Skip to content

Webhook forwarding in the GitHub CLI

Following a successful beta with lots of great customer feedback, webhook forwarding in the GitHub CLI is now available to everyone.

Webhook forwarding makes it easy to test your webhooks integration in your local environment without having to worry about port forwarding.

All it takes to start receiving webhooks locally is one simple command:

gh webhook forward --repo monalisa/hello-world --events issues,pull_request --url http://localhost:4000/webhooks

To learn more, head over to "Receiving webhooks with the GitHub CLI" in the docs.

Code scanning default setup is now available for Go!

Default setup automatically finds and sets up the best CodeQL configuration for your repository. It detects the languages in the repository and enables CodeQL analysis for every pull request and every push to the default branch and any protected branches. A repository is eligible for default setup if it uses GitHub Actions and contains JavaScript/TypeScript, Python, Ruby or Go.

You can use default setup on your repository's "Settings" tab under "Code security and analysis".

Code scanning default setup Go

This new feature is available on GitHub.com today, and will also ship with GHES 3.10. More language support will be provided soon, and all other CodeQL-supported languages continue to work using a GitHub Actions workflow file. The options to set up code scanning using API uploads or third party analysis tools remain supported and are unchanged.

For more information on code scanning default setup, see Configuring code scanning automatically.

See more

Users with access to secret scanning alerts can now view metadata for any active GitHub token leaked in their repositories. Metadata includes details like the token's owner, expiration date, and access permissions. With this information, security teams can assess a leak's potential impact and prioritize remedial action accordingly.

This feature builds on our previous release in January, which introduced validity checks for leaked GitHub tokens.

github

See more