Skip to main content

Choosing a security configuration for your repositories

Find out which type of security configuration will meet the security needs of the repositories in your organization.

Who can use this feature?

Organization owners, security managers, and organization members with the admin role

About choosing a security configuration

Security configurations are collections of enablement settings for GitHub's security features that you can apply to any repository within your organization. GitHub offers two types of security configurations:

  • The GitHub-recommended security configuration
  • Custom security configurations

We recommend that organizations initially apply the GitHub-recommended security configuration. After you have applied the GitHub-recommended security configuration to repositories in your organization, you can evaluate the security findings for each repository and determine if you instead want to create and apply a custom security configuration.

The GitHub-recommended security configuration offers a number of benefits:

  • It is created and managed by GitHub's subject matter experts.
  • It is the quickest security configuration to apply to all repositories in your organization.
  • It is designed to effectively secure both low- and high-impact repositories.

To start securing repositories in your organization with the GitHub-recommended security configuration, see "Applying the GitHub-recommended security configuration in your organization."

Choosing a custom security configuration

If you are familiar with GitHub's security products, and you have specific security needs that the GitHub-recommended security configuration can't meet, you can create and apply custom security configurations. With custom security configurations, you can:

  • Edit the enablement settings for different security features
  • Create several configurations for repositories with different security needs
  • Manage your GitHub Advanced Security licensing by including or excluding GitHub Advanced Security features for a particular configuration

To start securing repositories in your organization with custom security configurations, see "Creating a custom security configuration."