In this task, you will apply the Security configuration to repositories within your organization. This configuration helps enable key security features such as Dependabot, Code Scanning, and Secret Scanning to reduce security risks.
The steps will guide you through enabling these settings, creating a security configuration, and applying it across all repositories.
In this lab, you will perform:
- Task 1: Applying security settings in your organization.
The GitHub-recommended security configuration is a collection of enablement settings for GitHub's security features that is created and maintained by subject matter experts at GitHub. The GitHub-recommended security configuration is designed to successfully reduce the security risks for low- and high-impact repositories. We recommend you apply this configuration to all the repositories in your organization.
Applying the security configuration to all repositories in your organization
-
On the Home page, click on your profile icon in the top right corner.
-
Select Your organizations from the dropdown menu.
-
Choose ghas-bootcamp-xxxx-xx-xx-cloudlabsxxx from the list of organizations.
-
Click on the Settings tab.
-
In the Settings menu, click-on Configurations under Code Security from the Security section.
-
Click on New Configuration to start creating a new security configuration for the repository.
-
The Name field should be filled with
Security_settings_enable, which identifies the configuration's purpose. The Description should beSettings for Dependabot, secret scanning, and code scanning, offering a brief overview of what the configuration will accomplish.
-
Scroll down to the Dependency graph and Dependabot section. You'll find that all options are enabled by default. However, you have the flexibility to adjust these settings. You can modify the options to Enable, Disable, or leave them as Not set based on our requirements or preferences.
Note: Here, we are enable this for all.
-
In the Code Scanning section, the default setup for Code Scanning is enabled.
-
Scroll down to the Secret scanning section. You'll find that all options are enabled by default.
-
Leave the Alerts option set to Enable, and change the remaining options to Not set.
-
In the Policy section, next to Enforce configuration, select Don't enforce from the dropdown menu.
-
Finally, click Save Configurations to apply your changes.
-
On the Apply Configuration page, Click on Select All (1) , select Apply Configuration (2) to ensure the configuration applies universally. Next, click on the Security_settings_enable (3) configuration to select it. When prompted, click on Apply to implement the changes across all repositories in your organization. This will activate the secret scanning alerts for all repositories, helping to detect any exposed secrets or sensitive information.
-
You will find that the organization configurations for Security_settings_enable are enforced on 6 repositories.
Note: If it’s not visible, please refresh your page.
-
In the ghas-bootcamp-xxxx-xx-xx-cloudlabsxxx organization, click on Repositories from the top navigation pane.
-
From the list of repositories, click on ghas-bootcamp-WebGoat to begin working through this module.
-
To review, navigate to your repository’s Security tab.
-
Here, you can review your alerts in the security overview.
Note: Here, you will find that the security features are enabled for the repository present in the organization. You will also find this in other repositories, and you are free to check them as well.
In this module, we have completed the following:
- Applying security settings in your organization