In general overview, GitHub's security landing page exhibits security highlights from different aspects like the Platform, Products, Features, and Customers. While the page itself doesn't give much insight into GitHub security features, there are links to related pages. Three things that stand out in highlights are the mention of its Bug Bounty program, security R&D team, and internal red team. Following that section, there is a showcase of the compliance badges, including SOC 1 and SOC 2, preceding the spotlight on GitHub Security Lab bug bounty and the number of CVEs found.
Highlighted keywords: Bug bounty, GitHub Security Lab, security
GitHub has only a single dedicated page for security and compliance. The link to the page can be quickly found in the website footer.
Security Page link: github.com/security
This section outlines the key parts of the security and compliance page.
This checklist is based on the Minimum Viable Secure Product and the information on the concerning platform’s security and compliance pages.
Note that some details might be missing if the information is mentioned in a whitepaper or login-required Trust Portal and not directly on the page.