Starting today, you can enable validity checks for your GitHub organization through security configurations.
You can also more easily enable or disable validity checks at the enterprise level with the ability to enable or disable for all enterprise repos.
If your organization had previously enabled validity checks through the ‘Global Settings’ page, the feature will be migrated to your existing configurations and enabled on repositories they are attached to with no additional effort on your part.
Please note that GitHub is also adding validity checks to the ‘GitHub recommended’ code security configuration. Any organization which has enabled the recommended configuration before today will have validity checks automatically enabled on July 24, 2024. If you wish to directly manage feature enablement, we recommend unattaching the recommended configuration and attaching your own custom configuration to those repositories.
GitHub secret scanning lets you know if your secret is active or inactive with partner validity checks. These checks are run on an ongoing basis for supported providers for any repositories that have enabled the validity check feature; you can also perform on demand validity checks from the alert details page.
Learn how to secure your repositories with secret scanning or sign up for a 60 minute feedback session on secret scanning and be compensated for your time.
GitHub users can create software bill of material (SBOM) files for their repositories to help them understand its dependencies. SBOMs are a machine-readable inventory of a project’s dependencies and associated information. With this release, we have added copyright attribution data for dependencies in the SBOM.
Learn more about SBOM files and how GitHub helps you secure your software supply chain.
Today’s changelog brings you GraphQL and webhook support for project status updates and project custom field changes directly in the webhook event!
Following our release earlier this year for project status updates, you can now interact with project status updates using GraphQL and webhooks. This unlocks new ways to automate how you provide and gather project status update information.
There is a new ProjectV2StatusUpdate GraphQL object to interact with project status updates, so you can view, create, update, and delete status updates.
Below is an example query to create a new project status update.
mutation {
createProjectV2StatusUpdate(
input: {projectId: "0123456", body: "We wrapped up our bug bash following the beta rollout. We're back on track for our GA date in August! 🚀", startDate: "2024-06-03", targetDate: "2024-08-09", status: ON_TRACK}
) {
statusUpdate {
id
startDate
targetDate
body
bodyHTML
status
}
}
}
Project status updates are included in the new projects_v2_status_update webhook event, so you can understand and be notified when a new project status update is provided.
You must be subscribed to this event from the organization settings page to receive this information.
Below is an example of a webhook event.
{
"action": "edited",
"projects_v2_status_update": {
"id": 32633,
"node_id": "PVTSU_lADOBH2n9s4Ajp6VzX95",
"project_node_id": "PVT_kwDOBH2n9s4Ajp6V",
"creator": {
...
},
"body": "We've kicked off this project and are feeling confident in our rollout plan. More updates and demos to come next week!",
"start_date": "2024-06-24",
"target_date": "2024-08-16",
"status": "ON_TRACK",
"created_at": "2024-06-24T20:27:48Z",
"updated_at": "2024-06-24T20:30:47Z"
},
"changes": {
"body": {
"from": "We're still planning this out and are kicking off soon.",
"to": "We've kicked off this project and are feeling confident in our rollout plan. More updates and demos to come next week!"
},
"status": {
"from": "INACTIVE",
"to": "ON_TRACK"
},
"start_date": {
"from": null,
"to": "2024-06-24"
},
"target_date": {
"from": null,
"to": "2024-08-16"
}
},
"organization": {
...
},
"sender": {
...
}
}
Project custom field changes are now included directly in the project_v2_item webhook event when a project item’s fields are edited, removing the need to send an additional GraphQL query. This gives you the previous and current field values to understand how project fields change over time and how long they have a particular value, allowing you to understand how long an item was In progress before moving to Done status.
Below is an example of the webhook which includes the previous and current value for single select, text, number, iteration, and date project custom fields using the changes parameter.
"changes": {
"field_value": {
"field_node_id": "PVTSSF_lADOBH2n9s4Aje1Izgb1kEs",
"field_type": "single_select",
"field_name": "Status",
"project_number": 18,
"from": {
"id": "f75ad846",
"name": "Todo",
"color": "GREEN",
"description": "This item hasn't been started"
},
"to": {
"id": "47fc9ee4",
"name": "In Progress",
"color": "YELLOW",
"description": "This is actively being worked on"
}
}
},
convertProjectV2DraftIssueItemToIssue GraphQL mutation to convert drafts to issuesJoin the conversation in the community discussion to share your feedback.
See how to use GitHub for project planning with GitHub Issues, check out what’s on the roadmap, and learn more in the documentation.