ドキュメントには頻繁に更新が加えられ、その都度公開されています。本ページの翻訳はまだ未完成な部分があることをご了承ください。最新の情報については、英語のドキュメンテーションをご参照ください。本ページの翻訳に問題がある場合はこちらまでご連絡ください。

Securing your organization

You can use a number of GitHub features to help keep your organization secure.

Organization owners can configure organization security settings.

Introduction

This guide shows you how to configure security features for an organization. Your organization's security needs are unique and you may not need to enable every security feature. For more information, see "GitHub security features."

Some features are available for all repositories. Additional features are available to enterprises that use GitHub Advanced Security. 詳しい情報については、「GitHub Advanced Security について」を参照してください。

Managing access to your organization

You can use roles to control what actions people can take in your organization. For example, you can assign the security manager role to a team to give them the ability to manage security settings across your organization, as well as read access to all repositories. For more information, see "Roles in an organization."

Creating a default security policy

You can create a default security policy that will display in any of your organization's public repositories that do not have their own security policy. For more information, see "Creating a default community health file."

Managing Dependabotアラート and the dependency graph

The dependency graph and Dependabotアラート are configured at an enterprise level by the enterprise owner. For more information, see "Enabling the dependency graph and Dependabotアラート for your enterprise."

For more information, see "About alerts for vulnerable dependencies," "Exploring the dependencies of a repository," and "Managing security and analysis settings for your organization."

Managing dependency review

Dependency review is an Advanced Security feature that lets you visualize dependency changes in pull requests before they are merged into your repositories. For more information, see "About dependency review."

Dependency review is available when dependency graph is enabled for your GitHub Enterprise Server instance and you enable Advanced Security for the organization (see below).

Managing Dependabotセキュリティアップデート

For any repository that uses Dependabotアラート, you can enable Dependabotセキュリティアップデート to raise pull requests with security updates when vulnerabilities are detected. You can also enable or disable Dependabotセキュリティアップデート for all repositories across your organization.

  1. Click your profile photo, then click Organizations.
  2. Click Settings next to your organization.
  3. Click Security & analysis.
  4. Click Enable all or Disable all next to Dependabotセキュリティアップデート.
  5. Optionally, select Automatically enable for new repositories.

For more information, see "About Dependabotセキュリティアップデート" and "Managing security and analysis settings for your organization."

Managing Dependabotバージョンアップデート

You can enable Dependabot to automatically raise pull requests to keep your dependencies up-to-date. For more information, see "About Dependabotバージョンアップデート."

To enable Dependabotバージョンアップデート, you must create a dependabot.yml configuration file. For more information, see "Enabling and disabling Dependabot version updates."

Managing GitHub Advanced Security

If your enterprise has an Advanced Security license, you can enable or disable Advanced Security features.

  1. Click your profile photo, then click Organizations.
  2. Click Settings next to your organization.
  3. Click Security & analysis.
  4. Click Enable all or Disable all next to GitHub Advanced Security.
  5. Optionally, select Automatically enable for new private repositories.

For more information, see "About GitHub Advanced Security" and "Managing security and analysis settings for your organization."

Configuring secret scanning

Secret scanning is an Advanced Security feature that scans repositories for secrets that are insecurely stored.

Secret scanning is available if your enterprise uses Advanced Security.

You can enable or disable secret scanning for all repositories across your organization that have Advanced Security enabled.

  1. Click your profile photo, then click Organizations.
  2. Click Settings next to your organization.
  3. Click Security & analysis.
  4. Click Enable all or Disable all next to Secret scanning (GitHub Advanced Security repositories only).
  5. Optionally, select Automatically enable for private repositories added to Advanced Security.

For more information, see "Managing security and analysis settings for your organization."

Configuring code scanning

Code scanning is an Advanced Security feature that scans code for security vulnerabilities and errors

Code scanning is available if your enterprise uses Advanced Security.

Code scanning is configured at the repository level. For more information, see "Setting up code scanning for a repository."

Next steps

You can view, filter, and sort security alerts for repositories owned by your organization in the security overview. For more information, see "About the security overview."

You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see "Viewing and updating vulnerable dependencies in your repository," "Managing pull requests for dependency updates," "Managing code scanning for your repository," and "Managing alerts from secret scanning."

このドキュメントは役立ちましたか?

プライバシーポリシー

これらのドキュメントを素晴らしいものにするのを手伝ってください!

GitHubのすべてのドキュメントはオープンソースです。間違っていたり、はっきりしないところがありましたか?Pull Requestをお送りください。

コントリビューションを行う

OR, コントリビューションの方法を学んでください。

問題がまだ解決していませんか?