79c48070c4
* Deprecate 3.0 * 3.0 deprecation: remove 3.0 markup (#25647) * Remove liquid conditionals and content for 3.0 deprecation * Remove manually, no longer versioned in a supported version * Remove translations manually, no longer versioned in a supported version * Remove 'if', now in all supported versions * Remove dangling 'elseif', now in all supported versions * Remove dangling 'elseif' and 3.0 screenshot reference, now in all supported versions * Nudge to latest supported GHES version * Nudge to latest supported release GHES version * Bump all the version for the liquid tests * Bump first deprecated version for linting tests * Prefer double quotes Co-authored-by: Laura Coursen <lecoursen@github.com> * Prefer double quotes Co-authored-by: Laura Coursen <lecoursen@github.com> * Prefer double quotes Co-authored-by: Laura Coursen <lecoursen@github.com> * Prefer double quotes Co-authored-by: Laura Coursen <lecoursen@github.com> * Prefer double quotes Co-authored-by: Laura Coursen <lecoursen@github.com> * Prefer double quotes Co-authored-by: Laura Coursen <lecoursen@github.com> * Prefer double quotes Co-authored-by: Laura Coursen <lecoursen@github.com> * Prefer double quotes Co-authored-by: Laura Coursen <lecoursen@github.com> * Prefer double quotes Co-authored-by: Laura Coursen <lecoursen@github.com> * Remove extra newline Co-authored-by: Laura Coursen <lecoursen@github.com> * Remove extra newline Co-authored-by: Laura Coursen <lecoursen@github.com> * Remove extra newline Co-authored-by: Laura Coursen <lecoursen@github.com> * One reusable per line Co-authored-by: Laura Coursen <lecoursen@github.com> * One reusable per line Co-authored-by: Laura Coursen <lecoursen@github.com> * One reusable per line Co-authored-by: Laura Coursen <lecoursen@github.com> * Version check not needed anymore Co-authored-by: Laura Coursen <lecoursen@github.com> * Version check not needed anymore Co-authored-by: Laura Coursen <lecoursen@github.com> * Version check not needed anymore Co-authored-by: Laura Coursen <lecoursen@github.com> * Version check not needed anymore Co-authored-by: Laura Coursen <lecoursen@github.com> * Version check not needed anymore Co-authored-by: Laura Coursen <lecoursen@github.com> * Version check not needed anymore Co-authored-by: Laura Coursen <lecoursen@github.com> * Version check not needed anymore Co-authored-by: Laura Coursen <lecoursen@github.com> * Stray whitespace ✂️ Co-authored-by: Laura Coursen <lecoursen@github.com> * Stray whitespace ✂️ Co-authored-by: Laura Coursen <lecoursen@github.com> * Stray whitespace ✂️ Co-authored-by: Laura Coursen <lecoursen@github.com> * Stray whitespace ✂️ Co-authored-by: Laura Coursen <lecoursen@github.com> * Stray whitespace ✂️ Co-authored-by: Laura Coursen <lecoursen@github.com> * Stray whitespace ✂️ Co-authored-by: Laura Coursen <lecoursen@github.com> * Stray whitespace ✂️ Co-authored-by: Laura Coursen <lecoursen@github.com> * Stray whitespace ✂️ Co-authored-by: Laura Coursen <lecoursen@github.com> * Version check not needed anymore Co-authored-by: Laura Coursen <lecoursen@github.com> * Version check not needed anymore Co-authored-by: Laura Coursen <lecoursen@github.com> * Just 'ghes' since we're deprecating 3.0 Co-authored-by: Laura Coursen <lecoursen@github.com> * Just 'ghes' since we're deprecating 3.0 Co-authored-by: Laura Coursen <lecoursen@github.com> * Just 'ghes' since we're deprecating 3.0 Co-authored-by: Laura Coursen <lecoursen@github.com> * Just 'ghes' since we're deprecating 3.0 Co-authored-by: Laura Coursen <lecoursen@github.com> * Just 'ghes' since we're deprecating 3.0 Co-authored-by: Laura Coursen <lecoursen@github.com> * Just 'ghes' since we're deprecating 3.0 Co-authored-by: Laura Coursen <lecoursen@github.com> * Just 'ghes' since we're deprecating 3.0 Co-authored-by: Laura Coursen <lecoursen@github.com> * Just 'ghes' since we're deprecating 3.0 Co-authored-by: Laura Coursen <lecoursen@github.com> * Don't depend on hardcoded versions Co-authored-by: Laura Coursen <lecoursen@github.com> * Remove static files for 3.0 deprecation (#25649) Co-authored-by: Laura Coursen <lecoursen@github.com>
8.3 KiB
title, shortTitle, intro, product, redirect_from, versions, type, topics
| title | shortTitle | intro | product | redirect_from | versions | type | topics | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Enabling GitHub Advanced Security for your enterprise | Enabling GitHub Advanced Security | You can configure {% data variables.product.product_name %} to include {% data variables.product.prodname_GH_advanced_security %}. This provides extra features that help users find and fix security problems in their code. | {% data reusables.gated-features.ghas %} |
|
|
how_to |
|
About enabling {% data variables.product.prodname_GH_advanced_security %}
{% data reusables.advanced-security.ghas-helps-developers %}
{% ifversion ghes %} When you enable {% data variables.product.prodname_GH_advanced_security %} for your enterprise, repository administrators in all organizations can enable the features unless you set up a policy to restrict access. For more information, see "Enforcing policies for {% data variables.product.prodname_advanced_security %} in your enterprise." {% else %} When you enable {% data variables.product.prodname_GH_advanced_security %} for your enterprise, repository administrators in all organizations can enable the features. {% endif %}
{% ifversion ghes %} For guidance on a phased deployment of GitHub Advanced Security, see "Deploying GitHub Advanced Security in your enterprise." {% endif %}
Checking whether your license includes {% data variables.product.prodname_GH_advanced_security %}
{% ifversion ghes %} {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} {% data reusables.enterprise-accounts.license-tab %}
- If your license includes {% data variables.product.prodname_GH_advanced_security %}, the license page includes a section showing details of current usage.
