Skip to main content
DE / EN
Cloud / Azure / Products / GitHub Advanced Security - Code Security Scanning

GitHub Advanced Security - Code Security Scanning

GitHub Advanced Security provides code scanning, secret detection, and dependency review for secure development.

devops
Get Expert Support Documentation
Pricing Model Per active committer per month
Availability GitHub Enterprise only
Data Sovereignty EU data residency available
Reliability 99.9% SLA

What is GitHub Advanced Security?

GitHub Advanced Security (GHAS) adds security scanning capabilities to GitHub repositories. It automatically analyzes code for vulnerabilities, detects secrets accidentally committed to repositories, and reviews dependencies for known security issues.

GHAS integrates directly into the pull request workflow, surfacing security findings before code is merged. This shift-left approach catches vulnerabilities early when they are cheaper to fix.

Core Features

  • Code scanning: Static analysis powered by CodeQL finds vulnerabilities in your code
  • Secret scanning: Detects API keys, tokens, and credentials in commits
  • Dependency review: Flags vulnerable dependencies in pull requests
  • Security overview: Dashboard showing security posture across all repositories
  • Custom patterns: Define organization-specific secret patterns to detect

Typical Use Cases

GHAS is essential for organizations that need to prevent security vulnerabilities from reaching production. It is commonly used to meet compliance requirements like SOC 2, enforce security policies automatically, and provide visibility into security debt across the codebase.

Benefits

  • Native integration into GitHub workflow, no separate tools needed
  • CodeQL queries cover OWASP Top 10 and CWE/SANS Top 25
  • Push protection blocks secrets before they reach the repository
  • API access for integration with security dashboards

Frequently Asked Questions

Which languages does code scanning support?

CodeQL supports C, C++, C#, Go, Java, JavaScript, TypeScript, Python, Ruby, and Swift. Community queries extend coverage to additional frameworks and patterns.

Does secret scanning work for custom secrets?

Yes. Beyond the 200+ partner patterns included by default, you can define custom regex patterns to detect organization-specific secrets like internal API keys.

Can we use GHAS without GitHub Enterprise?

Code scanning is available on public repositories for free. Secret scanning and dependency review for private repositories require GitHub Enterprise with the Advanced Security license.

How is pricing calculated?

GHAS is billed per active committer who pushes code to repositories with GHAS enabled. Committers who only read code or create issues are not counted.

Integration with innFactory

As a Microsoft Solutions Partner, innFactory helps you implement GitHub Advanced Security: scanning configuration, custom CodeQL queries, and security workflow design.

Typical Use Cases

Automated code vulnerability scanning
Secret detection in commits
License compliance checking
Supply chain security

Quick Links

Documentation Console

Microsoft Solutions Partner

innFactory is a Microsoft Solutions Partner. We provide expert consulting, implementation, and managed services for Azure.

Microsoft Solutions Partner Microsoft Data & AI

Ready to start with GitHub Advanced Security - Code Security Scanning?

Our certified Azure experts help you with architecture, integration, and optimization.

Schedule Consultation