Github Org
A GitHub Organization is commonplace for larger more organized API producers, establishing a place where you can find SDKs and other code used for integration, but also machine-readable artifacts, issues, discussions, and other useful outputs from everyday API operations that will help provide nutrients for an API ecosystem.
Also known as: GitHub Org, GH Organization, Source Organization
Standards
- GitHub GitHub REST API — Organizations
- GitHub GitHub GraphQL API
- schema.org schema.org Organization
- OpenSSF OpenSSF Scorecard
- CNCF Backstage Software Catalog
- Linux Foundation SPDX License List
HTTP Headers
| Header | Direction | Spec | Description |
|---|---|---|---|
Authorization |
request | RFC 9110 | Bearer token (PAT, fine-grained PAT, or GitHub App installation token). |
X-RateLimit-Limit |
response | GitHub REST API | Per-hour request budget for the calling identity. |
X-RateLimit-Remaining |
response | GitHub REST API | Remaining requests in the current window. |
Link |
response | RFC 8288 | Pagination links (rel="next", rel="prev", rel="last"). |
Well-Known Paths
/.well-known/security.txt— RFC 9116 — Security contact disclosure for the org's primary domain.
Media Types
application/vnd.github+json— Canonical media type for the GitHub REST API.application/json— Returned by the GraphQL endpoint.
Link Relations
next— RFC 8288 / GitHub Link header paginationprev— RFC 8288 / GitHub Link header paginationlast— RFC 8288 / GitHub Link header pagination
Risk & Compliance
Security: Org-level access tokens, especially classic PATs with `admin:org`, can read private repos, manage members, and rotate secrets. Prefer fine-grained PATs or GitHub Apps with least-privilege installation scopes; enable SAML SSO and 2FA enforcement; review OpenSSF Scorecard signals (branch protection, code review) at the org level.
Tools
- GitHub CLI (gh) — Org and repo management (MIT)
- OpenSSF Scorecard — Org/repo health scoring (Apache-2.0)
- Backstage — Developer portal / catalog (Apache-2.0)
- Octokit — Official GitHub SDKs (MIT)
- GitHub Apps — Scoped automation identities
- Dependabot — Org-wide dependency hygiene
Suggested Metrics
public_repo_count— Number of public repositories under the organization.members_visible_count— Public members of the organization.avg_scorecard_score— Mean OpenSSF Scorecard across org repos.two_factor_enforced— Whether the org requires 2FA for all members.
Example Implementations
- Stripe — github.com/stripe — SDKs, OpenAPI, and engineering blog posts.
- GitHub — github.com/github and github.com/octokit — first-party tooling.
- Google — github.com/google and github.com/googleapis — SDKs and discovery docs.
- Microsoft — github.com/microsoft and github.com/Azure — SDKs and platform tooling.
Related Properties
- Github repo
- Sdks
- Source code
- Openapi
Tags
- GitHub