Enabling or disabling security and analysis features for public repositories
You can manage a subset of security and analysis features for public repositories. Other features are permanently enabled, including dependency graph and secret scanning alerts for partners.
-
On GitHub, navigate to the main page of the repository.
-
Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.
-
In the "Security" section of the sidebar, click Code security and analysis.
-
Under "Code security and analysis", to the right of the feature, click Disable or Enable.
Enabling or disabling security and analysis features for private repositories
You can manage the security and analysis features for your private or internal repository. Organizations that use GitHub Enterprise Cloud with Advanced Security have extra options available. For more information, see the GitHub Enterprise Cloud documentation.
If you enable security and analysis features, GitHub performs read-only analysis on your repository.
-
On GitHub, navigate to the main page of the repository.
-
Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.
-
In the "Security" section of the sidebar, click Code security and analysis.
-
Under "Code security and analysis", to the right of the feature, click Disable or Enable.
Granting access to security alerts
Security alerts for a repository are visible to people with write, maintain, or admin access to the repository and, when the repository is owned by an organization, organization owners. You can give additional teams and people access to the alerts.
Organization owners and repository administrators can only grant access to view security alerts, such as secret scanning alerts, to people or teams who have write access to the repo.
-
On GitHub, navigate to the main page of the repository.
-
Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.
-
In the "Security" section of the sidebar, click Code security and analysis.
-
Under "Access to alerts", in the search field, start typing the name of the person or team you'd like to find, then click a name in the list of matches.
-
Click Save changes.
Removing access to security alerts
-
On GitHub, navigate to the main page of the repository.
-
Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.
-
In the "Security" section of the sidebar, click Code security and analysis.
-
Under "Access to alerts", to the right of the person or team whose access you'd like to remove, click .
-
Click Save changes.