jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 18:10:59 -05:00
Code Issues Projects Releases Wiki Activity

GHAS enterprise policies: Update variable use and content to match UI (#55220)

Browse Source 
Co-authored-by: Joe Clark <31087804+jc-clark@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This commit is contained in:
Felicity Chapman
2025-04-10 19:32:02 +01:00
committed by GitHub
parent ed95d1d8be
commit f1aa864a1e
6 changed files with 48 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/images/help/enterprises/select-advanced-security-individual-organization-policy-ghes-316.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 100 KiB

BIN
assets/images/help/enterprises/select-advanced-security-individual-organization-policy.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 100 KiB

After

Width:  |  Height:  |  Size: 268 KiB

58
content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-security-and-analysis-for-your-enterprise.md
View File

@@ -35,6 +35,22 @@ You can enforce policies to manage the use of security features within organizat
Additionally, you can enforce policies for the use of {% data variables.product.prodname_GHAS %}{% ifversion ghas-products %} products{% endif %} in your enterprise's organizations and repositories.
## Enforcing a policy for the availablity of {% data variables.product.prodname_AS %} in your enterprise's organizations
{% data variables.product.github %} bills for {% data variables.product.prodname_AS %} products on a per-committer basis. See [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security#managing-committers-and-costs).
You can enforce a policy that controls whether repository administrators are allowed to enable features for {% data variables.product.prodname_AS %} in an organization's repositories. You can configure a policy for all organizations owned by your enterprise account, or for individual organizations that you choose.
Disallowing {% data variables.product.prodname_GH_cs_or_sp %} for an organization prevents repository administrators from enabling {% data variables.product.prodname_GH_cs_or_sp %} features for additional repositories, but does not disable the features for repositories where the features are already enabled.
{% data reusables.enterprise.role-permission-hierarchy %}
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.policies-tab %}
{% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
{% data reusables.enterprise-accounts.advanced-security-organization-policy-drop-down %}
{% data reusables.enterprise-accounts.advanced-security-individual-organization-policy-drop-down %}
{% ifversion ghec %}
## Enforcing a policy for visibility of dependency insights
@@ -46,7 +62,7 @@ Across all organizations owned by your enterprise, you can control whether organ
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.policies-tab %}
{% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
1. Under "Dependency insights", review the information about changing the setting.
1. In the "Policies" section, under "Dependency insights", review the information about changing the setting.
1. {% data reusables.enterprise-accounts.view-current-policy-config-orgs %}
1. Under "Dependency insights", select the dropdown menu and click a policy.
@@ -63,32 +79,26 @@ Across all organizations owned by your enterprise, you can allow members with ad
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.policies-tab %}
{% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
1. Under "Enable or disable {% data variables.product.prodname_dependabot_alerts %} by repository admins", use the dropdown menu to choose a policy.
1. In the "Policies" section, under "Enable or disable {% data variables.product.prodname_dependabot_alerts %} by repository admins", use the dropdown menu to choose a policy.
{% endif %}
## Enforcing a policy for the use of {% data variables.product.prodname_GH_advanced_security %} in your enterprise's organizations
## Enforcing a policy to manage the use of {% data variables.product.prodname_AS %} features in your enterprise's repositories
{% data reusables.advanced-security.about-ghas-organization-policy %}
{% data reusables.enterprise.role-permission-hierarchy %}
Across all of your enterprise's organizations, you can allow or disallow people with admin access to repositories to manage the use of {% data variables.product.prodname_AS %} features in the repositories.
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.policies-tab %}
{% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
1. In the "{% data variables.product.prodname_GH_advanced_security %} policies" section, under "{% data variables.product.prodname_GH_advanced_security %} availability", select the dropdown menu and click a policy for the organizations owned by your enterprise.
{% ifversion ghas-products %}
1. In the "Policies" section, under "Repository administrators can enable or disable `PRODUCT`", use the dropdown menu to define whether repository administrators can change the enablement of {% data variables.product.prodname_cs_and_sp %}.
{% else %}
1. In the "{% data variables.product.prodname_GHAS %} policies" section, under "Enable or disable {% data variables.product.prodname_GHAS %} by repository admins", select the dropdown menu and click a policy.
{% endif %}
{% data reusables.enterprise-accounts.advanced-security-organization-policy-drop-down %}
{% data reusables.enterprise-accounts.advanced-security-individual-organization-policy-drop-down %}
## Enforcing a policy to manage the use of {% data variables.product.prodname_GH_advanced_security %} features in your enterprise's repositories
Across all of your enterprise's organizations, you can allow or disallow people with admin access to repositories to manage the use of {% data variables.product.prodname_GH_advanced_security %} features in the repositories. {% data reusables.advanced-security.ghas-must-be-enabled %}
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.policies-tab %}
{% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
1. In the "{% data variables.product.prodname_GH_advanced_security %} policies" section, under "Enable or disable {% data variables.product.prodname_GH_advanced_security %} by repository admins", select the dropdown menu and click a policy.
{% ifversion ghas-products %}
<!--This option is included automatically by the "Repository Admins can Enable or Disable Secret Protection" option, which is why this section is omitted for `ghas-products` versions.-->
{% else %}
## Enforcing a policy to manage the use of {% data variables.product.prodname_secret_scanning %} in your enterprise's repositories
@@ -99,18 +109,20 @@ Across all of your enterprise's organizations, you can allow or disallow people
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.policies-tab %}
{% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
1. In the "{% data variables.product.prodname_GH_advanced_security %} policies" section, under "Enable or disable {% data variables.product.prodname_secret_scanning %} by repository admins", select the dropdown menu and click a policy.
1. In the "Policies" section, under "Enable or disable {% data variables.product.prodname_secret_scanning %} by repository admins", select the dropdown menu and click a policy.
{% endif %}
{% ifversion secret-scanning-ai-generic-secret-detection %}
## Enforcing a policy to manage the use of {% data variables.secret-scanning.generic-secret-detection %} for {% data variables.product.prodname_secret_scanning %} in your enterprise's repositories
## Enforcing a policy to manage the use of AI detection for {% data variables.product.prodname_secret_scanning %} in your enterprise's repositories
Across all of your enterprise's organizations, you can allow or disallow people with admin access to repositories to manage and configure AI detection in {% data variables.product.prodname_secret_scanning %} for the repositories. {% data reusables.advanced-security.ghas-must-be-enabled %}
Across all of your enterprise's organizations, you can allow or disallow people with admin access to repositories to manage and configure AI detection in {% data variables.product.prodname_secret_scanning %} for the repositories. This policy only takes effect if repository administrators are also allowed to change enablement of {% data variables.product.prodname_secret_protection %} (controlled by the "Repository administrators can enable or disable Secret Protection" policy).
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.policies-tab %}
{% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
1. In the "{% data variables.product.prodname_GH_advanced_security %} policies" section, under "AI detection in {% data variables.product.prodname_secret_scanning %}", select the dropdown menu and click a policy.
1. In the "Policies" section, under "AI detection in {% data variables.product.prodname_secret_scanning %}", select the dropdown menu and click a policy.
{% endif %}
@@ -123,6 +135,6 @@ Across all of your enterprise's organizations, you can allow or disallow people
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.policies-tab %}
{% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
1. In the "{% data variables.product.prodname_GH_advanced_security %} policies" section, under "{% data variables.product.prodname_copilot_autofix_short %}", select the dropdown menu and click a policy.
1. In the "Policies" section, under "{% data variables.product.prodname_copilot_autofix_short %}", select the dropdown menu and click a policy.
{% endif %}

