Announcing the public preview of GitHub Advanced Security for Azure DevOps
GitHub Advanced Security for Azure DevOps is now available for public preview, making GitHub’s same application security testing tools natively available on Azure Repos.
We shipped a ton of updates in November, from the push notification for PR review activities on the go, to an easy way to create Markdown links.
We shipped a ton of updates for you in November, from the push notification for pull request review activities when you’re on the go, to an easy but potent way to create links in Markdown (or, as we like to call it, to “linkify” text).
We delivered on some key improvements that we think you’ll enjoy. Creating links in Markdown has never been easier. You can now copy a link, select the text you want to linkify, and for the final step, paste it. Et voila! Another feature we’re excited about is the light high contrast theme. It’s personally one of my favorites as it offers greater contrast between foreground and background elements. Make sure to check it out! Lastly, we launched a highly-requested feature from the community, which is to allow the reordering of tabs in the new GitHub Projects (in beta). We have a lot more to share!
You can now preview renderings of Markdown files that you edit in GitHub Gist, just like you can preview renderings on GitHub.com. A “Preview” or “Preview changes” tab will display a Markdown rendering of your file contents.
If you use assistive technologies, like voice input, we’re happy to announce that you can now turn off keyboard shortcuts that use a single character (like a period) so that you don’t accidentally trigger them. Manage your keyboard shortcuts using our new accessibility settings page.
We’ve also added native support for right-to-left languages in Markdown files, issues, pull requests, discussions, and comments!
In other news, organization owners can now unsubscribe from email notifications when new deploy keys are added to repositories belonging to their organizations.
November was an Actions-packed month. 😄
To start, we made reusable workflows generally available. This feature reduces duplication by enabling you to reuse an entire workflow as if it were an action. We’ve made a few improvements since the October beta.
Also of note, the setup-python action now supports dependency caching, enabling you to run workflows for Python projects faster. It supports caching for both pip and pipenv projects. Check out the setup-python repository for examples.
You want to run workflows even _faster? _We have good news. Cache size has increased to 10GB per repository, which is double what it used to be, so that you can cache bigger dependencies from previous jobs.
A few more Actions updates:
stringtype, we now support
If you use Actions self-hosted runners, you can now list, add, and remove runner labels via API. In addition, the expiration dates of SAML-authorized personal access tokens can now be retrieved via API.
GitHub’s latest 2021 SOC 1, Type 2 and SOC 2, Type 2 compliance reports are now available. If you’re a GHEC admin, you can find them in the “Compliance” tab of your enterprise account:
For organizations, these reports are under the “Organization Security” tab of your organization:
In other enterprise news:
The @mention suggester now ranks participants in issues, pull requests, and discussions higher than non-participants so that the person you’re looking for is more likely to be listed first.
If you’re the admin of an organization, you can now moderate disruptive behavior from your mobile device. Tap Block from organization from the comment menu on an issue, pull request, or discussion to block a user and hide their comments.
GitHub Mobile also now supports push notifications for activities related to pull request review. You’ll get notified when someone approves, comments, or requests changes.
Pull requests settings become more customizable this month. You can now require that changes to a protected branch of your repository be made via pull request, but without requiring reviews. This can be useful when you want to use pull requests for tracking purposes or to simplify your CI configuration, but you don’t want to make merging contingent upon review.
A couple more quality-of-life improvements to the review process:
If you use custom GitHub Pages domains, you can now verify those custom domains to protect against takeover attacks. Learn how to verify your custom domain.
Did someone invite you to a repository? It just got easier to join and start contributing. For private repositories, you’ll now receive notifications just like you do for public repositories. Also, when you navigate to a private repository with a pending invitation, you’ll see a prompt to accept the invite (instead of a 404 error page 😅). Meanwhile, for pending invites to public repositories, a banner above the repository overview will indicate that you have a pending invite.
In other news:
If you want to specify whether an image is shown to viewers using a light or dark GitHub theme, you can now append
#gh-light-mode-only to the end of an image URL. Try it out!
If you use CodeQL, you’re likely familiar with the help text that displays in the code scanning UI when a default query generates an alert, which provides details about the problem. With the latest CodeQL CLI release, you can add Markdown-rendered query help in SARIF files for your own custom queries. These will be uploaded to GitHub and displayed in code scanning.
It’s gotten easier to debug problems with CodeQL code scanning, too. An optional flag in the Actions workflow file will trigger diagnostic data to be uploaded as an artifact to your Actions run. The artifact contains the CodeQL logs, CodeQL databases, and SARIF files that were produced.
One final CodeQL update. Developers and security researchers using the CodeQL CLI and Visual Studio Code extension can now build databases and analyze code on machines powered by Apple Silicon (for example, Apple M1)!
A few more security-related updates:
Do you want to see which links your sponsors are coming to you from? Try adding custom parameters to your sponsorship URL!
Take a look at our public roadmap for what’s coming next, follow GitHub Changelog on Twitter, and check back on the GitHub Blog for another recap next month.