About Advanced Security products
has many features that help you improve and maintain the quality of your code. Some of these are included in all plans, such as dependency graph and Dependabot alerts.
Other security features require you to purchase one of 's Advanced Security products:
- Secret Protection, which includes features that help you detect and prevent secret s, such as secret scanning and push protection.
- Code Security, which includes features that help you find and fix vulnerabilities, like code scanning, premium Dependabot features, and dependency review.
Some of these features, such as code scanning and secret scanning, are enabled for public repositories by default. To run the feature on your private or internal repositories, you must purchase the relevant Advanced Security product.
You must be on a Team or Enterprise plan in order to purchase Code Security or Secret Protection. For more information, see ’s plans and About billing for Advanced Security.
Code Security
You get the following features with Code Security:
Code scanning: Search for potential security vulnerabilities and coding errors in your code using CodeQL or a third-party tool.
CodeQL CLI: Run CodeQL processes locally on software projects or to generate code scanning results for upload to .
Copilot Autofix: Get automatically generated fixes for code scanning alerts.
Security campaigns: Reduce security debt at scale.
Custom auto-triage rules for Dependabot: Manage your Dependabot alerts at scale, by automating which alerts you want to ignore, snooze, or trigger a Dependabot security update for.
Dependency review: Show the full impact of changes to dependencies and see details of any vulnerable versions before you merge a pull request.
Security overview: Understand the distribution of risk across your organization.
The table below summarizes the availability of Code Security features for public and private repositories.
| Public repository without Secret Protection | Private repository without Code Security | Public or private repository with Code Security | |
|---|---|---|---|
| Code scanning | |||
| CodeQL CLI | |||
| Copilot Autofix | |||
| Security campaigns | |||
| Custom auto-triage rules | |||
| Dependency review | |||
| Security overview |
For more information about features, see security features.
Secret Protection
You get the following features with Secret Protection:
Secret scanning: Detect secrets, for example keys and tokens, that have been checked into a repository and receive alerts.
Push protection: Prevent secret s before they happen by blocking commits containing secrets.
Copilot secret scanning: Leverage AI to detect unstructured credentials, such as passwords, that have been checked into a repository.
Custom patterns: Detect and prevent s for organization-specific secrets.
Delegated bypass for push protection and Delegated alert dismissal: Implement an approval process for better control over who in your enterprise can perform sensitive actions, supporting governance at scale.
Security overview: Understand the distribution of risk across your organization.
The table below summarizes the availability of Secret Protection features for public and private repositories.
| Public repository without Secret Protection | Private repository without Secret Protection | Public or private repository with Secret Protection | |
|---|---|---|---|
| Secret scanning | |||
| Push protection | |||
| Copilot secret scanning | |||
| Custom patterns | |||
| Delegated bypass for push protection | |||
| Security overview |
For more information about individual features, see security features.
Run an assessment of your organization's exposure to secret s
Organizations on Team and Enterprise can run a free report to scan the code in the organization for secrets. This can help you understand the current exposure of repositories in your organization to secrets, as well as help you see how many existing secret s could have been prevented by Secret Protection. See About the secret risk assessment.
Deploying Code Security and Secret Protection
To learn about what you need to know to plan your deployment of Code Security and Secret Protection at a high level and to review the rollout phases we recommended, see Adopting Advanced Security at scale.
Enabling features
You can quickly enable security features at scale with the -recommended security configuration, a collection of security enablement settings you can apply to repositories in an organization. You can then further customize Advanced Security features at the organization level with global settings. See About enabling security features at scale.
If you are on a Team or Enterprise plan, license use for the entire team or enterprise is shown on your license page. See Viewing and downloading licensed use of Advanced Security.
About Advanced Security Certification
You can highlight your knowledge by earning a Advanced Security certificate with Certifications. The certification validates your expertise in vulnerability identification, workflow security, and robust security implementation. See About Certifications.
About Advanced Security with Azure Repos
If you want to use Advanced Security with Azure Repos, see Advanced Security & Azure DevOps in our resources site. For documentation, see Configure Advanced Security for Azure DevOps in Microsoft Learn.