Skip to content

Dependabot hardens support for private registries

We've hardened our Dependabot support for private registries such that it will no longer make package requests to public registries if private registries are configured for the following ecosystems:

  • Bundler
  • Docker
  • Gradle
  • Maven
  • npm
  • Nuget
  • Python
  • Yarn

Learn more about configuring Dependabot version updates to only access private registries.

Now admins can transfer and rename a repository at the same time. Before, each action was separate.

In the transfer repository screen, choose “Select one of my organizations”. The “Repository name” field will appear below. You must be an admin on the target organization to rename the repository. Renaming isn’t available if you “Specify an organization or username”.

Optionally change the name the repository will have after transferring. Then complete the transfer!

Learn more about transferring a repository.

See more

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.

We have partnered with Telnyx to scan for their tokens and help secure our mutual users on all public repositories and private repositories with GitHub Advanced Security. Telnyx tokens allow users to manage their usage and resources on the Telnyx communications and connectivity platform.

GitHub will forward access tokens found in public repositories to Telnyx, who will immediately reach out to the user and work to swiftly rotate the key. More information about Telnyx tokens can be found here.

GitHub Advanced Security customers can also block Telnyx tokens from entering their private and public repositories with push protection.

Learn more about secret scanning
Learn more about protecting pushes
Partner with GitHub on secret scanning

See more