GitHub Advanced Security customers can now view bypasses of secret scanning's push protection in the enterprise and organization audit logs. The GitHub REST API and webhooks now also contain bypass information.
Dependency graph now supports submissions through the dependency submission API (beta). This enables you to add dependencies, such as those resolved when software is compiled or built, to the dependency graph. Submitted dependencies will appear in a repository’s dependency graph and any associated vulnerabilities will trigger Dependabot alerts.
Releasing alongside the dependency submission API are the:
- Go Dependency Submission GitHub Action, which detects and submits Go dependencies to your dependency graph
- Dependency Submission Toolkit, which can be used to write workflows to submit dependencies to a repository