jprdonnelly/docs
1
0
Fork 0
mirror of synced 2026-01-07 00:01:39 -05:00
Code Issues Projects Releases Wiki Activity
Files
65a50a9b5bdf27e65c0d4e33f46cf656e975e4cc
docs/content/admin/advanced-security/enabling-github-advanced-security-for-your-enterprise.md
Megan Christudas 14d80f1991 GHAS adoption & onboarding (#21502) 
* new article scaffolding

* Add scaffolding

* Migrate content for overview article

* Add placeholder notes and migrate over some more content

* First draft of updates to existing docs

* Add H2 headers to the article

* Draft of phase 0 content

* Update phase 0 with more drafting

* Fix subheaders and table formatting

* Add unedited and slightly tweaked source material

* Current draft of reworked content

* Refactor everything

* Add best practices and some partnership details

* Touch-ups

* Touch up intro and create a phased approaches reusable

* Fix the intro

* Move reusable

* Add image for GHES versions

* Fix links

* Add HTML note around links that need to be versioned for GHEC once the GHEC version releases

* Fix reusable

* Tidy up session

* Versioning around the links

* migrate this content to another PR for easier reviewing

* Add HTML note about versioning for GHEC

* Revamp intro

* Add product variables

* Less is more in the intro

* Fix the beginning

* Copy-edits for first half

* Add Markdown-friendly bullet points

* unclear shift direction

* Distinguish the rollout team roles

* More active language & cut the note

* Maybe too wordy

* Edit facts section

* Update the article path to fix tests

* Add product variables for professional services

* Another revision

* More tidying

* Fix spacing

* Apply suggestions from code review

Co-authored-by: Felicity Chapman <felicitymay@github.com>

* Apply suggestions from code review

Co-authored-by: Felicity Chapman <felicitymay@github.com>

* Apply @felicitymay's input

* Apply suggestions from code review

Co-authored-by: Rachael Sewell <rachmari@github.com>

* Fix link test by adding HTML note around GHEC only article for now

* Apply @felicitymay's stellar input 🌠

Co-authored-by: Felicity Chapman <felicitymay@github.com>

* Apply suggestions from code review

* Apply suggestions from code review

* GitHub Advanced Security "Deploying" guide (#22114)

* Add draft content

* Add gated features reusable

* Revise draft

* Revamp steps of phase 0

* Replace goals section with intro text

* More revising

* Standardize headers with sentence case & remove overview subheader

* Phase 0 streamlined

* Fix intro and GHAS Guidebook reference

* Fix reusable

* Phase 1 💖

* Phase 2 tightened

* Standardize on subheaders

* Update phase 3

* Add product variable

* Fix some links to fix the tests

* Apply @felicitymay's stellar input 🌠

Co-authored-by: Felicity Chapman <felicitymay@github.com>

* Apply Felicity's input

* Use more GHAS to ease the reading load

* Update resusable

* Replacing  "organization"

* Add dependency review verisoning

Co-authored-by: “jmarlena” <“jmarlena@github.com”>
Co-authored-by: Felicity Chapman <felicitymay@github.com>

* Remove draft notes for appendix links

* Fix subheader

* Deploying before enabling GHAS

* Replace organization

* Fix variables

* Add GHEC & GHES versioning

* not sure why this space is a commit

* Apply suggestions from code review

Co-authored-by: Felicity Chapman <felicitymay@github.com>

* Remove ghec versioning we don't need

* Add repo reference

* Remove versioning note ftw

* Apply suggestions from code review

Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>

* Markdown, I love you

Co-authored-by: Megan Christudas <meganchristudas@Megans-MBP.fios-router.home>
Co-authored-by: jmarlena <jmarlena@github.com>
Co-authored-by: “jmarlena” <“jmarlena@github.com”>
Co-authored-by: jmarlena <6732600+jmarlena@users.noreply.github.com>
Co-authored-by: Felicity Chapman <felicitymay@github.com>
Co-authored-by: Rachael Sewell <rachmari@github.com>
Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com>
2021-10-15 17:18:28 -07:00