{% endif %}
Prerequisites for enabling {% data variables.product.prodname_GH_advanced_security %}
-
Upgrade your license for {% data variables.product.product_name %} to include {% data variables.product.prodname_GH_advanced_security %}.{% ifversion ghes %} For information about licensing, see "About billing for {% data variables.product.prodname_GH_advanced_security %}."{% endif %}
-
Download the new license file. For more information, see "Downloading your license for {% data variables.product.prodname_enterprise %}."
-
Upload the new license file to {% data variables.product.product_location %}. For more information, see "Uploading a new license to {% data variables.product.prodname_ghe_server %}."{% ifversion ghes %}
-
Review the prerequisites for the features you plan to enable.
- {% data variables.product.prodname_code_scanning_capc %}, see "Configuring {% data variables.product.prodname_code_scanning %} for your appliance."
- {% data variables.product.prodname_secret_scanning_caps %}, see "Configuring {% data variables.product.prodname_secret_scanning %} for your appliance."{% endif %}
- {% data variables.product.prodname_dependabot %}, see "Enabling {% data variables.product.prodname_dependabot %} for your enterprise."
Enabling and disabling {% data variables.product.prodname_GH_advanced_security %} features
{% data reusables.enterprise_management_console.enable-disable-security-features %}
{% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %} {% data reusables.enterprise_management_console.advanced-security-tab %}{% ifversion ghes %}
- Under "{% ifversion ghes < 3.2 %}{% data variables.product.prodname_advanced_security %}{% else %}Security{% endif %}," select the features that you want to enable and deselect any features you want to disable.
{% ifversion ghes > 3.1 %}
{% else %}
{% endif %}{% else %} - Under "{% data variables.product.prodname_advanced_security %}," click {% data variables.product.prodname_code_scanning_capc %}.
{% endif %}
{% data reusables.enterprise_management_console.save-settings %}
When {% data variables.product.product_name %} has finished restarting, you're ready to set up any additional resources required for newly enabled features. For more information, see "Configuring {% data variables.product.prodname_code_scanning %} for your appliance."
Enabling or disabling {% data variables.product.prodname_GH_advanced_security %} features via the administrative shell (SSH)
You can enable or disable features programmatically on {% data variables.product.product_location %}. For more information about the administrative shell and command-line utilities for {% data variables.product.prodname_ghe_server %}, see "Accessing the administrative shell (SSH)" and "Command-line utilities."
For example, you can enable any {% data variables.product.prodname_GH_advanced_security %} feature with your infrastructure-as-code tooling when you deploy an instance for staging or disaster recovery.
-
SSH into {% data variables.product.product_location %}.
-
Enable features for {% data variables.product.prodname_GH_advanced_security %}.
- To enable {% data variables.product.prodname_code_scanning_capc %}, enter the following commands.
ghe-config app.minio.enabled true ghe-config app.code-scanning.enabled true- To enable {% data variables.product.prodname_secret_scanning_caps %}, enter the following command.
ghe-config app.secret-scanning.enabled true- To enable the dependency graph, enter the following {% ifversion ghes > 3.1 %}command{% else %}commands{% endif %}. {% ifversion ghes > 3.1 %}```shell ghe-config app.dependency-graph.enabled true
{% else %}```shell ghe-config app.github.dependency-graph-enabled true ghe-config app.github.vulnerability-alerting-and-settings-enabled true ```{% endif %} -
Optionally, disable features for {% data variables.product.prodname_GH_advanced_security %}.
- To disable {% data variables.product.prodname_code_scanning %}, enter the following commands.
ghe-config app.minio.enabled false ghe-config app.code-scanning.enabled false- To disable {% data variables.product.prodname_secret_scanning %}, enter the following command.
ghe-config app.secret-scanning.enabled false- To disable the dependency graph, enter the following {% ifversion ghes > 3.1 %}command{% else %}commands{% endif %}. {% ifversion ghes > 3.1 %}```shell ghe-config app.dependency-graph.enabled false
{% else %}```shell ghe-config app.github.dependency-graph-enabled false ghe-config app.github.vulnerability-alerting-and-settings-enabled false ```{% endif %} -
Apply the configuration.
ghe-config-apply