885da5b3d3
* New Crowdin translations by Github Action * Reset broken translated files to English * Ran script/i18n/homogenize-frontmatter.js * Ran script/fix-translation-errors.js * Reverted translated files with parsing and rendering errors * fix malformed liquid * add next directory to exclude list * currentversion -> currentVersion * fix liquid errors * fix liquid errors * Reset broken translated files to English * Ran script/i18n/homogenize-frontmatter.js * Revert /ja/github/authenticating-to-github/about-authentication-with-saml-single-sign-on * Reset known broken translation files LAST * Run script/i18n/homogenize-frontmatter.js Co-authored-by: Crowdin Bot <support+bot@crowdin.com> Co-authored-by: Rachael Sewell <rachmari@github.com> Co-authored-by: Kevin Heis <heiskr@users.noreply.github.com>
7.3 KiB
title, shortTitle, intro, product, versions, type, topics
| title | shortTitle | intro | product | versions | type | topics | |||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Enabling GitHub Advanced Security for your enterprise | Enabling GitHub Advanced Security | You can configure {% data variables.product.product_name %} to include {% data variables.product.prodname_GH_advanced_security %}. This provides extra features that help users find and fix security problems in their code. | {% data reusables.gated-features.ghas %} |
|
how_to |
|
About enabling {% data variables.product.prodname_GH_advanced_security %}
{% data reusables.advanced-security.ghas-helps-developers %}
{% if currentVersion ver_gt "enterprise-server@3.0" %} When you enable {% data variables.product.prodname_GH_advanced_security %} for your enterprise, repository administrators in all organizations can enable the features unless you set up a policy to restrict access. For more information, see "Enforcing policies for {% data variables.product.prodname_advanced_security %} in your enterprise." {% else %} When you enable {% data variables.product.prodname_GH_advanced_security %} for your enterprise, repository administrators in all organizations can enable the features. {% if currentVersion == "enterprise-server@3.0" %}For more information, see "Managing security and analysis settings for your organization" and "Managing security and analysis settings for your repository."{% endif %} {% endif %}
Prerequisites for enabling {% data variables.product.prodname_GH_advanced_security %}
-
Upgrade your license for {% data variables.product.product_name %} to include {% data variables.product.prodname_GH_advanced_security %}.{% if currentVersion ver_gt "enterprise-server@3.0" %} For information about licensing, see "About licensing for {% data variables.product.prodname_GH_advanced_security %}."{% endif %}
-
Upload the new license to {% data variables.product.product_location %}. For more information, see "Managing your GitHub Enterprise license."{% if currentVersion ver_gt "enterprise-server@2.22" %}
-
Review the prerequisites for the features you plan to enable.
- {% data variables.product.prodname_code_scanning_capc %}, see "Configuring {% data variables.product.prodname_code_scanning %} for your appliance."
- {% data variables.product.prodname_secret_scanning_caps %}, see "Configuring {% data variables.product.prodname_secret_scanning %} for your appliance."{% endif %}
Checking whether your license includes {% data variables.product.prodname_GH_advanced_security %}
{% if currentVersion ver_gt "enterprise-server@3.0" %} {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} {% data reusables.enterprise-accounts.license-tab %}
- If your license includes {% data variables.product.prodname_GH_advanced_security %}, the license page includes a section showing details of current usage.
{% endif %}
{% if currentVersion == "enterprise-server@2.22" or currentVersion == "enterprise-server@3.0" %} {% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %}
- If your license includes {% data variables.product.prodname_GH_advanced_security %}, there is an {% data variables.product.prodname_advanced_security %} entry in the left sidebar.
{% data reusables.enterprise_management_console.advanced-security-license %} {% endif %}
Enabling and disabling {% data variables.product.prodname_GH_advanced_security %} features
{% data reusables.enterprise_management_console.enable-disable-security-features %}
{% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %} {% data reusables.enterprise_management_console.advanced-security-tab %}{% if currentVersion ver_gt "enterprise-server@2.22" %}
- Under "{% data variables.product.prodname_advanced_security %}," select the features that you want to enable and deselect any features you want to disable.
{% else %} - Under "{% data variables.product.prodname_advanced_security %}," click {% data variables.product.prodname_code_scanning_capc %}.
{% endif %}
{% data reusables.enterprise_management_console.save-settings %}
When {% data variables.product.product_name %} has finished restarting, you're ready to set up any additional resources required for newly enabled features. For more information, see "Configuring {% data variables.product.prodname_code_scanning %} for your appliance."
Enabling or disabling {% data variables.product.prodname_GH_advanced_security %} via the administrative shell (SSH)
You can enable or disable features programmatically on {% data variables.product.product_location %}. For more information about the administrative shell and command-line utilities for {% data variables.product.prodname_ghe_server %}, see "Accessing the administrative shell (SSH)" and "Command-line utilities."
For example, you can enable {% data variables.product.prodname_code_scanning %} with your infrastructure-as-code tooling when you deploy an instance for staging or disaster recovery.
- SSH into {% data variables.product.product_location %}.
- Enable {% data variables.product.prodname_code_scanning %}.
ghe-config app.minio.enabled true ghe-config app.code-scanning.enabled true - Optionally, disable {% data variables.product.prodname_code_scanning %}.
ghe-config app.minio.enabled false ghe-config app.code-scanning.enabled false - Apply the configuration.
ghe-config-apply
{% if currentVersion ver_gt "enterprise-server@2.22" %}To enable and disable {% data variables.product.prodname_secret_scanning %} in the same way, set: `ghe-config app.secret-scanning.enabled` true or false and apply the configuration.{% endif %}