Code security documentation
Build security into your GitHub workflow with features to keep secrets and vulnerabilities out of your codebase, and to maintain your software supply chain.
Start hereView all
Configuring Dependabot security updates
You can use Dependabot security updates or manual pull requests to easily update vulnerable dependencies.
Configuring Dependabot version updates
You can configure your repository so that Dependabot automatically updates the packages you use.
Configuring code scanning for a repository
You can configure code scanning for a repository to find security vulnerabilities in your code.
Securing your end-to-end supply chain
Introducing best practice guides on complete end-to-end supply chain security including personal accounts, code, and build processes.