Skip to main content

Adopting GitHub Advanced Security at scale

A phased approach to rolling out GitHub Advanced Security at your company using industry and GitHub best practices.

Introduction to adopting GitHub Advanced Security at scale

You can adopt GitHub Advanced Security at scale in your company following industry and GitHub best practices.

Phase 1: Align on your rollout strategy and goals

Before enabling code scanning and secret scanning, plan how GHAS should be rolled out across your enterprise.

Phase 2: Preparing to enable at scale

In this phase you will prepare developers and collect data about your repositories to ensure your teams are ready and you have everything you need for pilot programs and rolling out code scanning and secret scanning.

Phase 3: Pilot programs

You may benefit from beginning with a few high-impact projects and teams with which to pilot an initial rollout. This will allow an initial group within your company to get familiar with GHAS, learn how to enable and configure GHAS, and build a solid foundation on GHAS before rolling out to the remainder of your company.

Phase 4: Create internal documentation

You will create internal documentation and then communicate this to the consumers of GitHub Advanced Security.

Phase 5: Rollout and scale code scanning

You can leverage the available APIs to rollout code scanning programmatically by team and by language across your enterprise using the repository data you collected earlier.

Phase 6: Rollout and scale secret scanning

For the final phase, you will focus on the rollout of secret scanning. Secret scanning is a more straightforward tool to rollout than code scanning, as it involves less configuration, but it's critical to have a strategy for handling new and old results.