GitHub Advanced Security Reviews

My company is a partner. We help in product implementation for SaaS analytics. The solution is used for SaaS scans and secret scanning.

Dependency scanning is a valuable feature. The dependency review feature can be run as part of the CI pipeline. Secret scanning and push protection can block threats. It discovers the vulnerabilities. It helps identify the threats that are commonly seen in the industry.

CodeQL provides ease of use. It enables a high degree of customization. We can write our own queries and configure them in bulk for different projects. The tool provides APIs if we want to integrate it with any external system.

The customizations are a little bit difficult. We must know how to write queries. Training is a bit limited. GitHub needs to make it simpler for customization.

I have been using the solution for almost four years.

The tool is very stable.

We have more than 1000 users.

I have contacted support for on-premise configuration. The quality of support depends on the priority of the issue. I rate the support an eight or nine out of ten.

Positive

We were using multiple products before. We switched to GitHub because we are partners. We also help others to set up the solution.

The initial setup is very easy.

The solution is expensive.

The tool provides good reports. I recommend the product to others. It has a trial version. We can test all the features. Overall, I rate the product a nine out of ten.

The primary use case for GitHub Advanced Security is for SCSS (Semantic Code Search and Scan) dependencies scan and secret scan.

The most valuable features are security scan, dependency scan, and cost-effectiveness. Microsoft owns the platform, and it is included with Azure DevOps. We get a lot of good features at a very low cost.

There could be DST features included in the product.

We have been using GitHub Advanced Security for six months.

The stability of GitHub Advanced Security within Azure DevOps is highly commendable. Its serverless architecture, maintained by Microsoft, eliminates scaling concerns and load-related worries. The absence of maintainability costs, such as server upgrades, reduces administrative overhead.

We have 500 GitHub Advanced Security users in our organization.

We refer to the Microsoft documentation in case of technical issues.

The decision to switch or adopt GitHub Advanced Security was driven by the seamless integration and alignment with Microsoft technologies, eliminating the need for additional tools with their cloud or dependencies.

It provides one-click integration. It saves a lot of additional costs for setup and third-party consultancy compared to other vendors. It has severless maintenance, which is taken care of by Microsoft.

It is a user-friendly tool for those new to security, offering ease of use and integration within an organization. However, another specialized tool may be required for more advanced security needs, especially concerning data security testing (DST) and potentially information security management systems (ISMS). I rate GitHub Advanced Security a ten out of ten.

We use GitHub Advanced Security to secure data for multiple applications. It ensures user passwords or sensitive information are not accidentally exposed in code or reports. It scans the project's dependencies and checks if they are up-to-date and free from known security vulnerabilities.

GitHub Advanced Security is part of the Azure DevOps ecosystem. So, all the dashboards and information stay in our environment. We are not required to integrate it with any external security solution.

There could be a centralized dashboard to view reports of all the projects on one platform.

I rate GitHub Advanced Security a seven out of ten.

We keep our firewall security in place. Customers use GitHub because they don't want to coordinate with many tools. 

GitHub provides advanced security, which is why the customers choose this tool; it allows them to rely solely on GitHub as one platform for everything they need.

For customers, GitHub Advanced Security is valuable for several reasons. It offers server security and the key features. 

The report limitations are the main issue. We can only see a limited number of reports from Advanced Security. Many enterprise customers would prefer PDF reports. 

I've had experience with this solution for about a year.

It's a stable product. I would rate the stability a nine out of ten.

It is highly scalable. Our clients are enterprise businesses. 

The customer service and support is fine.

Positive

The initial setup was very easy; it wasn't difficult. 

GitHub allows for quick deployment depending on the customer's specific needs.  

Overall, I would rate the solution a ten out of ten.