Security and code quality documentation
Build security and code quality into your GitHub workflow to secure your software supply chain, prevent data leaks, and automatically find and fix vulnerabilities and code health issues in your codebase.
Start here
GitHub security features
An overview of GitHub's security features.
Quickstart for securing your repository
Manage access to your code. Find and fix vulnerable code and dependencies automatically.
Dependabot quickstart guide
Find and fix vulnerable dependencies you rely on with Dependabot.
Configuring default setup for code scanning
Quickly set up code scanning to find and fix vulnerable code automatically.
Popular
About secret security with GitHub
Learn how GitHub's security tools can help you identify, remediate, and prevent secret leaks.
About coordinated disclosure of security vulnerabilities
Vulnerability disclosure is a coordinated effort between security reporters and repository maintainers.
Best practices for preventing data leaks in your organization
Learn guidance and recommendations to help you avoid private or sensitive data present in your organization from being exposed.
Best practices for fixing security alerts at scale
Guidance on how to create successful security campaigns that engage developers and help them grow their understanding of secure coding.
Planning a trial of GitHub Advanced Security
Learn how to prepare for a successful trial of Advanced Security.
Enabling secret scanning features
Learn how to enable secret scanning to detect secrets that are already visible in a repository, as well as push protection to proactively secure you against leaking additional secrets by blocking pushes containing secrets.
Configuring default setup for code scanning
Quickly set up code scanning to find and fix vulnerable code automatically.
Configuring Dependabot security updates
You can use Dependabot security updates or manual pull requests to easily update vulnerable dependencies.