About securing your organization
GitHub has many features that help you improve and maintain the quality of your code. Some features are included in all GitHub plans. Additional features are available to organizations on GitHub Team and GitHub Enterprise Cloud that purchase a GitHub Advanced Security product:
- GitHub Secret Protection, qui inclut des fonctionnalités qui vous aident à détecter et à empêcher les fuites de secrets, telles que secret scanning et la protection d’envoi (push).
- GitHub Code Security, qui inclut des fonctionnalités qui vous aident à trouver et à corriger les vulnérabilités, telles que code scanning, des fonctionnalités premium Dependabot et la revue des dépendances.
Vous pouvez également disposer d'une licence GitHub Advanced Security qui inclut toutes les fonctionnalités de GitHub Secret Protection et GitHub Code Security.
You can easily enable and manage GitHub's security features throughout your organization with security configurations, which control repository-level security features, and global settings, which control security features at the organization level. We recommend applying security configurations and customizing your global settings to create a system that best meets the security needs of your organization.
For more information on purchasing GitHub Secret Protection or GitHub Code Security, see À propos de GitHub Advanced Security and Achat d'Advanced Security pour votre organisation ou entreprise.
About security configurations
Security configurations sont des regroupements de paramètres d’activation pour les fonctionnalités de sécurité de GitHub, que vous pouvez appliquer à n’importe quel référentiel au sein d’une organisation ou entreprise.
After you apply a configuration
When you apply a security configuration to repositories, each repository enters a managed relationship with that configuration. That relationship can change over time. For example, if a repository admin overrides a security setting on an unenforced configuration, if an organization or enterprise admin detaches the configuration, if enforcement is enabled, or if the initial attachment fails. Each change is reflected in the repository's configuration status.
For the full list of configuration statuses and recommended actions, see Security configuration statuses.
About global settings
While security configurations determine repository-level security settings, global settings determine your organization-level security settings, which are then inherited by all repositories. With global settings, you can customize how security features analyze your organization.
About enabling secure access to private registries
If your organization uses private registries, providing code scanning and Dependabot secure access to these registries will improve code analysis and allow Dependabot to update a wider range of dependencies. For information, see Accès des fonctionnalités de sécurité aux registres privés.
About integrating production context
If your organization uses Microsoft Defender for Cloud, JFrog Artifactory, or CI/CD to promote artifacts to production, you can integrate this data into GitHub. This production context helps you prioritize code scanning and Dependabot alerts. For more information, see Hiérarchisation des alertes Dependabot et d'analyse de code à l'aide du contexte de production.
Next steps
To get started with creating a security configuration for your organization, see Creating a custom security configuration.