code_security_configurations
Creates, updates, deletes, gets or lists a code_security_configurations resource.
Overview
| Name | code_security_configurations |
| Type | Resource |
| Id | github.code_security.code_security_configurations |
Fields
The following fields are returned by SELECT queries:
- get_single_configuration_for_enterprise
- get_configuration
- get_configurations_for_enterprise
- get_configurations_for_org
Response
| Name | Datatype | Description |
|---|---|---|
id | integer | The ID of the code security configuration |
name | string | The name of the code security configuration. Must be unique within the organization. |
advanced_security | string | The enablement status of GitHub Advanced Security (enabled, disabled, code_security, secret_protection) |
code_scanning_default_setup | string | The enablement status of code scanning default setup (enabled, disabled, not_set) |
code_scanning_default_setup_options | object | Feature options for code scanning default setup |
code_scanning_delegated_alert_dismissal | string | The enablement status of code scanning delegated alert dismissal (enabled, disabled, not_set) |
code_scanning_options | object | Feature options for code scanning |
created_at | string (date-time) | |
dependabot_alerts | string | The enablement status of Dependabot alerts (enabled, disabled, not_set) |
dependabot_delegated_alert_dismissal | string | The enablement status of Dependabot delegated alert dismissal (enabled, disabled, not_set) |
dependabot_security_updates | string | The enablement status of Dependabot security updates (enabled, disabled, not_set) |
dependency_graph | string | The enablement status of Dependency Graph (enabled, disabled, not_set) |
dependency_graph_autosubmit_action | string | The enablement status of Automatic dependency submission (enabled, disabled, not_set) |
dependency_graph_autosubmit_action_options | object | Feature options for Automatic dependency submission |
description | string | A description of the code security configuration |
enforcement | string | The enforcement status for a security configuration (enforced, unenforced) |
html_url | string (uri) | The URL of the configuration |
private_vulnerability_reporting | string | The enablement status of private vulnerability reporting (enabled, disabled, not_set) |
secret_scanning | string | The enablement status of secret scanning (enabled, disabled, not_set) |
secret_scanning_delegated_alert_dismissal | string | The enablement status of secret scanning delegated alert dismissal (enabled, disabled, not_set) |
secret_scanning_delegated_bypass | string | The enablement status of secret scanning delegated bypass (enabled, disabled, not_set) |
secret_scanning_delegated_bypass_options | object | Feature options for secret scanning delegated bypass |
secret_scanning_extended_metadata | string | The enablement status of secret scanning extended metadata (enabled, disabled, not_set) |
secret_scanning_generic_secrets | string | The enablement status of Copilot secret scanning (enabled, disabled, not_set) |
secret_scanning_non_provider_patterns | string | The enablement status of secret scanning non-provider patterns (enabled, disabled, not_set) |
secret_scanning_push_protection | string | The enablement status of secret scanning push protection (enabled, disabled, not_set) |
secret_scanning_validity_checks | string | The enablement status of secret scanning validity checks (enabled, disabled, not_set) |
target_type | string | The type of the code security configuration. (global, organization, enterprise) |
updated_at | string (date-time) | |
url | string (uri) | The URL of the configuration |
Response
| Name | Datatype | Description |
|---|---|---|
id | integer | The ID of the code security configuration |
name | string | The name of the code security configuration. Must be unique within the organization. |
advanced_security | string | The enablement status of GitHub Advanced Security (enabled, disabled, code_security, secret_protection) |
code_scanning_default_setup | string | The enablement status of code scanning default setup (enabled, disabled, not_set) |
code_scanning_default_setup_options | object | Feature options for code scanning default setup |
code_scanning_delegated_alert_dismissal | string | The enablement status of code scanning delegated alert dismissal (enabled, disabled, not_set) |
code_scanning_options | object | Feature options for code scanning |
created_at | string (date-time) | |
dependabot_alerts | string | The enablement status of Dependabot alerts (enabled, disabled, not_set) |
dependabot_delegated_alert_dismissal | string | The enablement status of Dependabot delegated alert dismissal (enabled, disabled, not_set) |
dependabot_security_updates | string | The enablement status of Dependabot security updates (enabled, disabled, not_set) |
dependency_graph | string | The enablement status of Dependency Graph (enabled, disabled, not_set) |
dependency_graph_autosubmit_action | string | The enablement status of Automatic dependency submission (enabled, disabled, not_set) |
dependency_graph_autosubmit_action_options | object | Feature options for Automatic dependency submission |
description | string | A description of the code security configuration |
enforcement | string | The enforcement status for a security configuration (enforced, unenforced) |
html_url | string (uri) | The URL of the configuration |
private_vulnerability_reporting | string | The enablement status of private vulnerability reporting (enabled, disabled, not_set) |
secret_scanning | string | The enablement status of secret scanning (enabled, disabled, not_set) |
secret_scanning_delegated_alert_dismissal | string | The enablement status of secret scanning delegated alert dismissal (enabled, disabled, not_set) |
secret_scanning_delegated_bypass | string | The enablement status of secret scanning delegated bypass (enabled, disabled, not_set) |
secret_scanning_delegated_bypass_options | object | Feature options for secret scanning delegated bypass |
secret_scanning_extended_metadata | string | The enablement status of secret scanning extended metadata (enabled, disabled, not_set) |
secret_scanning_generic_secrets | string | The enablement status of Copilot secret scanning (enabled, disabled, not_set) |
secret_scanning_non_provider_patterns | string | The enablement status of secret scanning non-provider patterns (enabled, disabled, not_set) |
secret_scanning_push_protection | string | The enablement status of secret scanning push protection (enabled, disabled, not_set) |
secret_scanning_validity_checks | string | The enablement status of secret scanning validity checks (enabled, disabled, not_set) |
