About securing your organization
GitHub has many features that help you improve and maintain the quality of your code. Some features are included in all GitHub plans. Additional features are available to organizations on GitHub Team and GitHub Enterprise Cloud that purchase a GitHub Advanced Security product:
- GitHub Secret Protection,包括可帮助你检测和防止机密泄露的功能,例如 secret scanning 和推送保护。
- GitHub Code Security,包括有助于查找和修复漏洞的功能,例如 code scanning、高级 Dependabot 功能和依赖项评审。
或者,你可以拥有 GitHub Advanced Security 许可证,其中包括 GitHub Secret Protection 和 GitHub Code Security 中的所有功能。
You can easily enable and manage GitHub's security features throughout your organization with security configurations, which control repository-level security features, and global settings, which control security features at the organization level. We recommend applying security configurations and customizing your global settings to create a system that best meets the security needs of your organization.
For more information on purchasing GitHub Secret Protection or GitHub Code Security, see 关于GitHub高级安全性 and 为组织或企业购买高级安全性.
About security configurations
Security configurations 是 GitHub安全功能的启用设置集合,可应用于组织中的任何存储库 或 enterprise。
After you apply a configuration
When you apply a security configuration to repositories, each repository enters a managed relationship with that configuration. That relationship can change over time. For example, if a repository admin overrides a security setting on an unenforced configuration, if an organization or enterprise admin detaches the configuration, if enforcement is enabled, or if the initial attachment fails. Each change is reflected in the repository's configuration status.
For the full list of configuration statuses and recommended actions, see Security configuration statuses.
About global settings
While security configurations determine repository-level security settings, global settings determine your organization-level security settings, which are then inherited by all repositories. With global settings, you can customize how security features analyze your organization.
About enabling secure access to private registries
If your organization uses private registries, providing code scanning and Dependabot secure access to these registries will improve code analysis and allow Dependabot to update a wider range of dependencies. For information, see 授予安全功能访问专用注册表的权限.
About integrating production context
If your organization uses Microsoft Defender for Cloud, JFrog Artifactory, or CI/CD to promote artifacts to production, you can integrate this data into GitHub. This production context helps you prioritize code scanning and Dependabot alerts. For more information, see 使用生产上下文确定 Dependabot 和代码扫描警报的优先级.
Next steps
To get started with creating a security configuration for your organization, see Creating a custom security configuration.