Previously, three aspects of repository forks caused friction to innersource collaboration and administration:
Repositories could not be forked within a single organization.
Repositories with internal visibility could not be forked to an organization.
Enterprise owners lacked control over where repositories could be forked.
These obstacles have been addressed with the following new features. We’re always looking for new ways to improve repository collaboration and we welcome your ideas.
Fork a repository to the same organization as its parent
Previously, a repository could be forked only to a different organization or user account.
Now, a repository can be forked to the same organization as its parent repository, addressing situations where people are working in one organization and don’t want to fork a repository to a different organization or user account.
Fork internal repositories to enterprise organizations
Previously, when a repository with internal visibility was forked, the fork was automatically created in the person’s personal account space and its visibility was changed to private.
Now, people can fork an internal repository to an organization in the same enterprise, and the fork will retain its internal visibility. When forking an internal repository, you can choose which of the enterprise’s organizations should receive the fork – similar to forking a public repository, except that:
The destination organizations will be limited to those within the enterprise of the parent repository.
You will not be permitted to change the internal visibility of the fork while forking it.
Enterprise owners can limit where forks can be created
Previously, enterprise owners couldn’t restrict where repositories in the enterprise could be forked. This was important for them to keep confidential repositories from accidentally being forked to an exposed location.
Now, enterprise owners can control where enterprise members can fork repositories. Forking can be limited to preset combinations of enterprise organizations, the same organization as the parent repository, user accounts, and everywhere.
The GitHub Advisory Database now includes curated security advisories on Erlang [Hex], Elixir, and more. This brings the Advisory Database to nine supported ecosystems, including: Composer, Go, Maven, npm, NuGet, pip, RubyGems and Rust.
Support for this ecosystem in the dependency graph and Dependabot alerts will be available in the future.