Evolving GitHub Advanced Security: Greater flexibility, easier to access
March 4, 2025 // 2 min read
Security is at the heart of everything we do at GitHub, and our mission is to make it seamless, scalable, and accessible to all developers.
We’re evolving GitHub Advanced Security to offer greater flexibility and accessibility for organizations of all sizes.
Starting April 1, 2025, GitHub Advanced Security (GHAS) will be unbundled and available as two standalone security products:
- GitHub Secret Protection: Detects and prevents secret leaks before they happen using push protection, secret scanning, AI-powered detection with low false positive rate, security insights, and more. Available at $19/month per active committer.
- GitHub Code Security: Helps identify and remediate vulnerabilities faster with code scanning, Copilot Autofix, security campaigns, Dependency Review Action, and more. Available at $30/month per active committer.
In addition, GitHub Team plan customers can purchase these security products without requiring a GitHub Enterprise subscription. This expanded access allows organizations of all sizes to adopt enterprise-grade security features as they build and ship code.
Contact sales for help evaluating your security needs/options. If you’d like more technical information, check out the GitHub changelog.
Why this matters
Our customers have told us that they value purchasing flexibility, accessibility, and cost efficiency when securing their code. We’re responding to that feedback by making GitHub’s security solutions:
- More flexible – Development teams can now adopt Secret Protection or Code Security independently, scaling security as needed without committing to a bundled solution.
- More accessible – GitHub Team plan customers can adopt enterprise-grade security, lowering the barrier to adoption.
- More cost-effective – Metered billing offers no long-term commitment, allowing teams to pay for security as needed without being locked into multi-year contracts.
“Historically, GitHub has taken an integrated approach to application security, embedding security features such as code scanning, Copilot Autofix, secret scanning, and dependency management within GitHub Advanced Security," says Katie Norton, research manager of DevSecOps and software supply chain security at IDC. "With the introduction of Secret Protection and Code Security as separate products with a flexible pricing model, GitHub is broadening access to security tools designed for enterprise use in complex, large-scale development environments. With this change, organizations of all sizes have expanded choice in implementing protections against leaked secrets and vulnerable code, two prevalent risks in application security today.”
Introducing the secret risk assessment
To help organizations understand their secret leak exposure across GitHub, we’re launching a free secret risk assessment. Available on April 1 in the Security tab, this tool gives admins and developers a clear view of where secrets are exposed across their organization, helping them take proactive steps to secure their environments.
Check out the GitHub changelog to learn more.
What’s next?
Security is ever evolving, and so should the solutions teams rely on. With GitHub Secret Protection and GitHub Code Security, organizations of all sizes now have the flexibility to choose the security capabilities that best fit their needs, enabling developers to build secure, high-quality code by default on GitHub.
Published via GitHub Executive Insights
Tags