Skip to main content
GitHub Docs
Version:
Enterprise Cloud
Search GitHub Docs
Search
Select language: current language is English
Open Search Bar
Close Search Bar
Open Menu
Open Sidebar
Code security
/
Supply chain security
Home
Code security
Getting started
GitHub security features
Dependabot quickstart
Secure repository quickstart
Add a security policy
Audit security alerts
Prevent data leaks
Adopt GHAS at scale
Introduction
1. Align on strategy
2. Preparation
3. Pilot programs
4. Create internal documentation
5. Rollout code scanning
6. Rollout secret scanning
Secure your organization
Introduction
About organization security
Choose security configuration
Enable security features
Apply recommended configuration
Create custom configuration
Apply custom configuration
Configure global settings
Manage organization security
Interpret security data
Filter repositories
Edit custom configuration
Manage GHAS licenses
Detach security configuration
Find attachment failures
Delete custom configuration
Fix alerts at scale
About security campaigns
Best practices
Create security campaigns
Troubleshooting configurations
Active advanced setup
Not enough GHAS licenses
Secret scanning
Introduction
Secret scanning
Push protection
Secret scanning for partners
Supported patterns
Enable features
Enable secret scanning
Enable push protection
Enable validity checks
Manage alerts
About alerts
View alerts
Evaluate alerts
Resolve alerts
Monitor alerts
Work with secret scanning
Push protection for users
Push protection on the command line
Push protection from the REST API
Push protection in the GitHub UI
Advanced features
Exclude folders and files
Non-provider patterns
Enable for non-provider patterns
Custom patterns
Define custom patterns
Manage custom patterns
Custom pattern metrics
Delegated bypass
About delegated bypass
Enable delegated bypass
Manage bypass requests
Copilot secret scanning
Generic secret detection
Enable generic secret detection
Generate regular expressions with AI
Regular expression generator
Troubleshoot
Troubleshoot secret scanning
Partner program
Partner program
Code scanning
Introduction
About code scanning
About CodeQL code scanning
Enable code scanning
Configure code scanning
Evaluate code scanning
Code scanning at scale
Create advanced setup
Configure advanced setup
Customize advanced setup
CodeQL for compiled languages
CodeQL advanced setup at scale
Hardware resources for CodeQL
Code scanning in a container
Manage alerts
About code scanning alerts
Copilot Autofix for code scanning
Disable Copilot Autofix
Assess alerts
Resolve alerts
Fix alerts in campaign
Triage alerts in pull requests
Track alerts in issues
Manage code scanning
Code scanning tool status
Edit default setup
Set merge protection
CodeQL query suites
Configure larger runners
View code scanning logs
C and C++ CodeQL queries
C# CodeQL queries
Go CodeQL queries
Java and Kotlin CodeQL queries
JavaScript and TypeScript queries
Python CodeQL queries
Ruby CodeQL queries
Swift CodeQL queries
Integrate with code scanning
About integration
Using code scanning with your existing CI system
Upload a SARIF file
SARIF support
Troubleshooting code scanning
Advanced Security must be enabled
Alerts in generated code
Analysis takes too long
Automatic build failed
C# compiler failing
Cannot enable CodeQL in a private repository
Enabling default setup takes too long
Extraction errors in the database
Fewer lines scanned than expected
Logs not detailed enough
No source code seen during build
Not recognized
Out of disk or memory
Resource not accessible
Results different than expected
Server error
Some languages not analyzed
Two CodeQL workflows
Unclear what triggered a workflow
Unnecessary step found
Kotlin detected in no build
Troubleshooting SARIF uploads
GitHub Advanced Security disabled
Default setup is enabled
GitHub token missing
SARIF file invalid
Results file too large
Results exceed limits
CodeQL CLI
Getting started
About the CodeQL CLI
Setting up the CodeQL CLI
Preparing code for analysis
Analyzing code
Uploading results to GitHub
Customizing analysis
Advanced functionality
Advanced setup of the CodeQL CLI
About CodeQL workspaces
Using custom queries with the CodeQL CLI
Creating CodeQL query suites
Testing custom queries
Testing query help files
Creating and working with CodeQL packs
Publishing and using CodeQL packs
Specifying command options in a CodeQL configuration file
Query reference files
CodeQL CLI SARIF output
CodeQL CLI CSV output
Extractor options
Exit codes
CodeQL CLI manual
bqrs decode
bqrs diff
bqrs hash
bqrs info
bqrs interpret
database add-diagnostic
database analyze
database bundle
database cleanup
database create
database export-diagnostics
database finalize
