Skip to content
GitHub Security

Secure your software supply chain

Avoid adding new vulnerabilities with dependency review. Your software is more than the code you have written. With up to 94% of active repositories relying on open source, you rely on many components you didn’t produce, but which you still need to secure.

Get notified of new vulnerabilities

Keep your dependencies up-to-date and optimized and get updates on new vulnerabilities affecting your specific dependencies with Dependabot.

Review changes

Review dependency changes in relevant context like pull requests and issues

Learn more

Fix vulnerabilities

Fix vulnerable dependencies by raising pull requests with security updates

Learn more

Prevent

Keep the packages you use updated to the latest versions

Learn more

Know what’s in your environment

Identify your dependencies, dependents, and their properties to understand your software supply chain.

List of dependencies defined in pypi/requirements.txt

Identify all your project's dependencies

Discover your dependencies using GitHub’s dependency graph, including transitive dependencies.

Popup displaying "Improper input validation in PyPAML" with button "Review security update"

Fix and publish vulnerability information

Review, fix and publish issues securely. Contribute and refer to a curated, open-source database of vulnerabilities.

GitHub Advisory Database displaying 15,960 advisories total, displaying 5.

Get involved through GitHub Security Lab

Develop a private fix and publish an advisory about a vulnerability in your project, and share your reporting and disclosure policy with the world.

Heading "Remote code injection in Log4j" displaying remediation advice

Secure software from the start

Whether you’re contributing to an open source project or choosing new tools for your team, your security needs are covered.

Contact salesRequest a demo

Best practices for more secure software

Developer-first application security

Take an in-depth look at the current state of application security.

Learn more

The government agency's guide to DevSecOps

Learn how to write more secure code from the start with DevSecOps.

Learn more

Avoid AppSec pitfalls

Explore common application security pitfalls and how to avoid them.

Learn more