
    "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1326",
    "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/edit/1326",
    "created_at": "2024-05-10T00:00:00Z",
    "updated_at": "2024-05-10T00:00:00Z"
  }
]

Create a code security configuration

Creates a code security configuration in an organization.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.

Tokens de acceso específicos para "Create a code security configuration"

Este punto de conexión funciona con los siguientes tipos de token pormenorizados:

El token pormenorizado debe tener el siguiente conjunto de permisos:

"Administration" organization permissions (write)

Parámetros para "Create a code security configuration"

Encabezados
Nombre, Tipo, Descripción
`accept` string Setting to `application/vnd.github+json` is recommended.

Parámetros de la ruta de acceso
Nombre, Tipo, Descripción
`org` string Requerido The organization name. The name is not case sensitive.

Nombre, Tipo, Descripción

name string Requerido

The name of the code security configuration. Must be unique within the organization.

description string Requerido

A description of the code security configuration

advanced_security string

The enablement status of GitHub Advanced Security

Valor predeterminado: disabled

Puede ser uno de los siguientes: enabled, disabled

dependency_graph string

The enablement status of Dependency Graph

Valor predeterminado: enabled

Puede ser uno de los siguientes: enabled, disabled, not_set

dependency_graph_autosubmit_action string

The enablement status of Automatic dependency submission

Valor predeterminado: disabled

Puede ser uno de los siguientes: enabled, disabled, not_set

dependency_graph_autosubmit_action_options object

Feature options for Automatic dependency submission

Properties of dependency_graph_autosubmit_action_options

Nombre, Tipo, Descripción
`labeled_runners` boolean Whether to use runners labeled with 'dependency-submission' or standard GitHub runners. Valor predeterminado: `false`

dependabot_alerts string

The enablement status of Dependabot alerts

Valor predeterminado: disabled

Puede ser uno de los siguientes: enabled, disabled, not_set

dependabot_security_updates string

The enablement status of Dependabot security updates

Valor predeterminado: disabled

Puede ser uno de los siguientes: enabled, disabled, not_set

code_scanning_default_setup string

The enablement status of code scanning default setup

Valor predeterminado: disabled

Puede ser uno de los siguientes: enabled, disabled, not_set

secret_scanning string

The enablement status of secret scanning

Valor predeterminado: disabled

Puede ser uno de los siguientes: enabled, disabled, not_set

secret_scanning_push_protection string

The enablement status of secret scanning push protection

Valor predeterminado: disabled

Puede ser uno de los siguientes: enabled, disabled, not_set

secret_scanning_delegated_bypass string

The enablement status of secret scanning delegated bypass

Valor predeterminado: disabled

Puede ser uno de los siguientes: enabled, disabled, not_set

secret_scanning_delegated_bypass_options object

Feature options for secret scanning delegated bypass

Properties of secret_scanning_delegated_bypass_options

Nombre, Tipo, Descripción

reviewers array of objects

The bypass reviewers for secret scanning delegated bypass

Properties of reviewers

Nombre, Tipo, Descripción
`reviewer_id` integer Requerido The ID of the team or role selected as a bypass reviewer
`reviewer_type` string Requerido The type of the bypass reviewer Puede ser uno de los siguientes: `TEAM`, `ROLE`

secret_scanning_validity_checks string

The enablement status of secret scanning validity checks

Valor predeterminado: disabled

Puede ser uno de los siguientes: enabled, disabled, not_set

secret_scanning_non_provider_patterns string

The enablement status of secret scanning non provider patterns

Valor predeterminado: disabled

Puede ser uno de los siguientes: enabled, disabled, not_set

private_vulnerability_reporting string

The enablement status of private vulnerability reporting

Valor predeterminado: disabled

Puede ser uno de los siguientes: enabled, disabled, not_set

enforcement string

The enforcement status for a security configuration

Valor predeterminado: enforced

Puede ser uno de los siguientes: enforced, unenforced

Códigos de estado de respuesta HTTP para "Create a code security configuration"

status code	Descripción
`201`	Successfully created code security configuration

Ejemplos de código para "Create a code security configuration"

Si accedes a GitHub en GHE.com, reemplaza api.github.com por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com.

