Secure software development
GitHub Enterprise is built to support your secure and compliant software development workflows. Commit signing, access management, SAML single sign-on, audit logs, and more keep your code safe throughout the entire development lifecycle, from idea to production.
Compliance
Check all the right boxes
Build secure, repeatable, and traceable processes that support your compliance needs.
Monitor actions
Audit logs capture actions like logins, password resets, two-factor authentication (2FA) requests, repository access, and browser and API data access. Plus, they’re searchable.
Verify changes
Prove who authored code or pushed a change to production with GPG or S/MIME signature verification. Developers can sign their code, providing auditable assurance a commit is from a verified source.
Automate workflows
Automate compliance workflows and verify commits against regulatory checks before they’re accepted, disable force pushes to specific branches, and require status checks on protected branches.
Read more about GPG signature verification and protected branches.
Controls
Create essential controls
Enforce policies and permissions to keep your business safe without compromising on collaboration.
Permissions and controls
Create granular administrative and user roles to control access and maintain the security principle of least privilege.
GitHub Enterprise supports organizations as logical containers for business units, and repositories and teams help further segment and manage access.
Read the documentation →
Authentication
GitHub Enterprise allows you to use its built-in authentication or provision and manage users on your terms by connecting existing external authentication systems.
- External SAML identity provider for Enterprise Cloud and compatible authentication services, including LDAP or CAS, for Enterprise Server.
- Username/password or PKI based authentication support with optional two-factor authentication.
- OAuth and Personal Access Tokens for API and external service authentication.
Protection
Security practices at GitHub
We take every step possible to ensure each release is secure before we :shipit: from a dedicated application security team to an ever-evolving list of best practices.
Stop it before it starts
We perform architecture and code review and use automated static analysis tools to prevent vulnerabilities from being introduced. Plus, we subscribe to OS, software, and service provider security feeds and review vulnerability notices within 24 hours.
Automatic protections
Changes to the GitHub codebase are automatically scanned for common developer mistakes, including the introduction of SQL injections, XSS, CSRF and mass assignment vulnerabilities.
Help from the outside
GitHub partners with security vendors to provide point-in-time security assessments and engages the community through a Bug Bounty Program where researchers are rewarded for responsibly disclosing any vulnerabilities they come across.
Proactive investment
GitHub’s dedicated product security team consistently adds new security features and hardens existing features to make GitHub Enterprise more robust against attacks.
Get started with GitHub Enterprise
Team
Advanced collaboration and support for teams
Unlimited public/private repositories- Required reviewers
- 3,000 Actions minutes/month Free for public repositories
- 2GB of GitHub Packages storage Free for public repositories
- Code owners
$4 per user/month
Continue with TeamEnterprise
Security, compliance, and flexible deployment for enterprises
- ←Everything included in Team
- SAML single sign-on
- 50,000 Actions minutes/month Free for public repositories
- 50GB of GitHub Packages storage Free for public repositories
- Advanced auditing
$21 per user/month
Contact Sales
