The perfect pair for complete protection
Get the best of both worlds: prevent secret leaks and fix vulnerabilities.
Add-on
GitHub Secret Protection
For teams and organizations serious about stopping secret leaks.$19USD
per active committer/monthTeam or Enterprise plan required
Add-on
GitHub Code Security
For teams and organizations committed to fixing vulnerabilities before production.$30USD
per active committer/monthTeam or Enterprise plan required
GitHub Secret Protection | Free | Team | Enterprise |
|---|---|---|---|
Prevent secret exposures by proactively blocking secrets before they reach your code. | Public repositories | Included | Included |
Detect and manage exposed secrets across git history, pull requests, issues, and wikis. | Public repositories | Included | Included |
GitHub collaborates with AWS, Azure, and Google Cloud to detect secrets with high accuracy. This minimizes false positives, letting you focus on what matters. | Public repositories | Included | Included |
Providers get real-time alerts when their tokens appear in public code, enabling them to notify, quarantine, or revoke secrets. | Public repositories | Public repositories | Public repositories |
Prioritize active secrets with validity checks for provider patterns. | Not included | Included | Included |
Use AI to detect unstructured like passwords—without the noise. | Not included | Included | Included |
Detect tokens from unknown providers, including HTTP authentication headers, connection strings, and private keys. | Not included | Included | Included |
Create your own patterns and find organization-specific secrets. | Not included | Included | Included |
Manage who can bypass push protection and when. | Not included | Included | Included |
Understand how risk is distributed across your organization with security metrics and insight dashboards. | Not included | Included | Included |
Review how and when GitHub scans your repositories for secrets. | Not included | Included | Included |
GitHub Code Security | Free | Team | Enterprise |
|---|---|---|---|
Powered by GitHub Copilot, generate automatic fixes for 90% of alert types in JavaScript, Typescript, Java, and Python. | Public repositories | Included | Included |
Centralize your findings across all your scanning tools via SARIF upload to GitHub. | Public repositories | Included | Included |
Quickly remediate with context provided by Copilot Autofix. | Public repositories | Included | Included |
Uncover vulnerabilities in your code with our industry-leading semantic code analysis. | Public repositories | Included | Included |
Reduce security debt and burn down your security backlog with security campaigns. | Not included | Included | Included |
Get a clear view of your project’s dependencies with a summary of manifest, lock files, and submitted dependencies via the API. | Included | Included | Included |
Catch insecure dependencies before adding them and get insights on licenses, dependents, and age. | Not included | Included | Included |
Define alert-centric policies to control how Dependabot handles alerts and pull requests. | Not included | Included | Included |
Automated pull requests that batch dependency updates for known vulnerabilities. | Included | Included | Included |
Automated pull requests that keep your dependencies up to date. | Included | Included | Included |
Get a clear view of risk distribution with security metrics and dashboards. | Not included | Included | Included |
Securing your code, end to end
GitHub safeguards user accounts, branches, tags, and pushes, and supports SBOMs and artifact attestations for SLSA L3 builds.