target_type | string | The type of the code security configuration. (global, organization, enterprise) |
updated_at | string (date-time) | |
url | string (uri) | The URL of the configuration |
Response
| Name | Datatype | Description |
|---|---|---|
id | integer | The ID of the code security configuration |
name | string | The name of the code security configuration. Must be unique within the organization. |
advanced_security | string | The enablement status of GitHub Advanced Security (enabled, disabled, code_security, secret_protection) |
code_scanning_default_setup | string | The enablement status of code scanning default setup (enabled, disabled, not_set) |
code_scanning_default_setup_options | object | Feature options for code scanning default setup |
code_scanning_delegated_alert_dismissal | string | The enablement status of code scanning delegated alert dismissal (enabled, disabled, not_set) |
code_scanning_options | object | Feature options for code scanning |
created_at | string (date-time) | |
dependabot_alerts | string | The enablement status of Dependabot alerts (enabled, disabled, not_set) |
dependabot_delegated_alert_dismissal | string | The enablement status of Dependabot delegated alert dismissal (enabled, disabled, not_set) |
dependabot_security_updates | string | The enablement status of Dependabot security updates (enabled, disabled, not_set) |
dependency_graph | string | The enablement status of Dependency Graph (enabled, disabled, not_set) |
dependency_graph_autosubmit_action | string | The enablement status of Automatic dependency submission (enabled, disabled, not_set) |
dependency_graph_autosubmit_action_options | object | Feature options for Automatic dependency submission |
description | string | A description of the code security configuration |
enforcement | string | The enforcement status for a security configuration (enforced, unenforced) |
html_url | string (uri) | The URL of the configuration |
private_vulnerability_reporting | string | The enablement status of private vulnerability reporting (enabled, disabled, not_set) |
secret_scanning | string | The enablement status of secret scanning (enabled, disabled, not_set) |
secret_scanning_delegated_alert_dismissal | string | The enablement status of secret scanning delegated alert dismissal (enabled, disabled, not_set) |
secret_scanning_delegated_bypass | string | The enablement status of secret scanning delegated bypass (enabled, disabled, not_set) |
secret_scanning_delegated_bypass_options | object | Feature options for secret scanning delegated bypass |
secret_scanning_extended_metadata | string | The enablement status of secret scanning extended metadata (enabled, disabled, not_set) |
secret_scanning_generic_secrets | string | The enablement status of Copilot secret scanning (enabled, disabled, not_set) |
secret_scanning_non_provider_patterns | string | The enablement status of secret scanning non-provider patterns (enabled, disabled, not_set) |
secret_scanning_push_protection | string | The enablement status of secret scanning push protection (enabled, disabled, not_set) |
secret_scanning_validity_checks | string | The enablement status of secret scanning validity checks (enabled, disabled, not_set) |
target_type | string | The type of the code security configuration. (global, organization, enterprise) |
updated_at | string (date-time) | |
url | string (uri) | The URL of the configuration |
Response
| Name | Datatype | Description |
|---|---|---|
id | integer | The ID of the code security configuration |
name | string | The name of the code security configuration. Must be unique within the organization. |
advanced_security | string | The enablement status of GitHub Advanced Security (enabled, disabled, code_security, secret_protection) |
code_scanning_default_setup | string | The enablement status of code scanning default setup (enabled, disabled, not_set) |
code_scanning_default_setup_options | object | Feature options for code scanning default setup |
code_scanning_delegated_alert_dismissal | string | The enablement status of code scanning delegated alert dismissal (enabled, disabled, not_set) |
code_scanning_options | object | Feature options for code scanning |
created_at | string (date-time) | |
dependabot_alerts | string | The enablement status of Dependabot alerts (enabled, disabled, not_set) |
dependabot_delegated_alert_dismissal | string | The enablement status of Dependabot delegated alert dismissal (enabled, disabled, not_set) |
dependabot_security_updates | string | The enablement status of Dependabot security updates (enabled, disabled, not_set) |
dependency_graph | string | The enablement status of Dependency Graph (enabled, disabled, not_set) |
dependency_graph_autosubmit_action | string | The enablement status of Automatic dependency submission (enabled, disabled, not_set) |
dependency_graph_autosubmit_action_options | object | Feature options for Automatic dependency submission |
description | string | A description of the code security configuration |
enforcement | string | The enforcement status for a security configuration (enforced, unenforced) |
html_url | string (uri) | The URL of the configuration |
private_vulnerability_reporting | string | The enablement status of private vulnerability reporting (enabled, disabled, not_set) |
secret_scanning | string | The enablement status of secret scanning (enabled, disabled, not_set) |
secret_scanning_delegated_alert_dismissal | string | The enablement status of secret scanning delegated alert dismissal (enabled, disabled, not_set) |
secret_scanning_delegated_bypass | string | The enablement status of secret scanning delegated bypass (enabled, disabled, not_set) |
secret_scanning_delegated_bypass_options | object | Feature options for secret scanning delegated bypass |
secret_scanning_extended_metadata | string | The enablement status of secret scanning extended metadata (enabled, disabled, not_set) |
secret_scanning_generic_secrets | string | The enablement status of Copilot secret scanning (enabled, disabled, not_set) |
secret_scanning_non_provider_patterns | string | The enablement status of secret scanning non-provider patterns (enabled, disabled, not_set) |
secret_scanning_push_protection | string | The enablement status of secret scanning push protection (enabled, disabled, not_set) |
secret_scanning_validity_checks | string | The enablement status of secret scanning validity checks (enabled, disabled, not_set) |
target_type | string | The type of the code security configuration. (global, organization, enterprise) |
updated_at | string (date-time) | |