Ejemplo de solicitud

post/orgs/{org}/code-security/configurations

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/code-security/configurations \
  -d '{"name":"octo-org recommended settings","description":"This is a code security configuration for octo-org","advanced_security":"enabled","dependabot_alerts":"enabled","dependabot_security_updates":"not_set","secret_scanning":"enabled"}'

Successfully created code security configuration

Status: 201

{
  "id": 1325,
  "target_type": "organization",
  "name": "octo-org recommended settings",
  "description": "This is a code security configuration for octo-org",
  "advanced_security": "enabled",
  "dependency_graph": "enabled",
  "dependency_graph_autosubmit_action": "enabled",
  "dependency_graph_autosubmit_action_options": {
    "labeled_runners": false
  },
  "dependabot_alerts": "enabled",
  "dependabot_security_updates": "not_set",
  "code_scanning_default_setup": "disabled",
  "secret_scanning": "enabled",
  "secret_scanning_push_protection": "disabled",
  "secret_scanning_delegated_bypass": "disabled",
  "secret_scanning_validity_checks": "disabled",
  "secret_scanning_non_provider_patterns": "disabled",
  "private_vulnerability_reporting": "disabled",
  "enforcement": "enforced",
  "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1325",
  "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/edit/1325",
  "created_at": "2024-05-01T00:00:00Z",
  "updated_at": "2024-05-01T00:00:00Z"
}

Get default code security configurations

Lists the default code security configurations for an organization.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.

Tokens de acceso específicos para "Get default code security configurations"

Este punto de conexión funciona con los siguientes tipos de token pormenorizados:

El token pormenorizado debe tener el siguiente conjunto de permisos:

"Administration" organization permissions (write)

Parámetros para "Get default code security configurations"

Encabezados
Nombre, Tipo, Descripción
`accept` string Setting to `application/vnd.github+json` is recommended.

Parámetros de la ruta de acceso
Nombre, Tipo, Descripción
`org` string Requerido The organization name. The name is not case sensitive.

Códigos de estado de respuesta HTTP para "Get default code security configurations"

status code	Descripción
`200`	OK
`304`	Not modified
`403`	Forbidden
`404`	Resource not found

Ejemplos de código para "Get default code security configurations"

Si accedes a GitHub en GHE.com, reemplaza api.github.com por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com.

Ejemplo de solicitud

get/orgs/{org}/code-security/configurations/defaults

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/code-security/configurations/defaults

Response

Status: 200

[
  {
    "default_for_new_repos": "public",
    "configuration": {
      "id": 1325,
      "target_type": "organization",
      "name": "octo-org recommended settings",
      "description": "This is a code security configuration for octo-org",
      "advanced_security": "enabled",
      "dependency_graph": "enabled",
      "dependency_graph_autosubmit_action": "not_set",
      "dependency_graph_autosubmit_action_options": {
        "labeled_runners": false
      },
      "dependabot_alerts": "enabled",
      "dependabot_security_updates": "not_set",
      "code_scanning_default_setup": "enabled",
      "secret_scanning": "enabled",
      "secret_scanning_push_protection": "enabled",
      "secret_scanning_delegated_bypass": "enabled",
      "secret_scanning_delegated_bypass_options": {
        "reviewers": [
          {
            "security_configuration_id": 1325,
            "reviewer_id": 5678,
            "reviewer_type": "TEAM"
          }
        ]
      },
      "secret_scanning_validity_checks": "enabled",
      "secret_scanning_non_provider_patterns": "enabled",
      "private_vulnerability_reporting": "enabled",
      "enforcement": "enforced",
      "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1325",
      "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/edit/1325",
      "created_at": "2024-05-01T00:00:00Z",
      "updated_at": "2024-05-01T00:00:00Z"
    }
  },
  {
    "default_for_new_repos": "private_and_internal",
    "configuration": {
      "id": 17,
      "target_type": "global",
      "name": "GitHub recommended",
      "description": "Suggested settings for Dependabot, secret scanning, and code scanning.",
      "advanced_security": "enabled",
      "dependency_graph": "enabled",
      "dependency_graph_autosubmit_action": "not_set",
      "dependency_graph_autosubmit_action_options": {
        "labeled_runners": false
      },
      "dependabot_alerts": "enabled",
      "dependabot_security_updates": "not_set",
      "code_scanning_default_setup": "enabled",
      "secret_scanning": "enabled",
      "secret_scanning_push_protection": "enabled",
      "secret_scanning_delegated_bypass": "disabled",
      "secret_scanning_validity_checks": "disabled",
      "private_vulnerability_reporting": "enabled",
      "enforcement": "enforced",
      "url": "https://api.github.com/orgs/octo-org/code-security/configurations/17",
      "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/view",
      "created_at": "2023-12-04T15:58:07Z",
      "updated_at": "2023-12-04T15:58:07Z"
    }
  }
]

