Managing your paid use of Advanced Security

You can understand and control the costs of using GitHub Secret Protection and GitHub Code Security in repositories in your organization.

Who can use this feature?

Organization owners, security managers, and organization members with the admin role

Requires GitHub Team or GitHub Enterprise

In this article

Requirements for enabling Advanced Security products

To use GitHub Secret Protection or GitHub Code Security on private or internal repositories with unique active committers, you must have licenses available. The user-interface and options depend on how you pay for Advanced Security.

  • Metered billing: by default, there is no limit on how many licenses you can consume. See Preventing overspending .
  • Volume/subscription billing (GitHub Enterprise only): once the licenses you have purchased are all in use, you cannot enable Secret Protection or Code Security on additional repositories until you free up or buy additional licenses.

With security configurations, you can easily understand the license usage of repositories in your organization.

To learn about licensing for GitHub Secret Protection and GitHub Code Security, see About billing for GitHub Advanced Security.

Understanding your license usage

  1. In the upper-right corner of GitHub, select your profile photo, then click Your organizations.

  2. Under your organization name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of the tabs in an organization's profile. The "Settings" tab is outlined in dark orange.

  3. In the "Security" section of the sidebar, select the Advanced Security dropdown menu, then click Configurations.

  4. In the "Apply configurations" section, your current license usage will be displayed as:

    # Secret Protection licenses • # Code Security licenses in use.

    Screenshot of the "Apply configurations" section. The current license use for the enterprise is outlined in dark orange.

  5. Optionally, to find specific repositories in your organization, filter the repository table. To learn more, see Filtering repositories in your organization using the repository table.

  6. To quickly identify the number of licenses needed to enable GitHub Secret Protection and GitHub Code Security on a specific repository, in that repository's row of the repository table, read "NUMBER licenses required".

  7. To view license usage for multiple repositories in your organization, select the repositories from the repository table. In the "Apply configurations" section, you will see the number of licenses required to apply GitHub Secret Protection and GitHub Code Security to the repositories, as well as the number of licenses made available if you disable GitHub Secret Protection or GitHub Code Security on those repositories.

    Screenshot of the "Apply configurations" section. The potential changes to GHAS license usage for the enterprise are outlined in dark orange.

Turning off Secret Protection or Code Security

The simplest way to turn off all Secret Protection or Code Security features for one or more repositories is to create a security configuration where the product is disabled at the top level. You can apply this custom configuration to repositories where you want to turn off paid features.

Tip

Ensure that you give your custom configuration a very clear name, for example: "No Code Security" or "Secret Protection and Supply chain only" to avoid confusion.

For more information, see Creating a custom security configuration and Applying a custom security configuration.