url | string (uri) | The URL of the configuration |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get_single_configuration_for_enterprise | select | enterprise, configuration_id | Gets a code security configuration available in an enterprise. The authenticated user must be an administrator of the enterprise in order to use this endpoint. OAuth app tokens and personal access tokens (classic) need the read:enterprise scope to use this endpoint. | |
get_configuration | select | org, configuration_id | Gets a code security configuration available in an organization. The authenticated user must be an administrator or security manager for the organization to use this endpoint. OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint. | |
get_configurations_for_enterprise | select | enterprise | per_page, before, after | Lists all code security configurations available in an enterprise. The authenticated user must be an administrator of the enterprise in order to use this endpoint. OAuth app tokens and personal access tokens (classic) need the read:enterprise scope to use this endpoint. |
get_configurations_for_org | select | org | target_type, per_page, before, after | Lists all code security configurations available in an organization. The authenticated user must be an administrator or security manager for the organization to use this endpoint. OAuth app tokens and personal access tokens (classic) need the read:org scope to use this endpoint. |
attach_enterprise_configuration | insert | enterprise, configuration_id, scope | Attaches an enterprise code security configuration to repositories. If the repositories specified are already attached to a configuration, they will be re-attached to the provided configuration. If insufficient GHAS licenses are available to attach the configuration to a repository, only free features will be enabled. The authenticated user must be an administrator for the enterprise to use this endpoint. OAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint. | |
attach_configuration | insert | org, configuration_id, scope | Attach a code security configuration to a set of repositories. If the repositories specified are already attached to a configuration, they will be re-attached to the provided configuration. If insufficient GHAS licenses are available to attach the configuration to a repository, only free features will be enabled. The authenticated user must be an administrator or security manager for the organization to use this endpoint. OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint. | |
create_configuration_for_enterprise | insert | enterprise, name, description | Creates a code security configuration in an enterprise. The authenticated user must be an administrator of the enterprise in order to use this endpoint. OAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint. | |
create_configuration | insert | org, name, description | Creates a code security configuration in an organization. The authenticated user must be an administrator or security manager for the organization to use this endpoint. OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint. | |
update_enterprise_configuration | update | enterprise, configuration_id | Updates a code security configuration in an enterprise. The authenticated user must be an administrator of the enterprise in order to use this endpoint. OAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint. | |
update_configuration | update | org, configuration_id | Updates a code security configuration in an organization. The authenticated user must be an administrator or security manager for the organization to use this endpoint. OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint. | |
set_configuration_as_default_for_enterprise | replace | enterprise, configuration_id | Sets a code security configuration as a default to be applied to new repositories in your enterprise. This configuration will be applied by default to the matching repository type when created, but only for organizations within the enterprise that do not already have a default code security configuration set. The authenticated user must be an administrator for the enterprise to use this endpoint. OAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint. | |
set_configuration_as_default | replace | org, configuration_id | Sets a code security configuration as a default to be applied to new repositories in your organization. This configuration will be applied to the matching repository type (all, none, public, private and internal) by default when they are created. The authenticated user must be an administrator or security manager for the organization to use this endpoint. OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint. | |
delete_configuration_for_enterprise | delete | enterprise, configuration_id | Deletes a code security configuration from an enterprise. Repositories attached to the configuration will retain their settings but will no longer be associated with the configuration. The authenticated user must be an administrator for the enterprise to use this endpoint. OAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint. | |
delete_configuration | delete | org, configuration_id | Deletes the desired code security configuration from an organization. Repositories attached to the configuration will retain their settings but will no longer be associated with the configuration. The authenticated user must be an administrator or security manager for the organization to use this endpoint. OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint. | |
detach_configuration | delete | org | Detach code security configuration(s) from a set of repositories. Repositories will retain their settings but will no longer be associated with the configuration. The authenticated user must be an administrator or security manager for the organization to use this endpoint. OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
configuration_id | integer | The unique identifier of the code security configuration. |
enterprise | string | The slug version of the enterprise name. |
org | string | The organization name. The name is not case sensitive. |
after | string | A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see "Using pagination in the REST API." |
before | string | A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see "Using pagination in the REST API." |
per_page | integer | The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
target_type | string | The target type of the code security configuration |
SELECT examples
- get_single_configuration_for_enterprise
- get_configuration
- get_configurations_for_enterprise
- get_configurations_for_org
Gets a code security configuration available in an enterprise.
