GitHub unveils new security products for all developers

Yesterday

GitHub has announced changes to its Advanced Security suite, making it more accessible and flexible for developers and teams of various sizes.

The company will unbundle GitHub Advanced Security (GHAS) into two distinct security products, Secret Protection and Code Security, from April 2025. This will allow Teams customers to purchase these security products without needing an enterprise license.

Secret Protection is designed to detect and prevent secret leaks preemptively, using measures such as push protection, secret scanning, and AI-powered detection. In the previous year alone, over 39 million secrets were detected on GitHub repositories. Secret Protection will be available at a price of USD $19 per month for each active committer.

The Code Security product aims to swiftly identify and remediate vulnerabilities through features like code scanning, Copilot Autofix, and Dependency Review Action. Its price is set at USD $30 per month per active committer.

A significant aspect of this update is the availability of these security solutions to GitHub Team plan customers, without the prerequisite of a GitHub Enterprise subscription. This initiative is intended to allow a broader range of organisations to adopt high-level security features as they develop and deliver code.

Katie Norton, Research Manager of DevSecOps and Software Supply Chain Security at IDC, commented on the strategic shift: "Historically, GitHub has taken an integrated approach to application security, embedding security features such as code scanning, Copilot Autofix, secret scanning, and dependency management within GitHub Advanced Security. With the introduction of Secret Protection and Code Security as separate products with a flexible pricing model, GitHub is broadening access to security tools designed for enterprise use in complex, large-scale development environments. With this change, organisations of all sizes have expanded choice in implementing protections against leaked secrets and vulnerable code, two prevalent risks in application security today."

Moreover, a new free secret risk assessment tool will be launched to help organisations understand their secret leak exposure. Scheduled to be available in April 2025, this tool will provide teams with a comprehensive view of potential secret exposure risks, promoting proactive security measures.

GitHub also shared insights into the technical endeavors behind building the Copilot Secret Scanning feature, which became generally available in October 2022. This feature forms a part of the new Secret Protection product and uses GitHub Copilot's capabilities to detect general passwords within codebases, reportedly achieving a 94% reduction in false positives for a sample of organisations.

These developments reflect GitHub's ongoing commitment to provide scalable and accessible security solutions for developers globally. By enabling developers to access enterprise-grade security features without large-scale commitments, GitHub is addressing feedback from customers prioritising purchasing flexibility, accessibility, and cost efficiency.

Share on: