Note: Security configurations and global settings are in beta and subject to change. To provide feedback on these features, see the feedback discussion.
To learn how to opt out of security configurations and global settings, see "Exploring early access releases with feature preview."
About choosing a security configuration
Security configurations are collections of enablement settings for GitHub's security features that you can apply to any repository within your organization. GitHub offers two types of security configurations:
- The GitHub-recommended security configuration
- Custom security configurations
We recommend that organizations initially apply the GitHub-recommended security configuration. After you have applied the GitHub-recommended security configuration to repositories in your organization, you can evaluate the security findings for each repository and determine if you instead want to create and apply a custom security configuration.
Choosing the GitHub-recommended security configuration
The GitHub-recommended security configuration offers a number of benefits:
- It is created and managed by GitHub's subject matter experts.
- It is the quickest security configuration to apply to all repositories in your organization.
- It is designed to effectively secure both low- and high-impact repositories.
To start securing repositories in your organization with the GitHub-recommended security configuration, see "Applying the GitHub-recommended security configuration in your organization."
Choosing a custom security configuration
If you are familiar with GitHub's security products, and you have specific security needs that the GitHub-recommended security configuration can't meet, you can create and apply custom security configurations. With custom security configurations, you can:
- Edit the enablement settings for different security features
- Create several configurations for repositories with different security needs
- Manage your GitHub Advanced Security licensing by including or excluding GitHub Advanced Security features for a particular configuration
To start securing repositories in your organization with custom security configurations, see "Creating a custom security configuration."