Senior Solution Architect at a manufacturing company with 10,001+ employees
Real User
Top 20
2024-07-01T14:16:40Z
Jul 1, 2024
I use it for Azure DevOps, for example. This tool focuses on the security of the code. It performs code analysis to identify security issues, such as hard-coded secrets and passwords, potential SQL injection points, and duplicated components. SonarQube, on the other hand, focuses more on overall code quality and best practices, using a different approach that often results in more findings for the developer to handle. GitHub Advanced Security uses artificial intelligence in the backend, specifically CodeQL, to analyze code and provide fewer but more reliable findings, so there are less false positives. This allows developers to concentrate on the most relevant issues. Both tools have their uses, with GitHub Advanced Security being purely security-focused and SonarQube concentrating on code quality. Many software companies use both tools for comprehensive code analysis. Somehow, they complement each other. We also use the secret scanning feature of GitHub.
I use the solution in my company to develop web applications and mobile apps. In my company, we use GitHub Advanced Security to check the vulnerabilities in the codes.
Technical Program Manager at a healthcare company with 10,001+ employees
Real User
Top 5
2023-11-06T09:42:17Z
Nov 6, 2023
The main focus of our use case is to enhance the overall security mindset and to improve the developer experience. Prioritizing security, our primary objective is to ensure the accuracy of security findings, minimize noise, and optimize the identification of potential vulnerabilities.
Integration and Solution Architect at a government with 501-1,000 employees
Real User
Top 5
2023-09-06T15:28:00Z
Sep 6, 2023
We use GitHub Advanced Security to secure data for multiple applications. It ensures user passwords or sensitive information are not accidentally exposed in code or reports. It scans the project's dependencies and checks if they are up-to-date and free from known security vulnerabilities.
GitHub Advanced Security secures data by scanning for vulnerabilities in dependencies, secret scanning, and protecting sensitive information. It integrates seamlessly, reducing reliance on multiple tools and optimizing vulnerability detection.GitHub Advanced Security is designed to enhance security awareness by offering comprehensive tools for secret scanning, code analysis, and SCSS dependency checks. AI-driven features deliver accurate security insights while minimizing false positives. It...
I use it for Azure DevOps, for example. This tool focuses on the security of the code. It performs code analysis to identify security issues, such as hard-coded secrets and passwords, potential SQL injection points, and duplicated components. SonarQube, on the other hand, focuses more on overall code quality and best practices, using a different approach that often results in more findings for the developer to handle. GitHub Advanced Security uses artificial intelligence in the backend, specifically CodeQL, to analyze code and provide fewer but more reliable findings, so there are less false positives. This allows developers to concentrate on the most relevant issues. Both tools have their uses, with GitHub Advanced Security being purely security-focused and SonarQube concentrating on code quality. Many software companies use both tools for comprehensive code analysis. Somehow, they complement each other. We also use the secret scanning feature of GitHub.
I use the solution in my company to develop web applications and mobile apps. In my company, we use GitHub Advanced Security to check the vulnerabilities in the codes.
The primary use case for GitHub Advanced Security is for SCSS (Semantic Code Search and Scan) dependencies scan and secret scan.
The main focus of our use case is to enhance the overall security mindset and to improve the developer experience. Prioritizing security, our primary objective is to ensure the accuracy of security findings, minimize noise, and optimize the identification of potential vulnerabilities.
We use GitHub Advanced Security to secure data for multiple applications. It ensures user passwords or sensitive information are not accidentally exposed in code or reports. It scans the project's dependencies and checks if they are up-to-date and free from known security vulnerabilities.