Enterprise Server 3.2 is currently available as a release candidate. For more information, see "About upgrades to new releases."

Enterprise Server 3.2

English

No results found.

Code security

Build security into your GitHub workflow with features to keep secrets and vulnerabilities out of your codebase, and to maintain your software supply chain.

Overview

Guides

View all

Securing your repository→
You can use a number of GitHub features to help keep your repository secure.
Securing your organization→
You can use a number of GitHub features to help keep your organization secure.
Setting up code scanning for a repository→
You can set up code scanning by adding a workflow to your repository.

Code examples

CodeQL code scanning at Microsoft

Example code scanning workflow for the CodeQL action from the Microsoft Open Source repository.

CodeQLCode scanningGitHub Actions

Adversarial Robustness Toolbox (ART) CodeQL code scanning

Example code scanning workflow for the CodeQL action from the Trusted AI repository.

CodeQLCode scanningGitHub Actions

Microsoft security policy

Example security policy

Security policy

Electron security policy

Example security policy

Security policy

Security advisory for Rails

Security advisory published by Rails for CVE-2020-15169.

Security advisory

Guides

Exploring the dependencies of a repository

You can use the dependency graph to see the packages your project depends on. In addition, you can see any vulnerabilities detected in its dependencies.