Skip to content

Container signing added to the Publish Docker Container workflow for GitHub Actions

We have added support for sigstore container signing to the default GitHub Actions starter workflow for publishing container images. New workflows on public repositories will use this by default. If you have an existing workflow, you will need to update your workflow to take advantage of this capability.

For more information, please read the announcement on the GitHub Blog.

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans may prevent data leaks and any fraud associated with exposed data.

We have partnered with Typeform to scan for their access tokens and help secure our mutual users. Typeform API tokens allow Typeform users to create forms, retrieve responses, and configure webhooks. More information about Typeform API tokens can be found here.

We’ll forward access tokens found in public repositories to Typeform, who will verify and automatically disable the token. Typeform will then notify the user with the detection details (token name, where it was detected, and the token scopes).

We continue to welcome new partners for public repo secret scanning. GitHub Advanced Security customers can also scan their private repositories for leaked secrets.

See more

By default Codespaces time out after 30 minutes of inactivity. We’ve heard from many users that they have a desire to extend this up to an entire workday. You can now set a default idle timeout for your codespaces from five minutes to four hours, as well as override the idle timeout for an individual codespace using the gh CLI.

For more information, see “Setting your timeout period for Codespaces”.

See more