Security configurations sind Sammlungen von Aktivierungseinstellungen für die Sicherheitsfunktionen von GitHub, die Sie auf jedes Repository in Ihrem Unternehmen anwenden können.
There are two types of security configuration:
Each repository can only have one security configuration applied to it.
You can create and manage security configurations using the REST API. For more information, see Konfigurationen.
The GitHub-recommended security configuration
The GitHub-recommended security configuration offers a number of benefits:
- It is created and managed by GitHub's subject matter experts.
- It is the quickest security configuration to apply to all repositories in your organization.
- It is designed to effectively secure both low- and high-impact repositories.
We recommend that organizations and enterprises initially apply the GitHub-recommended security configuration.
The GitHub-recommended security configuration includes GitHub Code Security and GitHub Secret Protection features. Applying the configuration to private and internal repositories in your organization will incur usage costs or require licenses.
Custom security configurations
If you are familiar with GitHub's security products, and you have specific security needs that the GitHub-recommended security configuration can't meet, you can create and apply custom security configurations. With custom security configurations, you can:
- Edit the enablement settings for different security features
- Create several configurations for repositories to reflect their different levels of visibility, risk tolerance, and impact
You can also choose whether or not you want to include GitHub Code Security or GitHub Secret Protection features in a configuration. If you do, keep in mind that these features incur usage costs (or require GitHub Advanced Security licenses) when applied to private and internal repositories.
Enforcement of security configurations
When you apply a security configuration, you can choose to enforce it, meaning users cannot change the enablement status of features included in the configuration.
If a user in your organization attempts to change the enablement status of a feature in an enforced configuration using the REST API, the API call will appear to succeed, but no enablement statuses will change.
Some situations can break the enforcement of security configurations for a repository. For example, the enablement of code scanning will not apply to a repository if:
- GitHub Actions is initially enabled on the repository, but is then disabled in the repository.
- GitHub Actions is not available for the repository.
- The languages excluded from code scanning default setup are changed at the repository level.
Next steps
To start securing repositories in your organization with the GitHub-recommended security configuration, see Anwendung der von GitHub empfohlenen Sicherheitskonfiguration in Ihrer Organisation.
Alternatively, to start securing repositories in your organization with custom security configurations, see Erstellen einer benutzerdefinierten Sicherheitskonfiguration.