GitHub Secret Protection and GitHub Code Security for GitHub Enterprise

Secret Protection and Code Security here for GitHub Enterprise

At GitHub, we believe that investing in the security of your codebases should be straightforward, affordable, and scalable. Today, we’re rolling out standalone GitHub Advanced Security products for GitHub Enterprise customers. This aligns with our ongoing mission to help organizations of all sizes secure their code with the flexibility they seek.

Getting started as an existing GitHub Advanced Security customer

Existing GitHub Advanced Security customers with plans subscription-based plans can choose to transition at renewal. Customers with pay-as-you-go, metered-based plans can transition at any time. Please reach out to your GitHub or Microsoft sales account team for details.

Customers on subscription billing can migrate to either a standalone subscription or a standalone metered plan. For pricing details, please contact your account representatives.

How do I right-size enablement for my enterprise?

Customers transitioning before May 2025 can work with their account teams on right-sizing enablement for their enterprise across both Secret Protection and Code Security. All repositories will have both Secret Protection and Code Security enabled at the time of transition, regardless of your contractual plan.

Customers on contractual plans limited to secret scanning features will be able to optionally choose to transition with only Secret Protection enabled (and Code Security disabled) for their enterprise starting in May 2025.

When will the standalone plans be available for Enterprise Server?

Standalone SKUs will be available for Enterprise Server customers starting with GHES 3.17. To use metered billing, GitHub Connect is required.

Getting started as an existing GitHub Advanced Security self-serve customer

For existing self-serve customers, instructions on how to transition to the new GitHub Advanced Security plans will be announced over the next 30 days. You’ll receive an email notification when the new plans are available to your enterprise. Transitioning to the standalone plans will be self-serve and optional.

Getting started for new customers

Starting today, GitHub Enterprise customers without an existing GitHub Advanced Security plan can self-serve purchase both Secret Protection and Code Security. To get started, admins can navigate to Advanced Security under their enterprise, organization, or repository settings. From this page, you can choose to enable and purchase Secret Protection or Code Security features.

Learn more about enabling GitHub Advanced Security for your enterprise.

Trialing GitHub Advanced Security

You can try the new standalone SKUs before committing. Contact your account team for more details. Alternatively, you can get started with a GitHub Enterprise trial.

Talk to someone from GitHub

In addition, Enterprise customers are welcome to reach out to their existing account team or request a demo from someone at GitHub.

Learn more and share feedback

Learn more about Secret Protection and Code Security, or share feedback by joining the discussion in GitHub Community.

Find secrets exposed in your organization with the secret risk assessment

Secret risk assessment

GitHub is committed to empowering the developer community by helping organizations recognize and address the risks of secret leaks. That’s why we’re launching a new free tool which will help provide clear insights into your organization’s exposure, along with actionable steps to strengthen your security and protect your code.

Starting today, you can scan your organization for aggregate insights on public leaks, private exposures, and token types.

Find secrets in your organization

What will this dashboard include?

Available in the Security tab, organization and security admins will be able to run a scan to understand how their organization is affected by secret leaks and exposures. Once a scan is initiated, GitHub will look for secret leaks and exposures across your organization, returning a collection of insights including:

  • The number of secrets leaked per type.
  • The number of publicly visible secrets in your public repositories.
  • The number of repositories affected for each secret type.

No specific secrets will be stored or shared.

Once enabled, GitHub will run a point-in-time scan across all public, private, internal, and archived repositories in your organization. Results are static and will not be automatically updated. You’ll also be able to download results as a CSV file.

For organizations ready to adopt a continuous monitoring tool, we recommend enabling secret scanning for detection and incident management of specific secrets. Learn more about GitHub Secret Protection.

Why are we doing this?

GitHub is committed to making a meaningful impact on the developer community by helping organizations recognize their secret leak footprint across their GitHub perimeter. Our goal is to provide clear insights into organizations’ potential secret exposure and a clear path to stronger security.

Who can use this feature?

This feature will be available for free to organizations with a GitHub Team or Enterprise plan. Organization admins and security managers will be able to run the report and review any results. This feature will be available for Enterprise Server starting with GHES 3.18.

Share feedback while the feature is in public preview

This feature is available in public preview and is subject to improvement. Have feedback? Let us know what you think by joining our discussion in GitHub Community — we’re listening.

See more

GitHub Advanced Security is here for GitHub Team organizations

Here for GitHub Team plans

At GitHub, we believe that investing in the security of your codebase should be accessible for organizations of all sizes.

Starting today, GitHub Team plan customers can purchase GitHub Secret Protection and GitHub Code Security without upgrading your organization to GitHub Enterprise. This makes it easier to secure your codebase with GitHub Advanced Security products.

GitHub Secret Protection

GitHub Team organizations can purchase GitHub Secret Protection, which detects and prevents secret leaks (e.g. secret scanning, AI-detected passwords, and push protection for secrets).

Secret Protection will be available for $19 per month per active committer, with features including:

  • Push protection, to prevent secret leaks before they happen.
  • AI detection with a low rate of false positives, so you can focus on what matters.
  • Secret scanning alerts with notifications, to help you catch exposures before they become a problem.
  • Custom patterns for secrets, so you can search for sensitive, organization-specific information.
  • Security overview, which provides insight into distribution of risk across your organization.
  • Push protection and alert dismissal enforcement for secrets, which supports governance at enterprise scale.

In addition, we’re launching a new scanning feature to help organizations understand their secret leak footprint across their GitHub perimeter. This feature is free for GitHub Team organizations.

GitHub Code Security

GitHub Team organizations will also be able to purchase Code Security, which detects and fixes vulnerabilities in your code before it reaches production.

Code Security will be available for $30 per month per active committer, with features including:

  • Copilot Autofix for vulnerabilities in existing code and pull requests to provide developer-first security management.
  • Security campaigns to address security debt at scale.
  • Dependabot features for protection against dependency-based vulnerabilities.
  • Security overview, which provides insight into the distribution of risk across your organization.
  • Security findings for third-party tools.

Get Started

To get started, admins can navigate to Advanced Security under their organization or repository settings. From this page, you can choose to enable and purchase Secret Protection or Code Security features.

For example, from your organization settings, you can navigate to Security / Advanced Security / Configurations in order to create a new configuration with Secret Protection features enabled. Learn more about enabling GitHub Advanced Security.

In addition, admins can enable Secret Protection features in one click from their organization’s Security tab. Once the secret risk assessment has been run for your organization, you’ll be able to enable Secret Protection in one click from the system banner.

Purchase Secret Protection from your organization's risk assessment

Learn more about Secret Protection and Code Security, or share feedback by joining the discussion in GitHub Community.

See more
View all changes