Skip to main content
Home
Secure coding
Getting started
security features
Dependabot quickstart
Secure repository quickstart
Add a security policy
Audit security alerts
Prevent data s
secret types
Trial Advanced Security
Plan GHAS trial
Enable security features in trial
Trial Secret Protection
Trial Code Security
Secure your organization
Introduction
About organization security
Choose security configuration
Enable security features
Apply recommended configuration
Create custom configuration
Apply custom configuration
Configure global settings
Give access to private registries
Manage organization security
Interpret security data
Filter repositories
Edit custom configuration
Manage paid GHAS use
Detach security configuration
Find attachment failures
Delete custom configuration
Exposure to secrets
Secret risk assessment
View secret risk assessment
Interpret results
Secret protection
Fix alerts at scale
About security campaigns
Best practices
Create security campaigns
Track security campaigns
Troubleshooting configurations
Active advanced setup
Not enough GHAS licenses
Secret scanning
Introduction
Secret scanning
Push protection
Secret scanning for partners
Supported patterns
Enable features
Enable secret scanning
Enable push protection
Enable validity checks
Manage alerts
About alerts
View alerts
Evaluate alerts
Resolve alerts
Monitor alerts
Work with secret scanning
Push protection for users
Push protection on the command line
Push protection from the REST API
Push protection in the UI
Advanced features
Exclude folders and files
Non-provider patterns
Enable for non-provider patterns
Custom patterns
Define custom patterns
Manage custom patterns
Custom pattern metrics
Delegated bypass
About delegated bypass
Enable delegated bypass
Manage bypass requests
Delegated alert dismissal
Copilot secret scanning
Generic secret detection
Enable generic secret detection
Generate regular expressions with AI
Regular expression generator
Troubleshoot
Troubleshoot secret scanning
Partner program
Partner program
Code scanning
Introduction
About code scanning
About CodeQL code scanning
Enable code scanning
Configure code scanning
Evaluate code scanning
Code scanning at scale
Create advanced setup
Configure advanced setup
Customize advanced setup
CodeQL for compiled languages
CodeQL advanced setup at scale
Hardware resources for CodeQL
Code scanning in a container
Manage alerts
About code scanning alerts
Copilot Autofix for code scanning
Disable Copilot Autofix
Assess alerts
Resolve alerts
Best practices for campaigns
Fix alerts in campaign
Triage alerts in pull requests
Manage code scanning
Code scanning tool status
Edit default setup
Set merge protection
Enable delegated alert dismissal
CodeQL query suites
Configure larger runners
View code scanning logs
Actions CodeQL queries
C and C++ CodeQL queries
C# CodeQL queries
Actions queries
Go CodeQL queries
Java and Kotlin CodeQL queries
JavaScript and TypeScript queries
Python CodeQL queries
Ruby CodeQL queries
Swift CodeQL queries
Integrate with code scanning
About integration
Using code scanning with your existing CI system
Upload a SARIF file
SARIF support
Troubleshooting code scanning
Code Security must be enabled
Alerts in generated code
Analysis takes too long
Automatic build failed
C# compiler failing
Cannot enable CodeQL in a private repository
Enabling default setup takes too long
Extraction errors in the database
Fewer lines scanned than expected
Logs not detailed enough
No source code seen during build
Not recognized
Out of disk or memory
Resource not accessible
Results different than expected
Server error
Some languages not analyzed
Two CodeQL workflows
Unclear what triggered a workflow
Unnecessary step found
Kotlin detected in no build
Troubleshooting SARIF uploads
Code Security disabled
Default setup is enabled
token missing
SARIF file invalid
Results file too large
Results exceed limits
CodeQL CLI
Getting started
About the CodeQL CLI
Setting up the CodeQL CLI
Preparing code for analysis
Analyzing code
Uploading results to
Customizing analysis
Advanced functionality
Advanced setup of the CodeQL CLI
About CodeQL workspaces
Using custom queries with the CodeQL CLI
Creating CodeQL query suites
Testing custom queries
Testing query help files
Creating and working with CodeQL packs
Publishing and using CodeQL packs
Specifying command options in a CodeQL configuration file
Query reference files
CodeQL CLI SARIF output
CodeQL CLI CSV output
Extractor options
Exit codes
Creating CodeQL CLI database bundles
CodeQL CLI manual
bqrs decode
bqrs diff
bqrs hash
bqrs info
bqrs interpret
database add-diagnostic
database analyze
database bundle
database cleanup
database create
database export-diagnostics
database finalize
database import
database index-files
database init
database interpret-results
database print-baseline
database run-queries
database trace-command
database unbundle
database upgrade
dataset check
dataset cleanup
dataset import
dataset measure
dataset upgrade
diagnostic add
diagnostic export
execute cli-server
execute language-server
execute queries
