security_advisories:
  title: Fix and disclose a security vulnerability
  description: >-
    Using repository security advisories to privately fix a reported
    vulnerability and get a CVE.
  featured_track: '{% ifversion fpt or ghec %}true{% else %}false{% endif %}'
  guides:
    - >-
      /code-security/security-advisories/guidance-on-reporting-and-writing/about-coordinated-disclosure-of-security-vulnerabilities
    - >-
      /code-security/security-advisories/global-security-advisories/about-the-github-advisory-database
    - >-
      /code-security/security-advisories/global-security-advisories/about-global-security-advisories
    - >-
      /code-security/security-advisories/repository-security-advisories/about-repository-security-advisories
    - >-
      /code-security/security-advisories/guidance-on-reporting-and-writing/best-practices-for-writing-repository-security-advisories
    - >-
      /code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability
    - >-
      /code-security/security-advisories/guidance-on-reporting-and-writing/managing-privately-reported-security-vulnerabilities
    - >-
      /code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository
    - >-
      /code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization
    - >-
      /code-security/security-advisories/repository-security-advisories/creating-a-repository-security-advisory
    - >-
      /code-security/security-advisories/repository-security-advisories/adding-a-collaborator-to-a-repository-security-advisory
    - >-
      /code-security/security-advisories/repository-security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-repository-security-vulnerability
    - >-
      /code-security/security-advisories/repository-security-advisories/publishing-a-repository-security-advisory
    - >-
      /code-security/security-advisories/repository-security-advisories/editing-a-repository-security-advisory
    - >-
      /code-security/security-advisories/repository-security-advisories/withdrawing-a-repository-security-advisory
    - >-
      /code-security/security-advisories/repository-security-advisories/removing-a-collaborator-from-a-repository-security-advisory
dependabot_alerts:
  title: Get notifications for insecure dependencies
  description: >-
    Set up Dependabot to alert you to new vulnerabilities{% ifversion
    GH-advisory-db-supports-malware %} or malware{% endif %} in your
    dependencies.
  guides:
    - /code-security/dependabot/dependabot-alerts/about-dependabot-alerts
    - >-
      {% ifversion fpt or ghec or ghes
      %}/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository{%
      endif %}
    - >-
      /code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts
    - >-
      /code-security/dependabot/dependabot-alerts/using-alert-rules-to-prioritize-dependabot-alerts
    - >-
      /code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts
    - >-
      /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates
    - >-
      /code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies
    - >-
      /code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors
dependabot_security_updates:
  title: Get pull requests to update your vulnerable dependencies
  description: >-
    Set up Dependabot to create pull requests when new vulnerabilities are
    reported.
  guides:
    - >-
      /code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates
    - >-
      /code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates
    - >-
      {% ifversion fpt or ghec or ghes
      %}/code-security/dependabot/dependabot-alerts/configuring-notifications-for-dependabot-alerts{%
      endif %}
    - >-
      {% ifversion fpt or ghec or ghes
      %}/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository{%
      endif %}
    - >-
      /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates
    - >-
      {% ifversion fpt or ghec or ghes
      %}/code-security/dependabot/working-with-dependabot/troubleshooting-the-detection-of-vulnerable-dependencies{%
      endif %}
dependency_version_updates:
  title: Keep your dependencies up-to-date
  description: >-
    Use Dependabot to check for new releases and create pull requests to update
    your dependencies.
  guides:
    - >-
      /code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates
    - >-
      /code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates
    - >-
      /code-security/dependabot/dependabot-version-updates/customizing-dependency-updates
    - >-
      /code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
    - >-
      /code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
    - >-
      /code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
    - >-
      /code-security/dependabot/dependabot-version-updates/listing-dependencies-configured-for-version-updates
    - >-
      /code-security/dependabot/working-with-dependabot/configuring-access-to-private-registries-for-dependabot
    - >-
      /code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates
    - >-
      /code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors
secret_scanning:
  title: Scan for secrets
  description: >-
    Set up secret scanning to guard against accidental check-ins of tokens,
    passwords, and other secrets to your repository.
