Security practices at GitHub
We take every step possible to ensure each release is secure before we :shipit: from a dedicated application security team to an ever-evolving list of best practices.
Stop it before it starts
We perform architecture and code review and use automated static analysis tools to prevent vulnerabilities from being introduced. Plus, we subscribe to OS, software, and service provider security feeds and review vulnerability notices within 24 hours.
Changes to the GitHub codebase are automatically scanned for common developer mistakes, including the introduction of SQL injections, XSS, CSRF and mass assignment vulnerabilities.
Help from the outside
GitHub partners with security vendors to provide point-in-time security assessments and engages the community through a Bug Bounty Program where researchers are rewarded for responsibly disclosing any vulnerabilities they come across.
GitHub’s dedicated product security team consistently adds new security features and hardens existing features to make GitHub Enterprise more robust against attacks.
Get started with GitHub Enterprise
Per user / month
Advanced collaboration and
management tools for teams
- Unlimited public repositories
- Unlimited private repositories
- Team access controls
- User management and billing
- Issues and bug tracking
- Project management
- Advanced tools and insights
Starts at $25 / month and includes your first 5 users
Free to academic faculty for teaching or non-profit researchChoose Team
Security, compliance, and deployment controls for organizations
- Self-hosted or cloud-hosted
- SAML single sign-on
- Access provisioning
- Simplified account administration
- Unified search and contributions
- Priority support
- 99.95% uptime SLA for Enterprise Cloud
- Invoice billing
- Advanced auditing
Free for educational institutions participating in the GitHub Education program