Managing your paid use of Advanced Security

You can understand and control the costs of using GitHub Advanced Security in repositories in your organization.

Who can use this feature?

Organization owners, security managers, and organization members with the admin role

In this article

Requirements for enabling Advanced Security products

To use GitHub Advanced Security on private or internal repositories with unique active committers, you must have licenses available. The user-interface and options depend on how you pay for Advanced Security.

  • Metered billing: by default, there is no limit on how many licenses you can consume. See Preventing overspending in the GitHub Enterprise Cloud docs .
  • Volume/subscription billing (GitHub Enterprise only): once the licenses you have purchased are all in use, you cannot enable Advanced Security on additional repositories until you free up or buy additional licenses.

With security configurations, you can easily understand the license usage of repositories in your organization, as well as the number of available GitHub Advanced Security licenses in your organization or enterprise. Additionally, if you need to make more licenses available to secure a high-impact repository, you can quickly disable GitHub Advanced Security on private and internal repositories at scale.

To learn about licensing for GitHub Advanced Security, see About billing for GitHub Advanced Security.

Understanding your license usage

  1. In the upper-right corner of GitHub, select your profile photo, then click Your organizations.

  2. Under your organization name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of the tabs in an organization's profile. The "Settings" tab is outlined in dark orange.

  3. In the "Security" section of the sidebar, select the Code security and analysis dropdown menu, then click Configurations.

  4. In the "Apply configurations" section, your current license usage will be displayed as:

    NUMBER-USED out of NUMBER-PURCHASED available GitHub Advanced Security licenses in use by YOUR-ENTERPRISE.

    Screenshot of the "Apply configurations" section. The current license use for the enterprise is outlined in dark orange.

  5. Optionally, to find specific repositories in your organization, filter the repository table. To learn more, see Filtering repositories in your organization using the repository table.

  6. To quickly identify the number of licenses needed to enable GitHub Advanced Security on a specific repository, in that repository's row of the repository table, read "NUMBER licenses required".

  7. To view license usage for multiple repositories in your organization, select the repositories from the repository table. In the "Apply configurations" section, you will see the number of licenses required to apply GitHub Advanced Security to the repositories, as well as the number of licenses made available if you disable GitHub Advanced Security on those repositories.

    Screenshot of the "Apply configurations" section. The potential changes to GHAS license usage for the enterprise are outlined in dark orange.

Turning off Advanced Security

The simplest way to turn off all Advanced Security features for one or more repositories is to create a security configuration where the product is disabled at the top level. You can apply this custom configuration to repositories where you want to turn off paid features.

Tip

Ensure that you give your custom configuration a very clear name, for example: "No Code Security" or "Secret Protection and Supply chain only" to avoid confusion.

For more information, see Creating a custom security configuration and Applying a custom security configuration.