Security and code quality documentation
Build security and code quality into your GitHub workflow with integrated tooling.
Recommended
Quickstart for securing your repository
Manage access to your code. Find and fix vulnerable code and dependencies automatically.
GitHub security features
An overview of GitHub's security features.
Planning a trial of GitHub Advanced Security
Learn how to prepare for a successful trial of Advanced Security.
Articles
Troubleshoot security tools
"Out of disk" and "Out of memory" errors
If you see one of these errors with GitHub Actions, you can try alternative runners.
Troubleshoot security tools
A repository is using advanced setup for code scanning
You see an error when you try to attach a security configuration with default code scanning enabled to repositories that use advanced setup for code scanning.
Find CodeQL CLI commands
About built-in CodeQL queries
Learn about the CodeQL queries that code scanning uses to analyze code.
Find and fix code vulnerabilities
About Copilot Autofix for code scanning
Copilot Autofix provides targeted recommendations to help you fix code scanning alerts and avoid introducing new security vulnerabilities.
Improve code quality
About GitHub Code Quality
GitHub Code Quality flags code quality issues in pull requests and repository scans, applies Copilot-powered autofixes, and enforces standards with rulesets.
Secure your dependencies
About linked artifacts
The linked artifacts page helps you audit and prioritize your organization's builds on GitHub, regardless of where the artifacts are stored.
Find and fix code vulnerabilities
About SARIF files for code scanning
SARIF files convert third-party analyses into alerts on GitHub.
About secret scanning alerts
Learn about the different types of secret scanning alerts.
Secure at scale
About security campaigns
You can fix security alerts at scale by creating security campaigns and collaborating with developers to burn down your security backlog.
Showing 1-9 of 448