Introduction
This guide shows you how to configure security features for an organization. Your organization's security needs are unique and you may not need to enable every security feature. For more information, see "GitHub security features."
Some features are available for all repositories. Additional features are available to enterprises that use GitHub Advanced Security. For more information, see "About GitHub Advanced Security."
Managing access to your organization
You can use roles to control what actions people can take in your organization. For example, you can assign the security manager role to a team to give them the ability to manage security settings across your organization, as well as read access to all repositories. For more information, see "Roles in an organization."
Managing Dependabot alerts and the dependency graph
Note: Dependabot alerts is currently in beta and is subject to change.
Enterprise owners can configure Dependabot alerts for an enterprise. For more information, see "Enabling Dependabot for your enterprise."
For more information, see "About Dependabot alerts," "Exploring the dependencies of a repository," and "Managing security and analysis settings for your organization."
Managing dependency review
Dependency review is an Advanced Security feature that lets you visualize dependency changes in pull requests before they are merged into your repositories. For more information, see "About dependency review."
Dependency review is available when dependency graph is enabled for your enterprise and you enable Advanced Security for the organization (see below).
Managing GitHub Advanced Security
You can enable or disable Advanced Security features.
- Click your profile photo, then click Organizations.
- Click Settings next to your organization.
- Click Security & analysis.
- Click Enable all or Disable all next to GitHub Advanced Security.
- Optionally, select Automatically enable for new private repositories.
For more information, see "About GitHub Advanced Security" and "Managing security and analysis settings for your organization."
Configuring secret scanning
Secret scanning is available if your enterprise uses Advanced Security.
You can enable or disable secret scanning for all repositories across your organization that have GitHub Advanced Security enabled.
- Click your profile photo, then click Organizations.
- Click Settings next to your organization.
- Click Code security & analysis.
- Click Enable all or Disable all next to Secret scanning.
- In the dialog box displayed, optionally select Automatically enable for repositories added to Advanced Security.
- Click the enable or disable button in the dialog box to confirm the change.
For more information, see "Managing security and analysis settings for your organization."
Configuring code scanning
Code scanning is available if your enterprise uses Advanced Security.
Code scanning is configured at the repository level. For more information, see "Configuring code scanning for a repository."
Next steps
You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see "Managing code scanning alerts for your repository," and "Managing alerts from secret scanning."
You can also monitor responses to security alerts within your organization. For more information, see "Auditing security alerts".
You can view, filter, and sort security alerts for repositories owned by your organization in security overview. For more information, see "About security overview."