The authenticated user must be an administrator of the enterprise in order to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the read:enterprise scope to use this endpoint.
SELECT
id,
name,
advanced_security,
code_scanning_default_setup,
code_scanning_default_setup_options,
code_scanning_delegated_alert_dismissal,
code_scanning_options,
created_at,
dependabot_alerts,
dependabot_delegated_alert_dismissal,
dependabot_security_updates,
dependency_graph,
dependency_graph_autosubmit_action,
dependency_graph_autosubmit_action_options,
description,
enforcement,
html_url,
private_vulnerability_reporting,
secret_scanning,
secret_scanning_delegated_alert_dismissal,
secret_scanning_delegated_bypass,
secret_scanning_delegated_bypass_options,
secret_scanning_extended_metadata,
secret_scanning_generic_secrets,
secret_scanning_non_provider_patterns,
secret_scanning_push_protection,
secret_scanning_validity_checks,
target_type,
updated_at,
url
FROM github.code_security.code_security_configurations
WHERE enterprise = '{{ enterprise }}' -- required
AND configuration_id = '{{ configuration_id }}' -- required
;
Gets a code security configuration available in an organization.
The authenticated user must be an administrator or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.
SELECT
id,
name,
advanced_security,
code_scanning_default_setup,
code_scanning_default_setup_options,
code_scanning_delegated_alert_dismissal,
code_scanning_options,
created_at,
dependabot_alerts,
dependabot_delegated_alert_dismissal,
dependabot_security_updates,
dependency_graph,
dependency_graph_autosubmit_action,
dependency_graph_autosubmit_action_options,
description,
enforcement,
html_url,
private_vulnerability_reporting,
secret_scanning,
secret_scanning_delegated_alert_dismissal,
secret_scanning_delegated_bypass,
secret_scanning_delegated_bypass_options,
secret_scanning_extended_metadata,
secret_scanning_generic_secrets,
secret_scanning_non_provider_patterns,
secret_scanning_push_protection,
secret_scanning_validity_checks,
target_type,
updated_at,
url
FROM github.code_security.code_security_configurations
WHERE org = '{{ org }}' -- required
AND configuration_id = '{{ configuration_id }}' -- required
;
Lists all code security configurations available in an enterprise.
The authenticated user must be an administrator of the enterprise in order to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the read:enterprise scope to use this endpoint.
SELECT
id,
name,
advanced_security,
code_scanning_default_setup,
code_scanning_default_setup_options,
code_scanning_delegated_alert_dismissal,
code_scanning_options,
created_at,
dependabot_alerts,
dependabot_delegated_alert_dismissal,
dependabot_security_updates,
dependency_graph,
dependency_graph_autosubmit_action,
dependency_graph_autosubmit_action_options,
description,
enforcement,
html_url,
private_vulnerability_reporting,
secret_scanning,
secret_scanning_delegated_alert_dismissal,
secret_scanning_delegated_bypass,
secret_scanning_delegated_bypass_options,
secret_scanning_extended_metadata,
secret_scanning_generic_secrets,
secret_scanning_non_provider_patterns,
secret_scanning_push_protection,
secret_scanning_validity_checks,
target_type,
updated_at,
url
FROM github.code_security.code_security_configurations
WHERE enterprise = '{{ enterprise }}' -- required
AND per_page = '{{ per_page }}'
AND before = '{{ before }}'
AND after = '{{ after }}'
;
Lists all code security configurations available in an organization.
The authenticated user must be an administrator or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the read:org scope to use this endpoint.
SELECT
id,
name,
advanced_security,
code_scanning_default_setup,
code_scanning_default_setup_options,
code_scanning_delegated_alert_dismissal,
code_scanning_options,
created_at,
dependabot_alerts,
dependabot_delegated_alert_dismissal,
dependabot_security_updates,
dependency_graph,
dependency_graph_autosubmit_action,
dependency_graph_autosubmit_action_options,
description,
enforcement,
html_url,
private_vulnerability_reporting,
secret_scanning,
secret_scanning_delegated_alert_dismissal,
secret_scanning_delegated_bypass,
secret_scanning_delegated_bypass_options,
secret_scanning_extended_metadata,
secret_scanning_generic_secrets,
secret_scanning_non_provider_patterns,
secret_scanning_push_protection,
secret_scanning_validity_checks,
target_type,
updated_at,
url
FROM github.code_security.code_security_configurations
WHERE org = '{{ org }}' -- required
AND target_type = '{{ target_type }}'
AND per_page = '{{ per_page }}'
AND before = '{{ before }}'
AND after = '{{ after }}'
;
INSERT examples
- attach_enterprise_configuration
- attach_configuration
- create_configuration_for_enterprise
- create_configuration
- Manifest
Attaches an enterprise code security configuration to repositories. If the repositories specified are already attached to a configuration, they will be re-attached to the provided configuration.
If insufficient GHAS licenses are available to attach the configuration to a repository, only free features will be enabled.
