Skip to content
Features
Actions Packages Security Codespaces Copilot Code review Search Issues Discussions

Security at every step

Native application security testing

Request a demo Contact sales

Find and fix vulnerabilities 7x faster

With AI-powered application security testing tools embedded in your development workflow, GitHub Advanced Security outperforms non-native add-ons by delivering 7x faster remediation rates for identified vulnerabilities.

Secure your code

Detect security issues in your pull requests and prevent new vulnerabilities from entering main with automatic scans that leverage machine learning to continuously amp up accuracy.

Prioritize alerts and view exposure across the codebase to make sure you focus on what matters. Automatically resolve alerts with AI-powered auto-remediation.

Find vulnerabilities and suppress false positives with more than 2,000 queries from GitHub and the open-source community, or write your own queries for custom-curated results. Support for third-party scanning engines includes consolidated results in a single unified interface. Tackling a big project? Multi-repository variant analysis means you can run a single query on up to 1000 repositories at once.

Learn more about CodeQL

Software supply chains, secure by design

GitHub supply chain security is designed for developers, built for speed, and free for everyone. All powered by a database of over 12,000 expert-reviewed advisories.

Secure your supply chain

Read

Watch the video

Fresh, clean dependencies. Every year, developers resolve over 60M outdated and vulnerable dependencies with Dependabot.

Automatically monitor and fix vulnerable dependencies with expert curation and remediation advice from our community of over 100M developers.

Read

Learn more about Dependabot

Detect and prevent secret leaks

Keep secrets out of your code with secret scanning and push protection, built on the foundation of 100+ partners and 200+ token types. Create custom patterns and detect leaked passwords, powered by AI.

Read

Secret scanning is now free for all public repositories

Complete visibility into your enterprise

Security overview provides a cross-organizational view of security issues and trends so that you can focus on prioritizing remediation efforts and track progress over time.

Be part of the world’s largest security community.

Understand your dependence on the software supply chain, and how you can contribute back.

Collaborate with the security community on GitHub and with the Open Source Security Foundation (OpenSSF)

Photo of security community member Jonathan Leitschuh XML external entity (XXE) processing CVE-2019-10782 • Jonathan Leitschuh
Photo of security community member Jonathan Leitschuh Incorrect use of X509_check_host CVE-2020-9432 • lua-openssl • Agustin Gianni
Photo of security community member Jonathan Leitschuh Prototype pollution in mpath package CVE-2018-16490 • Cristian-Alexandru Staicu

Report security issues, share security knowledge and grow with the community. Contribute to open source code scanning queries written by GitHub and leading security researchers.

Read

GitHub Security Lab’s research blog

Python: Small fixes for typeTracker #4207 opened 2 hours ago by RasmusWL・Approved
JS: Fix inconsistencies in `js/unsafe-jquery-plugin` #4206 opened 3 hours ago by erik-krogh・Review required
C#:Add stable order for generated accessors in printed AST #4205 opened 3 hours ago by tamasvajk・Review required
C++: Support `!= constant` in range analysis #4204 opened 3 hours ago by jbj・Review required
See all code scanning query PRs

Best practices for more secure software

Developer-first application security

Take an in-depth look at the current state of application security.

Learn more

Proactive vs Reactive Security

Prevent security issues from happening in the first place.

Learn more

Static application security testing SAST

Discover what SAST is and how to get started with SAST.

Learn more