このバージョンの GitHub Enterprise サーバーはこの日付をもって終了となります: 2026-03-17. 重大なセキュリティの問題に対してであっても、パッチリリースは作成されません。 パフォーマンスの向上、セキュリティの向上、新機能の向上を図るために、最新バージョンの GitHub Enterprise サーバーにアップグレードしてください。 アップグレードに関するヘルプについては、GitHub Enterprise サポートにお問い合わせください

コード スキャンのマージ保護を設定します

code scanning チェックに失敗したプルリクエストをブロックして、コードベースをセキュリティで保護しましょう。

この機能を使用できるユーザーについて

管理者 ロールを持つ組織の所有者、セキュリティ マネージャー、および組織メンバー

Code scanning は、次のリポジトリの種類で使用できます。

  • GitHub.com 上のパブリックリポジトリ
  • GitHub Team、GitHub Enterprise Cloud、または GitHub Enterprise Server 上の組織所有リポジトリ。 GitHub Advanced Security が 有効になっています。

この記事の内容

Creating a merge protection ruleset for a repository

  1. On GitHub, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the left sidebar, under "Code and automation," click Rules, then click Rulesets.

    Screenshot of the sidebar of the "Settings" page for a repository. The "Rules" sub-menu is expanded, and the "Rulesets" option is outlined in orange.

  4. Click New ruleset.

  5. To create a ruleset targeting branches, click New branch ruleset.

  6. Under "Ruleset name," type a name for the ruleset.

  7. Optionally, to change the default enforcement status, click Disabled and select an enforcement status.

  8. Under "Branch protections", select Require code scanning results.

  9. Under "Required tools and alert thresholds", click Add tool and select a code scanning tool with the dropdown. For example, "CodeQL".

  10. Next to the name of a code scanning tool:

    • Click Alerts and select one of: None, Errors, Errors and Warnings or All.
    • Click Security alerts and select one of: None, Critical, High or higher, Medium or higher, or All.

    Screenshot of the "Required tools and alert thresholds" section of "Rulesets" settings.

For more information about alert severity and security severity levels, see About code scanning alerts.

For more information about managing rulesets in a repository, see Managing rulesets for a repository.

Creating a merge protection ruleset for all repositories in an organization

  1. In the upper-right corner of GitHub, click your profile picture, then click Organizations.

  2. Next to the organization, click Settings.

  3. In the left sidebar, in the "Code, planning, and automation" section, click Repository, then click Rulesets.

    Screenshot of an organization's settings page. In the sidebar, a link labeled "Rulesets" is outlined in orange.

  4. Click New ruleset.

  5. To create a ruleset targeting branches, click New branch ruleset.

  6. Under "Ruleset name," type a name for the ruleset.

  7. Optionally, to change the default enforcement status, click Disabled and select an enforcement status.

  8. Under "Branch protections", select Require code scanning results.

  9. Under "Required tools and alert thresholds", click Add tool and select a code scanning tool with the dropdown. For example, "CodeQL".

  10. Next to the name of a code scanning tool:

    • Click Alerts and select one of: None, Errors, Errors and Warnings or All.
    • Click Security alerts and select one of: None, Critical, High or higher, Medium or higher, or All.

    Screenshot of the "Required tools and alert thresholds" section of "Rulesets" settings.

For more information about alert severity and security severity levels, see About code scanning alerts.

For more information about managing rulesets for repositories in an organization, see Managing rulesets for repositories in your organization.

Creating a merge protection ruleset with the REST API

You can use the REST API to create a ruleset with the code_scanning rule, which allows you to define specific tools and set alert thresholds. For more information, see REST API endpoints for rules.