{ "type": "object", "additionalProperties": false, "properties": { "name": { "type": "string", "description": "The name of the code security configuration. Must be unique within the organization." }, "description": { "type": "string", "description": "A description of the code security configuration", "maxLength": 255 }, "advanced_security": { "type": "string", "description": "The enablement status of GitHub Advanced Security features. `enabled` will enable both Code Security and Secret Protection features.\n\n> [!WARNING]\n> `code_security` and `secret_protection` are deprecated values for this field. Prefer the individual `code_security` and `secret_protection` fields to set the status of these features.\n", "enum": [ "enabled", "disabled", "code_security", "secret_protection" ] }, "code_security": { "type": "string", "description": "The enablement status of GitHub Code Security features.", "enum": [ "enabled", "disabled", "not_set" ] }, "dependency_graph": { "type": "string", "description": "The enablement status of Dependency Graph", "enum": [ "enabled", "disabled", "not_set" ] }, "dependency_graph_autosubmit_action": { "type": "string", "description": "The enablement status of Automatic dependency submission", "enum": [ "enabled", "disabled", "not_set" ] }, "dependency_graph_autosubmit_action_options": { "type": "object", "description": "Feature options for Automatic dependency submission", "properties": { "labeled_runners": { "type": "boolean", "description": "Whether to use runners labeled with 'dependency-submission' or standard GitHub runners." } } }, "dependabot_alerts": { "type": "string", "description": "The enablement status of Dependabot alerts", "enum": [ "enabled", "disabled", "not_set" ] }, "dependabot_security_updates": { "type": "string", "description": "The enablement status of Dependabot security updates", "enum": [ "enabled", "disabled", "not_set" ] }, "dependabot_delegated_alert_dismissal": { "type": "string", "description": "The enablement status of Dependabot delegated alert dismissal. Requires Dependabot alerts to be enabled.", "enum": [ "enabled", "disabled", "not_set" ] }, "code_scanning_default_setup": { "type": "string", "description": "The enablement status of code scanning default setup", "enum": [ "enabled", "disabled", "not_set" ] }, "code_scanning_default_setup_options": { "type": [ "object", "null" ], "description": "Feature options for code scanning default setup", "properties": { "runner_type": { "type": "string", "enum": [ "standard", "labeled", "not_set" ], "description": "Whether to use labeled runners or standard GitHub runners." }, "runner_label": { "type": [ "string", "null" ], "description": "The label of the runner to use for code scanning default setup when runner_type is 'labeled'." } } }, "code_scanning_options": { "type": [ "object", "null" ], "description": "Security Configuration feature options for code scanning", "properties": { "allow_advanced": { "type": [ "boolean", "null" ], "description": "Whether to allow repos which use advanced setup" } } }, "code_scanning_delegated_alert_dismissal": { "type": "string", "description": "The enablement status of code scanning delegated alert dismissal", "enum": [ "enabled", "disabled", "not_set" ], "default": "disabled" }, "secret_protection": { "type": "string", "description": "The enablement status of GitHub Secret Protection features.", "enum": [ "enabled", "disabled", "not_set" ] }, "secret_scanning": { "type": "string", "description": "The enablement status of secret scanning", "enum": [ "enabled", "disabled", "not_set" ] }, "secret_scanning_push_protection": { "type": "string", "description": "The enablement status of secret scanning push protection", "enum": [ "enabled", "disabled", "not_set" ] }, "secret_scanning_delegated_bypass": { "type": "string", "description": "The enablement status of secret scanning delegated bypass", "enum": [ "enabled", "disabled", "not_set" ] }, "secret_scanning_delegated_bypass_options": { "type": "object", "description": "Feature options for secret scanning delegated bypass", "properties": { "reviewers": { "type": "array", "description": "The bypass reviewers for secret scanning delegated bypass", "items": { "type": "object", "required": [ "reviewer_id", "reviewer_type" ], "properties": { "reviewer_id": { "type": "integer", "description": "The ID of the team or role selected as a bypass reviewer" }, "reviewer_type": { "type": "string", "description": "The type of the bypass reviewer", "enum": [ "TEAM", "ROLE" ] } } } } } }, "secret_scanning_validity_checks": { "type": "string", "description": "The enablement status of secret scanning validity checks", "enum": [ "enabled", "disabled", "not_set" ] }, "secret_scanning_non_provider_patterns": { "type": "string", "description": "The enablement status of secret scanning non-provider patterns", "enum": [ "enabled", "disabled", "not_set" ] }, "secret_scanning_generic_secrets": { "type": "string", "description": "The enablement status of Copilot secret scanning", "enum": [ "enabled", "disabled", "not_set" ] }, "secret_scanning_delegated_alert_dismissal": { "type": "string", "description": "The enablement status of secret scanning delegated alert dismissal", "enum": [ "enabled", "disabled", "not_set" ] }, "secret_scanning_extended_metadata": { "type": "string", "description": "The enablement status of secret scanning extended metadata", "enum": [ "enabled", "disabled", "not_set" ] }, "private_vulnerability_reporting": { "type": "string", "description": "The enablement status of private vulnerability reporting", "enum": [ "enabled", "disabled", "not_set" ] }, "enforcement": { "type": "string", "description": "The enforcement status for a security configuration", "enum": [ "enforced", "unenforced" ] } }, "$schema": "https://json-schema.org/draft/2019-09/schema" }