A repository's configuration status tells you the current state of its relationship with the applied security configuration. That relationship can change over time—for example, when a repository admin overrides a setting, an admin enables enforcement, or an attachment fails. For more about how configurations and repositories interact, see Сведения о включении функций безопасности в масштабе.
You can view configuration statuses in the repository table on your organization's security configurations settings page, or retrieve them with the REST API. For more information, see Фильтрация репозиториев в организации с помощью таблицы репозитория and Конфигурации.
Configuration status reference
The following table describes all configuration statuses, what causes each status, how each appears in the organization settings repository table, and the recommended action.
In the repository table, the "Configuration status" filter supports "Attached," "Removed," "Failed," "Enforced," and "Removed by enterprise." Repositories with a detached status appear as "No configuration" and are not filterable by configuration status in the UI. However, the REST API's status parameter does accept detached when listing repositories for an organization-level configuration.
| Status | Description | Cause | UI display | Recommended action |
|---|---|---|---|---|
attached | The configuration is actively applied. The repository inherits all settings from the configuration. | An organization or enterprise admin applied the configuration to the repository. | The configuration name (for example, "My config") | No action needed. |
attaching | The configuration is being applied. This is a transient state. | An organization or enterprise admin just applied the configuration. | Applying CONFIGURATION-NAME | Wait for the operation to complete. If the status does not change, check for attachment failures. |
updating | The configuration is being updated on the repository. | An organization or enterprise admin changed a setting in the configuration. | Updating CONFIGURATION-NAME | Wait for the update to complete. |
enforced | The configuration is actively applied and enforced. Repository admins cannot change the enablement status of features controlled by the configuration. | An organization or enterprise admin enabled enforcement on the configuration. | Enforced CONFIGURATION-NAME | No action needed. For more information, see Контроль конфигураций безопасности. |
removed | A repository-level setting was changed that conflicts with the configuration. The configuration is still associated with the repository, but the repository no longer inherits all settings. | A repository admin changed a security setting on an unenforced configuration. | Removed CONFIGURATION-NAME | To restore the intended settings, re-apply the configuration in the "Advanced Security" page of the repository. To prevent future overrides, consider enabling enforcement. |
removed_by_enterprise | An enterprise-level configuration change caused a conflict with the repository's settings. | An enterprise admin changed a setting that conflicts with the organization-level configuration applied to the repository. | Removed CONFIGURATION-NAME | Coordinate with your enterprise admin to resolve the conflict. Re-apply the configuration at the organization or enterprise level. |
failed | The configuration could not be attached to the repository. | A conflict between existing repository settings and the configuration prevented attachment. | Failed REASON | Filter by config-status:failed in the repository table, then follow the remediation guidance for the specific repository. For more information, see Diagnosing security configuration issues. |
detached | No configuration is applied. The repository's security settings are managed individually. | An organization admin detached the configuration, or the repository was never attached to a configuration. | No configuration | Apply a configuration if you want the repository to inherit centrally managed settings. For more information, see Применение настраиваемой конфигурации безопасности. |
Understanding removed vs. detached
These statuses reflect different situations:
removed: A repository admin changed a security setting that conflicts with an unenforced configuration. The configuration is still associated with the repository, but the repository no longer counts toward your organization's coverage metrics for that configuration. Re-applying the configuration restores the relationship.detached: The configuration is fully disconnected from the repository. The repository's existing security settings are unchanged, but no configuration manages them. To restore centrally managed settings, apply a new configuration.
To prevent repositories from reaching a removed status, enable enforcement on the configuration. For more information, see Контроль конфигураций безопасности.
Tracking configuration status changes with the audit log
Your organization's audit log records repository_security_configuration events whenever a configuration status changes. You can search for these events using the action:repository_security_configuration filter. For more information, see События журнала аудита для организации.