Secure code education, hands-on AppSec training, and specialized support. Free for open source developers, maintainers, and security researchers.
The Secure Code Game is an open source, in-repo, learning experience for developers, to build a secure coding mindset while having fun.
Enable, with just a few clicks, and for free, GitHub's security tools that will help you write secure code, prevent secret leaks, scan your dependencies for security vulnerabilities, and globally keep your users safe.
We find hundreds of vulnerabilities in open source thanks to CodeQL
New to CodeQL? Learn how you can apply static analysis to security vulnerability research.
Want to play a game? We created several “Capture the Flag” based on CodeQL, to help you make your first step.
If you want a CVE identification number for a security vulnerability in your project, you can request the CVE ID from GitHub. GitHub usually reviews the request within 72 hours, and will take care of curating and publishing the CVE record after your repository advisory is published.
Our team of security researchers continuously review new security information to ensure our data is the best there is, and this includes additional insights provided by the global community of subject-matter experts. You can help make this data better by contributing your expertise back to it!