The authenticated user must be an administrator for the enterprise to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.
INSERT INTO github.code_security.code_security_configurations (
scope,
enterprise,
configuration_id
)
SELECT
'{{ scope }}' /* required */,
'{{ enterprise }}',
'{{ configuration_id }}'
;
Attach a code security configuration to a set of repositories. If the repositories specified are already attached to a configuration, they will be re-attached to the provided configuration.
If insufficient GHAS licenses are available to attach the configuration to a repository, only free features will be enabled.
The authenticated user must be an administrator or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.
INSERT INTO github.code_security.code_security_configurations (
scope,
selected_repository_ids,
org,
configuration_id
)
SELECT
'{{ scope }}' /* required */,
'{{ selected_repository_ids }}',
'{{ org }}',
'{{ configuration_id }}'
;
Creates a code security configuration in an enterprise.
The authenticated user must be an administrator of the enterprise in order to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.
INSERT INTO github.code_security.code_security_configurations (
name,
description,
advanced_security,
code_security,
dependency_graph,
dependency_graph_autosubmit_action,
dependency_graph_autosubmit_action_options,
dependabot_alerts,
dependabot_security_updates,
code_scanning_options,
code_scanning_default_setup,
code_scanning_default_setup_options,
code_scanning_delegated_alert_dismissal,
secret_protection,
secret_scanning,
secret_scanning_push_protection,
secret_scanning_validity_checks,
secret_scanning_non_provider_patterns,
secret_scanning_generic_secrets,
secret_scanning_delegated_alert_dismissal,
secret_scanning_extended_metadata,
private_vulnerability_reporting,
enforcement,
enterprise
)
SELECT
'{{ name }}' /* required */,
'{{ description }}' /* required */,
'{{ advanced_security }}',
'{{ code_security }}',
'{{ dependency_graph }}',
'{{ dependency_graph_autosubmit_action }}',
'{{ dependency_graph_autosubmit_action_options }}',
'{{ dependabot_alerts }}',
'{{ dependabot_security_updates }}',
'{{ code_scanning_options }}',
'{{ code_scanning_default_setup }}',
'{{ code_scanning_default_setup_options }}',
'{{ code_scanning_delegated_alert_dismissal }}',
'{{ secret_protection }}',
'{{ secret_scanning }}',
'{{ secret_scanning_push_protection }}',
'{{ secret_scanning_validity_checks }}',
'{{ secret_scanning_non_provider_patterns }}',
'{{ secret_scanning_generic_secrets }}',
'{{ secret_scanning_delegated_alert_dismissal }}',
'{{ secret_scanning_extended_metadata }}',
'{{ private_vulnerability_reporting }}',
'{{ enforcement }}',
'{{ enterprise }}'
RETURNING
id,
name,
advanced_security,
code_scanning_default_setup,
code_scanning_default_setup_options,
code_scanning_delegated_alert_dismissal,
code_scanning_options,
created_at,
dependabot_alerts,
dependabot_delegated_alert_dismissal,
dependabot_security_updates,
dependency_graph,
dependency_graph_autosubmit_action,
dependency_graph_autosubmit_action_options,
description,
enforcement,
html_url,
private_vulnerability_reporting,
secret_scanning,
secret_scanning_delegated_alert_dismissal,
secret_scanning_delegated_bypass,
secret_scanning_delegated_bypass_options,
secret_scanning_extended_metadata,
secret_scanning_generic_secrets,
secret_scanning_non_provider_patterns,
secret_scanning_push_protection,
secret_scanning_validity_checks,
target_type,
updated_at,
url
;
Creates a code security configuration in an organization.
The authenticated user must be an administrator or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.
INSERT INTO github.code_security.code_security_configurations (
name,
description,
advanced_security,
code_security,
dependency_graph,
dependency_graph_autosubmit_action,
dependency_graph_autosubmit_action_options,
dependabot_alerts,
dependabot_security_updates,
dependabot_delegated_alert_dismissal,
code_scanning_options,
code_scanning_default_setup,
code_scanning_default_setup_options,
code_scanning_delegated_alert_dismissal,
secret_protection,
secret_scanning,
secret_scanning_push_protection,
secret_scanning_delegated_bypass,
secret_scanning_delegated_bypass_options,
secret_scanning_validity_checks,
secret_scanning_non_provider_patterns,
secret_scanning_generic_secrets,
secret_scanning_delegated_alert_dismissal,
secret_scanning_extended_metadata,
private_vulnerability_reporting,
enforcement,
org
)
SELECT
'{{ name }}' /* required */,
'{{ description }}' /* required */,
'{{ advanced_security }}',
'{{ code_security }}',
'{{ dependency_graph }}',
'{{ dependency_graph_autosubmit_action }}',
'{{ dependency_graph_autosubmit_action_options }}',
'{{ dependabot_alerts }}',
'{{ dependabot_security_updates }}',
'{{ dependabot_delegated_alert_dismissal }}',
'{{ code_scanning_options }}',
'{{ code_scanning_default_setup }}',
'{{ code_scanning_default_setup_options }}',
'{{ code_scanning_delegated_alert_dismissal }}',
'{{ secret_protection }}',
'{{ secret_scanning }}',
