Skip to main content

All products
Code security
- Getting started
- Secret scanning
  - About secret scanning
  - Secret scanning patterns
- Code scanning
  - Scan code automatically
    About code scanning
    About code scanning alerts
    Triage alerts in pull requests
    Set up code scanning
    Manage alerts
    Track alerts in issues
    Configure code scanning
    Code scanning with CodeQL
    Hardware resources for CodeQL
    Configure compiled languages
    Troubleshoot CodeQL workflow
    Code scanning in a container
    View code scanning logs
  - Integrate with code scanning
    About integration
    Upload a SARIF file
    SARIF support
  - Use CodeQL in CI system
    Code scanning in your CI
    Install CodeQL CLI
    Configure CodeQL CLI
    Run CodeQL runner
    Migrating from the CodeQL runner
- Security advisories
  - Global security advisories
    About the GitHub Advisory database
    About global security advisories
    Browse Advisory Database
    Edit Advisory Database
  - Repository security advisories
    About repository security advisories
    Permission levels
    Configure private vulnerability reporting
    Create repository advisories
    Edit repository advisories
    Temporary private forks
    Publish repository advisories
    Add collaborators
    Remove collaborators
    Withdraw repository advisories
  - Guidance on reporting and writing
    Coordinated disclosure
    Best practices
    Privately reporting
    Manage vulnerability reports
- Supply chain security
  - Understand your supply chain
    Supply chain security
    Dependency graph
    Configure dependency graph
    Dependency submission API
    Dependency review
    Configure dependency review
    Explore dependencies
    Troubleshoot dependency graph
  - End-to-end supply chain
    Overview
    Securing accounts
    Securing code
    Securing builds
- Dependabot
  - Dependabot alerts
    Dependabot alerts
    Configure Dependabot alerts
    View Dependabot alerts
    Configure notifications
  - Dependabot security updates
    Dependabot security updates
    Configure security updates
  - Dependabot version updates
    Dependabot version updates
    Configure version updates
    List configured dependencies
    Customize updates
    Configure dependabot.yml
  - Work with Dependabot
    Manage Dependabot PRs
    Use Dependabot with Actions
    Auto-update actions
    Manage encrypted secrets
    Troubleshoot vulnerability detection
    Troubleshoot errors
- Security overview
  - About the security overview
- Guides for code security

Code security/
Supply chain security

Search GitHub Docs

Code security/
Supply chain security

Code security

Free, Pro, & Team

Free, Pro, & Team
Enterprise Cloud
Enterprise Server 3.7
Enterprise Server 3.6
Enterprise Server 3.5
Enterprise Server 3.4
Enterprise Server 3.3
GitHub AE
All Enterprise Server releases
About versions

English

English
简体中文
日本語
Español
Português do Brasil

Search GitHub Docs

Securing your software supply chain

Visualize, maintain, and secure the dependencies in your software supply chain.

Understanding your software supply chain

About supply chain security
About the dependency graph
Configuring the dependency graph
Using the Dependency submission API
About dependency review
Configuring dependency review
Exploring the dependencies of a repository
Troubleshooting the dependency graph

End-to-end supply chain

Securing your end-to-end supply chain
Best practices for securing accounts
Best practices for securing code in your supply chain
Best practices for securing your build system

Did this doc help you?

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.

Still need help?

Ask the GitHub community

Contact support

© 2022 GitHub, Inc.
Terms
Privacy
Security
Status
Help
Contact GitHub
Pricing
Developer API
Training
Blog
About