Detach configurations from repositories

Detach code security configuration(s) from a set of repositories. Repositories will retain their settings but will no longer be associated with the configuration.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.

Tokens de acceso específicos para "Detach configurations from repositories"

Este punto de conexión funciona con los siguientes tipos de token pormenorizados:

El token pormenorizado debe tener el siguiente conjunto de permisos:

"Administration" organization permissions (write)

Parámetros para "Detach configurations from repositories"

Encabezados
Nombre, Tipo, Descripción
`accept` string Setting to `application/vnd.github+json` is recommended.

Parámetros de la ruta de acceso
Nombre, Tipo, Descripción
`org` string Requerido The organization name. The name is not case sensitive.

Parámetros del cuerpo
Nombre, Tipo, Descripción
`selected_repository_ids` array of integers An array of repository IDs to detach from configurations.

Códigos de estado de respuesta HTTP para "Detach configurations from repositories"

status code	Descripción
`204`	A header with no content is returned.
`400`	Bad Request
`403`	Forbidden
`404`	Resource not found
`409`	Conflict

Ejemplos de código para "Detach configurations from repositories"

Si accedes a GitHub en GHE.com, reemplaza api.github.com por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com.

Ejemplo de solicitud

delete/orgs/{org}/code-security/configurations/detach

curl -L \
  -X DELETE \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/code-security/configurations/detach \
  -d '{"selected_repository_ids":[32,91]}'

A header with no content is returned.

Status: 204

Get a code security configuration

Gets a code security configuration available in an organization.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.

Tokens de acceso específicos para "Get a code security configuration"

Este punto de conexión funciona con los siguientes tipos de token pormenorizados:

El token pormenorizado debe tener el siguiente conjunto de permisos:

"Administration" organization permissions (write)

Parámetros para "Get a code security configuration"

Encabezados
Nombre, Tipo, Descripción
`accept` string Setting to `application/vnd.github+json` is recommended.

Parámetros de la ruta de acceso
Nombre, Tipo, Descripción
`org` string Requerido The organization name. The name is not case sensitive.
`configuration_id` integer Requerido The unique identifier of the code security configuration.

Códigos de estado de respuesta HTTP para "Get a code security configuration"

status code	Descripción
`200`	OK
`304`	Not modified
`403`	Forbidden
`404`	Resource not found

Ejemplos de código para "Get a code security configuration"

Si accedes a GitHub en GHE.com, reemplaza api.github.com por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com.

Ejemplo de solicitud

get/orgs/{org}/code-security/configurations/{configuration_id}

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/code-security/configurations/CONFIGURATION_ID

Response

Status: 200

{
  "id": 1325,
  "target_type": "organization",
  "name": "octo-org recommended settings",
  "description": "This is a code security configuration for octo-org",
  "advanced_security": "enabled",
  "dependency_graph": "enabled",
  "dependency_graph_autosubmit_action": "enabled",
  "dependency_graph_autosubmit_action_options": {
    "labeled_runners": false
  },
  "dependabot_alerts": "enabled",
  "dependabot_security_updates": "not_set",
  "code_scanning_default_setup": "disabled",
  "secret_scanning": "enabled",
  "secret_scanning_push_protection": "disabled",
  "secret_scanning_delegated_bypass": "disabled",
  "secret_scanning_validity_checks": "disabled",
  "secret_scanning_non_provider_patterns": "disabled",
  "private_vulnerability_reporting": "disabled",
  "enforcement": "enforced",
  "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1325",
  "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/edit/1325",
  "created_at": "2024-05-01T00:00:00Z",
  "updated_at": "2024-05-01T00:00:00Z"
}

Update a code security configuration

Updates a code security configuration in an organization.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.

