Requirements for enabling Advanced Security products
To use GitHub Secret Protection, GitHub Code Security, or GitHub Advanced Security on private or internal repositories with unique active committers, you must have licenses available. The user-interface and options depend on how you pay for Advanced Security.
- Metered billing: by default, there is no limit on how many licenses you can consume. See GitHub Enterprise Cloud 文档中的 设置预算以控制按流量计费的产品的支出 和 强制实施企业的代码安全性和分析策略 .
- Volume/subscription billing (GitHub Enterprise only): once the licenses you have purchased are all in use, you cannot enable GitHub Secret Protection, GitHub Code Security, or GitHub Advanced Security on additional repositories until you free up or buy additional licenses.
With security configurations, you can easily understand the license usage of repositories in your organization, as well as the number of available GitHub Secret Protection, GitHub Code Security, or GitHub Advanced Security licenses in your 企业. Additionally, if you need to make more licenses available to secure a high-impact repository, you can quickly disable GitHub Secret Protection, GitHub Code Security, or GitHub Advanced Security on private and internal repositories at scale.
To learn about licensing for GitHub Secret Protection, GitHub Code Security, and GitHub Advanced Security, see GitHub Advanced Security 许可证计费.
Understanding your license usage
-
在 GitHub 的右上角,单击个人资料图片,然后单击“ Your organizations”****。
-
在组织名称下,单击 “Settings”****。 如果看不到“设置”选项卡,请选择“”下拉菜单,然后单击“设置”********。
-
在边栏的“Security”部分中,选择“ Advanced Security”下拉菜单,然后单击“Configurations”********。
-
In the "Apply configurations" section, your current license usage will be displayed. This screenshot shows metered usage. If you have bought a volume/subscription license, then the number of licenses available is also reported.
-
Optionally, to find specific repositories in your organization, filter the repository table. To learn more, see Filtering repositories in your organization using the repository table.
提示
For information about buying more volume/subscription licenses, see 管理 GitHub 高级安全性的批量许可证.
Turning off Secret Protection or Code Security
The simplest way to turn off all Secret Protection or Code Security features for one or more repositories is to create a security configuration where the product is disabled at the top level. You can apply this custom configuration to repositories where you want to turn off paid features.
提示
Ensure that you give your custom configuration a very clear name, for example: "No Code Security" or "Secret Protection and Supply chain only" to avoid confusion.
For more information, see Creating a custom security configuration and Applying a custom security configuration.
To prevent future enablement of security features, we recommend you ask your enterprise administrator to set the enterprise account's Advanced Security policies so that:
- Advanced Security is not available.
- Repository administrators are not allowed to enable or disable Advanced Security features for their repositories. See 强制实施企业的代码安全性和分析策略.