  guides:
    - /code-security/secret-scanning/about-secret-scanning
    - >-
      /code-security/secret-scanning/configuring-secret-scanning-for-your-repositories
    - >-
      {% ifversion not fpt
      %}/code-security/secret-scanning/defining-custom-patterns-for-secret-scanning{%
      endif %}
    - /code-security/secret-scanning/managing-alerts-from-secret-scanning
    - /code-security/secret-scanning/secret-scanning-patterns
    - >-
      {% ifversion secret-scanning-push-protection
      %}/code-security/secret-scanning/protecting-pushes-with-secret-scanning{%
      endif %}
    - >-
      {% ifversion secret-scanning-push-protection
      %}/code-security/secret-scanning/pushing-a-branch-blocked-by-push-protection{%
      endif %}
    - /code-security/secret-scanning/troubleshooting-secret-scanning
security_alerts:
  title: Explore and manage security alerts
  description: Learn where to find and resolve security alerts.
  guides:
    - >-
      {% ifversion ghec or ghes
      %}/code-security/security-overview/about-security-overview {% endif %}
    - >-
      {% ifversion ghec or ghes
      %}/code-security/security-overview/assessing-adoption-code-security {% endif
      %}
    - >-
      {% ifversion ghec or ghes
      %}/code-security/security-overview/assessing-code-security-risk {% endif
      %}
    - >-
      {% ifversion ghec or ghes
      %}/code-security/secret-scanning/managing-alerts-from-secret-scanning {%
      endif %}
    - >-
      {% ifversion ghec or ghes
      %}/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/managing-code-scanning-alerts-for-your-repository{%
      endif %}
    - >-
      {% ifversion ghec or ghes
      %}/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/triaging-code-scanning-alerts-in-pull-requests{%
      endif %}
    - >-
      {% ifversion ghec or ghes
      %}/code-security/dependabot/dependabot-alerts/viewing-and-updating-dependabot-alerts{%
      endif %}
    - >-
      {% ifversion ghec or ghes
      %}/code-security/getting-started/auditing-security-alerts {% endif %}
code_security_actions:
  title: Run code scanning with GitHub Actions
  description: >-
    Check your default branch and every pull request to keep vulnerabilities and
    errors out of your repository.
  featured_track: '{% ifversion ghae or ghes %}true{% else %}false{% endif %}'
  guides:
    - >-
      /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning
    - >-
      /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository
    - >-
      /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning
    - >-
      /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages
    - >-
      /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/running-codeql-code-scanning-in-a-container
    - >-
      /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/troubleshooting-the-codeql-workflow
    - >-
      /code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page
code_security_integration:
  title: Integrate with code scanning
  description: Upload code analysis results from third-party systems to GitHub using SARIF.
  guides:
    - >-
      /code-security/code-scanning/integrating-with-code-scanning/about-integration-with-code-scanning
    - >-
      /code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github
    - >-
      /code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning
    - /rest/code-scanning
code_security_ci:
  title: Run CodeQL code scanning in your CI
  description: >-
    Set up CodeQL within your existing CI and upload results to GitHub code
    scanning.
  guides:
    - >-
      /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/about-codeql-code-scanning-in-your-ci-system
    - >-
      /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/installing-codeql-cli-in-your-ci-system
    - >-
      /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-cli-in-your-ci-system
    - >-
      /code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/migrating-from-the-codeql-runner-to-codeql-cli
end_to_end_supply_chain:
  title: End-to-end supply chain
  description: >-
    How to think about securing your user accounts, your code, and your build
    process.
  guides:
    - >-
      /code-security/supply-chain-security/end-to-end-supply-chain/end-to-end-supply-chain-overview
    - >-
      /code-security/supply-chain-security/end-to-end-supply-chain/securing-accounts
    - /code-security/supply-chain-security/end-to-end-supply-chain/securing-code
    - >-
      /code-security/supply-chain-security/end-to-end-supply-chain/securing-builds