Secure coding documentation
Build security into your GitHub workflow to secure your software supply chain, automatically find and fix vulnerabilities in your codebase, and prevent data leaks.
Start here
- Quickstart for securing your repository- Manage access to your code. Find and fix vulnerable code and dependencies automatically. 
- Working with secret scanning and push protection- Avoid leaking sensitive data by blocking pushes containing tokens and other secrets. 
- Dependabot quickstart guide- Find and fix vulnerable dependencies you rely on with Dependabot. 
- Configuring default setup for code scanning- Quickly set up code scanning to find vulnerable code automatically. 
Popular
- About the secret risk assessment- Learn why it's so important to understand your organization's exposure to data leaks and how the secret risk assessment report gives an overview of your organization’s secret leak footprint. 
- Release notes- Detailed information for all releases of the currently selected version of GitHub Enterprise Server. 
- Best practices for preventing data leaks in your organization- Learn guidance and recommendations to help you avoid private or sensitive data present in your organization from being exposed. 
- Best practices for maintaining dependencies- Guidance and recommendations for maintaining the dependencies you use, including GitHub's security products that can help. 
- Planning a trial of GitHub Advanced Security- Learn how to prepare for a successful trial of Advanced Security. 
- Enabling secret scanning features- Learn how to enable secret scanning to detect secrets that are already visible in a repository, as well as push protection to proactively secure you against leaking additional secrets by blocking pushes containing secrets. 
- Configuring default setup for code scanning- Quickly set up code scanning to find vulnerable code automatically. 
- Configuring Dependabot security updates- You can use Dependabot security updates or manual pull requests to easily update vulnerable dependencies. 
Securing your organization
- Introduction to securing your organization at scale • 1 articles
- Enabling security features in your organization • 4 articles
- Managing the security of your organization • 7 articles
- Understanding your organization's exposure to leaked secrets • 6 articles
- Troubleshooting security configurations • 4 articles
Keeping secrets secure with secret scanning
- Introduction to secret scanning • 3 articles
- Enabling secret scanning features • 2 articles
- Managing alerts from secret scanning • 5 articles
- Working with secret scanning and push protection • 4 articles
- Using advanced secret scanning and push protection features • 5 articles
- Troubleshooting secret scanning and push protection • 1 articles
Finding security vulnerabilities and errors in your code with code scanning
- Introduction to code scanning • 2 articles
- Enabling code scanning • 3 articles
- Creating an advanced setup for code scanning • 6 articles
- Managing code scanning alerts • 4 articles
- Managing your code scanning configuration • 17 articles
- Integrating with code scanning • 4 articles
- Troubleshooting code scanning • 19 articles
- Troubleshooting SARIF uploads • 6 articles
Keeping your supply chain secure with Dependabot
- Ecosystems supported by Dependabot • 2 articles
- Identifying vulnerabilities in your project's dependencies with Dependabot alerts • 4 articles
- Prioritizing Dependabot alerts with Dependabot auto-triage rules • 4 articles
- Automatically updating dependencies with known vulnerabilities with Dependabot security updates • 3 articles
- Keeping your dependencies updated automatically with Dependabot version updates • 5 articles
- Working with Dependabot • 8 articles
- Maintaining dependencies at scale • 2 articles
- Troubleshooting Dependabot • 6 articles