Skip to content

Advanced Security committer reporting and roll-out improvements

GitHub Advanced Security customers can now view their active committer count and the remaining number of unused committer seats on their organization or enterprise account’s Billing page. If Advanced Security is purchased for an enterprise, administrators can also view the active committer seats which are being used by other organizations within their enterprise.

Screenshot of Advanced Security committer counts in the Billing page

If the active committer count exceeds the number of purchased committer licences, Repository Admins will no longer be able to enable Advanced Security for additional repositories and will need to purchase new Advanced Security seats or disable Advanced Security elsewhere before being allowed to proceed.

If Advanced Security is purchased for an enterprise, Enterprise Administrators can now ensure a gradual roll-out of GitHub Advanced Security by setting which organizations can enable Advanced Security (on the Settings page). Enterprise Administrators can choose to allow repositories for all organizations, specific organizations, or no organizations to enable Advanced Security.

Screenshot of Advanced Security policy settings in the Billing page

If Advanced Security is disabled for an organization or repository, admin users will not be able to enable Advanced Security and will be informed that this is because of a policy setting for the organization.

Screenshot of Advanced Security disbaled due to a policy setting

These changes help billing administrators track their usage of Advanced Security against how many committer licences have been purchased, and enable Enterprise Administrators to manage and control the use of Advanced Security across organizations and repositories.

For more information please see documentation about GitHub Advanced Security licensing and viewing your GitHub Advanced Security usage.

This functionality is now available to GitHub Enterprise Cloud customers, and will also be part of GitHub Enterprise Server 3.1 (which is due to be released in Q2).

CodeQL now supports more libraries and frameworks for a variety of languages (C++, JavaScript, Python,Java, Go). The CodeQL engine can now detect more sources of untrusted user data, which improves the quality and depth of the code scanning alerts. The libraries and frameworks that have been added and improved are listed below.


JavaScript and TypeScript




Support for these libraries and frameworks has been deployed to These improvements will also be available in GitHub Enterprise Server 3.1, which is due to be released in Q2.
Learn more about CodeQL and code scanning.

See more