Listen to this Post
GitHub is making significant changes to its pricing and availability of GitHub Advanced Security (GHAS) to enhance security for codebases. These updates aim to make it easier and more cost-effective for organizations to secure their code, regardless of size. Starting April 1, 2025, GitHub will offer two new standalone security products — GitHub Secret Protection and GitHub Code Security — both of which will now be available to GitHub Team plan customers.
GitHub’s New Security Offerings
GitHub is introducing two distinct security products, GitHub Secret Protection and GitHub Code Security, to make securing code more manageable and affordable. These products, available from April 1, 2025, are designed to help developers identify and mitigate risks, from secret leaks to code vulnerabilities, before they can become significant issues.
GitHub Secret Protection
This product is aimed at preventing secret leaks in your codebase. Features of Secret Protection include:
– Push Protection: Prevents secret leaks before they occur.
– AI Detection: Detects secrets like passwords with a low false-positive rate.
– Custom Patterns: Allows users to define their own secrets.
– Security Overview: Gives an insight into potential risks across the organization.
The cost for GitHub Secret Protection is set at $19 per month for each active committer.
GitHub Code Security
GitHub Code Security aims to identify vulnerabilities in your code before it hits production. Key features include:
– Copilot Autofix: Automatically fixes vulnerabilities in code.
- Security Campaigns: Helps manage security issues at scale.
– Dependabot: Protects against dependency-based vulnerabilities.
This product is priced at $30 per month per active committer.
Accessibility to GitHub Team Plan Customers
These security products will be available to GitHub Team plan users for the first time, and they will be offered on a consumption-based, pay-as-you-go model to ensure affordability for all customers. Additionally, GitHub is launching a new scanning feature to help organizations assess their secret leak footprint, available for free to GitHub Team and Enterprise customers.
Starting April 1, 2025, customers with GitHub Team plans can easily purchase Secret Protection and Code Security from their organization settings. Existing customers can transition to these new plans upon renewal or through guidance from their account manager.
What Undercode Says:
GitHub’s announcement represents a strategic shift in how developers can approach securing their codebases. By introducing GitHub Secret Protection and GitHub Code Security as standalone products, GitHub is simplifying security offerings. This move allows organizations to pay only for the features they need, which is a significant improvement in terms of cost-effectiveness and flexibility. Previously, advanced security features were bundled together, which might not have been ideal for smaller organizations or those needing specific security functions.
These changes demonstrate GitHub’s understanding of the evolving needs of modern development teams, which must balance speed and security. Many developers struggle with secret management and vulnerability detection, and by providing these tools at an affordable price, GitHub is making it easier for teams to integrate security into their workflow seamlessly. For example, with GitHub Secret Protection, developers can now prevent secret leaks before they even occur — a proactive approach that saves time and effort compared to reactive solutions. The inclusion of AI-driven detection further minimizes the burden on developers by filtering out false positives, ensuring they focus only on critical issues.
Additionally, GitHub Code Security offers features that are deeply integrated with existing GitHub tools, such as Copilot Autofix and Dependabot. These integrations will significantly reduce the friction in securing code, which could otherwise slow down development. By providing these tools for $30 per month per active committer, GitHub is making high-level security features accessible even for smaller organizations that might have been previously priced out of similar offerings.
Moreover, the transition to a consumption-based billing model allows teams to scale their usage as needed without being locked into expensive, all-or-nothing packages. This flexibility will appeal to businesses of all sizes, particularly those with fluctuating team sizes or varying project demands.
GitHub’s decision to include these security features in the Team plan is also noteworthy. Previously, only Enterprise customers had access to advanced security tools, but now, GitHub is democratizing access to these essential features. This change will likely benefit smaller teams or startups, which may not have the resources to purchase Enterprise plans but still need robust security for their codebases.
By adding scanning tools that help users track the risk of secret leaks across their GitHub repositories, GitHub provides an additional layer of visibility. This move signals an increasing emphasis on security at every level of the development process, not just when code is being deployed to production.
Finally, GitHub’s long-term strategy seems to be focused on empowering developers to take ownership of security in their workflows. By offering straightforward tools that fit seamlessly into the development lifecycle, GitHub encourages teams to take proactive measures to secure their code, ultimately leading to fewer vulnerabilities and a stronger overall security posture.
Fact Checker Results:
- The announcement aligns with GitHub’s commitment to making advanced security features accessible and affordable for all users.
- The new standalone security products provide clear value, particularly for organizations that need targeted security solutions without a hefty price tag.
- The of a consumption-based pricing model should allow businesses to better control their costs as they scale their security needs.
References:
Reported By: https://github.blog/changelog/2025-03-05-delegated-alert-dismissal-for-code-scanning-and-secret-scanning-now-available-in-public-preview
Extra Source Hub:
https://www.discord.com
Wikipedia: https://www.wikipedia.org
Undercode AI
Image Source:
OpenAI: https://craiyon.com
Undercode AI DI v2
