Movatterモバイル変換

[0]ホーム
URL:

Skip to main content
GitHub Docs
The REST API is now versioned.For more information, see "About API versioning."

Configurations

Use the REST API to create and manage security configurations for your organization.

Get code security configurations for an enterprise

Lists all code security configurations available in an enterprise.

The authenticated user must be an administrator of the enterprise in order to use this endpoint.

OAuth app tokens and personal access tokens (classic) need theread:enterprise scope to use this endpoint.

Fine-grained access tokens for "Get code security configurations for an enterprise"

This endpoint does not work with GitHub App user access tokens, GitHub App installation access tokens, or fine-grained personal access tokens.

Parameters for "Get code security configurations for an enterprise"

Headers
Name, Type, Description
acceptstring

Setting toapplication/vnd.github+json is recommended.

Path parameters
Name, Type, Description
enterprisestringRequired

The slug version of the enterprise name.

Query parameters
Name, Type, Description
per_pageinteger

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

Default:30

beforestring

A cursor, as given in theLink header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API."

afterstring

A cursor, as given in theLink header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API."

HTTP response status codes for "Get code security configurations for an enterprise"

Status codeDescription
200

OK

403

Forbidden

404

Resource not found

Code samples for "Get code security configurations for an enterprise"

Request example

get/enterprises/{enterprise}/code-security/configurations
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/code-security/configurations

Response

Status: 200
[ { "id": 17, "target_type": "global", "name": "GitHub recommended", "description": "Suggested settings for Dependabot, secret scanning, and code scanning.", "advanced_security": "enabled", "dependency_graph": "enabled", "dependency_graph_autosubmit_action": "not_set", "dependency_graph_autosubmit_action_options": { "labeled_runners": false }, "dependabot_alerts": "enabled", "dependabot_security_updates": "not_set", "code_scanning_default_setup": "enabled", "code_scanning_default_setup_options": { "runner_type": "not_set", "runner_label": null }, "secret_scanning": "enabled", "secret_scanning_push_protection": "enabled", "secret_scanning_validity_checks": "enabled", "secret_scanning_non_provider_patterns": "enabled", "private_vulnerability_reporting": "enabled", "enforcement": "enforced", "url": "https://api.github.com/enterprises/octo-enterprise/code-security/configurations/17", "html_url": "https://github.com/organizations/octo-enterprise/settings/security_analysis/configurations/17/view", "created_at": "2023-12-04T15:58:07Z", "updated_at": "2023-12-04T15:58:07Z" }, { "id": 1326, "target_type": "enterprise", "name": "High risk settings", "description": "This is a code security configuration for octo-enterprise high risk repositories", "advanced_security": "enabled", "dependency_graph": "enabled", "dependency_graph_autosubmit_action": "enabled", "dependency_graph_autosubmit_action_options": { "labeled_runners": false }, "dependabot_alerts": "enabled", "dependabot_security_updates": "enabled", "code_scanning_default_setup": "enabled", "code_scanning_default_setup_options": { "runner_type": "not_set", "runner_label": null }, "secret_scanning": "enabled", "secret_scanning_push_protection": "enabled", "secret_scanning_validity_checks": "disabled", "secret_scanning_non_provider_patterns": "disabled", "private_vulnerability_reporting": "enabled", "enforcement": "enforced", "url": "https://api.github.com/enterprises/octo-enterprise/code-security/configurations/1326", "html_url": "https://github.com/enterprises/octo-enterprise/settings/security_analysis/configurations/1326/edit", "created_at": "2024-05-10T00:00:00Z", "updated_at": "2024-05-10T00:00:00Z" }]

Create a code security configuration for an enterprise

Creates a code security configuration in an enterprise.

The authenticated user must be an administrator of the enterprise in order to use this endpoint.

OAuth app tokens and personal access tokens (classic) need theadmin:enterprise scope to use this endpoint.

Fine-grained access tokens for "Create a code security configuration for an enterprise"

This endpoint does not work with GitHub App user access tokens, GitHub App installation access tokens, or fine-grained personal access tokens.

Parameters for "Create a code security configuration for an enterprise"

Headers
Name, Type, Description
acceptstring

Setting toapplication/vnd.github+json is recommended.

Path parameters
Name, Type, Description
enterprisestringRequired

The slug version of the enterprise name.

Body parameters
Name, Type, Description
namestringRequired

The name of the code security configuration. Must be unique within the enterprise.

descriptionstringRequired

A description of the code security configuration

advanced_securitystring

The enablement status of GitHub Advanced Security features.enabled will enable both Code Security and Secret Protection features.

Warning

code_security andsecret_protection are deprecated values for this field. Prefer the individualcode_security andsecret_protection fields to set the status of these features.

Default:disabled

Can be one of:enabled,disabled,code_security,secret_protection

code_securitystring

The enablement status of GitHub Code Security features.

Can be one of:enabled,disabled,not_set

dependency_graphstring

The enablement status of Dependency Graph

Default:enabled

Can be one of:enabled,disabled,not_set

dependency_graph_autosubmit_actionstring

The enablement status of Automatic dependency submission

Default:disabled

Can be one of:enabled,disabled,not_set

dependency_graph_autosubmit_action_optionsobject

Feature options for Automatic dependency submission

Name, Type, Description
labeled_runnersboolean

Whether to use runners labeled with 'dependency-submission' or standard GitHub runners.

Default:false

dependabot_alertsstring

The enablement status of Dependabot alerts

Default:disabled

Can be one of:enabled,disabled,not_set

dependabot_security_updatesstring

The enablement status of Dependabot security updates

Default:disabled

Can be one of:enabled,disabled,not_set

code_scanning_optionsobject or null

Security Configuration feature options for code scanning

Name, Type, Description
allow_advancedboolean or null

Whether to allow repos which use advanced setup

code_scanning_default_setupstring

The enablement status of code scanning default setup

Default:disabled

Can be one of:enabled,disabled,not_set

code_scanning_default_setup_optionsobject or null

Feature options for code scanning default setup

Name, Type, Description
runner_typestring

Whether to use labeled runners or standard GitHub runners.

Can be one of:standard,labeled,not_set

runner_labelstring or null

The label of the runner to use for code scanning default setup when runner_type is 'labeled'.

code_scanning_delegated_alert_dismissalstring

The enablement status of code scanning delegated alert dismissal

Default:disabled

Can be one of:enabled,disabled,not_set

secret_protectionstring

The enablement status of GitHub Secret Protection features.

Can be one of:enabled,disabled,not_set

secret_scanningstring

The enablement status of secret scanning

Default:disabled

Can be one of:enabled,disabled,not_set

secret_scanning_push_protectionstring

The enablement status of secret scanning push protection

Default:disabled

Can be one of:enabled,disabled,not_set

secret_scanning_validity_checksstring

The enablement status of secret scanning validity checks

Default:disabled

Can be one of:enabled,disabled,not_set

secret_scanning_non_provider_patternsstring

The enablement status of secret scanning non provider patterns

Default:disabled

Can be one of:enabled,disabled,not_set

secret_scanning_generic_secretsstring

The enablement status of Copilot secret scanning

Default:disabled

Can be one of:enabled,disabled,not_set

secret_scanning_delegated_alert_dismissalstring

The enablement status of secret scanning delegated alert dismissal

Default:disabled

Can be one of:enabled,disabled,not_set

private_vulnerability_reportingstring

The enablement status of private vulnerability reporting

Default:disabled

Can be one of:enabled,disabled,not_set

enforcementstring

The enforcement status for a security configuration

Default:enforced

Can be one of:enforced,unenforced

HTTP response status codes for "Create a code security configuration for an enterprise"

Status codeDescription
201

Successfully created code security configuration

400

Bad Request

403

Forbidden

404

Resource not found

Code samples for "Create a code security configuration for an enterprise"

Request example

post/enterprises/{enterprise}/code-security/configurations
curl -L \ -X POST \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/code-security/configurations \ -d '{"name":"High rish settings","description":"This is a code security configuration for octo-enterprise","advanced_security":"enabled","dependabot_alerts":"enabled","dependabot_security_updates":"not_set","secret_scanning":"enabled"}'

Successfully created code security configuration

Status: 201
{ "id": 1325, "target_type": "enterprise", "name": "High risk settings", "description": "This is a code security configuration for octo-enterprise", "advanced_security": "enabled", "dependency_graph": "enabled", "dependency_graph_autosubmit_action": "enabled", "dependency_graph_autosubmit_action_options": { "labeled_runners": false }, "dependabot_alerts": "enabled", "dependabot_security_updates": "not_set", "code_scanning_default_setup": "disabled", "code_scanning_delegated_alert_dismissal": "disabled", "secret_scanning": "enabled", "secret_scanning_push_protection": "disabled", "secret_scanning_delegated_bypass": "disabled", "secret_scanning_validity_checks": "disabled", "secret_scanning_non_provider_patterns": "disabled", "secret_scanning_generic_secrets": "disabled", "secret_scanning_delegated_alert_dismissal": "disabled", "private_vulnerability_reporting": "disabled", "enforcement": "enforced", "url": "https://api.github.com/enterprises/octo-enterprise/code-security/configurations/1325", "html_url": "https://github.com/enterprises/octo-enterprise/settings/security_analysis/configurations/1325/edit", "created_at": "2024-05-01T00:00:00Z", "updated_at": "2024-05-01T00:00:00Z"}

Get default code security configurations for an enterprise

Lists the default code security configurations for an enterprise.

