GitHub recently unveiled plans to restructure its GitHub Advanced Security (GHAS) offering by unbundling it into two distinct products: GitHub Secret Protection and GitHub Code Security. This move, set to take effect on April 1, aims to simplify access to essential security tools while enhancing the overall value of GitHub’s security platform.
GitHub Secret Protection is designed to prevent sensitive data leaks before they occur. By employing a combination of push protection, secret scanning, AI-powered detection, and security insights, the tool helps developers secure their code from inadvertent exposure of secrets. On the other hand, GitHub Code Security focuses on accelerating vulnerability identification and remediation. With features such as code scanning, Copilot autofix, security campaigns, and dependency review action, this product provides a robust suite of tools to address security concerns across the codebase.
The unbundling of GHAS is aimed at improving accessibility and cost-efficiency. While the previous GHAS model required a GitHub Enterprise subscription for private repositories, the new approach makes it possible for a wider range of users to access enterprise-grade security tools. Organizations of all sizes can now take advantage of these enhanced security capabilities without needing to commit to a full Enterprise subscription, democratizing the advanced security features that were previously reserved for larger enterprises.
Alongside the unbundling, GitHub is also rolling out a new free service—a secret risk assessment tool. Available starting April 1, this service will enable users to evaluate the exposure of secret leaks across their GitHub repositories. By integrating this tool directly into the Security tab, GitHub is further empowering developers to proactively manage security risks in their workflows.