Requirements for enabling Advanced Security products
To use GitHub Secret Protection, GitHub Code Security, or GitHub Advanced Security on private or internal repositories with unique active committers, you must have licenses available. The user-interface and options depend on how you pay for Advanced Security.
- Metered billing: by default, there is no limit on how many licenses you can consume. See Preventing overspending in the GitHub Enterprise Cloud docs .
- Volume/subscription billing (GitHub Enterprise only): once the licenses you have purchased are all in use, you cannot enable GitHub Secret Protection, GitHub Code Security, or GitHub Advanced Security on additional repositories until you free up or buy additional licenses.
With security configurations, you can easily understand the license usage of repositories in your organization, as well as the number of available GitHub Secret Protection, GitHub Code Security, or GitHub Advanced Security licenses in your enterprise. Additionally, if you need to make more licenses available to secure a high-impact repository, you can quickly disable GitHub Secret Protection, GitHub Code Security, or GitHub Advanced Security at scale.
To learn about licensing for GitHub Secret Protection, GitHub Code Security, and GitHub Advanced Security, see About billing for GitHub Advanced Security.
Understanding your license usage
-
In the upper-right corner of GitHub, select your profile photo, then click Your organizations.
-
Under your organization name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.
-
In the "Security" section of the sidebar, select the Advanced Security dropdown menu, then click Configurations.
-
In the "Apply configurations" section, your current license usage will be displayed. This screenshot shows metered usage. If you have bought a volume/subscription license, then the number of licenses available is also reported.
-
Optionally, to find specific repositories in your organization, filter the repository table. To learn more, see Filtering repositories in your organization using the repository table.
Turning off Secret Protection or Code Security
The simplest way to turn off all Secret Protection or Code Security features for one or more repositories is to create a security configuration where the product is disabled at the top level. You can apply this custom configuration to repositories where you want to turn off paid features.
Tip
Ensure that you give your custom configuration a very clear name, for example: "No Code Security" or "Secret Protection and Supply chain only" to avoid confusion.
For more information, see Creating a custom security configuration and Applying a custom security configuration.