The authenticated user must be an administrator of the enterprise in order to use this endpoint.

OAuth app tokens and personal access tokens (classic) need theread:enterprise scope to use this endpoint.

Fine-grained access tokens for "Get default code security configurations for an enterprise"

This endpoint does not work with GitHub App user access tokens, GitHub App installation access tokens, or fine-grained personal access tokens.

Parameters for "Get default code security configurations for an enterprise"

Headers
Name, Type, Description
acceptstring

Setting toapplication/vnd.github+json is recommended.

Path parameters
Name, Type, Description
enterprisestringRequired

The slug version of the enterprise name.

HTTP response status codes for "Get default code security configurations for an enterprise"

Status codeDescription
200

OK

Code samples for "Get default code security configurations for an enterprise"

Request example

get/enterprises/{enterprise}/code-security/configurations/defaults
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/code-security/configurations/defaults

Response

Status: 200
[ { "default_for_new_repos": "public", "configuration": { "id": 1325, "target_type": "organization", "name": "octo-org recommended settings", "description": "This is a code security configuration for octo-org", "advanced_security": "enabled", "dependency_graph": "enabled", "dependency_graph_autosubmit_action": "not_set", "dependency_graph_autosubmit_action_options": { "labeled_runners": false }, "dependabot_alerts": "enabled", "dependabot_security_updates": "not_set", "code_scanning_default_setup": "enabled", "code_scanning_default_setup_options": { "runner_type": "not_set", "runner_label": null }, "code_scanning_options": { "allow_advanced": false }, "secret_scanning": "enabled", "secret_scanning_push_protection": "enabled", "secret_scanning_delegated_bypass": "enabled", "secret_scanning_delegated_bypass_options": { "reviewers": [ { "security_configuration_id": 1325, "reviewer_id": 5678, "reviewer_type": "TEAM" } ] }, "secret_scanning_validity_checks": "enabled", "secret_scanning_non_provider_patterns": "enabled", "private_vulnerability_reporting": "enabled", "enforcement": "enforced", "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1325", "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/edit/1325", "created_at": "2024-05-01T00:00:00Z", "updated_at": "2024-05-01T00:00:00Z" } }, { "default_for_new_repos": "private_and_internal", "configuration": { "id": 17, "target_type": "global", "name": "GitHub recommended", "description": "Suggested settings for Dependabot, secret scanning, and code scanning.", "advanced_security": "enabled", "dependency_graph": "enabled", "dependency_graph_autosubmit_action": "not_set", "dependency_graph_autosubmit_action_options": { "labeled_runners": false }, "dependabot_alerts": "enabled", "dependabot_security_updates": "not_set", "code_scanning_default_setup": "enabled", "code_scanning_default_setup_options": { "runner_type": "not_set", "runner_label": null }, "code_scanning_options": { "allow_advanced": false }, "secret_scanning": "enabled", "secret_scanning_push_protection": "enabled", "secret_scanning_delegated_bypass": "disabled", "secret_scanning_validity_checks": "disabled", "private_vulnerability_reporting": "enabled", "enforcement": "enforced", "url": "https://api.github.com/orgs/octo-org/code-security/configurations/17", "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/view", "created_at": "2023-12-04T15:58:07Z", "updated_at": "2023-12-04T15:58:07Z" } }]

Retrieve a code security configuration of an enterprise

Gets a code security configuration available in an enterprise.

The authenticated user must be an administrator of the enterprise in order to use this endpoint.

OAuth app tokens and personal access tokens (classic) need theread:enterprise scope to use this endpoint.

Fine-grained access tokens for "Retrieve a code security configuration of an enterprise"

This endpoint does not work with GitHub App user access tokens, GitHub App installation access tokens, or fine-grained personal access tokens.

Parameters for "Retrieve a code security configuration of an enterprise"

Headers
Name, Type, Description
acceptstring

Setting toapplication/vnd.github+json is recommended.

Path parameters
Name, Type, Description
enterprisestringRequired

The slug version of the enterprise name.

configuration_idintegerRequired

The unique identifier of the code security configuration.

HTTP response status codes for "Retrieve a code security configuration of an enterprise"

Status codeDescription
200

OK

304

Not modified

403

Forbidden

404

Resource not found

Code samples for "Retrieve a code security configuration of an enterprise"

Request example

get/enterprises/{enterprise}/code-security/configurations/{configuration_id}
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/code-security/configurations/CONFIGURATION_ID

Response

Status: 200
{ "id": 1325, "target_type": "enterprise", "name": "High risk settings", "description": "This is a code security configuration for octo-enterprise", "advanced_security": "enabled", "dependency_graph": "enabled", "dependency_graph_autosubmit_action": "enabled", "dependency_graph_autosubmit_action_options": { "labeled_runners": false }, "dependabot_alerts": "enabled", "dependabot_security_updates": "not_set", "code_scanning_default_setup": "disabled", "code_scanning_delegated_alert_dismissal": "disabled", "secret_scanning": "enabled", "secret_scanning_push_protection": "disabled", "secret_scanning_delegated_bypass": "disabled", "secret_scanning_validity_checks": "disabled", "secret_scanning_non_provider_patterns": "disabled", "secret_scanning_generic_secrets": "disabled", "secret_scanning_delegated_alert_dismissal": "disabled", "private_vulnerability_reporting": "disabled", "enforcement": "enforced", "url": "https://api.github.com/enterprises/octo-enterprise/code-security/configurations/1325", "html_url": "https://github.com/enterprises/octo-enterprise/settings/security_analysis/configurations/1325/edit", "created_at": "2024-05-01T00:00:00Z", "updated_at": "2024-05-01T00:00:00Z"}

Update a custom code security configuration for an enterprise

Updates a code security configuration in an enterprise.

The authenticated user must be an administrator of the enterprise in order to use this endpoint.

OAuth app tokens and personal access tokens (classic) need theadmin:enterprise scope to use this endpoint.

Fine-grained access tokens for "Update a custom code security configuration for an enterprise"

This endpoint does not work with GitHub App user access tokens, GitHub App installation access tokens, or fine-grained personal access tokens.

Parameters for "Update a custom code security configuration for an enterprise"

Headers
Name, Type, Description
acceptstring

Setting toapplication/vnd.github+json is recommended.

Path parameters
Name, Type, Description
enterprisestringRequired

The slug version of the enterprise name.

configuration_idintegerRequired

The unique identifier of the code security configuration.

Body parameters
Name, Type, Description
namestring

The name of the code security configuration. Must be unique across the enterprise.

descriptionstring

A description of the code security configuration

advanced_securitystring

The enablement status of GitHub Advanced Security features.enabled will enable both Code Security and Secret Protection features.

Warning

code_security andsecret_protection are deprecated values for this field. Prefer the individualcode_security andsecret_protection fields to set the status of these features.

Can be one of:enabled,disabled,code_security,secret_protection

code_securitystring

The enablement status of GitHub Code Security features.