'{{ secret_scanning_push_protection }}',
'{{ secret_scanning_delegated_bypass }}',
'{{ secret_scanning_delegated_bypass_options }}',
'{{ secret_scanning_validity_checks }}',
'{{ secret_scanning_non_provider_patterns }}',
'{{ secret_scanning_generic_secrets }}',
'{{ secret_scanning_delegated_alert_dismissal }}',
'{{ secret_scanning_extended_metadata }}',
'{{ private_vulnerability_reporting }}',
'{{ enforcement }}',
'{{ org }}'
RETURNING
id,
name,
advanced_security,
code_scanning_default_setup,
code_scanning_default_setup_options,
code_scanning_delegated_alert_dismissal,
code_scanning_options,
created_at,
dependabot_alerts,
dependabot_delegated_alert_dismissal,
dependabot_security_updates,
dependency_graph,
dependency_graph_autosubmit_action,
dependency_graph_autosubmit_action_options,
description,
enforcement,
html_url,
private_vulnerability_reporting,
secret_scanning,
secret_scanning_delegated_alert_dismissal,
secret_scanning_delegated_bypass,
secret_scanning_delegated_bypass_options,
secret_scanning_extended_metadata,
secret_scanning_generic_secrets,
secret_scanning_non_provider_patterns,
secret_scanning_push_protection,
secret_scanning_validity_checks,
target_type,
updated_at,
url
;
# Description fields are for documentation purposes
- name: code_security_configurations
props:
- name: enterprise
value: "{{ enterprise }}"
description: Required parameter for the code_security_configurations resource.
- name: configuration_id
value: {{ configuration_id }}
description: Required parameter for the code_security_configurations resource.
- name: org
value: "{{ org }}"
description: Required parameter for the code_security_configurations resource.
- name: scope
value: "{{ scope }}"
description: |
The type of repositories to attach the configuration to. `selected` means the configuration will be attached to only the repositories specified by `selected_repository_ids`
valid_values: ['all', 'all_without_configurations', 'public', 'private_or_internal', 'selected']
- name: selected_repository_ids
value:
- {{ selected_repository_ids }}
description: |
An array of repository IDs to attach the configuration to. You can only provide a list of repository ids when the `scope` is set to `selected`.
- name: name
value: "{{ name }}"
description: |
The name of the code security configuration. Must be unique within the organization.
- name: description
value: "{{ description }}"
description: |
A description of the code security configuration
- name: advanced_security
value: "{{ advanced_security }}"
description: |
The enablement status of GitHub Advanced Security features. `enabled` will enable both Code Security and Secret Protection features.
> [!WARNING]
> `code_security` and `secret_protection` are deprecated values for this field. Prefer the individual `code_security` and `secret_protection` fields to set the status of these features.
valid_values: ['enabled', 'disabled', 'code_security', 'secret_protection']
default: disabled
- name: code_security
value: "{{ code_security }}"
description: |
The enablement status of GitHub Code Security features.
valid_values: ['enabled', 'disabled', 'not_set']
- name: dependency_graph
value: "{{ dependency_graph }}"
description: |
The enablement status of Dependency Graph
valid_values: ['enabled', 'disabled', 'not_set']
default: enabled
- name: dependency_graph_autosubmit_action
value: "{{ dependency_graph_autosubmit_action }}"
description: |
The enablement status of Automatic dependency submission
valid_values: ['enabled', 'disabled', 'not_set']
default: disabled
- name: dependency_graph_autosubmit_action_options
description: |
Feature options for Automatic dependency submission
value:
labeled_runners: {{ labeled_runners }}
- name: dependabot_alerts
value: "{{ dependabot_alerts }}"
description: |
The enablement status of Dependabot alerts
valid_values: ['enabled', 'disabled', 'not_set']
default: disabled
- name: dependabot_security_updates
value: "{{ dependabot_security_updates }}"
description: |
The enablement status of Dependabot security updates
valid_values: ['enabled', 'disabled', 'not_set']
default: disabled
- name: code_scanning_options
description: |
Security Configuration feature options for code scanning
value:
allow_advanced: {{ allow_advanced }}
- name: code_scanning_default_setup
value: "{{ code_scanning_default_setup }}"
description: |
The enablement status of code scanning default setup
valid_values: ['enabled', 'disabled', 'not_set']
default: disabled
- name: code_scanning_default_setup_options
description: |
Feature options for code scanning default setup
value:
runner_type: "{{ runner_type }}"
runner_label: "{{ runner_label }}"
- name: code_scanning_delegated_alert_dismissal
value: "{{ code_scanning_delegated_alert_dismissal }}"
description: |
The enablement status of code scanning delegated alert dismissal
valid_values: ['enabled', 'disabled', 'not_set']
default: not_set
- name: secret_protection
value: "{{ secret_protection }}"
description: |
The enablement status of GitHub Secret Protection features.
