GitHub Advanced Security Reviews

Name: GitHub Advanced Security
Brand: GitHub
Rating: 4 (7 reviews)

4.4 out of 5

7 reviews
100% willing to recommend

What is GitHub Advanced Security?

GitHub Advanced Security secures data by scanning for vulnerabilities in dependencies, secret scanning, and protecting sensitive information. It integrates seamlessly, reducing reliance on multiple tools and optimizing vulnerability detection.

Get the GitHub Advanced Security Buyer's Guide and find out what your peers are saying about GitHub Advanced Security, SonarQube Server (formerly SonarQube), Veracode and more!

GitHub Advanced Security is the #15 ranked solution in application security solutions. PeerSpot users give GitHub Advanced Security an average rating of 8.8 out of 10. GitHub Advanced Security is most commonly compared to SonarQube Server (formerly SonarQube): GitHub Advanced Security vs SonarQube Server (formerly SonarQube). GitHub Advanced Security is popular among the large enterprise segment, accounting for 65% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 14% of all views.

Buyer's Guide

GitHub Advanced Security

October 2024

Get the report

Helped 814,763 peers since 2012

Featured reviews

SirinatPaphatsirinatthi

Co-Founder at Cloud NC

We keep our firewall security in place. Customers use GitHub because they don't want to coordinate with many tools. GitHub provides advanced security, which is why the customers choose this tool; it allows them to rely solely on GitHub as one platform for everything they need For customers,…

Read full review

reviewer2395785

Senior Solution Architect at a manufacturing company with 10,001+ employees

It finds hardcoded secrets directly in the code and points them out immediately. Then, I can go back to the developers and let them know. I can even block the commit in the repository so they cannot commit until they fix the issue. AI in the backend: CodeQL uses AI algorithms, so it reduces false positives. For example, in a SQL injection, it finds the user input flow of the code instead of looking for hardcoded SQL statements. It looks at where parameters can be created and filled with data. If it ends on a path where it comes from a user, then you really get an SQL injection. If it's just a parameter populated through something else, there is no danger. This is one difference between SonarQube and GitHub Advanced Security. It gives you fewer false positives, so you don't waste time figuring out if it's a real security issue or a false alarm.

Read full review

Prakash Ashtikar

Assistant General Manager at Air India Limited

The deployment part of the product is an area of concern that needs to be made easier from an improvement perspective. In my company, the actual implementation phase takes time, though the tool is able to give us reports. It is not easy for our company's teams to understand what changes are to be made to the product. If there are some guidelines on how to make the changes in GitHub Advanced Security and how to address the vulnerabilities, then it would be a better tool. In general, the implementation part of the product is an area of concern where improvements are required.

Read full review

GitHub Advanced Security mindshare

As of November 2024, the mindshare of GitHub Advanced Security in the Application Security Tools category stands at 7.5%, up from 0.6% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Application Security Tools

Key learnings from peers

Last updated Oct 8, 2024

Valuable Features

GitHub Advanced Security offers valuable features like developer experience, extensibility, security scanning, dependency scanning, and cost-effectiveness. It integrates well with Azure DevOps, requiring no external security integration. Custom queries using CodeQL enhance flexibility while secret scanning and push protection help block threats. Dependency review can be part of the CI pipeline, discovering vulnerabilities and identifying industry threats. APIs enable integration with external systems, adding to its versatility for developers.

"GitHub Advanced Security uses artificial intelligence in the backend, specifically CodeQL, to analyze code and provide fewer but more reliable findings, so there are less false positives."
"It is a stable solution...It is a scalable solution as it can handle new applications along with the analysis part."
"GitHub provides advanced security, which is why the customers choose this tool; it allows them to rely solely on GitHub as one platform for everything they need."

Room for Improvement

GitHub Advanced Security requires enhancements in its centralized dashboard for comprehensive report access across platforms. Limited reporting capabilities need refinement, emphasizing specific vulnerabilities and tracking resolution progress. Improved integration with existing security tools and inclusion of features like DST are sought after. Customizations and query handling require simplification, while deployment needs clearer guidelines. Users face challenges with compatibility across programming languages and containers, along with the need for user-defined rulesets for scanning.

"Maybe make it compatible with more programming languages. Have a customized ruleset where the end-user can create their own rules for scanning."
"The deployment part of the product is an area of concern that needs to be made easier from an improvement perspective."
"The report limitations are the main issue."

