Skip to content

GitHub Advanced Security can now be enabled/disabled at the repository or organization level

GitHub Advanced Security is an add-on to GitHub Enterprise which allows you to use security features like code scanning, secret scanning, and dependency review on your private repositories. To help administrators configure these features, the repository and organization settings now include controls on the use of GitHub Advanced Security features on private repositories.

Public repositories are unaffected and can access GitHub Advanced Security features by default.

Learn more about enabling Advanced Security features on

Dependabot version updates now support

  • Kotlin manifest files like .gradle.kts (gradle)
  • PHP using the latest composer v2 (composer)

These are possible thanks to community contributions to Dependabot. If you’d like to contribute an improvement to Dependabot’s support for an existing ecosystem, check out Dependabot’s contributing guidelines. At this time, we’re taking a short break from accepting new ecosystem additions in order to update support for existing ecosystems.

To enable version updates and add support for these package managers, check in a dependabot.yml file with the specified package-ecosystem.

See more