A new release of GitHub Enterprise is now available with improvements for developers and administrators alike. With GitHub Enterprise 2.7, we’re introducing GPG signature verification — a new way for…
A new release of GitHub Enterprise is now available with improvements for developers and administrators alike. With GitHub Enterprise 2.7, we’re introducing GPG signature verification — a new way for teams to protect their projects and definitively know who authored a commit. The release also includes several API previews to help you create integrations that enforce customized policies and fit your workflows.
Continuing the effort to make collaboration seamless, GitHub Enterprise 2.7 adds new tools for developers, designers, product managers, and team leads to work together and communicate. Updates include the ability to assign multiple people to an issue, reorder task lists, and labels to indicate whether an issue or pull request comment has been edited.
Ready to upgrade? Download GitHub Enterprise 2.7.
When building software with a large or distributed team, it’s important to validate that commits and tags are coming from an identified source. Now you can definitively know who authored code or pushed a change to production with GPG signature verification.
When you view a signed commit or tag, you can see a badge indicating if the signature can be verified using any of the contributor’s GPG keys uploaded to your GitHub Enterprise appliance. This makes it easy to see if a signature is from a verified key that GitHub trusts. To learn more about how to generate a GPG key and start signing your work, check out our documentation on GPG.
You know your workflow best. To help you work the way you want to, this update includes a series of significant API updates that allow you to further customize GitHub Enterprise, build integrations, and use automation to enforce policies. Check out the documentation for the pre-receive hooks API, protected branches API, reactions API, locking and unlocking issues via the API, and squashing pull requests in the API.
The release also adds ways for you to streamline your development process:
Upgrade today so you and your team can start using GPG signature verification and keep improving the way you work. You can also check out the release notes to see what else is new or enable update checks to automatically check for the latest releases of GitHub Enterprise.
To learn more about GitHub Enterprise 2.7 and the future of software, come to GitHub Universe on September 13-15.
Start your free trial for 30 days and increase your team’s collaboration. $21 per user/month after trial expires.
Curious about other plans?
In March, we experienced two incidents that resulted in degraded performance across GitHub services.
This blog post is an in-depth walkthrough on how we perform security research leveraging GitHub features, including code scanning, CodeQL, and Codespaces.
In this post, I’ll look at CVE-2023-6241, a vulnerability in the Arm Mali GPU that allows a malicious app to gain arbitrary kernel code execution and root on an Android phone. I’ll show how this vulnerability can be exploited even when Memory Tagging Extension (MTE), a powerful mitigation, is enabled on the device.
Dirkjan Bussink 