123 lines
9.1 KiB
Markdown
Raw Blame History

---
title: Enabling GitHub Advanced Security for your enterprise
shortTitle: Enabling GitHub Advanced Security
intro: 'You can configure {% data variables.product.product_name %} to include {% data variables.product.prodname_GH_advanced_security %}. This provides extra features that help users find and fix security problems in their code.'
product: '{% data reusables.gated-features.ghas %}'
versions:
ghes: '*'
type: how_to
topics:
- Advanced Security
- Code scanning
- Enterprise
- Secret scanning
- Security
---
## About enabling {% data variables.product.prodname_GH_advanced_security %}
{% data reusables.advanced-security.ghas-helps-developers %}
{% ifversion ghes > 3.0 %}
When you enable {% data variables.product.prodname_GH_advanced_security %} for your enterprise, repository administrators in all organizations can enable the features unless you set up a policy to restrict access. For more information, see "[Enforcing policies for {% data variables.product.prodname_advanced_security %} in your enterprise](/admin/policies/enforcing-policies-for-advanced-security-in-your-enterprise)."
{% else %}
When you enable {% data variables.product.prodname_GH_advanced_security %} for your enterprise, repository administrators in all organizations can enable the features. {% ifversion ghes = 3.0 %}For more information, see "[Managing security and analysis settings for your organization](/organizations/keeping-your-organization-secure/managing-security-and-analysis-settings-for-your-organization)" and "[Managing security and analysis settings for your repository](/github/administering-a-repository/managing-security-and-analysis-settings-for-your-repository)."{% endif %}
{% endif %}
For guidance on a phased deployment of GitHub Advanced Security, see "[Deploying GitHub Advanced Security in your enterprise](/admin/advanced-security/deploying-github-advanced-security-in-your-enterprise)."
## Prerequisites for enabling {% data variables.product.prodname_GH_advanced_security %}
1. Upgrade your license for {% data variables.product.product_name %} to include {% data variables.product.prodname_GH_advanced_security %}.{% ifversion ghes > 3.0 %} For information about licensing, see "[About billing for {% data variables.product.prodname_GH_advanced_security %}](/billing/managing-billing-for-github-advanced-security/about-billing-for-github-advanced-security)."{% endif %}
2. Download the new license file. For more information, see "[Downloading your license for {% data variables.product.prodname_enterprise %}](/billing/managing-your-license-for-github-enterprise/downloading-your-license-for-github-enterprise)."
3. Upload the new license file to {% data variables.product.product_location %}. For more information, see "[Uploading a new license to {% data variables.product.prodname_ghe_server %}](/billing/managing-your-license-for-github-enterprise/uploading-a-new-license-to-github-enterprise-server)."{% ifversion ghes > 2.22 %}
4. Review the prerequisites for the features you plan to enable.
- {% data variables.product.prodname_code_scanning_capc %}, see "[Configuring {% data variables.product.prodname_code_scanning %} for your appliance](/admin/advanced-security/configuring-code-scanning-for-your-appliance#prerequisites-for-code-scanning)."
- {% data variables.product.prodname_secret_scanning_caps %}, see "[Configuring {% data variables.product.prodname_secret_scanning %} for your appliance](/admin/advanced-security/configuring-secret-scanning-for-your-appliance#prerequisites-for-secret-scanning)."{% endif %}
- {% data variables.product.prodname_dependabot %}, see "[Enabling the dependency graph and {% data variables.product.prodname_dependabot_alerts %} on your enterprise account](/admin/configuration/managing-connections-between-your-enterprise-accounts/enabling-the-dependency-graph-and-dependabot-alerts-on-your-enterprise-account)."
## Checking whether your license includes {% data variables.product.prodname_GH_advanced_security %}
{% ifversion ghes > 3.0 %}
{% data reusables.enterprise-accounts.access-enterprise %}
{% data reusables.enterprise-accounts.settings-tab %}
{% data reusables.enterprise-accounts.license-tab %}
1. If your license includes {% data variables.product.prodname_GH_advanced_security %}, the license page includes a section showing details of current usage.
![{% data variables.product.prodname_GH_advanced_security %} section of Enterprise license](/assets/images/help/billing/ghas-orgs-list-enterprise-ghes.png)
{% endif %}
{% ifversion ghes = 2.22 or ghes = 3.0 %}