execute query-server
execute query-server2
execute upgrades
generate extensible-predicate-metadata
generate log-summary
generate query-help
merge-results
upload-results
pack add
pack bundle
pack ci
pack create
pack download
pack init
pack install
pack ls
pack packlist
pack publish
pack resolve-dependencies
pack upgrade
query compile
query decompile
query format
query run
resolve database
resolve extensions
resolve extensions-by-pack
resolve extractor
resolve files
resolve languages
resolve library-path
resolve metadata
resolve ml-models
resolve packs
resolve qlpacks
resolve qlref
resolve queries
resolve ram
resolve tests
resolve upgrades
test accept
test extract
test run
version
CodeQL for VS Code
Getting started
About the extension
Extension installation
Manage CodeQL databases
Run CodeQL queries
Explore data flow
Queries at scale
Advanced functionality
CodeQL model editor
Custom query creation
Manage CodeQL packs
Explore code structure
Test CodeQL queries
Customize settings
CodeQL workspace setup
CodeQL CLI access
Telemetry
Troubleshooting CodeQL for VS Code
Access logs
Problem with controller repository
Security advisories
Global security advisories
About the Advisory database
About global security advisories
Browse Advisory Database
Edit Advisory Database
Repository security advisories
About repository security advisories
Permission levels
Configure for a repository
Configure for an organization
Create repository advisories
Edit repository advisories
Evaluate repository security
Temporary private forks
Publish repository advisories
Add collaborators
Remove collaborators
Delete repository advisories
Guidance on reporting and writing
Coordinated disclosure
Best practices
Privately reporting
Manage vulnerability reports
Supply chain security
Understand your supply chain
Supply chain security
Dependency graph
Dependency graph ecosystem support
Configure dependency graph
Automatic dependency submission
Export dependencies as SBOM
Dependency submission API
Dependency review
Configure dependency review action
Customize dependency review action
Enforce dependency review
Explore dependencies
Troubleshoot dependency graph
End-to-end supply chain
Overview
Securing accounts
Securing code
Securing builds
Dependabot
Dependabot ecosystems
Dependabot ecosystem support
Optimize Java packages
Dependabot alerts
Dependabot alerts
Configure Dependabot alerts
View Dependabot alerts
Configure notifications
Dependabot auto-triage rules
About auto-triage rules
preset rules
Custom auto-triage rules
Manage auto-dismissed alerts
Dependabot security updates
Dependabot security updates
Configure security updates
Customize Dependabot PRs
Dependabot version updates
Dependabot version updates
Configure version updates
Optimize PR creation
Customize Dependabot PRs
Control dependency update
Work with Dependabot
Manage Dependabot PRs
About Dependabot on Actions
Use Dependabot with Actions
Auto-update actions
Configure access to private registries
Guidance for configuring private registries
Dependabot options reference
Configure ARC
Configure VNET
Maintain dependencies at scale
Dependency management best practices
Manage Dependabot on self-hosted runners
Remove access to public registries
Troubleshoot Dependabot
List configured dependencies
Viewing Dependabot logs
Dependabot stopped working
Troubleshoot errors
Troubleshoot Dependabot on Actions
Troubleshoot vulnerability detection
Security overview
About security overview
View security insights
Assess adoption of features
Assess security risk of code
Filter security overview
Export data
View secret scanning metrics
View PR alert metrics
Review bypass requests
Secure coding
/
Secure your organization
Securing your organization
Introduction to securing your organization at scale
About enabling security features at scale
Choosing a security configuration for your repositories
Enabling security features in your organization
Applying the -recommended security configuration in your organization
Creating a custom security configuration
Applying a custom security configuration
Configuring global security settings for your organization
Giving security features access to private registries
Managing the security of your organization
Interpreting security findings
Filtering repositories in your organization using the repository table
Editing a custom security configuration
Managing your paid use of Advanced Security
Detaching repositories from their security configurations
Finding and fixing configuration attachment failures
Deleting a custom security configuration
Understanding your organization's exposure to secrets
About the secret risk assessment
Viewing the secret risk assessment report for your organization
Interpreting secret risk assessment results
Choosing Secret Protection
Fixing security alerts at scale
About security campaigns
Best practices for fixing security alerts at scale
Creating and managing security campaigns
Tracking security campaigns
Troubleshooting security configurations
A repository is using advanced setup for code scanning
Not enough Advanced Security licenses