Tokens de acceso específicos para "Update a code security configuration"

Este punto de conexión funciona con los siguientes tipos de token pormenorizados:

El token pormenorizado debe tener el siguiente conjunto de permisos:

"Administration" organization permissions (write)

Parámetros para "Update a code security configuration"

Encabezados
Nombre, Tipo, Descripción
`accept` string Setting to `application/vnd.github+json` is recommended.

Parámetros de la ruta de acceso
Nombre, Tipo, Descripción
`org` string Requerido The organization name. The name is not case sensitive.
`configuration_id` integer Requerido The unique identifier of the code security configuration.

Nombre, Tipo, Descripción

name string

The name of the code security configuration. Must be unique within the organization.

description string

A description of the code security configuration

advanced_security string

The enablement status of GitHub Advanced Security

Puede ser uno de los siguientes: enabled, disabled

dependency_graph string

The enablement status of Dependency Graph

Puede ser uno de los siguientes: enabled, disabled, not_set

dependency_graph_autosubmit_action string

The enablement status of Automatic dependency submission

Puede ser uno de los siguientes: enabled, disabled, not_set

dependency_graph_autosubmit_action_options object

Feature options for Automatic dependency submission

Properties of dependency_graph_autosubmit_action_options

Nombre, Tipo, Descripción
`labeled_runners` boolean Whether to use runners labeled with 'dependency-submission' or standard GitHub runners.

dependabot_alerts string

The enablement status of Dependabot alerts

Puede ser uno de los siguientes: enabled, disabled, not_set

dependabot_security_updates string

The enablement status of Dependabot security updates

Puede ser uno de los siguientes: enabled, disabled, not_set

code_scanning_default_setup string

The enablement status of code scanning default setup

Puede ser uno de los siguientes: enabled, disabled, not_set

secret_scanning string

The enablement status of secret scanning

Puede ser uno de los siguientes: enabled, disabled, not_set

secret_scanning_push_protection string

The enablement status of secret scanning push protection

Puede ser uno de los siguientes: enabled, disabled, not_set

secret_scanning_delegated_bypass string

The enablement status of secret scanning delegated bypass

Puede ser uno de los siguientes: enabled, disabled, not_set

secret_scanning_delegated_bypass_options object

Feature options for secret scanning delegated bypass

Properties of secret_scanning_delegated_bypass_options

Nombre, Tipo, Descripción

reviewers array of objects

The bypass reviewers for secret scanning delegated bypass

Properties of reviewers

Nombre, Tipo, Descripción
`reviewer_id` integer Requerido The ID of the team or role selected as a bypass reviewer
`reviewer_type` string Requerido The type of the bypass reviewer Puede ser uno de los siguientes: `TEAM`, `ROLE`

secret_scanning_validity_checks string

The enablement status of secret scanning validity checks

Puede ser uno de los siguientes: enabled, disabled, not_set

secret_scanning_non_provider_patterns string

The enablement status of secret scanning non-provider patterns

Puede ser uno de los siguientes: enabled, disabled, not_set

private_vulnerability_reporting string

The enablement status of private vulnerability reporting

Puede ser uno de los siguientes: enabled, disabled, not_set

enforcement string

The enforcement status for a security configuration

Puede ser uno de los siguientes: enforced, unenforced

Códigos de estado de respuesta HTTP para "Update a code security configuration"

status code	Descripción
`200`	Response when a configuration is updated
`204`	Response when no new updates are made

Ejemplos de código para "Update a code security configuration"

Si accedes a GitHub en GHE.com, reemplaza api.github.com por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com.