Can be one of:enabled,disabled,not_set

dependency_graphstring

The enablement status of Dependency Graph

Can be one of:enabled,disabled,not_set

dependency_graph_autosubmit_actionstring

The enablement status of Automatic dependency submission

Can be one of:enabled,disabled,not_set

dependency_graph_autosubmit_action_optionsobject

Feature options for Automatic dependency submission

Name, Type, Description
labeled_runnersboolean

Whether to use runners labeled with 'dependency-submission' or standard GitHub runners.

dependabot_alertsstring

The enablement status of Dependabot alerts

Can be one of:enabled,disabled,not_set

dependabot_security_updatesstring

The enablement status of Dependabot security updates

Can be one of:enabled,disabled,not_set

code_scanning_default_setupstring

The enablement status of code scanning default setup

Can be one of:enabled,disabled,not_set

code_scanning_default_setup_optionsobject or null

Feature options for code scanning default setup

Name, Type, Description
runner_typestring

Whether to use labeled runners or standard GitHub runners.

Can be one of:standard,labeled,not_set

runner_labelstring or null

The label of the runner to use for code scanning default setup when runner_type is 'labeled'.

code_scanning_delegated_alert_dismissalstring

The enablement status of code scanning delegated alert dismissal

Default:disabled

Can be one of:enabled,disabled,not_set

secret_protectionstring

The enablement status of GitHub Secret Protection features.

Can be one of:enabled,disabled,not_set

secret_scanningstring

The enablement status of secret scanning

Can be one of:enabled,disabled,not_set

secret_scanning_push_protectionstring

The enablement status of secret scanning push protection

Can be one of:enabled,disabled,not_set

secret_scanning_validity_checksstring

The enablement status of secret scanning validity checks

Can be one of:enabled,disabled,not_set

secret_scanning_non_provider_patternsstring

The enablement status of secret scanning non-provider patterns

Can be one of:enabled,disabled,not_set

secret_scanning_generic_secretsstring

The enablement status of Copilot secret scanning

Default:disabled

Can be one of:enabled,disabled,not_set

secret_scanning_delegated_alert_dismissalstring

The enablement status of secret scanning delegated alert dismissal

Default:disabled

Can be one of:enabled,disabled,not_set

private_vulnerability_reportingstring

The enablement status of private vulnerability reporting

Can be one of:enabled,disabled,not_set

enforcementstring

The enforcement status for a security configuration

Can be one of:enforced,unenforced

HTTP response status codes for "Update a custom code security configuration for an enterprise"

Status codeDescription
200

OK

304

Not modified

403

Forbidden

404

Resource not found

409

Conflict

Code samples for "Update a custom code security configuration for an enterprise"

Request example

patch/enterprises/{enterprise}/code-security/configurations/{configuration_id}
curl -L \ -X PATCH \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/code-security/configurations/CONFIGURATION_ID \ -d '{"name":"octo-enterprise recommended settings v2","secret_scanning":"disabled","code_scanning_default_setup":"enabled"}'

Response

Status: 200
{ "id": 1325, "target_type": "enterprise", "name": "High risk settings", "description": "This is a code security configuration for octo-enterprise", "advanced_security": "enabled", "dependency_graph": "enabled", "dependency_graph_autosubmit_action": "enabled", "dependency_graph_autosubmit_action_options": { "labeled_runners": false }, "dependabot_alerts": "enabled", "dependabot_security_updates": "not_set", "code_scanning_default_setup": "disabled", "code_scanning_delegated_alert_dismissal": "disabled", "secret_scanning": "enabled", "secret_scanning_push_protection": "disabled", "secret_scanning_delegated_bypass": "disabled", "secret_scanning_validity_checks": "disabled", "secret_scanning_non_provider_patterns": "disabled", "secret_scanning_generic_secrets": "disabled", "secret_scanning_delegated_alert_dismissal": "disabled", "private_vulnerability_reporting": "disabled", "enforcement": "enforced", "url": "https://api.github.com/enterprises/octo-enterprise/code-security/configurations/1325", "html_url": "https://github.com/enterprises/octo-enterprise/settings/security_analysis/configurations/1325/edit", "created_at": "2024-05-01T00:00:00Z", "updated_at": "2024-05-01T00:00:00Z"}

Delete a code security configuration for an enterprise

Deletes a code security configuration from an enterprise.Repositories attached to the configuration will retain their settings but will no longer be associated withthe configuration.

The authenticated user must be an administrator for the enterprise to use this endpoint.

OAuth app tokens and personal access tokens (classic) need theadmin:enterprise scope to use this endpoint.

Fine-grained access tokens for "Delete a code security configuration for an enterprise"

This endpoint does not work with GitHub App user access tokens, GitHub App installation access tokens, or fine-grained personal access tokens.

Parameters for "Delete a code security configuration for an enterprise"

Headers
Name, Type, Description
acceptstring

Setting toapplication/vnd.github+json is recommended.

Path parameters
Name, Type, Description
enterprisestringRequired

The slug version of the enterprise name.

configuration_idintegerRequired

The unique identifier of the code security configuration.

HTTP response status codes for "Delete a code security configuration for an enterprise"

Status codeDescription
204

A header with no content is returned.

400

Bad Request

403

Forbidden

404

Resource not found

409

Conflict

Code samples for "Delete a code security configuration for an enterprise"

Request example

delete/enterprises/{enterprise}/code-security/configurations/{configuration_id}
curl -L \ -X DELETE \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/code-security/configurations/CONFIGURATION_ID

A header with no content is returned.

Status: 204

Attach an enterprise configuration to repositories

Attaches an enterprise code security configuration to repositories. If the repositories specified are already attached to a configuration, they will be re-attached to the provided configuration.

If insufficient GHAS licenses are available to attach the configuration to a repository, only free features will be enabled.

The authenticated user must be an administrator for the enterprise to use this endpoint.

OAuth app tokens and personal access tokens (classic) need theadmin:enterprise scope to use this endpoint.

Fine-grained access tokens for "Attach an enterprise configuration to repositories"

This endpoint does not work with GitHub App user access tokens, GitHub App installation access tokens, or fine-grained personal access tokens.

Parameters for "Attach an enterprise configuration to repositories"

Headers
Name, Type, Description
acceptstring

Setting toapplication/vnd.github+json is recommended.

Path parameters
Name, Type, Description
enterprisestringRequired

The slug version of the enterprise name.

configuration_idintegerRequired

The unique identifier of the code security configuration.

Body parameters
Name, Type, Description
scopestringRequired

The type of repositories to attach the configuration to.

Can be one of:all,all_without_configurations

HTTP response status codes for "Attach an enterprise configuration to repositories"

Status codeDescription
202

Accepted

403

Forbidden

404

Resource not found

409

Conflict

Code samples for "Attach an enterprise configuration to repositories"

Request example

post/enterprises/{enterprise}/code-security/configurations/{configuration_id}/attach
curl -L \ -X POST \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/code-security/configurations/CONFIGURATION_ID/attach \ -d '{"scope":"all"}'

Accepted

Status: 202

Set a code security configuration as a default for an enterprise

Sets a code security configuration as a default to be applied to new repositories in your enterprise.

This configuration will be applied by default to the matching repository type when created, but only for organizations within the enterprise that do not already have a default code security configuration set.

The authenticated user must be an administrator for the enterprise to use this endpoint.

OAuth app tokens and personal access tokens (classic) need theadmin:enterprise scope to use this endpoint.

Fine-grained access tokens for "Set a code security configuration as a default for an enterprise"

This endpoint does not work with GitHub App user access tokens, GitHub App installation access tokens, or fine-grained personal access tokens.

Parameters for "Set a code security configuration as a default for an enterprise"

Headers
Name, Type, Description
acceptstring

Setting toapplication/vnd.github+json is recommended.

Path parameters
Name, Type, Description
enterprisestringRequired

The slug version of the enterprise name.

configuration_idintegerRequired

The unique identifier of the code security configuration.

Body parameters
Name, Type, Description
default_for_new_reposstring

Specify which types of repository this security configuration should be applied to by default.

Can be one of:all,none,private_and_internal,public

HTTP response status codes for "Set a code security configuration as a default for an enterprise"

Status codeDescription
200

Default successfully changed.

403

Forbidden

404

Resource not found

Code samples for "Set a code security configuration as a default for an enterprise"

Request example

put/enterprises/{enterprise}/code-security/configurations/{configuration_id}/defaults
curl -L \ -X PUT \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/code-security/configurations/CONFIGURATION_ID/defaults \ -d '{"default_for_new_repos":"all"}'

Default successfully changed.

