Skip to main content

All products
Code security
- Getting started
- Adopting GHAS at scale
- Secret scanning
- Code scanning
  - Scan code automatically
    About code scanning
    About code scanning alerts
    Triage alerts in pull requests
    Set up code scanning
    Manage alerts
    Track alerts in issues
    Configure code scanning
    Code scanning with CodeQL
    Hardware resources for CodeQL
    Configure compiled languages
    Troubleshoot CodeQL workflow
    Code scanning in a container
    View code scanning logs
  - Integrate with code scanning
    About integration
    Upload a SARIF file
    SARIF support
  - Use CodeQL in CI system
    Code scanning in your CI
    Install CodeQL CLI
    Configure CodeQL CLI
    Run CodeQL runner
    Migrating from the CodeQL runner
- Repository security advisories
- Supply chain security
  - Understand your supply chain
    Supply chain security
    Dependency graph
    Configure dependency graph
    Dependency submission API
    Dependency review
    Configure dependency review
    Explore dependencies
    Troubleshoot dependency graph
  - End-to-end supply chain
    Overview
    Securing accounts
    Securing code
    Securing builds
- Dependabot
  - Dependabot alerts
    Browse Advisory Database
    Edit Advisory Database
    Dependabot alerts
    Configure Dependabot alerts
    View Dependabot alerts
    Configure notifications
  - Dependabot security updates
    Dependabot security updates
    Configure security updates
  - Dependabot version updates
    Dependabot version updates
    Configure version updates
    List configured dependencies
    Customize updates
    Configure dependabot.yml
  - Work with Dependabot
    Manage Dependabot PRs
    Use Dependabot with Actions
    Auto-update actions
    Manage encrypted secrets
    Troubleshoot vulnerability detection
    Troubleshoot errors
- Security overview
- Guides for code security

Code security/
Supply chain security

Search GitHub Docs

Code security/
Supply chain security

Code security

Enterprise Cloud

Free, Pro, & Team
Enterprise Cloud
Enterprise Server 3.6
Enterprise Server 3.5
Enterprise Server 3.4
Enterprise Server 3.3
Enterprise Server 3.2
GitHub AE
All Enterprise Server releases
About versions

English

English
简体中文
日本語
Español
Português do Brasil

Search GitHub Docs

Securing your software supply chain

Visualize, maintain, and secure the dependencies in your software supply chain.

Understanding your software supply chain

About supply chain security
About the dependency graph
Configuring the dependency graph
Using the Dependency submission API
About dependency review
Configuring dependency review
Exploring the dependencies of a repository
Troubleshooting the dependency graph

End-to-end supply chain

Securing your end-to-end supply chain
Best practices for securing accounts
Best practices for securing code in your supply chain
Best practices for securing your build system

Did this doc help you?

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.

Still need help?

Ask the GitHub community

Contact support

© 2022 GitHub, Inc.
Terms
Privacy
Security
Status
Help
Contact GitHub
Pricing
Developer API
Training
Blog
About