POST /enterprises/{enterprise}/code-security/configurations
Creates a code security configuration in an enterprise.
The authenticated user must be an administrator of the enterprise in order to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.
Servers
- https://api.github.com
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
enterprise |
String | Yes |
The slug version of the enterprise name. You can also substitute this value with the enterprise id. |
Request headers
| Name | Type | Required | Description |
|---|---|---|---|
Content-Type |
String | Yes |
The media type of the request body.
Default value: "application/json" |
Request body fields
| Name | Type | Required | Description |
|---|---|---|---|
dependency_graph_autosubmit_action_options |
Object | No |
Feature options for Automatic dependency submission |
dependency_graph_autosubmit_action_options.labeled_runners |
Boolean | No |
Whether to use runners labeled with 'dependency-submission' or standard GitHub runners. Default value: false |
secret_scanning |
String | No |
The enablement status of secret scanning Possible values:
Default value: "disabled" |
secret_scanning_non_provider_patterns |
String | No |
The enablement status of secret scanning non provider patterns Possible values:
Default value: "disabled" |
description |
String | Yes |
A description of the code security configuration |
secret_scanning_validity_checks |
String | No |
The enablement status of secret scanning validity checks Possible values:
Default value: "disabled" |
secret_scanning_delegated_alert_dismissal |
String | No |
The enablement status of secret scanning delegated alert dismissal Possible values:
Default value: "disabled" |
secret_scanning_push_protection |
String | No |
The enablement status of secret scanning push protection Possible values:
Default value: "disabled" |
dependency_graph_autosubmit_action |
String | No |
The enablement status of Automatic dependency submission Possible values:
Default value: "disabled" |
code_scanning_default_setup |
String | No |
The enablement status of code scanning default setup Possible values:
Default value: "disabled" |
secret_scanning_generic_secrets |
String | No |
The enablement status of Copilot secret scanning Possible values:
Default value: "disabled" |
dependabot_alerts |
String | No |
The enablement status of Dependabot alerts Possible values:
Default value: "disabled" |
dependabot_security_updates |
String | No |
The enablement status of Dependabot security updates Possible values:
Default value: "disabled" |
name |
String | Yes |
The name of the code security configuration. Must be unique within the enterprise. |
advanced_security |
String | No |
The enablement status of GitHub Advanced Security Possible values:
Default value: "disabled" |
private_vulnerability_reporting |
String | No |
The enablement status of private vulnerability reporting Possible values:
Default value: "disabled" |
dependency_graph |
String | No |
The enablement status of Dependency Graph Possible values:
Default value: "enabled" |
code_scanning_default_setup_options |
Object | No |
Feature options for code scanning default setup |
code_scanning_default_setup_options.runner_label |
String | No |
The label of the runner to use for code scanning default setup when runner_type is 'labeled'. |
code_scanning_default_setup_options.runner_type |
String | No |
Whether to use labeled runners or standard GitHub runners. Possible values:
|
code_scanning_delegated_alert_dismissal |
String | No |
The enablement status of code scanning delegated alert dismissal Possible values:
Default value: "disabled" |
enforcement |
String | No |
The enforcement status for a security configuration Possible values:
Default value: "enforced" |
How to start integrating
- Add HTTP Task to your workflow definition.
- Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
- Click Test request to test run your request to the API and see the API's response.