Decoupled Enterprise Policies for Code Quality

GitHub has updated its enterprise policy system to give organizations more granular control over feature deployment. Previously, GitHub Code Quality was bundled within the Advanced Security policy settings, which meant enabling code quality features could inadvertently activate related security tools.

What Changed

The update includes two key improvements:

• Simplified Advanced Security policies: The enterprise policy settings for Advanced Security no longer reference Code Quality, reducing confusion about feature dependencies.
• Dedicated Code Quality policy page: Organizations can now manage GitHub Code Quality availability at the repository level through a dedicated policy interface, matching the existing Advanced Security policy experience.

For Enterprise Administrators

This change directly impacts how you configure security tooling across your organization:

• No breaking changes: Existing Advanced Security configurations continue to work as expected.
• Cleaner policy management: You can now enable Code Quality separately from Code Security without affecting other Advanced Security features.
• Repository-level control: The new dedicated policy page provides the same level of granularity as the Advanced Security policy, allowing fine-grained control across your enterprise.

For implementation details and configuration guidance, see the updated Code Quality documentation.