Skip to main content
GitHub Docs
Version:
Enterprise Server 3.13
Search GitHub Docs
Search
Select language: current language is English
Open Search Bar
Close Search Bar
Open Menu
Open Sidebar
Code security
/
Supply chain security
Home
Code security
Getting started
GitHub security features
Dependabot quickstart
Secure repository quickstart
Secure organization quickstart
Add a security policy
Audit security alerts
Prevent data leaks
Adopt GHAS at scale
Introduction
1. Align on strategy
2. Preparation
3. Pilot programs
4. Create internal documentation
5. Rollout code scanning
6. Rollout secret scanning
Secret scanning
Introduction
Secret scanning
Push protection
Supported patterns
Enable features
Enable secret scanning
Enable push protection
Manage alerts
About alerts
View alerts
Evaluate alerts
Resolve alerts
Monitor alerts
Work with secret scanning
Push protection on the command line
Push protection in the GitHub UI
Advanced features
Exclude folders and files
Non-provider patterns
Enable for non-provider patterns
Custom patterns
Define custom patterns
Manage custom patterns
Custom pattern metrics
Troubleshoot
Troubleshoot secret scanning
Code scanning
Introduction
About code scanning
About CodeQL code scanning
Enable code scanning
Configure code scanning
Evaluate code scanning
Code scanning at scale
Create advanced setup
Configure advanced setup
Customize advanced setup
CodeQL for compiled languages
CodeQL advanced setup at scale
Hardware resources for CodeQL
Code scanning in a container
Manage alerts
About code scanning alerts
Assess alerts
Resolve alerts
Triage alerts in pull requests
Manage code scanning
Code scanning tool status
Edit default setup
CodeQL query suites
View code scanning logs
C and C++ CodeQL queries
C# CodeQL queries
Go CodeQL queries
Java and Kotlin CodeQL queries
JavaScript and TypeScript queries
Python CodeQL queries
Ruby CodeQL queries
Swift CodeQL queries
Integrate with code scanning
About integration
Using code scanning with your existing CI system
Upload a SARIF file
SARIF support
Troubleshooting code scanning
Advanced Security must be enabled
Alerts in generated code
Analysis takes too long
Automatic build failed
C# compiler failing
Cannot enable CodeQL in a private repository
Enabling default setup takes too long
Extraction errors in the database
Fewer lines scanned than expected
Logs not detailed enough
No source code seen during build
Not recognized
Out of disk or memory
Results different than expected
Some languages not analyzed
Two CodeQL workflows
Unclear what triggered a workflow
Unnecessary step found
Troubleshooting SARIF uploads
GitHub Advanced Security disabled
Default setup is enabled
GitHub token missing
SARIF file invalid
Results file too large
Results exceed limits
CodeQL CLI
Getting started
About the CodeQL CLI
Setting up the CodeQL CLI
Preparing code for analysis
Analyzing code
Uploading results to GitHub
Customizing analysis
Advanced functionality
Advanced setup of the CodeQL CLI
About CodeQL workspaces
Using custom queries with the CodeQL CLI
Creating CodeQL query suites
Testing custom queries
Testing query help files
Creating and working with CodeQL packs
Publishing and using CodeQL packs
Specifying command options in a CodeQL configuration file
Query reference files
CodeQL CLI SARIF output
CodeQL CLI CSV output
Extractor options
Exit codes
CodeQL CLI manual
bqrs decode
bqrs diff
bqrs hash
bqrs info
bqrs interpret
database add-diagnostic
database analyze
database bundle
database cleanup
database create
database export-diagnostics
database finalize
database import
database index-files
database init
database interpret-results
database print-baseline
database run-queries
database trace-command
database unbundle
database upgrade
dataset check
dataset cleanup
dataset import
dataset measure
dataset upgrade
diagnostic add
diagnostic export
execute cli-server
execute language-server
execute queries
execute query-server
execute query-server2
execute upgrades
generate extensible-predicate-metadata
generate log-summary
generate query-help
github merge-results
github upload-results
pack add
pack bundle
pack ci
pack create
pack download
pack init
pack install
pack ls
pack packlist
pack publish
pack resolve-dependencies
pack upgrade
query compile
query decompile
query format
query run
resolve database
resolve extensions
resolve extensions-by-pack
resolve extractor
resolve files
resolve languages
resolve library-path
resolve metadata
resolve ml-models
resolve packs
resolve qlpacks
resolve qlref
resolve queries
resolve ram
resolve tests
resolve upgrades
test accept
test extract
test run
version
CodeQL for VS Code
Getting started
About the extension
Extension installation
Manage CodeQL databases
Run CodeQL queries
Explore data flow
Advanced functionality
CodeQL model editor
Custom query creation
Manage CodeQL packs
Explore code structure
Test CodeQL queries
Customize settings
CodeQL workspace setup
CodeQL CLI access
Telemetry
Troubleshooting CodeQL for VS Code
Access logs
Security advisories
Global security advisories
About the GitHub Advisory database
About global security advisories
Browse Advisory Database
Edit Advisory Database
Supply chain security
Understand your supply chain
Supply chain security
Dependency graph
Dependency graph ecosystem support
Configure dependency graph
Export dependencies as SBOM
Dependency submission API
Dependency review
Configure dependency review action
Customize dependency review action
Enforce dependency review
Explore dependencies
Troubleshoot dependency graph
End-to-end supply chain
Overview
Securing accounts
Securing code
Securing builds
Dependabot
Dependabot ecosystems
Dependabot ecosystem support
Optimize Java packages
Dependabot alerts
Dependabot alerts
Configure Dependabot alerts
View Dependabot alerts
Configure notifications
Dependabot auto-triage rules
About auto-triage rules
GitHub preset rules
Custom auto-triage rules
Manage auto-dismissed alerts
Dependabot security updates
Dependabot security updates
Configure security updates
Customize Dependabot PRs
Dependabot version updates
Dependabot version updates
Configure version updates
Optimize PR creation
Customize Dependabot PRs
Control dependency update
Work with Dependabot
Manage Dependabot PRs
Use Dependabot with Actions
Auto-update actions
Configure access to private registries
Guidance for configuring private registries
Dependabot options reference
Maintain dependencies at scale
Remove access to public registries
Troubleshoot Dependabot
List configured dependencies
Viewing Dependabot logs
Dependabot stopped working
Troubleshoot errors
Troubleshoot Dependabot on Actions
Troubleshoot vulnerability detection
Security overview
About security overview
View security insights
Assess adoption of features
Assess security risk to code
Filter security overview
Enable security features
View secret scanning metrics
Code security
/
Supply chain security
Securing your software supply chain
Visualize, maintain, and secure the dependencies in your software supply chain.
Understanding your software supply chain
About supply chain security
About the dependency graph
Dependency graph supported package ecosystems
Configuring the dependency graph
Exporting a software bill of materials for your repository
Using the dependency submission API
About dependency review
Configuring the dependency review action
Customizing your dependency review action configuration
Enforcing dependency review across an organization
Exploring the dependencies of a repository
Troubleshooting the dependency graph
End-to-end supply chain
Securing your end-to-end supply chain
Best practices for securing accounts
Best practices for securing code in your supply chain
Best practices for securing your build system