{"meta":{"title":"설정","intro":"REST API를 사용하여 조직에 대한 보안 구성을 만들고 관리합니다.","product":"REST API","breadcrumbs":[{"href":"/ko/rest","title":"REST API"},{"href":"/ko/rest/code-security","title":"코드 보안 설정"},{"href":"/ko/rest/code-security/configurations","title":"설정"}],"documentType":"article"},"body":"# 설정\n\nREST API를 사용하여 조직에 대한 보안 구성을 만들고 관리합니다.\n\n\n> [!NOTE]\n> Most endpoints use `Authorization: Bearer ` and `Accept: application/vnd.github+json` headers, plus `X-GitHub-Api-Version: 2026-03-10`. Curl examples below omit these standard headers for brevity.\n\n\n## Get code security configurations for an enterprise\n\n```\nGET /enterprises/{enterprise}/code-security/configurations\n```\n\nLists all code security configurations available in an enterprise.\nThe authenticated user must be an administrator of the enterprise in order to use this endpoint.\nOAuth app tokens and personal access tokens (classic) need the read:enterprise scope to use this endpoint.\n\n\n### Parameters\n\n\n#### Headers\n\n\n- **`accept`** (string)\n Setting to `application/vnd.github+json` is recommended.\n\n\n\n#### Path and query parameters\n\n- **`enterprise`** (string) (required)\n The slug version of the enterprise name.\n\n- **`per_page`** (integer)\n The number of results per page (max 100). For more information, see \"Using pagination in the REST API.\"\n Default: `30`\n\n- **`before`** (string)\n A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see \"Using pagination in the REST API.\"\n\n- **`after`** (string)\n A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see \"Using pagination in the REST API.\"\n\n\n\n\n\n\n### HTTP response status codes\n\n\n- **200** - OK\n\n\n- **403** - Forbidden\n\n\n- **404** - Resource not found\n\n\n\n\n### Code examples\n\n\n\n#### Example\n\n**Request:**\n\n```curl\ncurl -L \\\n -X GET \\\n https://api.github.com/enterprises/ENTERPRISE/code-security/configurations\n```\n\n**Response schema (Status: 200):**\n\nArray of objects:\n * `id`: integer\n * `name`: string\n * `target_type`: string, enum: `global`, `organization`, `enterprise`\n * `description`: string\n * `advanced_security`: string, enum: `enabled`, `disabled`, `code_security`, `secret_protection`\n * `dependency_graph`: string, enum: `enabled`, `disabled`, `not_set`\n * `dependency_graph_autosubmit_action`: string, enum: `enabled`, `disabled`, `not_set`\n * `dependency_graph_autosubmit_action_options`: object:\n * `labeled_runners`: boolean\n * `dependabot_alerts`: string, enum: `enabled`, `disabled`, `not_set`\n * `dependabot_security_updates`: string, enum: `enabled`, `disabled`, `not_set`\n * `dependabot_delegated_alert_dismissal`: string or null, enum: `enabled`, `disabled`, `not_set`, `null`\n * `code_scanning_options`: object or null:\n * `allow_advanced`: boolean or null\n * `code_scanning_default_setup`: string, enum: `enabled`, `disabled`, `not_set`\n * `code_scanning_default_setup_options`: object or null:\n * `runner_type`: string or null, enum: `standard`, `labeled`, `not_set`, `null`\n * `runner_label`: string or null\n * `code_scanning_delegated_alert_dismissal`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_push_protection`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_delegated_bypass`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_delegated_bypass_options`: object:\n * `reviewers`: array of objects:\n * `reviewer_id`: required, integer\n * `reviewer_type`: required, string, enum: `TEAM`, `ROLE`\n * `mode`: string, enum: `ALWAYS`, `EXEMPT`, default: `\"ALWAYS\"`\n * `security_configuration_id`: integer\n * `secret_scanning_validity_checks`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_non_provider_patterns`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_generic_secrets`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_delegated_alert_dismissal`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_extended_metadata`: string, enum: `enabled`, `disabled`, `not_set`\n * `private_vulnerability_reporting`: string, enum: `enabled`, `disabled`, `not_set`\n * `enforcement`: string, enum: `enforced`, `unenforced`\n * `url`: string, format: uri\n * `html_url`: string, format: uri\n * `created_at`: string, format: date-time\n * `updated_at`: string, format: date-time\n\n\n\n\n\n## Create a code security configuration for an enterprise\n\n```\nPOST /enterprises/{enterprise}/code-security/configurations\n```\n\nCreates a code security configuration in an enterprise.\nThe authenticated user must be an administrator of the enterprise in order to use this endpoint.\nOAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.\n\n\n### Parameters\n\n\n#### Headers\n\n\n- **`accept`** (string)\n Setting to `application/vnd.github+json` is recommended.\n\n\n\n#### Path and query parameters\n\n- **`enterprise`** (string) (required)\n The slug version of the enterprise name.\n\n\n\n\n#### Body parameters\n\n- **`name`** (string) (required)\n The name of the code security configuration. Must be unique within the enterprise.\n\n- **`description`** (string) (required)\n A description of the code security configuration\n\n- **`advanced_security`** (string)\n The enablement status of GitHub Advanced Security features. enabled will enable both Code Security and Secret Protection features.\nWarning\n\ncode_security and secret_protection are deprecated values for this field. Prefer the individual code_security and secret_protection fields to set the status of these features.\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `code_security`, `secret_protection`\n\n- **`code_security`** (string)\n The enablement status of GitHub Code Security features.\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`dependency_graph`** (string)\n The enablement status of Dependency Graph\n Default: `enabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`dependency_graph_autosubmit_action`** (string)\n The enablement status of Automatic dependency submission\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`dependency_graph_autosubmit_action_options`** (object)\n Feature options for Automatic dependency submission\n - **`labeled_runners`** (boolean)\n Whether to use runners labeled with 'dependency-submission' or standard GitHub runners.\n Default: `false`\n\n- **`dependabot_alerts`** (string)\n The enablement status of Dependabot alerts\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`dependabot_security_updates`** (string)\n The enablement status of Dependabot security updates\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`code_scanning_options`** (object or null)\n Security Configuration feature options for code scanning\n - **`allow_advanced`** (boolean or null)\n Whether to allow repos which use advanced setup\n\n- **`code_scanning_default_setup`** (string)\n The enablement status of code scanning default setup\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`code_scanning_default_setup_options`** (object or null)\n Feature options for code scanning default setup\n - **`runner_type`** (string)\n Whether to use labeled runners or standard GitHub runners.\n Can be one of: `standard`, `labeled`, `not_set`\n - **`runner_label`** (string or null)\n The label of the runner to use for code scanning default setup when runner_type is 'labeled'.\n\n- **`code_scanning_delegated_alert_dismissal`** (string)\n The enablement status of code scanning delegated alert dismissal\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_protection`** (string)\n The enablement status of GitHub Secret Protection features.