Managing your GitHub Advanced Security license usage

You can understand and control GitHub Advanced Security license usage for repositories in your organization.

Who can use this feature?

Organization owners and security managers can manage security configurations and global settings for an organization.

In this article

Note: Security configurations and global settings are in beta and subject to change. To provide feedback on these features, see the feedback discussion.

About GitHub Advanced Security billing and licenses

To use GitHub Advanced Security (GHAS) features on private or internal repositories with unique active committers, you must have available GHAS licenses. With security configurations, you can easily understand the GHAS license usage of repositories in your organization, as well as the number of available GHAS licenses in your enterprise. Additionally, if you need to make more GHAS licenses available to secure a high-impact repository, you can quickly disable GHAS features on private and internal repositories at scale.

To learn about GHAS licenses, as well as unique and active committers, see "About billing for GitHub Advanced Security."

Understanding your GitHub Advanced Security license usage

  1. In the upper-right corner of GitHub.com, select your profile photo, then click Your organizations.

    Screenshot of the dropdown menu under @octocat's profile picture. "Your organizations" is outlined in dark orange.

  2. Under your organization name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of the tabs in an organization's profile. The "Settings" tab is outlined in dark orange.

  3. In the "Security" section of the sidebar, select the Code security dropdown menu, then click Configurations.

  4. In the "Apply configurations" section, your current license usage will be displayed as "NUMBER-USED out of NUMBER-PURCHASED available GitHub Advanced Security licenses in use by YOUR-ENTERPRISE."

    Screenshot of the "Apply configurations" section. The current GHAS license usage for the enterprise is outlined in dark orange.

  5. Optionally, to find specific repositories in your organization, filter the repository table. To learn more, see "Filtering repositories in your organization using the repository table."

  6. To quickly identify the number of GHAS licenses needed to enable GHAS features on a specific repository, in that repository's row of the repository table, read "NUMBER licenses required".

  7. To view license usage for multiple repositories in your organization, select the repositories from the repository table. In the "Apply configurations" section, you will see the number of licenses required to apply GHAS features to the repositories, as well as the number of licenses made available if you disable GHAS features on those repositories.

    Screenshot of the "Apply configurations" section. The potential changes to GHAS license usage for the enterprise are outlined in dark orange.

Turning off GitHub Advanced Security features on select repositories in your organization

  1. In the upper-right corner of GitHub.com, select your profile photo, then click Your organizations.

    Screenshot of the dropdown menu under @octocat's profile picture. "Your organizations" is outlined in dark orange.

  2. Under your organization name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of the tabs in an organization's profile. The "Settings" tab is outlined in dark orange.

  3. In the "Security" section of the sidebar, select the Code security dropdown menu, then click Configurations.

  4. Optionally, in the "Apply configurations" section, filter for specific repositories on which you would like to disable GHAS. To learn more, see "Filtering repositories in your organization using the repository table."

  5. In the repository table, select repositories with one of three methods:

    • Select each individual repository you would like to disable GHAS features on.
    • To select all repositories displayed on the current page of the repository table, select NUMBER repositories.
    • After selecting NUMBER repositories, to select all repositories in your organization that match any filters you have applied, click Select all.

    Once you have selected the desired repositories, in the "Apply configurations" section, you can see how many GHAS licenses will become available when you disable GHAS features on those repositories. For more information, see "Understanding your GitHub Advanced Security license usage."

  6. Select the Apply configuration dropdown menu, then click Disable GitHub Advanced Security.

  7. To finish disabling GHAS features on the selected private or internal repositories, in the "Disable GitHub Advanced Security?" window, click Disable GitHub Advanced Security.

    Notes:

    • Disabling GHAS features for a private or internal repository will also detach that repository from any linked security configuration.
    • Disabling GHAS features through the repository table will not disable those features on public repositories since they do not require GitHub Advanced Security licenses.