At GitHub, we believe that investing in the security of your codebase should be accessible for organizations of all sizes.
Starting today, GitHub Team plan customers can purchase GitHub Secret Protection and GitHub Code Security without upgrading your organization to GitHub Enterprise. This makes it easier to secure your codebase with GitHub Advanced Security products.
GitHub Secret Protection
GitHub Team organizations can purchase GitHub Secret Protection, which detects and prevents secret leaks (e.g. secret scanning, AI-detected passwords, and push protection for secrets).
Secret Protection will be available for $19 per month per active committer, with features including:
- Push protection, to prevent secret leaks before they happen.
- AI detection with a low rate of false positives, so you can focus on what matters.
- Secret scanning alerts with notifications, to help you catch exposures before they become a problem.
- Custom patterns for secrets, so you can search for sensitive, organization-specific information.
- Security overview, which provides insight into distribution of risk across your organization.
- Push protection and alert dismissal enforcement for secrets, which supports governance at enterprise scale.
In addition, we’re launching a new scanning feature to help organizations understand their secret leak footprint across their GitHub perimeter. This feature is free for GitHub Team organizations.
GitHub Code Security
GitHub Team organizations will also be able to purchase Code Security, which detects and fixes vulnerabilities in your code before it reaches production.
Code Security will be available for $30 per month per active committer, with features including:
- Copilot Autofix for vulnerabilities in existing code and pull requests to provide developer-first security management.
- Security campaigns to address security debt at scale.
- Dependabot features for protection against dependency-based vulnerabilities.
- Security overview, which provides insight into the distribution of risk across your organization.
- Security findings for third-party tools.
Get Started
To get started, admins can navigate to Advanced Security under their organization or repository settings. From this page, you can choose to enable and purchase Secret Protection or Code Security features.
For example, from your organization settings, you can navigate to Security / Advanced Security / Configurations in order to create a new configuration with Secret Protection features enabled. Learn more about enabling GitHub Advanced Security.
In addition, admins can enable Secret Protection features in one click from their organization’s Security tab. Once the secret risk assessment has been run for your organization, you’ll be able to enable Secret Protection in one click from the system banner.
Learn more about Secret Protection and Code Security, or share feedback by joining the discussion in GitHub Community.