GitHub Enterprise as Infrastructure: CaC and GHAS

Deep in GitHub Enterprise this month.

Two things running in parallel: migrating org management to Configuration as Code — repos, teams, branch protections, rulesets — all version-controlled and applied through pull requests; and rolling out GitHub Advanced Security across a wider set of enterprise repos.

The GHAS rollout is the more interesting half. Secret scanning and code scanning surface things that were already there but invisible. The real work isn’t flipping the switch — it’s normalising security findings as part of everyday development, not a quarterly report.

Treating the GitHub org itself as infrastructure changes how you think about drift.