GitHub to unbundle Advanced Security

GitHub announced plans to unbundle its GitHub Advanced Security (GHAS) product, breaking it up into two standalone products: GitHub Secret Protection and GitHub Code Security. The unbundling is set to happen on April 1.

GitHub Secret Protection will detect and prevent secret leaks before they happen, using push protection, secret scanning, AI-powered detection, security insights, and other capabilities. GitHub Code Security, meanwhile, will help developers identify and remediate vulnerabilities faster with code scanning, Copilot autofix, security campaigns, dependency review action, and more, according to GitHub.

Announced March 4, the unbundling is intended to make GitHub’s security offering easier to access and more cost-effective. Currently, GitHub Advanced Security provides private repositories with capabilities to scan for security vulnerabilities and secrets. The new product plan will not require a GitHub Enterprise subscription. Expanded access to the security platform allows organizations of all sizes to get enterprise-grade security features as they build and offer code, GitHub said.

In addition to unbundling Advanced Security, GitHub is launching a free secret risk assessment for users to understand secret leak exposure across GitHub. This service will also be available on April 1 in the Security tab.

More GitHub news and insights:

• GitHub’s AI billing shift signals the end of free enterprise tools era
• What GitHub can tell us about the future of open source
• AI is powering enterprise development, GitHub says