GitHub Advanced Security users can now use the REST API to retrieve the validity status of a secret scanning token and retrieve all tokens of a particular validity status. The API will return the status of the token as of the last validity check. Valid statuses are active, inactive, or unknown. Validity checks must be enabled for the enterprise, organization, or repository.
GitHub Advanced Security billing API and CSV download now includes active committer email addresses
The GitHub Advanced Security billing REST API and CSV download now includes the email addresses for active committers. This provides information for insights into Advanced Security license usage across your business. Here is an example response from the GitHub Advanced Security billing REST API:
"advanced_security_committers_breakdown": [
{
"user_login": "octokitten",
"last_pushed_date": "2023-10-26",
"last_pushed_email": "octokitten@email.com"
}Read more about the GHAS billing API here and the GHAS billing CSV download here.
This is available now on GitHub.com and will ship to GitHub Enterprise Server 3.12
Starting today, in Actions workflows, the pull_request_target trigger is now supported for repository rulesets that require a successful workflow run. This is in addition to pull_request and merge_group, making pull_request_target the third workflow trigger supported by repository rulesets.
Read our recent general availability announcement to learn more about how organizations can set up policies with repository rules that require a successful workflow run before code can be merged into its repositories.
Learn more in our repository rulesets documentation and don’t forget to ask questions or leave feedback in the community discussion.