Code security guides
GitHub이 코드의 보안을 개선하는 데 도움이 되는 다양한 방법에 대해 알아봅니다.
- 1Overview
About coordinated disclosure of security vulnerabilities
Vulnerability disclosure is a coordinated effort between security reporters and repository maintainers. - 2Overview
About the GitHub Advisory database
The GitHub Advisory Database contains a list of known security vulnerabilities and malware, grouped in two categories: GitHub-reviewed advisories and unreviewed advisories. - 3Overview
About global security advisories
Global security advisories live in the GitHub Advisory Database, a collection of CVEs and GitHub-originated advisories affecting the open source world. You can contribute to improving global security advisories. - 4Overview
About repository security advisories
You can use repository security advisories to privately discuss, fix, and publish information about security vulnerabilities in your repository. - 5How-to guide
Best practices for writing repository security advisories
When you create or edit security advisories, the information you provide is easier for other users to understand when you specify the ecosystem, package name, and affected versions using the standard formats. - 6How-to guide
Privately reporting a security vulnerability
Some public repositories configure security advisories so that anyone can report security vulnerabilities directly and privately to the maintainers. - 7How-to guide
Managing privately reported security vulnerabilities
Repository maintainers can manage security vulnerabilities that have been privately reported to them by security reseachers for repositories where private vulnerability reporting is enabled. - 8How-to guide
Configuring private vulnerability reporting for a repository
Owners and administrators of public repositories can allow security researchers to report vulnerabilities securely in the repository by enabling private vulnerability reporting. - 9How-to guide
Configuring private vulnerability reporting for an organization
Organization owners and security managers can allow security researchers to report vulnerabilities securely in repositories within the organization by enabling private vulnerability reporting for all its public repositories. - 10How-to guide
Creating a repository security advisory
You can create a draft security advisory to privately discuss and fix a security vulnerability in your open source project. - 11How-to guide
Adding a collaborator to a repository security advisory
You can add other users or teams to collaborate on a security advisory with you. - 12How-to guide
Collaborating in a temporary private fork to resolve a repository security vulnerability
You can create a temporary private fork to privately collaborate on fixing a security vulnerability in your repository. - 13How-to guide
Publishing a repository security advisory
You can publish a security advisory to alert your community about a security vulnerability in your project. - 14How-to guide
Editing a repository security advisory
You can edit the metadata and description for a repository security advisory if you need to update details or correct errors. - 15How-to guide
Withdrawing a repository security advisory
You can withdraw a repository security advisory that you've published. - 16How-to guide
Removing a collaborator from a repository security advisory
When you remove a collaborator from a repository security advisory, they lose read and write access to the security advisory's discussion and metadata.
Code security learning paths
Learning paths are a collection of guides that help you master a particular subject.
안전하지 않은 종속성에 대한 알림 가져오기
종속성에서 새 취약성 또는 맬웨어에 대해 경고하도록 Dependabot을 설정합니다.
취약한 종속성을 업데이트하기 위한 끌어오기 요청 가져오기
새 취약성이 보고되면 끌어오기 요청을 만들도록 Dependabot을 설정합니다.
비밀 검색
리포지토리에 대한 토큰, 암호 및 기타 비밀의 실수로 체크 인하지 않도록 비밀 검사를 설정합니다.
코드 검사와 통합
SARIF를 사용하여 타사 시스템의 코드 분석 결과를 GitHub에 업로드합니다.
All Code security guides
71 guides found
Adding a security policy to your repository
How-to guideYou can give instructions for how to report a security vulnerability in your project by adding a security policy to your repository.
- Security policies
- Vulnerabilities
- Repositories
- Health
GitHub security features
OverviewAn overview of GitHub security features.
- Repositories
- Dependencies
- Vulnerabilities
- Advanced Security
Securing your organization
How-to guideYou can use a number of GitHub features to help keep your organization secure.
- Organizations
- Dependencies
- Vulnerabilities
- Advanced Security
Securing your repository
How-to guideYou can use a number of GitHub features to help keep your repository secure.
- Repositories
- Dependencies
- Vulnerabilities
- Advanced Security
About secret scanning
OverviewGitHub scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally.
- Secret scanning
- Advanced Security
Configuring secret scanning for your repositories
How-to guideYou can configure how GitHub scans your repositories for leaked secrets and generates alerts.
- Secret scanning
- Advanced Security
- Repositories
Defining custom patterns for secret scanning
How-to guideYou can extend secret scanning to detect secrets beyond the default patterns.
- Advanced Security
- Secret scanning
Managing alerts from secret scanning
How-to guideYou can view and close alerts for secrets checked in to your repository.
- Secret scanning
- Advanced Security
- Alerts
- Repositories
Protecting pushes with secret scanning
How-to guideYou can use secret scanning to prevent supported secrets from being pushed into your organization or repository by enabling push protection.
- Secret scanning
- Advanced Security
- Alerts
- Repositories