About enabling GitHub Advanced Security
GitHub Advanced Securityは、開発者がコードのセキュリティ及び品質を改善し、維持するための役に立ちます。 詳しい情� �については、「GitHub Advanced Security について」を参照してく� さい。
When you enable GitHub Advanced Security for your enterprise, repository administrators in all organizations can enable the features unless you set up a policy to restrict access. 詳しい情� �については「EnterpriseでのAdvanced Securityのポリシーの施行」を参照してく� さい。
For guidance on a phased deployment of GitHub Advanced Security, see "Deploying GitHub Advanced Security in your enterprise."
Checking whether your license includes GitHub Advanced Security
-
GitHub Enterprise Serverの右上で、プロフィール写真をクリックし、続いてEnterprise settings(Enterpriseの設定)をクリックしてく� さい。
-
Enterpriseアカウントのサイドバーで、 Settings(設定)をクリックしてく� さい。
-
左のサイドバーでLicense(ライセンス)をクリックしてく� さい。
-
If your license includes GitHub Advanced Security, the license page includes a section showing details of current usage.
Prerequisites for enabling GitHub Advanced Security
-
Upgrade your license for GitHub Enterprise Server to include GitHub Advanced Security. For information about licensing, see "About billing for GitHub Advanced Security."
-
Download the new license file. For more information, see "Downloading your license for GitHub Enterprise."
-
Upload the new license file to GitHub Enterprise Serverインスタンス. For more information, see "Uploading a new license to GitHub Enterprise Server."
-
Review the prerequisites for the features you plan to enable.
- Code scanning, see "Configuring code scanning for your appliance."
- Secret scanning, see "Configuring secret scanning for your appliance."
- Dependabot, see "Enabling Dependabot for your enterprise."
Enabling and disabling GitHub Advanced Security features
警告: この設定を変更すると、GitHub Enterprise Serverのユーザが利用するサービスが再起動されます。 ユーザにとってのダウンタイ� を最小化するために、この変更の時間は慎重に調整しなければなりません。
-
From an administrative account on GitHub Enterprise Server, in the upper-right corner of any page, click .
-
If you're not already on the "Site admin" page, in the upper-left corner, click Site admin.
-
左のサイドバーでManagement Consoleをクリックしてく� さい。
-
In the left sidebar, click Advanced Security.
-
Under "Advanced Security," select the features that you want to enable and deselect any features you want to disable.
-
左のサイドバーの下でSave settings(設定の保存)をクリックしてく� さい。
Note: Saving settings in the Management Console restarts system services, which could result in user-visible downtime.
-
設定が完了するのを待ってく� さい。
When GitHub Enterprise Server has finished restarting, you're ready to set up any additional resources required for newly enabled features. 詳しい情� �については「アプライアンスのためのcode scanningの設定」を参照してく� さい。
Enabling or disabling GitHub Advanced Security features via the administrative shell (SSH)
You can enable or disable features programmatically on GitHub Enterprise Serverインスタンス. GitHub Enterprise Server の管理シェルおよびコマンドラインユーティリティの詳細については、「管理シェル (SSH) へのアクセス」および「コマンドラインユーティリティ」を参照してく� さい。
For example, you can enable any GitHub Advanced Security feature with your infrastructure-as-code tooling when you deploy an instance for staging or disaster recovery.
-
GitHub Enterprise ServerインスタンスにSSHでアクセスしてく� さい。
-
Enable features for GitHub Advanced Security.
- To enable Code scanning, enter the following commands.
ghe-config app.minio.enabled true ghe-config app.code-scanning.enabled true
- To enable Secret scanning, enter the following command.
ghe-config app.secret-scanning.enabled true
- To enable the dependency graph, enter the following commands.
ghe-config app.github.dependency-graph-enabled true ghe-config app.github.vulnerability-alerting-and-settings-enabled true
- To enable Code scanning, enter the following commands.
-
Optionally, disable features for GitHub Advanced Security.
- To disable code scanning, enter the following commands.
ghe-config app.minio.enabled false ghe-config app.code-scanning.enabled false
- To disable secret scanning, enter the following command.
ghe-config app.secret-scanning.enabled false
- To disable the dependency graph, enter the following commands.
ghe-config app.github.dependency-graph-enabled false ghe-config app.github.vulnerability-alerting-and-settings-enabled false
- To disable code scanning, enter the following commands.
-
設定を適用します。
ghe-config-apply