Interested in bringing GitHub Enterprise to your organization?
Start your free trial for 30 days and increase your team’s collaboration. $21 per user/month after trial expires.
Curious about other plans?
GitHub Enterprise Server 3.5 focuses on adding more security features to keep your code secure, along with updates to our developer experience and additional automation features.
This latest version brings more than 60 new features, with an emphasis on new capabilities for GitHub Advanced Security.
Since releasing the Container registry to GitHub Packages last year, developers are using the registry to publish and manage thousands of containers and consume these containers millions of times on a daily basis.
Starting with GitHub Enterprise Server 3.5, customers will have access to the GitHub Container registry, which admins can enable from the management console. With this release, customers can now:
Now, all customers hosting their own GitHub Enterprise Server instance will be able to take advantage of all that Dependabot has to offer. This has been a long time in the making and fulfills one of our most common feature requests from GitHub Enterprise Server customers. For those unfamiliar, Dependabot consists of three services:
Reusable workflows, formally known as “templates,” is the key component of centrally managed workflows. This feature enables you to reuse an entire workflow as if it were an action. Instead of copying and pasting workflow definitions across repositories, you can reference an existing workflow with a single line of configuration.
GitHub Actions enables customers to cache intermediate outputs and dependencies for their workflows, which is an effective way to make jobs faster.
In addition to restricting which repositories can access specific enterprise and organization runner groups, administrators can further control access by selecting specific workflow files and versions. Combining this feature with reusable workflow can help you create more secure standard workflows in your organization.
You now have more control over when your self-hosted runners perform software updates. If you specify the
--disableupdate flag to the runner then it will not try to perform an automatic software update if a newer version of the runner is available. This allows you to update the self-hosted runner on your own schedule, and is especially convenient if your self-hosted runner is in a container.
We are introducing a new option for maintenance settings to keep GitHub Enterprise Server in a healthy state to serve production traffic after any operational changes while in maintenance mode. This modification enables administrators to only allow a set of certain IP addresses access to the appliance.
Customers can now gather 41 GitHub Enterprise Server metrics to understand how they are using the platform. These metrics will give insights into how the users are utilizing the product, clarity on how teams operate, and gain maximum value from all aspects of GitHub Enterprise Server.
Three new events,
git.clone, git.fetch, and git.push,will be incorporated alongside existing audit log events and available for search via the UI, export via JSON/CSV, and search via the API and streaming. Customers will be able to more fully observe UI and CLI activity on their account through the audit log. This will help customers to better meet administration, compliance, and security response needs.
GitHub Advanced Security customers can now block pushes that include secrets. Push protection scans for highly identifiable secrets with a false positive rate of less than 1%. Developers can review the identified secrets and remove them or, if needed, bypass the block. For more information, see “Protecting pushes with secret scanning.”
GitHub Advanced Security customers now have access to a security overview at both the organization and enterprise level. The security overview aggregates security results, with both repo-centric and alert-centric views for secret scanning, Dependabot, and code scanning.
A poorly authored custom pattern can create thousands of results across an organization or repository. To solve this, GitHub Advanced Security customers can now dry-run scans before publishing them. Dry runs can be used at the organization-level and repository-level, and are in public beta.
GitHub Advanced Security customers can now benefit from a range of improvements to CodeQL, including support for new languages, improved detection for a large number of CWEs, and performance improvements. More details.
To learn more about all the new features in GitHub Enterprise Server 3.5, read the release notes or download it today. Are you using the latest GitHub Enterprise Server version? Use the Upgrade Assistant to find the upgrade path from your current version of GitHub Enterprise Server to your desired version.