Code security documentation
Build security into your GitHub workflow with features to keep secrets and vulnerabilities out of your codebase.
Start here
View allGuides
Configuring secret scanning for your repositories
You can configure how GitHub scans your repositories for leaked secrets and generates alerts.
Uploading a SARIF file to GitHub
You can upload SARIF files generated outside GitHub and see code scanning alerts from third-party tools in your repository.
Using CodeQL code scanning with your existing CI system
You can run CodeQL analysis in your existing CI system and upload the results to GitHub AE for display as code scanning alerts.
Securing your end-to-end supply chain
Introducing best practice guides on complete end-to-end supply chain security including personal accounts, code, and build processes.