Category Forms on GitHub Discussions

Maintainers of GitHub repositories can now use Category Forms to create templates for their Discussions, which means that users can start new discussions with all the necessary information already included. We hope this leads to less repetitive back and forth conversation with maintainers, as users are more likely to capture all relevant details in their first Discussion post.

Similar to Issue Forms, maintainers can create a discussion template, which will live in .github/DISCUSSION_TEMPLATE/. Each template will map 1:1 with the available Discussion Categories slugs. For example, the template for the “Announcements” category will be .github/DISCUSSION_TEMPLATE/announcements.yml. Once created, Category Forms in Discussions will be familiar to users who have seen them in issues:

Learn more about Category Forms
For questions or feedback, please visit our community.

Persona is now a GitHub secret scanning partner

GitHub secret scanning protects users by searching repositories for known types of secrets. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.

We have partnered with Persona to scan for their API keys and help secure our mutual users on all public repositories and private repositories with GitHub Advanced Security. Persona API keys allow users to create, update, and interact with their identity-related data. GitHub will forward API keys found in public repositories to Persona, who will notify affected customers and work with them to rotate their API keys. You can read more information about Persona API keys here.

GitHub Advanced Security customers can also scan for Persona API keys and block them from entering their private and public repositories with push protection.

Learn more about secret scanning
Partner with GitHub on secret scanning

See more

GitHub Actions – Updating the default GITHUB_TOKEN permissions to read-only

Previously, GitHub Actions gets a GITHUB_TOKEN with both read/write permissions by default whenever Actions is enabled on a repository.
As a default, this is too permissive, so to improve security we would like to change the default going forward to a read-only token. You can still flip it to read/write if needed.

This change will not impact any existing enterprises, organizations or repositories. Here is how the defaults are set going forward.

  1. Enterprises: New enterprises will have read-only token.
  2. Organizations owned by Enterprise: New organizations will inherit the permissions from parent enterprise.
  3. Organizations not owned by Enterprise: New organizations will have read-only token.
  4. Repositories owned by organization: New repositories will inherit permissions from parent organization.
  5. Repositories owned by personal account: New repositories will have read-only token.
See more
View all changes