\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning`** (string)\n The enablement status of secret scanning\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning_push_protection`** (string)\n The enablement status of secret scanning push protection\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning_validity_checks`** (string)\n The enablement status of secret scanning validity checks\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning_non_provider_patterns`** (string)\n The enablement status of secret scanning non provider patterns\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning_generic_secrets`** (string)\n The enablement status of Copilot secret scanning\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning_delegated_alert_dismissal`** (string)\n The enablement status of secret scanning delegated alert dismissal\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning_extended_metadata`** (string)\n The enablement status of secret scanning extended metadata\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`private_vulnerability_reporting`** (string)\n The enablement status of private vulnerability reporting\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`enforcement`** (string)\n The enforcement status for a security configuration\n Default: `enforced`\n Can be one of: `enforced`, `unenforced`\n\n\n\n\n\n### HTTP response status codes\n\n\n- **201** - Successfully created code security configuration\n\n\n- **400** - Bad Request\n\n\n- **403** - Forbidden\n\n\n- **404** - Resource not found\n\n\n\n\n### Code examples\n\n\n\n#### Example for a code security configuration\n\n**Request:**\n\n```curl\ncurl -L \\\n -X POST \\\n https://api.github.com/enterprises/ENTERPRISE/code-security/configurations \\\n -d '{\n \"name\": \"High rish settings\",\n \"description\": \"This is a code security configuration for octo-enterprise\",\n \"advanced_security\": \"enabled\",\n \"dependabot_alerts\": \"enabled\",\n \"dependabot_security_updates\": \"not_set\",\n \"secret_scanning\": \"enabled\"\n}'\n```\n\n**Response schema (Status: 201):**\n\n* `id`: integer\n* `name`: string\n* `target_type`: string, enum: `global`, `organization`, `enterprise`\n* `description`: string\n* `advanced_security`: string, enum: `enabled`, `disabled`, `code_security`, `secret_protection`\n* `dependency_graph`: string, enum: `enabled`, `disabled`, `not_set`\n* `dependency_graph_autosubmit_action`: string, enum: `enabled`, `disabled`, `not_set`\n* `dependency_graph_autosubmit_action_options`: object:\n * `labeled_runners`: boolean\n* `dependabot_alerts`: string, enum: `enabled`, `disabled`, `not_set`\n* `dependabot_security_updates`: string, enum: `enabled`, `disabled`, `not_set`\n* `dependabot_delegated_alert_dismissal`: string or null, enum: `enabled`, `disabled`, `not_set`, `null`\n* `code_scanning_options`: object or null:\n * `allow_advanced`: boolean or null\n* `code_scanning_default_setup`: string, enum: `enabled`, `disabled`, `not_set`\n* `code_scanning_default_setup_options`: object or null:\n * `runner_type`: string or null, enum: `standard`, `labeled`, `not_set`, `null`\n * `runner_label`: string or null\n* `code_scanning_delegated_alert_dismissal`: string, enum: `enabled`, `disabled`, `not_set`\n* `secret_scanning`: string, enum: `enabled`, `disabled`, `not_set`\n* `secret_scanning_push_protection`: string, enum: `enabled`, `disabled`, `not_set`\n* `secret_scanning_delegated_bypass`: string, enum: `enabled`, `disabled`, `not_set`\n* `secret_scanning_delegated_bypass_options`: object:\n * `reviewers`: array of objects:\n * `reviewer_id`: required, integer\n * `reviewer_type`: required, string, enum: `TEAM`, `ROLE`\n * `mode`: string, enum: `ALWAYS`, `EXEMPT`, default: `\"ALWAYS\"`\n * `security_configuration_id`: integer\n* `secret_scanning_validity_checks`: string, enum: `enabled`, `disabled`, `not_set`\n* `secret_scanning_non_provider_patterns`: string, enum: `enabled`, `disabled`, `not_set`\n* `secret_scanning_generic_secrets`: string, enum: `enabled`, `disabled`, `not_set`\n* `secret_scanning_delegated_alert_dismissal`: string, enum: `enabled`, `disabled`, `not_set`\n* `secret_scanning_extended_metadata`: string, enum: `enabled`, `disabled`, `not_set`\n* `private_vulnerability_reporting`: string, enum: `enabled`, `disabled`, `not_set`\n* `enforcement`: string, enum: `enforced`, `unenforced`\n* `url`: string, format: uri\n* `html_url`: string, format: uri\n* `created_at`: string, format: date-time\n* `updated_at`: string, format: date-time\n\n\n\n\n\n## Get default code security configurations for an enterprise\n\n```\nGET /enterprises/{enterprise}/code-security/configurations/defaults\n```\n\nLists the default code security configurations for an enterprise.\nThe authenticated user must be an administrator of the enterprise in order to use this endpoint.\nOAuth app tokens and personal access tokens (classic) need the read:enterprise scope to use this endpoint.\n\n\n### Parameters\n\n\n#### Headers\n\n\n- **`accept`** (string)\n Setting to `application/vnd.github+json` is recommended.\n\n\n\n#### Path and query parameters\n\n- **`enterprise`** (string) (required)\n The slug version of the enterprise name.\n\n\n\n\n\n\n### HTTP response status codes\n\n\n- **200** - OK\n\n\n\n\n### Code examples\n\n\n\n#### Example\n\n**Request:**\n\n```curl\ncurl -L \\\n -X GET \\\n https://api.github.com/enterprises/ENTERPRISE/code-security/configurations/defaults\n```\n\n**Response schema (Status: 200):**\n\nArray of objects:\n * `default_for_new_repos`: enum: `public`, `private_and_internal`, `all`\n * `configuration`: object:\n * `id`: integer\n * `name`: string\n * `target_type`: string, enum: `global`, `organization`, `enterprise`\n * `description`: string\n * `advanced_security`: string, enum: `enabled`, `disabled`, `code_security`, `secret_protection`\n * `dependency_graph`: string, enum: `enabled`, `disabled`, `not_set`\n * `dependency_graph_autosubmit_action`: string, enum: `enabled`, `disabled`, `not_set`\n * `dependency_graph_autosubmit_action_options`: object:\n * `labeled_runners`: boolean\n * `dependabot_alerts`: string, enum: `enabled`, `disabled`, `not_set`\n * `dependabot_security_updates`: string, enum: `enabled`, `disabled`, `not_set`\n * `dependabot_delegated_alert_dismissal`: string or null, enum: `enabled`, `disabled`, `not_set`, `null`\n * `code_scanning_options`: object or null:\n * `allow_advanced`: boolean or null\n * `code_scanning_default_setup`: string, enum: `enabled`, `disabled`, `not_set`\n * `code_scanning_default_setup_options`: object or null:\n * `runner_type`: string or null, enum: `standard`, `labeled`, `not_set`, `null`\n * `runner_label`: string or null\n * `code_scanning_delegated_alert_dismissal`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_push_protection`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_delegated_bypass`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_delegated_bypass_options`: object:\n * `reviewers`: array of objects:\n * `reviewer_id`: required, integer\n * `reviewer_type`: required, string, enum: `TEAM`, `ROLE`\n * `mode`: string, enum: `ALWAYS`, `EXEMPT`, default: `\"ALWAYS\"`\n * `security_configuration_id`: integer\n * `secret_scanning_validity_checks`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_non_provider_patterns`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_generic_secrets`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_delegated_alert_dismissal`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_extended_metadata`: string, enum: `enabled`, `disabled`, `not_set`\n * `private_vulnerability_reporting`: string, enum: `enabled`, `disabled`, `not_set`\n * `enforcement`: string, enum: `enforced`, `unenforced`\n * `url`: string, format: uri\n * `html_url`: string, format: uri\n * `created_at`: string, format: date-time\n * `updated_at`: string, format: date-time\n\n\n\n\n\n## Retrieve a code security configuration of an enterprise\n\n```\nGET /enterprises/{enterprise}/code-security/configurations/{configuration_id}\n```\n\nGets a code security configuration available in an enterprise.\nThe authenticated user must be an administrator of the enterprise in order to use this endpoint.\nOAuth app tokens and personal access tokens (classic) need the read:enterprise scope to use this endpoint.