This version of GitHub Enterprise Server will be discontinued on 2026-04-09. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

Security and code quality documentation

Build security and code quality into your GitHub workflow to secure your software supply chain, prevent data leaks, and automatically find and fix vulnerabilities and code health issues in your codebase.

Overview Find out how to run a free secret risk assessment

Recommended

Quickstart for securing your repository

Manage access to your code. Find and fix vulnerable code and dependencies automatically.

GitHub security features

An overview of GitHub's security features.

About secret scanning

Prevent fraudulent use of your secrets by automatically detecting exposed credentials before they can be exploited.

Articles

Troubleshoot security tools

"Out of disk" and "Out of memory" errors

If you see one of these errors with GitHub Actions, try reviewing the specifications of your self-hosted runners.
Find CodeQL CLI commands

About built-in CodeQL queries

Learn about the CodeQL queries that code scanning uses to analyze code.
Protect your secrets

About bypass requests for push protection

Learn how bypass requests work when push protection blocks commits containing secrets.
Find and fix code vulnerabilities

About code scanning

You can use code scanning to find security vulnerabilities and errors in the code for your project on GitHub.
Find and fix code vulnerabilities

About code scanning alerts

Learn about the different types of code scanning alerts and the information that helps you understand the problem each alert highlights.
Find and fix code vulnerabilities

About code scanning with CodeQL

You can use CodeQL to identify vulnerabilities and errors in your code. The results are shown as code scanning alerts in GitHub.
Find and fix code vulnerabilities

About CodeQL code scanning for compiled languages

Understand how CodeQL analyzes compiled languages, the build options available, and learn how you can customize the database generation process if you need to.
Customize vulnerability detection with CodeQL

About CodeQL for VS Code

You can write, run, and test CodeQL queries inside Visual Studio Code with the CodeQL extension.
Customize vulnerability detection with CodeQL

About CodeQL workspaces

CodeQL workspaces let you develop and maintain multiple related CodeQL packs together, resolving dependencies between them directly from source.
Showing 1-9 of 301