New limits affecting the Checks API

The Checks API now has a limit of 1,000 check runs with the same name per check suite.

Using checks, you can run checks against code changes in a repository, as either a check run or a check suite. For two check runs with the same name, only the most recent check run is displayed in the UI, but older versions can be queried via the API.

The new limit restricts how many check runs are stored with the same name, to a maximum of 1,000. If the limit is exceeded, only the most recent 1,000 runs are stored, and older runs are deleted. This change affects both newly created check suites and new check runs in existing check suites. Existing check runs are not affected unless the limit is newly exceeded.

Our Secret Scanning program adds new partners

Secret leaks are one of the most common security mistakes, and they can have disastrous consequences. GitHub Secret Scanning looks for leaked secrets in all public repositories, and enrolled private repositories, and works with the issuer to notify the developer and/or revoke the token as appropriate. This protects users from fraud and data leaks.

In addition to our 29 existing partners, GitHub has partnered with Clojars, Mailchimp, Finicity, and Plivo to scan for their developer tokens! This brings our total number of token scanning partners to 33.

See more

Code scanning API

If you are enrolled in the GitHub Advanced Security code scanning beta, we are releasing new APIs for you to start using. This release also includes some breaking changes to the existing code scanning /alerts API.

New capabilities

  • Get recent code scanning analyses for a repository
  • Update the state of a code scanning alert
  • Upload a SARIF file to create alerts from your GitHub App or GitHub Actions workflow
  • Get webhook events for code scanning alerts

Breaking changes

  • The existing code scanning /alerts endpoint has changed.
    • open has been replaced by state, which can have values open, fixed, or dismissed
    • closed_at, closed_reason, and closed_by have been replaced by dismissed_at, dismissed_reason and dismissed_at.
    • Rule properties are now nested within a rule object
    • Tool properties are now nested within a tool object
    • You can now get status about alerts across multiple branches. This state is stored in the instances object

For more information, see the code scanning API reference

See more
View all changes