DevOps Engineer at a tech vendor with 1,001-5,000 employees
MSP
Top 5
Dec 2, 2025
We used additional third-party solutions, but we replaced them with GitHub Advanced Security, even though I do not have a very good opinion about GitHub Advanced Security. Even though it is an inline product, I'm not seeing user-friendly things in GitHub Advanced Security. Dependent bots and the secret detection are good compared to others. However, code scanning is not finding very good results based on pipeline where it will scan and do code scanning. While build, before building and deploying the code, we want to block or do an advanced model, but it is not supporting. During deployment, code scanning is not good. It is a little complicated. It is not a straightforward method we can complete. We need expertise to get the full benefit, and troubleshooting sometimes requires going through that. The security overview dashboard is not really clear. It's not showing centralized information; each repo is showing, but if you compare it with competitors, it is not that great. Mainly in the centralized dashboard, enterprise level needs to improve. A centralized way where we can get that overall view is needed, and we want that code scanning and blocking deployments based on security. There are AI improvements, but however, it is not so easy to configure. It is multiple windows we need to go through and make changes or configure that. A few things we need to enable going into settings, and a few things we can find out in security. One product where security means the security dashboard should cover everything, but it is going here and there in many places.
The reporting feature might need improvement. While it integrates seamlessly with my workflow, it doesn't provide management with oversight, such as statistics and the number of vulnerabilities. Management is not familiar with logging into GitHub, so a reporting feature that allows export to PDF would be beneficial.
For GitHub Advanced Security, I would like to see more support for various programming languages. Additionally, it would be beneficial to have more control at an organizational level rather than having to manage each repository individually.
GitHub Advanced Security should look into API security issues, which they currently do not. Additionally, open-source security vulnerabilities are not getting updated in a timely manner. There are features in GitHub Advanced Security that cannot be used within Microsoft, which is strange since they are the same company. It should also focus on developing a software bill of materials (SBOM) to see all open software used in one place.
Senior Solution Architect at a manufacturing company with 10,001+ employees
Real User
Top 10
Jul 1, 2024
Maybe make it compatible with more programming languages. Have a customized ruleset where the end-user can create their own rules for scanning. Also, support for container stuff, like when the code is running or built in a container, to offer more flexibility. The tool is pretty new, so maybe they will improve.
The deployment part of the product is an area of concern that needs to be made easier from an improvement perspective. In my company, the actual implementation phase takes time, though the tool is able to give us reports. It is not easy for our company's teams to understand what changes are to be made to the product. If there are some guidelines on how to make the changes in GitHub Advanced Security and how to address the vulnerabilities, then it would be a better tool. In general, the implementation part of the product is an area of concern where improvements are required.
Technical Program Manager at a healthcare company with 10,001+ employees
Real User
Nov 6, 2023
The current reporting features are limited and require improvement. Data is consolidated under the security tab, including secret scanning, and code vulnerabilities. This consolidation may lead to confusion, especially with many issues. A more refined approach, categorizing and emphasizing specific vulnerabilities, would be beneficial. Additionally, introducing robust reporting capabilities for tracking issue resolution progress would significantly enhance the platform's usability. Considering the current feature set, I am contemplating the potential inclusion of features, particularly those related to better integration with existing security tools. As a sizable organization, we already utilize specific security tools. While these tools can export data in a compatible format for integration with GitHub, there are challenges, especially with a diverse range of tools operating in the security space.
GitHub Advanced Security secures data by scanning for vulnerabilities in dependencies, secret scanning, and protecting sensitive information. It integrates seamlessly, reducing reliance on multiple tools and optimizing vulnerability detection.GitHub Advanced Security is designed to enhance security awareness by offering comprehensive tools for secret scanning, code analysis, and SCSS dependency checks. AI-driven features deliver accurate security insights while minimizing false positives. It...
We used additional third-party solutions, but we replaced them with GitHub Advanced Security, even though I do not have a very good opinion about GitHub Advanced Security. Even though it is an inline product, I'm not seeing user-friendly things in GitHub Advanced Security. Dependent bots and the secret detection are good compared to others. However, code scanning is not finding very good results based on pipeline where it will scan and do code scanning. While build, before building and deploying the code, we want to block or do an advanced model, but it is not supporting. During deployment, code scanning is not good. It is a little complicated. It is not a straightforward method we can complete. We need expertise to get the full benefit, and troubleshooting sometimes requires going through that. The security overview dashboard is not really clear. It's not showing centralized information; each repo is showing, but if you compare it with competitors, it is not that great. Mainly in the centralized dashboard, enterprise level needs to improve. A centralized way where we can get that overall view is needed, and we want that code scanning and blocking deployments based on security. There are AI improvements, but however, it is not so easy to configure. It is multiple windows we need to go through and make changes or configure that. A few things we need to enable going into settings, and a few things we can find out in security. One product where security means the security dashboard should cover everything, but it is going here and there in many places.
An area of GitHub Advanced Security that has room for improvement is customization.
The reporting feature might need improvement. While it integrates seamlessly with my workflow, it doesn't provide management with oversight, such as statistics and the number of vulnerabilities. Management is not familiar with logging into GitHub, so a reporting feature that allows export to PDF would be beneficial.
For GitHub Advanced Security, I would like to see more support for various programming languages. Additionally, it would be beneficial to have more control at an organizational level rather than having to manage each repository individually.
GitHub Advanced Security should look into API security issues, which they currently do not. Additionally, open-source security vulnerabilities are not getting updated in a timely manner. There are features in GitHub Advanced Security that cannot be used within Microsoft, which is strange since they are the same company. It should also focus on developing a software bill of materials (SBOM) to see all open software used in one place.
Maybe make it compatible with more programming languages. Have a customized ruleset where the end-user can create their own rules for scanning. Also, support for container stuff, like when the code is running or built in a container, to offer more flexibility. The tool is pretty new, so maybe they will improve.
The deployment part of the product is an area of concern that needs to be made easier from an improvement perspective. In my company, the actual implementation phase takes time, though the tool is able to give us reports. It is not easy for our company's teams to understand what changes are to be made to the product. If there are some guidelines on how to make the changes in GitHub Advanced Security and how to address the vulnerabilities, then it would be a better tool. In general, the implementation part of the product is an area of concern where improvements are required.
There could be DST features included in the product.
The current reporting features are limited and require improvement. Data is consolidated under the security tab, including secret scanning, and code vulnerabilities. This consolidation may lead to confusion, especially with many issues. A more refined approach, categorizing and emphasizing specific vulnerabilities, would be beneficial. Additionally, introducing robust reporting capabilities for tracking issue resolution progress would significantly enhance the platform's usability. Considering the current feature set, I am contemplating the potential inclusion of features, particularly those related to better integration with existing security tools. As a sizable organization, we already utilize specific security tools. While these tools can export data in a compatible format for integration with GitHub, there are challenges, especially with a diverse range of tools operating in the security space.
There could be a centralized dashboard to view reports of all the projects on one platform.