Ejemplo de solicitud

patch/orgs/{org}/code-security/configurations/{configuration_id}

curl -L \
  -X PATCH \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/code-security/configurations/CONFIGURATION_ID \
  -d '{"name":"octo-org recommended settings v2","secret_scanning":"disabled","code_scanning_default_setup":"enabled"}'

Response when a configuration is updated

Status: 200

{
  "id": 1325,
  "target_type": "organization",
  "name": "octo-org recommended settings v2",
  "description": "This is a code security configuration for octo-org",
  "advanced_security": "enabled",
  "dependency_graph": "enabled",
  "dependency_graph_autosubmit_action": "enabled",
  "dependency_graph_autosubmit_action_options": {
    "labeled_runners": false
  },
  "dependabot_alerts": "enabled",
  "dependabot_security_updates": "not_set",
  "code_scanning_default_setup": "enabled",
  "secret_scanning": "disabled",
  "secret_scanning_push_protection": "disabled",
  "secret_scanning_delegated_bypass": "disabled",
  "secret_scanning_validity_checks": "disabled",
  "secret_scanning_non_provider_patterns": "disabled",
  "private_vulnerability_reporting": "disabled",
  "enforcement": "enforced",
  "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1325",
  "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/edit/1325",
  "created_at": "2024-05-01T00:00:00Z",
  "updated_at": "2024-05-01T00:00:00Z"
}

Delete a code security configuration

Deletes the desired code security configuration from an organization. Repositories attached to the configuration will retain their settings but will no longer be associated with the configuration.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.

Tokens de acceso específicos para "Delete a code security configuration"

Este punto de conexión funciona con los siguientes tipos de token pormenorizados:

El token pormenorizado debe tener el siguiente conjunto de permisos:

"Administration" organization permissions (write)

Parámetros para "Delete a code security configuration"

Encabezados
Nombre, Tipo, Descripción
`accept` string Setting to `application/vnd.github+json` is recommended.

Parámetros de la ruta de acceso
Nombre, Tipo, Descripción
`org` string Requerido The organization name. The name is not case sensitive.
`configuration_id` integer Requerido The unique identifier of the code security configuration.

Códigos de estado de respuesta HTTP para "Delete a code security configuration"

status code	Descripción
`204`	A header with no content is returned.
`400`	Bad Request
`403`	Forbidden
`404`	Resource not found
`409`	Conflict

Ejemplos de código para "Delete a code security configuration"

Si accedes a GitHub en GHE.com, reemplaza api.github.com por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com.

Ejemplo de solicitud

delete/orgs/{org}/code-security/configurations/{configuration_id}

curl -L \
  -X DELETE \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/code-security/configurations/CONFIGURATION_ID

A header with no content is returned.

Status: 204

Attach a configuration to repositories

Attach a code security configuration to a set of repositories. If the repositories specified are already attached to a configuration, they will be re-attached to the provided configuration.

If insufficient GHAS licenses are available to attach the configuration to a repository, only free features will be enabled.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.

Tokens de acceso específicos para "Attach a configuration to repositories"

Este punto de conexión funciona con los siguientes tipos de token pormenorizados:

El token pormenorizado debe tener el siguiente conjunto de permisos:

"Administration" organization permissions (write)

Parámetros para "Attach a configuration to repositories"

Encabezados
Nombre, Tipo, Descripción
`accept` string Setting to `application/vnd.github+json` is recommended.

Parámetros de la ruta de acceso
Nombre, Tipo, Descripción
`org` string Requerido The organization name. The name is not case sensitive.
`configuration_id` integer Requerido The unique identifier of the code security configuration.

Parámetros del cuerpo
Nombre, Tipo, Descripción
`scope` string Requerido The type of repositories to attach the configuration to. `selected` means the configuration will be attached to only the repositories specified by `selected_repository_ids` Puede ser uno de los siguientes: `all`, `all_without_configurations`, `public`, `private_or_internal`, `selected`
`selected_repository_ids` array of integers An array of repository IDs to attach the configuration to. You can only provide a list of repository ids when the `scope` is set to `selected`.

