Security and code quality documentation
Build security and code quality into your GitHub workflow with integrated tooling.
Recommended
Quickstart for securing your repository
Manage access to your code. Find and fix vulnerable code and dependencies automatically.
GitHub security features
An overview of GitHub's security features.
Planning a trial of GitHub Advanced Security
Learn how to prepare for a successful trial of Advanced Security.
Articles
Troubleshoot security tools
"Out of disk" and "Out of memory" errors
If you see one of these errors with GitHub Actions, try reviewing the specifications of your self-hosted runners.
Troubleshoot security tools
A feature has disappeared from a security configuration
Changes to your GitHub Enterprise Server instance's installation settings by a site administrator may affect which security features are available to your configuration.
Troubleshoot security tools
A repository is using advanced setup for code scanning
You see an error when you try to attach a security configuration with default code scanning enabled to repositories that use advanced setup for code scanning.
Find CodeQL CLI commands
About built-in CodeQL queries
Learn about the CodeQL queries that code scanning uses to analyze code.
Find and fix code vulnerabilities
About SARIF files for code scanning
SARIF files convert third-party analyses into alerts on GitHub.
About secret scanning alerts
Learn about the different types of secret scanning alerts.
Find and fix code vulnerabilities
About setup types for code scanning
Depending on your needs, GitHub offers a default or advanced setup for code scanning.
Secure your dependencies
About the dependabot.yml file
The dependabot.yml controls automated dependency updates in your repository.
Find and fix code vulnerabilities
About the tool status page
The tool status page provides visibility into the health and performance of code scanning tools in your repository.
Showing 1-9 of 374