1,879 captures
25 Mar 2021 - 26 Jan 2026
Dec JAN Feb
28
2021 2022 2023
success
fail

About this capture

COLLECTED BY

Organization: Mark Graham

Archive-It Partner 1028: Mark Graham

Collection: News: Japan

Archive-It Partner 1028: Mark Graham - Collection 12737: News: Japan
TIMESTAMPS

The Wayback Machine - http://web.archive.org/web/20220128164344/https://docs.github.com/en/code-security
  
Skip to main content
GitHub Docs
All products
 Code security
Getting started
GitHub security features
 Secure your repository
 Secure your organization
 Add a security policy
Secret scanning
About secret scanning
 Secret scanning partners
Code scanning

Scan code automatically
About code scanning
 Triage alerts in pull requests
 Set up code scanning
 Manage alerts
 Track alerts in issues
 Configure code scanning
 Code scanning with CodeQL
 Hardware resources for CodeQL
 Configure compiled languages
 Troubleshoot CodeQL workflow
 Code scanning in a container
 View code scanning logs
Integrate with code scanning
About integration
 Upload a SARIF file
 SARIF support
Use CodeQL in CI system
Code scanning in your CI
 Install CodeQL CLI
 Configure CodeQL CLI
 Run CodeQL runner
 Configure CodeQL runner
 Troubleshoot CodeQL runner
 Migrating from the CodeQL runner
Security advisories
Coordinated disclosure
 Security advisories
 Permission levels
 Create advisories
 Add collaborator to advisory
 Remove collaborators
 Temporary private forks
 Publish advisories
 Edit advisories
 Withdraw advisories
Supply chain security

Understand your supply chain
Dependency graph
 Explore dependencies
 Dependency review
Auto-update dependencies
Dependabot version updates
 Dependabot.com upgrades
 Enable and disable updates
 List configured dependencies
 Manage Dependabot PRs
 Use Dependabot with actions
 Manage encrypted secrets
 Customize updates
 Configuration options
 Auto-update actions
Fix vulnerable dependencies
Vulnerable dependencies
 Browse Advisory Database
 Dependabot alerts
 Configuring notifications
 Dependabot security updates
 Configure security updates
 View vulnerable dependencies
 Troubleshoot detection
 Troubleshoot errors
Security overview
About security overview
 View the security overview
 Filtering alerts
 Guides for code security

Code security
Free, Pro, & Team
Free, Pro, & Team
 Enterprise Cloud
 Enterprise Server 3.3
 Enterprise Server 3.2
 Enterprise Server 3.1
 Enterprise Server 3.0
 GitHub AE
English
English
  (Simplified Chinese)
  (Japanese)
 Español (Spanish)
 Português do Brasil (Portuguese)
 
 GitHub Docs
Code security
Code security
Get started
 Account and profile
 Authentication
 Repositories
 GitHub
 Enterprise administrators
 Billing and payments
 Organizations
 Code security
 Pull requests
 GitHub Issues
 GitHub Actions
 GitHub Codespaces
 GitHub Packages
 Search on GitHub
 Developers
 REST API
 GraphQL API
 GitHub CLI
 GitHub Discussions
 GitHub Sponsors
 Building communities
 GitHub Pages
 Education
 GitHub Desktop
 GitHub Support
 Atom
 Electron
 CodeQL
 npm

Free, Pro, & Team
Free, Pro, & Team
 Enterprise Cloud
 Enterprise Server 3.3
 Enterprise Server 3.2
 Enterprise Server 3.1
 Enterprise Server 3.0
 GitHub AE

English
English
  (Simplified Chinese)
  (Japanese)
 Español (Spanish)
 Português do Brasil (Portuguese)
 


Code security 

Build security into your GitHub workflow with features to keep secrets and vulnerabilities out of your codebase, and to maintain your software supply chain.
 Overview

Guides

View all 

Securing your repository

You can use a number of GitHub features to help keep your repository secure.

Securing your organization

You can use a number of GitHub features to help keep your organization secure.

Creating a security advisory

You can create a draft security advisory to privately discuss and fix a security vulnerability in your open source project.

Popular

About alerts for vulnerable dependencies
 About coordinated disclosure of security vulnerabilities
 Keeping your actions up to date with Dependabot
 Configuration options for dependency updates
 Managing encrypted secrets for Dependabot
 Troubleshooting the detection of vulnerable dependencies

What's new

View all 
 GitHub Actions: Reusable workflows can be referenced locallynuary 25
 Secret scanning enterprise-level REST API
 View code scanning alerts across an organization

Code examples


CodeQL code scanning at Microsoft

Example code scanning workflow for the CodeQL action from the Microsoft Open Source repository.
 CodeQLCode scanningGitHub Actions
/microsoft/opensource.microsoft.com/blob/main/.github/workflows/codeql-analysis.yml

Adversarial Robustness Toolbox (ART) CodeQL code scanning

Example code scanning workflow for the CodeQL action from the Trusted AI repository.
 CodeQLCode scanningGitHub Actions
/Trusted-AI/adversarial-robustness-toolbox/blob/main/.github/workflows/codeql-analysis.yml

Microsoft security policy

Example security policy
 Security policy
/microsoft/microsoft.github.io/blob/master/SECURITY.MD

Electron security policy

Example security policy
 Security policy
/electron/electron/blob/master/SECURITY.md

Security advisory for Rails

Security advisory published by Rails for CVE-2020-15169.
 Security advisory
/rails/rails/security/advisories/GHSA-cfjv-5498-mph5

Enable Dependabot alerts and security updates automatically

Sample scripts for enabling Dependabot alerts and security updates across an entire organization.
 DependabotAlertsSecurity updatesOrganizationScripts
/github/enable-security-alerts-sample

Guides

Configuring Dependabot security updates

You can use Dependabot security updates or manual pull requests to easily update vulnerable dependencies.
@GitHub

Enabling and disabling Dependabot version updates

You can configure your repository so that Dependabot automatically updates the packages you use.
@GitHub

Setting up code scanning for a repository

You can set up code scanning by adding a workflow to your repository.
@GitHub
 Explore guides 

All Code security docs

Getting started with code security

GitHub security features
 Securing your repository
 Securing your organization
 Adding a security policy to your repository

Keeping secrets secure with secret scanning

About secret scanning
 Secret scanning partners

Finding security vulnerabilities and errors in your code with code scanning

Automatically scanning your code for vulnerabilities and errors  12articles
 Integrating with code scanning  3articles
 Using CodeQL code scanning with your existing CI system  7articles

Managing security advisories for vulnerabilities in your project

About coordinated disclosure of security vulnerabilities
 About GitHub Security Advisories
 Permission levels for security advisories
 Creating a security advisory
 Adding a collaborator to a security advisory
 Removing a collaborator from a security advisory
 Collaborating in a temporary private fork to resolve a security vulnerability
 Publishing a security advisory
 Editing a security advisory
 Withdrawing a security advisory

Securing your software supply chain

Understanding your software supply chain  3articles
 Keeping your dependencies updated automatically  10articles
 Managing vulnerabilities in your project's dependencies  9articles

Viewing security alerts for repositories in your organization

About the security overview
 Viewing the security overview
 Filtering alerts in the security overview

Did this doc help you?

Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.
 Make a contribution
Or, learn how to contribute.

Still need help?

Ask the GitHub community
 Contact support
© 2022 GitHub, Inc.
 Terms
 Privacy
 Security
 Status
 Help
 Contact GitHub
 Pricing
 Developer API
 Training
 Blog
 About