google · gmlewis · Nov 13, 2025 · Nov 7, 2025 · Nov 7, 2025 · Nov 7, 2025
diff --git a/github/enterprise_codesecurity_configurations.go b/github/enterprise_codesecurity_configurations.go
@@ -0,0 +1,201 @@
+// Copyright 2025 The go-github AUTHORS. All rights reserved.
+//
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package github
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+)
+
+// GetCodeSecurityConfigurations lists all code security configurations available in an enterprise.
+//
+// GitHub API docs: https://docs.github.com/rest/code-security/configurations#get-code-security-configurations-for-an-enterprise
+//
+//meta:operation GET /enterprises/{enterprise}/code-security/configurations
+func (s *EnterpriseService) GetCodeSecurityConfigurations(ctx context.Context, enterprise string) ([]*CodeSecurityConfiguration, *Response, error) {
+	u := fmt.Sprintf("enterprises/%v/code-security/configurations", enterprise)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var configurations []*CodeSecurityConfiguration
+	resp, err := s.client.Do(ctx, req, &configurations)
+	if err != nil {
+		return nil, resp, err
+	}
+	return configurations, resp, nil
+}
+
+// CreateCodeSecurityConfiguration creates a code security configuration in an enterprise.
+//
+// GitHub API docs: https://docs.github.com/rest/code-security/configurations#create-a-code-security-configuration-for-an-enterprise
+//
+//meta:operation POST /enterprises/{enterprise}/code-security/configurations
+func (s *EnterpriseService) CreateCodeSecurityConfiguration(ctx context.Context, enterprise string, c *CodeSecurityConfiguration) (*CodeSecurityConfiguration, *Response, error) {
+	u := fmt.Sprintf("enterprises/%v/code-security/configurations", enterprise)
+
+	req, err := s.client.NewRequest("POST", u, c)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var configuration *CodeSecurityConfiguration
+	resp, err := s.client.Do(ctx, req, &configuration)
+	if err != nil {
+		return nil, resp, err
+	}
+	return configuration, resp, nil
+}
+
+// GetDefaultCodeSecurityConfigurations lists the default code security configurations for an enterprise.
+//
+// GitHub API docs: https://docs.github.com/rest/code-security/configurations#get-default-code-security-configurations-for-an-enterprise
+//
+//meta:operation GET /enterprises/{enterprise}/code-security/configurations/defaults
+func (s *EnterpriseService) GetDefaultCodeSecurityConfigurations(ctx context.Context, enterprise string) ([]*CodeSecurityConfigurationWithDefaultForNewRepos, *Response, error) {
+	u := fmt.Sprintf("enterprises/%v/code-security/configurations/defaults", enterprise)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var configurations []*CodeSecurityConfigurationWithDefaultForNewRepos
+	resp, err := s.client.Do(ctx, req, &configurations)
+	if err != nil {
+		return nil, resp, err
+	}
+	return configurations, resp, nil
+}
+
+// GetCodeSecurityConfiguration gets a code security configuration available in an enterprise.
+//
+// GitHub API docs: https://docs.github.com/rest/code-security/configurations#retrieve-a-code-security-configuration-of-an-enterprise
+//
+//meta:operation GET /enterprises/{enterprise}/code-security/configurations/{configuration_id}
+func (s *EnterpriseService) GetCodeSecurityConfiguration(ctx context.Context, enterprise string, id int64) (*CodeSecurityConfiguration, *Response, error) {
+	u := fmt.Sprintf("enterprises/%v/code-security/configurations/%v", enterprise, id)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var configuration *CodeSecurityConfiguration
+	resp, err := s.client.Do(ctx, req, &configuration)
+	if err != nil {
+		return nil, resp, err
+	}
+	return configuration, resp, nil
+}
+
+// UpdateCodeSecurityConfiguration updates a code security configuration in an enterprise.
+//
+// GitHub API docs: https://docs.github.com/rest/code-security/configurations#update-a-custom-code-security-configuration-for-an-enterprise
+//
+//meta:operation PATCH /enterprises/{enterprise}/code-security/configurations/{configuration_id}
+func (s *EnterpriseService) UpdateCodeSecurityConfiguration(ctx context.Context, enterprise string, id int64, c *CodeSecurityConfiguration) (*CodeSecurityConfiguration, *Response, error) {
+	u := fmt.Sprintf("enterprises/%v/code-security/configurations/%v", enterprise, id)
+
+	req, err := s.client.NewRequest("PATCH", u, c)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var configuration *CodeSecurityConfiguration
+	resp, err := s.client.Do(ctx, req, &configuration)
+	if err != nil {
+		return nil, resp, err
+	}
+	return configuration, resp, nil
+}
+
+// DeleteCodeSecurityConfiguration deletes a code security configuration from an enterprise.
