This version of GitHub Enterprise was discontinued on 2022-10-12. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.
Code security
Build security into your GitHub workflow with features to keep secrets and vulnerabilities out of your codebase, and to maintain your software supply chain.
Guides
View allCode examples
CodeQL code scanning at Microsoft
Example code scanning workflow for the CodeQL action from the Microsoft Open Source repository.
CodeQLCode scanningGitHub ActionsAdversarial Robustness Toolbox (ART) CodeQL code scanning
Example code scanning workflow for the CodeQL action from the Trusted AI repository.
CodeQLCode scanningGitHub ActionsMicrosoft security policy template
Example security policy
Security policyElectron security policy
Example security policy
Security policySecurity advisory for Rails
Security advisory published by Rails for CVE-2020-15169.
Security advisory
Guides
Exploring the dependencies of a repository
You can use the dependency graph to see the packages your project depends on. In addition, you can see any vulnerabilities detected in its dependencies.
Configuring notifications for Dependabot alerts
Optimize how you receive notifications about Dependabot alerts.
Configuring secret scanning for your repositories
You can configure how GitHub scans your repositories for secrets that match advanced security patterns.
Securing your end-to-end supply chain
Introducing best practice guides on complete end-to-end supply chain security including personal accounts, code, and build processes.