About securing your organization
GitHub offers many security features including GitHub Advanced Security, a suite of features designed to protect your organization from vulnerabilities in your code, insecure dependencies, leaked secrets, and more.
You can easily enable and manage GitHub's security features throughout your organization with security configurations, which control repository-level security features, and global settings, which control security features at the organization level. We recommend applying security configurations and customizing your global settings to create a system that best meets the security needs of your organization.
For more information on purchasing GitHub Advanced Security, see 关于 GitHub 高级安全性 and 为组织或企业购买高级安全性 in the GitHub Enterprise Cloud documentation.
About security configurations
Security configurations 是 GitHub 安全功能的启用设置集合,可应用于组织内的任何存储库。
You can customize security configurations, allowing you to choose different enablement settings for groups of repositories with specific security needs.
You will only ever see enablement settings for features that have been installed on your GitHub Enterprise Server instance by an enterprise administrator.
To learn how to create custom security configurations, see 删除自定义安全配置.
注意
如果组织中的用户尝试使用 REST API 更改强制配置中某个功能的启用状态,则 API 调用将显示为成功,但不会更改任何启用状态。
在某些情况下,可能会中断存储库的 security configurations 强制实施。 例如,在以下情况下,code scanning 的启用将不适用于存储库:
- GitHub Actions 最初在存储库上启用,但在存储库中禁用。
- code scanning 配置所需的 GitHub Actions 在存储库中不可用。
- 具有标签
code-scanning的自承载运行器不可用。 - 不应使用 code scanning 默认设置分析语言的定义已更改。
Each repository can only have one security configuration applied to it.
About global settings
While security configurations determine repository-level security settings, global settings determine your organization-level security settings, which are then inherited by all repositories. With global settings, you can customize how security features analyze your organization.
Next steps
To get started with creating a security configuration for your organization, see 删除自定义安全配置.