This version of GitHub Enterprise Server will be discontinued on 2026-08-25. Discontinued releases are not supported. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features in GitHub Enterprise Server, see Overview of the upgrade process. For help with the upgrade, GitHub Enterprise Support.

Security in GitHub Actions

Learn about security as a concept in GitHub Actions.

Secrets

Learn about secrets as they are used in GitHub Actions workflows.

GITHUB_TOKEN

Learn what GITHUB_TOKEN is, how it works, and why it matters for secure automation in GitHub Actions workflows.

OpenID Connect

OpenID Connect allows your workflows to exchange short-lived tokens directly from your cloud provider.

Script injections

Understand the security risks associated with script injections and GitHub Actions workflows.

Compromised runners

Understand the security risks associated with compromised GitHub Actions runners.