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.management-console %}
1. If your license includes {% data variables.product.prodname_GH_advanced_security %}, there is an **{% data variables.product.prodname_advanced_security %}** entry in the left sidebar.
![Advanced Security sidebar](/assets/images/enterprise/management-console/sidebar-advanced-security.png)
{% data reusables.enterprise_management_console.advanced-security-license %}
{% endif %}
## Enabling and disabling {% data variables.product.prodname_GH_advanced_security %} features
{% data reusables.enterprise_management_console.enable-disable-security-features %}
{% data reusables.enterprise_site_admin_settings.access-settings %}
{% data reusables.enterprise_site_admin_settings.management-console %}
{% data reusables.enterprise_management_console.advanced-security-tab %}{% ifversion ghes > 2.22 %}
1. Under "{% ifversion ghes < 3.2 %}{% data variables.product.prodname_advanced_security %}{% else %}Security{% endif %}," select the features that you want to enable and deselect any features you want to disable.
![Checkbox to enable or disable {% data variables.product.prodname_advanced_security %} features](/assets/images/enterprise/management-console/enable-advanced-security-checkboxes.png){% else %}
1. Under "{% data variables.product.prodname_advanced_security %}," click **{% data variables.product.prodname_code_scanning_capc %}**.
![Checkbox to enable or disable {% data variables.product.prodname_code_scanning %}](/assets/images/enterprise/management-console/enable-code-scanning-checkbox.png){% endif %}
{% data reusables.enterprise_management_console.save-settings %}
When {% data variables.product.product_name %} has finished restarting, you're ready to set up any additional resources required for newly enabled features. For more information, see "[Configuring {% data variables.product.prodname_code_scanning %} for your appliance](/admin/advanced-security/configuring-code-scanning-for-your-appliance)."
## Enabling or disabling {% data variables.product.prodname_GH_advanced_security %} features via the administrative shell (SSH)
You can enable or disable features programmatically on {% data variables.product.product_location %}. For more information about the administrative shell and command-line utilities for {% data variables.product.prodname_ghe_server %}, see "[Accessing the administrative shell (SSH)](/admin/configuration/accessing-the-administrative-shell-ssh)" and "[Command-line utilities](/admin/configuration/command-line-utilities#ghe-config)."
For example, you can enable any {% data variables.product.prodname_GH_advanced_security %} feature with your infrastructure-as-code tooling when you deploy an instance for staging or disaster recovery.
1. SSH into {% data variables.product.product_location %}.
1. Enable features for {% data variables.product.prodname_GH_advanced_security %}.
- To enable {% data variables.product.prodname_code_scanning_capc %}, enter the following commands.
```shell
ghe-config app.minio.enabled true
ghe-config app.code-scanning.enabled true
```
- To enable {% data variables.product.prodname_secret_scanning_caps %}, enter the following command.
```shell
ghe-config app.secret-scanning.enabled true
```
- To enable {% data variables.product.prodname_dependabot %}, enter the following {% ifversion ghes > 3.1 %}command{% else %}commands{% endif %}.
{% ifversion ghes > 3.1 %}```shell
ghe-config app.dependency-graph.enabled true
```
{% else %}```shell
ghe-config app.github.dependency-graph-enabled true
ghe-config app.github.vulnerability-alerting-and-settings-enabled true
```{% endif %}
2. Optionally, disable features for {% data variables.product.prodname_GH_advanced_security %}.
- To disable {% data variables.product.prodname_code_scanning %}, enter the following commands.
```shell
ghe-config app.minio.enabled false
ghe-config app.code-scanning.enabled false
```
- To disable {% data variables.product.prodname_secret_scanning %}, enter the following command.
```shell
ghe-config app.secret-scanning.enabled false
```
- To disable {% data variables.product.prodname_dependabot %}, enter the following {% ifversion ghes > 3.1 %}command{% else %}commands{% endif %}.
{% ifversion ghes > 3.1 %}```shell
ghe-config app.dependency-graph.enabled false
```
{% else %}```shell
ghe-config app.github.dependency-graph-enabled false
ghe-config app.github.vulnerability-alerting-and-settings-enabled false
```{% endif %}
3. Apply the configuration.
```shell
ghe-config-apply
```
Reference in New Issue View Git Blame Copy Permalink