Códigos de estado de respuesta HTTP para "Attach a configuration to repositories"

status code	Descripción
`202`	Accepted

Ejemplos de código para "Attach a configuration to repositories"

Si accedes a GitHub en GHE.com, reemplaza api.github.com por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com.

Ejemplo de solicitud

post/orgs/{org}/code-security/configurations/{configuration_id}/attach

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/code-security/configurations/CONFIGURATION_ID/attach \
  -d '{"scope":"selected","selected_repository_ids":[32,91]}'

Accepted

Status: 202

Set a code security configuration as a default for an organization

Sets a code security configuration as a default to be applied to new repositories in your organization.

This configuration will be applied to the matching repository type (all, none, public, private and internal) by default when they are created.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.

Tokens de acceso específicos para "Set a code security configuration as a default for an organization"

Este punto de conexión funciona con los siguientes tipos de token pormenorizados:

El token pormenorizado debe tener el siguiente conjunto de permisos:

"Administration" organization permissions (write)

Parámetros para "Set a code security configuration as a default for an organization"

Encabezados
Nombre, Tipo, Descripción
`accept` string Setting to `application/vnd.github+json` is recommended.

Parámetros de la ruta de acceso
Nombre, Tipo, Descripción
`org` string Requerido The organization name. The name is not case sensitive.
`configuration_id` integer Requerido The unique identifier of the code security configuration.

Parámetros del cuerpo
Nombre, Tipo, Descripción
`default_for_new_repos` string Specify which types of repository this security configuration should be applied to by default. Puede ser uno de los siguientes: `all`, `none`, `private_and_internal`, `public`

Códigos de estado de respuesta HTTP para "Set a code security configuration as a default for an organization"

status code	Descripción
`200`	Default successfully changed.
`403`	Forbidden
`404`	Resource not found

Ejemplos de código para "Set a code security configuration as a default for an organization"

Si accedes a GitHub en GHE.com, reemplaza api.github.com por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com.

Ejemplo de solicitud

put/orgs/{org}/code-security/configurations/{configuration_id}/defaults

curl -L \
  -X PUT \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/code-security/configurations/CONFIGURATION_ID/defaults \
  -d '{"default_for_new_repos":"all"}'

Default successfully changed.

Status: 200

{
  "default_for_new_repos": "all",
  "configuration": {
    "value": {
      "id": 1325,
      "target_type": "organization",
      "name": "octo-org recommended settings",
      "description": "This is a code security configuration for octo-org",
      "advanced_security": "enabled",
      "dependency_graph": "enabled",
      "dependency_graph_autosubmit_action": "enabled",
      "dependency_graph_autosubmit_action_options": {
        "labeled_runners": false
      },
      "dependabot_alerts": "enabled",
      "dependabot_security_updates": "not_set",
      "code_scanning_default_setup": "disabled",
      "secret_scanning": "enabled",
      "secret_scanning_push_protection": "disabled",
      "secret_scanning_delegated_bypass": "disabled",
      "secret_scanning_validity_checks": "disabled",
      "secret_scanning_non_provider_patterns": "disabled",
      "private_vulnerability_reporting": "disabled",
      "enforcement": "enforced",
      "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1325",
      "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/edit/1325",
      "created_at": "2024-05-01T00:00:00Z",
      "updated_at": "2024-05-01T00:00:00Z"
    }
  }
}

Get repositories associated with a code security configuration

Lists the repositories associated with a code security configuration in an organization.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.

Tokens de acceso específicos para "Get repositories associated with a code security configuration"

Este punto de conexión funciona con los siguientes tipos de token pormenorizados:

El token pormenorizado debe tener el siguiente conjunto de permisos:

"Administration" organization permissions (write)

Parámetros para "Get repositories associated with a code security configuration"

Encabezados
Nombre, Tipo, Descripción
`accept` string Setting to `application/vnd.github+json` is recommended.

