Code scanning default setup now analyzes on a weekly schedule

In addition to scanning push and pull requests, code scanning default setup now also analyzes repositories on a weekly schedule. This ensures that a scan with the most recent version of CodeQL is run regularly on your code, better protecting both active and inactive repositories. This allows users to always benefit from CodeQL engine and query improvements which are continuously released, and which could uncover new potential vulnerabilities.

When setting up code scanning, the fixed time for the weekly scan is randomly chosen. The scan will take place at the same time every week, and the schedule is displayed after the setup is completed, so you can easily see when the next scheduled analysis will occur. The scheduled analysis will be automatically disabled if a repository has seen no activity for 6 months. Opening a PR or pushing to the repo will re-enable the scheduled analysis.

Screenshot that shows the weekly scheduled scan

This has shipped to GitHub.com and will be released with GitHub Enterprise Server 3.11.

With the Repository Actions Runners List, you can now view all available runners in the Actions tab of a repository. This feature is now in public beta and will be gradually released in the upcoming weeks.

The runner types listed include Standard GitHub-hosted, Larger GitHub-hosted (for faster builds), Self-hosted, and Scale-sets.

Repository Actions Runners List

For some benefits of using the Repository Actions Runners List:

  • Visibility across all GitHub Actions runners: Users with repo:write access can now view runner options without needing to rely on internal documentation or contacting a Repo admin or an Organization owner for runner label names.
  • Faster access to runner labels: Quickly view and copy labels for all runners, making it straightforward to identify the type of runner you need and use it in a workflow.

To access the Repository Actions Runners List:

  1. Navigate to the main page of the repository.
  2. Click the “Actions” tab under your repository name.
  3. Under the “Management” section in the left sidebar, click on “Runners”.
  4. Explore the available runners for the repository and copy runner labels as needed.

Note: Enterprise and Organization owners can also create new runners from this page from the “New runner” button.

This feature is available to users with:

  • Free and Pro Personal Accounts
  • Free Organizations
  • Paid Organizations on the Team and GitHub Enterprise Cloud plans

Note: This feature is not currently available to users in Organizations on the GitHub Enterprise Server and Legacy plans, or Enterprise Managed Users.

If you have any feedback to help improve this experience, be sure to post it on our GitHub Community Discussion.

See more

If you are using Dependabot grouped version updates (currently in public beta), you can now group your pull requests by semantic version update level. This addition is designed to help reduce the risk of introducing a breaking change through an update.
To use this new functionality, add a new update-types key in your group rule, as shown below:

groups:
  angular:
    patterns:
    - "@angular*"
    update-types:
    - "minor"
    - "patch"

The update-types key accepts values "major," "minor," and "patch," following the SemVer structure of major.minor.patch.

This new key works alongside existing grouping parameters such as patterns, dependency-type, and exclude-patterns, allowing you to fine-tune the grouped pull requests that Dependabot creates for you!

Learn more about configuring grouped Dependabot version updates

See more