24 captures
13 Apr 2021 - 11 Jan 2026
Dec JAN Feb
29
2021 2022 2023
success
fail

About this capture

COLLECTED BY

Collection: Common Crawl

Web crawl data from Common Crawl.
TIMESTAMPS

The Wayback Machine - http://web.archive.org/web/20220129015452/https://docs.github.com/en/github-ae@latest/code-security
  
Skip to main content
GitHub Docs
All products
 Code security
Getting started
GitHub security features
 Secure your repository
 Secure your organization
 Add a security policy
Secret scanning
About secret scanning
 Configure secret scans
 Define custom patterns
 Manage secret alerts
 Secret scanning partners
Code scanning

Scan code automatically
About code scanning
 Triage alerts in pull requests
 Set up code scanning
 Manage alerts
 Configure code scanning
 Code scanning with CodeQL
 Hardware resources for CodeQL
 Configure compiled languages
 Troubleshoot CodeQL workflow
 Code scanning in a container
 View code scanning logs
Integrate with code scanning
About integration
 Upload a SARIF file
 SARIF support
Use CodeQL in CI system
Code scanning in your CI
 Install CodeQL CLI
 Configure CodeQL CLI
 Run CodeQL runner
 Configure CodeQL runner
 Troubleshoot CodeQL runner
 Migrating from the CodeQL runner
 Guides for code security
 GitHub AE is currently under limited release. Please contact our Sales Team to find out more.

Code security
GitHub AE
Free, Pro, & Team
 Enterprise Cloud
 Enterprise Server 3.3
 Enterprise Server 3.2
 Enterprise Server 3.1
 Enterprise Server 3.0
 GitHub AE
English
English
  (Simplified Chinese)
  (Japanese)
 Español (Spanish)
 Português do Brasil (Portuguese)
 
 GitHub Docs
Code security
Code security
Get started
 Account and profile
 Authentication
 Repositories
 GitHub
 Enterprise administrators
 Billing and payments
 Organizations
 Code security
 Pull requests
 GitHub Issues
 GitHub Actions
 GitHub Codespaces
 GitHub Packages
 Search on GitHub
 Developers
 REST API
 GraphQL API
 GitHub CLI
 GitHub Discussions
 GitHub Sponsors
 Building communities
 GitHub Pages
 Education
 GitHub Desktop
 GitHub Support
 Atom
 Electron
 CodeQL
 npm

GitHub AE
Free, Pro, & Team
 Enterprise Cloud
 Enterprise Server 3.3
 Enterprise Server 3.2
 Enterprise Server 3.1
 Enterprise Server 3.0
 GitHub AE

English
English
  (Simplified Chinese)
  (Japanese)
 Español (Spanish)
 Português do Brasil (Portuguese)
 


Code security 

Build security into your GitHub workflow with features to keep secrets and vulnerabilities out of your codebase.
 Overview

Guides

View all 

Securing your repository

You can use a number of GitHub features to help keep your repository secure.

Securing your organization

You can use a number of GitHub features to help keep your organization secure.

Setting up code scanning for a repository

You can set up code scanning by adding a workflow to your repository.

Popular

About secret scanning
 Configuring the CodeQL workflow for compiled languages
 Troubleshooting the CodeQL workflow
 Running CodeQL code scanning in a container

Code examples


CodeQL code scanning at Microsoft

Example code scanning workflow for the CodeQL action from the Microsoft Open Source repository.
 CodeQLCode scanningGitHub Actions
/microsoft/opensource.microsoft.com/blob/main/.github/workflows/codeql-analysis.yml

Adversarial Robustness Toolbox (ART) CodeQL code scanning

Example code scanning workflow for the CodeQL action from the Trusted AI repository.
 CodeQLCode scanningGitHub Actions
/Trusted-AI/adversarial-robustness-toolbox/blob/main/.github/workflows/codeql-analysis.yml

Microsoft security policy

Example security policy
 Security policy
/microsoft/microsoft.github.io/blob/master/SECURITY.MD

Electron security policy

Example security policy
 Security policy
/electron/electron/blob/master/SECURITY.md

Security advisory for Rails

Security advisory published by Rails for CVE-2020-15169.
 Security advisory
/rails/rails/security/advisories/GHSA-cfjv-5498-mph5

Guides

Configuring secret scanning for your repositories

You can configure how GitHub scans your repositories for secrets.
@GitHub

Uploading a SARIF file to GitHub

You can upload SARIF files generated outside GitHub and see code scanning alerts from third-party tools in your repository.
@GitHub

Using CodeQL code scanning with your existing CI system

You can run CodeQL analysis in your existing CI system and upload the results to GitHub AE for display as code scanning alerts.
@GitHub
 Explore guides 

All Code security docs

Getting started with code security

GitHub security features
 Securing your repository
 Securing your organization
 Adding a security policy to your repository

Keeping secrets secure with secret scanning

About secret scanning
 Configuring secret scanning for your repositories
 Defining custom patterns for secret scanning
 Managing alerts from secret scanning
 Secret scanning partners

Finding security vulnerabilities and errors in your code with code scanning

Automatically scanning your code for vulnerabilities and errors  11articles
 Integrating with code scanning  3articles
 Using CodeQL code scanning with your existing CI system  7articles

Did this doc help you?

Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.
 Make a contribution
Or, learn how to contribute.

Still need help?

Ask the GitHub community
 Contact support
© 2022 GitHub, Inc.
 Terms
 Privacy
 Security
 Status
 Help
 Contact GitHub
 Pricing
 Developer API
 Training
 Blog
 About