Pricing

"The solution is expensive."
"The current licensing model, which relies on active commitments, poses challenges, particularly in predicting and managing growth."

Popular Use Cases

GitHub Advanced Security is primarily used to secure application data and identify vulnerabilities in code. It conducts SCSS and secret scans, checks dependencies for security flaws, and minimizes false positives using CodeQL. Users benefit from enhanced security, improved developer experiences, and simplified tool coordination. Its focus on code security over quality, like SonarQube, makes it a preferred choice for companies wanting comprehensive security without relying on multiple tools.

Service and Support

GitHub Advanced Security customer service and support are described as responsive and accommodating, with interactions involving feature requests and issues. They reference Microsoft documentation for technical guidance. Quality of support is influenced by issue priority, generally rated eight or nine out of ten. Assistance is provided via emails, posing challenges for companies in India due to time zone differences. Users regularly contact support for on-premise configurations and other tools.

Deployment

Initial setup of GitHub Advanced Security is easy and straightforward, with integration into Azure DevOps. Enterprise admins enable it, then repo admins take charge for their repositories. Enhancements like automatic generation of analysis files reduce user effort. Setup offers cost savings compared to other vendors and features serverless maintenance by Microsoft. Deployment can take up to a week, though some companies need additional engineers to complete implementation.

Scalability

GitHub Advanced Security demonstrates adaptability, supporting seamless onboarding as license expansions occur. Organizations have augmented their user base significantly, with some having over 500 individuals, while others surpass 1000 users. This adaptability suits enterprise needs and efficiently processes new applications with analyses. It caters effectively to both small and medium-sized businesses, indicating robust scalability suitable for various company sizes.

Stability

GitHub Advanced Security demonstrates strong stability. Users report no downtime and commend its serverless architecture managed by Microsoft, which eliminates scaling concerns. Feedback highlights that Azure DevOps integration minimizes administrative overhead while maintaining high stability. Workflows can present challenges in analysis interpretation, but the solution’s capabilities remain satisfactory. Stability consistently receives high ratings, with no significant technical issues reported. Many describe it as very stable, rating it nine out of ten.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our GitHub Advanced Security Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

14%

Computer Software Company

12%

Manufacturing Company

Insurance Company

Government

Retailer

Healthcare Company

Comms Service Provider

Energy/Utilities Company

University

Media Company

Educational Organization

Construction Company

Non Profit

Real Estate/Law Firm

Transportation Company

Pharma/Biotech Company

Hospitality Company

Legal Firm

Wholesaler/Distributor

Outsourcing Company

Logistics Company

Recreational Facilities/Services Company

Mining And Metals Company

Marketing Services Firm

Compare GitHub Advanced Security with alternative products

Learn more about GitHub Advanced Security

GitHub Advanced Security is designed to enhance security awareness by offering comprehensive tools for secret scanning, code analysis, and SCSS dependency checks. AI-driven features deliver accurate security insights while minimizing false positives. It provides valuable integration with Azure DevOps, maintaining control within dashboards and enabling external systems' support through APIs. With CodeQL, users can perform custom queries across projects. Propelled by Microsoft, the platform enhances operational frameworks with essential security features, although improvements are needed in dashboard consolidation, reporting, and integration mechanisms. Users seek better customizability, language support, and training resources to ensure smoother implementation.

What are the key features of GitHub Advanced Security?

Security and Dependency Scanning: Identifies vulnerabilities in code and dependencies.
Secret Scanning: Detects sensitive information exposure.
Cost-effectiveness: Reduces the need for multiple security tools.
Developer Experience: Integrates seamlessly with development environments.
Extensibility: Custom queries via CodeQL and integration support.

What benefits and ROI can users expect?

Improved Security Posture: Enhanced visibility reduces risk.
Operational Efficiency: Streamlines processes with fewer tools.
Actionable Insights: AI-driven analysis provides clear guidance.
Enhanced Collaboration: Facilitates team integration through shared dashboards.

Industries implement GitHub Advanced Security to maintain robust security standards. It is favored by technology sectors seeking seamless integration with Azure DevOps and looking for customizable security tools tailored to project needs. Financial institutions value its accurate threat detection and compliance support, while enterprises focus on its comprehensive dependency scanning and code analysis capabilities to safeguard critical assets. The adaptability of GitHub Advanced Security across different operational environments illustrates its practical benefits.