◐ Shell
clean mode source ↗

Resources

Resources

Secure code education, hands-on AppSec training, and specialized support. Free for open source developers, maintainers, and security researchers.

For Developers

Learn secure coding patterns

The Secure Code Game is an open source, in-repo, learning experience for developers, to build a secure coding mindset while having fun. 

Learn more

How do I start securing my project?

Enable, with just a few clicks, and for free, GitHub's security tools that will help you write secure code, prevent secret leaks, scan your dependencies for security vulnerabilities, and globally keep your users safe.

Five easy steps to secure your open source project

For Security Researchers

While implementing CodeQL support for GitHub Actions workflows, we came across new patterns of insecure workflows. Learn how to identify and mitigate them.

Enable, with just a few clicks, and for free, GitHub's security tools that will help you write secure code, prevent secret leaks, scan your dependencies for security vulnerabilities, and globally keep your users safe.

The GitHub Security Lab audits open source projects and helps maintainers fix security vulnerabilities. For our 500th CVE, we took a trip down memory lane with a review of some noteworthy CVEs!

CodeQL

The GitHub Security Lab uses CodeQL to perform variant analysis, an important technique for identifying new types of security vulnerabilities of a given class.

We find hundreds of vulnerabilities in open source thanks to CodeQL

New to CodeQL? Learn how you can apply static analysis to security vulnerability research.

Want to play a game? We created several “Capture the Flag” based on CodeQL, to help you make your first step.

Security Advisories

Request a CVE ID

If you want a CVE identification number for a security vulnerability in your project, you can request the CVE ID from GitHub. GitHub usually reviews the request within 72 hours, and will take care of curating and publishing the CVE record after your repository advisory is published. 

Request a CVE ID

Contribute to a Security Advisory

Our team of security researchers continuously review new security information to ensure our data is the best there is, and this includes additional insights provided by the global community of subject-matter experts. You can help make this data better by contributing your expertise back to it!

Propose an improvement to an advisory

Fuzzing 101

Do you want to learn how to fuzz like a real expert, but not sure where to start? This is the course for you! 10 real targets, 10 exercises. Can you solve them all?

Learn Fuzzing 101

In this two-part blog series, we’ll review some of the challenges we commonly face in our fuzzing workflows and provide ways to address these challenges.

In this two-part series, Antonio Morales shares findings and tips from his research on socket-based fuzzing.

Man Yue Mo built and open sourced a fuzzer for the Android Near Field Communication (NFC) component. He shares here some design considerations when building the fuzzer.

May 12, 2025

Secure Code Game Season 3 - Teaser

Mar 29, 2023

Secure Code Game

Mar 21, 2023

🎉 Write safer code with new vulnerability prevention features in GitHub Copilot 🔒 ✅