Code security documentation
Build security into your GitHub workflow with features to keep secrets and vulnerabilities out of your codebase, and to maintain your software supply chain.
Start here
Popular
Configuring Dependabot security updates
You can use Dependabot security updates or manual pull requests to easily update vulnerable dependencies.
Configuring Dependabot version updates
You can configure your repository so that Dependabot automatically updates the packages you use.
Configuring default setup for code scanning
You can quickly secure code in your repository with default setup for code scanning.
Securing your end-to-end supply chain
Introducing best practice guides on complete end-to-end supply chain security including personal accounts, code, and build processes.