按产品浏览
Code security
Code security guides
Learn about the different ways that GitHub can help you improve your code's security.
Fix and disclose a security vulnerability
Using security advisories to privately fix a reported vulnerability and get a CVE.开始路径- 1概览
关于安全漏洞的协调披露
漏洞披露是安全报告者与仓库维护者之间的协调工作。 - 2操作方法指南
创建安全通告
您可以创建安全通告草稿,以私下讨论和修复开源项目中的安全漏洞。 - 3操作方法指南
添加协作者到安全通告
您可以添加其他用户或团队与您协作处理安全通告。 - 4操作方法指南
在临时私有复刻中协作以解决安全漏洞
您可以创建临时私有复刻,以私下协作修复仓库中的安全漏洞。 - 5操作方法指南
发布安全通告
您可以发布安全通告,向社区提醒项目中的安全漏洞。 - 6操作方法指南
编辑安全通告
如果需要更新详细信息或更正错误,可以编辑安全通告的元数据和说明。 - 7操作方法指南
撤销安全通告
您可以撤销已发布的安全通告。 - 8操作方法指南
从安全通告删除协作者
协作者从安全通告中删除后,将失去对安全通告的讨论和元数据的读取和写入权限。
Code security learning paths
Get notifications for vulnerable dependencies
Set up Dependabot to alert you to new vulnerabilities in your dependencies.
Get pull requests to update your vulnerable dependencies
Set up Dependabot to create pull requests when new vulnerabilities are reported.
Keep your dependencies up-to-date
Use Dependabot to check for new releases and create pull requests to update your dependencies.
Explore and manage security alerts
Learn where to find and resolve security alerts.
Scan for secrets
Set up secret scanning to guard against accidental check-ins of tokens, passwords, and other secrets to your repository.
Run code scanning with GitHub Actions
Check your default branch and every pull request to keep vulnerabilities and errors out of your repository.
Run CodeQL code scanning in your CI
Set up CodeQL within your existing CI and upload results to GitHub code scanning.
Integrate with code scanning
Upload code analysis results from third-party systems to GitHub using SARIF.