\n\n\n### Parameters\n\n\n#### Headers\n\n\n- **`accept`** (string)\n Setting to `application/vnd.github+json` is recommended.\n\n\n\n#### Path and query parameters\n\n- **`enterprise`** (string) (required)\n The slug version of the enterprise name.\n\n- **`configuration_id`** (integer) (required)\n The unique identifier of the code security configuration.\n\n\n\n\n\n\n### HTTP response status codes\n\n\n- **200** - OK\n\n\n- **304** - Not modified\n\n\n- **403** - Forbidden\n\n\n- **404** - Resource not found\n\n\n\n\n### Code examples\n\n\n\n#### Example\n\n**Request:**\n\n```curl\ncurl -L \\\n -X GET \\\n https://api.github.com/enterprises/ENTERPRISE/code-security/configurations/CONFIGURATION_ID\n```\n\n**Response schema (Status: 200):**\n\nSame response schema as [Create a code security configuration for an enterprise](#create-a-code-security-configuration-for-an-enterprise).\n\n\n\n\n\n## Update a custom code security configuration for an enterprise\n\n```\nPATCH /enterprises/{enterprise}/code-security/configurations/{configuration_id}\n```\n\nUpdates a code security configuration in an enterprise.\nThe authenticated user must be an administrator of the enterprise in order to use this endpoint.\nOAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.\n\n\n### Parameters\n\n\n#### Headers\n\n\n- **`accept`** (string)\n Setting to `application/vnd.github+json` is recommended.\n\n\n\n#### Path and query parameters\n\n- **`enterprise`** (string) (required)\n The slug version of the enterprise name.\n\n- **`configuration_id`** (integer) (required)\n The unique identifier of the code security configuration.\n\n\n\n\n#### Body parameters\n\n- **`name`** (string)\n The name of the code security configuration. Must be unique across the enterprise.\n\n- **`description`** (string)\n A description of the code security configuration\n\n- **`advanced_security`** (string)\n The enablement status of GitHub Advanced Security features. enabled will enable both Code Security and Secret Protection features.\nWarning\n\ncode_security and secret_protection are deprecated values for this field. Prefer the individual code_security and secret_protection fields to set the status of these features.\n Can be one of: `enabled`, `disabled`, `code_security`, `secret_protection`\n\n- **`code_security`** (string)\n The enablement status of GitHub Code Security features.\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`dependency_graph`** (string)\n The enablement status of Dependency Graph\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`dependency_graph_autosubmit_action`** (string)\n The enablement status of Automatic dependency submission\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`dependency_graph_autosubmit_action_options`** (object)\n Feature options for Automatic dependency submission\n - **`labeled_runners`** (boolean)\n Whether to use runners labeled with 'dependency-submission' or standard GitHub runners.\n\n- **`dependabot_alerts`** (string)\n The enablement status of Dependabot alerts\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`dependabot_security_updates`** (string)\n The enablement status of Dependabot security updates\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`code_scanning_default_setup`** (string)\n The enablement status of code scanning default setup\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`code_scanning_default_setup_options`** (object or null)\n Feature options for code scanning default setup\n - **`runner_type`** (string)\n Whether to use labeled runners or standard GitHub runners.\n Can be one of: `standard`, `labeled`, `not_set`\n - **`runner_label`** (string or null)\n The label of the runner to use for code scanning default setup when runner_type is 'labeled'.\n\n- **`code_scanning_options`** (object or null)\n Security Configuration feature options for code scanning\n - **`allow_advanced`** (boolean or null)\n Whether to allow repos which use advanced setup\n\n- **`code_scanning_delegated_alert_dismissal`** (string)\n The enablement status of code scanning delegated alert dismissal\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_protection`** (string)\n The enablement status of GitHub Secret Protection features.\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning`** (string)\n The enablement status of secret scanning\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning_push_protection`** (string)\n The enablement status of secret scanning push protection\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning_validity_checks`** (string)\n The enablement status of secret scanning validity checks\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning_non_provider_patterns`** (string)\n The enablement status of secret scanning non-provider patterns\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning_generic_secrets`** (string)\n The enablement status of Copilot secret scanning\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning_delegated_alert_dismissal`** (string)\n The enablement status of secret scanning delegated alert dismissal\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning_extended_metadata`** (string)\n The enablement status of secret scanning extended metadata\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`private_vulnerability_reporting`** (string)\n The enablement status of private vulnerability reporting\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`enforcement`** (string)\n The enforcement status for a security configuration\n Can be one of: `enforced`, `unenforced`\n\n\n\n\n\n### HTTP response status codes\n\n\n- **200** - OK\n\n\n- **304** - Not modified\n\n\n- **403** - Forbidden\n\n\n- **404** - Resource not found\n\n\n- **409** - Conflict\n\n\n\n\n### Code examples\n\n\n\n#### Example for updating a code security configuration\n\n**Request:**\n\n```curl\ncurl -L \\\n -X PATCH \\\n https://api.github.com/enterprises/ENTERPRISE/code-security/configurations/CONFIGURATION_ID \\\n -d '{\n \"name\": \"octo-enterprise recommended settings v2\",\n \"secret_scanning\": \"disabled\",\n \"code_scanning_default_setup\": \"enabled\"\n}'\n```\n\n**Response schema (Status: 200):**\n\nSame response schema as [Create a code security configuration for an enterprise](#create-a-code-security-configuration-for-an-enterprise).\n\n\n\n\n\n## Delete a code security configuration for an enterprise\n\n```\nDELETE /enterprises/{enterprise}/code-security/configurations/{configuration_id}\n```\n\nDeletes a code security configuration from an enterprise.\nRepositories attached to the configuration will retain their settings but will no longer be associated with\nthe configuration.\nThe authenticated user must be an administrator for the enterprise to use this endpoint.\nOAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.\n\n\n### Parameters\n\n\n#### Headers\n\n\n- **`accept`** (string)\n Setting to `application/vnd.github+json` is recommended.\n\n\n\n#### Path and query parameters\n\n- **`enterprise`** (string) (required)\n The slug version of the enterprise name.\n\n- **`configuration_id`** (integer) (required)\n The unique identifier of the code security configuration.\n\n\n\n\n\n\n### HTTP response status codes\n\n\n- **204** - A header with no content is returned.\n\n\n- **400** - Bad Request\n\n\n- **403** - Forbidden\n\n\n- **404** - Resource not found\n\n\n- **409** - Conflict\n\n\n\n\n### Code examples\n\n\n\n#### Example\n\n**Request:**\n\n```curl\ncurl -L \\\n -X DELETE \\\n https://api.github.com/enterprises/ENTERPRISE/code-security/configurations/CONFIGURATION_ID\n```\n\n**Response schema (Status: 204):**\n\n\n\n\n\n## Attach an enterprise configuration to repositories\n\n```\nPOST /enterprises/{enterprise}/code-security/configurations/{configuration_id}/attach\n```\n\nAttaches an enterprise code security configuration to repositories. If the repositories specified are already attached to a configuration, they will be re-attached to the provided configuration.