Code security learning paths

Get notifications for vulnerable dependencies

Set up Dependabot to alert you to new vulnerabilities in your dependencies.

Scan for secrets

Set up secret scanning to guard against accidental check-ins of tokens, passwords, and other secrets to your repository.

Run CodeQL code scanning in your CI

Set up CodeQL within your existing CI and upload results to GitHub code scanning.

Integrate with code scanning

Upload code analysis results from third-party systems to GitHub using SARIF.


All Code security guides

Did this doc help you?Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.