Security and code quality documentation

Build security and code quality into your GitHub workflow to secure your software supply chain, prevent data leaks, and automatically find and fix vulnerabilities and code health issues in your codebase.

Overview

Start here

Quickstart for securing your repository
Manage access to your code. Find and fix vulnerable code and dependencies automatically.
Working with secret scanning and push protection
Avoid leaking sensitive data by blocking pushes containing tokens and other secrets.
Dependabot quickstart guide
Find and fix vulnerable dependencies you rely on with Dependabot.
Configuring default setup for code scanning
Quickly set up code scanning to find vulnerable code automatically.

Guides

All Security and code quality docs

Getting started with secure coding

Adopting GitHub Advanced Security at scale

Securing your organization

Keeping secrets secure with secret scanning

Finding security vulnerabilities and errors in your code with code scanning

Use the CodeQL CLI to secure your code

Use CodeQL inside Visual Studio Code

Working with security advisories

Working with global security advisories from the GitHub Advisory Database • 4 articles

Security and code quality documentation

Start here

Quickstart for securing your repository

Working with secret scanning and push protection

Dependabot quickstart guide

Configuring default setup for code scanning

Popular

Release notes

Best practices for preventing data leaks in your organization

Best practices for maintaining dependencies

Guides

Enabling secret scanning features

Configuring default setup for code scanning

Configuring Dependabot security updates

Configuring Dependabot version updates