Skip to content

GitHub Enterprise Cloud compliance reports for 2022 are now available

GitHub Enterprise Cloud administrators can now download and view the latest GitHub SOC 1, Type 2 and SOC 2, Type 2 compliance reports for 2022.

To learn more, please review our documentation on how to access compliance reports for your enterprise or for your organization.

LocalStack is now a GitHub secret scanning partner

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.

We have partnered with LocalStack to scan for their API key tokens and help secure our mutual users on public repositories. LocalStack's tokens allow for activation of the advanced LocalStack features for their Pro/Team/Enterprise products. GitHub will forward access tokens found in public repositories to LocalStack, who will immediately notify users and revoke any compromised tokens. You can read more information about LocalStack's tokens here.

GitHub Advanced Security customers can also scan for LocalStack tokens and block them from entering their private and public repositories with push protection.

See more

Dependabot version updates for Docker image tags in Kubernetes manifests

Dependabot version updates now proactively updates Docker image tags in Kubernetes manifests.

When specifying the Docker ecosystem in dependabot.yml include an entry for each directory where a Kubernetes manifest which references Docker image tags is located. Kubernetes manifests can be either Kubernetes Deployment YAML files or Helm charts. Dependabot will parse the unrendered version of the manifest in order to keep your Docker image tags updated.

Learn more about configuring Dependabot version updates.

See more
View all changes