\nIf insufficient GHAS licenses are available to attach the configuration to a repository, only free features will be enabled.\nThe authenticated user must be an administrator for the enterprise to use this endpoint.\nOAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.\n\n\n### Parameters\n\n\n#### Headers\n\n\n- **`accept`** (string)\n Setting to `application/vnd.github+json` is recommended.\n\n\n\n#### Path and query parameters\n\n- **`enterprise`** (string) (required)\n The slug version of the enterprise name.\n\n- **`configuration_id`** (integer) (required)\n The unique identifier of the code security configuration.\n\n\n\n\n#### Body parameters\n\n- **`scope`** (string) (required)\n The type of repositories to attach the configuration to.\n Can be one of: `all`, `all_without_configurations`\n\n\n\n\n\n### HTTP response status codes\n\n\n- **202** - Accepted\n\n\n- **403** - Forbidden\n\n\n- **404** - Resource not found\n\n\n- **409** - Conflict\n\n\n\n\n### Code examples\n\n\n\n#### Example for attaching a configuration to some repositories\n\n**Request:**\n\n```curl\ncurl -L \\\n -X POST \\\n https://api.github.com/enterprises/ENTERPRISE/code-security/configurations/CONFIGURATION_ID/attach \\\n -d '{\n \"scope\": \"all\"\n}'\n```\n\n**Response schema (Status: 202):**\n\nobject\n\n\n\n\n\n## Set a code security configuration as a default for an enterprise\n\n```\nPUT /enterprises/{enterprise}/code-security/configurations/{configuration_id}/defaults\n```\n\nSets a code security configuration as a default to be applied to new repositories in your enterprise.\nThis configuration will be applied by default to the matching repository type when created, but only for organizations within the enterprise that do not already have a default code security configuration set.\nThe authenticated user must be an administrator for the enterprise to use this endpoint.\nOAuth app tokens and personal access tokens (classic) need the admin:enterprise scope to use this endpoint.\n\n\n### Parameters\n\n\n#### Headers\n\n\n- **`accept`** (string)\n Setting to `application/vnd.github+json` is recommended.\n\n\n\n#### Path and query parameters\n\n- **`enterprise`** (string) (required)\n The slug version of the enterprise name.\n\n- **`configuration_id`** (integer) (required)\n The unique identifier of the code security configuration.\n\n\n\n\n#### Body parameters\n\n- **`default_for_new_repos`** (string)\n Specify which types of repository this security configuration should be applied to by default.\n Can be one of: `all`, `none`, `private_and_internal`, `public`\n\n\n\n\n\n### HTTP response status codes\n\n\n- **200** - Default successfully changed.\n\n\n- **403** - Forbidden\n\n\n- **404** - Resource not found\n\n\n\n\n### Code examples\n\n\n\n#### Set this configuration to be enabled by default on all new repositories.\n\n**Request:**\n\n```curl\ncurl -L \\\n -X PUT \\\n https://api.github.com/enterprises/ENTERPRISE/code-security/configurations/CONFIGURATION_ID/defaults \\\n -d '{\n \"default_for_new_repos\": \"all\"\n}'\n```\n\n**Response schema (Status: 200):**\n\n* `default_for_new_repos`: string, enum: `all`, `none`, `private_and_internal`, `public`\n* `configuration`: object:\n * `id`: integer\n * `name`: string\n * `target_type`: string, enum: `global`, `organization`, `enterprise`\n * `description`: string\n * `advanced_security`: string, enum: `enabled`, `disabled`, `code_security`, `secret_protection`\n * `dependency_graph`: string, enum: `enabled`, `disabled`, `not_set`\n * `dependency_graph_autosubmit_action`: string, enum: `enabled`, `disabled`, `not_set`\n * `dependency_graph_autosubmit_action_options`: object:\n * `labeled_runners`: boolean\n * `dependabot_alerts`: string, enum: `enabled`, `disabled`, `not_set`\n * `dependabot_security_updates`: string, enum: `enabled`, `disabled`, `not_set`\n * `dependabot_delegated_alert_dismissal`: string or null, enum: `enabled`, `disabled`, `not_set`, `null`\n * `code_scanning_options`: object or null:\n * `allow_advanced`: boolean or null\n * `code_scanning_default_setup`: string, enum: `enabled`, `disabled`, `not_set`\n * `code_scanning_default_setup_options`: object or null:\n * `runner_type`: string or null, enum: `standard`, `labeled`, `not_set`, `null`\n * `runner_label`: string or null\n * `code_scanning_delegated_alert_dismissal`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_push_protection`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_delegated_bypass`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_delegated_bypass_options`: object:\n * `reviewers`: array of objects:\n * `reviewer_id`: required, integer\n * `reviewer_type`: required, string, enum: `TEAM`, `ROLE`\n * `mode`: string, enum: `ALWAYS`, `EXEMPT`, default: `\"ALWAYS\"`\n * `security_configuration_id`: integer\n * `secret_scanning_validity_checks`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_non_provider_patterns`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_generic_secrets`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_delegated_alert_dismissal`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_extended_metadata`: string, enum: `enabled`, `disabled`, `not_set`\n * `private_vulnerability_reporting`: string, enum: `enabled`, `disabled`, `not_set`\n * `enforcement`: string, enum: `enforced`, `unenforced`\n * `url`: string, format: uri\n * `html_url`: string, format: uri\n * `created_at`: string, format: date-time\n * `updated_at`: string, format: date-time\n\n\n\n\n\n## Get repositories associated with an enterprise code security configuration\n\n```\nGET /enterprises/{enterprise}/code-security/configurations/{configuration_id}/repositories\n```\n\nLists the repositories associated with an enterprise code security configuration in an organization.\nThe authenticated user must be an administrator of the enterprise in order to use this endpoint.\nOAuth app tokens and personal access tokens (classic) need the read:enterprise scope to use this endpoint.\n\n\n### Parameters\n\n\n#### Headers\n\n\n- **`accept`** (string)\n Setting to `application/vnd.github+json` is recommended.\n\n\n\n#### Path and query parameters\n\n- **`enterprise`** (string) (required)\n The slug version of the enterprise name.\n\n- **`configuration_id`** (integer) (required)\n The unique identifier of the code security configuration.\n\n- **`per_page`** (integer)\n The number of results per page (max 100). For more information, see \"Using pagination in the REST API.\"\n Default: `30`\n\n- **`before`** (string)\n A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see \"Using pagination in the REST API.\"\n\n- **`after`** (string)\n A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see \"Using pagination in the REST API.\"\n\n- **`status`** (string)\n A comma-separated list of statuses. If specified, only repositories with these attachment statuses will be returned.