Skip to main content

이 버전의 GitHub Enterprise는 다음 날짜에 중단되었습니다. 2024-07-09. 중요한 보안 문제에 대해서도 패치 릴리스가 이루어지지 않습니다. 더 뛰어난 성능, 향상된 보안, 새로운 기능을 위해 최신 버전의 GitHub Enterprise Server로 업그레이드합니다. 업그레이드에 대한 도움말은 GitHub Enterprise 지원에 문의하세요.

대규모 코드 스캔을 위한 기본 설정 구성

기본 설정을 사용하여 조직 전체의 리포지토리에 대한 code scanning을(를) 신속하게 구성할 수 있습니다.

누가 이 기능을 사용할 수 있는 있나요?

Code scanning는 GitHub Enterprise Server의 조직 소유 리포지토리에서 사용할 수 있습니다. 이 기능을 사용하려면 GitHub Advanced Security에 대한 라이선스가 필요합니다. 자세한 내용은 "GitHub Advanced Security 정보"을(를) 참조하세요.

About configuring default setup at scale

With default setup for code scanning, you can quickly secure code in repositories across your organization.

You can use the organization settings page labeled "Code security and analysis" to enable code scanning for all repositories in your organization that are eligible for default setup. After enabling default setup, the code written in CodeQL-supported languages in repositories in the organization will be scanned:

  • On each push to the repository's default branch, or any protected branch. For more information on protected branches, see "About protected branches."
  • When creating or committing to a pull request based against the repository's default branch, or any protected branch, excluding pull requests from forks.

For more information, see "Configuring default setup for all eligible repositories in an organization."

You can also create different default setup configurations for individual repositories. For more information on configuring default setup at the repository level, see "Configuring default setup for code scanning."

For repositories that are not eligible for default setup, you can configure advanced setup at the repository level, or at the organization level using a script. For more information, see "Configuring advanced setup for code scanning with CodeQL at scale."

Eligible repositories for CodeQL default setup at scale

Note: The ability to enable and disable default setup for code scanning for eligible repositories in an organization is currently in beta and subject to change.

A repository must meet all the following criteria to be eligible for default setup, otherwise you need to use advanced setup.

  • Advanced setup for code scanning is not already enabled.
  • GitHub Actions are enabled.
  • Uses JavaScript/TypeScript, Python, or Ruby.
  • GitHub Advanced Security is enabled.

Configuring default setup for all eligible repositories in an organization

Through the "Code security and analysis" page of your organization's settings, you can enable default setup for all eligible repositories in your organization. For more information on repository eligibility, see "Eligible repositories for CodeQL default setup at scale."

Note: The ability to enable and disable default setup for code scanning for eligible repositories in an organization is currently in beta and subject to change.

  1. In the upper-right corner of GitHub, select your profile photo, then click Your organizations.

  2. Next to the organization, click Settings.

  3. In the "Security" section of the sidebar, click Code security and analysis.

  4. Click Enable all next to "Code scanning".

  5. In the "Enable code scanning for eligible repositories" dialog box displayed, click Enable for eligible repositories to enable your configuration of default setup.

Notes:

  • If you disable CodeQL code scanning for all repositories this change is not reflected in the coverage information shown in security overview for the organization. The repositories will still appear to have code scanning enabled in the "Security Coverage" view.
  • Enabling code scanning for all eligible repositories in an organization will not override existing code scanning configurations. For information on configuring default setup with different settings for specific repositories, see "Configuring default setup for code scanning."