Skip to content

Dependency review support for dependency submission results

Dependency review now works with your dependencies from the dependency submission API. Dependency review enforces policies around vulnerabilities and acceptable licenses in the pull request. Previously, dependency review could not be used with another feature of the dependency graph called the dependency submission API. The dependency submission API helps developers get a more accurate set of transitive dependencies, particularly for complex ecosystems like Gradle or Scala which require a build to resolve all transitive dependencies.

To take advantage of this improvement, update to the latest version of the dependency review action, or follow the instructions in our documentation.

For more information, see our documentation about dependency review, the dependency submission API, and some best practices for using dependency review and the dependency submission API together.

Public documentation of the SCIM API for Enterprise Managed Users (EMU) is now available.

Administrators of EMU enterprises can use a token with the admin:enterprise scope to make GET requests from SCIM clients. With this read access, you can directly reconcile GitHub's understanding of SCIM-defined users and groups with your federated identity groups for auditing purposes.

Write requests to these APIs are possible through our published IdP applications, or through a new private beta that offers direct API access.

To get write access to these APIs in beta, register your interest here.

See more

We're making changes to the IP addresses used by GitHub Enterprise Importer for outbound network connections. These changes will take affect at 00:00 UTC on September 18, 2023.

If you're running migrations with GitHub Enterprise Importer and you have IP allowlisting enabled on your migration source or target, or an Azure Blob Storage or Amazon S3 account which you use for migrations, then you'll need to update your allow list.

For a full list of our IP ranges and more information, see "Configuring IP allow lists for migrations" in the GitHub Docs (

Owners of organizations affected by this change were already sent an email notification on August 18, 2023, providing 30 days' notice.

See more