Secure software development

Ensure compliant and secure software development workflows with GitHub Enterprise, which includes fine-grained permissions and controls and can be hosted behind your firewall.

Check all the right boxes

GitHub Enterprise is built from the ground up to enable secure and compliant software development workflows. Deploy it on your own servers or in a private cloud.

Monitor actions

Audit logs capture actions like logins, password resets, two-factor authentication (2FA) requests, repository access, and browser and API data access. Plus, they’re searchable!

Verify changes

Prove who authored code or pushed a change to production with GPG signature verification. Developers can sign their code, providing auditable assurance a commit is from a verified source.

Automate workflows

Automate compliance workflows and verify commits against regulatory checks
 before they’re accepted, disable force pushes to specific branches, and require status checks on protected branches.

Read more about GPG signature verification and protected branches.

Create essential controls

You can enforce policies and permissions to keep your business safe without compromising collaboration.

Permissions & controls

On GitHub Enterprise you can create granular user roles, such as Virtual Machine Administrator, Site Administrator, and Standard User to control access and maintain the security principle of least privilege.

It also supports using Organizations as logical containers for business units and Repositories and Teams within Organizations to further segment and manage access.


GitHub Enterprise allows you to use its built-in authentication or provision and manage users on your terms by connecting existing external authentication systems.

  • External LDAP, SAML, or CAS authentication using your Active Directory, SAML Identity Provider, or other compatible services.
  • Username/password or PKI based authentication support with optional two-factor authentication.
  • OAuth and Personal Access Tokens for API and external service authentication.

Security practices at GitHub

We take every step possible to ensure each release is secure before we :shipit: from a dedicated application security team to an ever-evolving list of best practices.

Stop it before it starts

We perform architecture and code review and use automated static analysis tools to prevent vulnerabilities from being introduced. Plus, we subscribe to OS, software, and service provider security feeds and review vulnerability notices within 24 hours.

Automatic protections

Changes to the GitHub codebase are automatically scanned for common developer mistakes, including the introduction of SQL injections, XSS, CSRF and mass assignment vulnerabilities.

Help from the outside

GitHub partners with security vendors to provide point-in-time security assessments and engages the community through a Bug Bounty Program where researchers are rewarded for responsibly disclosing any vulnerabilities they come across.

Proactive investment

GitHub’s dedicated product security team consistently adds new security features and hardens existing features to make GitHub Enterprise more robust against attacks.

Start your Enterprise trial

Explore GitHub Enterprise’s security functionality on your own terms with a 45-day free trial. Setup takes just a few minutes.

Try it for free
  • Airbnb
  • IBM
  • SAP
  • PayPal
  • Spotify
  • Bloomberg