Skip to main content
Enterprise Server 3.0
English
� 
Enterprise administrators
Enterprise Server 3.0
English

� 

This version of GitHub Enterprise was discontinued on 2022-02-16. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

Enabling GitHub Advanced Security for your enterprise

In this article

You can configure GitHub Enterprise Server to include GitHub Advanced Security. This provides extra features that help users find and fix security problems in their code.

GitHub Advanced Security is available for enterprise accounts on GitHub Enterprise Cloud and GitHub Enterprise Server 3.0 or higher. For more information about upgrading your GitHub Enterprise Server instance, see "About upgrades to new releases" and refer to the Upgrade assistant to find the upgrade path from your current release version.

About enabling GitHub Advanced Security

GitHub Advanced Security helps developers improve and maintain the security and quality of code. For more information, see "About GitHub Advanced Security."

When you enable GitHub Advanced Security for your enterprise, repository administrators in all organizations can enable the features. For more information, see "Managing security and analysis settings for your organization" and "Managing security and analysis settings for your repository."

For guidance on a phased deployment of GitHub Advanced Security, see "Deploying GitHub Advanced Security in your enterprise."

Checking whether your license includes GitHub Advanced Security

  1. From an administrative account on GitHub Enterprise Server, in the upper-right corner of any page, click .

    Screenshot of the rocket ship icon for accessing site admin settings

  2. If you're not already on the "Site admin" page, in the upper-left corner, click Site admin.

    Screenshot of "Site admin" link

  3. In the left sidebar, click Management Console. Management Console tab in the left sidebar

  4. If your license includes GitHub Advanced Security, there is an Advanced Security entry in the left sidebar. Advanced Security sidebar

If you can't see Advanced Security in the sidebar, it means that your license doesn't include support for Advanced Security features, including code scanning and secret scanning. The Advanced Security license gives you and your users access to features that help you make your repositories and code more secure. For more information, see "About GitHub Advanced Security" or contact GitHub's Sales team.

Prerequisites for enabling GitHub Advanced Security

  1. Upgrade your license for GitHub Enterprise Server to include GitHub Advanced Security.

  2. Download the new license file. For more information, see "Downloading your license for GitHub Enterprise."

  3. Upload the new license file to your GitHub Enterprise Server instance. For more information, see "Uploading a new license to GitHub Enterprise Server."

  4. Review the prerequisites for the features you plan to enable.

Enabling and disabling GitHub Advanced Security features

Warning: Changing this setting will cause user-facing services on GitHub Enterprise Server to restart. You should time this change carefully, to minimize downtime for users.

  1. From an administrative account on GitHub Enterprise Server, in the upper-right corner of any page, click .

    Screenshot of the rocket ship icon for accessing site admin settings

  2. If you're not already on the "Site admin" page, in the upper-left corner, click Site admin.

    Screenshot of "Site admin" link

  3. In the left sidebar, click Management Console. Management Console tab in the left sidebar

  4. In the left sidebar, click Advanced Security. Advanced Security sidebar

  5. Under "Advanced Security," select the features that you want to enable and deselect any features you want to disable. Checkbox to enable or disable Advanced Security features

  6. Under the left sidebar, click Save settings.

    Screenshot of the save settings button in the Management Console

    Note: Saving settings in the Management Console restarts system services, which could result in user-visible downtime.

  7. Wait for the configuration run to complete.

    Configuring your instance

When GitHub Enterprise Server has finished restarting, you're ready to set up any additional resources required for newly enabled features. For more information, see "Configuring code scanning for your appliance."

Enabling or disabling GitHub Advanced Security features via the administrative shell (SSH)

You can enable or disable features programmatically on your GitHub Enterprise Server instance. For more information about the administrative shell and command-line utilities for GitHub Enterprise Server, see "Accessing the administrative shell (SSH)" and "Command-line utilities."

For example, you can enable any GitHub Advanced Security feature with your infrastructure-as-code tooling when you deploy an instance for staging or disaster recovery.

  1. SSH into your GitHub Enterprise Server instance.

  2. Enable features for GitHub Advanced Security.

    • To enable Code scanning, enter the following commands. 
      ghe-config app.minio.enabled true
ghe-config app.code-scanning.enabled true
    • To enable Secret scanning, enter the following command. 
      ghe-config app.secret-scanning.enabled true
    • To enable the dependency graph, enter the following commands. 
      ghe-config app.github.dependency-graph-enabled true
ghe-config app.github.vulnerability-alerting-and-settings-enabled true

  3. Optionally, disable features for GitHub Advanced Security.

    • To disable code scanning, enter the following commands. 
      ghe-config app.minio.enabled false
ghe-config app.code-scanning.enabled false
    • To disable secret scanning, enter the following command. 
      ghe-config app.secret-scanning.enabled false
    • To disable the dependency graph, enter the following commands. 
      ghe-config app.github.dependency-graph-enabled false
ghe-config app.github.vulnerability-alerting-and-settings-enabled false

  4. Apply the configuration.

    ghe-config-apply