Security
Security at GitHub
Millions of teams trust GitHub to keep their work safe. Our team of experts goes beyond industry standards to secure our platform. And builds features that help you do the same.
Features
Secure code,
from blueprint to execution
Accounts and access
Keep your GitHub account secure—and review important changes along the way.
- Two-factor Authentication (2FA) (SMS, TOTP)
- Universal Second Factor (U2F)
- Delegated Account Recovery
- Git over Secure Shell (SSH) and HTTPS
- GPG commit-signing verification
- Email privacy controls
- Security audit log
Teams and integrations
Manage teams, projects, and integrations to do your best work securely.
- Fine-grained access controls
- SAML
- LDAP
- Repository access levels (Read, write, and admin)
- Default repository permissions
- OAuth Application Whitelists
- Security monitoring through organization-wide webhooks
- Access controls for third-party integrations
Projects and monitoring
Build confidently with exactly the right teams—and monitor security as you go.
- Required reviews
- Required status checks
- Built-in continuous integration (CI) and testing
- Read only deploy keys
- Deployments API
- Monitoring and logging
- Evidence key controls
News
Stay up to date
- Securing software, together→
- Introducing new ways to keep your code secure→
- New improvements and best practices for account security and recoverability→
- Soft U2F→
- A glimpse into GitHub's Bug Bounty workflow→
- GitHub's post-CSP journey→
- GitHub's CSP journey→
- GitHub is FedRAMP Authorized→
- Token Scanning→
- Security Alerts→