Enterprise Server 3.21 actualmente está disponible como versión candidata para lanzamiento.

Enabling security features at scale

You can quickly secure your organization at scale with security configurations and global settings.

En este artículo

About securing your organization

GitHub has many features that help you improve and maintain the quality of your code. Some features are included in all GitHub plans. Additional features are available if you purchase a GitHub Advanced Security product:

  • GitHub Secret Protection, que incluye características que te ayudan a detectar y evitar fugas de secretos, como secret scanning y protección de inserción.
  • GitHub Code Security, que incluye características que te ayudan a encontrar y corregir vulnerabilidades, como code scanning, características premium de Dependabot y revisión de dependencias.

Como alternativa, puedes tener una licencia de GitHub Advanced Security, que incluye todas las características de GitHub Secret Protection y GitHub Code Security.

You can easily enable and manage GitHub's security features throughout your organization with security configurations, which control repository-level security features, and global settings, which control security features at the organization level. We recommend applying security configurations and customizing your global settings to create a system that best meets the security needs of your organization.

For more information on purchasing GitHub Secret Protection or GitHub Code Security, see Acerca de GitHub Advanced Security and Compra de Advanced Security para tu organización o empresa in the GitHub Enterprise Cloud documentation.

About security configurations

Security configurations son colecciones de opciones de habilitación para las características de seguridad de GitHub que pueden aplicar a cualquier repositorio dentro de una organización o a nivel empresarial.

Al crear un security configuration, puede seleccionar diferentes ajustes de habilitación para satisfacer las necesidades de seguridad específicas de un grupo de repositorios.

To learn how to create custom security configurations, see Creación de una configuración de seguridad personalizada.

After you apply a configuration

When you apply a security configuration to repositories, each repository enters a managed relationship with that configuration. That relationship can change over time. For example, if a repository admin overrides a security setting on an unenforced configuration, if an organization or enterprise admin detaches the configuration, if enforcement is enabled, or if the initial attachment fails. Each change is reflected in the repository's configuration status.

For the full list of configuration statuses and recommended actions, see Security configuration statuses.

About global settings

While security configurations determine repository-level security settings, global settings determine your organization-level security settings, which are then inherited by all repositories. With global settings, you can customize how security features analyze your organization.

About enabling secure access to private registries

If your organization uses private registries, providing code scanning and Dependabot secure access to these registries will improve code analysis and allow Dependabot to update a wider range of dependencies. For information, see Conceder acceso a las características de seguridad a registros privados.

Next steps

To get started with creating a security configuration for your organization, see Creación de una configuración de seguridad personalizada.