Skip to main content
GitHub Docs
Search or ask Copilot
Select language: current language is English
Search or ask Copilot
Open menu
Open Sidebar
  • Security and code quality/
  • Reference/
  • Code scanning/
  • CodeQL/
  • CodeQL CLI manual/
  • database export-diagnostics
Home

Security and code quality

    • GitHub security features
    • Secure repository quickstart
      • Secret leakage risks
      • Secret scanning
      • Push protection
      • Secret protection tools
      • Secret scanning alerts
      • Custom patterns
      • Validity checks
      • Delegated bypass
      • Bypass requests
      • Secret scanning for partners
      • GitHub secret types
      • Push protection metrics
      • Command line protection
      • Push protection and the GitHub MCP server
      • Push protection from the REST API
      • Introduction
      • Code scanning alerts
      • Code security risk assessment
      • Copilot Autofix
      • Setup types
      • Integration with code scanning
      • SARIF files
      • Alert tracking with issues
      • Merge protection
      • Multi-repository variant analysis
        • CodeQL code scanning
        • CodeQL for compiled languages
        • CodeQL query suites
        • Custom queries
        • CodeQL CLI
        • CodeQL for VS Code
        • CodeQL workspaces
        • Query reference files
        • CodeQL query packs
      • Tool status page
      • Pull request alert metrics
      • Repository properties
    • GitHub Code Quality
      • Supply chain features
      • Dependency best practices
      • Dependency graph
      • Dependency graph data
      • Dependency review
      • Dependabot alerts
      • Dependabot malware alerts
      • Dependabot alert metrics
      • Dependabot security updates
      • Dependabot version updates
      • Dependabot pull requests
      • Multi-ecosystem updates
      • dependabot.yml file
      • Dependabot auto-triage rules
      • Dependabot on Actions
      • Dependabot job logs
      • Immutable releases
      • Linked artifacts
      • GitHub Advisory database
      • Repository security advisories
      • Global security advisories
      • Coordinated disclosure
      • Vulnerability exposure
      • Select pilot repositories
      • Organization security
      • Security overview
      • Security campaigns
      • Audit security alerts
      • Delegated alert dismissal
          • Allow Code Quality
          • Configure VNET
          • Create custom configuration
          • Apply custom configuration
          • Configure global settings
          • Edit custom configuration
          • Filter repositories
          • Detach security configuration
          • Delete custom configuration
          • Assess your secret risk
          • Assess your vulnerability risk
          • View risk report
          • Secret protection pricing
          • Protect your secrets
          • Code scanning at scale
          • CodeQL advanced setup at scale
          • Enforce dependency review
          • Give access to private registries
          • Manage paid GHAS use
        • Enable secret scanning
        • Enable for non-provider patterns
        • Enable generic secret detection
        • Define custom patterns
        • Generate regular expressions
        • Manage custom patterns
        • Exclude folders and files
        • Enable validity checks
        • Enable metadata checks
        • Enable push protection
        • Manage user push protection
        • Push protection on the command line