此版本的 GitHub Enterprise 将停止服务 2022-06-03. 即使针对重大安全问题,也不会发布补丁。 要获得更好的性能、改进的安全性和新功能,请升级到 GitHub Enterprise 的最新版本。 如需升级方面的帮助,请联系 GitHub Enterprise 支持。
Code security guides
了解 GitHub Enterprise Server 可以帮助您提高代码安全性的不同方式。
- 1概览
About code scanning
You can use 代码扫描 to find security vulnerabilities and errors in the code for your project on GitHub. - 2操作方法指南
Setting up code scanning for a repository
You can set up 代码扫描 by adding a workflow to your repository. - 3操作方法指南
Configuring code scanning
You can configure how GitHub scans the code in your project for vulnerabilities and errors. - 4操作方法指南
Configuring the CodeQL workflow for compiled languages
You can configure how GitHub uses the CodeQL 分析工作流程 to scan code written in compiled languages for vulnerabilities and errors. - 5操作方法指南
在容器中运行 CodeQL 代码扫描
通过确保所有进程都在同一容器中运行,您可以在容器中运行 代码扫描。 - 6操作方法指南
Troubleshooting the CodeQL workflow
If you're having problems with 代码扫描, you can troubleshoot by using these tips for resolving issues.
All Code security guides
添加安全政策到仓库
操作方法指南您可以为仓库添加安全政策,说明如何报告项目中的安全漏洞。
- Security policies
- Vulnerabilities
- Repositories
- Health
GitHub security features
概览An overview of GitHub security features.
- Repositories
- Dependencies
- Vulnerabilities
- Advanced Security
Securing your organization
操作方法指南You can use a number of GitHub features to help keep your organization secure.
- Organizations
- Dependencies
- Vulnerabilities
- Advanced Security
Securing your repository
操作方法指南You can use a number of GitHub features to help keep your repository secure.
- Repositories
- Dependencies
- Vulnerabilities
- Advanced Security
About secret scanning
概览GitHub Enterprise Server scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally.
- Secret scanning
- Advanced Security
配置仓库的密码扫描
操作方法指南您可以配置 GitHub 如何扫描存储库以查找与高级安全模式匹配的机密。
- Secret scanning
- Advanced Security
- Repositories
管理来自密码扫描的警报
操作方法指南您可以查看并关闭已检入仓库的密码的警报。
- Secret scanning
- Advanced Security
- Alerts
- Repositories
Secret scanning patterns
参考Lists of supported secrets and the partners that GitHub works with to prevent fraudulent use of secrets that were committed accidentally.
- Secret scanning
- Advanced Security
About code scanning
概览You can use 代码扫描 to find security vulnerabilities and errors in the code for your project on GitHub.
- Advanced Security
- Code scanning