a1996a1b1b
Co-authored-by: Sarita Iyer <66540150+saritai@users.noreply.github.com> Co-authored-by: Max Schaefer <max-schaefer@github.com>
4.6 KiB
title, shortTitle, intro, product, versions, type, topics
| title | shortTitle | intro | product | versions | type | topics | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Disabling autofix for code scanning | Disable autofix | You can choose to disallow {% data variables.product.prodname_code_scanning %} autofix for an enterprise or disable autofix at the organization and repository level. | {% data reusables.rai.code-scanning.gated-feature-autofix %} |
|
how_to |
|
{% data reusables.rai.code-scanning.autofix-note %}
About disabling autofix for {% data variables.product.prodname_code_scanning %}
{% data variables.product.prodname_code_scanning_caps %} autofix is a {% data variables.product.prodname_copilot %}-powered is an expansion of {% data variables.product.prodname_code_scanning %} that provides users with targeted recommendations to help them fix {% data variables.product.prodname_code_scanning %} alerts so they can avoid introducing new security vulnerabilities. To learn more about autofix for {% data variables.product.prodname_code_scanning %}, see "AUTOTITLE."
{% data variables.product.prodname_code_scanning_caps %} autofix is allowed by default in an enterprise and enabled for every repository that uses {% data variables.product.prodname_codeql %}, regardless of whether it uses default or advanced setup for {% data variables.product.prodname_code_scanning %}. Administrators at the enterprise, organization and repository levels can choose to opt-out and disable autofix.
Note that disabling autofix at any level will close all open autofix comments. If autofix is disabled and then subsequently enabled, autofix won't automatically suggest fixes for any pull requests that are already open. The suggestions will only be generated for any pull requests that are opened after autofix is enabled, or after re-running {% data variables.product.prodname_codeql %} analysis on existing pull requests.
Blocking use of autofix for an enterprise
Enterprise administrators can disallow autofix for their enterprise. If you disallow autofix for an enterprise, autofix cannot be enabled for any organizations or repositories within the enterprise.
Note that allowing autofix for an enterprise does not enforce enablement of autofix, but means that organization and repository administrators will have the option to enable or disable autofix.
Disallowing autofix at the enterprise level will remove all open autofix comments across all repositories of all organizations within the enterprise.
{% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.policies-tab %} {% data reusables.enterprise-accounts.code-security-and-analysis-policies %}
- Under "Autofix for {% data variables.product.prodname_codeql %} {% data variables.product.prodname_code_scanning %}", use the dropdown menu to choose "Not allowed."
Disabling autofix for an organization
If autofix is allowed at the enterprise level, organization administrators have the option to disable autofix for an organization. If you disable autofix for an organization, autofix cannot be enabled for any repositories within the organization.
Note that disabling autofix at the organization level will remove all open autofix comments across all repositories in the organization.
{% data reusables.profile.access_org %} {% data reusables.profile.org_settings %}
- In the "Security" section of the sidebar, click {% octicon "codescan" aria-hidden="true" %} Code security then Global settings.
- Under the "{% data variables.product.prodname_code_scanning_caps %}" section, deselect Autofix for {% data variables.product.prodname_codeql %}.
For more information about configuring global {% data variables.product.prodname_code_scanning %} settings, see "AUTOTITLE."
Disabling autofix for a repository
If autofix is allowed at the enterprise level and enabled at the organization level, repository administrators have the option to disable autofix for a repository. Disabling autofix at the repository level will remove all open autofix comments across the repository.
{% data reusables.repositories.navigate-to-repo %} {% data reusables.repositories.sidebar-settings %} {% data reusables.user-settings.security-analysis %}
- In the "{% data variables.product.prodname_code_scanning_caps %}" section, deselect Autofix for {% data variables.product.prodname_codeql %}.