Diagnosing security configuration issues

Identify repositories where the security configuration could not be attached, or where the configuration relationship has changed, and follow guidance to remediate the problem.

谁可以使用此功能?

具有管理员角色的组织所有者、安全管理员和组织成员

在本文中

Finding and remediating attachment failures

When you apply a configuration to a group of repositories, some repositories may fail to attach, typically because of a conflict between existing repository settings and the configuration you applied. When this happens, only some settings are applied to the affected repositories, and those repositories won't inherit future changes to the configuration.

On the security configuration settings page, in the Repositories tab under "Apply configurations", a banner shows how many repositories have an attachment failure and summarizes the reason. Click the link in the banner, or filter the repository list by config-status:failed, to see affected repositories and guidance on how to remediate each failure.

  1. 在 GitHub 的右上角,单击个人资料图片,然后单击“ Your organizations”****。

  2. 在组织名称下,单击 “Settings”****。 如果看不到“设置”选项卡,请选择“”下拉菜单,然后单击“设置”********。

    组织配置文件中选项卡的屏幕截图。 “设置”选项卡以深橙色标出。

  3. 在边栏的“安全性”部分中,选择 Advanced Security 下拉菜单,然后单击“ 配置”。

  4. Click the Repositories tab.

  5. In the "Apply configurations" section, filter by config-status:failed.

  6. From the results list, for the repository you're interested in, click Failed REASON.

  7. In the dialog box, review the information and follow the remediation guidance.

Finding and remediating removed configurations

A repository's configuration status changes to removed when a repository admin changes a security setting that conflicts with the applied configuration. The configuration is still associated with the repository, but the repository no longer inherits all settings from the configuration.

To find and remediate repositories with a removed status:

  1. 在 GitHub 的右上角,单击个人资料图片,然后单击“ Your organizations”****。

  2. 在组织名称下,单击 “Settings”****。 如果看不到“设置”选项卡,请选择“”下拉菜单,然后单击“设置”********。

    组织配置文件中选项卡的屏幕截图。 “设置”选项卡以深橙色标出。

  3. 在边栏的“安全性”部分中,选择 Advanced Security 下拉菜单,然后单击“ 配置”。

  4. Filter the repository list using the "Configuration status" filter and select "Removed."

  5. To restore the intended settings, re-apply the configuration to the affected repositories.

  6. To prevent future overrides, consider enabling enforcement on the configuration. See 安全配置的强制执行.

Finding and remediating enterprise-removed configurations

A repository's configuration status changes to removed_by_enterprise when an enterprise-level change conflicts with the organization-level configuration applied to the repository.

To find and remediate repositories with a removed_by_enterprise status:

  1. 在 GitHub 的右上角,单击个人资料图片,然后单击“ Your organizations”****。

  2. 在组织名称下,单击 “Settings”****。 如果看不到“设置”选项卡,请选择“”下拉菜单,然后单击“设置”********。

    组织配置文件中选项卡的屏幕截图。 “设置”选项卡以深橙色标出。

  3. 在边栏的“安全性”部分中,选择 Advanced Security 下拉菜单,然后单击“ 配置”。

  4. Filter the repository list using the "Configuration status" filter and select "Removed by enterprise."

  5. Coordinate with your enterprise admin to resolve the conflict between the enterprise-level and organization-level configurations.

  6. Re-apply the configuration at the organization or enterprise level.

For more information about all configuration statuses, see Security configuration statuses.