About securing your organization
GitHub has many features that help you improve and maintain the quality of your code. Some features are included in all GitHub plans. Additional features are available to organizations on GitHub Team and GitHub Enterprise Cloud that purchase a GitHub Advanced Security product:
- GitHub Secret Protection: secret scanning やプッシュ保護など、シークレットの漏洩の検出と防止に役立つ機能が含まれます。
- GitHub Code Security: code scanning、プレミアム Dependabot 機能、依存関係レビューなど、脆弱性の検出と修正に役立つ機能が含まれます。
You can easily enable and manage GitHub's security features throughout your organization with security configurations, which control repository-level security features, and global settings, which control security features at the organization level. We recommend applying security configurations and customizing your global settings to create a system that best meets the security needs of your organization.
For more information on purchasing GitHub Secret Protection or GitHub Code Security, see GitHub Advanced Security について and Organization または Enterprise 向け Advanced Security の購入 in the GitHub Enterprise Cloud documentation.
About security configurations
Security configurations は GitHub のセキュリティ機能に関する有効化設定のコレクションであり、組織内の任意のリポジトリに適用できます。
After you apply a configuration
When you apply a security configuration to repositories, each repository enters a managed relationship with that configuration. That relationship can change over time. For example, if a repository admin overrides a security setting on an unenforced configuration, if an organization or enterprise admin detaches the configuration, if enforcement is enabled, or if the initial attachment fails. Each change is reflected in the repository's configuration status.
For the full list of configuration statuses and recommended actions, see Security configuration statuses.
About global settings
While security configurations determine repository-level security settings, global settings determine your organization-level security settings, which are then inherited by all repositories. With global settings, you can customize how security features analyze your organization.
About enabling secure access to private registries
If your organization uses private registries, providing code scanning and Dependabot secure access to these registries will improve code analysis and allow Dependabot to update a wider range of dependencies. For information, see セキュリティ機能にプライベート レジストリへのアクセスを許可する.
About integrating production context
If your organization uses Microsoft Defender for Cloud, JFrog Artifactory, or CI/CD to promote artifacts to production, you can integrate this data into GitHub. This production context helps you prioritize code scanning and Dependabot alerts. For more information, see 運用コンテキストを使用した Dependabot とコード スキャンアラートの優先順位付け.
Next steps
To get started with creating a security configuration for your organization, see Creating a custom security configuration.