GitHub Advanced Security Reviews

Name: GitHub Advanced Security
Brand: GitHub
Rating: 4.3 (12 reviews)

Vendor: GitHub

4.3 out of 5

12 reviews
91% willing to recommend

Leave a review

What is GitHub Advanced Security?

GitHub Advanced Security secures data by scanning for vulnerabilities in dependencies, secret scanning, and protecting sensitive information. It integrates seamlessly, reducing reliance on multiple tools and optimizing vulnerability detection.

Get the GitHub Advanced Security Buyer's Guide and find out what your peers are saying about GitHub Advanced Security, SonarQube, Snyk and more!

GitHub Advanced Security is the #10 ranked solution in application security solutions. PeerSpot users give GitHub Advanced Security an average rating of 8.6 out of 10. GitHub Advanced Security is most commonly compared to SonarQube: GitHub Advanced Security vs SonarQube. GitHub Advanced Security is popular among the large enterprise segment, accounting for 63% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 14% of all views.

Buyer's Guide

GitHub Advanced Security

December 2025

Get the report

Helped 879,259 peers since 2012

Featured GitHub Advanced Security reviews

Sabna Sainudeen

Director, Application Security at Carlsberg

GitHub Advanced Security should look into API security issues, which they currently do not. Additionally, open-source security vulnerabilities are not getting updated in a timely manner. There are features in GitHub Advanced Security that cannot be used within Microsoft, which is strange since they are the same company. It should also focus on developing a software bill of materials (SBOM) to see all open software used in one place.

Read full review

Devendiran Kandan

DevOps Engineer at a tech vendor with 1,001-5,000 employees

We used additional third-party solutions, but we replaced them with GitHub Advanced Security, even though I do not have a very good opinion about GitHub Advanced Security. Even though it is an inline product, I'm not seeing user-friendly things in GitHub Advanced Security. Dependent bots and the secret detection are good compared to others. However, code scanning is not finding very good results based on pipeline where it will scan and do code scanning. While build, before building and deploying the code, we want to block or do an advanced model, but it is not supporting. During deployment, code scanning is not good. It is a little complicated. It is not a straightforward method we can complete. We need expertise to get the full benefit, and troubleshooting sometimes requires going through that. The security overview dashboard is not really clear. It's not showing centralized information; each repo is showing, but if you compare it with competitors, it is not that great. Mainly in the centralized dashboard, enterprise level needs to improve. A centralized way where we can get that overall view is needed, and we want that code scanning and blocking deployments based on security. There are AI improvements, but however, it is not so easy to configure. It is multiple windows we need to go through and make changes or configure that. A few things we need to enable going into settings, and a few things we can find out in security. One product where security means the security dashboard should cover everything, but it is going here and there in many places.

Read full review

Majd Alasfar

AppSec engineer at EastNets Holding Ltd.

I use GitHub Advanced Security for conducting source code security scanning for the software that I develop The most valuable feature is the flexibility to customize the rules. It is also integrated directly within my developer workflow, so I use GitHub and see the output of vulnerabilities…

Read full review

GitHub Advanced Security mindshare

As of December 2025, the mindshare of GitHub Advanced Security in the Application Security Tools category stands at 5.8%, down from 7.5% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Application Security Tools Market Share Distribution
Product	Market Share (%)
GitHub Advanced Security	5.8%
SonarQube	19.2%
Checkmarx One	10.2%
Other	64.8%

Application Security Tools

PeerResearch reports based on GitHub Advanced Security reviews

Type	Title	Date
Category	Application Security Tools	Dec 29, 2025	Download
Product	Reviews, tips, and advice from real users	Dec 29, 2025	Download
Comparison	GitHub Advanced Security vs SonarQube	Dec 29, 2025	Download
Comparison	GitHub Advanced Security vs Veracode	Dec 29, 2025	Download
Comparison	GitHub Advanced Security vs Checkmarx One	Dec 29, 2025	Download

Valuable Features

GitHub Advanced Security is valued for its developer experience, extensibility, and cost-effectiveness within Azure DevOps. Features include security and dependency scans, CodeQL customization, secret scanning, and dependency checking. It integrates seamlessly within developer workflows, enhancing code security with copilot auto-fixes and custom queries, while offering flexibility and scalability. Users appreciate Dependabot alerts and the secure environment provided without needing external integration.

"GitHub Advanced Security's secret scanning is good."
"The best features of GitHub Advanced Security are its flexibility and the multiple options it has compared to other tools."
"GitHub Advanced Security is ten out of ten scalable."

