Code security guides

Learn about the different ways that GitHub can help you improve your code's security.

Code security learning paths

Get pull requests to update your vulnerable dependencies

Set up Dependabot to create pull requests when new vulnerabilities are reported.

Keep your dependencies up-to-date

Use Dependabot to check for new releases and create pull requests to update your dependencies.

Scan for secrets

Set up secret scanning to guard against accidental check-ins of tokens, passwords, and other secrets to your repository.

Run code scanning with GitHub Actions

Check your default branch and every pull request to keep vulnerabilities and errors out of your repository.

Run CodeQL code scanning in your CI

Set up CodeQL within your existing CI and upload results to GitHub code scanning.

Integrate with code scanning

Upload code analysis results from third-party systems to GitHub using SARIF.


All Code security guides

Did this doc help you?Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.