Secret scanning validity checks now included in the alert timeline

GitHub secret scanning lets you know if your secret is active or inactive with partner validity checks. These checks are run on an ongoing basis for supported providers for any repositories that have enabled the validity check feature.

Starting today, secret validity will now be reflected in an alert’s timeline, alongside the existing resolution and bypass events. Changes to a secret’s validity will continue to be included in an organization’s audit log.

Sign up for a 60 minute feedback session on secret scanning and be compensated for your time.

Learn how to secure your repositories with secret scanning or become a secret scanning partner.

EDIT: Monday December 2nd, 2024

GitHub Enterprise Server Timeline changing sunset to GHES 3.17 as the final version instead of 3.16.

Starting today, we will begin work towards the sunset of tag protections, with a full deprecation planned for August 30, 2024. See below for a full sunset timeline. You can migrate existing tag protections with the import to ruleset feature.

We launched repository rules last year to meet the needs of tag protection rules, while also scaling support to provide new functionalities like org-wide rules, granular restrictions for creating, reading, and updating events, and a more granular bypass model that does not require repository administrator permissions. As we such, we will sunset tag protections in favor of our ongoing investment in the repository rulesets platform.

You can import existing tag protection rules today with the existing migration feature. If no action is taken before the sunset date, GitHub will migrate all existing tag protections into a corresponding ruleset.

When are changes happening?

GitHub.com Timeline

  • May 30 : Repositories without tag protection rules will no longer be able to add new protection rules via the GitHub.com UI
  • July 24 through August 14 : A series of API brownouts will be run, see below for additional details on dates and times.
  • August 30, 2024: All tag protection rules will be migrated to a new tag ruleset. All REST and GraphQL API endpoints will be deprecated

GitHub.com API Timeline

  • May 30: API responses will include a deprecation notice
  • July 24: 1 hour API brownout
  • August 7: 8 hour API brownout
  • August 14: 24 hour API brownout
  • August 30: The tag protection rule API will begin responding with NULL data
  • The tag protection rules API will be deprecated in the next calendar version

GitHub Enterprise Server Timeline

  • Version 3.14: Tag protection rules will be marked for deprecation with an in-product banner and API responses will include a deprecation notice
  • Version 3.15: No changes will be made
  • Version 3.16: No changes will be made
  • Version 3.17: Tag protection rules will be migrated to a ruleset and the tag protection rule feature will no longer be available

 

Join the discussion within GitHub Community.

See more

Starting August 19th, 2024, we will begin collecting state-mandated sales tax, where and when applicable, from paying customers in the United States to align GitHub with industry standard regulatory practices. All United States customers are required to update payment information (specifically your address) to ensure the correct sales tax amount is assessed. If you are a paying customer, there will be a tax line on your receipt that provides a breakdown of the applicable taxes for the GitHub products and services you have purchased.

As of today, you will have the ability to make updates on the Payment Information page. Please update your address and provide the following information if applicable:

  • We have updated the address collection fields to require:
    • Street Address
    • City
    • Zip Code +4 (5-digit ZIP required, +4 as optional)
  • If you qualify for an exemption or as a tax-exempt entity, you MUST submit an applicable and fully completed sales tax exemption certificate for review and approval on the Payment Information page.

You will have until August 19, 2024 to make these changes. Failure to do so may result in a disruption of service.

To learn more about how to make updates to your payment information, please click here to view a step by step guide. For more information on how to submit a sales tax exemption certificate, please click here.

See more