Security Tools
DependabotAutomated dependency management that monitors for known vulnerabilities and malware. Creates pull requests to update affected packages automatically and detects compromised dependencies. Also supports scheduled version updates to keep all dependencies current.
Code Scanning (CodeQL)Semantic code analysis engine that treats code as data. Runs queries against a database of your codebase to find SQL injection, XSS, buffer overflows, and authentication bypasses. Free for public repos.
Secret ScanningDetects accidentally committed secrets (API keys, tokens, passwords) across your entire repository history. Partners with 200+ service providers to automatically revoke leaked credentials. Push protection blocks secrets before they reach the repo.
Security AdvisoriesPrivate spaces to discuss, fix, and publish information about security vulnerabilities in your projects. Integrated with the GitHub Advisory Database, which feeds into npm, pip, and other ecosystem security tools.
Free for all public repositories
Advanced features on Enterprise plan
Automated PRs for dependency updates
200+ service provider integrations