Sign up
Security at GitHub
Millions of teams trust GitHub to keep their work safe. Our team of experts goes beyond industry standards to secure our platform. And builds features that help you do the same.
Meet our Team →
See how we earn your trust →
Securing software, together
Introducing community-powered ways to discover, report, and prevent security vulnerabilities.
Learn more →
GitHub Advisory Database NEW
Browse a curated database of CVEs and security, mapped to packages tracked by the GitHub dependency graph.
Learn more →
Security incident response
Our threat detection program provides investigation, response, and coordination for all security incidents at GitHub.
Learn more →
The GitHub Bug Bounty Program
We’ve invited the security research community to help make our product more secure since 2014.
Learn more →
Secure code,
from blueprint to execution
Accounts and access
Keep your GitHub account secure—and review important changes along the way.
Two-factor Authentication (2FA) (SMS, TOTP)
Universal Second Factor (U2F)
Delegated Account Recovery
Git over Secure Shell (SSH) and HTTPS
GPG commit-signing verification
Email privacy controls
Security audit log
Teams and integrations
Manage teams, projects, and integrations to do your best work securely.
Fine-grained access controls
Repository access levels (Read, write, and admin)
Base repository permissions
OAuth Application Whitelists
Security monitoring through organization-wide webhooks
Access controls for third-party integrations
Projects and monitoring
Build confidently with exactly the right teams—and monitor security as you go.
Required reviews
Required status checks
Built-in continuous integration (CI) and testing
Read only deploy keys
Deployments API
Monitoring and logging
Evidence key controls
Find a plan that meets your team’s security needs.
Compare plans →
Questions about security?
Have a question, concern, or comment about GitHub security? Please contact GitHub Support.
Contact GitHub Support
Stay up to date
GitHub Advisory Database launched →
Securing software, together →
Introducing new ways to keep your code secure →
New improvements and best practices for account security and recoverability →
Soft U2F →
A glimpse into GitHub's Bug Bounty workflow →
© 2021 GitHub, Inc.
Site Map
What is Git?
Security Trust and privacy Team Incident response