Secret scanning for historically existing secrets found in GitHub discussions and pull requests

Secret scanning has recently expanded coverage to GitHub discussions and pull requests.

GitHub is now performing a backfill scan, which will detect any historically existing secrets found in GitHub discussions and pull request bodies or comments.

For repositories with secret scanning enabled, if a secret is detected in a discussion or pull request, you will receive a secret scanning alert for it. Public leaks detected in public GitHub discussion or pull requests will also be sent to providers participating in the secret scanning partnership program.

Sign up for a 60 minute feedback session on secret scanning and be compensated for your time.

Learn how to secure your repositories with secret scanning or become a secret scanning partner.

From the 15th of May 2024 we will no longer support multiple labels on larger GitHub Hosted Runners.

In February 2023 we announced that customers could no longer add or manage additional labels on larger runners. Following on from this, we will now be fully deprecating support for multi-labels on larger runners. This means that jobs targeting more than one label or jobs targeting labels that do not match the runners name for GitHub Hosted Larger Runner, after May 15th, will no longer be able to pick up jobs.

We will be running a brown out on the 8th of May between 18:00 and 20:00 UTC, during this time multi label larger runner jobs will fail to start.

To prepare for this change and avoid any disruption, please ensure the runs-on: references only the runner name in your workflows prior to the dates above.

Join the discussion within GitHub Community.

Update 8th May: We did not run the brownout as planned today on May 8th. We apologize for any inconvenience. There will be additional details on the multi-label larger runners deprecation coming soon, with the future brownout date planned for June.

See more

Starting December 5, 2024, GitHub Actions customers will no longer be able to use v3 of actions/upload-artifact or actions/download-artifact. Customers should update workflows to begin using v4 of the artifact actions as soon as possible. While v4 of the artifact actions improves upload and download speeds by up to 98% and includes several new features, there are key differences from previous versions that may require updates to your workflows. Please see the documentation in the project repositories for guidance on how to migrate your workflows.

The deprecation of v3 will be similar to the previously announced v1 and v2 deprecation plans, which is scheduled to take place on June 30, 2024. Version tags will not be removed from the project repositories, however, attempting to use a version of the actions after the deprecation date will result in a workflow failure. Artifacts within their retention period will remain accessible from the UI or REST API regardless of the version used to upload. This deprecation will not impact any existing versions of GitHub Enterprise Server being used by customers.

This announcement will also be added to actions/upload-artifact and actions/download-artifact. Please visit the documentation to learn more about storing workflow data as artifacts in Actions.

See more