Preventing changes to your releases

You can enforce immutable releases for a repository or organization to prevent potential vulnerabilities.

In this article

Note

Immutable releases are currently in public preview and subject to change.

Enforcing immutable releases for your repository

  1. On GitHub, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. Scroll down to the "Releases" section, then select Enable release immutability. Be aware that immutability will only apply to future releases.

Enforcing immutable releases for your organization

  1. On GitHub, navigate to the main page of the organization.

  2. Under your organization name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of the tabs in an organization's profile. The "Settings" tab is outlined in dark orange.

  3. In the "Code, planning, and automation" section of the sidebar, select the Repository dropdown menu, then click General.

  4. In the "Releases" section of the page, select the No policy dropdown menu, then click either All repositories or Selected repositories. Be aware that immutability will only apply to future releases.

  5. If you chose Selected repositories, to the right of the dropdown menu, click . Select the repositories you want to include, then click Select repositories.