Choosing a security configuration for your repositories

Find out which type of security configuration will meet the security needs of the repositories in your organization.

Кто может использовать эту функцию?

Владельцы организации, руководители безопасности и члены организации с ролью администратора

В этой статье

About choosing a security configuration

Security configurations — это коллекции параметров включения для функций безопасности GitHub, которые можно применить к любому репозиторию в вашей организации. GitHub offers two types of security configurations:

  • The GitHub-recommended security configuration
  • Custom security configurations

We recommend that organizations initially apply the GitHub-recommended security configuration. After you have applied the GitHub-recommended security configuration to repositories in your organization, you can evaluate the security findings for each repository and determine if you instead want to create and apply a custom security configuration.

Currently, only one security configuration can be applied to a repository at a time.

The GitHub-recommended security configuration offers a number of benefits:

  • It is created and managed by GitHub's subject matter experts.
  • It is the quickest security configuration to apply to all repositories in your organization.
  • It is designed to effectively secure both low- and high-impact repositories.

The GitHub-recommended security configuration includes GitHub Code Security and GitHub Secret Protection features. Applying the configuration to private and internal repositories in your organization will incur usage costs or require licenses.

To start securing repositories in your organization with the GitHub-recommended security configuration, see Применение рекомендуемой конфигурации безопасности GitHub в организации.

Choosing a custom security configuration

If you are familiar with GitHub's security products, and you have specific security needs that the GitHub-recommended security configuration can't meet, you can create and apply custom security configurations. With custom security configurations, you can:

  • Edit the enablement settings for different security features
  • Create several configurations for repositories with different security needs
  • Control your usage and costs by including or excluding GitHub Code Security or GitHub Secret Protection features for a particular configuration

To start securing repositories in your organization with custom security configurations, see Создание настраиваемой конфигурации безопасности.