About applying a custom security configuration
After you create a custom security configuration, you need to apply it to repositories in your organization to enable the configuration's settings on those repositories. To learn how to create a custom security configuration, see Creating a custom security configuration.
Applying your custom security configuration to repositories in your organization
-
In the upper-right corner of GitHub, select your profile photo, then click Your organizations.
-
Under your organization name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.
-
In the "Security" section of the sidebar, select the Code security dropdown menu, then click Configurations.
-
Optionally, in the "Apply configurations" section, filter for specific repositories you would like to apply your custom security configuration to. To learn how to filter the repository table, see Filtering repositories in your organization using the repository table.
-
In the repository table, select repositories with one of three methods:
- Select each repository you would like to apply the security configuration to.
- To select all repositories displayed on the current page of the repository table, select NUMBER repositories.
- After selecting NUMBER repositories, to select all repositories in your organization that match any filters you have applied, click Select all.
Note
The repository table will show which repositories have an enforced configuration. This means that repository owners will be blocked from changing features that have been enabled or disabled in the configuration, but features that are not set aren't enforced.
-
Select the Apply configuration dropdown menu, then click YOUR-CONFIGURATION-NAME.
-
Optionally, in the confirmation dialog, you can choose to automatically apply the security configuration to newly created repositories depending on their visibility. Select the None dropdown menu, then click Public, or Private and internal, or both.
Note
The default security configuration for an organization is only automatically applied to new repositories created in your organization. If a repository is transferred into your organization, you will still need to apply an appropriate security configuration to the repository manually.
-
To apply the security configuration, click Apply.
The security configuration is applied to both active and archived repositories because some security features run on archived repositories, for example, secret scanning. In addition, if a repository is later unarchived you can be confident that it is protected by the chosen security configuration.
Next steps
To learn how to interpret security findings from your custom security configuration on a repository, see Interpreting security findings.
To learn how to edit your custom security configuration, see "Editing a custom security configuration."
You may encounter an error when you attempt to apply a security configuration. For more information, see "Finding and fixing configuration attachment failures" and "Troubleshooting security configurations."