Custom queries and auto-fix features improve code security by detecting vulnerabilities and secrets
Pros and Cons
- "The initial setup was straightforward and completed in a matter of minutes."
- "For GitHub Advanced Security, I would like to see more support for various programming languages."
What is our primary use case?
I use GitHub Advanced Security at my workplace to scan for code vulnerabilities and secrets in our software development workflow. It is used across multiple departments in the organization.
What is most valuable?
GitHub Advanced Security includes features such as the copilot auto-fix and the ability to add custom queries. These features enhance code security by scanning the code for vulnerabilities and secrets, which is a critical part of our software development workflow.
What needs improvement?
For GitHub Advanced Security, I would like to see more support for various programming languages. Additionally, it would be beneficial to have more control at an organizational level rather than having to manage each repository individually.
For how long have I used the solution?
I have been using GitHub Advanced Security for about four to five months.
Buyer's Guide
GitHub Advanced Security
March 2025
Learn what your peers think about GitHub Advanced Security. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
845,406 professionals have used our research since 2012.
What was my experience with deployment of the solution?
There were no challenges or difficulties deploying GitHub Advanced Security. I did not require any outside help for the deployment; it was completed in minutes.
How are customer service and support?
I would rate GitHub's technical support as a nine out of ten. It would be nice if they could reply quicker, but I understand they have a lot of requests to handle.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Before using GitHub, I worked with solutions like Bitbucket and GitLab. The switch to GitHub was due to a company policy involving Microsoft.
How was the initial setup?
The initial setup was straightforward and completed in a matter of minutes.
What about the implementation team?
I did not require any other help or a team for the implementation; I handled it all by myself.
What other advice do I have?
I would recommend GitHub Advanced Security to other users. The secret scanning feature has capabilities that utilize AI, such as searching for additional patterns and secret detection. I rate GitHub Advanced Security an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Mar 31, 2025
Flag as inappropriate
Buyer's Guide
Download our free GitHub Advanced Security Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Product Categories
Application Security ToolsPopular Comparisons
SonarQube Server (formerly SonarQube)
Checkmarx One
Fortify on Demand
Sonatype Lifecycle
Qualys Web Application Scanning
GitGuardian Platform
Fortify Application Defender
Contrast Security Assess
Buyer's Guide
Download our free GitHub Advanced Security Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- If you had to both encrypt and compress data during transmission, which would you do first and why?
- When evaluating Application Security, what aspect do you think is the most important to look for?
- What are the Top 5 cybersecurity trends in 2022?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- We're evaluating Tripwire, what else should we consider?
- Which application security solutions include both vulnerability scans and quality checks?
- Is SonarQube the best tool for static analysis?
- Why Do I Need Application Security Software?
- Which Email Security enterprise solution would you choose: Cisco Secure Email vs Forcepoint Email Security vs Barracuda Email Security Gateway?
- SAST vs. DAST: Which is better for application security testing?
