> ## Documentation Index
> Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt
> Use this file to discover all available pages before exploring further.

# GH_ManageSecurityProducts

> Repo role can manage security products

<img noZoom src="https://mintcdn.com/specterops/tTIczgde9H07oLXf/assets/enterprise-AND-community-edition-pill-tag.svg?fit=max&auto=format&n=tTIczgde9H07oLXf&q=85&s=ad49a576589f4d2a8081df77d07fdf56" alt="Applies to BloodHound Enterprise and CE" width="482" height="45" data-path="assets/enterprise-AND-community-edition-pill-tag.svg" />

## Edge Schema

* Source: [GH\_RepoRole](/opengraph/extensions/github/nodes/gh_reporole)
* Destination: [GH\_Repository](/opengraph/extensions/github/nodes/gh_repository)
* Traversable: ❌

## General Information

The non-traversable GH\_ManageSecurityProducts edge represents a role's ability to manage security product settings on the repository. This permission is available to Admin roles and custom roles that have been granted this specific permission. Managing security products allows enabling or disabling features such as secret scanning, code scanning, and Dependabot alerts. An attacker with this permission could disable security features to prevent detection of vulnerabilities or leaked secrets, making this a high-severity permission for security posture management.

```mermaid theme={null}
graph LR
    user1("GH_User bob")
    adminRole("GH_RepoRole GitHound\admin")
    customRole("GH_RepoRole GitHound\security_admin")
    repo("GH_Repository GitHound")
    user1 -- GH_HasRole --> adminRole
    adminRole -- GH_ManageSecurityProducts --> repo
    customRole -- GH_ManageSecurityProducts --> repo
```