Note: Security configurations and global settings are in beta and subject to change.
To successfully apply a security configuration with code scanning default setup enabled, the target repository cannot have an existing advanced setup for code scanning. Security configurations cannot override advanced setups since advanced setups are tailored to the specific security needs of their repositories, and organization owners or security managers enabling default setup at scale may not realize they are overriding those custom settings.
If you try to apply a security configuration with code scanning enabled to a repository with an existing advanced setup for code scanning, security settings will be enabled as follows:
- Code scanning default setup will not be enabled on the repository, and the existing advanced setup will continue to run as normal.
- Aside from code scanning, all security features enabled in the configuration will be enabled on the repository.
- The security configuration will not be attached to the repository, since only some features from the configuration are enabled.
For all repositories without an existing advanced setup for code scanning, the security configuration will be applied as expected, and code scanning default setup will be enabled.
Note: If you cannot successfully apply a configuration to a private or internal repository without code scanning advanced setup enabled, you should make sure you have sufficient available GitHub Advanced Security licenses to apply that configuration. For more information, see "Not enough GitHub Advanced Security licenses."
To apply a security configuration with code scanning enabled to a repository with advanced setup, you must first configure default setup at the repository level, then apply the security configuration as normal. For more information, see "Configuring default setup for code scanning."