Status: 200
{ "default_for_new_repos": "all", "configuration": { "value": { "id": 1325, "target_type": "organization", "name": "octo-org recommended settings", "description": "This is a code security configuration for octo-org", "advanced_security": "enabled", "dependency_graph": "enabled", "dependency_graph_autosubmit_action": "enabled", "dependency_graph_autosubmit_action_options": { "labeled_runners": false }, "dependabot_alerts": "enabled", "dependabot_security_updates": "not_set", "code_scanning_default_setup": "disabled", "code_scanning_default_setup_options": { "runner_type": "not_set", "runner_label": null }, "code_scanning_options": { "allow_advanced": false }, "code_scanning_delegated_alert_dismissal": "disabled", "secret_scanning": "enabled", "secret_scanning_push_protection": "disabled", "secret_scanning_delegated_bypass": "disabled", "secret_scanning_validity_checks": "disabled", "secret_scanning_non_provider_patterns": "disabled", "secret_scanning_generic_secrets": "disabled", "secret_scanning_delegated_alert_dismissal": "disabled", "private_vulnerability_reporting": "disabled", "enforcement": "enforced", "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1325", "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/edit/1325", "created_at": "2024-05-01T00:00:00Z", "updated_at": "2024-05-01T00:00:00Z" } }}

Get repositories associated with an enterprise code security configuration

Lists the repositories associated with an enterprise code security configuration in an organization.

The authenticated user must be an administrator of the enterprise in order to use this endpoint.

OAuth app tokens and personal access tokens (classic) need theread:enterprise scope to use this endpoint.

Fine-grained access tokens for "Get repositories associated with an enterprise code security configuration"

This endpoint does not work with GitHub App user access tokens, GitHub App installation access tokens, or fine-grained personal access tokens.

Parameters for "Get repositories associated with an enterprise code security configuration"

Headers
Name, Type, Description
acceptstring

Setting toapplication/vnd.github+json is recommended.

Path parameters
Name, Type, Description
enterprisestringRequired

The slug version of the enterprise name.

configuration_idintegerRequired

The unique identifier of the code security configuration.

Query parameters
Name, Type, Description
per_pageinteger

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

Default:30

beforestring

A cursor, as given in theLink header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API."

afterstring

A cursor, as given in theLink header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API."

statusstring

A comma-separated list of statuses. If specified, only repositories with these attachment statuses will be returned.

Can be:all,attached,attaching,removed,enforced,failed,updating,removed_by_enterprise

Default:all

HTTP response status codes for "Get repositories associated with an enterprise code security configuration"

Status codeDescription
200

OK

403

Forbidden

404

Resource not found

Code samples for "Get repositories associated with an enterprise code security configuration"

Request example

get/enterprises/{enterprise}/code-security/configurations/{configuration_id}/repositories
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/enterprises/ENTERPRISE/code-security/configurations/CONFIGURATION_ID/repositories

Example of code security configuration repositories

Status: 200
[ { "status": "attached", "repository": { "value": { "id": 1296269, "node_id": "MDEwOlJlcG9zaXRvcnkxMjk2MjY5", "name": "Hello-World", "full_name": "octocat/Hello-World", "owner": { "login": "octocat", "id": 1, "node_id": "MDQ6VXNlcjE=", "avatar_url": "https://github.com/images/error/octocat_happy.gif", "gravatar_id": "", "url": "https://api.github.com/users/octocat", "html_url": "https://github.com/octocat", "followers_url": "https://api.github.com/users/octocat/followers", "following_url": "https://api.github.com/users/octocat/following{/other_user}", "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}", "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/octocat/subscriptions", "organizations_url": "https://api.github.com/users/octocat/orgs", "repos_url": "https://api.github.com/users/octocat/repos", "events_url": "https://api.github.com/users/octocat/events{/privacy}", "received_events_url": "https://api.github.com/users/octocat/received_events", "type": "User", "site_admin": false }, "private": false, "html_url": "https://github.com/octocat/Hello-World", "description": "This your first repo!", "fork": false, "url": "https://api.github.com/repos/octocat/Hello-World", "archive_url": "https://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}", "assignees_url": "https://api.github.com/repos/octocat/Hello-World/assignees{/user}", "blobs_url": "https://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}", "branches_url": "https://api.github.com/repos/octocat/Hello-World/branches{/branch}", "collaborators_url": "https://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}", "comments_url": "https://api.github.com/repos/octocat/Hello-World/comments{/number}", "commits_url": "https://api.github.com/repos/octocat/Hello-World/commits{/sha}", "compare_url": "https://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}", "contents_url": "https://api.github.com/repos/octocat/Hello-World/contents/{+path}", "contributors_url": "https://api.github.com/repos/octocat/Hello-World/contributors", "deployments_url": "https://api.github.com/repos/octocat/Hello-World/deployments", "downloads_url": "https://api.github.com/repos/octocat/Hello-World/downloads", "events_url": "https://api.github.com/repos/octocat/Hello-World/events", "forks_url": "https://api.github.com/repos/octocat/Hello-World/forks", "git_commits_url": "https://api.github.com/repos/octocat/Hello-World/git/commits{/sha}", "git_refs_url": "https://api.github.com/repos/octocat/Hello-World/git/refs{/sha}", "git_tags_url": "https://api.github.com/repos/octocat/Hello-World/git/tags{/sha}", "git_url": "git:github.com/octocat/Hello-World.git", "issue_comment_url": "https://api.github.com/repos/octocat/Hello-World/issues/comments{/number}", "issue_events_url": "https://api.github.com/repos/octocat/Hello-World/issues/events{/number}", "issues_url": "https://api.github.com/repos/octocat/Hello-World/issues{/number}", "keys_url": "https://api.github.com/repos/octocat/Hello-World/keys{/key_id}", "labels_url": "https://api.github.com/repos/octocat/Hello-World/labels{/name}", "languages_url": "https://api.github.com/repos/octocat/Hello-World/languages", "merges_url": "https://api.github.com/repos/octocat/Hello-World/merges", "milestones_url": "https://api.github.com/repos/octocat/Hello-World/milestones{/number}", "notifications_url": "https://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}", "pulls_url": "https://api.github.com/repos/octocat/Hello-World/pulls{/number}", "releases_url": "https://api.github.com/repos/octocat/Hello-World/releases{/id}", "ssh_url": "git@github.com:octocat/Hello-World.git", "stargazers_url": "https://api.github.com/repos/octocat/Hello-World/stargazers", "statuses_url": "https://api.github.com/repos/octocat/Hello-World/statuses/{sha}", "subscribers_url": "https://api.github.com/repos/octocat/Hello-World/subscribers", "subscription_url": "https://api.github.com/repos/octocat/Hello-World/subscription", "tags_url": "https://api.github.com/repos/octocat/Hello-World/tags", "teams_url": "https://api.github.com/repos/octocat/Hello-World/teams", "trees_url": "https://api.github.com/repos/octocat/Hello-World/git/trees{/sha}", "hooks_url": "http://api.github.com/repos/octocat/Hello-World/hooks" } } }]

Get code security configurations for an organization

Lists all code security configurations available in an organization.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need theread:org scope to use this endpoint.

Fine-grained access tokens for "Get code security configurations for an organization"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Administration" organization permissions (read)

Parameters for "Get code security configurations for an organization"

Headers
Name, Type, Description
acceptstring

Setting toapplication/vnd.github+json is recommended.

Path parameters
Name, Type, Description
orgstringRequired

The organization name. The name is not case sensitive.

Query parameters
Name, Type, Description
target_typestring

The target type of the code security configuration

Default:all

Can be one of:global,all

per_pageinteger

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

Default:30

beforestring

A cursor, as given in theLink header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API."

afterstring

A cursor, as given in theLink header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API."

