52937ae5ca
Co-authored-by: Rachael Sewell <rachmari@github.com> Co-authored-by: Rachael Rose Renk <91027132+rachaelrenk@users.noreply.github.com> Co-authored-by: David Jarzebowski <davidjarzebowski@github.com> Co-authored-by: Anne-Marie <102995847+am-stead@users.noreply.github.com> Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com> Co-authored-by: Steve Guntrip <stevecat@github.com> Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com> Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com> Co-authored-by: Torsten Walter <torstenwalter@github.com> Co-authored-by: Henry Mercer <henrymercer@github.com> Co-authored-by: Sarah Edwards <skedwards88@github.com>
14 KiB
title, intro, permissions, versions, type, topics, shortTitle
| title | intro | permissions | versions | type | topics | shortTitle | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Securing your organization | You can use a number of {% data variables.product.prodname_dotcom %} features to help keep your organization secure. | Organization owners can configure organization security settings. |
|
how_to |
|
Secure your organization |
Introduction
This guide shows you how to configure security features for an organization. Your organization's security needs are unique and you may not need to enable every security feature. For more information, see "AUTOTITLE."
{% data reusables.advanced-security.security-feature-availability %}
Managing access to your organization
You can use roles to control what actions people can take in your organization. {% ifversion security-managers %}For example, you can assign the security manager role to a team to give them the ability to manage security settings across your organization, as well as read access to all repositories.{% endif %} For more information, see "AUTOTITLE."
{% ifversion fpt or ghes or ghec %}
Creating a default security policy
You can create a default security policy that will display in any of your organization's public repositories that do not have their own security policy. For more information, see "AUTOTITLE."
{% endif %}
Managing {% data variables.product.prodname_dependabot_alerts %} and the dependency graph
{% ifversion fpt or ghec %}{% data variables.product.prodname_dotcom %} detects vulnerabilities in public repositories and displays the dependency graph. You can enable or disable {% data variables.product.prodname_dependabot_alerts %} for all public repositories owned by your organization. You can enable or disable {% data variables.product.prodname_dependabot_alerts %} and the dependency graph for all private repositories owned by your organization.
- Click your profile photo, then click Organizations.
- Click Settings next to your organization.
- Click Security & analysis.
- Click Enable all or Disable all next to the feature that you want to manage.
- Optionally, select Automatically enable for new repositories. {% endif %}
{% data reusables.dependabot.dependabot-alerts-beta %}
{% ifversion dependabot-alerts-ghes-enablement %} {% data reusables.dependabot.dependabot-alerts-enterprise-server-repo-org-enablement %} {% else %} {% data reusables.dependabot.dependabot-alerts-dependency-graph-enterprise %} {% endif %}
For more information, see "AUTOTITLE," "AUTOTITLE," and "AUTOTITLE."
Managing dependency review
Dependency review is an {% data variables.product.prodname_advanced_security %} feature that lets you visualize dependency changes in pull requests before they are merged into your repositories. For more information, see "AUTOTITLE."
{% ifversion fpt or ghec %}Dependency review is already enabled for all public repositories. {% ifversion fpt %}Organizations that use {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_advanced_security %} can additionally enable dependency review for private and internal repositories. For more information, see the {% data variables.product.prodname_ghe_cloud %} documentation. {% endif %}{% endif %}{% ifversion ghec %}For private and internal repositories that are owned by an organization, you can enable dependency review by enabling the dependency graph and enabling {% data variables.product.prodname_advanced_security %} (see below). {% elsif ghes or ghae %}Dependency review is available when dependency graph is enabled for {% data variables.location.product_location %} and you enable {% data variables.product.prodname_advanced_security %} for the organization (see below).{% endif %}
{% ifversion fpt or ghec or ghes %}
Managing {% data variables.product.prodname_dependabot_security_updates %}
For any repository that uses {% data variables.product.prodname_dependabot_alerts %}, you can enable {% data variables.product.prodname_dependabot_security_updates %} to raise pull requests with security updates when vulnerabilities are detected. You can also enable or disable {% data variables.product.prodname_dependabot_security_updates %} for all repositories across your organization.
- Click your profile photo, then click Organizations.
- Click Settings next to your organization.
- Click Security & analysis.
- Click Enable all or Disable all next to {% data variables.product.prodname_dependabot_security_updates %}.
- Optionally, select Automatically enable for new repositories.
For more information, see "AUTOTITLE" and "AUTOTITLE."
Managing {% data variables.product.prodname_dependabot_version_updates %}
You can enable {% data variables.product.prodname_dependabot %} to automatically raise pull requests to keep your dependencies up-to-date. For more information, see "AUTOTITLE."
To enable {% data variables.product.prodname_dependabot_version_updates %}, you must create a dependabot.yml configuration file. For more information, see "AUTOTITLE."
{% endif %}
{% ifversion ghes or ghae or ghec %}
Managing {% data variables.product.prodname_GH_advanced_security %}
{% ifversion ghes or ghec %} If your {% ifversion ghec %}organization is owned by an enterprise that{% else %}enterprise{% endif %} has an {% data variables.product.prodname_advanced_security %} license, you can enable or disable {% data variables.product.prodname_advanced_security %} features. {% elsif ghae %} You can enable or disable {% data variables.product.prodname_advanced_security %} features. {% endif %}
- Click your profile photo, then click Organizations.
