Configurações de segurança

Security configurations são coleções de configurações de segurança que podem ser aplicadas em grande escala a repositórios.

Quem pode usar esse recurso?

Organization owners, enterprise owners, security managers, and organization members with the admin role

Neste artigo

Security configurations on GitHub Enterprise Server

Security configurations are collections of enablement settings for GitHub's security features that you can apply to any repository within an organization or enterprise. When you create a security configuration, you can choose different enablement settings to meet the specific security needs of a group of repositories.

Feature availability

Feature availability in security configurations is determined as follows:

  • You will only see features in the UI if they were installed by a site administrator on your GitHub Enterprise Server instance.
  • Advanced Security features will only be visible if your enterprise or GitHub Enterprise Server instance holds a GitHub Advanced Security, GitHub Code Security, or GitHub Secret Protection license.
  • Certain features, like Dependabot security updates and code scanning default setup, also require that GitHub Actions is installed on the GitHub Enterprise Server instance.

Enforcement of security configurations

When you apply a security configuration, you can choose to enforce it, meaning users cannot change the enablement status of features included in the configuration.

If a user in your organization or enterprise attempts to change the enablement status of a feature in an enforced configuration using the REST API, the API call will appear to succeed, but no enablement statuses will change.

Some situations can break the enforcement of security configurations for a repository. For example, the enablement of code scanning will not apply to a repository if:

  • GitHub Actions is initially enabled on the repository, but is then disabled in the repository.
  • GitHub Actions is not available for the repository.
  • Self-hosted runners with the label code-scanning are not available.
  • The languages excluded from code scanning default setup are changed at the repository level.

Preservation of default settings for new repositories

If you had default security settings in place for newly created repositories, GitHub will preserve these settings by automatically creating a "New repository default settings" security configuration for your enterprise. The configuration matches your previous enterprise-level default settings for new repositories as of December 2024.

The configuration will be automatically applied to any newly created repositories in your enterprise that do not belong to an organization with its own default settings.

Next steps

To learn how to create custom security configurations, see Creating a custom security configuration.