Incident Response

Incidents happen.
We plan for when they do.

Despite everyone’s best efforts, security incidents are inevitable in an increasingly connected world.

Trust and privacy - two people build a castle together

Our commitment

Your security
is important to us

GitHub is committed not only to its own security but that of its users and customers. We continue to maintain a culture of transparency and openness and this extends to our security incident reporting philosophy. Should a serious security incident occur, GitHub will:

  • Mobilize all appropriate internal and external resources, under the coordination of GitHub’s SIRT, to rapidly resolve the incident.
  • If the incident represents a risk to external users or customers, GitHub is committed to communicating that risk, along with an incident summary, to all affected parties as quickly and comprehensively as possible.

Account safety

How you can help

As we explain in our Terms of Service, we do our best to make sure GitHub stays secure. Here are a few things you can do to keep your account safe—and protect the work of other developers and teams in the GitHub community.

  • Moderate all content posted and activity that occurs under your account.
  • Maintain control over your organization and moderating content as necessary—if you are an organization owner or a repository administrator.
  • Keep your GitHub password safe.
  • Notify GitHub if you notice any unauthorized use of or access to our platform through your account, including any unauthorized use of your password.

Have something to report?

Report a security event or vulnerability
to the GitHub Team

Report an incident to GitHub Support

Please notify GitHub support to report a security event, like unauthorized account usage or a suspected data breach.

Report a vulnerability

To report a security vulnerability related to GitHub.com or find out more about responsible disclosure, please visit our Bug Bounty site.

Request data or logs

Need to make a formal legal request associated with GitHub user data or logs? Check out our Guidelines for Legal Requests of User Data.

Remove sensitive data

Need sensitive data removed from a public GitHub profile or repository? See our GitHub Sensitive Data Removal Policy.