GHAS - Visualizing Code Scanning results of a pull request requires GHAS license ?

[Gio687351]

Select Topic Area

Question

Body

Hello,

I am organizing the implementation of GHAS within my organization and I need to know if a developer needs to have a GHAS license if he only wants to visualize code scanning results on a Pull Request.

Developer A submit a pull requests that trigger a scan and that has to be reviewed and fixed by Developer B. I know that Developer A needs a license because he submit a pull request that trigger a scan. But does Developer B require also a license if he only needs to visualize the code scanning result and to fix the issues before asking Developer A to submit again the pull request?

I'm looking forward to your help!
Gio,

[ghostinhershell]

Hi @Gio687351,

Thanks so much for reaching out in our community 👋🏾 You must have an available GitHub Advanced Security (GHAS) license for each unique active committer to enable GHAS features on a private repository. To learn about GHAS licensing, as well as unique and active committers, see our support docs: About billing for GitHub Advanced Security.

Let me know if that answers your question here!

[Gio687351]

Hi @ghostinhershell,

Thank you very much for your answer. So doest that mean that if developper A has a GHAS license because he can do the pull request that triggers the scan, developper B can view the results without the need of having himself another license right ? Viewing the results of a scan doesn't require a license ?

[ghostinhershell]

That's correct @Gio687351, anyone with "write" access should be able to see code scanning alerts, even if they don't have a GHAS license.

[Josefina07]

Does Developer B count as an active committer if they only review scan results?

[felickz]

No, they are identified as active based on the logic defined here.

[github-actions[bot]]

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