valid_values: ['enabled', 'disabled', 'not_set']
- name: secret_scanning
value: "{{ secret_scanning }}"
description: |
The enablement status of secret scanning
valid_values: ['enabled', 'disabled', 'not_set']
default: disabled
- name: secret_scanning_push_protection
value: "{{ secret_scanning_push_protection }}"
description: |
The enablement status of secret scanning push protection
valid_values: ['enabled', 'disabled', 'not_set']
default: disabled
- name: secret_scanning_validity_checks
value: "{{ secret_scanning_validity_checks }}"
description: |
The enablement status of secret scanning validity checks
valid_values: ['enabled', 'disabled', 'not_set']
default: disabled
- name: secret_scanning_non_provider_patterns
value: "{{ secret_scanning_non_provider_patterns }}"
description: |
The enablement status of secret scanning non provider patterns
valid_values: ['enabled', 'disabled', 'not_set']
default: disabled
- name: secret_scanning_generic_secrets
value: "{{ secret_scanning_generic_secrets }}"
description: |
The enablement status of Copilot secret scanning
valid_values: ['enabled', 'disabled', 'not_set']
default: disabled
- name: secret_scanning_delegated_alert_dismissal
value: "{{ secret_scanning_delegated_alert_dismissal }}"
description: |
The enablement status of secret scanning delegated alert dismissal
valid_values: ['enabled', 'disabled', 'not_set']
- name: secret_scanning_extended_metadata
value: "{{ secret_scanning_extended_metadata }}"
description: |
The enablement status of secret scanning extended metadata
valid_values: ['enabled', 'disabled', 'not_set']
- name: private_vulnerability_reporting
value: "{{ private_vulnerability_reporting }}"
description: |
The enablement status of private vulnerability reporting
valid_values: ['enabled', 'disabled', 'not_set']
default: disabled
- name: enforcement
value: "{{ enforcement }}"
description: |
The enforcement status for a security configuration
valid_values: ['enforced', 'unenforced']
default: enforced
- name: dependabot_delegated_alert_dismissal
value: "{{ dependabot_delegated_alert_dismissal }}"
description: |
The enablement status of Dependabot delegated alert dismissal. Requires Dependabot alerts to be enabled.
valid_values: ['enabled', 'disabled', 'not_set']
default: disabled
- name: secret_scanning_delegated_bypass
value: "{{ secret_scanning_delegated_bypass }}"
description: |
The enablement status of secret scanning delegated bypass
valid_values: ['enabled', 'disabled', 'not_set']
default: disabled
- name: secret_scanning_delegated_bypass_options
description: |
Feature options for secret scanning delegated bypass
value:
reviewers:
- reviewer_id: {{ reviewer_id }}
reviewer_type: "{{ reviewer_type }}"
mode: "{{ mode }}"
UPDATE examples
- update_enterprise_configuration
- update_configuration
Updates a code security configuration in an enterprise.
The authenticated user must be an administrator of the enterprise in order to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.
UPDATE github.code_security.code_security_configurations
SET
name = '{{ name }}',
description = '{{ description }}',
advanced_security = '{{ advanced_security }}',
code_security = '{{ code_security }}',
dependency_graph = '{{ dependency_graph }}',
dependency_graph_autosubmit_action = '{{ dependency_graph_autosubmit_action }}',
dependency_graph_autosubmit_action_options = '{{ dependency_graph_autosubmit_action_options }}',
dependabot_alerts = '{{ dependabot_alerts }}',
dependabot_security_updates = '{{ dependabot_security_updates }}',
code_scanning_default_setup = '{{ code_scanning_default_setup }}',
code_scanning_default_setup_options = '{{ code_scanning_default_setup_options }}',
code_scanning_options = '{{ code_scanning_options }}',
code_scanning_delegated_alert_dismissal = '{{ code_scanning_delegated_alert_dismissal }}',
secret_protection = '{{ secret_protection }}',
secret_scanning = '{{ secret_scanning }}',
secret_scanning_push_protection = '{{ secret_scanning_push_protection }}',
secret_scanning_validity_checks = '{{ secret_scanning_validity_checks }}',
secret_scanning_non_provider_patterns = '{{ secret_scanning_non_provider_patterns }}',
secret_scanning_generic_secrets = '{{ secret_scanning_generic_secrets }}',
secret_scanning_delegated_alert_dismissal = '{{ secret_scanning_delegated_alert_dismissal }}',
secret_scanning_extended_metadata = '{{ secret_scanning_extended_metadata }}',
private_vulnerability_reporting = '{{ private_vulnerability_reporting }}',
enforcement = '{{ enforcement }}'
WHERE
enterprise = '{{ enterprise }}' --required
AND configuration_id = '{{ configuration_id }}' --required
RETURNING
id,
name,
advanced_security,
code_scanning_default_setup,
code_scanning_default_setup_options,
code_scanning_delegated_alert_dismissal,
code_scanning_options,
created_at,
dependabot_alerts,
dependabot_delegated_alert_dismissal,
dependabot_security_updates,
dependency_graph,
dependency_graph_autosubmit_action,
dependency_graph_autosubmit_action_options,
description,
enforcement,
html_url,
private_vulnerability_reporting,
secret_scanning,
secret_scanning_delegated_alert_dismissal,
secret_scanning_delegated_bypass,
secret_scanning_delegated_bypass_options,
secret_scanning_extended_metadata,
secret_scanning_generic_secrets,
secret_scanning_non_provider_patterns,
secret_scanning_push_protection,
secret_scanning_validity_checks,
target_type,
updated_at,
url;
Updates a code security configuration in an organization.
