Build security into your GitHub workflow with features to keep secrets and vulnerabilities out of your codebase.
You can use a number of GitHub features to help keep your...
You can set up code scanning by adding a workflow to your...
Example code scanning workflow for the CodeQL action from the Microsoft Open Source repository.
Example code scanning workflow for the CodeQL action from the Trusted AI repository.
Example security policy
Security advisory published by Rails for CVE-2020-15169.
Sorry, there is no guide that match your filter.Try another filter or add your code example.
You can configure how GitHub scans your repositories for secrets.
You can upload SARIF files generated outside GitHub and see code scanning alerts from third-party tools in your repository.
You can run CodeQL analysis in your existing CI system and upload the results to GitHub AE for display as code scanning alerts.
We're continually improving our docs. We'd love to hear what we do well.
We're continually improving our docs. We'd love to hear how we can do better.
Let us know what we do well
Let us know what we can do better
Can we contact you if we have more questions?
If you need a reply, please contact support instead.
Thank you! We received your feedback.
All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.
Or, learn how to contribute.