Note
Security configurations and global settings are in beta and subject to change.
About the GitHub-recommended security configuration
The GitHub-recommended security configuration is a collection of enablement settings for GitHub's security features that is created and maintained by subject matter experts at GitHub. The GitHub-recommended security configuration is designed to successfully reduce the security risks for low- and high-impact repositories. We recommend you apply this configuration to all the repositories in your organization.
Applying the GitHub-recommended security configuration to all repositories in your organization
-
In the upper-right corner of GitHub, select your profile photo, then click Your organizations.
-
Under your organization name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.
-
In the "Security" section of the sidebar, select the Code security dropdown menu, then click Configurations.
-
In the "GitHub recommended" row of the configurations table for your organization, select the Apply to dropdown menu, then click All repositories or All repositories without configurations.
-
Optionally, in the confirmation dialog, you can choose to automatically apply the security configuration to newly created repositories depending on their visibility. Select the None dropdown menu, then click Public, or Private and internal, or both.
Note: The default security configuration for an organization is only automatically applied to new repositories created in your organization. If a repository is transferred into your organization, you will still need to apply an appropriate security configuration to the repository manually.
-
To apply the security configuration, click Apply.
Applying the GitHub-recommended security configuration to specific repositories in your organization
-
In the upper-right corner of GitHub, select your profile photo, then click Your organizations.
-
Under your organization name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.
-
In the "Security" section of the sidebar, select the Code security dropdown menu, then click Configurations.
-
Optionally, in the "Apply configurations" section, filter the view to find the repositories you would like to apply the GitHub-recommended security configuration to. To learn how to filter the repository table, see "Filtering repositories in your organization using the repository table."
-
In the repository table, select repositories with one of three methods:
- Select each individual repository you would like to apply the security configuration to.
- To select all repositories on the current page of the repository table, select NUMBER repositories.
- After selecting NUMBER repositories, to select all repositories in your organization that match your filter criteria, click Select all.
-
Select the Apply configuration dropdown menu, then click GitHub recommended.
-
Optionally, in the confirmation dialog, you can choose to automatically apply the security configuration to newly created repositories depending on their visibility. Select the None dropdown menu, then click Public, or Private and internal, or both.
Note: The default security configuration for an organization is only automatically applied to new repositories created in your organization. If a repository is transferred into your organization, you will still need to apply an appropriate security configuration to the repository manually.
-
To apply the security configuration, click Apply.
Next steps
After you apply the GitHub-recommended security configuration, you can customize your organization-level security settings with global settings. See "Configuring global security settings for your organization."
You may encounter an error when you attempt to apply a security configuration. For information on common errors, see "Troubleshooting security configurations."