Page Text: Show more features
Security
Secure code as you write it. Automatically review every change to your codebase and identify vulnerabilities before they reach production.
Understand and address any vulnerabilities in your open source dependencies.
Automatically detect and deactivate secrets committed to your repos.
Private repos
Host code that you don't want to share with the world in private GitHub repos only accessible to you and people you share them with.
Learn more
2FA
Add an extra layer of security with two-factor authentication (2FA) when logging into GitHub. Require 2FA and choose from TOTP apps, security keys, and more.
Learn more
Required reviews
Ensure that pull requests have a specific number of approving reviews before collaborators can make changes to a protected branch.
Required status checks
Ensure that all required CI tests are passing before collaborators can make changes to a protected branch.
Learn more
Code scanning
Find vulnerabilities in custom code using static analysis. Prevent new vulnerabilities from being introduced by scanning every pull request.
Learn more
Secret scanning
Find secrets hard-coded in your public and private repositories. Revoke them to keep access to the services you use secure.
Learn more
Dependency graph
See the packages your project depends on, the repositories that depend on them, and any vulnerabilities detected in their dependencies.
Learn more
Dependabot alerts
Get notified when there are new vulnerabilities affecting your repositories. GitHub detects and alerts users to vulnerable dependencies in public and private repos.
Dependabot security and
version updates
Keep your supply chain secure and up-to-date by automatically opening pull requests that update vulnerable or out-of-date dependencies.