Secure coding documentation
Build security into your GitHub workflow to secure your software supply chain, automatically find and fix vulnerabilities in your codebase, and prevent data leaks.
Start here
GitHub security features
An overview of GitHub's security features.
Quickstart for securing your repository
Manage access to your code. Find and fix vulnerable code and dependencies automatically.
Dependabot quickstart guide
Find and fix vulnerable dependencies you rely on with Dependabot.
Configuring default setup for code scanning
Quickly set up code scanning to find and fix vulnerable code automatically.
Popular
About the secret risk assessment
Learn why it's so important to understand your organization's exposure to data leaks and how the secret risk assessment report gives an overview of your organization’s secret leak footprint.
About coordinated disclosure of security vulnerabilities
Vulnerability disclosure is a coordinated effort between security reporters and repository maintainers.
Best practices for preventing data leaks in your organization
Learn guidance and recommendations to help you avoid private or sensitive data present in your organization from being exposed.
Best practices for fixing security alerts at scale
Guidance on how to create successful security campaigns that engage developers and help them grow their understanding of secure coding.
Planning a trial of GitHub Advanced Security
Make the most of your trial so you can decide whether Advanced Security products meet your business needs.
Enabling secret scanning features
Learn how to enable secret scanning to detect secrets that are already visible in a repository, as well as push protection to proactively secure you against leaking additional secrets by blocking pushes containing secrets.
Configuring default setup for code scanning
Quickly set up code scanning to find and fix vulnerable code automatically.
Configuring Dependabot security updates
You can use Dependabot security updates or manual pull requests to easily update vulnerable dependencies.
Securing your organization
- Introduction to securing your organization at scale • 2 articles
- Enabling security features in your organization • 5 articles
- Managing the security of your organization • 7 articles
- Understanding your organization's exposure to leaked secrets • 4 articles
- Understanding your organization's exposure to vulnerabilities • 2 articles
- Fixing security alerts at scale • 4 articles
- Troubleshooting security configurations • 3 articles
Keeping secrets secure with secret scanning
- Introduction to secret scanning • 4 articles
- Enabling secret scanning features • 3 articles
- Managing alerts from secret scanning • 5 articles
- Working with secret scanning and push protection • 6 articles
- Using advanced secret scanning and push protection features • 5 articles
- Enhance your secret detection capabilities with Copilot secret scanning • 4 articles
- Troubleshooting secret scanning and push protection • 1 articles
- Secret scanning partnership program • 1 articles
Finding security vulnerabilities and errors in your code with code scanning
- Introduction to code scanning • 2 articles
- Enabling code scanning • 3 articles
- Creating an advanced setup for code scanning • 6 articles
- Managing code scanning alerts • 8 articles
- Managing your code scanning configuration • 18 articles
- Integrating with code scanning • 4 articles
- Troubleshooting code scanning • 21 articles
- Troubleshooting SARIF uploads • 6 articles
Keeping your supply chain secure with Dependabot
- Ecosystems supported by Dependabot • 2 articles
- Identifying vulnerabilities in your project's dependencies with Dependabot alerts • 4 articles
- Prioritizing Dependabot alerts with Dependabot auto-triage rules • 4 articles
- Automatically updating dependencies with known vulnerabilities with Dependabot security updates • 3 articles
- Keeping your dependencies updated automatically with Dependabot version updates • 5 articles
- Working with Dependabot • 10 articles
- Maintaining dependencies at scale • 3 articles
- Troubleshooting Dependabot • 6 articles
Viewing security information for your organization or enterprise
- About security overview
- Viewing security insights
- Assessing adoption of security features
- Assessing the security risk of your code
- Filtering alerts in security overview
- Exporting data from security overview
- Viewing metrics for Dependabot alerts
- Viewing metrics for secret scanning push protection
- Viewing metrics for pull request alerts
- Reviewing requests to bypass push protection