The authenticated user must be an administrator or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.
UPDATE github.code_security.code_security_configurations
SET
name = '{{ name }}',
description = '{{ description }}',
advanced_security = '{{ advanced_security }}',
code_security = '{{ code_security }}',
dependency_graph = '{{ dependency_graph }}',
dependency_graph_autosubmit_action = '{{ dependency_graph_autosubmit_action }}',
dependency_graph_autosubmit_action_options = '{{ dependency_graph_autosubmit_action_options }}',
dependabot_alerts = '{{ dependabot_alerts }}',
dependabot_security_updates = '{{ dependabot_security_updates }}',
dependabot_delegated_alert_dismissal = '{{ dependabot_delegated_alert_dismissal }}',
code_scanning_default_setup = '{{ code_scanning_default_setup }}',
code_scanning_default_setup_options = '{{ code_scanning_default_setup_options }}',
code_scanning_options = '{{ code_scanning_options }}',
code_scanning_delegated_alert_dismissal = '{{ code_scanning_delegated_alert_dismissal }}',
secret_protection = '{{ secret_protection }}',
secret_scanning = '{{ secret_scanning }}',
secret_scanning_push_protection = '{{ secret_scanning_push_protection }}',
secret_scanning_delegated_bypass = '{{ secret_scanning_delegated_bypass }}',
secret_scanning_delegated_bypass_options = '{{ secret_scanning_delegated_bypass_options }}',
secret_scanning_validity_checks = '{{ secret_scanning_validity_checks }}',
secret_scanning_non_provider_patterns = '{{ secret_scanning_non_provider_patterns }}',
secret_scanning_generic_secrets = '{{ secret_scanning_generic_secrets }}',
secret_scanning_delegated_alert_dismissal = '{{ secret_scanning_delegated_alert_dismissal }}',
secret_scanning_extended_metadata = '{{ secret_scanning_extended_metadata }}',
private_vulnerability_reporting = '{{ private_vulnerability_reporting }}',
enforcement = '{{ enforcement }}'
WHERE
org = '{{ org }}' --required
AND configuration_id = '{{ configuration_id }}' --required
RETURNING
id,
name,
advanced_security,
code_scanning_default_setup,
code_scanning_default_setup_options,
code_scanning_delegated_alert_dismissal,
code_scanning_options,
created_at,
dependabot_alerts,
dependabot_delegated_alert_dismissal,
dependabot_security_updates,
dependency_graph,
dependency_graph_autosubmit_action,
dependency_graph_autosubmit_action_options,
description,
enforcement,
html_url,
private_vulnerability_reporting,
secret_scanning,
secret_scanning_delegated_alert_dismissal,
secret_scanning_delegated_bypass,
secret_scanning_delegated_bypass_options,
secret_scanning_extended_metadata,
secret_scanning_generic_secrets,
secret_scanning_non_provider_patterns,
secret_scanning_push_protection,
secret_scanning_validity_checks,
target_type,
updated_at,
url;
REPLACE examples
- set_configuration_as_default_for_enterprise
- set_configuration_as_default
Sets a code security configuration as a default to be applied to new repositories in your enterprise.
This configuration will be applied by default to the matching repository type when created, but only for organizations within the enterprise that do not already have a default code security configuration set.
The authenticated user must be an administrator for the enterprise to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.
REPLACE github.code_security.code_security_configurations
SET
default_for_new_repos = '{{ default_for_new_repos }}'
WHERE
enterprise = '{{ enterprise }}' --required
AND configuration_id = '{{ configuration_id }}' --required
RETURNING
configuration,
default_for_new_repos;
Sets a code security configuration as a default to be applied to new repositories in your organization.
This configuration will be applied to the matching repository type (all, none, public, private and internal) by default when they are created.
The authenticated user must be an administrator or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.
REPLACE github.code_security.code_security_configurations
SET
default_for_new_repos = '{{ default_for_new_repos }}'
WHERE
org = '{{ org }}' --required
AND configuration_id = '{{ configuration_id }}' --required
RETURNING
configuration,
default_for_new_repos;
DELETE examples
- delete_configuration_for_enterprise
- delete_configuration
- detach_configuration
Deletes a code security configuration from an enterprise.
Repositories attached to the configuration will retain their settings but will no longer be associated with
the configuration.
The authenticated user must be an administrator for the enterprise to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.
DELETE FROM github.code_security.code_security_configurations
WHERE enterprise = '{{ enterprise }}' --required
AND configuration_id = '{{ configuration_id }}' --required
;
Deletes the desired code security configuration from an organization.
Repositories attached to the configuration will retain their settings but will no longer be associated with
the configuration.
The authenticated user must be an administrator or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.
DELETE FROM github.code_security.code_security_configurations
WHERE org = '{{ org }}' --required
AND configuration_id = '{{ configuration_id }}' --required
;
Detach code security configuration(s) from a set of repositories.
Repositories will retain their settings but will no longer be associated with the configuration.
The authenticated user must be an administrator or security manager for the organization to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.
DELETE FROM github.code_security.code_security_configurations
WHERE org = '{{ org }}' --required
;