Default GitHub settings

This is an overview of security, permission and dependency settings Digg has enabled on the DiggSweden organisation. The list is a selection — for more detail, see diggsweden/.github and GitHub’s documentation for each setting.

Name	Setting	Effect
Base permissions	No Permission	A newly added member of the organisation has no permissions. This means they cannot see other projects, teams, private repositories etc., only what is public or what is in the teams they are added to. Base permissions
Forking and creation of private repositories	Enabled	A user can create and fork private repositories.
Require approval for first-time contributors to run GitHub Actions	(enabled by default)	A new contributor to a repository requires explicit approval on their first contribution before they can run a workflow.
Dependency Graph	Enabled	Dependency analysis for repositories.
Dependabot	Enabled	Automatically opens pull requests for vulnerabilities and out-of-date dependencies. Fine-tune the settings for your project.
Secret Scanning	Enabled	Scans repositories for keys, passwords, etc.
Code Scanning	Enabled	Scans the code base with SAST analysis (CodeQL). Fine-tune the settings for your repositories.
Standard base for the organisation: DiggSweden’s organisation base repo	Enabled	A template project containing project pre-settings for the GitHub organisation, applied “unless the project says otherwise”. See its README for what it covers. You are very likely to want to fine-tune your projects if you have other needs.

Dependabot and Code Scanning are enabled at organisation level but are complemented or replaced by vendor-neutral tools such as Renovate and Opengrep — see Working on GitHub: Vulnerability and security.

Several of the settings described do not apply if you use private repositories, since these require a paid GitHub plan.

Default GitHub settings

See also