8c62486a96
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com> Co-authored-by: mchammer01 <42146119+mchammer01@users.noreply.github.com> Co-authored-by: Anne-Marie <102995847+am-stead@users.noreply.github.com> Co-authored-by: Hector Alfaro <hectorsector@github.com> Co-authored-by: Vanessa <vgrl@github.com> Co-authored-by: Erin Havens <erinhav@github.com> Co-authored-by: Aaron Waggener <73763104+aaronwaggener@users.noreply.github.com> Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com> Co-authored-by: Sarah Schneider <sarahs@users.noreply.github.com> Co-authored-by: Sarita Iyer <66540150+saritai@users.noreply.github.com> Co-authored-by: Sarah Schneider <sarahs@github.com>
6.4 KiB
title, shortTitle, intro, versions, topics
| title | shortTitle | intro | versions | topics | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| About enabling security features at scale | About organization security | You can quickly secure your organization at scale with {% data variables.product.prodname_security_configurations %} and {% data variables.product.prodname_global_settings %}. |
|
|
About securing your organization
{% ifversion ghas-products %}
{% data variables.product.github %} has many features that help you improve and maintain the quality of your code. Some features are included in all {% data variables.product.github %} plans. Additional features are available to organizations {% ifversion ghec %}and enterprises{% endif %} on {% data variables.product.prodname_team %}{% ifversion ghec %} and {% data variables.product.prodname_ghe_cloud %}{% endif %} that purchase a {% data variables.product.prodname_GHAS %} product:
- {% data variables.product.prodname_GH_code_security %}, which includes features that help you find and fix vulnerabilities, like {% data variables.product.prodname_code_scanning %}, premium {% data variables.product.prodname_dependabot %} features, and dependency review.
- {% data variables.product.prodname_GH_secret_protection %}, which includes features that help you detect and prevent secret leaks, such as {% data variables.product.prodname_secret_scanning %} and push protection.
{% else %}
{% data variables.product.github %} offers many security features including {% data variables.product.prodname_GH_advanced_security %}, a suite of features designed to protect your organization from vulnerabilities in your code, insecure dependencies, leaked secrets, and more.{% endif %}
You can easily enable and manage {% data variables.product.github %}'s security features throughout your organization with {% data variables.product.prodname_security_configurations %}, which control repository-level security features, and {% data variables.product.prodname_global_settings %}, which control security features at the organization level. We recommend applying {% data variables.product.prodname_security_configurations %} and customizing your {% data variables.product.prodname_global_settings %} to create a system that best meets the security needs of your organization.
For more information on purchasing {% data variables.product.prodname_GH_cs_or_sp %}, see AUTOTITLE.
About {% data variables.product.prodname_security_configurations %}
{% data reusables.security-configurations.define-security-configurations %}
{% ifversion security-configurations-cloud %}
There are two types of {% data variables.product.prodname_security_configuration %}:
- The {% data variables.product.prodname_github_security_configuration %}. This configuration is a collection of enablement settings created and managed by subject matter experts at {% data variables.product.company_short %}. The {% data variables.product.prodname_github_security_configuration %} is designed to adequately secure any repository, and can easily be applied to all repositories in your organization.
- {% data variables.product.prodname_custom_security_configurations_caps %}. These are configurations you can create and edit yourself, allowing you to choose different enablement settings for groups of repositories with specific security needs.
{% endif %}
{% ifversion security-configurations-ghes-only %}
You can customize {% data variables.product.prodname_security_configurations %}, allowing you to choose different enablement settings for groups of repositories with specific security needs.
You will only ever see enablement settings for features that have been installed on your {% data variables.product.prodname_ghe_server %} instance by an enterprise administrator.
{% endif %}
{% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases %}
Each repository can only have one {% data variables.product.prodname_security_configuration %} applied to it. {% ifversion security-configurations-cloud %}To find out how you should get started with {% data variables.product.prodname_security_configurations %}, see AUTOTITLE.{% endif %}
{% ifversion security-configurations-api %} You can also create and manage security configurations using the REST API. For more information, see AUTOTITLE. {% endif %}
About {% data variables.product.prodname_global_settings %}
While {% data variables.product.prodname_security_configurations %} determine repository-level security settings, {% data variables.product.prodname_global_settings %} determine your organization-level security settings, which are then inherited by all repositories. With {% data variables.product.prodname_global_settings %}, you can customize how security features analyze your organization{% ifversion ghes < 3.16 %}, as well as grant a team permission to manage security alerts and settings across your organization{% endif %}.
{% ifversion org-private-registry %}
About enabling secure access to private registries
If your organization uses private registries, providing {% data variables.product.prodname_code_scanning %} and {% data variables.product.prodname_dependabot %} secure access to these registries will improve code analysis and allow {% data variables.product.prodname_dependabot %} to update a wider range of dependencies. For information, see AUTOTITLE.
{% endif %}
Next steps
{% ifversion security-configurations-cloud %}
To determine which {% data variables.product.prodname_security_configurations %} are right for the repositories in your organization, see AUTOTITLE.
{% elsif security-configurations-ghes-only %}
To get started with creating a {% data variables.product.prodname_security_configuration %} for your organization, see AUTOTITLE.
{% endif %}