HTTP response status codes for "Get code security configurations for an organization"

Status codeDescription
200

OK

403

Forbidden

404

Resource not found

Code samples for "Get code security configurations for an organization"

Request example

get/orgs/{org}/code-security/configurations
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/ORG/code-security/configurations

Response

Status: 200
[ { "id": 17, "target_type": "global", "name": "GitHub recommended", "description": "Suggested settings for Dependabot, secret scanning, and code scanning.", "advanced_security": "enabled", "dependency_graph": "enabled", "dependency_graph_autosubmit_action": "not_set", "dependency_graph_autosubmit_action_options": { "labeled_runners": false }, "dependabot_alerts": "enabled", "dependabot_security_updates": "not_set", "code_scanning_default_setup": "enabled", "code_scanning_delagated_alert_dismissal": "enabled", "secret_scanning": "enabled", "secret_scanning_push_protection": "enabled", "secret_scanning_delegated_bypass": "enabled", "secret_scanning_delegated_bypass_options": { "reviewers": [ { "security_configuration_id": 17, "reviewer_id": 5678, "reviewer_type": "TEAM" } ] }, "secret_scanning_validity_checks": "enabled", "secret_scanning_non_provider_patterns": "enabled", "secret_scanning_delegated_alert_dismissal": "not_set", "private_vulnerability_reporting": "enabled", "enforcement": "enforced", "url": "https://api.github.com/orgs/octo-org/code-security/configurations/17", "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/view", "created_at": "2023-12-04T15:58:07Z", "updated_at": "2023-12-04T15:58:07Z" }, { "id": 1326, "target_type": "organization", "name": "High risk settings", "description": "This is a code security configuration for octo-org high risk repositories", "advanced_security": "enabled", "dependency_graph": "enabled", "dependency_graph_autosubmit_action": "enabled", "dependency_graph_autosubmit_action_options": { "labeled_runners": false }, "dependabot_alerts": "enabled", "dependabot_security_updates": "enabled", "code_scanning_default_setup": "enabled", "code_scanning_delagated_alert_dismissal": "enabled", "secret_scanning": "enabled", "secret_scanning_push_protection": "enabled", "secret_scanning_delegated_bypass": "disabled", "secret_scanning_validity_checks": "disabled", "secret_scanning_non_provider_patterns": "disabled", "secret_scanning_delegated_alert_dismissal": "disabled", "private_vulnerability_reporting": "enabled", "enforcement": "enforced", "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1326", "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/edit/1326", "created_at": "2024-05-10T00:00:00Z", "updated_at": "2024-05-10T00:00:00Z" }]

Create a code security configuration

Creates a code security configuration in an organization.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need thewrite:org scope to use this endpoint.

Fine-grained access tokens for "Create a code security configuration"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Administration" organization permissions (write)

Parameters for "Create a code security configuration"

Headers
Name, Type, Description
acceptstring

Setting toapplication/vnd.github+json is recommended.

Path parameters
Name, Type, Description
orgstringRequired

The organization name. The name is not case sensitive.

Body parameters
Name, Type, Description
namestringRequired

The name of the code security configuration. Must be unique within the organization.

descriptionstringRequired

A description of the code security configuration

advanced_securitystring

The enablement status of GitHub Advanced Security features.enabled will enable both Code Security and Secret Protection features.

Warning

code_security andsecret_protection are deprecated values for this field. Prefer the individualcode_security andsecret_protection fields to set the status of these features.

Default:disabled

Can be one of:enabled,disabled,code_security,secret_protection

code_securitystring

The enablement status of GitHub Code Security features.

Can be one of:enabled,disabled,not_set

dependency_graphstring

The enablement status of Dependency Graph

Default:enabled

Can be one of:enabled,disabled,not_set

dependency_graph_autosubmit_actionstring

The enablement status of Automatic dependency submission

Default:disabled

Can be one of:enabled,disabled,not_set

dependency_graph_autosubmit_action_optionsobject

Feature options for Automatic dependency submission

Name, Type, Description
labeled_runnersboolean

Whether to use runners labeled with 'dependency-submission' or standard GitHub runners.

Default:false

dependabot_alertsstring

The enablement status of Dependabot alerts

Default:disabled

Can be one of:enabled,disabled,not_set

dependabot_security_updatesstring

The enablement status of Dependabot security updates

Default:disabled

Can be one of:enabled,disabled,not_set

code_scanning_optionsobject or null

Security Configuration feature options for code scanning

Name, Type, Description
allow_advancedboolean or null

Whether to allow repos which use advanced setup

code_scanning_default_setupstring

The enablement status of code scanning default setup

Default:disabled

Can be one of:enabled,disabled,not_set

code_scanning_default_setup_optionsobject or null

Feature options for code scanning default setup

Name, Type, Description
runner_typestring

Whether to use labeled runners or standard GitHub runners.

Can be one of:standard,labeled,not_set

runner_labelstring or null

The label of the runner to use for code scanning default setup when runner_type is 'labeled'.

code_scanning_delegated_alert_dismissalstring

The enablement status of code scanning delegated alert dismissal

Default:not_set

Can be one of:enabled,disabled,not_set

secret_protectionstring

The enablement status of GitHub Secret Protection features.

Can be one of:enabled,disabled,not_set

secret_scanningstring

The enablement status of secret scanning

Default:disabled

Can be one of:enabled,disabled,not_set

secret_scanning_push_protectionstring

The enablement status of secret scanning push protection

Default:disabled

Can be one of:enabled,disabled,not_set

secret_scanning_delegated_bypassstring

The enablement status of secret scanning delegated bypass

Default:disabled

Can be one of:enabled,disabled,not_set

secret_scanning_delegated_bypass_optionsobject

Feature options for secret scanning delegated bypass

Name, Type, Description
reviewersarray of objects

The bypass reviewers for secret scanning delegated bypass

Name, Type, Description
reviewer_idintegerRequired

The ID of the team or role selected as a bypass reviewer

reviewer_typestringRequired

The type of the bypass reviewer

Can be one of:TEAM,ROLE

secret_scanning_validity_checksstring

The enablement status of secret scanning validity checks

Default:disabled

Can be one of:enabled,disabled,not_set

secret_scanning_non_provider_patternsstring

The enablement status of secret scanning non provider patterns

Default:disabled

Can be one of:enabled,disabled,not_set

secret_scanning_generic_secretsstring

The enablement status of Copilot secret scanning

Default:disabled

Can be one of:enabled,disabled,not_set

secret_scanning_delegated_alert_dismissalstring

The enablement status of secret scanning delegated alert dismissal

Can be one of:enabled,disabled,not_set

private_vulnerability_reportingstring

The enablement status of private vulnerability reporting

Default:disabled

Can be one of:enabled,disabled,not_set

enforcementstring

The enforcement status for a security configuration

Default:enforced

Can be one of:enforced,unenforced

HTTP response status codes for "Create a code security configuration"

Status codeDescription
201

Successfully created code security configuration

Code samples for "Create a code security configuration"

Request example

post/orgs/{org}/code-security/configurations
curl -L \ -X POST \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/ORG/code-security/configurations \ -d '{"name":"octo-org recommended settings","description":"This is a code security configuration for octo-org","advanced_security":"enabled","dependabot_alerts":"enabled","dependabot_security_updates":"not_set","secret_scanning":"enabled"}'

Successfully created code security configuration

Status: 201
{ "id": 1325, "target_type": "organization", "name": "octo-org recommended settings", "description": "This is a code security configuration for octo-org", "advanced_security": "enabled", "dependency_graph": "enabled", "dependency_graph_autosubmit_action": "enabled", "dependency_graph_autosubmit_action_options": { "labeled_runners": false }, "dependabot_alerts": "enabled", "dependabot_security_updates": "not_set", "code_scanning_default_setup": "disabled", "code_scanning_default_setup_options": { "runner_type": "not_set", "runner_label": null }, "code_scanning_options": { "allow_advanced": false }, "code_scanning_delegated_alert_dismissal": "disabled", "secret_scanning": "enabled", "secret_scanning_push_protection": "disabled", "secret_scanning_delegated_bypass": "disabled", "secret_scanning_validity_checks": "disabled", "secret_scanning_non_provider_patterns": "disabled", "secret_scanning_generic_secrets": "disabled", "secret_scanning_delegated_alert_dismissal": "disabled", "private_vulnerability_reporting": "disabled", "enforcement": "enforced", "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1325", "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/edit/1325", "created_at": "2024-05-01T00:00:00Z", "updated_at": "2024-05-01T00:00:00Z"}

Get default code security configurations

Lists the default code security configurations for an organization.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need theread:org scope to use this endpoint.

Fine-grained access tokens for "Get default code security configurations"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Administration" organization permissions (read)

Parameters for "Get default code security configurations"

Headers
Name, Type, Description
acceptstring

Setting toapplication/vnd.github+json is recommended.

