Secure software development
GitHub Enterprise is built to support your secure and compliant software development workflows. Commit signing, access management, SAML single sign-on, audit logs, and more keep your code safe throughout the entire development lifecycle, from idea to production.
Compliance
Check all the right boxes
Build secure, repeatable, and traceable processes that support your compliance needs.
Monitor actions
Audit logs capture actions like logins, password resets, two-factor authentication (2FA) requests, repository access, and browser and API data access. Plus, they’re searchable.
Verify changes
Prove who authored code or pushed a change to production with GPG or S/MIME signature verification. Developers can sign their code, providing auditable assurance a commit is from a verified source.
Automate workflows
Automate compliance workflows and verify commits against regulatory checks before they’re accepted, disable force pushes to specific branches, and require status checks on protected branches.
Read more about GPG signature verification and protected branches.
Controls
Create essential controls
Enforce policies and permissions to keep your business safe without compromising on collaboration.
Permissions and controls
Create granular administrative and user roles to control access and maintain the security principle of least privilege.
GitHub Enterprise supports organizations as logical containers for business units, and repositories and teams help further segment and manage access.
Read the documentation →
Authentication
GitHub Enterprise allows you to use its built-in authentication or provision and manage users on your terms by connecting existing external authentication systems.
- External SAML identity provider for Enterprise Cloud and compatible authentication services, including LDAP or CAS, for Enterprise Server.
- Username/password or PKI based authentication support with optional two-factor authentication.
- OAuth and Personal Access Tokens for API and external service authentication.
Protection
Security practices at GitHub
We take every step possible to ensure each release is secure before we :shipit: from a dedicated application security team to an ever-evolving list of best practices.
Stop it before it starts
We perform architecture and code review and use automated static analysis tools to prevent vulnerabilities from being introduced. Plus, we subscribe to OS, software, and service provider security feeds and review vulnerability notices within 24 hours.
Automatic protections
Changes to the GitHub codebase are automatically scanned for common developer mistakes, including the introduction of SQL injections, XSS, CSRF and mass assignment vulnerabilities.
Help from the outside
GitHub partners with security vendors to provide point-in-time security assessments and engages the community through a Bug Bounty Program where researchers are rewarded for responsibly disclosing any vulnerabilities they come across.
Proactive investment
GitHub’s dedicated product security team consistently adds new security features and hardens existing features to make GitHub Enterprise more robust against attacks.
Get started with GitHub Enterprise
Team
$9
Per user / month
Advanced collaboration and
management tools for teams
Unlimited public repositories- Unlimited private repositories
Team access controls- User management and billing
- Issues and bug tracking
- Project management
- Advanced tools and insights
Starts at $25 / month and includes your first 5 users
Free to academic faculty for teaching or non-profit research
Choose Team←Everything included in Team
- Self-hosted or cloud-hosted
- SAML single sign-on
- Access provisioning
- Simplified account administration
- Unified search and contributions
- Priority support
- 99.95% uptime SLA for Enterprise Cloud
- Invoice billing
- Advanced auditing
Questions?
Free for educational institutions participating in the GitHub Education program
