This version of GitHub Enterprise was discontinued on 2023-07-06. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.
Guides for code security
Learn about the different ways that GitHub Enterprise Server can help you improve your code's security.
Run code scanning with GitHub Actions
Check your default branch and every pull request to keep vulnerabilities and errors out of your repository.Start learning path- 1Overview
About code scanning
You can use code scanning to find security vulnerabilities and errors in the code for your project on GitHub. - 2How-to guide
Configuring code scanning for a repository
You can configure code scanning for a repository to find security vulnerabilities in your code. - 3How-to guide
Customizing code scanning
You can customize how GitHub scans the code in your project for vulnerabilities and errors. - 4How-to guide
Configuring the CodeQL workflow for compiled languages
You can configure how GitHub uses the CodeQL analysis workflow to scan code written in compiled languages for vulnerabilities and errors. - 5How-to guide
Running CodeQL code scanning in a container
You can run code scanning in a container by ensuring that all processes run in the same container. - 6
Troubleshooting code scanning
When analyzing your code with code scanning, you may need to troubleshoot unexpected issues.
Code security learning paths
Fix and disclose a security vulnerability
Using repository security advisories to privately fix a reported vulnerability and get a CVE.
Get notifications for insecure dependencies
Set up Dependabot to alert you to new vulnerabilities in your dependencies.
Get pull requests to update your vulnerable dependencies
Set up Dependabot to create pull requests when new vulnerabilities are reported.
Keep your dependencies up-to-date
Use Dependabot to check for new releases and create pull requests to update your dependencies.
Scan for secrets
Set up secret scanning to guard against accidental check-ins of tokens, passwords, and other secrets to your repository.
Run CodeQL code scanning in your CI
Set up CodeQL within your existing CI and upload results to GitHub code scanning.
Integrate with code scanning
Upload code analysis results from third-party systems to GitHub using SARIF.
End-to-end supply chain
How to think about securing your user accounts, your code, and your build process.
All Code security guides
Adding a security policy to your repository
How-to guideYou can give instructions for how to report a security vulnerability in your project by adding a security policy to your repository.
- Security policies
- Vulnerabilities
- Repositories
- Health
GitHub security features
OverviewAn overview of GitHub security features.
- Repositories
- Dependencies
- Vulnerabilities
- Advanced Security
Securing your organization
How-to guideYou can use a number of GitHub features to help keep your organization secure.
- Organizations
- Dependencies
- Vulnerabilities
- Advanced Security
Securing your repository
How-to guideYou can use a number of GitHub features to help keep your repository secure.
- Repositories
- Dependencies
- Vulnerabilities
- Advanced Security
Dependabot quickstart guide
QuickstartYou can use Dependabot to alert you when your repository is using a software dependency with a known vulnerability. This guide will help get you started on enabling Dependabot for a repository, and exploring reported alerts.
- Dependabot
- Alerts
- Vulnerabilities
- Repositories
- Dependencies
Auditing security alerts
OverviewGitHub provides a variety of tools you can use to audit and monitor actions taken in response to security alerts.
- Repositories
- Dependencies
- Vulnerabilities
- Security
- Advanced Security
About secret scanning
OverviewGitHub Enterprise Server scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally.
- Secret scanning
- Advanced Security
Configuring secret scanning for your repositories
How-to guideYou can configure how GitHub scans your repositories for leaked secrets and generates alerts.
- Secret scanning
- Advanced Security
- Repositories
Defining custom patterns for secret scanning
How-to guideYou can extend secret scanning to detect secrets beyond the default patterns.
- Advanced Security
- Secret scanning