\nCan be: all, attached, attaching, removed, enforced, failed, updating, removed_by_enterprise\n Default: `all`\n\n\n\n\n\n\n### HTTP response status codes\n\n\n- **200** - OK\n\n\n- **403** - Forbidden\n\n\n- **404** - Resource not found\n\n\n\n\n### Code examples\n\n\n\n#### Example\n\n**Request:**\n\n```curl\ncurl -L \\\n -X GET \\\n https://api.github.com/enterprises/ENTERPRISE/code-security/configurations/CONFIGURATION_ID/repositories\n```\n\n**Response schema (Status: 200):**\n\nArray of objects:\n * `status`: string, enum: `attached`, `attaching`, `detached`, `removed`, `enforced`, `failed`, `updating`, `removed_by_enterprise`\n * `repository`: `Simple Repository`:\n * `id`: required, integer, format: int64\n * `node_id`: required, string\n * `name`: required, string\n * `full_name`: required, string\n * `owner`: required, `Simple User`:\n * `name`: string or null\n * `email`: string or null\n * `login`: required, string\n * `id`: required, integer, format: int64\n * `node_id`: required, string\n * `avatar_url`: required, string, format: uri\n * `gravatar_id`: required, string or null\n * `url`: required, string, format: uri\n * `html_url`: required, string, format: uri\n * `followers_url`: required, string, format: uri\n * `following_url`: required, string\n * `gists_url`: required, string\n * `starred_url`: required, string\n * `subscriptions_url`: required, string, format: uri\n * `organizations_url`: required, string, format: uri\n * `repos_url`: required, string, format: uri\n * `events_url`: required, string\n * `received_events_url`: required, string, format: uri\n * `type`: required, string\n * `site_admin`: required, boolean\n * `starred_at`: string\n * `user_view_type`: string\n * `private`: required, boolean\n * `html_url`: required, string, format: uri\n * `description`: required, string or null\n * `fork`: required, boolean\n * `url`: required, string, format: uri\n * `archive_url`: required, string\n * `assignees_url`: required, string\n * `blobs_url`: required, string\n * `branches_url`: required, string\n * `collaborators_url`: required, string\n * `comments_url`: required, string\n * `commits_url`: required, string\n * `compare_url`: required, string\n * `contents_url`: required, string\n * `contributors_url`: required, string, format: uri\n * `deployments_url`: required, string, format: uri\n * `downloads_url`: required, string, format: uri\n * `events_url`: required, string, format: uri\n * `forks_url`: required, string, format: uri\n * `git_commits_url`: required, string\n * `git_refs_url`: required, string\n * `git_tags_url`: required, string\n * `issue_comment_url`: required, string\n * `issue_events_url`: required, string\n * `issues_url`: required, string\n * `keys_url`: required, string\n * `labels_url`: required, string\n * `languages_url`: required, string, format: uri\n * `merges_url`: required, string, format: uri\n * `milestones_url`: required, string\n * `notifications_url`: required, string\n * `pulls_url`: required, string\n * `releases_url`: required, string\n * `stargazers_url`: required, string, format: uri\n * `statuses_url`: required, string\n * `subscribers_url`: required, string, format: uri\n * `subscription_url`: required, string, format: uri\n * `tags_url`: required, string, format: uri\n * `teams_url`: required, string, format: uri\n * `trees_url`: required, string\n * `hooks_url`: required, string, format: uri\n\n\n\n\n\n## Get code security configurations for an organization\n\n```\nGET /orgs/{org}/code-security/configurations\n```\n\nLists all code security configurations available in an organization.\nThe authenticated user must be an administrator or security manager for the organization to use this endpoint.\nOAuth app tokens and personal access tokens (classic) need the read:org scope to use this endpoint.\n\n\n### Parameters\n\n\n#### Headers\n\n\n- **`accept`** (string)\n Setting to `application/vnd.github+json` is recommended.\n\n\n\n#### Path and query parameters\n\n- **`org`** (string) (required)\n The organization name. The name is not case sensitive.\n\n- **`target_type`** (string)\n The target type of the code security configuration\n Default: `all`\n Can be one of: `global`, `all`\n\n- **`per_page`** (integer)\n The number of results per page (max 100). For more information, see \"Using pagination in the REST API.\"\n Default: `30`\n\n- **`before`** (string)\n A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see \"Using pagination in the REST API.\"\n\n- **`after`** (string)\n A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see \"Using pagination in the REST API.\"\n\n\n\n\n\n\n### HTTP response status codes\n\n\n- **200** - OK\n\n\n- **403** - Forbidden\n\n\n- **404** - Resource not found\n\n\n\n\n### Code examples\n\n\n\n#### Example\n\n**Request:**\n\n```curl\ncurl -L \\\n -X GET \\\n https://api.github.com/orgs/ORG/code-security/configurations\n```\n\n**Response schema (Status: 200):**\n\nSame response schema as [Get code security configurations for an enterprise](#get-code-security-configurations-for-an-enterprise).\n\n\n\n\n\n## Create a code security configuration\n\n```\nPOST /orgs/{org}/code-security/configurations\n```\n\nCreates a code security configuration in an organization.\nThe authenticated user must be an administrator or security manager for the organization to use this endpoint.\nOAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.\n\n\n### Parameters\n\n\n#### Headers\n\n\n- **`accept`** (string)\n Setting to `application/vnd.github+json` is recommended.\n\n\n\n#### Path and query parameters\n\n- **`org`** (string) (required)\n The organization name. The name is not case sensitive.\n\n\n\n\n#### Body parameters\n\n- **`name`** (string) (required)\n The name of the code security configuration. Must be unique within the organization.\n\n- **`description`** (string) (required)\n A description of the code security configuration\n\n- **`advanced_security`** (string)\n The enablement status of GitHub Advanced Security features. enabled will enable both Code Security and Secret Protection features.\nWarning\n\ncode_security and secret_protection are deprecated values for this field. Prefer the individual code_security and secret_protection fields to set the status of these features.\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `code_security`, `secret_protection`\n\n- **`code_security`** (string)\n The enablement status of GitHub Code Security features.\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`dependency_graph`** (string)\n The enablement status of Dependency Graph\n Default: `enabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`dependency_graph_autosubmit_action`** (string)\n The enablement status of Automatic dependency submission\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`dependency_graph_autosubmit_action_options`** (object)\n Feature options for Automatic dependency submission\n - **`labeled_runners`** (boolean)\n Whether to use runners labeled with 'dependency-submission' or standard GitHub runners.\n Default: `false`\n\n- **`dependabot_alerts`** (string)\n The enablement status of Dependabot alerts\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`dependabot_security_updates`** (string)\n The enablement status of Dependabot security updates\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`dependabot_delegated_alert_dismissal`** (string)\n The enablement status of Dependabot delegated alert dismissal. Requires Dependabot alerts to be enabled.\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`code_scanning_options`** (object or null)\n Security Configuration feature options for code scanning\n - **`allow_advanced`** (boolean or null)\n Whether to allow repos which use advanced setup\n\n- **`code_scanning_default_setup`** (string)\n The enablement status of code scanning default setup\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`code_scanning_default_setup_options`** (object or null)\n Feature options for code scanning default setup\n - **`runner_type`** (string)\n Whether to use labeled runners or standard GitHub runners.\n Can be one of: `standard`, `labeled`, `not_set`\n - **`runner_label`** (string or null)\n The label of the runner to use for code scanning default setup when runner_type is 'labeled'.\n\n- **`code_scanning_delegated_alert_dismissal`** (string)\n The enablement status of code scanning delegated alert dismissal\n Default: `not_set`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_protection`** (string)\n The enablement status of GitHub Secret Protection features.