Choosing a security configuration for your repositories

Find out which type of security configuration will meet the security needs of the repositories in your organization.

Who can use this feature?

Organization owners, security managers, and organization members with the admin role

In this article

About choosing a security configuration

Security configurations are collections of enablement settings for GitHub's security features that you can apply to any repository within your organization. GitHub offers two types of security configurations:

  • The GitHub-recommended security configuration
  • Custom security configurations

We recommend that organizations initially apply the GitHub-recommended security configuration. After you have applied the GitHub-recommended security configuration to repositories in your organization, you can evaluate the security findings for each repository and determine if you instead want to create and apply a custom security configuration.

Currently, only one security configuration can be applied to a repository at a time.

The GitHub-recommended security configuration offers a number of benefits:

  • It is created and managed by GitHub's subject matter experts.
  • It is the quickest security configuration to apply to all repositories in your organization.
  • It is designed to effectively secure both low- and high-impact repositories.

The GitHub-recommended security configuration includes GitHub Code Security and GitHub Secret Protection features. Applying the configuration to private and internal repositories in your organization will incur usage costs or require licenses.

To start securing repositories in your organization with the GitHub-recommended security configuration, see Applying the GitHub-recommended security configuration in your organization.

Choosing a custom security configuration

If you are familiar with GitHub's security products, and you have specific security needs that the GitHub-recommended security configuration can't meet, you can create and apply custom security configurations. With custom security configurations, you can:

  • Edit the enablement settings for different security features
  • Create several configurations for repositories with different security needs
  • Control your usage and costs by including or excluding GitHub Code Security or GitHub Secret Protection features for a particular configuration

To start securing repositories in your organization with custom security configurations, see Creating a custom security configuration.