The Wayback Machine - https://web.archive.org/web/20210808163123/https://docs.github.com/en/code-security/guides
GitHub.com
English

Explore by product

Code security
GitHub.com
English

Code security guides

Learn about the different ways that GitHub can help you improve your code's security.

Code security learning paths

Get notifications for vulnerable dependencies

Set up Dependabot to alert you to new vulnerabilities in your dependencies.

Start
Get pull requests to update your vulnerable dependencies

Set up Dependabot to create pull requests when new vulnerabilities are reported.

Start
Keep your dependencies up-to-date

Use Dependabot to check for new releases and create pull requests to update your dependencies.

Start
Explore and manage security alerts

Learn where to find and resolve security alerts.

Start
Scan for secrets

Set up secret scanning to guard against accidental check-ins of tokens, passwords, and other secrets to your repository.

Start
Run code scanning with GitHub Actions

Check your default branch and every pull request to keep vulnerabilities and errors out of your repository.

Start
Run CodeQL code scanning in your CI

Set up CodeQL within your existing CI and upload results to GitHub code scanning.

Start
Integrate with code scanning

Upload code analysis results from third-party systems to GitHub using SARIF.

Start

All Code security guides

Add a security policy

How-to guide

You can give instructions for how to report a security vulnerability in your project by adding a security policy to your repository.

Security policiesVulnerabilitiesRepositoriesHealth

GitHub security features

Overview

An overview of GitHub security features.

RepositoriesDependenciesVulnerabilitiesAdvanced Security

Secure your organization

How-to guide

You can use a number of GitHub features to help keep your organization secure.

OrganizationsDependenciesVulnerabilitiesAdvanced Security

Secure your repository

How-to guide

You can use a number of GitHub features to help keep your repository secure.

RepositoriesDependenciesVulnerabilitiesAdvanced Security

About secret scanning

Overview

GitHub scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally.

Secret scanningAdvanced Security

Configure secret scans

How-to guide

You can configure how GitHub scans your repositories for secrets.

Secret scanningAdvanced SecurityRepositories

Manage secret alerts

How-to guide

You can view and close alerts for secrets checked in to your repository.

Secret scanningAdvanced SecurityAlertsRepositories

About code scanning

Overview

You can use code scanning to find security vulnerabilities and errors in the code for your project on GitHub.

Advanced SecurityCode scanning

Configure code scanning

How-to guide

You can configure how GitHub scans the code in your project for vulnerabilities and errors.

Advanced SecurityCode scanningActionsRepositoriesPull requestsJavaScriptPython

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.