DevSecOps

DevSecOps guides about integrating security into every phase of enterprise software development. Learn how to implement security checks within your continuous integration and continuous deployment (CI/CD) pipelines, use automated tools to detect vulnerabilities early, and ensure compliance. Whether you’re new to DevSecOps or looking to deepen your expertise, we have you covered.

Featured

Frenemies to friends: Developers and security tools

When socializing a new security tool, it IS possible to build a bottom-up security culture where engineering has a seat at the table. Let’s explore some effective strategies witnessed by the GitHub technical sales team to make this shift successful.

We do newsletters, too

Discover tips, technical guides, and best practices in our biweekly newsletter just for devs.

Latest

Passwordless deployments to the cloud

Discovering passwords in our codebase is probably one of our worst fears. But what if you didn’t need passwords at all, and could deploy to your cloud provider another way? In this post, we explore how you can use OpenID Connect to trust your cloud provider, enabling you to deploy easily, securely and safely, while minimizing the operational overhead associated with secrets (for example, key rotations).

Applying DevSecOps to your software supply chain

To best apply DevSecOps principles to improve the security of your supply chain, you should ask your developers to declare your dependencies in code; and in turn provide your developers with maintained ‘golden’ artifacts and automated downstream actions so they can focus on code.

The world's largest developer platform

Docs

Docs

Everything you need to master GitHub, all in one place.

GitHub

GitHub

Build what’s next on GitHub, the place for anyone from anywhere to build anything.

Customer stories

Customer stories

Meet the companies and engineering teams that build with GitHub.

Work at GitHub!

Work at GitHub!

Check out our current job openings.