+//
+// GitHub API docs: https://docs.github.com/rest/code-security/configurations#delete-a-code-security-configuration-for-an-enterprise
+//
+//meta:operation DELETE /enterprises/{enterprise}/code-security/configurations/{configuration_id}
+func (s *EnterpriseService) DeleteCodeSecurityConfiguration(ctx context.Context, enterprise string, id int64) (*Response, error) {
+	u := fmt.Sprintf("enterprises/%v/code-security/configurations/%v", enterprise, id)
+
+	req, err := s.client.NewRequest("DELETE", u, nil)
+	if err != nil {
+		return nil, err
+	}
+	resp, err := s.client.Do(ctx, req, nil)
+	if err != nil {
+		return resp, err
+	}
+	return resp, nil
+}
+
+// AttachCodeSecurityConfigurationToRepositories attaches an enterprise code security configuration to repositories.
+//
+// GitHub API docs: https://docs.github.com/rest/code-security/configurations#attach-an-enterprise-configuration-to-repositories
+//
+//meta:operation POST /enterprises/{enterprise}/code-security/configurations/{configuration_id}/attach
+func (s *EnterpriseService) AttachCodeSecurityConfigurationToRepositories(ctx context.Context, enterprise string, id int64, scope string) (*Response, error) {
+	u := fmt.Sprintf("enterprises/%v/code-security/configurations/%v/attach", enterprise, id)
+	type scopeType struct {
+		Scope string `json:"scope"`
+	}
+
+	req, err := s.client.NewRequest("POST", u, scopeType{Scope: scope})
+	if err != nil {
+		return nil, err
+	}
+	resp, err := s.client.Do(ctx, req, nil)
+	if err != nil && resp.StatusCode != http.StatusAccepted { // StatusAccepted(202) is the expected status code as job is queued for processing
+		return resp, err
+	}
+	return resp, nil
+}
+
+// SetDefaultCodeSecurityConfiguration sets a code security configuration as a default for an enterprise.
+//
+// GitHub API docs: https://docs.github.com/rest/code-security/configurations#set-a-code-security-configuration-as-a-default-for-an-enterprise
+//
+//meta:operation PUT /enterprises/{enterprise}/code-security/configurations/{configuration_id}/defaults
+func (s *EnterpriseService) SetDefaultCodeSecurityConfiguration(ctx context.Context, enterprise string, id int64, newReposParam string) (*CodeSecurityConfigurationWithDefaultForNewRepos, *Response, error) {
+	u := fmt.Sprintf("enterprises/%v/code-security/configurations/%v/defaults", enterprise, id)
+	type configParam struct {
+		DefaultForNewRepos string `json:"default_for_new_repos"`
+	}
+
+	req, err := s.client.NewRequest("PUT", u, configParam{DefaultForNewRepos: newReposParam})
+	if err != nil {
+		return nil, nil, err
+	}
+	var c *CodeSecurityConfigurationWithDefaultForNewRepos
+	resp, err := s.client.Do(ctx, req, &c)
+	if err != nil {
+		return nil, resp, err
+	}
+	return c, resp, nil
+}
+
+// GetRepositoriesForCodeSecurityConfiguration lists the repositories associated with an enterprise code security configuration.
+//
+// GitHub API docs: https://docs.github.com/rest/code-security/configurations#get-repositories-associated-with-an-enterprise-code-security-configuration
+//
+//meta:operation GET /enterprises/{enterprise}/code-security/configurations/{configuration_id}/repositories
+func (s *EnterpriseService) GetRepositoriesForCodeSecurityConfiguration(ctx context.Context, enterprise string, id int64) ([]*RepositoryAttachment, *Response, error) {
+	u := fmt.Sprintf("enterprises/%v/code-security/configurations/%v/repositories", enterprise, id)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+	var attachments []*RepositoryAttachment
+	resp, err := s.client.Do(ctx, req, &attachments)
+	if err != nil {
+		return nil, resp, err
+	}
+	return attachments, resp, nil
+}