VA GitHub Handbook | Security Policies

Security policies and standards for the Department of Veterans Affairs GitHub organization, including code scanning requirements and secrets management.

Code Scanning

The VA requires code scanning for all repositories with supported languages. Learn more about:

Current Code Scanning Policy and Requirements
Understanding GitHub Advanced Security CodeQL
Configuring CodeQL for Your Repository
Managing Repository Default Branches
Requesting Code Scanning Exemptions
Exempting Service Accounts and GitHub Apps

Secrets Management

Learn how to properly handle sensitive information:

Best Practices for Managing Secrets

Return to Policies and Standards