The Wayback Machine - https://web.archive.org/web/20211123071005/https://docs.github.com/en/code-security/guides
Free, Pro, & Team
English
 
Code security
  • Get started
  • Account and profile
  • Authentication
  • Repositories
  • GitHub
  • Enterprise administrators
  • Billing and payments
  • Organizations
  • Code security
  • Pull requests
  • GitHub Issues
  • GitHub Actions
  • GitHub Codespaces
  • GitHub Packages
  • Search on GitHub
  • Developers
  • REST API
  • GraphQL API
  • GitHub CLI
  • GitHub Discussions
  • GitHub Sponsors
  • Building communities
  • GitHub Pages
  • Education
  • GitHub Desktop
  • Atom
  • Electron
  • CodeQL
  • npm
    • Free, Pro, & Team
  • Free, Pro, & Team
  • Enterprise Cloud
  • Enterprise Server 3.3
  • Enterprise Server 3.2
  • Enterprise Server 3.1
  • Enterprise Server 3.0
  • GitHub AE
  • All Enterprise releases
    • English
  • English
  • 简体中文 (Simplified Chinese)
  • 日本語 (Japanese)
  • Español (Spanish)
  • Português do Brasil (Portuguese)

    •  

    Code security guides

    Learn about the different ways that GitHub can help you improve your code's security.

    Code security learning paths

    Get notifications for vulnerable dependencies

    Set up Dependabot to alert you to new vulnerabilities in your dependencies.

    Start
    Get pull requests to update your vulnerable dependencies

    Set up Dependabot to create pull requests when new vulnerabilities are reported.

    Start
    Keep your dependencies up-to-date

    Use Dependabot to check for new releases and create pull requests to update your dependencies.

    Start
    Explore and manage security alerts

    Learn where to find and resolve security alerts.

    Start
    Scan for secrets

    Set up secret scanning to guard against accidental check-ins of tokens, passwords, and other secrets to your repository.

    Start
    Run code scanning with GitHub Actions

    Check your default branch and every pull request to keep vulnerabilities and errors out of your repository.

    Start
    Run CodeQL code scanning in your CI

    Set up CodeQL within your existing CI and upload results to GitHub code scanning.

    Start
    Integrate with code scanning

    Upload code analysis results from third-party systems to GitHub using SARIF.

    Start

    All Code security guides

    58 guides found

    Adding a security policy to your repository

    How-to guide

    You can give instructions for how to report a security vulnerability in your project by adding a security policy to your repository.

    Security policiesVulnerabilitiesRepositoriesHealth

    GitHub security features

    Overview

    An overview of GitHub security features.

    RepositoriesDependenciesVulnerabilitiesAdvanced Security

    Securing your organization

    How-to guide

    You can use a number of GitHub features to help keep your organization secure.

    OrganizationsDependenciesVulnerabilitiesAdvanced Security

    Securing your repository

    How-to guide

    You can use a number of GitHub features to help keep your repository secure.

    RepositoriesDependenciesVulnerabilitiesAdvanced Security

    About secret scanning

    Overview

    GitHub scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally.

    Secret scanningAdvanced Security

    Configuring secret scanning for your repositories

    How-to guide

    You can configure how GitHub scans your repositories for secrets.

    Secret scanningAdvanced SecurityRepositories

    Managing alerts from secret scanning

    How-to guide

    You can view and close alerts for secrets checked in to your repository.

    Secret scanningAdvanced SecurityAlertsRepositories

    Tracking code scanning alerts in issues using task lists

    How-to guide

    You can add code scanning alerts to issues using task lists. This makes it easy to create a plan for development work that includes fixing alerts.

    Advanced SecurityCode scanningAlertsRepositoriesIssues

    About code scanning

    Overview

    You can use code scanning to find security vulnerabilities and errors in the code for your project on GitHub.

    Advanced SecurityCode scanning

    Help us make these docs great!

    All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

    Make a contribution

    Or, learn how to contribute.