About custom security configurations
With custom security configurations, you can create collections of enablement settings for GitHub's security products to meet the specific security needs of your enterprise. For example, you can create a different custom security configuration for each organization or group of organizations to reflect their unique security requirements and compliance obligations.
When creating a security configuration, keep in mind that:
- Only features installed by a site administrator on your GitHub Enterprise Server instance will appear in the UI.
- GitHub Advanced Security features will only be visible if your enterprise or GitHub Enterprise Server instance holds a GitHub Advanced Security license.
- Certain features, like Dependabot security updates and code scanning default setup, also require that GitHub Actions is installed on the GitHub Enterprise Server instance.
참고
The enablement status of some security features is dependent on other, higher-level security features. For example, disabling 비밀 검사 경고 will also disable non-provider patterns and push protection.
-
GitHub Enterprise Server의 오른쪽 위 모서리에서 프로필 사진과 Enterprise settings를 차례로 클릭합니다.
-
페이지 왼쪽에 있는 엔터프라이즈 계정 사이드바에서 설정을 클릭합니다.
-
왼쪽 사이드바에서 Code security and analysis 를 클릭합니다.
-
In the "Configurations" section, click New configuration.
-
To help identify your custom security configuration and clarify its purpose on the "Configurations" page, name your configuration and create a description.
-
In the "prodname_GHAS features" row, choose whether to include or exclude prodname_GHAS (GHAS) features. If you plan to apply a custom security configuration with GHAS features to private repositories, you must have available GHAS licenses for each active unique committer to those repositories, or the features will not be enabled. See GitHub Advanced Security 라이선스 결제.
-
In the "Dependency graph and Dependabot" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for the following security features:
- Dependabot alerts. To learn about Dependabot, see Dependabot alerts.
참고
Dependabot 자동 심사 규칙 are not available to set at enterprise level. If an enterprise-level security configuration is applied to a repository, it can still have Dependabot 자동 심사 규칙 enabled, but you can't turn off these rules at the level of the enterprise.
- Security updates. To learn about security updates, see Dependabot security updates.
참고
You cannot manually change the enablement setting for the dependency graph. This setting is installed and managed by a site administrator at the instance level.
-
In the "Code scanning" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for code scanning default setup. To learn about default setup, see Configuring default setup for code scanning.
-
In the "Secret scanning" section of the security settings table, choose whether you want to enable, disable, or keep the existing settings for the following security features:
- Alerts. To learn about 비밀 검사 경고, see Secret scanning.
- Non-provider patterns. To learn more about scanning for non-provider patterns, see 지원되는 비밀 검사 패턴 and 비밀 스캔에서 경고 보기 및 필터링.
- Push protection. To learn about push protection, see Push protection.
-
Optionally, in the "Policy" section, you can choose to automatically apply the security configuration to newly created repositories depending on their visibility. Select the None dropdown menu, then click Public, or Private and internal, or All repositories.
-
Optionally, in the "Policy" section, you can enforce the configuration and block repository owners from changing features that are enabled or disabled by the configuration (features that are not set aren't enforced). Next to "Enforce configuration", select Enforce from the dropdown menu.
참고
security configurations의 적용이 중단되는 경우가 발생할 수 있습니다. Security configuration enforcement을(를) 참조하세요.
-
custom security configuration의 생성을 완료하려면 설정 저장을 클릭합니다.
Next steps
To optionally configure additional secret scanning settings for the enterprise, see Configuring additional secret scanning settings for your enterprise.
To apply your custom security configuration to repositories in your organization, see Applying a custom security configuration.
custom security configuration을 편집하는 방법을 알아보려면 Editing a custom security configuration을(를) 참조하세요.