Configuring permissions for a security team for Github Advanced Security features

[juangonzalezo]

Select Topic Area

Question

Body

I am looking to set up permissions for our security team who will be utilizing Github Advanced Security (GHAS). They need to have access to all security alerts reported by GHAS and the ability to close or modify them, in addition to managing GHAS settings across the entire organization.

I'm not entirely sure what the best approach is and what the recommendation would be to give access to the security team, as they are not responsible for development, but only for managing alerts when necessary.

What is the recommendation for this role? Which permissions should I configure or what is the best advice for this situation?

[just-joshing]

Hello! Does the security manager role satisfy your needs?

You may assign this role to up to ten teams in your organization.
It grants the users on the teams the ability to view and manage security alerts reported by GHAS for all repositories in the organization, enable and disable GHAS settings on all repositories in the organization, and read access to all repositories in the organization.