Managing security and analysis settings for your organization

You can control features that secure and analyze the code in your organization's projects on GitHub.

Organization owners can manage security and analysis settings for repositories in the organization.

About management of security and analysis settings

GitHub can help secure the repositories in your organization. You can manage the security and analysis features for all existing or new repositories that members create in your organization. Organizations that use GitHub Enterprise Cloud with a license for GitHub Advanced Security can also manage access to these features. For more information, see the GitHub Enterprise Cloud documentation.

Note: You can't disable some security and analysis features that are enabled by default for public repositories.

If you enable security and analysis features, GitHub performs read-only analysis on your repository. For more information, see "About GitHub's use of your data."

Displaying the security and analysis settings

  1. In the top right corner of GitHub.com, click your profile photo, then click Your organizations. Your organizations in the profile menu
  2. Next to the organization, click Settings. The settings button
  3. In the left sidebar, click Security & analysis. "Security & analysis" tab in organization settings

The page that's displayed allows you to enable or disable all security and analysis features for the repositories in your organization.

Enabling or disabling a feature for all existing repositories

You can enable or disable features for all repositories. The impact of your changes on repositories in your organization is determined by their visibility:

  • Dependency graph - Your changes affect only private repositories because the feature is always enabled for public repositories.
  • Dependabot alerts - Your changes affect all repositories.
  • Dependabot security updates - Your changes affect all repositories.
  1. Go to the security and analysis settings for your organization. For more information, see "Displaying the security and analysis settings."

  2. Under "Configure security and analysis features", to the right of the feature, click Disable all or Enable all.

    "Enable all" or "Disable all" button for "Configure security and analysis" features

  3. Optionally, enable the feature by default for new repositories in your organization.

    "Enable by default" option for new repositories

  4. Click Disable FEATURE or Enable FEATURE to disable or enable the feature for all the repositories in your organization.

    Button to disable or enable feature

When you enable one or more security and analysis features for existing repositories, you will see any results displayed on GitHub within minutes:

  • All the existing repositories will have the selected configuration.
  • New repositories will follow the selected configuration if you've enabled the checkbox for new repositories.
  • We use the permissions to scan for manifest files to apply the relevant services.
  • If enabled, you'll see dependency information in the dependency graph.
  • If enabled, GitHub will generate Dependabot alerts for vulnerable dependencies.
  • If enabled, Dependabot security updates will create pull requests to upgrade vulnerable dependencies when Dependabot alerts are triggered.

Enabling or disabling a feature automatically when new repositories are added

  1. Go to the security and analysis settings for your organization. For more information, see "Displaying the security and analysis settings."

  2. Under "Configure security and analysis features", to the right of the feature, enable or disable the feature by default for new repositories, or all new private repositories, in your organization.

    Checkbox for enabling or disabling a feature for new repositories

Further reading

Did this doc help you?

Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.