Code security
Build security into your GitHub workflow with features to keep secrets and vulnerabilities out of your codebase, and to maintain your software supply chain.
Guides
View allPopular
Code examples
CodeQL code scanning at Microsoft
Example code scanning workflow for the CodeQL action from the Microsoft Open Source repository.
CodeQLCode scanningGitHub ActionsAdversarial Robustness Toolbox (ART) CodeQL code scanning
Example code scanning workflow for the CodeQL action from the Trusted AI repository.
CodeQLCode scanningGitHub ActionsMicrosoft security policy
Example security policy
Security policyElectron security policy
Example security policy
Security policySecurity advisory for Rails
Security advisory published by Rails for CVE-2020-15169.
Security advisoryEnable Dependabot alerts and security updates automatically
Sample scripts for enabling Dependabot alerts and security updates across an entire organization.
DependabotAlertsSecurity updatesOrganizationScripts
Guides
Configuring Dependabot security updates
You can use Dependabot security updates or manual pull requests to easily update vulnerable dependencies.
Enabling and disabling Dependabot version updates
You can configure your repository so that Dependabot automatically updates the packages you use.
Setting up code scanning for a repository
You can set up code scanning by adding a workflow to your repository.