About GitHub Advanced Security - GitHub Docs (original) (raw)

GitHub makes extra security features available to customers who purchase GitHub Code Security or GitHub Secret Protection. Some features are enabled for public repositories by default.

Who can use this feature?

GitHub Code Security and GitHub Secret Protection are available for accounts on GitHub Team and GitHub Enterprise Cloud.

Some features are also available for free for public repositories on GitHub.com. For more information, see GitHub’s plans.

For information about GitHub Advanced Security for Azure DevOps, see Configure GitHub Advanced Security for Azure DevOps in Microsoft Learn.

About GitHub Advanced Security products

GitHub has many features that help you improve and maintain the quality of your code. Some of these are included in all plans, such as dependency graph and Dependabot alerts.

Other security features require you to purchase one of GitHub's Advanced Security products:

Some of these features, such as code scanning and secret scanning, are enabled for public repositories by default. To run the feature on your private or internal repositories, you must purchase the relevant GitHub Advanced Security product.

You must be on a GitHub Team or GitHub Enterprise plan in order to purchase GitHub Code Security or GitHub Secret Protection. For more information, see GitHub’s plans and About billing for GitHub Advanced Security.

GitHub Code Security

You get the following features with GitHub Code Security:

The table below summarizes the availability of GitHub Code Security features for public and private repositories.

For more information about features, see GitHub security features.

GitHub Secret Protection

You get the following features with GitHub Secret Protection:

The table below summarizes the availability of GitHub Secret Protection features for public and private repositories.

For more information about individual features, see GitHub security features.

Run an assessment of your organization's exposure to secret leaks

Organizations on GitHub Team and GitHub Enterprise can run a free report to scan the code in the organization for leaked secrets. This can help you understand the current exposure of repositories in your organization to leaked secrets, as well as help you see how many existing secret leaks could have been prevented by GitHub Secret Protection. See About the secret risk assessment.

Deploying GitHub Code Security and GitHub Secret Protection

To learn about what you need to know to plan your deployment of GitHub Code Security and GitHub Secret Protection at a high level and to review the rollout phases we recommended, see Adopting GitHub Advanced Security at scale.

Enabling features

You can quickly enable security features at scale with the GitHub-recommended security configuration, a collection of security enablement settings you can apply to repositories in an organization. You can then further customize Advanced Security features at the organization level with global settings. See About enabling security features at scale.

If you are on a GitHub Team or GitHub Enterprise plan, license use for the entire team or enterprise is shown on your license page. See Viewing and downloading licensed use of Advanced Security.

About GitHub Advanced Security Certification

You can highlight your knowledge by earning a GitHub Advanced Security certificate with GitHub Certifications. The certification validates your expertise in vulnerability identification, workflow security, and robust security implementation. See About GitHub Certifications.

About GitHub Advanced Security with Azure Repos

If you want to use GitHub Advanced Security with Azure Repos, see GitHub Advanced Security & Azure DevOps in our resources site. For documentation, see Configure GitHub Advanced Security for Azure DevOps in Microsoft Learn.

Further reading