Skip to content
Security Overview Code Supply-chain

Secure your software supply chain

Avoid adding new vulnerabilities with dependency review. Your software is more than the code you have written. With up to 94% of active repositories relying on open source*, you rely on many components you didn’t produce, but which you still need to secure.

Discover dependency review beta Contact sales

Know what’s in your environment

Identify your dependencies, dependents, and their properties to understand your software supply chain.

Discover your dependencies using GitHub’s dependency graph, including transitive dependencies.

Read

How GitHub’s dependency graph is generated

Manage your dependencies

Get notified when there are new vulnerabilities affecting your dependencies, and keep your dependencies up-to-date and optimized with Dependabot.

Read

Managing vulnerabilities in your project’s dependencies

Read

About alerts for vulnerable dependencies

Understand the risks from your dependencies, including inherited vulnerabilities and licensing restrictions, and easily see what dependencies have changed in a pull request using dependency review.

Read

Reviewing dependency changes in a pull request

Update dependencies for the latest functionality and security patches with automated pull requests from Dependabot.

Read

About Dependabot security updates

Keep your dependencies up to date even when there isn’t a new vulnerability, so that you can quickly respond when it’s critical.

Read

About Dependabot version updates

Fix and publish vulnerability information

Review, fix and publish issues securely. Contribute and refer to a curated, open-source database of vulnerabilities.

GitHub Advisory Database

Read

Browsing security vulnerabilities in the GitHub Advisory Database

Develop a private fix and publish an advisory about a vulnerability in your project, and share your reporting and disclosure policy with the world.

Get involved through GitHub Security Lab

Read

Publishing a security advisory

Best practices for more secure software

The complete guide

Developer-first application security

Take an in-depth look at the current state of application security.

Industry spotlight

The government agency's guide to DevSecOps

Learn how to write more secure code from the start with DevSecOps.

How-to

Avoid AppSec pitfalls

Explore common application security pitfalls and how to avoid them.

Secure software from the start

Whether you’re contributing to an open source project or choosing new tools for your team, your security needs are covered.

Create a free account Contact sales