- Click Settings next to your organization.
- Click Security & analysis.
- Click Enable all or Disable all next to {% data variables.product.prodname_GH_advanced_security %}.
- Optionally, select Automatically enable for new private repositories.
For more information, see "AUTOTITLE" and "AUTOTITLE." {% endif %}
Configuring {% data variables.product.prodname_secret_scanning %}
{% ifversion fpt or ghec %}{% data variables.product.prodname_secret_scanning_caps %} is available for all public repositories, as well as public npm packages. Organizations that use {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_advanced_security %} can additionally enable {% data variables.product.prodname_secret_scanning %} for private and internal repositories.{% endif %} {% ifversion fpt %}For more information, see the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}
{% ifversion ghes or ghae %}{% data variables.product.prodname_secret_scanning_caps %} is available if your enterprise uses {% data variables.product.prodname_advanced_security %}.{% endif %}
You can enable or disable {% data variables.product.prodname_secret_scanning %} for all {% ifversion fpt or ghec %}public {% endif %}repositories across your organization{% ifversion fpt %}.{% endif %}{% ifversion ghec %}, and for all private and internal repositories{% endif %}{% ifversion ghec or ghes or ghae %} that have {% data variables.product.prodname_GH_advanced_security %} enabled.{% endif %}
- Click your profile photo, then click Organizations.
- Click Settings next to your organization.
- Click Code security & analysis.
- Click Enable all or Disable all next to {% data variables.product.prodname_secret_scanning_caps %}.
- In the dialog box displayed, optionally {%- ifversion fpt %} select Automatically enable for new public repositories. {%- elsif ghec %} select Automatically enable for new public repositories and repositories with {% data variables.product.prodname_advanced_security %} enabled. {%- else %} select Automatically enable for repositories added to {% data variables.product.prodname_advanced_security %}. {%- endif %}
- Click the enable or disable button in the dialog box to confirm the change.
For more information, see "AUTOTITLE."
Configuring {% data variables.product.prodname_code_scanning %}
{% ifversion fpt or ghec %}{% data variables.product.prodname_code_scanning_caps %} is available for all public repositories. Organizations that use {% data variables.product.prodname_ghe_cloud %} with {% data variables.product.prodname_advanced_security %} can additionally use {% data variables.product.prodname_code_scanning %} for private and internal repositories.{% else %}{% data variables.product.prodname_code_scanning_caps %} is available if your enterprise uses {% data variables.product.prodname_advanced_security %}.{% endif %}
{% ifversion org-enable-code-scanning %}
You can enable or disable {% data variables.product.prodname_code_scanning %} default setup for all eligible repositories
{%- ifversion fpt %} that are public across your organization. {%- elsif ghec %} that are public, and for all private and internal repositories {%- endif %}
{%- ifversion ghec or ghes or ghae %} across your organization that have {% data variables.product.prodname_GH_advanced_security %} enabled. {%- endif %} {% data reusables.code-scanning.default-setup-info-link %}
For repositories that are not eligible for default setup, you can configure advanced setup at the repository level. For more information, see "AUTOTITLE."
{% data reusables.code-scanning.beta-org-enable-all %}
- Click your profile photo, then click Organizations.
- Click Settings next to your organization.
- Click Code security & analysis.
- Click Enable all or Disable all next to {% data variables.product.prodname_code_scanning_caps %}.
- In the "Enable {% data variables.product.prodname_code_scanning %} for eligible repositories" or "Disable {% data variables.product.prodname_code_scanning %}" dialog box displayed, click Enable for eligible repositories or Disable {% data variables.product.prodname_code_scanning %} to confirm the change.
{% else %} {% data variables.product.prodname_code_scanning_caps %} is configured at the repository level. For more information, see "AUTOTITLE." {% endif %}
Next steps
You can view and manage alerts from security features to address dependencies and vulnerabilities in your code. For more information, see {% ifversion fpt or ghes or ghec %} "AUTOTITLE,"{% endif %} {% ifversion fpt or ghec or ghes %}"AUTOTITLE," {% endif %}"AUTOTITLE," and "AUTOTITLE."
You can also monitor responses to security alerts within your organization. For more information, see "AUTOTITLE".
{% ifversion fpt or ghec %}If you have a security vulnerability, you can create a security advisory to privately discuss and fix the vulnerability. For more information, see "AUTOTITLE" and "AUTOTITLE." {% endif %}
{% ifversion ghes or ghec or ghae %}You{% elsif fpt %}Organizations that use {% data variables.product.prodname_ghe_cloud %}{% endif %} can view, filter, and sort security alerts for repositories owned by {% ifversion ghes or ghec or ghae %}your{% elsif fpt %}their{% endif %} organization in security overview. For more information, see{% ifversion ghes or ghec or ghae %} "AUTOTITLE."{% elsif fpt %} "AUTOTITLE" in the {% data variables.product.prodname_ghe_cloud %} documentation.{% endif %}
{% ifversion ghec %}
Further reading
"AUTOTITLE" {% endif %}