Note: Security configurations and global settings are in beta and subject to change. To provide feedback on these features, see the feedback discussion.
To learn how to opt out of security configurations and global settings, see "Exploring early access releases with feature preview."
About securing your organization
GitHub offers many code security products and features including GitHub Advanced Security, a suite of features designed to protect your organization from vulnerabilities in your code, insecure dependencies, leaked secrets, and more. For more information on GitHub Advanced Security, see "About GitHub Advanced Security."
You can easily enable and manage GitHub's security features throughout your organization with security configurations, which control repository-level security features, and global settings, which control security features at the organization level. We recommend applying security configurations and customizing your global settings to create a system that best meets the security needs of your organization.
About security configurations
Security configurations are collections of enablement settings for GitHub's security features that you can apply to any repository within your organization. There are two types of security configuration:
- The GitHub-recommended security configuration. This configuration is a collection of enablement settings created and managed by subject matter experts at GitHub. The GitHub-recommended security configuration is designed to adequately secure any repository, and can easily be applied to all repositories in your organization.
- Custom security configurations. These are configurations you can create and edit yourself, allowing you to choose different enablement settings for groups of repositories with specific security needs.
Each repository can only have one security configuration applied to it. To find out how you should get started with security configurations, see "Choosing a security configuration for your repositories."
About global settings
While security configurations determine repository-level security settings, global settings determine your organization-level security settings, which are then inherited by all repositories. With global settings, you can customize how security features analyze your organization, as well as create security managers with permission to manage security alerts and settings across your organization.
Next steps
To determine which security configurations are right for the repositories in your organization, see "Choosing a security configuration for your repositories."