Identify your dependencies, dependents, and their properties to understand your software supply chain.
GitHub Security
Secure your software supply chain
Avoid adding new vulnerabilities with dependency review. Your software is more than the code you have written. With up to 94% of active repositories relying on open source, you rely on many components you didn’t produce, but which you still need to secure.
Get notified of new vulnerabilities
Keep your dependencies up-to-date and optimized and get updates on new vulnerabilities affecting your specific dependencies with Dependabot.
Fix vulnerabilities
Fix vulnerable dependencies by raising pull requests with security updates
Learn moreKnow what’s in your environment
Identify all your project's dependencies
Discover your dependencies using GitHub’s dependency graph, including transitive dependencies.
Fix and publish vulnerability information
Review, fix and publish issues securely. Contribute and refer to a curated, open-source database of vulnerabilities.
Get involved through GitHub Security Lab
Develop a private fix and publish an advisory about a vulnerability in your project, and share your reporting and disclosure policy with the world.
Secure software from the start
Whether you’re contributing to an open source project or choosing new tools for your team, your security needs are covered.
Best practices for more secure software
Developer-first application security
Take an in-depth look at the current state of application security.
Learn more
The government agency's guide to DevSecOps
Learn how to write more secure code from the start with DevSecOps.
Learn more