Users can enable push protection for themselves

Secret scanning's push protection feature prevents supported secrets from being pushed into repositories, and has to date been enabled at the repository, organization, or enterprise level.

Now, everyone across GitHub can enable push protection for themselves within your individual settings. This ensures your pushes are protected whenever you push to a public repository on GitHub, without relying on that repository to have push protection enabled.

To opt in, go to the "Code security and analysis" section of your personal settings. Next to "Push protection for yourself", click Enable.

GitHub will enable push protection for all GitHub Free individuals by default in January, 2024.

Sudo mode now applies to the administrator account for an Enterprise Managed User enterprise

The administrator account (ending in _admin) of Enterprise Managed User enterprises is now required to enter sudo mode before taking sensitive actions. As with standard user accounts, the administrator must provide their password or a second factor credential to enter sudo mode.

Sudo mode is a GitHub security feature that validates the user's session before they perform a sensitive action, like creating a personal access token, deleting an organization, or updating their credentials.

Until now this mode was disabled for all Enterprise Managed Users (EMUs), as they had no credentials on GitHub.com and therefore could not provide one for the sudo mode prompt. As a result, EMU accounts are able to take sensitive actions without being asked for a credential. However, the admin for the EMU enterprise does have credentials on GitHub.com and will now be asked for them before taking sensitive actions.

For more information about sudo mode, see "Sudo mode". To learn more about Enterprise Managed Users, see "About Enterprise Managed Users".

See more

The GitHub Enterprise Server 3.10 Release Candidate is available

The GitHub Enterprise Server 3.10 release candidate is here

GitHub Enterprise Server 3.10 gives customers more control over how their instance is used and run. Here are a few highlights:

  • Code Scanning configuration can be customized per repository, allowing repository owners to decide which languages to analyze by default.
  • Fine-grained personal access tokens (PATs) are now available as a public beta on Enterprise Server, giving developers and administrators granular control over the permissions and repository access granted to a PAT.
  • Assess security risk and coverage data across all organizations in an enterprise via the Code Security tab.
  • Define who can merge pull requests, and how they are merged, to make it easier for you to meet your compliance and security goals.
  • Reduce data transfer required to backup your Enterprise Server by utilizing incremental backups of MySQL data in backup-utils v3.10.0.
  • GitHub Projects is now generally available in Enterprise Server.

If you are upgrading from Enterprise Server 3.8 then this release also includes an upgrade from MySQL 5.7 to 8, which will increase I/O utilization. Please read this page for more details on this increase and how to mitigate it if you see an unacceptable degradation of performance on your instance.

Release Candidates are a way for you to try the latest features at the earliest time, and they help us gather feedback early to ensure the release works in your environment. They should be tested on non-production environments. Here are some highlights for this release. Read more about the release candidate process.

Read more about GitHub Enterprise Server 3.10 in the release notes, or download the release candidate now. If you have any feedback or questions, please contact our Support team.

See more
View all changes