Advanced Security Material

A place for resources to help you understand and use GitHub Advanced Security (GHAS). Browse the directories in this repository for resources and documentation. To help you get started with GHAS, we've provided some introductory documentation in this file.

Get started with GitHub Advanced Security

The following list of links are great resources to get you started on learning how to use, deploy, and manage GitHub Advanced Security in your environment.

New to GitHub Advanced Security? Start with GitHub security features 👍

Code Scanning

• About GitHub Code Scanning
• Configuring Code Scanning
• Integrating other tools with GHAS

CodeQL

• Meet CodeQL
• CodeQL Documentation
• CWE Query Mapping Documentation
• Running additional queries
• CodeQL CLI Docs
• Running CodeQL in your CI System

Secret Scanning

• About Secret Scanning
• Supported secret patterns
• Defining custom secret patterns

Supply Chain Security (Dependabot)

• About
• Dependency Graph
• Dependabot Alerts
• Dependabot Security Updates
• GitHub Advisory Database
• Dependabot Quickstart Guide

Security Overview

• About Security Overview
• Managing alerts in your repository

Other Resources

• SARIF Tutorials
• GitHub Advanced Security Learning Path
• Adopting and scaling GitHub Advanced Security in your company
• The Complete Guide to Developer-first Security
• GitHub Checkout - Code Scanning (video)
• GitHub Checkout - Secret Scanning (video)
• GitHub Checkout - Viewing and Managing your Dependencies (video)
• GitHub Well-architected - Application security