대규모 코드 검사를 위한 기본 설정 구성

조직 전체의 리포지토리에 대한 code scanning을 기본 설정을 사용하여 신속하게 구성할 수 있습니다.

누가 이 기능을 사용할 수 있나요?

관리자 역할이 있는 조직 소유자, 보안 관리자 및 조직 구성원

Code scanning은 다음 리포지토리 유형에서 사용할 수 있습니다.

  • GitHub.com에 대한 퍼블릭 리포지토리
  • GitHub Team, GitHub Enterprise Cloud 또는 GitHub Enterprise Server에 대한 조직 소유의 리포지토리로, GitHub Code Security 가 활성화되어 있습니다.

이 문서의 내용

With default setup for code scanning, you can quickly secure code in repositories across your organization. For more information, see About setup types for code scanning.

For repositories that are not suitable for default setup, you can configure advanced setup at the repository level, or at the organization level using a script.

Prerequisites

A repository must meet all the following criteria to be eligible for default setup:

  • Advanced setup for code scanning is not already enabled.
  • GitHub Actions is enabled.
  • It is publicly visible, or GitHub Code Security is enabled.

Configuring default setup for all eligible repositories in an organization

You can enable default setup for all eligible repositories in your organization. For more information, see About enabling security features at scale.

Extending CodeQL coverage in default setup

Through your organization's security settings page, you can extend coverage in default setup using model packs for all eligible repositories in your organization. For more information, see Editing your configuration of default setup.

Configuring default setup for a subset of repositories in an organization

You can filter for specific repositories you would like to configure default setup for. For more information, see Applying a custom security configuration.

Providing default setup access to private registries

When a repository uses code stored in a private registry, default setup needs access to the registry to work effectively. For more information, see Giving security features access to private registries.

Configuring merge protection for all repositories in an organization

You can use rulesets to prevent pull requests from being merged when one of the following conditions is met:

  • A required tool found a code scanning alert of a severity that is defined in a ruleset.
  • A required code scanning tool's analysis is still in progress.
  • A required code scanning tool is not configured for the repository.

For more information, see Set code scanning merge protection. For more general information about rulesets, see About rulesets.