cde40f4847
* Issue template stuff for creating megabranch * Fix placeholder YAML * update search indexes * update search indexes * update search indexes * update search indexes * update search indexes * update search indexes * update search indexes * update search indexes * update search indexes * update search indexes * update search indexes * update search indexes * update search indexes * Add release candidate banner * update search indexes * update search indexes * update search indexes * update search indexes * [GHES 3.2]: Remove final notes about machine man preview (GA) (#20939) * update search indexes * update search indexes * Add GHES versioning to "Managing your theme settings" (#20950) * update search indexes * [GHES 3.2]: Fix versioning for security alerts (#20761) * made a start * rework * move image to an enterprise 3.1 folder * forgot to commit * simplify reusable * update search indexes * update search indexes * update search indexes * Updated basic 3.2 REST fiels after package change These will be overwritten before release by the new description files when the 3.2 description is properly published * update search indexes * GHAE feature flag for `security alerts` custom notification option (#20979) * made a start * rework * move image to an enterprise 3.1 folder * forgot to commit * simplify reusable * add GHAE feature flag * remove spurious spaces I had added * update search indexes * update search indexes * update search indexes * update search indexes * update search indexes * update search indexes * update search indexes * Update versioning (#21121) Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com> * update search indexes * Add the new service (#21060) * update search indexes * update search indexes * update search indexes * Fix parent category index versioning for security overview * update search indexes * [GHES 3.2] Add documentation for GHES Referrer Policy Admin setting (#20910) Co-authored-by: jmarlena <6732600+jmarlena@users.noreply.github.com> Co-authored-by: Jules Parker <19994093+jules-p@users.noreply.github.com> Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com> * update search indexes * update search indexes * Update "Review hardware considerations" table (#21208) Performance improvements resulted in higher maximum job throughput and the new benchmarks need to be shared with current and potential customers. * update search indexes * Version new GHES 3.2 Actions tested performance (#21212) * update search indexes * Update "Review hardware considerations" table v2 Feedback from additional reviewers requires an update to the benchmarks previously merged. * update search indexes * update search indexes * [GHES 3.2] - Dependency Graph: Simplified enablement in GHES (GA) (#21078) * document UI button for dependency graph GHES 3.2 * update search indexes * Update getting-started-with-github-actions-for-github-enterprise-server.md * update search indexes * update search indexes * update search indexes * update search indexes * update search indexes * update search indexes * [GHES 3.2] Release candidate 1 release notes (#20799) Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com> Co-authored-by: bwestover <bwestover@github.com> Co-authored-by: Martin Lopes <martin389@github.com> Co-authored-by: Laura Coursen <lecoursen@github.com> Co-authored-by: Grey Baker <greysteil@github.com> Co-authored-by: Bas van Schaik <5082246+sj@users.noreply.github.com> Co-authored-by: William Bartholomew <iamwillbar@github.com> * update search indexes * update search indexes * update search indexes * update search indexes * update search indexes * Update OpenAPI Descriptions for GHES 3.2 (#21377) Also contains a rollup of other unmerged OpenAPI changes Co-authored-by: github-openapi-bot <github-openapi-bot@users.noreply.github.com> Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com> * update search indexes Co-authored-by: Rachael Sewell <rachmari@github.com> Co-authored-by: GitHub Actions <action@github.com> Co-authored-by: Docubot <67483024+docubot@users.noreply.github.com> Co-authored-by: Laura Coursen <lecoursen@github.com> Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com> Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> Co-authored-by: Felicity Chapman <felicitymay@github.com> Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com> Co-authored-by: Matthias Wenz <matthiaswenz@github.com> Co-authored-by: jmarlena <6732600+jmarlena@users.noreply.github.com> Co-authored-by: Jules Parker <19994093+jules-p@users.noreply.github.com> Co-authored-by: Steve-Glass <84886334+Steve-Glass@users.noreply.github.com> Co-authored-by: Meg Bird <megbird@github.com> Co-authored-by: bwestover <bwestover@github.com> Co-authored-by: Martin Lopes <martin389@github.com> Co-authored-by: Grey Baker <greysteil@github.com> Co-authored-by: Bas van Schaik <5082246+sj@users.noreply.github.com> Co-authored-by: William Bartholomew <iamwillbar@github.com> Co-authored-by: github-openapi-bot <69533958+github-openapi-bot@users.noreply.github.com> Co-authored-by: github-openapi-bot <github-openapi-bot@users.noreply.github.com>
114 lines
8.6 KiB
Markdown
114 lines
8.6 KiB
Markdown
---
|
|
title: Enabling GitHub Advanced Security for your enterprise
|
|
shortTitle: Enabling GitHub Advanced Security
|
|
intro: 'You can configure {% data variables.product.product_name %} to include {% data variables.product.prodname_GH_advanced_security %}. This provides extra features that help users find and fix security problems in their code.'