\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning`** (string)\n The enablement status of secret scanning\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning_push_protection`** (string)\n The enablement status of secret scanning push protection\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning_delegated_bypass`** (string)\n The enablement status of secret scanning delegated bypass\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning_delegated_bypass_options`** (object)\n Feature options for secret scanning delegated bypass\n - **`reviewers`** (array of objects)\n The bypass reviewers for secret scanning delegated bypass\n - **`reviewer_id`** (integer) (required)\n The ID of the team or role selected as a bypass reviewer\n - **`reviewer_type`** (string) (required)\n The type of the bypass reviewer\n Can be one of: `TEAM`, `ROLE`\n - **`mode`** (string)\n The bypass mode for the reviewer\n Default: `ALWAYS`\n Can be one of: `ALWAYS`, `EXEMPT`\n\n- **`secret_scanning_validity_checks`** (string)\n The enablement status of secret scanning validity checks\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning_non_provider_patterns`** (string)\n The enablement status of secret scanning non provider patterns\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning_generic_secrets`** (string)\n The enablement status of Copilot secret scanning\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning_delegated_alert_dismissal`** (string)\n The enablement status of secret scanning delegated alert dismissal\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning_extended_metadata`** (string)\n The enablement status of secret scanning extended metadata\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`private_vulnerability_reporting`** (string)\n The enablement status of private vulnerability reporting\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`enforcement`** (string)\n The enforcement status for a security configuration\n Default: `enforced`\n Can be one of: `enforced`, `unenforced`\n\n\n\n\n\n### HTTP response status codes\n\n\n- **201** - Successfully created code security configuration\n\n\n\n\n### Code examples\n\n\n\n#### Example for a code security configuration\n\n**Request:**\n\n```curl\ncurl -L \\\n -X POST \\\n https://api.github.com/orgs/ORG/code-security/configurations \\\n -d '{\n \"name\": \"octo-org recommended settings\",\n \"description\": \"This is a code security configuration for octo-org\",\n \"advanced_security\": \"enabled\",\n \"dependabot_alerts\": \"enabled\",\n \"dependabot_security_updates\": \"not_set\",\n \"secret_scanning\": \"enabled\"\n}'\n```\n\n**Response schema (Status: 201):**\n\nSame response schema as [Create a code security configuration for an enterprise](#create-a-code-security-configuration-for-an-enterprise).\n\n\n\n\n\n## Get default code security configurations\n\n```\nGET /orgs/{org}/code-security/configurations/defaults\n```\n\nLists the default code security configurations for an organization.\nThe authenticated user must be an administrator or security manager for the organization to use this endpoint.\nOAuth app tokens and personal access tokens (classic) need the read:org scope to use this endpoint.\n\n\n### Parameters\n\n\n#### Headers\n\n\n- **`accept`** (string)\n Setting to `application/vnd.github+json` is recommended.\n\n\n\n#### Path and query parameters\n\n- **`org`** (string) (required)\n The organization name. The name is not case sensitive.\n\n\n\n\n\n\n### HTTP response status codes\n\n\n- **200** - OK\n\n\n- **304** - Not modified\n\n\n- **403** - Forbidden\n\n\n- **404** - Resource not found\n\n\n\n\n### Code examples\n\n\n\n#### Example\n\n**Request:**\n\n```curl\ncurl -L \\\n -X GET \\\n https://api.github.com/orgs/ORG/code-security/configurations/defaults\n```\n\n**Response schema (Status: 200):**\n\nSame response schema as [Get default code security configurations for an enterprise](#get-default-code-security-configurations-for-an-enterprise).\n\n\n\n\n\n## Detach configurations from repositories\n\n```\nDELETE /orgs/{org}/code-security/configurations/detach\n```\n\nDetach code security configuration(s) from a set of repositories.\nRepositories will retain their settings but will no longer be associated with the configuration.\nThe authenticated user must be an administrator or security manager for the organization to use this endpoint.\nOAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.\n\n\n### Parameters\n\n\n#### Headers\n\n\n- **`accept`** (string)\n Setting to `application/vnd.github+json` is recommended.\n\n\n\n#### Path and query parameters\n\n- **`org`** (string) (required)\n The organization name. The name is not case sensitive.\n\n\n\n\n#### Body parameters\n\n- **`selected_repository_ids`** (array of integers)\n An array of repository IDs to detach from configurations. Up to 250 IDs can be provided.\n\n\n\n\n\n### HTTP response status codes\n\n\n- **204** - A header with no content is returned.\n\n\n- **400** - Bad Request\n\n\n- **403** - Forbidden\n\n\n- **404** - Resource not found\n\n\n- **409** - Conflict\n\n\n\n\n### Code examples\n\n\n\n#### Example for detaching repositories from configurations.\n\n**Request:**\n\n```curl\ncurl -L \\\n -X DELETE \\\n https://api.github.com/orgs/ORG/code-security/configurations/detach \\\n -d '{\n \"selected_repository_ids\": [\n 32,\n 91\n ]\n}'\n```\n\n**Response schema (Status: 204):**\n\n\n\n\n\n## Get a code security configuration\n\n```\nGET /orgs/{org}/code-security/configurations/{configuration_id}\n```\n\nGets a code security configuration available in an organization.\nThe authenticated user must be an administrator or security manager for the organization to use this endpoint.\nOAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.\n\n\n### Parameters\n\n\n#### Headers\n\n\n- **`accept`** (string)\n Setting to `application/vnd.github+json` is recommended.\n\n\n\n#### Path and query parameters\n\n- **`org`** (string) (required)\n The organization name. The name is not case sensitive.\n\n- **`configuration_id`** (integer) (required)\n The unique identifier of the code security configuration.\n\n\n\n\n\n\n### HTTP response status codes\n\n\n- **200** - OK\n\n\n- **304** - Not modified\n\n\n- **403** - Forbidden\n\n\n- **404** - Resource not found\n\n\n\n\n### Code examples\n\n\n\n#### Example\n\n**Request:**\n\n```curl\ncurl -L \\\n -X GET \\\n https://api.github.com/orgs/ORG/code-security/configurations/CONFIGURATION_ID\n```\n\n**Response schema (Status: 200):**\n\nSame response schema as [Create a code security configuration for an enterprise](#create-a-code-security-configuration-for-an-enterprise).\n\n\n\n\n\n## Update a code security configuration\n\n```\nPATCH /orgs/{org}/code-security/configurations/{configuration_id}\n```\n\nUpdates a code security configuration in an organization.\nThe authenticated user must be an administrator or security manager for the organization to use this endpoint.\nOAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.\n\n\n### Parameters\n\n\n#### Headers\n\n\n- **`accept`** (string)\n Setting to `application/vnd.github+json` is recommended.\n\n\n\n#### Path and query parameters\n\n- **`org`** (string) (required)\n The organization name. The name is not case sensitive.\n\n- **`configuration_id`** (integer) (required)\n The unique identifier of the code security configuration.\n\n\n\n\n#### Body parameters\n\n- **`name`** (string)\n The name of the code security configuration. Must be unique within the organization.\n\n- **`description`** (string)\n A description of the code security configuration\n\n- **`advanced_security`** (string)\n The enablement status of GitHub Advanced Security features. enabled will enable both Code Security and Secret Protection features.\nWarning\n\ncode_security and secret_protection are deprecated values for this field. Prefer the individual code_security and secret_protection fields to set the status of these features.\n Can be one of: `enabled`, `disabled`, `code_security`, `secret_protection`\n\n- **`code_security`** (string)\n The enablement status of GitHub Code Security features.