Codespaces Repository Access and Security Setting Removal

On December 21st, 2023 GitHub Codespaces plans to remove the deprecated Repository Access and Security setting.

repository-access-setting-disabled

Rather than configuring cross-repository access at the account level, we now recommend declaring cross-repository dependencies and permissions directly within your devcontainer.json. This approach enables each development container to declare its own minimum set of permissions to operate, rather than allowing unrestricted access to other repositories your account can access.

This change will impact users and organizations that have set the Repository Access and Security setting to either selected or all repositories, and have not configured any development container level permissions. You will receive an email if you or any organizations you own may be impacted by this change.

To ensure continuity of usage, you will need to declare cross-repository permissions within each devcontainer.json, enabling access to each repository that a development container needs to access. You can test that you have successfully transferred all permissions by toggling the Access and Security setting to Selected Repositories and removing all entries once you have completed the conversion.

Please reach out to GitHub Support if you have any issues or questions.

Additional References

Mercury is now a GitHub secret scanning partner

GitHub secret scanning protects users by searching repositories for known types of secrets such as tokens and private keys. By identifying and flagging these secrets, our scans help prevent data leaks and fraud.

We have partnered with Mercury to scan for their license keys and help secure our mutual users on public repositories. Mercury tokens allow users to automate your banking needs through their API. GitHub will forward tokens found in public repositories to Mercury, who will then revoke them, keeping your account safe. Read more information about Mercury tokens.

All users can scan for and block Mercury tokens from entering their public repositories for free with push protection. GitHub Advanced Security customers can also scan for and block Mercury tokens in their private repositories.

See more

Migrate tag protections to repository rules

We’ve now made migrating existing tag protection rules into repository rules easy. With a few clicks, you can take multiple tag protection rules and turn them into a single ruleset or turn each rule into corresponding rulesets for more granular control.

GIF of importing tag protection rules to repo rules.

Tag protection rules control who can create, update, and delete tags. Moving your tag protections to repository rules allows you to require status checks, deployments to pass, and signed commits. You also get the rest of the repository rules power, with configurable enforcement status, bypass lists, and flexible targeting.

For GitHub Enterprise Cloud customers, you can pair metadata restrictions with your tag protection to manage commit messages and control the names of your tags. 

Click here to learn more. If you have feedback, please share and let us know in our community discussion.

See more
View all changes