我们经常发布文档更新，此页面的翻译可能仍在进行中。有关最新信息，请访问英文文档。如果此页面上的翻译有问题，请告诉我们。

Free, Pro, & Team

简体中文

Code security guides

了解 GitHub 可以帮助您提高代码安全性的不同方式。

修复并披露安全漏洞
Using repository security advisories to privately fix a reported vulnerability and get a CVE.
Start learning path
1
概览
关于安全漏洞的协调披露
漏洞披露是安全报告者与仓库维护者之间的协调工作。
2
操作方法指南
Creating a repository security advisory
您可以创建安全通告草稿，以私下讨论和修复开源项目中的安全漏洞。
3
操作方法指南
Adding a collaborator to a repository security advisory
您可以添加其他用户或团队与您协作处理安全通告。
4
操作方法指南
Collaborating in a temporary private fork to resolve a repository security vulnerability
您可以创建临时私有复刻，以私下协作修复仓库中的安全漏洞。
5
操作方法指南
Publishing a repository security advisory
您可以发布安全通告，向社区提醒项目中的安全漏洞。
6
操作方法指南
Editing a repository security advisory
You can edit the metadata and description for a repository security advisory if you need to update details or correct errors.
7
操作方法指南
Withdrawing a repository security advisory
You can withdraw a repository security advisory that you've published.
8
操作方法指南
Removing a collaborator from a repository security advisory
When you remove a collaborator from a repository security advisory, they lose read and write access to the security advisory's discussion and metadata.

Code security learning paths

获取漏洞依赖项的通知

设置 Dependabot 提醒您的依赖项中有新漏洞。

Start learning path

About Dependabot alerts

Managing security and analysis settings for your repository

操作方法指南

Viewing and updating Dependabot alerts

操作方法指南

Configuring notifications for Dependabot alerts

操作方法指南

获取拉取请求以更新您的漏洞依赖项

设置 Dependabot 以在报告新漏洞时创建拉取请求。

Start learning path

About Dependabot security updates

Configuring Dependabot security updates

操作方法指南

Configuring notifications for Dependabot alerts

操作方法指南

Managing security and analysis settings for your repository

操作方法指南

保持更新依赖项

使用 Dependabot 检查新版本并创建拉取请求来更新您的依赖关系。

Start learning path

关于 Dependabot 版本更新

Configuring Dependabot version updates

操作方法指南

自定义依赖项更新

操作方法指南

Configuration options for the dependabot.yml file

使用 GitHub Actions 运行代码扫描

检查默认分支和每个拉取请求，以排除仓库中的漏洞和错误。

Start learning path

About code scanning

Setting up code scanning for a repository

操作方法指南

Configuring code scanning

操作方法指南

Configuring the CodeQL workflow for compiled languages

操作方法指南

在 CI 中运行 CodeQL 代码扫描

在您现有的 CI 中设置CodeQL并将结果上传到 GitHub 代码扫描。

Start learning path

About CodeQL code scanning in your CI system

Installing CodeQL CLI in your CI system

操作方法指南

Configuring CodeQL CLI in your CI system

操作方法指南

从 CodeQL 运行器迁移到 CodeQL CLI

与代码扫描集成

使用 SARIF 将分析结果从第三方系统上传到 GitHub。

Start learning path

About integration with code scanning

Uploading a SARIF file to GitHub

操作方法指南

SARIF support for code scanning

代码扫描

End-to-end supply chain

How to think about securing your user accounts, your code, and your build process.

Start learning path

Securing your end-to-end supply chain

Best practices for securing accounts

Best practices for securing code in your supply chain

Best practices for securing your build system

All Code security guides

使用这些控件过滤指南列表

找到 65 个指南