4
data/reusables/advanced-security/about-ghas-organization-policy.md
View File

@@ -1,5 +1,5 @@
{% data variables.product.company_short %} bills for {% data variables.product.prodname_advanced_security %} on a per-committer basis. See [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security).
{% data variables.product.github %} bills for {% data variables.product.prodname_AS %} products on a per-committer basis. See [AUTOTITLE](/billing/managing-billing-for-your-products/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security#managing-committers-and-costs).
You can enforce a policy that controls whether repository administrators are allowed to enable features for {% data variables.product.prodname_advanced_security %} in an organization's repositories. You can configure a policy for all organizations owned by your enterprise account, or for individual organizations that you choose.
Disallowing {% data variables.product.prodname_advanced_security %} for an organization prevents repository administrators from enabling {% data variables.product.prodname_advanced_security %} features for additional repositories, but does not disable the features for repositories where the features are already enabled. For more information about configuration of {% data variables.product.prodname_advanced_security %} features, see [AUTOTITLE](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/managing-security-and-analysis-settings-for-your-organization) or [AUTOTITLE](/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository).
Disallowing {% data variables.product.prodname_GH_cs_or_sp %} for an organization prevents repository administrators from enabling {% data variables.product.prodname_GH_cs_or_sp %} features for additional repositories, but does not disable the features for repositories where the features are already enabled.

12
data/reusables/enterprise-accounts/advanced-security-individual-organization-policy-drop-down.md
View File

@@ -1,3 +1,11 @@
1. Optionally, if you chose **Allow for selected organizations**, to the right of an organization, select the dropdown menu to enable {% data variables.product.prodname_advanced_security %} for the organization.
1. Optionally, if you chose **Allow for selected organizations**, to the right of an organization, select the dropdown menu to define which {% data variables.product.prodname_AS %} products are available to the organization.
![Screenshot of the dropdown menu to choose a {% data variables.product.prodname_advanced_security %} policy for selected organizations in the enterprise. The dropdown is outlined.](/assets/images/help/enterprises/select-advanced-security-individual-organization-policy.png)
{% ifversion ghas-products %}
![Screenshot of the dropdown menu to choose a {% data variables.product.prodname_AS %} policy for selected organizations in the enterprise. The dropdown is outlined.](/assets/images/help/enterprises/select-advanced-security-individual-organization-policy.png)
{% else %}
![Screenshot of the dropdown menu to choose a {% data variables.product.prodname_AS %} policy for selected organizations in the enterprise. The dropdown is outlined.](/assets/images/help/enterprises/select-advanced-security-individual-organization-policy-ghes-316.png)
{% endif %}

2
data/reusables/enterprise-accounts/advanced-security-organization-policy-drop-down.md
View File

@@ -1 +1 @@
1. Under "{% data variables.product.prodname_GH_advanced_security %} availability", select the dropdown menu, then click a policy for the organizations owned by your enterprise.
1. Under "{% data variables.product.prodname_AS %} availability", select the dropdown menu, then click a policy for the organizations owned by your enterprise.