Path parameters
Name, Type, Description
orgstringRequired

The organization name. The name is not case sensitive.

HTTP response status codes for "Get default code security configurations"

Status codeDescription
200

OK

304

Not modified

403

Forbidden

404

Resource not found

Code samples for "Get default code security configurations"

Request example

get/orgs/{org}/code-security/configurations/defaults
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/ORG/code-security/configurations/defaults

Response

Status: 200
[ { "default_for_new_repos": "public", "configuration": { "id": 1325, "target_type": "organization", "name": "octo-org recommended settings", "description": "This is a code security configuration for octo-org", "advanced_security": "enabled", "dependency_graph": "enabled", "dependency_graph_autosubmit_action": "not_set", "dependency_graph_autosubmit_action_options": { "labeled_runners": false }, "dependabot_alerts": "enabled", "dependabot_security_updates": "not_set", "code_scanning_default_setup": "enabled", "code_scanning_default_setup_options": { "runner_type": "not_set", "runner_label": null }, "code_scanning_options": { "allow_advanced": false }, "secret_scanning": "enabled", "secret_scanning_push_protection": "enabled", "secret_scanning_delegated_bypass": "enabled", "secret_scanning_delegated_bypass_options": { "reviewers": [ { "security_configuration_id": 1325, "reviewer_id": 5678, "reviewer_type": "TEAM" } ] }, "secret_scanning_validity_checks": "enabled", "secret_scanning_non_provider_patterns": "enabled", "private_vulnerability_reporting": "enabled", "enforcement": "enforced", "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1325", "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/edit/1325", "created_at": "2024-05-01T00:00:00Z", "updated_at": "2024-05-01T00:00:00Z" } }, { "default_for_new_repos": "private_and_internal", "configuration": { "id": 17, "target_type": "global", "name": "GitHub recommended", "description": "Suggested settings for Dependabot, secret scanning, and code scanning.", "advanced_security": "enabled", "dependency_graph": "enabled", "dependency_graph_autosubmit_action": "not_set", "dependency_graph_autosubmit_action_options": { "labeled_runners": false }, "dependabot_alerts": "enabled", "dependabot_security_updates": "not_set", "code_scanning_default_setup": "enabled", "code_scanning_default_setup_options": { "runner_type": "not_set", "runner_label": null }, "code_scanning_options": { "allow_advanced": false }, "secret_scanning": "enabled", "secret_scanning_push_protection": "enabled", "secret_scanning_delegated_bypass": "disabled", "secret_scanning_validity_checks": "disabled", "private_vulnerability_reporting": "enabled", "enforcement": "enforced", "url": "https://api.github.com/orgs/octo-org/code-security/configurations/17", "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/view", "created_at": "2023-12-04T15:58:07Z", "updated_at": "2023-12-04T15:58:07Z" } }]

Detach configurations from repositories

Detach code security configuration(s) from a set of repositories.Repositories will retain their settings but will no longer be associated with the configuration.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need thewrite:org scope to use this endpoint.

Fine-grained access tokens for "Detach configurations from repositories"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Administration" organization permissions (write)

Parameters for "Detach configurations from repositories"

Headers
Name, Type, Description
acceptstring

Setting toapplication/vnd.github+json is recommended.

Path parameters
Name, Type, Description
orgstringRequired

The organization name. The name is not case sensitive.

Body parameters
Name, Type, Description
selected_repository_idsarray of integers

An array of repository IDs to detach from configurations. Up to 250 IDs can be provided.

HTTP response status codes for "Detach configurations from repositories"

Status codeDescription
204

A header with no content is returned.

400

Bad Request

403

Forbidden

404

Resource not found

409

Conflict

Code samples for "Detach configurations from repositories"

Request example

delete/orgs/{org}/code-security/configurations/detach
curl -L \ -X DELETE \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/ORG/code-security/configurations/detach \ -d '{"selected_repository_ids":[32,91]}'

A header with no content is returned.

Status: 204

Get a code security configuration

Gets a code security configuration available in an organization.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need thewrite:org scope to use this endpoint.

Fine-grained access tokens for "Get a code security configuration"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Administration" organization permissions (read)

Parameters for "Get a code security configuration"

Headers
Name, Type, Description
acceptstring

Setting toapplication/vnd.github+json is recommended.

Path parameters
Name, Type, Description
orgstringRequired

The organization name. The name is not case sensitive.

configuration_idintegerRequired

The unique identifier of the code security configuration.

HTTP response status codes for "Get a code security configuration"

Status codeDescription
200

OK

304

Not modified

403

Forbidden

404

Resource not found

Code samples for "Get a code security configuration"

Request example

get/orgs/{org}/code-security/configurations/{configuration_id}
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/ORG/code-security/configurations/CONFIGURATION_ID

Response

Status: 200
{ "id": 1325, "target_type": "organization", "name": "octo-org recommended settings", "description": "This is a code security configuration for octo-org", "advanced_security": "enabled", "dependency_graph": "enabled", "dependency_graph_autosubmit_action": "enabled", "dependency_graph_autosubmit_action_options": { "labeled_runners": false }, "dependabot_alerts": "enabled", "dependabot_security_updates": "not_set", "code_scanning_default_setup": "disabled", "code_scanning_default_setup_options": { "runner_type": "not_set", "runner_label": null }, "code_scanning_options": { "allow_advanced": false }, "code_scanning_delegated_alert_dismissal": "disabled", "secret_scanning": "enabled", "secret_scanning_push_protection": "disabled", "secret_scanning_delegated_bypass": "disabled", "secret_scanning_validity_checks": "disabled", "secret_scanning_non_provider_patterns": "disabled", "secret_scanning_generic_secrets": "disabled", "secret_scanning_delegated_alert_dismissal": "disabled", "private_vulnerability_reporting": "disabled", "enforcement": "enforced", "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1325", "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/edit/1325", "created_at": "2024-05-01T00:00:00Z", "updated_at": "2024-05-01T00:00:00Z"}

Update a code security configuration

Updates a code security configuration in an organization.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need thewrite:org scope to use this endpoint.

Fine-grained access tokens for "Update a code security configuration"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Administration" organization permissions (write)

Parameters for "Update a code security configuration"

Headers
Name, Type, Description
acceptstring

Setting toapplication/vnd.github+json is recommended.

Path parameters
Name, Type, Description
orgstringRequired

The organization name. The name is not case sensitive.

configuration_idintegerRequired

The unique identifier of the code security configuration.

Body parameters
Name, Type, Description
namestring

The name of the code security configuration. Must be unique within the organization.

descriptionstring

A description of the code security configuration

advanced_securitystring

The enablement status of GitHub Advanced Security features.enabled will enable both Code Security and Secret Protection features.

Warning

code_security andsecret_protection are deprecated values for this field. Prefer the individualcode_security andsecret_protection fields to set the status of these features.

Can be one of:enabled,disabled,code_security,secret_protection

code_securitystring

The enablement status of GitHub Code Security features.

Can be one of:enabled,disabled,not_set

dependency_graphstring

The enablement status of Dependency Graph

Can be one of:enabled,disabled,not_set

dependency_graph_autosubmit_actionstring

The enablement status of Automatic dependency submission

Can be one of:enabled,disabled,not_set

dependency_graph_autosubmit_action_optionsobject

Feature options for Automatic dependency submission

Name, Type, Description
labeled_runnersboolean

Whether to use runners labeled with 'dependency-submission' or standard GitHub runners.

dependabot_alertsstring

The enablement status of Dependabot alerts

Can be one of:enabled,disabled,not_set

dependabot_security_updatesstring

The enablement status of Dependabot security updates

Can be one of:enabled,disabled,not_set

code_scanning_default_setupstring

The enablement status of code scanning default setup

Can be one of:enabled,disabled,not_set

code_scanning_default_setup_optionsobject or null

Feature options for code scanning default setup

Name, Type, Description
runner_typestring

Whether to use labeled runners or standard GitHub runners.

Can be one of:standard,labeled,not_set

runner_labelstring or null

The label of the runner to use for code scanning default setup when runner_type is 'labeled'.

code_scanning_delegated_alert_dismissalstring

The enablement status of code scanning delegated alert dismissal

Default:disabled

Can be one of:enabled,disabled,not_set

secret_protectionstring

The enablement status of GitHub Secret Protection features.

