/
Research Advisories CodeQL Wall of Fame
Resources
Open Source Community Enterprise
Events Get Involved
Resources

Open Source Community

Secure code education, hands-on AppSec training, and specialized support. Free for open source developers, maintainers, and security researchers.

For Developers

Learn secure coding patterns

The Secure Code Game is an open source, in-repo, learning experience for developers, to build a secure coding mindset while having fun. 

Play the Secure Code game

How do I start securing my project?

Enable, with just a few clicks, and for free, GitHub's security tools that will help you write secure code, prevent secret leaks, scan your dependencies for security vulnerabilities, and globally keep your users safe.

Five easy steps to secure your open source project

For Security Researchers

Latest articles

See all articles
Five easy steps to secure your open source project
Enable, with just a few clicks, and for free, GitHub's security tools that will help you write secure code, prevent secret leaks, scan your dependencies for security vulnerabilities, and globally keep your users safe.
The GitHub Security Lab’s journey to disclosing 500 CVEs in open source projects
The GitHub Security Lab audits open source projects and helps maintainers fix security vulnerabilities. For our 500th CVE, we took a trip down memory lane with a review of some noteworthy CVEs!
What we learned from the Security Lab’s Community Office Hours
The GitHub Security Lab provided office hours for open source projects looking to improve their security posture. Here’s what we learned and how you can also participate.

CodeQL

The GitHub Security Lab uses CodeQL to perform variant analysis, an important technique for identifying new types of security vulnerabilities of a given class.
CodeQL Wall of Fame

We find hundreds of vulnerabilities in open source thanks to CodeQL

Explore CodeQL Wall of Fame
CodeQL: from zero to hero

New to CodeQL? Learn how you can apply static analysis to security vulnerability research.

Read the article
Learn CodeQL

Want to play a game? We created several “Capture the Flag” based on CodeQL, to help you make your first step.

Go Capture the Flag

Security Advisories

Request a CVE ID

If you want a CVE identification number for a security vulnerability in your project, you can request the CVE ID from GitHub. GitHub usually reviews the request within 72 hours, and will take care of curating and publishing the CVE record after your repository advisory is published. 

Request a CVE ID

Contribute to a Security Advisory

Our team of security researchers continuously review new security information to ensure our data is the best there is, and this includes additional insights provided by the global community of subject-matter experts. You can help make this data better by contributing your expertise back to it!

Propose an improvement to an advisory
Fuzzing 101
Do you want to learn how to fuzz like a real expert, but not sure where to start? This is the course for you! 10 real targets, 10 exercises. Can you solve them all?
Learn Fuzzing 101

Read more about Fuzzing

Fuzzing software: common challenges and potential solutions
In this two-part blog series, we’ll review some of the challenges we commonly face in our fuzzing workflows and provide ways to address these challenges.
Fuzzing sockets
In this two-part series, Antonio Morales shares findings and tips from his research on socket-based fuzzing.
Fuzzing Android NFC
Man Yue Mo built and open sourced a fuzzer for the Android Near Field Communication (NFC) component. He shares here some design considerations when building the fuzzer.

Latest videos

See all videos
Mar 29, 2023
Secure Code Game
Are you passionate about software? We have something for you: Secure Code Game!
Mar 21, 2023
🎉 Write safer code with new vulnerability prevention features in GitHub Copilot 🔒 ✅
GitHub Copilot for Security! You can use it to write safer code.
Dec 8, 2022
Copilot for CodeQL queries to find security bugs!
CoPilot for CodeQL queries to find security bugs!