Secret scanning supports bypass controls for push protection (public beta)

For GitHub Advanced Security customers that use secret scanning, you can now specify which teams or roles have the ability to bypass push protection. This feature is in public beta on GitHub Enterprise Cloud.

screenshot of the bypass list in settings

This is managed through a new bypass list, where organizations can select which teams or roles are authorized to bypass push protection and act as reviewers for bypass requests. If an individual not included in this list needs to push a commit that is initially blocked, they must submit a bypass request. This request is then reviewed by an authorized individual who can either approve or deny it, determining whether the commit can proceed into the repository.

Please note, this feature is not yet compatible with web UI pushes.

We recently shipped several changes to improve the Actions user experience. These changes include adding backscroll to the Actions streaming logs and workflow pinning.

Actions streaming logs with backscroll is now generally available. Previously, an Actions job that was actively running would only stream the logs generated after the page was loaded. Logs emitted prior to the page loading would only be available after the job completed. This made it challenging to monitor the progress of jobs as they were running, particularly those that could take a long time to complete. Customers will now be able to visit the logs of a running job and immediately get the previous 1,000 log lines emitted. This will give you immediate context into the run’s progress and status.

We have also made it easier to navigate within the Actions tab. Customers can now pin Actions workflows to the top of the list (a maximum of 5 pinned workflows per repository) to make them easily accessible. When a workflow is pinned, it is visible to everyone with access to that repository. Any collaborator with write access will be able to pin or unpin workflows. In addition, all workflows, including required workflows, will be displayed in a single list. Disabled workflows will be sorted to the bottom of the list and will display a disabled label.

If you have any feedback you wish to share about these changes, please reach out in the GitHub Community Discussion.

See more

GitHub Copilot Enterprise banner

Another month means more exciting updates to GitHub Copilot Enterprise! 📆 Check out what’s new below:

  • Ask Copilot Chat in GitHub.com to summarize and answer questions about specific issues: Copilot can read an issue and answer questions based on its title, author, status, body, linked pull requests, comments, and timestamps. To learn more, see “Asking a question about a specific issue” in the GitHub Docs.
    • Try it yourself: Navigate to an issue on GitHub.com, and ask Copilot to Summarize this issue
  • Stop Copilot Chat in GitHub.com mid-response with the “Stop” button: If your question wasn’t quite right, you’ve already got your answer, or Copilot isn’t heading in the right direction, you can now stop Copilot mid-response with the “Stop” button, like you can in your IDE.

Got feedback on any of these updates or Copilot Enterprise more generally? Join the discussion within GitHub Community.

See more