Secure coding documentation
Build security into your GitHub workflow to secure your software supply chain, automatically find and fix vulnerabilities in your codebase, and prevent data leaks.
Start here
GitHub security features
An overview of GitHub's security features.
Quickstart for securing your repository
Manage access to your code. Find and fix vulnerable code and dependencies automatically.
Dependabot quickstart guide
Find and fix vulnerable dependencies you rely on with Dependabot.
Configuring default setup for code scanning
Quickly set up code scanning to find and fix vulnerable code automatically.
Popular
About the secret risk assessment
Learn why it's so important to understand your organization's exposure to data leaks and how the secret risk assessment report gives an overview of your organizationโs secret leak footprint.
About coordinated disclosure of security vulnerabilities
Vulnerability disclosure is a coordinated effort between security reporters and repository maintainers.
Best practices for preventing data leaks in your organization
Learn guidance and recommendations to help you avoid private or sensitive data present in your organization from being exposed.
Best practices for fixing security alerts at scale
Guidance on how to create successful security campaigns that engage developers and help them grow their understanding of secure coding.
Planning a trial of GitHub Advanced Security
Learn how to prepare for a successful trial of Advanced Security.
Enabling secret scanning features
Learn how to enable secret scanning to detect secrets that are already visible in a repository, as well as push protection to proactively secure you against leaking additional secrets by blocking pushes containing secrets.
Configuring default setup for code scanning
Quickly set up code scanning to find and fix vulnerable code automatically.
Configuring Dependabot security updates
You can use Dependabot security updates or manual pull requests to easily update vulnerable dependencies.
Securing your organization
- Introduction to securing your organization at scale โข 2 articles
- Enabling security features in your organization โข 5 articles
- Managing the security of your organization โข 7 articles
- Understanding your organization's exposure to leaked secrets โข 6 articles
- Understanding your organization's exposure to vulnerabilities โข 3 articles
- Fixing security alerts at scale โข 4 articles
- Troubleshooting security configurations โข 3 articles
Keeping secrets secure with secret scanning
- Introduction to secret scanning โข 4 articles
- Enabling secret scanning features โข 3 articles
- Managing alerts from secret scanning โข 5 articles
- Working with secret scanning and push protection โข 6 articles
- Using advanced secret scanning and push protection features โข 5 articles
- Enhance your secret detection capabilities with Copilot secret scanning โข 4 articles
- Troubleshooting secret scanning and push protection โข 1 articles
- Secret scanning partnership program โข 1 articles
Finding security vulnerabilities and errors in your code with code scanning
- Introduction to code scanning โข 2 articles
- Enabling code scanning โข 3 articles
- Creating an advanced setup for code scanning โข 6 articles
- Managing code scanning alerts โข 8 articles
- Managing your code scanning configuration โข 18 articles
- Integrating with code scanning โข 4 articles
- Troubleshooting code scanning โข 21 articles
- Troubleshooting SARIF uploads โข 6 articles
Keeping your supply chain secure with Dependabot
- Ecosystems supported by Dependabot โข 2 articles
- Identifying vulnerabilities in your project's dependencies with Dependabot alerts โข 4 articles
- Prioritizing Dependabot alerts with Dependabot auto-triage rules โข 4 articles
- Automatically updating dependencies with known vulnerabilities with Dependabot security updates โข 3 articles
- Keeping your dependencies updated automatically with Dependabot version updates โข 5 articles
- Working with Dependabot โข 10 articles
- Maintaining dependencies at scale โข 3 articles
- Troubleshooting Dependabot โข 6 articles
Viewing security information for your organization or enterprise
- About security overview
- Viewing security insights
- Assessing adoption of security features
- Assessing the security risk of your code
- Filtering alerts in security overview
- Exporting data from security overview
- Viewing metrics for Dependabot alerts
- Viewing metrics for secret scanning push protection
- Viewing metrics for pull request alerts
- Reviewing requests to bypass push protection