Editing a custom security configuration

Meet the security needs of your repositories by editing your custom security configuration.

Who can use this feature?

Organization owners, security managers, and organization members with the admin role

  1. In the upper-right corner of GitHub, click your profile picture, then click Organizations.

  2. Under your organization name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of the tabs in an organization's profile. The "Settings" tab is outlined in dark orange.

  3. In the "Security" section of the sidebar, select the Advanced Security dropdown menu, then click Configurations.

  4. Under "Security configurations", click the name of the custom security configuration you want to edit.

    Note

    The default security configuration for an organization is only automatically applied to new repositories created in your organization. If a repository is transferred into your organization, you will still need to apply an appropriate security configuration to the repository manually.

  5. Edit the name and description of your custom security configuration as desired.

  6. Edit the enablement settings of your custom security configuration as desired.

  7. In the "Policy" section, you can modify the configuration's enforcement status. Enforcing a configuration will block repository owners from changing features that are enabled or disabled by the configuration, but features that are not set aren't enforced. Next to "Enforce configuration", select Enforce or Don't enforce from the dropdown menu.

    Note

    Some situations can break the enforcement of security configurations. See Security configuration enforcement.

  8. To apply your changes, click Update configuration.