Room for Improvement

GitHub Advanced Security requires a centralized dashboard for a clear overview of projects. Reporting features need enhancement, including PDF exports. Integration with existing tools can be difficult. More programming language support and robust customization options are necessary. Implementation is challenging and requires expertise. Open-source vulnerabilities update slowly. Code scanning lacks effectiveness, especially with deployments. API security concerns need addressing. Training needs improvement for easier customization.

"We used additional third-party solutions, but we replaced them with GitHub Advanced Security, even though I do not have a very good opinion about GitHub Advanced Security."
"An area of GitHub Advanced Security that has room for improvement is customization."
"The reporting feature might need improvement. While it integrates seamlessly with my workflow, it doesn't provide management with oversight, such as statistics and the number of vulnerabilities."

Pricing

Enterprise users express concerns about GitHub Advanced Security's pricing, citing its reliance on active commitments and the need for constant adjustments. The cost, often estimated at $50 per developer monthly, can quickly escalate for larger teams, reaching $10,000 to $12,000 annually. While some find it reasonable, many view it as expensive compared to alternatives, suggesting potential improvements in pricing flexibility and predictability to better align with actual usage.

"The solution is expensive."
"The current licensing model, which relies on active commitments, poses challenges, particularly in predicting and managing growth."

Popular Use Cases

GitHub Advanced Security is primarily used for securing data across applications, ensuring no exposure of sensitive information. It performs dependency scans, secret scans, and code analysis to identify vulnerabilities and secure code integrity. Organizations appreciate its integration for scanning vulnerabilities and secrets in development workflows. Its advanced scanning features focus on minimal false positives, enhancing developer experience and security practices. Many utilize it for comprehensive code and security analysis alongside other tools.

Service and Support

GitHub Advanced Security's service and support team is responsive, accommodating, and of high quality with interactions involving emails and collaboration with professional services. Communication challenges arise due to geographical constraints and delays in request acknowledgment. Users appreciate discussions with product managers and generally give positive ratings, around eight or nine out of ten. Some rely on Microsoft documentation for issue resolution. Direct contact is limited, as assistance often occurs through forums or email.

Deployment

GitHub Advanced Security's initial setup is straightforward and quick, with most companies finding it easy to enable. Enterprise admins begin the process, then repo admins activate it for their repositories. Enhancements like automatic analysis file generation simplify the task. It integrates with Azure DevOps, reducing third-party costs. Users report it takes minutes to a few hours for setup. Many teams successfully manage it without issues, even with limited resources.

Scalability

GitHub Advanced Security is designed for scalability, fitting well with varying business sizes. Many users extend its scalability capabilities to large numbers within their organizations. Some limitations exist, particularly in its analysis compared to alternatives, but overall, the platform supports new applications efficiently. The ease of enabling features for repositories has been noted, though some users find its utility less than comprehensive, offering varying experiences.

Stability

Users find GitHub Advanced Security to be highly stable with no downtime or performance issues. Azure DevOps integration with its serverless Microsoft architecture is praised for eliminating scaling concerns and reducing administrative burdens. A rating of nine out of ten reflects user confidence, though a few users rate stability lower. Users appreciate the lack of technical issues and maintainability costs, reinforcing GitHub Advanced Security as a reliable tool in their workflow.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our GitHub Advanced Security Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	1
Midsize Enterprise	4
Large Enterprise	7

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	386
Midsize Enterprise	252
Large Enterprise	1069

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

14%

Computer Software Company

11%

Manufacturing Company

Government

Insurance Company

Comms Service Provider

Retailer

University

Healthcare Company

Energy/Utilities Company

Media Company

Educational Organization

Non Profit

Transportation Company

Real Estate/Law Firm

Construction Company

Outsourcing Company

Hospitality Company

Legal Firm

Wholesaler/Distributor

Performing Arts

Pharma/Biotech Company

Consumer Goods Company

Recreational Facilities/Services Company

Logistics Company

Marketing Services Firm

Aerospace/Defense Firm

Compare GitHub Advanced Security with alternative products

Learn more about GitHub Advanced Security

GitHub Advanced Security is designed to enhance security awareness by offering comprehensive tools for secret scanning, code analysis, and SCSS dependency checks. AI-driven features deliver accurate security insights while minimizing false positives. It provides valuable integration with Azure DevOps, maintaining control within dashboards and enabling external systems' support through APIs. With CodeQL, users can perform custom queries across projects. Propelled by Microsoft, the platform enhances operational frameworks with essential security features, although improvements are needed in dashboard consolidation, reporting, and integration mechanisms. Users seek better customizability, language support, and training resources to ensure smoother implementation.

What are the key features of GitHub Advanced Security?

