GitHub Community
📣 Exciting news for GitHub Advanced Security! #153016
Replies: 13 comments 23 replies
-
|
It's not clear if "secret risk assessment" (announced here) is free or part of Secret Protection, which from I understand is a paid add-on to Github Enterprise Security. |
Beta Was this translation helpful? Give feedback.
-
|
Good news. |
Beta Was this translation helpful? Give feedback.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
-
Beta Was this translation helpful? Give feedback.
This comment was marked as off-topic.
This comment was marked as off-topic.
-
|
Where can I enable the Secret Protection for my organization with Team licence ? |
Beta Was this translation helpful? Give feedback.
-
|
👋 we're rolling out in batches over the next 24 hours. You'll be able to enable Secret Protection and Code Security features from both organization and repository settings. If you only want Secret Protection, you'll also be able to enable and/or purchase after running a secret risk assessment (point-in-time scan) for your organization, which can be accessed from a new "Security" tab for your organization once available |
Beta Was this translation helpful? Give feedback.
-
|
We are not seeing this in our org on a Team license. Did the rollout get delayed or reverted? |
Beta Was this translation helpful? Give feedback.
-
|
The scan should be available to all Team/Enterprise organizations from the 'Security' tab. What's the name of your org? Happy to take a look. 🙂 Feel free to email me at [email protected] if you don't want to share here. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks I just sent you an email with some screenshots and the org name |
Beta Was this translation helpful? Give feedback.
This comment was marked as off-topic.
This comment was marked as off-topic.
-
|
My understanding is that if I'd like to enable Code Security features for my organization, since we have a Teams subscription, this would be an add-on, but if I upgraded to an Enterprise account, would the Code Security still be an add-on or would it be included in the subscription? |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the clarification! |
Beta Was this translation helpful? Give feedback.
-
|
Ha |
Beta Was this translation helpful? Give feedback.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
-
|
Jumping in here — I recently looked into this too. From what I understand, GitHub Advanced Security (GHAS) is technically an add-on across both Team and Enterprise plans, but Enterprise accounts often get more flexibility in how it's packaged depending on the agreement. Also worth noting — even if you're on a Team plan, the ability to purchase specific features like Secret Protection separately is a great option. That level of modularity wasn’t always possible before, so it’s nice to see GitHub offering it. Would be curious if anyone’s had hands-on experience with the new scanning dashboard — looks like a solid step forward for visibility. |
Beta Was this translation helpful? Give feedback.
-
|
Hello, I try the enterprise GHAS trial and had now purchased the Secret Protection license. It seems like the dashboard are the same with only limited features |
Beta Was this translation helpful? Give feedback.
-
|
Yeah, the dashboard layout stays pretty much the same after the switch, but with Secret Protection you should have access to more focused features like push protection and advanced secret scanning. Some of the enterprise-level stuff might still be limited depending on your plan though. If anything seems off or missing, might be worth checking with GitHub support just to be sure everything’s activated properly! |
Beta Was this translation helpful? Give feedback.
-
|
@erinhav the free scan has a bug where it will incorrectly charges your organization for GitHub Advanced Security Secret Scanning even if you haven't upgraded to that product. I opened a support ticket (#3361376) with the details. |
Beta Was this translation helpful? Give feedback.
-
|
Hello, |
Beta Was this translation helpful? Give feedback.
-
|
Yes |
Beta Was this translation helpful? Give feedback.
-
|
Pricing is a huge ask for a small-medium buisness... |
Beta Was this translation helpful? Give feedback.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as spam.
This comment was marked as spam.
and others
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Three exciting new ships! Starting today:
Read more below 🚀
GitHub is committed to empowering the developer community by helping organizations recognize and address the risks of secret leaks. That's why we're launching a new free tool which will help provide clear insights into your organization's exposure, along with actionable steps to strengthen your security and protect your code.
Starting today, you can scan your organization for aggregate insights on public leaks, private exposures, and token types.
What will this dashboard include?
Available in the Security tab, organization and security admins will be able to run a scan to understand how their organization is affected by secret leaks and exposures. Once a scan is initiated, GitHub will look for secret leaks and exposures across your organization, returning a collection of insights including:
Once enabled, GitHub will run a point-in-time scan across all public, private, internal, and archived repositories in your organization. Results are static and will not be automatically updated. You'll also be able to download results as a CSV file.
For organizations ready to adopt a continuous monitoring tool, we recommend enabling secret scanning for detection and incident management of specific secrets. Learn more about GitHub Secret Protection. Learn more about it in the changelog.
Also starting today, GitHub Team plan customers can purchase GitHub Secret Protection and GitHub Code Security without upgrading your organization to GitHub Enterprise. This makes it easier to secure your codebase with GitHub Advanced Security products.
GitHub Secret Protection
GitHub Team organizations can purchase GitHub Secret Protection, which detects and prevents secret leaks (e.g. secret scanning, AI-detected passwords, and push protection for secrets).
Read more about it in the changelog.
And finally, we're rolling out standalone GitHub Advanced Security products for GitHub Enterprise customers. This aligns with our ongoing mission to help organizations of all sizes secure their code with the flexibility they seek.
Getting started as an existing GitHub Advanced Security customer
Existing GitHub Advanced Security customers with plans subscription-based plans can choose to transition at renewal. Customers with pay-as-you-go, metered-based plans can transition at any time. Please reach out to your GitHub or Microsoft sales account team for details.
Learn more about enabling GitHub Advanced Security for your enterprise. In addition, Enterprise customers are welcome to reach out to their existing account team or request a demo from someone at GitHub.
Beta Was this translation helpful? Give feedback.
All reactions