This version of GitHub Enterprise Server will be discontinued on 2026-06-02. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

About enabling security features at scale

You can quickly secure your organization at scale with security configurations and global settings.

In this article

About securing your organization

GitHub offers many security features including GitHub Advanced Security, a suite of features designed to protect your organization from vulnerabilities in your code, insecure dependencies, leaked secrets, and more.

You can easily enable and manage GitHub's security features throughout your organization with security configurations, which control repository-level security features, and global settings, which control security features at the organization level. We recommend applying security configurations and customizing your global settings to create a system that best meets the security needs of your organization.

For more information on purchasing GitHub Advanced Security, see About GitHub Advanced Security and Buying Advanced Security for your organization or enterprise in the GitHub Enterprise Cloud documentation.

About security configurations

Security configurations are collections of enablement settings for GitHub's security features that you can apply to any repository within an organization or enterprise.

When you create a security configuration, you can choose different enablement settings to meet the specific security needs of a group of repositories.

To learn how to create custom security configurations, see Creating a custom security configuration.

After you apply a configuration

When you apply a security configuration to repositories, each repository enters a managed relationship with that configuration. That relationship can change over time. For example, if a repository admin overrides a security setting on an unenforced configuration, if an organization or enterprise admin detaches the configuration, if enforcement is enabled, or if the initial attachment fails. Each change is reflected in the repository's configuration status.

For the full list of configuration statuses and recommended actions, see Security configuration statuses.

About global settings

While security configurations determine repository-level security settings, global settings determine your organization-level security settings, which are then inherited by all repositories. With global settings, you can customize how security features analyze your organization.

Next steps

To get started with creating a security configuration for your organization, see Creating a custom security configuration.