docs/content/admin/advanced-security/enabling-github-advanced-security-for-your-enterprise.md

title	shortTitle	intro	product	versions	type	topics
Enabling GitHub Advanced Security for your enterprise	Enabling GitHub Advanced Security	You can configure {% data variables.product.product_name %} to include {% data variables.product.prodname_GH_advanced_security %}. This provides extra features that help users find and fix security problems in their code.	{% data reusables.gated-features.ghas %}	enterprise-server >=2.22	how_to	Advanced Security Code scanning Enterprise Secret scanning Security

About enabling {% data variables.product.prodname_GH_advanced_security %}

{% data reusables.advanced-security.ghas-helps-developers %}

{% if currentVersion ver_gt "enterprise-server@3.0" %} When you enable {% data variables.product.prodname_GH_advanced_security %} for your enterprise, repository administrators in all organizations can enable the features unless you set up a policy to restrict access. For more information, see "Enforcing policies for {% data variables.product.prodname_advanced_security %} in your enterprise." {% else %} When you enable {% data variables.product.prodname_GH_advanced_security %} for your enterprise, repository administrators in all organizations can enable the features. {% if currentVersion == "enterprise-server@3.0" %}For more information, see "Managing security and analysis settings for your organization" and "Managing security and analysis settings for your repository."{% endif %} {% endif %}

Prerequisites for enabling {% data variables.product.prodname_GH_advanced_security %}

1. Upgrade your license for {% data variables.product.product_name %} to include {% data variables.product.prodname_GH_advanced_security %}.{% if currentVersion ver_gt "enterprise-server@3.0" %} For information about licensing, see "About licensing for {% data variables.product.prodname_GH_advanced_security %}."{% endif %}

2. Upload the new license to {% data variables.product.product_location %}. For more information, see "Managing your GitHub Enterprise license."{% if currentVersion ver_gt "enterprise-server@2.22" %}

3. Review the prerequisites for the features you plan to enable.

   • {% data variables.product.prodname_code_scanning_capc %}, see "Configuring {% data variables.product.prodname_code_scanning %} for your appliance."
   • {% data variables.product.prodname_secret_scanning_caps %}, see "Configuring {% data variables.product.prodname_secret_scanning %} for your appliance."{% endif %}

Checking whether your license includes {% data variables.product.prodname_GH_advanced_security %}

{% if currentVersion ver_gt "enterprise-server@3.0" %} {% data reusables.enterprise-accounts.access-enterprise %} {% data reusables.enterprise-accounts.settings-tab %} {% data reusables.enterprise-accounts.license-tab %}

1. If your license includes {% data variables.product.prodname_GH_advanced_security %}, the license page includes a section showing details of current usage. {% endif %}

{% if currentVersion == "enterprise-server@2.22" or currentVersion == "enterprise-server@3.0" %} {% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %}

1. If your license includes {% data variables.product.prodname_GH_advanced_security %}, there is an {% data variables.product.prodname_advanced_security %} entry in the left sidebar.

{% data reusables.enterprise_management_console.advanced-security-license %} {% endif %}

Enabling and disabling {% data variables.product.prodname_GH_advanced_security %} features

{% data reusables.enterprise_management_console.enable-disable-security-features %}

{% data reusables.enterprise_site_admin_settings.access-settings %} {% data reusables.enterprise_site_admin_settings.management-console %} {% data reusables.enterprise_management_console.advanced-security-tab %}{% if currentVersion ver_gt "enterprise-server@2.22" %}

1. Under "{% data variables.product.prodname_advanced_security %}," select the features that you want to enable and deselect any features you want to disable. {% else %}
2. Under "{% data variables.product.prodname_advanced_security %}," click {% data variables.product.prodname_code_scanning_capc %}. {% endif %} {% data reusables.enterprise_management_console.save-settings %}

When {% data variables.product.product_name %} has finished restarting, you're ready to set up any additional resources required for newly enabled features. For more information, see "Configuring {% data variables.product.prodname_code_scanning %} for your appliance."

Enabling or disabling {% data variables.product.prodname_GH_advanced_security %} via the administrative shell (SSH)

You can enable or disable features programmatically on {% data variables.product.product_location %}. For more information about the administrative shell and command-line utilities for {% data variables.product.prodname_ghe_server %}, see "Accessing the administrative shell (SSH)" and "Command-line utilities."

For example, you can enable {% data variables.product.prodname_code_scanning %} with your infrastructure-as-code tooling when you deploy an instance for staging or disaster recovery.

1. SSH into {% data variables.product.product_location %}.
2. Enable {% data variables.product.prodname_code_scanning %}.

   ghe-config app.minio.enabled true
   ghe-config app.code-scanning.enabled true
   

3. Optionally, disable {% data variables.product.prodname_code_scanning %}.

   ghe-config app.minio.enabled false
   ghe-config app.code-scanning.enabled false
   

4. Apply the configuration.

ghe-config-apply

{% if currentVersion ver_gt "enterprise-server@2.22" %}To enable and disable {% data variables.product.prodname_secret_scanning %} in the same way, set: `ghe-config app.secret-scanning.enabled` true or false and apply the configuration.{% endif %}