Skip to main content
GitHub Docs
Version:
Free, Pro, & Team
Search GitHub Docs
Search
Select language: current language is English
Open Search Bar
Close Search Bar
Open Menu
Open Sidebar
Secure coding
/
Dependabot
/
Dependabot version updates
/
Configure version updates
Home
Secure coding
Getting started
GitHub security features
Dependabot quickstart
Secure repository quickstart
Add a security policy
Audit security alerts
Prevent data leaks
GitHub secret types
Trial GitHub Advanced Security
Plan GHAS trial
Enable security features in trial
Trial Secret Protection
Trial Code Security
Secure your organization
Introduction
About organization security
Choose security configuration
Enable security features
Apply recommended configuration
Create custom configuration
Apply custom configuration
Configure global settings
Give access to private registries
Manage organization security
Interpret security data
Filter repositories
Edit custom configuration
Manage paid GHAS use
Detach security configuration
Find attachment failures
Delete custom configuration
Exposure to leaked secrets
Secret risk assessment
View secret risk assessment
Interpret results
Secret protection
Fix alerts at scale
About security campaigns
Best practices
Create security campaigns
Track security campaigns
Troubleshooting configurations
Active advanced setup
Not enough GHAS licenses
Secret scanning
Introduction
Secret scanning
Push protection
Secret scanning for partners
Supported patterns
Enable features
Enable secret scanning
Enable push protection
Enable validity checks
Manage alerts
About alerts
View alerts
Evaluate alerts
Resolve alerts
Monitor alerts
Work with secret scanning
Push protection for users
Push protection on the command line
Push protection from the REST API
Push protection in the GitHub UI
Advanced features
Exclude folders and files
Non-provider patterns
Enable for non-provider patterns
Custom patterns
Define custom patterns
Manage custom patterns
Custom pattern metrics
Delegated bypass
About delegated bypass
Enable delegated bypass
Manage bypass requests
Delegated alert dismissal
Copilot secret scanning
Generic secret detection
Enable generic secret detection
Generate regular expressions with AI
Regular expression generator
Troubleshoot
Troubleshoot secret scanning
Partner program
Partner program
Code scanning
Introduction
About code scanning
About CodeQL code scanning
Enable code scanning
Configure code scanning
Evaluate code scanning
Code scanning at scale
Create advanced setup
Configure advanced setup
Customize advanced setup
CodeQL for compiled languages
CodeQL advanced setup at scale
Hardware resources for CodeQL
Code scanning in a container
Manage alerts
About code scanning alerts
Copilot Autofix for code scanning
Disable Copilot Autofix
Assess alerts
Resolve alerts
Best practices for campaigns
Fix alerts in campaign
Triage alerts in pull requests
Track alerts in issues
Manage code scanning
Code scanning tool status
Edit default setup
Set merge protection
Enable delegated alert dismissal
CodeQL query suites
Configure larger runners
View code scanning logs
C and C++ CodeQL queries
C# CodeQL queries
Go CodeQL queries
Java and Kotlin CodeQL queries
JavaScript and TypeScript queries
Python CodeQL queries
Ruby CodeQL queries
Swift CodeQL queries
Integrate with code scanning
About integration
Using code scanning with your existing CI system
Upload a SARIF file
SARIF support
Troubleshooting code scanning
Code Security must be enabled
Alerts in generated code
Analysis takes too long
Automatic build failed
C# compiler failing
Cannot enable CodeQL in a private repository
Enabling default setup takes too long
Extraction errors in the database
Fewer lines scanned than expected
Logs not detailed enough
No source code seen during build
Not recognized
Out of disk or memory
Resource not accessible
Results different than expected
Server error
Some languages not analyzed
Two CodeQL workflows
Unclear what triggered a workflow
Unnecessary step found
Kotlin detected in no build
Troubleshooting SARIF uploads
GitHub Code Security disabled
Default setup is enabled
GitHub token missing
SARIF file invalid
Results file too large
Results exceed limits
CodeQL CLI
Getting started
About the CodeQL CLI
Setting up the CodeQL CLI
Preparing code for analysis
Analyzing code
Uploading results to GitHub
Customizing analysis
Advanced functionality
Advanced setup of the CodeQL CLI
About CodeQL workspaces
Using custom queries with the CodeQL CLI
Creating CodeQL query suites
Testing custom queries
Testing query help files
Creating and working with CodeQL packs
Publishing and using CodeQL packs
Specifying command options in a CodeQL configuration file
Query reference files
CodeQL CLI SARIF output
CodeQL CLI CSV output
Extractor options
Exit codes
Creating CodeQL CLI database bundles
CodeQL CLI manual
bqrs decode
bqrs diff
bqrs hash
bqrs info
bqrs interpret
database add-diagnostic
database analyze
database bundle
database cleanup
database create
database export-diagnostics
database finalize
database import