Skip to main content
GitHub AE is currently under limited release.
GitHub Docs
Version:
GitHub AE
Search GitHub Docs
Code security
/
Getting started
All products
Code security
Getting started
GitHub security features
Secure your repository
Secure your organization
Add a security policy
Audit security alerts
Adopting GHAS at scale
Introduction
1. Align on strategy
2. Preparation
3. Pilot programs
4. Create internal documentation
5. Rollout code scanning
6. Rollout secret scanning
Secret scanning
About secret scanning
Configure secret scans
Define custom patterns
Manage secret alerts
Secret scanning patterns
Push protection for repositories
Push a blocked branch
Troubleshoot secret scanning
Code scanning
Introduction
About code scanning
About CodeQL code scanning
Create workflow code scanning
Configure code scanning
Customize code scanning
CodeQL for compiled languages
CodeQL code scanning at scale
Hardware resources for CodeQL
Code scanning in a container
Manage alerts
About code scanning alerts
Manage alerts
Triage alerts in pull requests
Manage code scanning
View code scanning logs
Integrate with code scanning
About integration
Upload a SARIF file
SARIF support
Use CodeQL in CI system
Code scanning in your CI
Install CodeQL CLI
Configure CodeQL CLI
Troubleshooting code scanning
Alerts in generated code
Automatic build failed
Analysis takes too long
Fewer lines scanned than expected
Extraction errors in the database
Logs not detailed enough
No source code seen during build
Not recognized
Out of disk or memory
Some languages not analyzed
Unnecessary step found
CodeQL CLI
Getting started
About the CodeQL CLI
Setting up the CodeQL CLI
Preparing code for analysis
Analyzing code
Uploading results to GitHub
Advanced functionality
Using custom queries with the CodeQL CLI
Creating CodeQL query suites
Testing query help files
Specifying command options in a CodeQL configuration file
Query reference files
CodeQL CLI SARIF output
Extractor options
Exit codes
CodeQL CLI manual
bqrs decode
bqrs diff
bqrs hash
bqrs info
bqrs interpret
database add-diagnostic
database analyze
database bundle
database cleanup
database create
database export-diagnostics
database finalize
database import
database index-files
database init
database interpret-results
database print-baseline
database run-queries
database trace-command
database unbundle
database upgrade
dataset check
dataset cleanup
dataset import
dataset measure
dataset upgrade
diagnostic add
diagnostic export
execute cli-server
execute language-server
execute queries
execute query-server
execute query-server2
execute upgrades
generate extensible-predicate-metadata
generate log-summary
generate query-help
github upload-results
pack add
pack bundle
pack ci
pack create
pack download
pack init
pack install
pack ls
pack packlist
pack publish
pack resolve-dependencies
pack upgrade
query compile
query decompile
query format
query run
resolve database
resolve extensions
resolve extensions-by-pack
resolve extractor
resolve files
resolve languages
resolve library-path
resolve metadata
resolve ml-models
resolve qlpacks
resolve qlref
resolve queries
resolve ram
resolve tests
resolve upgrades
test accept
test extract
test run
version
Security advisories
Global security advisories
About the GitHub Advisory database
About global security advisories
Browse Advisory Database
Edit Advisory Database
Supply chain security
Understand your supply chain
Supply chain security
Dependency graph
Configure dependency graph
Dependency review
Configure dependency review
Explore dependencies
Troubleshoot dependency graph
End-to-end supply chain
Overview
Securing accounts
Securing code
Securing builds
Dependabot
Dependabot alerts
Dependabot alerts
Configure Dependabot alerts
View Dependabot alerts
Configure notifications
Security overview
About security overview
Assess security risk to code
Filter security overview
Code security
/
Getting started
Getting started with code security
Introduction to code security with GitHub AE.
GitHub security features
Securing your repository
Securing your organization
Adding a security policy to your repository
Auditing security alerts