GitHub Advanced Security customers using secret scanning can now specify a custom link that will show in the error message when push protection detects and blocks a potential secret. Admins can use the custom link to provide their developers with a point of reference on best practices with secrets.
Learn more about protecting pushes with secret scanning.
We updated the web UI to make keeping forks in sync with their upstream repositories more intuitive. "Fetch upstream" has been renamed to "Sync fork," which better describes the button's behavior. If the sync causes a conflict, the web UI prompts users to contribute their changes to the upstream, discard their changes, or resolve the conflict.
OpenID Connect (OIDC) support in GitHub Actions is now enhanced to support secure cloud deployments at scale.
Org & repo admins can use the new OIDC API support to:
subject claim format.issuer url with their enterprise slug repository_id and repo_visibility.Learn more about Security hardening your GitHub Workflows using OpenID Connect.