About enabling GitHub Advanced Security
GitHub Advanced Security helps developers improve and maintain the security and quality of code. For more information, see "About GitHub Advanced Security."
When you enable GitHub Advanced Security for your enterprise, repository administrators in all organizations can enable the features. For more information, see "Managing security and analysis settings for your organization" and "Managing security and analysis settings for your repository."
Prerequisites for enabling GitHub Advanced Security
-
Upgrade your license for GitHub Enterprise Server to include GitHub Advanced Security.
-
Upload the new license to your GitHub Enterprise Server instance. For more information, see "Managing your GitHub Enterprise license."
-
Review the prerequisites for the features you plan to enable.
- Code scanning, see "Configuring code scanning for your appliance."
- Secret scanning, see "Configuring secret scanning for your appliance."
Checking whether your license includes GitHub Advanced Security
- From an administrative account on GitHub Enterprise Server, click in the upper-right corner of any page.
- In the left sidebar, click Management Console.
- If your license includes GitHub Advanced Security, there is an Advanced Security entry in the left sidebar.
If you can't see Advanced Security in the sidebar, it means that your license doesn't include support for Advanced Security features, including code scanning and secret scanning. The Advanced Security license gives you and your users access to features that help you make your repositories and code more secure. For more information, see "About GitHub Advanced Security" or contact GitHub's Sales team.
Enabling and disabling GitHub Advanced Security features
Warning: Changing this setting will cause user-facing services on GitHub Enterprise Server to restart. You should time this change carefully, to minimize downtime for users.
- From an administrative account on GitHub Enterprise Server, click in the upper-right corner of any page.
- In the left sidebar, click Management Console.
- In the left sidebar, click Advanced Security.
- Under "Advanced Security," select the features that you want to enable and deselect any features you want to disable.
- Under the left sidebar, click Save settings.
- Wait for the configuration run to complete.
When GitHub Enterprise Server has finished restarting, you're ready to set up any additional resources required for newly enabled features. For more information, see "Configuring code scanning for your appliance."
Enabling or disabling GitHub Advanced Security via the administrative shell (SSH)
You can enable or disable features programmatically on your GitHub Enterprise Server instance. For more information about the administrative shell and command-line utilities for GitHub Enterprise Server, see "Accessing the administrative shell (SSH)" and "Command-line utilities."
For example, you can enable code scanning with your infrastructure-as-code tooling when you deploy an instance for staging or disaster recovery.
- SSH into your GitHub Enterprise Server instance.
- Enable code scanning.
ghe-config app.minio.enabled true ghe-config app.code-scanning.enabled true - Optionally, disable code scanning.
ghe-config app.minio.enabled false ghe-config app.code-scanning.enabled false - Apply the configuration.
ghe-config-apply
To enable and disable secret scanning in the same way, set: ghe-config app.secret-scanning.enabled true or false and apply the configuration.