Skip to main content

Search GitHub Docs

Code security/
Getting started

- Getting started
- Secret scanning
- Code scanning
  - Scan code automatically
    About code scanning
    About code scanning alerts
    Triage alerts in pull requests
    Configure code scanning
    Manage alerts
    Track alerts in issues
    Customize code scanning
    Code scanning with CodeQL
    Hardware resources for CodeQL
    Configure compiled languages
    Troubleshoot default setup
    Troubleshoot advanced setup
    Code scanning in a container
    View code scanning logs
  - Integrate with code scanning
    About integration
    Upload a SARIF file
    SARIF support
  - Use CodeQL in CI system
    Code scanning in your CI
    Install CodeQL CLI
    Configure CodeQL CLI
    Migrating from the CodeQL runner
- CodeQL CLI
  - Using the CodeQL CLI
    About the CodeQL CLI
    Getting started
    Creating CodeQL databases
    Extractor options
    Analyzing databases
    Using custom queries with the CodeQL CLI
    Creating CodeQL query suites
    Testing custom queries
    Testing query help files
    Creating and working with CodeQL packs
    Publishing and using CodeQL packs
    Specifying command options in a CodeQL configuration file
  - CodeQL CLI reference
    About CodeQL packs
    About CodeQL workspaces
    Query reference files
    CodeQL CLI SARIF output
    Exit codes
- Security advisories
  - Global security advisories
    About the GitHub Advisory database
    About global security advisories
    Browse Advisory Database
    Edit Advisory Database
  - Repository security advisories
    About repository security advisories
    Permission levels
    Configure for a repository
    Configure for an organization
    Create repository advisories
    Edit repository advisories
    Temporary private forks
    Publish repository advisories
    Add collaborators
    Remove collaborators
    Withdraw repository advisories
  - Guidance on reporting and writing
    Coordinated disclosure
    Best practices
    Privately reporting
    Manage vulnerability reports
- Supply chain security
  - Understand your supply chain
    Supply chain security
    Dependency graph
    Configure dependency graph
    Dependency submission API
    Dependency review
    Configure dependency review
    Explore dependencies
    Troubleshoot dependency graph
  - End-to-end supply chain
    Overview
    Securing accounts
    Securing code
    Securing builds
- Dependabot
  - Dependabot alerts
    Dependabot alerts
    Configure Dependabot alerts
    View Dependabot alerts
    Configure notifications
  - Dependabot security updates
    Dependabot security updates
    Configure security updates
  - Dependabot version updates
    Dependabot version updates
    Configure version updates
    List configured dependencies
    Customize updates
    Configure dependabot.yml
  - Work with Dependabot
    Manage Dependabot PRs
    Use Dependabot with Actions
    Auto-update actions
    Configure access to private registries
    Remove access to public registries
    Troubleshoot vulnerability detection
    Troubleshoot errors
- Security overview
  - About the security overview
- Guides for code security

Code security/
Getting started

Getting started with code security

Introduction to code security with GitHub.

GitHub security features
Securing your repository
Securing your organization
Adding a security policy to your repository
Auditing security alerts

Did this doc help you?

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.

Still need help?

Ask the GitHub community

Contact support

© 2023 GitHub, Inc.
Terms
Privacy
Security
Status
Help
Contact GitHub
Pricing
Developer API
Training
Blog
About