title: Applying the GitHub-recommended security configuration in your organization
shortTitle: Apply recommended configuration
intro: >-
Secure your code with the security enablement settings created, managed, and
recommended by {% data variables.product.company_short %}.
permissions: '{% data reusables.permissions.security-org-enable %}'
versions:
feature: security-configurations-cloud
topics:
- Code Security
- Secret Protection
- Organizations
- Security
About the {% data variables.product.prodname_github_security_configuration %}
The {% data variables.product.prodname_github_security_configuration %} is a collection of enablement settings for {% data variables.product.company_short %}'s security features that is created and maintained by subject matter experts at {% data variables.product.company_short %}. The {% data variables.product.prodname_github_security_configuration %} is designed to successfully reduce the security risks for low- and high-impact repositories. We recommend you apply this configuration to all the repositories in your organization.
The {% data variables.product.prodname_github_security_configuration %} includes {% data variables.product.prodname_GH_code_security %} and {% data variables.product.prodname_GH_secret_protection %} features. Applying the configuration to private and internal repositories in your organization will incur usage costs or require licenses.
Applying the {% data variables.product.prodname_github_security_configuration %} to all repositories in your organization
{% data reusables.profile.access_org %} {% data reusables.organizations.org_settings %} {% data reusables.security-configurations.view-configurations-page %}
In the "{% data variables.product.company_short %} recommended" row of the configurations table for your organization, select the Apply to {% octicon "triangle-down" aria-hidden="true" aria-label="triangle-down" %} dropdown menu, then click All repositories or All repositories without configurations.
{% data reusables.security-configurations.default-configuration-exception-repo-transfers %}
{% data reusables.security-configurations.apply-configuration %}
Applying the {% data variables.product.prodname_github_security_configuration %} to specific repositories in your organization
{% data reusables.profile.access_org %} {% data reusables.organizations.org_settings %} {% data reusables.security-configurations.view-configurations-page %}
Optionally, in the "Apply configurations" section, filter the view to find the repositories you would like to apply the {% data variables.product.prodname_github_security_configuration %} to. To learn how to filter the repository table, see AUTOTITLE. {% data reusables.security-configurations.select-repos %}
Select the Apply configuration {% octicon "triangle-down" aria-hidden="true" aria-label="triangle-down" %} dropdown menu, then click {% data variables.product.company_short %} recommended.
{% data reusables.security-configurations.default-configuration-exception-repo-transfers %}
{% data reusables.security-configurations.apply-configuration %}
Enforcing the {% data variables.product.prodname_github_security_configuration %}
{% data reusables.profile.access_org %} {% data reusables.organizations.org_settings %} {% data reusables.security-configurations.view-configurations-page %}
- In the "Security configurations" section, select "{% data variables.product.company_short %} recommended".
- In the "Policy" section, next to "Enforce configuration", select Enforce from the dropdown menu.
{% data reusables.code-scanning.custom-security-configuration-enforcement-edge-cases %}
Next steps
After you apply the {% data variables.product.prodname_github_security_configuration %}, you can customize your organization-level security settings with {% data variables.product.prodname_global_settings %}. See AUTOTITLE.
{% data reusables.security-configurations.troubleshooting-next-step %}