\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`dependency_graph`** (string)\n The enablement status of Dependency Graph\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`dependency_graph_autosubmit_action`** (string)\n The enablement status of Automatic dependency submission\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`dependency_graph_autosubmit_action_options`** (object)\n Feature options for Automatic dependency submission\n - **`labeled_runners`** (boolean)\n Whether to use runners labeled with 'dependency-submission' or standard GitHub runners.\n\n- **`dependabot_alerts`** (string)\n The enablement status of Dependabot alerts\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`dependabot_security_updates`** (string)\n The enablement status of Dependabot security updates\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`dependabot_delegated_alert_dismissal`** (string)\n The enablement status of Dependabot delegated alert dismissal. Requires Dependabot alerts to be enabled.\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`code_scanning_default_setup`** (string)\n The enablement status of code scanning default setup\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`code_scanning_default_setup_options`** (object or null)\n Feature options for code scanning default setup\n - **`runner_type`** (string)\n Whether to use labeled runners or standard GitHub runners.\n Can be one of: `standard`, `labeled`, `not_set`\n - **`runner_label`** (string or null)\n The label of the runner to use for code scanning default setup when runner_type is 'labeled'.\n\n- **`code_scanning_options`** (object or null)\n Security Configuration feature options for code scanning\n - **`allow_advanced`** (boolean or null)\n Whether to allow repos which use advanced setup\n\n- **`code_scanning_delegated_alert_dismissal`** (string)\n The enablement status of code scanning delegated alert dismissal\n Default: `disabled`\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_protection`** (string)\n The enablement status of GitHub Secret Protection features.\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning`** (string)\n The enablement status of secret scanning\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning_push_protection`** (string)\n The enablement status of secret scanning push protection\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning_delegated_bypass`** (string)\n The enablement status of secret scanning delegated bypass\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning_delegated_bypass_options`** (object)\n Feature options for secret scanning delegated bypass\n - **`reviewers`** (array of objects)\n The bypass reviewers for secret scanning delegated bypass\n - **`reviewer_id`** (integer) (required)\n The ID of the team or role selected as a bypass reviewer\n - **`reviewer_type`** (string) (required)\n The type of the bypass reviewer\n Can be one of: `TEAM`, `ROLE`\n - **`mode`** (string)\n The bypass mode for the reviewer\n Default: `ALWAYS`\n Can be one of: `ALWAYS`, `EXEMPT`\n\n- **`secret_scanning_validity_checks`** (string)\n The enablement status of secret scanning validity checks\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning_non_provider_patterns`** (string)\n The enablement status of secret scanning non-provider patterns\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning_generic_secrets`** (string)\n The enablement status of Copilot secret scanning\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning_delegated_alert_dismissal`** (string)\n The enablement status of secret scanning delegated alert dismissal\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`secret_scanning_extended_metadata`** (string)\n The enablement status of secret scanning extended metadata\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`private_vulnerability_reporting`** (string)\n The enablement status of private vulnerability reporting\n Can be one of: `enabled`, `disabled`, `not_set`\n\n- **`enforcement`** (string)\n The enforcement status for a security configuration\n Can be one of: `enforced`, `unenforced`\n\n\n\n\n\n### HTTP response status codes\n\n\n- **200** - Response when a configuration is updated\n\n\n- **204** - Response when no new updates are made\n\n\n\n\n### Code examples\n\n\n\n#### Example for updating a code security configuration\n\n**Request:**\n\n```curl\ncurl -L \\\n -X PATCH \\\n https://api.github.com/orgs/ORG/code-security/configurations/CONFIGURATION_ID \\\n -d '{\n \"name\": \"octo-org recommended settings v2\",\n \"secret_scanning\": \"disabled\",\n \"code_scanning_default_setup\": \"enabled\"\n}'\n```\n\n**Response schema (Status: 200):**\n\nSame response schema as [Create a code security configuration for an enterprise](#create-a-code-security-configuration-for-an-enterprise).\n\n\n\n\n\n## Delete a code security configuration\n\n```\nDELETE /orgs/{org}/code-security/configurations/{configuration_id}\n```\n\nDeletes the desired code security configuration from an organization.\nRepositories attached to the configuration will retain their settings but will no longer be associated with\nthe configuration.\nThe authenticated user must be an administrator or security manager for the organization to use this endpoint.\nOAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.\n\n\n### Parameters\n\n\n#### Headers\n\n\n- **`accept`** (string)\n Setting to `application/vnd.github+json` is recommended.\n\n\n\n#### Path and query parameters\n\n- **`org`** (string) (required)\n The organization name. The name is not case sensitive.\n\n- **`configuration_id`** (integer) (required)\n The unique identifier of the code security configuration.\n\n\n\n\n\n\n### HTTP response status codes\n\n\n- **204** - A header with no content is returned.\n\n\n- **400** - Bad Request\n\n\n- **403** - Forbidden\n\n\n- **404** - Resource not found\n\n\n- **409** - Conflict\n\n\n\n\n### Code examples\n\n\n\n#### Example\n\n**Request:**\n\n```curl\ncurl -L \\\n -X DELETE \\\n https://api.github.com/orgs/ORG/code-security/configurations/CONFIGURATION_ID\n```\n\n**Response schema (Status: 204):**\n\n\n\n\n\n## Attach a configuration to repositories\n\n```\nPOST /orgs/{org}/code-security/configurations/{configuration_id}/attach\n```\n\nAttach a code security configuration to a set of repositories. If the repositories specified are already attached to a configuration, they will be re-attached to the provided configuration.\nIf insufficient GHAS licenses are available to attach the configuration to a repository, only free features will be enabled.\nThe authenticated user must be an administrator or security manager for the organization to use this endpoint.\nOAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.\n\n\n### Parameters\n\n\n#### Headers\n\n\n- **`accept`** (string)\n Setting to `application/vnd.github+json` is recommended.\n\n\n\n#### Path and query parameters\n\n- **`org`** (string) (required)\n The organization name. The name is not case sensitive.\n\n- **`configuration_id`** (integer) (required)\n The unique identifier of the code security configuration.\n\n\n\n\n#### Body parameters\n\n- **`scope`** (string) (required)\n The type of repositories to attach the configuration to. selected means the configuration will be attached to only the repositories specified by selected_repository_ids\n Can be one of: `all`, `all_without_configurations`, `public`, `private_or_internal`, `selected`\n\n- **`selected_repository_ids`** (array of integers)\n An array of repository IDs to attach the configuration to. You can only provide a list of repository ids when the scope is set to selected.\n\n\n\n\n\n### HTTP response status codes\n\n\n- **202** - Accepted\n\n\n\n\n### Code examples\n\n\n\n#### Example for attaching a configuration to some repositories\n\n**Request:**\n\n```curl\ncurl -L \\\n -X POST \\\n https://api.github.com/orgs/ORG/code-security/configurations/CONFIGURATION_ID/attach \\\n -d '{\n \"scope\": \"selected\",\n \"selected_repository_ids\": [\n 32,\n 91\n ]\n}'\n```\n\n**Response schema (Status: 202):**\n\nSame response schema as [Attach an enterprise configuration to repositories](#attach-an-enterprise-configuration-to-repositories).