Parámetros de la ruta de acceso
Nombre, Tipo, Descripción
`org` string Requerido The organization name. The name is not case sensitive.
`configuration_id` integer Requerido The unique identifier of the code security configuration.

Parámetros de consulta
Nombre, Tipo, Descripción
`per_page` integer The number of results per page (max 100). For more information, see "Using pagination in the REST API." Valor predeterminado: `30`
`before` string A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API."
`after` string A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API."
`status` string A comma-separated list of statuses. If specified, only repositories with these attachment statuses will be returned. Can be: `all`, `attached`, `attaching`, `detached`, `removed`, `enforced`, `failed`, `updating`, `removed_by_enterprise` Valor predeterminado: `all`

Códigos de estado de respuesta HTTP para "Get repositories associated with a code security configuration"

status code	Descripción
`200`	OK
`403`	Forbidden
`404`	Resource not found

Ejemplos de código para "Get repositories associated with a code security configuration"

Si accedes a GitHub en GHE.com, reemplaza api.github.com por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com.

Ejemplo de solicitud

get/orgs/{org}/code-security/configurations/{configuration_id}/repositories

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/orgs/ORG/code-security/configurations/CONFIGURATION_ID/repositories

Example of code security configuration repositories

Status: 200

[
  {
    "status": "attached",
    "repository": {
      "value": {
        "id": 1296269,
        "node_id": "MDEwOlJlcG9zaXRvcnkxMjk2MjY5",
        "name": "Hello-World",
        "full_name": "octocat/Hello-World",
        "owner": {
          "login": "octocat",
          "id": 1,
          "node_id": "MDQ6VXNlcjE=",
          "avatar_url": "https://github.com/images/error/octocat_happy.gif",
          "gravatar_id": "",
          "url": "https://api.github.com/users/octocat",
          "html_url": "https://github.com/octocat",
          "followers_url": "https://api.github.com/users/octocat/followers",
          "following_url": "https://api.github.com/users/octocat/following{/other_user}",
          "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
          "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
          "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
          "organizations_url": "https://api.github.com/users/octocat/orgs",
          "repos_url": "https://api.github.com/users/octocat/repos",
          "events_url": "https://api.github.com/users/octocat/events{/privacy}",
          "received_events_url": "https://api.github.com/users/octocat/received_events",
          "type": "User",
          "site_admin": false
        },
        "private": false,
        "html_url": "https://github.com/octocat/Hello-World",
        "description": "This your first repo!",
        "fork": false,
        "url": "https://api.github.com/repos/octocat/Hello-World",
        "archive_url": "https://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}",
        "assignees_url": "https://api.github.com/repos/octocat/Hello-World/assignees{/user}",
        "blobs_url": "https://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}",
        "branches_url": "https://api.github.com/repos/octocat/Hello-World/branches{/branch}",
        "collaborators_url": "https://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}",
        "comments_url": "https://api.github.com/repos/octocat/Hello-World/comments{/number}",
        "commits_url": "https://api.github.com/repos/octocat/Hello-World/commits{/sha}",
        "compare_url": "https://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}",
        "contents_url": "https://api.github.com/repos/octocat/Hello-World/contents/{+path}",
        "contributors_url": "https://api.github.com/repos/octocat/Hello-World/contributors",
        "deployments_url": "https://api.github.com/repos/octocat/Hello-World/deployments",
        "downloads_url": "https://api.github.com/repos/octocat/Hello-World/downloads",
        "events_url": "https://api.github.com/repos/octocat/Hello-World/events",
        "forks_url": "https://api.github.com/repos/octocat/Hello-World/forks",
        "git_commits_url": "https://api.github.com/repos/octocat/Hello-World/git/commits{/sha}",
        "git_refs_url": "https://api.github.com/repos/octocat/Hello-World/git/refs{/sha}",
        "git_tags_url": "https://api.github.com/repos/octocat/Hello-World/git/tags{/sha}",
        "git_url": "git:github.com/octocat/Hello-World.git",
        "issue_comment_url": "https://api.github.com/repos/octocat/Hello-World/issues/comments{/number}",
        "issue_events_url": "https://api.github.com/repos/octocat/Hello-World/issues/events{/number}",
        "issues_url": "https://api.github.com/repos/octocat/Hello-World/issues{/number}",
        "keys_url": "https://api.github.com/repos/octocat/Hello-World/keys{/key_id}",
        "labels_url": "https://api.github.com/repos/octocat/Hello-World/labels{/name}",
        "languages_url": "https://api.github.com/repos/octocat/Hello-World/languages",
        "merges_url": "https://api.github.com/repos/octocat/Hello-World/merges",
        "milestones_url": "https://api.github.com/repos/octocat/Hello-World/milestones{/number}",
        "notifications_url": "https://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}",
        "pulls_url": "https://api.github.com/repos/octocat/Hello-World/pulls{/number}",
        "releases_url": "https://api.github.com/repos/octocat/Hello-World/releases{/id}",
        "ssh_url": "git@github.com:octocat/Hello-World.git",
        "stargazers_url": "https://api.github.com/repos/octocat/Hello-World/stargazers",
        "statuses_url": "https://api.github.com/repos/octocat/Hello-World/statuses/{sha}",
        "subscribers_url": "https://api.github.com/repos/octocat/Hello-World/subscribers",
        "subscription_url": "https://api.github.com/repos/octocat/Hello-World/subscription",
        "tags_url": "https://api.github.com/repos/octocat/Hello-World/tags",
        "teams_url": "https://api.github.com/repos/octocat/Hello-World/teams",
        "trees_url": "https://api.github.com/repos/octocat/Hello-World/git/trees{/sha}",
        "hooks_url": "http://api.github.com/repos/octocat/Hello-World/hooks"
      }
    }
  }
]

