Feedback on GitHub Advanced Security (GHAS)

Honest review of GHAS feature in GitHub

Integrating security into a widely used platform like GitHub, is both a challenge and an opportunity to enhance its resilience. I believe it is now considered an obligation to secure applications at the development stage, making sure that security is a proactive process rather than a reactive one. I’m excited to share my experience with GitHub Advanced Security (GHAS), an option that helps developers and organizations, identify vulnerabilities, manage dependencies, scan for secrets and enforce best practices without human interference in every workflow. But does GHAS truly live up to its promise?

In this article, we will explore every aspect of GHAS and assess its advantages and limitations.

What is GitHub Advanced Security (GHAS)

GHAS is a free feature on public repositories, it is also an add-on for GitHub Enterprise Cloud (GHEC) and GitHub Enterprise Server (GHES), providing developers and security professionals, with a powerful security toolkit. It gets integrated seamlessly offering features like:

• Code scanning: detects security vulnerabilities in your source code using CodeQL.
• Secret scanning: identifies and prevents hardcoded secrets from being exposed or pushed in commits.
• Dependabot: raises alerts and keeps dependencies secure and up to date.
• Dependency Graph: is a feature in GitHub…