Security and Dependency Scanning: Identifies vulnerabilities in code and dependencies.
Secret Scanning: Detects sensitive information exposure.
Cost-effectiveness: Reduces the need for multiple security tools.
Developer Experience: Integrates seamlessly with development environments.
Extensibility: Custom queries via CodeQL and integration support.

What benefits and ROI can users expect?

Improved Security Posture: Enhanced visibility reduces risk.
Operational Efficiency: Streamlines processes with fewer tools.
Actionable Insights: AI-driven analysis provides clear guidance.
Enhanced Collaboration: Facilitates team integration through shared dashboards.

Industries implement GitHub Advanced Security to maintain robust security standards. It is favored by technology sectors seeking seamless integration with Azure DevOps and looking for customizable security tools tailored to project needs. Financial institutions value its accurate threat detection and compliance support, while enterprises focus on its comprehensive dependency scanning and code analysis capabilities to safeguard critical assets. The adaptability of GitHub Advanced Security across different operational environments illustrates its practical benefits.

Product Categories

Application Security Tools

Popular Comparisons

SonarQube vs GitHub Advanced Security

Snyk vs GitHub Advanced Security

GitLab vs GitHub Advanced Security

Checkmarx One vs GitHub Advanced Security

Veracode vs GitHub Advanced Security

CrowdStrike Falcon Cloud Security vs GitHub Advanced Security

OpenText Core Application Security vs GitHub Advanced Security

Mend.io vs GitHub Advanced Security

Sonatype Lifecycle vs GitHub Advanced Security

PortSwigger Burp Suite Professional vs GitHub Advanced Security

HCL AppScan vs GitHub Advanced Security

Qualys Web Application Scanning vs GitHub Advanced Security

GitGuardian Platform vs GitHub Advanced Security

GitHub vs GitHub Advanced Security

Aikido Security vs GitHub Advanced Security

See all alternatives

GitHub Advanced Security Reviews Summary
Author info	Rating	Review Summary
Director, Application Security at Carlsberg	4.0	I find GitHub Advanced Security beneficial for source code analysis and code scanning within GitHub environments, but it lacks timely updates for open-source vulnerabilities and API security focus. It also has compatibility issues with Microsoft integration, which is surprising.
DevOps Engineer at a tech vendor with 1,001-5,000 employees	3.0	I've used GitHub Advanced Security heavily in software development and found secret scanning and Dependabot helpful, but the code scanning and security dashboard lack clarity, ease of use, and centralized visibility compared to competitors like Checkmarx.
AppSec engineer at EastNets Holding Ltd.	4.5	I use GitHub Advanced Security for source code scanning due to its customizable rules and seamless integration within my workflow. However, it lacks effective management reporting features. Although I find the cost high, it offers fewer false positives than Veracode.
Delivery Head at Newt	4.5	I’ve used GitHub Advanced Security for 3-4 years and appreciate its flexibility, Dependabot alerts, and security dashboard, though it could use more customization. Setup was easy, pricing is good, and I've seen time-saving ROI.
DevOps Engineer at Alm Brand	4.0	I use GitHub Advanced Security at work for detecting code vulnerabilities and secrets. It offers valuable features like copilot auto-fix and custom queries. Improvement is needed in language support and organizational control. We switched from Bitbucket and GitLab due to company policy.
Senior Solution Architect at a manufacturing company with 10,001+ employees	4.0	I use GitHub Advanced Security for its focus on code security and CodeQL's reliable findings. While SonarQube emphasizes code quality, both tools complement each other. Improvements are needed in language support and customized rulesetting for better flexibility.
Assistant General Manager at Air India Limited	4.5	I use GitHub Advanced Security in my company to detect code vulnerabilities while developing web and mobile apps. The deployment process is challenging and needs improvement, especially with clearer guidelines for addressing vulnerabilities, though its reporting capability is useful.
Technical Consultant at Canarys Automations Pvt. Ltd.	4.5	As a partner, we implement GitHub Advanced Security for SaaS analytics, valuing its dependency and secret scanning features. While CodeQL offers customization, it requires query-writing skills, and training is limited. We switched from multiple products due to partnership benefits.

Title	Rating	Mindshare	Recommending
SonarQube	4.0	19.2%	83%	134 interviews Add to research
Snyk	4.1	6.1%	100%	50 interviews Add to research

GitHub Advanced Security Reviews

What is GitHub Advanced Security?

Featured GitHub Advanced Security reviews

GitHub Advanced Security mindshare

PeerResearch reports based on GitHub Advanced Security reviews

Valuable Features

Room for Improvement

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare GitHub Advanced Security with alternative products

Learn more about GitHub Advanced Security

Related questions

Product Categories

Popular Comparisons