|
|
product: '{% data reusables.gated-features.ghas %}'
|
|
versions:
|
|
ghes: '*'
|
|
type: how_to
|
|
topics:
|
|
- Advanced Security
|
|
- Code scanning
|
|
- Enterprise
|
|
- Secret scanning
|
|
- Security
|
|
---
|
|
|
|
## About enabling {% data variables.product.prodname_GH_advanced_security %}
|
|
|
|
{% data reusables.advanced-security.ghas-helps-developers %}
|
|
|
|
{% ifversion ghes > 3.0 %}
|
|
When you enable {% data variables.product.prodname_GH_advanced_security %} for your enterprise, repository administrators in all organizations can enable the features unless you set up a policy to restrict access. For more information, see "[Enforcing policies for {% data variables.product.prodname_advanced_security %} in your enterprise](/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise)."
|
|
{% else %}
|
|
When you enable {% data variables.product.prodname_GH_advanced_security %} for your enterprise, repository administrators in all organizations can enable the features. {% ifversion ghes = 3.0 %}For more information, see "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)" and "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)."{% endif %}
|
|
{% endif %}
|
|
|
|
## Prerequisites for enabling {% data variables.product.prodname_GH_advanced_security %}
|
|
|
|
1. Upgrade your license for {% data variables.product.product_name %} to include {% data variables.product.prodname_GH_advanced_security %}.{% ifversion ghes > 3.0 %} For information about licensing, see "[About billing for {% data variables.product.prodname_GH_advanced_security %}](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)."{% endif %}
|
|
2. Download the new license file. For more information, see "[Downloading your license for {% data variables.product.prodname_enterprise %}](/billing/managing-your-license-for-github-enterprise/downloading-your-license-for-github-enterprise)."
|
|
3. Upload the new license file to {% data variables.product.product_location %}. For more information, see "[Uploading a new license to {% data variables.product.prodname_ghe_server %}](/billing/managing-your-license-for-github-enterprise/uploading-a-new-license-to-github-enterprise-server)."{% ifversion ghes > 2.22 %}
|
|
4. Review the prerequisites for the features you plan to enable.
|
|
|
|
- {% data variables.product.prodname_code_scanning_capc %}, see "[Configuring {% data variables.product.prodname_code_scanning %} for your appliance](/admin/advanced-security/configuring-code-scanning-for-your-appliance#prerequisites-for-code-scanning)."
|
|
- {% data variables.product.prodname_secret_scanning_caps %}, see "[Configuring {% data variables.product.prodname_secret_scanning %} for your appliance](/admin/advanced-security/configuring-secret-scanning-for-your-appliance#prerequisites-for-secret-scanning)."{% endif %}
|
|
- {% data variables.product.prodname_dependabot %}, see "[Enabling alerts for vulnerable dependencies on {% data variables.product.prodname_ghe_server %}](/admin/configuration/managing-connections-between-github-enterprise-server-and-github-enterprise-cloud/enabling-alerts-for-vulnerable-dependencies-on-github-enterprise-server)."
|
|
|
|
## Checking whether your license includes {% data variables.product.prodname_GH_advanced_security %}
|
|
|
|
{% ifversion ghes > 3.0 %}
|
|
{% data reusables.enterprise-accounts.access-enterprise %}
|
|
{% data reusables.enterprise-accounts.settings-tab %}
|
|
{% data reusables.enterprise-accounts.license-tab %}
|
|
1. If your license includes {% data variables.product.prodname_GH_advanced_security %}, the license page includes a section showing details of current usage.
