How to Set Up Advanced Security for Public Repositories? #116434
-
TopicSetting Up GitHub Advanced Security for Public Repositories QuestionPer: About licenses for GitHub Advanced Security, it says: "If you want to use GitHub Advanced Security features on any repository apart from a public repository on GitHub.com, ...". However, this page, nor any other page I can find, explains how to enable GitHub Advanced Security on a public repository. Can someone either explain how, or point me to the proper page that does explain how? In my case, this is a personal project, not one in an organization. |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 3 replies
-
Advanced Security is a paid set of products, so unfortunately that may not be available. However, many of those security products are still offered for free public repositories. For example, Secret Scanning is available -- https://docs.github.com/en/code-security/secret-scanning/configuring-secret-scanning-for-your-repositories Most of the security product settings should appear on the same page, based on their availability. Lemme know if you were looking for a specific security product. |
Beta Was this translation helpful? Give feedback.
-
Enable Two-Factor Authentication (2FA): Enable 2FA for all collaborators to add an extra layer of security. |
Beta Was this translation helpful? Give feedback.
-
I guess I should have been more clear in my question. I'm specifically interested in piloting the new Autofix feature. However, per: https://github.com/orgs/community/discussions/111094 (Code scanning autofix: Preview Feedback and Resources) - it says: "Fix suggestions are available on private repositories with a working code scanning configuration." And 2 weeks ago there was also the comment: "We do not plan on shipping it to open source at the moment." so I guess as of today, you can't enable Advanced Security Autofix on public repos. You have to either pay for it or use a 30-day trial on an organization which has 1 or more private repos. GH also confirmed this: "Autofix is currently only available for private repositories owned by GHAS customers. We’re tracking the request to extend it to open source developers here." |
Beta Was this translation helpful? Give feedback.
I guess I should have been more clear in my question. I'm specifically interested in piloting the new Autofix feature. However, per: https://github.com/orgs/community/discussions/111094 (Code scanning autofix: Preview Feedback and Resources) - it says: "Fix suggestions are available on private repositories with a working code scanning configuration." And 2 weeks ago there was also the comment: "We do not plan on shipping it to open source at the moment." so I guess as of today, you can't enable Advanced Security Autofix on public repos. You have to either pay for it or use a 30-day trial on an organization which has 1 or more private repos.
GH also confirmed this: "Autofix is currently on…