About policies for using security features in your enterprise
You can enforce policies to manage the use of security features within organizations owned by your enterprise. You can allow or disallow people with admin access to a repository to enable or disable the security and analysis features.
Additionally, you can enforce policies for the use of GitHub Secret Protection, GitHub Code Security, or GitHub Advanced Security in your enterprise's organizations and repositories.
Enforcing a policy for the availability of Advanced Security in your enterprise's organizations
You are billed for GitHub Secret Protection, GitHub Code Security, and GitHub Advanced Security products on a per-committer basis. See GitHub Advanced Security license billing.
You can enforce a policy that controls whether repository administrators are allowed to enable features for Advanced Security in an organization's repositories. You can configure a policy for all organizations owned by your enterprise account, or for individual organizations that you choose.
Disallowing GitHub Secret Protection, GitHub Code Security, or GitHub Advanced Security for an organization prevents repository administrators from enabling GitHub Secret Protection, GitHub Code Security, or GitHub Advanced Security features for additional repositories, but does not disable the features for repositories where the features are already enabled.
Примечание.
This policy only impacts repository administrators, specifically. Organization owners and security managers can always enable security features, regardless of how you set this policy. For more information, see Roles in an organization.
- 
In the top-right corner of GitHub Enterprise Server, click your profile picture, then click Enterprise settings. 
- 
At the top of the page, click Policies. 
- 
Under "Policies", click Advanced Security. 
- 
On the "Policies" tab of the "Advanced Security" page, select the dropdown menu, then click a policy for the organizations owned by your enterprise. 
- 
Optionally, if you chose Allow for selected organizations, to the right of an organization, select the dropdown menu to define which Advanced Security products are available to the organization.  
Enforcing a policy to manage the use of Dependabot alerts in your enterprise
Across all organizations owned by your enterprise, you can allow members with admin permissions for repositories to enable or disable Dependabot alerts and change Dependabot alerts settings.
Примечание.
This policy only impacts repository administrators, specifically. Organization owners and security managers can always enable security features, regardless of how you set this policy. For more information, see Roles in an organization.
- In the top-right corner of GitHub Enterprise Server, click your profile picture, then click Enterprise settings.
- At the top of the page, click Policies.
- Under "Policies", click Advanced Security.
- In the "Policies" section, under "Enable or disable Dependabot alerts by repository admins", use the dropdown menu to choose a policy.
Enforcing a policy to manage the use of Advanced Security features in your enterprise's repositories
Across all of your enterprise's organizations, you can allow or disallow people with admin access to repositories to manage the use of Advanced Security features in the repositories.
- 
In the top-right corner of GitHub Enterprise Server, click your profile picture, then click Enterprise settings. 
- 
At the top of the page, click Policies. 
- 
Under "Policies", click Advanced Security. 
- 
In the "Policies" section, under "Repository administrators can enable or disable PRODUCT", use the dropdown menu to define whether repository administrators can change the enablement of GitHub Secret Protection, GitHub Code Security, or GitHub Advanced Security.