About security and analysis settings for your repository
GitHub offers a number of different security features that you can enable for your repository to protect your code from vulnerabilities, unauthorized access, and other potential security threats.
Enabling or disabling security and analysis features
You can manage the security and analysis features for your repository. If your enterprise or organization has a license for GitHub Code Security or GitHub Secret Protection, then extra options are available. For more information, see About GitHub Advanced Security.
- 
On GitHub, navigate to the main page of the repository. 
- 
Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.  
- 
In the "Security" section of the sidebar, click Advanced Security. 
- 
Under "Advanced Security", to the right of the feature, click Disable or Enable. The control for "Secret Protection and Code Security" is disabled if your enterprise has no available licenses. Примечание. If you disable Secret Protection and Code Security, dependency review, secret scanning and code scanning are disabled. Any workflows, SARIF uploads, or API calls for code scanning will fail. If Code Scanning is re-enabled, code scanning will return to its previous state. 
Granting access to security alerts
GitHub security alerts are automated notifications that inform you when vulnerabilities are found in your repository's dependencies or code. They prompt you to review and remediate these issues, helping to keep your project secure.
You can find security alerts from Dependabot, Secret scanning, and Code scanning under your repository's Security tab.
Security alerts for a repository are visible to people with write, maintain, or admin access to the repository and, when the repository is owned by an organization, organization owners. You can give additional teams and people access to the alerts.
Примечание.
Organization owners and repository administrators can only grant access to view security alerts, such as secret scanning alerts, to people or teams who have write access to the repo.
- 
On GitHub, navigate to the main page of the repository. 
- 
Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.  
- 
In the "Security" section of the sidebar, click Advanced Security. 
- 
Under "Access to alerts", in the search field, start typing the name of the person or team you'd like to find, then click a name in the list of matches. 
- 
Click Save changes. 
Removing access to security alerts
- 
On GitHub, navigate to the main page of the repository. 
- 
Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.  
- 
In the "Security" section of the sidebar, click Advanced Security. 
- 
Under "Access to alerts", to the right of the person or team whose access you'd like to remove, click .  
- 
Click Save changes.