Skip to main content
GitHub Docs
All products
Code security
Getting started
GitHub security features
Secure your repository
Secure your organization
Add a security policy
Adopting GHAS at scale
Introduction
1. Align on strategy
2. Preparation
3. Pilot programs
4. Create internal documentation
5. Rollout code scanning
6. Rollout secret scanning
Secret scanning
About secret scanning
Configure secret scans
Define custom patterns
Manage secret alerts
Secret scanning patterns
Code scanning
Scan code automatically
关于代码扫描
About code scanning alerts
Triage alerts in pull requests
Set up code scanning
Manage alerts
Track alerts in issues
Configure code scanning
Code scanning with CodeQL
Hardware resources for CodeQL
Configure compiled languages
Troubleshoot CodeQL workflow
Code scanning in a container
View code scanning logs
Integrate with code scanning
About integration
Upload a SARIF file
SARIF support
Use CodeQL in CI system
Code scanning in your CI
Install CodeQL CLI
Configure CodeQL CLI
Run CodeQL runner
Migrating from the CodeQL runner
Security advisories
Global security advisories
About the GitHub Advisory database
关于全局安全公告
Browse Advisory Database
Edit Advisory Database
Supply chain security
Understand your supply chain
Supply chain security
Dependency graph
Configure dependency graph
Dependency review
Configure dependency review
Explore dependencies
Troubleshoot dependency graph
端到端供应链
Overview
Securing accounts
Securing code
Securing builds
Dependabot
Dependabot alerts
Dependabot alerts
Configure Dependabot alerts
View Dependabot alerts
Configure notifications
Security overview
About the security overview
View the security overview
Filtering the security overview
代码安全指南
We publish frequent updates to our documentation, and translation of this page may still be in progress. For the most current information, please visit the
English documentation
.
GitHub AE is currently under limited release.
Code security
/
Supply chain security
GitHub AE
简体中文
Search GitHub Docs
GitHub Docs
Code security
/
Supply chain security
Code security
Get started
Account and profile
Authentication
Repositories
Enterprise administrators
Billing and payments
Site policy
Organizations
Code security
Pull requests
GitHub Issues
GitHub Actions
GitHub Copilot
GitHub Codespaces
GitHub Packages
Search on GitHub
Developers
REST API
GraphQL API
GitHub CLI
GitHub Discussions
GitHub Sponsors
Building communities
GitHub Pages
Education
GitHub Desktop
GitHub Support
Atom
Electron
CodeQL
npm
GitHub AE
Free, Pro, & Team
Enterprise Cloud
Enterprise Server 3.7
Enterprise Server 3.6
Enterprise Server 3.5
Enterprise Server 3.4
Enterprise Server 3.3
GitHub AE
All Enterprise Server releases
About versions
简体中文
English
简体中文
日本語
Español
Português do Brasil
Deutsch
Français
русский
한국어
Search GitHub Docs
保护软件供应链
可视化、维护和保护软件供应链中的依赖项。
了解您的软件供应链
关于供应链安全性
About the dependency graph
Configuring the dependency graph
About dependency review
配置依赖项审查
探索仓库的依赖项
依赖关系图疑难排解
端到端供应链
保护端到端供应链
Best practices for securing accounts
Best practices for securing code in your supply chain
保护生成系统的最佳做法