database import
database index-files
database init
database interpret-results
database print-baseline
database run-queries
database trace-command
database unbundle
database upgrade
dataset check
dataset cleanup
dataset import
dataset measure
dataset upgrade
diagnostic add
diagnostic export
execute cli-server
execute language-server
execute queries
execute query-server
execute query-server2
execute upgrades
generate extensible-predicate-metadata
generate log-summary
generate query-help
github merge-results
github upload-results
pack add
pack bundle
pack ci
pack create
pack download
pack init
pack install
pack ls
pack packlist
pack publish
pack resolve-dependencies
pack upgrade
query compile
query decompile
query format
query run
resolve database
resolve extensions
resolve extensions-by-pack
resolve extractor
resolve files
resolve languages
resolve library-path
resolve metadata
resolve ml-models
resolve packs
resolve qlpacks
resolve qlref
resolve queries
resolve ram
resolve tests
resolve upgrades
test accept
test extract
test run
version
CodeQL for VS Code
Getting started
About the extension
Extension installation
Manage CodeQL databases
Run CodeQL queries
Explore data flow
Queries at scale
Advanced functionality
CodeQL model editor
Custom query creation
Manage CodeQL packs
Explore code structure
Test CodeQL queries
Customize settings
CodeQL workspace setup
CodeQL CLI access
Telemetry
Troubleshooting CodeQL for VS Code
Access logs
Problem with controller repository
Security advisories
Global security advisories
About the GitHub Advisory database
About global security advisories
Browse Advisory Database
Edit Advisory Database
Repository security advisories
About repository security advisories
Permission levels
Configure for a repository
Configure for an organization
Create repository advisories
Edit repository advisories
Evaluate repository security
Temporary private forks
Publish repository advisories
Add collaborators
Remove collaborators
Delete repository advisories
Guidance on reporting and writing
Coordinated disclosure
Best practices
Privately reporting
Manage vulnerability reports
Supply chain security
Understand your supply chain
Supply chain security
Dependency graph
Dependency graph ecosystem support
Configure dependency graph
Automatic dependency submission
Export dependencies as SBOM
Dependency submission API
Dependency review
Configure dependency review
Customize dependency review
Enforce dependency review
Explore dependencies
Troubleshoot dependency graph
End-to-end supply chain
Overview
Securing accounts
Securing code
Securing builds
Dependabot
Dependabot ecosystems
Dependabot ecosystem support
Optimize Java packages
Dependabot alerts
Dependabot alerts
Configure Dependabot alerts
View Dependabot alerts
Configure notifications
Dependabot auto-triage rules
About auto-triage rules
GitHub preset rules
Custom auto-triage rules
Manage auto-dismissed alerts
Dependabot security updates
Dependabot security updates
Configure security updates
Dependabot version updates
Dependabot version updates
Configure version updates
List configured dependencies
Customize updates
Configure dependabot.yml
Work with Dependabot
Manage Dependabot PRs
About Dependabot on Actions
Manage Dependabot on self-hosted runners
Use Dependabot with Actions
Auto-update actions
Configure access to private registries
Guidance for configuring private registries
Remove access to public registries
Viewing Dependabot logs
Troubleshoot vulnerability detection
Troubleshoot errors
Troubleshoot Dependabot on Actions
Security overview
About security overview
View security insights
Assess adoption of features
Assess security risk to code
Filter security overview
Export data
View secret scanning metrics
View PR alert metrics
Review bypass requests
Code security
/
Supply chain security
Securing your software supply chain
Visualize, maintain, and secure the dependencies in your software supply chain.
Understanding your software supply chain
About supply chain security
About the dependency graph
Dependency graph supported package ecosystems
Configuring the dependency graph
Configuring automatic dependency submission for your repository
Exporting a software bill of materials for your repository
Using the dependency submission API
About dependency review
Configuring dependency review
Customizing your dependency review action configuration
Enforcing dependency review across an organization
Exploring the dependencies of a repository
Troubleshooting the dependency graph
End-to-end supply chain
Securing your end-to-end supply chain
Best practices for securing accounts
Best practices for securing code in your supply chain
Best practices for securing your build system