Can be one of:enabled,disabled,not_set

secret_scanningstring

The enablement status of secret scanning

Can be one of:enabled,disabled,not_set

secret_scanning_push_protectionstring

The enablement status of secret scanning push protection

Can be one of:enabled,disabled,not_set

secret_scanning_delegated_bypassstring

The enablement status of secret scanning delegated bypass

Can be one of:enabled,disabled,not_set

secret_scanning_delegated_bypass_optionsobject

Feature options for secret scanning delegated bypass

Name, Type, Description
reviewersarray of objects

The bypass reviewers for secret scanning delegated bypass

Name, Type, Description
reviewer_idintegerRequired

The ID of the team or role selected as a bypass reviewer

reviewer_typestringRequired

The type of the bypass reviewer

Can be one of:TEAM,ROLE

secret_scanning_validity_checksstring

The enablement status of secret scanning validity checks

Can be one of:enabled,disabled,not_set

secret_scanning_non_provider_patternsstring

The enablement status of secret scanning non-provider patterns

Can be one of:enabled,disabled,not_set

secret_scanning_generic_secretsstring

The enablement status of Copilot secret scanning

Can be one of:enabled,disabled,not_set

secret_scanning_delegated_alert_dismissalstring

The enablement status of secret scanning delegated alert dismissal

Can be one of:enabled,disabled,not_set

private_vulnerability_reportingstring

The enablement status of private vulnerability reporting

Can be one of:enabled,disabled,not_set

enforcementstring

The enforcement status for a security configuration

Can be one of:enforced,unenforced

HTTP response status codes for "Update a code security configuration"

Status codeDescription
200

Response when a configuration is updated

204

Response when no new updates are made

Code samples for "Update a code security configuration"

Request example

patch/orgs/{org}/code-security/configurations/{configuration_id}
curl -L \ -X PATCH \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/ORG/code-security/configurations/CONFIGURATION_ID \ -d '{"name":"octo-org recommended settings v2","secret_scanning":"disabled","code_scanning_default_setup":"enabled"}'

Response when a configuration is updated

Status: 200
{ "id": 1325, "target_type": "organization", "name": "octo-org recommended settings v2", "description": "This is a code security configuration for octo-org", "advanced_security": "enabled", "dependency_graph": "enabled", "dependency_graph_autosubmit_action": "enabled", "dependency_graph_autosubmit_action_options": { "labeled_runners": false }, "dependabot_alerts": "enabled", "dependabot_security_updates": "not_set", "code_scanning_default_setup": "enabled", "code_scanning_default_setup_options": { "runner_type": "not_set", "runner_label": null }, "code_scanning_options": { "allow_advanced": false }, "code_scanning_delegated_alert_dismissal": "disabled", "secret_scanning": "disabled", "secret_scanning_push_protection": "disabled", "secret_scanning_delegated_bypass": "disabled", "secret_scanning_validity_checks": "disabled", "secret_scanning_non_provider_patterns": "disabled", "secret_scanning_generic_secrets": "disabled", "secret_scanning_delegated_alert_dismissal": "disabled", "private_vulnerability_reporting": "disabled", "enforcement": "enforced", "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1325", "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/edit/1325", "created_at": "2024-05-01T00:00:00Z", "updated_at": "2024-05-01T00:00:00Z"}

Delete a code security configuration

Deletes the desired code security configuration from an organization.Repositories attached to the configuration will retain their settings but will no longer be associated withthe configuration.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need thewrite:org scope to use this endpoint.

Fine-grained access tokens for "Delete a code security configuration"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Administration" organization permissions (write)

Parameters for "Delete a code security configuration"

Headers
Name, Type, Description
acceptstring

Setting toapplication/vnd.github+json is recommended.

Path parameters
Name, Type, Description
orgstringRequired

The organization name. The name is not case sensitive.

configuration_idintegerRequired

The unique identifier of the code security configuration.

HTTP response status codes for "Delete a code security configuration"

Status codeDescription
204

A header with no content is returned.

400

Bad Request

403

Forbidden

404

Resource not found

409

Conflict

Code samples for "Delete a code security configuration"

Request example

delete/orgs/{org}/code-security/configurations/{configuration_id}
curl -L \ -X DELETE \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/ORG/code-security/configurations/CONFIGURATION_ID

A header with no content is returned.

Status: 204

Attach a configuration to repositories

Attach a code security configuration to a set of repositories. If the repositories specified are already attached to a configuration, they will be re-attached to the provided configuration.

If insufficient GHAS licenses are available to attach the configuration to a repository, only free features will be enabled.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need thewrite:org scope to use this endpoint.

Fine-grained access tokens for "Attach a configuration to repositories"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Administration" organization permissions (write)

Parameters for "Attach a configuration to repositories"

Headers
Name, Type, Description
acceptstring

Setting toapplication/vnd.github+json is recommended.

Path parameters
Name, Type, Description
orgstringRequired

The organization name. The name is not case sensitive.

configuration_idintegerRequired

The unique identifier of the code security configuration.

Body parameters
Name, Type, Description
scopestringRequired

The type of repositories to attach the configuration to.selected means the configuration will be attached to only the repositories specified byselected_repository_ids

Can be one of:all,all_without_configurations,public,private_or_internal,selected

selected_repository_idsarray of integers

An array of repository IDs to attach the configuration to. You can only provide a list of repository ids when thescope is set toselected.

HTTP response status codes for "Attach a configuration to repositories"

Status codeDescription
202

Accepted

Code samples for "Attach a configuration to repositories"

Request example

post/orgs/{org}/code-security/configurations/{configuration_id}/attach
curl -L \ -X POST \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/ORG/code-security/configurations/CONFIGURATION_ID/attach \ -d '{"scope":"selected","selected_repository_ids":[32,91]}'

Accepted

Status: 202

Set a code security configuration as a default for an organization

Sets a code security configuration as a default to be applied to new repositories in your organization.

This configuration will be applied to the matching repository type (all, none, public, private and internal) by default when they are created.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need thewrite:org scope to use this endpoint.

Fine-grained access tokens for "Set a code security configuration as a default for an organization"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Administration" organization permissions (write)

Parameters for "Set a code security configuration as a default for an organization"

Headers
Name, Type, Description
acceptstring

Setting toapplication/vnd.github+json is recommended.

Path parameters
Name, Type, Description
orgstringRequired

The organization name. The name is not case sensitive.

configuration_idintegerRequired

The unique identifier of the code security configuration.

Body parameters
Name, Type, Description
default_for_new_reposstring

Specify which types of repository this security configuration should be applied to by default.

Can be one of:all,none,private_and_internal,public

HTTP response status codes for "Set a code security configuration as a default for an organization"

Status codeDescription
200

Default successfully changed.

403

Forbidden

404

Resource not found

Code samples for "Set a code security configuration as a default for an organization"

Request example

put/orgs/{org}/code-security/configurations/{configuration_id}/defaults
curl -L \ -X PUT \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/ORG/code-security/configurations/CONFIGURATION_ID/defaults \ -d '{"default_for_new_repos":"all"}'

Default successfully changed.

Status: 200
{ "default_for_new_repos": "all", "configuration": { "value": { "id": 1325, "target_type": "organization", "name": "octo-org recommended settings", "description": "This is a code security configuration for octo-org", "advanced_security": "enabled", "dependency_graph": "enabled", "dependency_graph_autosubmit_action": "enabled", "dependency_graph_autosubmit_action_options": { "labeled_runners": false }, "dependabot_alerts": "enabled", "dependabot_security_updates": "not_set", "code_scanning_default_setup": "disabled", "code_scanning_default_setup_options": { "runner_type": "not_set", "runner_label": null }, "code_scanning_options": { "allow_advanced": false }, "code_scanning_delegated_alert_dismissal": "disabled", "secret_scanning": "enabled", "secret_scanning_push_protection": "disabled", "secret_scanning_delegated_bypass": "disabled", "secret_scanning_validity_checks": "disabled", "secret_scanning_non_provider_patterns": "disabled", "secret_scanning_generic_secrets": "disabled", "secret_scanning_delegated_alert_dismissal": "disabled", "private_vulnerability_reporting": "disabled", "enforcement": "enforced", "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1325", "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/edit/1325", "created_at": "2024-05-01T00:00:00Z", "updated_at": "2024-05-01T00:00:00Z" } }}

Get repositories associated with a code security configuration

Lists the repositories associated with a code security configuration in an organization.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need theread:org scope to use this endpoint.

