Introduction
This guide shows you how to configure security features for an organization. Your organization's security needs are unique and you may not need to enable every security feature. For more information, see "GitHub security features."
Some security features are only available if you have an Advanced Security license. For more information, see "About GitHub Advanced Security."
Managing access to your organization
You can use permission levels to control what actions people can take in your organization. For more information, see "Permission levels for an organization."
Creating a default security policy
You can create a default security policy that will display in any of your organization's public repositories that do not have their own security policy. For more information, see "Creating a default community health file."
Managing Dependabot alerts and the dependency graph
The dependency graph and Dependabot alerts are configured at an enterprise level by the enterprise owner. For more information, see "Enabling the dependency graph and Dependabot alerts on your enterprise account."
For more information, see "About alerts for vulnerable dependencies," "Exploring the dependencies of a repository," and "Managing security and analysis settings for your organization."
Managing dependency review
Dependency review lets you visualize dependency changes in pull requests before they are merged into your repositories. Dependency review is available when dependency graph is enabled for your GitHub Enterprise Server instance and you enable Advanced Security for the organization (see below). For more information, see "About dependency review."
Managing GitHub Advanced Security
If your organization has an Advanced Security license, you can enable or disable Advanced Security features.
- Click your profile photo, then click Organizations.
- Click Settings next to your organization.
- Click Security & analysis.
- Click Enable all or Disable all next to GitHub Advanced Security.
- Optionally, select Automatically enable for new private repositories.
For more information, see "About GitHub Advanced Security" and "Managing security and analysis settings for your organization."
Configuring secret scanning
Secret scanning is available if you have an Advanced Security license.
You can enable or disable secret scanning for all repositories across your organization that have Advanced Security enabled.
- Click your profile photo, then click Organizations.
- Click Settings next to your organization.
- Click Security & analysis.
- Click Enable all or Disable all next to Secret scanning (GitHub Advanced Security repositories only).
- Optionally, select Automatically enable for private repositories added to Advanced Security.
For more information, see "Managing security and analysis settings for your organization."
Next steps
You can view, filter, and sort security alerts for repositories owned by your organization in the security overview. For more information, see "About the security overview."
You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see "Viewing and updating vulnerable dependencies in your repository," "Managing code scanning for your repository," and "Managing alerts from secret scanning."