Secure coding documentation
Build security into your GitHub workflow to secure your software supply chain, automatically find and fix vulnerabilities in your codebase, and prevent data leaks.
Start here
Popular
Enabling secret scanning features
Learn how to enable secret scanning to detect secrets that are already visible in a repository, as well as push protection to proactively secure you against leaking additional secrets by blocking pushes containing secrets.
Configuring default setup for code scanning
Quickly set up code scanning to find vulnerable code automatically.
Configuring Dependabot security updates
You can use Dependabot security updates or manual pull requests to easily update vulnerable dependencies.
Configuring Dependabot version updates
You can configure your repository so that Dependabot automatically updates the packages you use.