Code security documentation
Build security into your GitHub workflow with features to keep secrets and vulnerabilities out of your codebase.
Start here
Popular
Configuring code scanning
You can configure code scanning for a repository to find security vulnerabilities in your code.
Configuring secret scanning for your repositories
You can configure how GitHub scans your repositories for leaked secrets and generates alerts.
Uploading a SARIF file to GitHub
You can upload SARIF files generated outside GitHub and see code scanning alerts from third-party tools in your repository.
Using code scanning with your existing CI system
You can analyze your code with the CodeQL CLI or another tool in a third-party continuous integration system and upload the results to your enterprise. The resulting code scanning alerts are shown alongside any alerts generated within GitHub AE.