About management of security and analysis settings
GitHub can help secure the repositories in your organization. You can manage the security and analysis features for all existing or new repositories that members create in your organization.
Displaying the security and analysis settings
-
In the top right corner of GitHub Enterprise Server, click your profile photo, then click Your organizations.
-
Next to the organization, click Settings.
-
In the left sidebar, click Security & analysis.
The page that's displayed allows you to enable or disable all security and analysis features for the repositories in your organization.
If you have a license for GitHub Advanced Security, the page will also contain options to enable and disable Advanced Security features. Any repositories that use GitHub Advanced Security are listed at the bottom of the page.
Enabling or disabling a feature for all existing repositories
You can enable or disable features for all repositories.
Note: If you enable GitHub Advanced Security, committers to these repositories will use seats on your GitHub Advanced Security license. This option is disabled if you have exceeded your license capacity.
Note: If you encounter an error that reads "GitHub Advanced Security cannot be enabled because of a policy setting for the organization," contact your enterprise admin and ask them to change the GitHub Advanced Security policy for your enterprise. For more information, see "Enforcing policies for Advanced Security in your enterprise."
-
Go to the security and analysis settings for your organization. For more information, see "Displaying the security and analysis settings."
-
Under "Code security and analysis", to the right of the feature, click Disable all or Enable all. The control for "GitHub Advanced Security" is disabled if you have no available seats in your GitHub Advanced Security license.
-
Click Enable/Disable all or Enable/Disable for eligible repositories to confirm the change.
When you enable one or more security and analysis features for existing repositories, you will see any results displayed on GitHub within minutes:
- All the existing repositories will have the selected configuration.
- New repositories will follow the selected configuration if you've enabled the checkbox for new repositories.
Enabling or disabling a feature automatically when new repositories are added
-
Go to the security and analysis settings for your organization. For more information, see "Displaying the security and analysis settings."
-
Under "Code security and analysis", to the right of the feature, enable or disable the feature by default for new repositories in your organization.
Removing access to GitHub Advanced Security from individual repositories in an organization
You can manage access to GitHub Advanced Security features for a repository from its "Settings" tab. For more information, see "Managing security and analysis settings for your repository." However, you can also disable GitHub Advanced Security features for a repository from the "Settings" tab for the organization.
- Go to the security and analysis settings for your organization. For more information, see "Displaying the security and analysis settings."
- To see a list of all the repositories in your organization with GitHub Advanced Security enabled, scroll to the "GitHub Advanced Security repositories" section. The table lists the number of unique committers for each repository. This is the number of seats you could free up on your license by removing access to GitHub Advanced Security. For more information, see "About billing for GitHub Advanced Security."
- To remove access to GitHub Advanced Security from a repository and free up seats used by any committers that are unique to the repository, click the adjacent .
- In the confirmation dialog, click Remove repository to remove access to the features of GitHub Advanced Security.
Note: If you remove access to GitHub Advanced Security for a repository, you should communicate with the affected development team so that they know that the change was intended. This ensures that they don't waste time debugging failed runs of code scanning.