Skip to content

Secret scanning alerts link to providers’ docs

Secret scanning alerts for third party API key detections now include a link to relevant documentation provided by the service provider, where available. These links are intended to help users better understand detections and take appropriate action.

The links will appear in the alert view for all repositories with secret scanning enabled. You can enable secret scanning on your public repositories and any private repository with GitHub Advanced Security. If you have feedback on any provided links, please write us a note in our code security discussion.

example alert with provider docs

For more information:

GitHub Actions hosted runner images are now more secure than ever, with the ability to see exactly what software is pre-installed on the image that was used by the runner during your build. GitHub now attaches a software bill of materials (SBOM) as an asset to each image release for Ubuntu and Windows. Support for Mac runners is targeted for Q1 2023.

In the context of GitHub Actions hosted runners, an SBOM details the software pre-installed on the virtual machine that is running your Actions workflows. This is useful in the situation where there is a vulnerability detected, you will be able to quickly tell if you are affected or not. If you are building artifacts, you can include this SBOM in your bill of materials for a comprehensive list of everything that went into creating your software.

To check out the new files, head over to the runner-images repository release page now or check out our docs for more information.

See more

Previously, GitHub Advanced Security customers could enable push protection for all patterns supported by default.

Now, admins can also enable push protection for any custom pattern defined at the repository or organization level. Push protection for enterprise-level custom patterns will come in January.

blocked custom pattern

See more