/security/

Achieving DevSecOps maturity with GitHub

GitHub has been rapidly evolving into a complete development platform over the past year and a half, with the addition of native CI/CD capabilities using GitHub Actions. But did you know that you can implement DevSecOps natively in GitHub Enterprise, using GitHub Advanced Security?

Appsec Talk - Hashicorp

How Hashicorp secures their code

Application Security explained: Downloadable guide to learn how to put the developer first

Put developers front and center for application security and drive down the number of vulnerabilities in production code. Download this PDF guide to learn more.

Complex, siloed, slow: Top AppSec pitfalls and how to avoid them

Secure software is critical for organizations to stay in business today. But security can be easier said than done—due to the complexity, siloed teams, and slow processes.

Incorporating community-powered security into the developer workflow

What if you could have an extra team member who reviews each pull request, with a special eye towards security? A team member who knows all the latest security research, and gives helpful feedback, making security part of your engineering culture?

Decrease secret leaks with GitHub Advanced Security secret scanning

Discover how to help keep secrets secure, regardless of their structure.

Demo Day: Achieving DevSecOps with GitHub Advanced Security

Get hands-on support for the next step of your DevSecOps journey. Join us for a technical deep dive into GitHub Advanced Security with a step-by-step demo on features like code scanning and secret scanning—and a look at what this means for baking security into the developer workflow.

How leading software teams build securely on GitHub

Today, every company is a software company.

Integrating GitHub Advanced Security with third party reporting and analytics platforms

This document is intended to capture strategies for integrating and ingesting alerts from the GitHub Advanced Security (GHAS) platform into external reporting, Security Information and Event Management (SIEM) services, and vulnerability analytics platforms.

Found means fixed: Addressing security debt at scale

Software vulnerabilities accumulate over time, creating security debt. While traditional AppSec tools identify issues, fixing them remains challenging due to limited expertise and time.

How GitHub secures open source software

GitHub works hard to secure the open source software you use. We provide businesses with best practices to learn and leverage across their workflows. Download this PDF Whitepaper to learn more.

Pay down security debt with Copilot Autofix

GitHub customers often deal with large backlogs of security vulnerabilities. These are time consuming to address and take focus away from new development.

Proactive vs
 Reactive Security

Prevent security issues from happening in the first place.

Solving for a security-first approach: building blocks for scalable product security

Cybersecurity is facing its watershed moment. As developer release cycles are accelerating, organizations are quickly realizing there are simply not enough skilled security engineers available to protect their code.

How static application security testing (SAST) can keep your software secure

Discover what SAST is, why it can keep your proprietary code safe, and how to get started with SAST

Adopting and scaling GitHub Advanced Security in your company

Let's talk about how you can scale and adopt GitHub Advanced Security in an automated and structured fashion