|
|
|
|
{% endif %}
|
|
|
|
{% ifversion ghes = 2.22 or ghes = 3.0 %}
|
|
{% data reusables.enterprise_site_admin_settings.access-settings %}
|
|
{% data reusables.enterprise_site_admin_settings.management-console %}
|
|
1. If your license includes {% data variables.product.prodname_GH_advanced_security %}, there is an **{% data variables.product.prodname_advanced_security %}** entry in the left sidebar.
|
|
|
|
|
|
{% data reusables.enterprise_management_console.advanced-security-license %}
|
|
{% endif %}
|
|
|
|
## Enabling and disabling {% data variables.product.prodname_GH_advanced_security %} features
|
|
|
|
{% data reusables.enterprise_management_console.enable-disable-security-features %}
|
|
|
|
{% data reusables.enterprise_site_admin_settings.access-settings %}
|
|
{% data reusables.enterprise_site_admin_settings.management-console %}
|
|
{% data reusables.enterprise_management_console.advanced-security-tab %}{% ifversion ghes > 2.22 %}
|
|
1. Under "{% ifversion ghes < 3.2 %}{% data variables.product.prodname_advanced_security %}{% else %}Security{% endif %}," select the features that you want to enable and deselect any features you want to disable.
|
|
{% else %}
|
|
1. Under "{% data variables.product.prodname_advanced_security %}," click **{% data variables.product.prodname_code_scanning_capc %}**.
|
|
{% endif %}
|
|
{% data reusables.enterprise_management_console.save-settings %}
|
|
|
|
When {% data variables.product.product_name %} has finished restarting, you're ready to set up any additional resources required for newly enabled features. For more information, see "[Configuring {% data variables.product.prodname_code_scanning %} for your appliance](/admin/advanced-security/configuring-code-scanning-for-your-appliance)."
|
|
|
|
## Enabling or disabling {% data variables.product.prodname_GH_advanced_security %} features via the administrative shell (SSH)
|
|
|
|
You can enable or disable features programmatically on {% data variables.product.product_location %}. For more information about the administrative shell and command-line utilities for {% data variables.product.prodname_ghe_server %}, see "[Accessing the administrative shell (SSH)](/admin/configuration/accessing-the-administrative-shell-ssh)" and "[Command-line utilities](/admin/configuration/command-line-utilities#ghe-config)."
|
|
|
|
For example, you can enable any {% data variables.product.prodname_GH_advanced_security %} feature with your infrastructure-as-code tooling when you deploy an instance for staging or disaster recovery.
|
|
|
|
1. SSH into {% data variables.product.product_location %}.
|
|
1. Enable features for {% data variables.product.prodname_GH_advanced_security %}.
|
|
|
|
- To enable {% data variables.product.prodname_code_scanning_capc %}, enter the following commands.
|
|
```shell
|
|
ghe-config app.minio.enabled true
|
|
ghe-config app.code-scanning.enabled true
|
|
```
|
|
- To enable {% data variables.product.prodname_secret_scanning_caps %}, enter the following command.
|
|
```shell
|
|
ghe-config app.secret-scanning.enabled true
|
|
```
|
|
- To enable {% data variables.product.prodname_dependabot %}, enter the following command.
|
|
```shell
|
|
{% ifversion ghes > 3.1 %}ghe-config app.dependency-graph.enabled true{% else %}ghe-config app.github.dependency-graph-enabled true{% endif %}
|
|
```
|
|
2. Optionally, disable features for {% data variables.product.prodname_GH_advanced_security %}.
|
|
|
|
- To disable {% data variables.product.prodname_code_scanning %}, enter the following commands.
|
|
```shell
|
|
ghe-config app.minio.enabled false
|
|
ghe-config app.code-scanning.enabled false
|
|
```
|
|
- To disable {% data variables.product.prodname_secret_scanning %}, enter the following command.
|
|
```shell
|
|
ghe-config app.secret-scanning.enabled false
|
|
```
|
|
- To disable {% data variables.product.prodname_dependabot %}, enter the following command.
|
|
```shell
|
|
{% ifversion ghes > 3.1 %}ghe-config app.dependency-graph.enabled false{% else %}ghe-config app.github.dependency-graph-enabled false{% endif %}
|
|
```
|
|
|
|
3. Apply the configuration.
|
|
```shell
|
|
ghe-config-apply
|
|
```
|