Secure coding documentation
Build security into your GitHub workflow to secure your software supply chain, automatically find and fix vulnerabilities in your codebase, and prevent data leaks.
Start here
Quickstart for securing your repository
Manage access to your code. Find and fix vulnerable code and dependencies automatically.
Working with secret scanning and push protection
Avoid leaking sensitive data by blocking pushes containing tokens and other secrets.
Dependabot quickstart guide
Find and fix vulnerable dependencies you rely on with Dependabot.
Configuring default setup for code scanning
Quickly set up code scanning to find vulnerable code automatically.
Popular
Release notes
Detailed information for all releases of the currently selected version of GitHub Enterprise Server.
Best practices for preventing data leaks in your organization
Learn guidance and recommendations to help you avoid private or sensitive data present in your organization from being exposed.
Best practices for maintaining dependencies
Guidance and recommendations for maintaining the dependencies you use, including GitHub's security products that can help.
Enabling secret scanning features
Learn how to enable secret scanning to detect secrets that are already visible in a repository, as well as push protection to proactively secure you against leaking additional secrets by blocking pushes containing secrets.
Configuring default setup for code scanning
Quickly set up code scanning to find vulnerable code automatically.
Configuring Dependabot security updates
You can use Dependabot security updates or manual pull requests to easily update vulnerable dependencies.
Configuring Dependabot version updates
You can configure your repository so that Dependabot automatically updates the packages you use.
Keeping secrets secure with secret scanning
- Introduction to secret scanning • 3 articles
- Enabling secret scanning features • 2 articles
- Managing alerts from secret scanning • 5 articles
- Working with secret scanning and push protection • 3 articles
- Using advanced secret scanning and push protection features • 4 articles
- Troubleshooting secret scanning and push protection • 1 articles
Finding security vulnerabilities and errors in your code with code scanning
- Introduction to code scanning • 2 articles
- Enabling code scanning • 3 articles
- Creating an advanced setup for code scanning • 6 articles
- Managing code scanning alerts • 4 articles
- Managing your code scanning configuration • 15 articles
- Integrating with code scanning • 4 articles
- Troubleshooting code scanning • 19 articles
- Troubleshooting SARIF uploads • 6 articles
Keeping your supply chain secure with Dependabot
- Ecosystems supported by Dependabot • 2 articles
- Identifying vulnerabilities in your project's dependencies with Dependabot alerts • 4 articles
- Prioritizing Dependabot alerts with Dependabot auto-triage rules • 4 articles
- Automatically updating dependencies with known vulnerabilities with Dependabot security updates • 3 articles
- Keeping your dependencies updated automatically with Dependabot version updates • 5 articles
- Working with Dependabot • 6 articles
- Maintaining dependencies at scale • 2 articles
- Troubleshooting Dependabot • 6 articles