Skip to content

The crates.io registry is now a GitHub secret scanning integrator

GitHub, the Rust Foundation, and the Rust Project are collaborating to help protect you from leaked crates.io keys.

From today, GitHub will scan every commit to a public repository for exposed crates.io keys. We will forward any tokens we find to crates.io, who will automatically disable the tokens and notify their owners. The end-to-end process takes only a few seconds.

Crates.io is the latest GitHub secret scanning integrator; since 2018, GitHub has partnered with over 100 token issuers to help keep our mutual customers safe. We continue to welcome new partners for public repository secret scanning. In addition, GitHub Advanced Security customers can scan their private repositories for leaked secrets.

We’d like to thank the crates.io team, the staff at the Rust Foundation, and the work from AWS’ Dan Gardner on this GitHub pull request that made our collaboration with Rust possible.

Learn more about secret scanning
Partner with GitHub on secret scanning

We're back again with the ability to make a copy of your project and a new automation for Enterprise accounts.

🖨️ Get started faster by copying your project’s views, custom fields and draft issues

Whether you’ve spotted a project that seems to have everything you want for your next endeavor or your team has an optimized project you want to use on repeat, ‘Make a copy’ is here to help. Quickly copy the views, custom fields and draft issues of any existing project over to a new one. We’d love your feedback; drop us a line in our discussion.

🤖 Automatically add project items (Enterprise accounts only)

Let the robots take care of adding your relevant issues and PRs to your project! Configure the auto-add workflow to automatically add new items as they are created or updated in a repository and filter to just the items you want with is, label, assignee, and reason support.

At this time, auto-add will not bulk-add items that match the filter when the workflow is enabled and is only available for Enterprise accounts. We'd love to hear your feedback as you try it out!

✨ Bug fixes and improvement

  • Enabled sorting in board view
  • Stopped resetting the omnibar when focus is lost
  • Updated the + button to add a column in board view

See how to use GitHub for project planning with GitHub Issues, check out what's on the roadmap, and learn more in the docs.

See more

Organizations and enterprises using branch protections may see false-alert flags in their security log for protected_branch.policy_override and protected_branch.rejected_ref_update events between January 6 and January 11, 2023.
These events were improperly emitted due to a change in the underlying logic that checks if branch protection criteria have been met.

No action is required from impacted users with regards to these events. GitHub has a policy to not delete security log events, even ones generated in error. For this reason, we are adding flags to signal that these events are false-alerts.

an audit log entry with the flash message displayed above it

See more