\n\n\n\n\n\n## Set a code security configuration as a default for an organization\n\n```\nPUT /orgs/{org}/code-security/configurations/{configuration_id}/defaults\n```\n\nSets a code security configuration as a default to be applied to new repositories in your organization.\nThis configuration will be applied to the matching repository type (all, none, public, private and internal) by default when they are created.\nThe authenticated user must be an administrator or security manager for the organization to use this endpoint.\nOAuth app tokens and personal access tokens (classic) need the write:org scope to use this endpoint.\n\n\n### Parameters\n\n\n#### Headers\n\n\n- **`accept`** (string)\n Setting to `application/vnd.github+json` is recommended.\n\n\n\n#### Path and query parameters\n\n- **`org`** (string) (required)\n The organization name. The name is not case sensitive.\n\n- **`configuration_id`** (integer) (required)\n The unique identifier of the code security configuration.\n\n\n\n\n#### Body parameters\n\n- **`default_for_new_repos`** (string)\n Specify which types of repository this security configuration should be applied to by default.\n Can be one of: `all`, `none`, `private_and_internal`, `public`\n\n\n\n\n\n### HTTP response status codes\n\n\n- **200** - Default successfully changed.\n\n\n- **403** - Forbidden\n\n\n- **404** - Resource not found\n\n\n\n\n### Code examples\n\n\n\n#### Set this configuration to be enabled by default on all new repositories.\n\n**Request:**\n\n```curl\ncurl -L \\\n -X PUT \\\n https://api.github.com/orgs/ORG/code-security/configurations/CONFIGURATION_ID/defaults \\\n -d '{\n \"default_for_new_repos\": \"all\"\n}'\n```\n\n**Response schema (Status: 200):**\n\nSame response schema as [Set a code security configuration as a default for an enterprise](#set-a-code-security-configuration-as-a-default-for-an-enterprise).\n\n\n\n\n\n## Get repositories associated with a code security configuration\n\n```\nGET /orgs/{org}/code-security/configurations/{configuration_id}/repositories\n```\n\nLists the repositories associated with a code security configuration in an organization.\nThe authenticated user must be an administrator or security manager for the organization to use this endpoint.\nOAuth app tokens and personal access tokens (classic) need the read:org scope to use this endpoint.\n\n\n### Parameters\n\n\n#### Headers\n\n\n- **`accept`** (string)\n Setting to `application/vnd.github+json` is recommended.\n\n\n\n#### Path and query parameters\n\n- **`org`** (string) (required)\n The organization name. The name is not case sensitive.\n\n- **`configuration_id`** (integer) (required)\n The unique identifier of the code security configuration.\n\n- **`per_page`** (integer)\n The number of results per page (max 100). For more information, see \"Using pagination in the REST API.\"\n Default: `30`\n\n- **`before`** (string)\n A cursor, as given in the Link header. If specified, the query only searches for results before this cursor. For more information, see \"Using pagination in the REST API.\"\n\n- **`after`** (string)\n A cursor, as given in the Link header. If specified, the query only searches for results after this cursor. For more information, see \"Using pagination in the REST API.\"\n\n- **`status`** (string)\n A comma-separated list of statuses. If specified, only repositories with these attachment statuses will be returned.\nCan be: all, attached, attaching, detached, removed, enforced, failed, updating, removed_by_enterprise\n Default: `all`\n\n\n\n\n\n\n### HTTP response status codes\n\n\n- **200** - OK\n\n\n- **403** - Forbidden\n\n\n- **404** - Resource not found\n\n\n\n\n### Code examples\n\n\n\n#### Example\n\n**Request:**\n\n```curl\ncurl -L \\\n -X GET \\\n https://api.github.com/orgs/ORG/code-security/configurations/CONFIGURATION_ID/repositories\n```\n\n**Response schema (Status: 200):**\n\nSame response schema as [Get repositories associated with an enterprise code security configuration](#get-repositories-associated-with-an-enterprise-code-security-configuration).\n\n\n\n\n\n## Get the code security configuration associated with a repository\n\n```\nGET /repos/{owner}/{repo}/code-security-configuration\n```\n\nGet the code security configuration that manages a repository's code security settings.\nThe authenticated user must be an administrator or security manager for the organization to use this endpoint.\nOAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.\n\n\n### Parameters\n\n\n#### Headers\n\n\n- **`accept`** (string)\n Setting to `application/vnd.github+json` is recommended.\n\n\n\n#### Path and query parameters\n\n- **`owner`** (string) (required)\n The account owner of the repository. The name is not case sensitive.\n\n- **`repo`** (string) (required)\n The name of the repository without the .git extension. The name is not case sensitive.\n\n\n\n\n\n\n### HTTP response status codes\n\n\n- **200** - OK\n\n\n- **204** - A header with no content is returned.\n\n\n- **304** - Not modified\n\n\n- **403** - Forbidden\n\n\n- **404** - Resource not found\n\n\n\n\n### Code examples\n\n\n\n#### Example\n\n**Request:**\n\n```curl\ncurl -L \\\n -X GET \\\n https://api.github.com/repos/OWNER/REPO/code-security-configuration\n```\n\n**Response schema (Status: 200):**\n\n* `status`: string, enum: `attached`, `attaching`, `detached`, `removed`, `enforced`, `failed`, `updating`, `removed_by_enterprise`\n* `configuration`: object:\n * `id`: integer\n * `name`: string\n * `target_type`: string, enum: `global`, `organization`, `enterprise`\n * `description`: string\n * `advanced_security`: string, enum: `enabled`, `disabled`, `code_security`, `secret_protection`\n * `dependency_graph`: string, enum: `enabled`, `disabled`, `not_set`\n * `dependency_graph_autosubmit_action`: string, enum: `enabled`, `disabled`, `not_set`\n * `dependency_graph_autosubmit_action_options`: object:\n * `labeled_runners`: boolean\n * `dependabot_alerts`: string, enum: `enabled`, `disabled`, `not_set`\n * `dependabot_security_updates`: string, enum: `enabled`, `disabled`, `not_set`\n * `dependabot_delegated_alert_dismissal`: string or null, enum: `enabled`, `disabled`, `not_set`, `null`\n * `code_scanning_options`: object or null:\n * `allow_advanced`: boolean or null\n * `code_scanning_default_setup`: string, enum: `enabled`, `disabled`, `not_set`\n * `code_scanning_default_setup_options`: object or null:\n * `runner_type`: string or null, enum: `standard`, `labeled`, `not_set`, `null`\n * `runner_label`: string or null\n * `code_scanning_delegated_alert_dismissal`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_push_protection`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_delegated_bypass`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_delegated_bypass_options`: object:\n * `reviewers`: array of objects:\n * `reviewer_id`: required, integer\n * `reviewer_type`: required, string, enum: `TEAM`, `ROLE`\n * `mode`: string, enum: `ALWAYS`, `EXEMPT`, default: `\"ALWAYS\"`\n * `security_configuration_id`: integer\n * `secret_scanning_validity_checks`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_non_provider_patterns`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_generic_secrets`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_delegated_alert_dismissal`: string, enum: `enabled`, `disabled`, `not_set`\n * `secret_scanning_extended_metadata`: string, enum: `enabled`, `disabled`, `not_set`\n * `private_vulnerability_reporting`: string, enum: `enabled`, `disabled`, `not_set`\n * `enforcement`: string, enum: `enforced`, `unenforced`\n * `url`: string, format: uri\n * `html_url`: string, format: uri\n * `created_at`: string, format: date-time\n * `updated_at`: string, format: date-time"}