GitHub Docs Version: Free, Pro, & Team Search GitHub Docs Sign up

Code security

Code security documentation

Build security into your GitHub workflow with features to keep secrets and vulnerabilities out of your
codebase, and to maintain your software supply chain.

Overview

Start here Popular What's new View all

Securing your repository About Dependabot alerts Code scanning: deprecation of CodeQL
You can use a number of GitHub features to help keep GitHub sends Dependabot alerts when we detect that Action v2
your repository secure. your repository uses a vulnerable dependency. January 12

Securing your organization About coordinated disclosure of security Canva is now a GitHub secret scanning
You can use a number of GitHub features to help keep vulnerabilities partner
December 21
your organization secure. Vulnerability disclosure is a coordinated effort between
security reporters and repository maintainers.

Creating a repository security advisory Code scanning is now more adaptable to

Keeping your actions up to date with your codebase with CodeQL threat model
Dependabot settings for Java (beta)

PDFmyURL converts web pages and even full websites to PDF easily and quickly.
 You can create a draft security advisory to privately You can use Dependabot to keep the actions you use December 20
discuss and fix a security vulnerability in your open updated to the latest versions.
source project.

Configuration options for the

Configuring default setup for code scanning dependabot.yml file
You can quickly secure code in your repository with Detailed information for all the options you can use to
default setup for code scanning. customize how Dependabot maintains your
repositories.

Guides

Configuring Dependabot Configuring Dependabot Configuring default

security updates version updates setup for code scanning
You can use Dependabot security updates or You can configure your repository so that You can quickly secure code in your repository
manual pull requests to easily update Dependabot automatically updates the with default setup for code scanning.
vulnerable dependencies. packages you use.
@GitHub
@GitHub @GitHub

Securing your end-to-

end supply chain
Introducing best practice guides on complete
end-to-end supply chain security including

PDFmyURL converts web pages and even full websites to PDF easily and quickly.
 personal accounts, code, and build processes.

@GitHub

All Code security docs

Getting started with code security Keeping secrets secure with secret scanning Finding security vulnerabilities and errors in
your code with code scanning
GitHub security features About secret scanning
Introduction to code scanning • 2 articles
Dependabot quickstart guide Secret scanning partner program
Enabling code scanning • 3 articles
Securing your repository Configuring secret scanning for your repositories

Securing your organization About the regular expression generator for custom Creating an advanced setup for code scanning
patterns • 6 articles
Adding a security policy to your repository
Managing alerts from secret scanning Managing code scanning alerts • 5 articles
Auditing security alerts
Secret scanning patterns Managing your code scanning configuration • 13 articles
Best practices for preventing data leaks in your
organization About the detection of generic secrets with secret Integrating with code scanning • 4 articles
scanning
Troubleshooting code scanning • 20 articles
Push protection for repositories and organizations
Troubleshooting SARIF uploads • 6 articles
Push protection for users

Pushing a branch blocked by push protection

Troubleshooting secret scanning

PDFmyURL converts web pages and even full websites to PDF easily and quickly.
 Use the CodeQL CLI to secure your code Working with security advisories Securing your software supply chain

Getting started with the CodeQL CLI • 6 articles Working with global security advisories from the GitHub Understanding your software supply chain • 9 articles
Advisory Database • 4 articles
Using the advanced functionality of the CodeQL CLI End-to-end supply chain • 4 articles
• 14 articles Working with repository security advisories • 12 articles

CodeQL CLI commands manual • 73 articles Guidance on reporting and writing information about
vulnerabilities • 4 articles

Keeping your supply chain secure with Viewing security information for your
Dependabot organization or enterprise

Identifying vulnerabilities in your project's dependencies About security overview

with Dependabot alerts • 4 articles

Prioritizing Dependabot alerts with Dependabot auto-

triage rules • 4 articles

Automatically updating dependencies with known

vulnerabilities with Dependabot security updates
• 2 articles

Keeping your dependencies updated automatically with

Dependabot version updates • 5 articles

Working with Dependabot • 9 articles

Help and support

PDFmyURL converts web pages and even full websites to PDF easily and quickly.
 Did this doc help you? Help us make these docs great!

All GitHub docs are open source. See something

that's wrong or unclear? Submit a pull request.
Privacy policy

Make a contribution

Learn how to contribute

Still need help?

Ask the GitHub community

Contact support

Legal
© 2024 GitHub, Inc. Terms Privacy Status Pricing Expert services Blog

PDFmyURL converts web pages and even full websites to PDF easily and quickly.