Securing your repository→
You can use a number of GitHub features to help keep your repository secure.
Securing your organization→
You can use a number of GitHub features to help keep your organization secure.
Creating a security advisory→
You can create a draft security advisory to privately discuss and fix a security vulnerability in your open source project.
CodeQL code scanning at Microsoft
Example code scanning workflow for the CodeQL action from the Microsoft Open Source repository.
Adversarial Robustness Toolbox (ART) CodeQL code scanning
Example code scanning workflow for the CodeQL action from the Trusted AI repository.
Security advisory for Rails
Security advisory published by Rails for CVE-2020-15169.
Configuring Dependabot security updates
You can use Dependabot security updates or manual pull requests to easily update vulnerable dependencies.
Enabling and disabling version updates
You can configure your repository so that Dependabot automatically updates the packages you use.
- Automatically scanning your code for vulnerabilities and errors • 10 articles
- Integrating with code scanning • 3 articles
- Using CodeQL code scanning with your existing CI system • 7 articles
- About coordinated disclosure of security vulnerabilities
- About GitHub Security Advisories
- Permission levels for security advisories
- Creating a security advisory
- Adding a collaborator to a security advisory
- Removing a collaborator from a security advisory
- Collaborating in a temporary private fork to resolve a security vulnerability
- Publishing a security advisory
- Editing a security advisory
- Withdrawing a security advisory
- Understanding your software supply chain • 3 articles
- Keeping your dependencies updated automatically • 10 articles
- Managing vulnerabilities in your project's dependencies • 9 articles