About choosing a security configuration
Security configurations are collections of enablement settings for GitHub's security features that you can apply to any repository within your organization. GitHub offers two types of security configurations:
- The GitHub-recommended security configuration
- Custom security configurations
We recommend that organizations initially apply the GitHub-recommended security configuration. After you have applied the GitHub-recommended security configuration to repositories in your organization, you can evaluate the security findings for each repository and determine if you instead want to create and apply a custom security configuration.
Choosing the GitHub-recommended security configuration
The GitHub-recommended security configuration offers a number of benefits:
- It is created and managed by GitHub's subject matter experts.
- It is the quickest security configuration to apply to all repositories in your organization.
- It is designed to effectively secure both low- and high-impact repositories.
To start securing repositories in your organization with the GitHub-recommended security configuration, see Applying the GitHub-recommended security configuration in your organization.
Choosing a custom security configuration
If you are familiar with GitHub's security products, and you have specific security needs that the GitHub-recommended security configuration can't meet, you can create and apply custom security configurations. With custom security configurations, you can:
- Edit the enablement settings for different security features
- Create several configurations for repositories with different security needs
- Manage your GitHub Advanced Security licensing by including or excluding GitHub Advanced Security features for a particular configuration
To start securing repositories in your organization with custom security configurations, see Creating a custom security configuration.