Managing your paid use of Advanced Security

You can understand and control the costs of using GitHub Secret Protection and GitHub Code Security in repositories in your organization.

Who can use this feature?

Organization owners, security managers, and organization members with the admin role

Requires GitHub Team or GitHub Enterprise

In this article

Requirements for enabling Advanced Security products

To use GitHub Secret Protection or GitHub Code Security on private or internal repositories with unique active committers, you must have licenses available. The user-interface and options depend on how you pay for Advanced Security.

  • Metered billing: by default, there is no limit on how many licenses you can consume. See Preventing overspending .
  • Volume/subscription billing (GitHub Enterprise only): once the licenses you have purchased are all in use, you cannot enable Secret Protection or Code Security on additional repositories until you free up or buy additional licenses.

With security configurations, you can easily understand the license usage of repositories in your organization.

To learn about licensing for GitHub Secret Protection and GitHub Code Security, see About billing for GitHub Advanced Security.

Understanding your license usage

  1. In the upper-right corner of GitHub, select your profile photo, then click Your organizations.

  2. Under your organization name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of the tabs in an organization's profile. The "Settings" tab is outlined in dark orange.

  3. In the "Security" section of the sidebar, select the Advanced Security dropdown menu, then click Configurations.

  4. In the "Apply configurations" section, your current license usage will be displayed. This screenshot shows metered usage. If you have bought a volume/subscription license, then the number of licenses available is also reported.

    Screenshot of the "Apply configurations" section. The current license use for the enterprise is outlined in dark orange.

  5. Optionally, to find specific repositories in your organization, filter the repository table. To learn more, see Filtering repositories in your organization using the repository table.

Turning off Secret Protection or Code Security

The simplest way to turn off all Secret Protection or Code Security features for one or more repositories is to create a security configuration where the product is disabled at the top level. You can apply this custom configuration to repositories where you want to turn off paid features.

Tip

Ensure that you give your custom configuration a very clear name, for example: "No Code Security" or "Secret Protection and Supply chain only" to avoid confusion.

For more information, see Creating a custom security configuration and Applying a custom security configuration.