Get the code security configuration associated with a repository

Get the code security configuration that manages a repository's code security settings.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.

Tokens de acceso específicos para "Get the code security configuration associated with a repository"

Este punto de conexión funciona con los siguientes tipos de token pormenorizados:

El token pormenorizado debe tener el siguiente conjunto de permisos:

"Administration" repository permissions (read)

Parámetros para "Get the code security configuration associated with a repository"

Encabezados
Nombre, Tipo, Descripción
`accept` string Setting to `application/vnd.github+json` is recommended.

Parámetros de la ruta de acceso
Nombre, Tipo, Descripción
`owner` string Requerido The account owner of the repository. The name is not case sensitive.
`repo` string Requerido The name of the repository without the `.git` extension. The name is not case sensitive.

Códigos de estado de respuesta HTTP para "Get the code security configuration associated with a repository"

status code	Descripción
`200`	OK
`204`	A header with no content is returned.
`304`	Not modified
`403`	Forbidden
`404`	Resource not found

Ejemplos de código para "Get the code security configuration associated with a repository"

Si accedes a GitHub en GHE.com, reemplaza api.github.com por el subdominio dedicado de la empresa en api.SUBDOMAIN.ghe.com.

Ejemplo de solicitud

get/repos/{owner}/{repo}/code-security-configuration

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/code-security-configuration

Response

Status: 200

{
  "status": "attached",
  "configuration": {
    "id": 1325,
    "target_type": "organization",
    "name": "octo-org recommended settings",
    "description": "This is a code security configuration for octo-org",
    "advanced_security": "enabled",
    "dependency_graph": "enabled",
    "dependency_graph_autosubmit_action": "enabled",
    "dependency_graph_autosubmit_action_options": {
      "labeled_runners": false
    },
    "dependabot_alerts": "enabled",
    "dependabot_security_updates": "not_set",
    "code_scanning_default_setup": "disabled",
    "secret_scanning": "enabled",
    "secret_scanning_push_protection": "disabled",
    "secret_scanning_delegated_bypass": "disabled",
    "secret_scanning_validity_checks": "disabled",
    "secret_scanning_non_provider_patterns": "disabled",
    "private_vulnerability_reporting": "disabled",
    "enforcement": "enforced",
    "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1325",
    "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/edit/1325",
    "created_at": "2024-05-01T00:00:00Z",
    "updated_at": "2024-05-01T00:00:00Z"
  }
}