Fine-grained access tokens for "Get repositories associated with a code security configuration"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Administration" organization permissions (read)

Parameters for "Get repositories associated with a code security configuration"

Headers
Name, Type, Description
acceptstring

Setting toapplication/vnd.github+json is recommended.

Path parameters
Name, Type, Description
orgstringRequired

The organization name. The name is not case sensitive.

configuration_idintegerRequired

The unique identifier of the code security configuration.

Query parameters
Name, Type, Description
per_pageinteger

The number of results per page (max 100). For more information, see "Using pagination in the REST API."

Default:30

beforestring

A cursor, as given in theLink header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API."

afterstring

A cursor, as given in theLink header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API."

statusstring

A comma-separated list of statuses. If specified, only repositories with these attachment statuses will be returned.

Can be:all,attached,attaching,detached,removed,enforced,failed,updating,removed_by_enterprise

Default:all

HTTP response status codes for "Get repositories associated with a code security configuration"

Status codeDescription
200

OK

403

Forbidden

404

Resource not found

Code samples for "Get repositories associated with a code security configuration"

Request example

get/orgs/{org}/code-security/configurations/{configuration_id}/repositories
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/orgs/ORG/code-security/configurations/CONFIGURATION_ID/repositories

Example of code security configuration repositories

Status: 200
[ { "status": "attached", "repository": { "value": { "id": 1296269, "node_id": "MDEwOlJlcG9zaXRvcnkxMjk2MjY5", "name": "Hello-World", "full_name": "octocat/Hello-World", "owner": { "login": "octocat", "id": 1, "node_id": "MDQ6VXNlcjE=", "avatar_url": "https://github.com/images/error/octocat_happy.gif", "gravatar_id": "", "url": "https://api.github.com/users/octocat", "html_url": "https://github.com/octocat", "followers_url": "https://api.github.com/users/octocat/followers", "following_url": "https://api.github.com/users/octocat/following{/other_user}", "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}", "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/octocat/subscriptions", "organizations_url": "https://api.github.com/users/octocat/orgs", "repos_url": "https://api.github.com/users/octocat/repos", "events_url": "https://api.github.com/users/octocat/events{/privacy}", "received_events_url": "https://api.github.com/users/octocat/received_events", "type": "User", "site_admin": false }, "private": false, "html_url": "https://github.com/octocat/Hello-World", "description": "This your first repo!", "fork": false, "url": "https://api.github.com/repos/octocat/Hello-World", "archive_url": "https://api.github.com/repos/octocat/Hello-World/{archive_format}{/ref}", "assignees_url": "https://api.github.com/repos/octocat/Hello-World/assignees{/user}", "blobs_url": "https://api.github.com/repos/octocat/Hello-World/git/blobs{/sha}", "branches_url": "https://api.github.com/repos/octocat/Hello-World/branches{/branch}", "collaborators_url": "https://api.github.com/repos/octocat/Hello-World/collaborators{/collaborator}", "comments_url": "https://api.github.com/repos/octocat/Hello-World/comments{/number}", "commits_url": "https://api.github.com/repos/octocat/Hello-World/commits{/sha}", "compare_url": "https://api.github.com/repos/octocat/Hello-World/compare/{base}...{head}", "contents_url": "https://api.github.com/repos/octocat/Hello-World/contents/{+path}", "contributors_url": "https://api.github.com/repos/octocat/Hello-World/contributors", "deployments_url": "https://api.github.com/repos/octocat/Hello-World/deployments", "downloads_url": "https://api.github.com/repos/octocat/Hello-World/downloads", "events_url": "https://api.github.com/repos/octocat/Hello-World/events", "forks_url": "https://api.github.com/repos/octocat/Hello-World/forks", "git_commits_url": "https://api.github.com/repos/octocat/Hello-World/git/commits{/sha}", "git_refs_url": "https://api.github.com/repos/octocat/Hello-World/git/refs{/sha}", "git_tags_url": "https://api.github.com/repos/octocat/Hello-World/git/tags{/sha}", "git_url": "git:github.com/octocat/Hello-World.git", "issue_comment_url": "https://api.github.com/repos/octocat/Hello-World/issues/comments{/number}", "issue_events_url": "https://api.github.com/repos/octocat/Hello-World/issues/events{/number}", "issues_url": "https://api.github.com/repos/octocat/Hello-World/issues{/number}", "keys_url": "https://api.github.com/repos/octocat/Hello-World/keys{/key_id}", "labels_url": "https://api.github.com/repos/octocat/Hello-World/labels{/name}", "languages_url": "https://api.github.com/repos/octocat/Hello-World/languages", "merges_url": "https://api.github.com/repos/octocat/Hello-World/merges", "milestones_url": "https://api.github.com/repos/octocat/Hello-World/milestones{/number}", "notifications_url": "https://api.github.com/repos/octocat/Hello-World/notifications{?since,all,participating}", "pulls_url": "https://api.github.com/repos/octocat/Hello-World/pulls{/number}", "releases_url": "https://api.github.com/repos/octocat/Hello-World/releases{/id}", "ssh_url": "git@github.com:octocat/Hello-World.git", "stargazers_url": "https://api.github.com/repos/octocat/Hello-World/stargazers", "statuses_url": "https://api.github.com/repos/octocat/Hello-World/statuses/{sha}", "subscribers_url": "https://api.github.com/repos/octocat/Hello-World/subscribers", "subscription_url": "https://api.github.com/repos/octocat/Hello-World/subscription", "tags_url": "https://api.github.com/repos/octocat/Hello-World/tags", "teams_url": "https://api.github.com/repos/octocat/Hello-World/teams", "trees_url": "https://api.github.com/repos/octocat/Hello-World/git/trees{/sha}", "hooks_url": "http://api.github.com/repos/octocat/Hello-World/hooks" } } }]

Get the code security configuration associated with a repository

Get the code security configuration that manages a repository's code security settings.

The authenticated user must be an administrator or security manager for the organization to use this endpoint.

OAuth app tokens and personal access tokens (classic) need therepo scope to use this endpoint.

Fine-grained access tokens for "Get the code security configuration associated with a repository"

This endpoint works with the following fine-grained token types:

The fine-grained token must have the following permission set:

  • "Administration" repository permissions (read)

Parameters for "Get the code security configuration associated with a repository"

Headers
Name, Type, Description
acceptstring

Setting toapplication/vnd.github+json is recommended.

Path parameters
Name, Type, Description
ownerstringRequired

The account owner of the repository. The name is not case sensitive.

repostringRequired

The name of the repository without the.git extension. The name is not case sensitive.

HTTP response status codes for "Get the code security configuration associated with a repository"

Status codeDescription
200

OK

204

A header with no content is returned.

304

Not modified

403

Forbidden

404

Resource not found

Code samples for "Get the code security configuration associated with a repository"

Request example

get/repos/{owner}/{repo}/code-security-configuration
curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer <YOUR-TOKEN>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/OWNER/REPO/code-security-configuration

Response

Status: 200
{ "status": "attached", "configuration": { "id": 1325, "target_type": "organization", "name": "octo-org recommended settings", "description": "This is a code security configuration for octo-org", "advanced_security": "enabled", "dependency_graph": "enabled", "dependency_graph_autosubmit_action": "enabled", "dependency_graph_autosubmit_action_options": { "labeled_runners": false }, "dependabot_alerts": "enabled", "dependabot_security_updates": "not_set", "code_scanning_default_setup": "disabled", "code_scanning_delegated_alert_dismissal": "disabled", "secret_scanning": "enabled", "secret_scanning_push_protection": "disabled", "secret_scanning_delegated_bypass": "disabled", "secret_scanning_validity_checks": "disabled", "secret_scanning_non_provider_patterns": "disabled", "secret_scanning_generic_secrets": "disabled", "secret_scanning_delegated_alert_dismissal": "disabled", "private_vulnerability_reporting": "disabled", "enforcement": "enforced", "url": "https://api.github.com/orgs/octo-org/code-security/configurations/1325", "html_url": "https://github.com/organizations/octo-org/settings/security_products/configurations/edit/1325", "created_at": "2024-05-01T00:00:00Z", "updated_at": "2024-05-01T00:00:00Z" }}
[8]ページ先頭
©2009-2025 Movatter.jp